RE: [WIRELESS-LAN] WLANs and Bridging for peripheral housing
Look at Firetide, I have deployed this system in environments is hard to run cable and it is a cost effective solution. They also just released there new 54Mbps radio. www.firetide.com Regards, Stanley Riley Sr. Wireless Architect ABEO Corporation (703)842-5475 (office) (571)238-5415 (mobile) www.abeocorp.com -Original Message- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] Behalf Of Dan Drenkow Sent: Tuesday, November 09, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: [WIRELESS-LAN] WLANs and Bridging for peripheral housing I am new to this list, and a wireless novice. Please excuse any technical mistakes and questions that have been repeated in earlier discussions. We have been using a special wireless LAN setup to serve some of our peripheral residences (houses we've been buying up and using like small residence halls - not fraternity style). These are all across the public right of ways, and many are separated by existing private properties. Previously, this was working fine by and employing a strange, but inexpensive WLAN design. However, as the saturation of students wanting access in these houses has exploded, it no longer serves their needs. Here is a brief overview of the current setup, followed by some questions we have before going forward. Current setup: Cisco 350 Access Points using 60 degree patch antennas or Yagis to cover one or more houses. 802.11b with WEP. Residents use various wireless client cards and antennas. Installed Perfigo this summer for LAN and WLAN authentication and clean machines verification. Issues: The Access Point model worked fine previous years due to few users and those using it understanding they may need to be upstairs in the front of the house. Expectations, computer expertise, and usage changed significantly this year, making the AP to client solution unsatisfactory in some of the student rooms. We've considered going to a Point to Multipoint bridge solution to each house and adding a SOHO type access point in each house. We've used WET11 bridges in the past to do a little of this without a root bridge, but Perfigo doesn't like WET11s (they look like a router to Perfigo). We did test a Cisco BR350 Point to Point Bridge solution, and it worked fine on a VLAN with Perfigo. Moving to a Cisco Bridging solution will work, but it will be much more expensive (add 4 root bridges + 7 client bridges + 7 more antennas). Questions: Does anyone have some creative, lower cost designs they would like to share? (It could be completely different than WLAN solutions). I've heard some rumblings about wireless LAN mesh networks in some cities - any comments/experience with those? Do they reach into the basements? Could they pose a cost effective solution for houses surrounding a campus? (Reference Chaska, MN: http://www.unstrung.com/document.asp?doc_id=55621 ) Should I consider higher cost, higher speed solutions (Cisco 1400, Proxim)? I've seen some companies offering low cost bridge solutions (mostly their antennas) that use linksys, netgear, or other low cost AP/Bridge devices. Any kudos or warnings about those? (Refernce: http://www.wirelessnetworkproducts.com/index.asp?PageAction=VIEWCATS&Categor y=228 ) Thank you in advance for any and all comments and feedback. Dan Drenkow Director of Information Technology Augustana College Sioux Falls, SD 57197 [EMAIL PROTECTED] (605) 274-5251 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Bluesocket....
Zack, We are using centrally managed Bluesocket WG 2100s at the University of Pennsylvania currently. Right now, we have 4 WG 2100s deployed with managed vlans on each box. We are using a central RADIUS server for authN and we are using a central DHCP server as well (not local on the 2100) and we are running the 4.0 software with BluePatch version 1.4 with no encryption. We have anywhere from 10-20 vlans on each 2100 with average usage to be around 200 concurrent users. We have had around 400 users at a time and it seems a little slow, but still held up. Colleen Szymanik University of Pennsylvania Network Engineer Zackary O'Donnell wrote: We are working on implementing a centrally managed Bluesocket 2100 to replace our home-grown authentication/firewall for our small but growing wireless network. Our long term goal is to move to 802.1x deployment from a smart AP, but also to have the Bluesocket portal as a backup and as guest access. When we talked to vendors, over a year ago, we had 200 per day on the network. Now were are seeing 200 simultaneous users during the busy hour. I have read on this listserv that many of you use the 2100 and can support over 1000 users. Bluesocket recommends the 2100 for 400 simultaneous users tops, but admits many campuses are doing much more. What is your take on simultaneous users? Are you using bandwidth restriction to up the numbers? We are trying to determine if we need to buy a bigger box or if we are seeing a little too much "marketing" from Bluesocket. Thanks Zack Zackary O'Donnell Communications Resources University of California One Shields Ave PH: 530.752.5947 Davis, CA 95616 FX: 530.754.9747 Telecommunications: Be careful how you use it. -Original Message- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] Behalf Of Christopher R. Hertel Sent: Friday, October 10, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [WIRELESS-LAN] Bluesocket On Fri, Oct 10, 2003 at 11:10:54AM -0400, Sean Che wrote: : 802.1x traffic should NOT pass through AP. What I said is that 802.1x can pass through Bluesocket. In this case, the link between authenticator(AP) and authentication server ( Radius Server) is transparent, even thought bluesocket box sits between them. FYI, here's the authentication process of 802.1x: * The client may send an EAP-start message. * The access point sends an EAP-request identity message. * The client's EAP-response packet