Professional Documents
Culture Documents
ICT-216
Kasun Rubasinghe
Sampath Adhikaramage
Sandeera Brose Vijekumar
Table of Contents
Acceptance notice
Executive Summary
Implementation Plan
Design Overview
IP addressing Scheme
10
11
13
Equipment Specifications
14
Floor Plans
18
Security
22
Mobility
24
Connection Process
25
Conclusion
26
Page 2 of 26
Acceptance notice
This document is the proposed wireless implementation plan for Bintanna institute of Technology
prepared by Simple Solutions Pty Ltd. All information included in this document is not to be used
unless it has been approved and authorized by the appropriate authority, in this case, the principle
of Bintanna institute of Technology and the managing Director of Simple Solutions Pty. Ltd.
All data included in the following sections are confidential and not to be disclosed to anyone who
does not have the appropriate clearance.
This proposal is copyright of Simple Solutions Pty. Ltd. And will remain so until the project becomes
official and is handed over to Bintanna institute of Technology. By viewing this document you agree
to keep all data and any technical plans and diagrams included within this document confidential.
Principle:
Managing Director:
Signature:
Signature:
Date:
Date:
Page 3 of 26
Executive Summary
Motivated by the need to reduce IT costs and to increase the productivity, college-wide Wireless
Local Area Network (WLAN) solutions are becoming increasingly popular. Use of mobile computing
devices has increased in popularity and the need for wireless solution has boosted over the last few
years. Wireless technologies can minimize the physical limitations of wired communications to
increase user flexibility and increase the productivity. Lower cost of network ownership is one of the
main reasons for the recent increase in demand.
Limited space, building architecture and school applications can make updating existing technology
challenging and expensive. Proposed wireless infrastructure for Binthanna Institute of Technology
solution capitalises on existing hardware to Improve:
Enhance security with handheld wireless devices that can allow staff to connect to the
network from anywhere in the premises.
Enhance student and teacher productivity through near instant access to data and academic
information.
The proposed wireless solution can help enable virtually anytime, anywhere access to the Internet
and to the school network to help teachers increase class efficiency and productivity. It allows you to
control existing computers to create a more flexible and collaborative classroom environment.
The proposed implementation plan provides detail designs for the deployment of a reliable, robust
and secure wireless network for the Binthanna Institute of Technology using the best technologies
and products available on the market.
Page 4 of 26
Following is the time frame for the proposed wireless implementation for Binthanna Institute of
Technology.
Timeframe
Process
Resources
December 2011
(First Week)
December 2011
(Second Week)
February 2012
(First Week)
Train users
Page 5 of 26
Building no
Device no
Naming convention will indicate the Campus location Building No and the device no.
Eg: AP in Main street campus will be :
Campus
Main Street Campus
MN-B1 -AP000
Device
Wireless LAN Controllers
Wireless Access Points
Campus
Middle Street Campus
Device
Wireless LAN Controllers
Wireless Access Points
MN Main Street
MD Middle Street
Device Name
MN-B1-WLC001
MN-B1-WLC001
MN-B1-AP001
MN-B1-AP002
MN-B1-AP003
MN-B1-AP004
MN-B1-AP005
MN-B2-AP001
MN-B2-AP002
MN-B2-AP003
MN-B3-AP001
MN-B3-AP002
MN-B3-AP003
MN-B4-AP001
MN-B4-AP002
MN-B5-AP001
MN-B5-AP002
Device Name
MD-B1-WLC001
MD-B1-WLC002
MD-B1-AP001
MD-B1-AP002
MD-B1-AP003
MD-B2-AP001
MD-B2-AP002
MD-B2-AP003
MD-B2-AP004
MD-B2-AP005
MD-B2-AP006
MD-B3-AP001
MD-B3-AP002
MD-B3-AP003
B - Building
AP Access Point
Page 6 of 26
Design Overview
There are two campuses. Each campus has five user groups
Main street Campus
o student
Information Technology
Electronic and Electrical Engineering
o Teachers
o Administration
Management
Accounting
o Guest
Each user group can access wireless network using different devices.
Campus laptops
Private laptops
Mobile Phones
PDAs
Page 7 of 26
Students
STUDENT
Teachers
TEACHER
Administration
Management
MANAGEMENT-ADMIN
Accounting
Guest
MANAGEMENT-ACC
GUEST
User Group
Students
Accessible Resources
IT File Server
Application Server
Electrical Engineering
E&E Server
Application Server
Teachers
Mail Server
Application Server
Student Database
Student Results
Teaching Material
Administration
Management
Accounting
Guest
Mail Server
Application Server
Student Database
Not Broadcasting
Mail Server
Student database
Application Server
Payroll
Accounts Management
Guest Internet Access
Page 8 of 26
All the traffic generated by the user will be forwarded to the Wireless LAN Controller from the access
points using Lightweight Access Point Protocol tunnel (LWAPP). Traffic will be separated into VLANs
depending on the user groups. Following table demonstrates VLAN information bound with the SSID
of each user group.
VLAN - ID
STUDENTS
VLAN 10
TEACHER
VLAN 30
MANAGEMENT-ADMIN
VLAN 70
MANAGEMENT-ACC
VLAN 80
GUEST
VLAN 99
All users except the guest users will have to authenticate themselves using WPA2-TKIP
authentication. All authentications will be handled using the existing Microsoft active directory
services. After authentication active directory will allocate resources appropriately to the users.
IP addressing Scheme
172.16.0.0/16 will be used for this solution.
Network
VLAN - ID
STUDENTS
VLAN 10
172.16.10.0 /22
TEACHER
VLAN 30
172.16.30.0 /24
MANAGEMENT-ADMIN
VLAN 70
172.16.70.0 /24
MANAGEMENT-ACC
VLAN 80
172.16.80.0 /24
GUEST
VLAN 99
172.16.99