with the client's identity is "proxied" to the authentication server by the authenticator. * The authentication server challenges the client to prove themselves and may send its credentials to prove itself to the client (if using mutual authentication). * The client checks the server's credentials (if using mutual authentication) and then sends its credentials to the server to prove itself. * The authentication server accepts or rejects the client's request for connection. * If the end user was accepted, the authenticator changes the virtual port with the end user to an authorized state allowing full network access to that end user. * At log-off, the client virtual port is changed back to the unauthorized state. Think about that. In order for that to work all of the APs must support the system completely. Consider: * The APs that do support 802.1x are more expensive, which makes a difference when you multiply by 1000 APs. (...and that's just for starters. We have a big campus.) * There are hundreds if not thousands of APs on my campus already that don't support 802.1x. Folks just pop out on their lunch hour and buy a new AP at the discount store for $70 or less. They get back and plug it in. It's hard enough convincing them to use the standard SSID and hook up the auth server. Many of these APs won't be upgradable to run 802.1x. * The more APs I have the more APs I have to manage. The more features the AP has the more of a pain it is to manage it. I want my APs dumb and simple. If I could get APs that were little more than a transceiver that would be very, very nifty. * On the client side, all of the clients would have to support 802.1x in order to make it a viable solution. We have a diverse client population that includes MacOS, *BSD, Linux, PalmOS, Symbian, even MS-Windows... I'm sure there are more. Until all of these (and those I've missed) support 802.1x I cannot deploy it. I would be blocking access based on the user's client platform choice and that just wouldn't fly. (We tried recently to block all Windows filesharing ports to prevent virus/worm spread, but there was this small, vocal minority...) In short, 802.1x is currently impractical on my campus. Instead, we have tried to move complexity in the wireless network toward the center. Our goal is to make it easier to manage the network, easier to accomodate a wider variety of clients and APs, easier to make chang
RE: [WIRELESS-LAN] WLANs and Bridging for peripheral housing
Nortel also has a mesh solution that looks interesting. Mesh may work well in your environment due to the quantity and spacing of your residence halls. http://www.nortelnetworks.com/solutions/wrlsmesh/index.html Kenneth V. Mattson III Chief Network/Data Officer Creighton University DOIT (402) 280-2743 (402) 981-1140 -Original Message- From: 802.11 wireless issues listserv [mailto:[EMAIL PROTECTED] On Behalf Of Dan Drenkow Sent: Tuesday, November 09, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: [WIRELESS-LAN] WLANs and Bridging for peripheral housing I am new to this list, and a wireless novice. Please excuse any technical mistakes and questions that have been repeated in earlier discussions. We have been using a special wireless LAN setup to serve some of our peripheral residences (houses we've been buying up and using like small residence halls - not fraternity style). These are all across the public right of ways, and many are separated by existing private properties. Previously, this was working fine by and employing a strange, but inexpensive WLAN design. However, as the saturation of students wanting access in these houses has exploded, it no longer serves their needs. Here is a brief overview of the current setup, followed by some questions we have before going forward. Current setup: Cisco 350 Access Points using 60 degree patch antennas or Yagis to cover one or more houses. 802.11b with WEP. Residents use various wireless client cards and antennas. Installed Perfigo this summer for LAN and WLAN authentication and clean machines verification. Issues: The Access Point model worked fine previous years due to few users and those using it understanding they may need to be upstairs in the front of the house. Expectations, computer expertise, and usage changed significantly this year, making the AP to client solution unsatisfactory in some of the student rooms. We've considered going to a Point to Multipoint bridge solution to each house and adding a SOHO type access point in each house. We've used WET11 bridges in the past to do a little of this without a root bridge, but Perfigo doesn't like WET11s (they look like a router to Perfigo). We did test a Cisco BR350 Point to Point Bridge solution, and it worked fine on a VLAN with Perfigo. Moving to a Cisco Bridging solution will work, but it will be much more expensive (add 4 root bridges + 7 client bridges + 7 more antennas). Questions: Does anyone have some creative, lower cost designs they would like to share? (It could be completely different than WLAN solutions). I've heard some rumblings about wireless LAN mesh networks in some cities - any comments/experience with those? Do they reach into the basements? Could they pose a cost effective solution for houses surrounding a campus? (Reference Chaska, MN: http://www.unstrung.com/document.asp?doc_id=55621 ) Should I consider higher cost, higher speed solutions (Cisco 1400, Proxim)? I've seen some companies offering low cost bridge solutions (mostly their antennas) that use linksys, netgear, or other low cost AP/Bridge devices. Any kudos or warnings about those? (Refernce: http://www.wirelessnetworkproducts.com/index.asp?PageAction=VIEWCATS&Cat egory=228 ) Thank you in advance for any and all comments and feedback. Dan Drenkow Director of Information Technology Augustana College Sioux Falls, SD 57197 [EMAIL PROTECTED] (605) 274-5251 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.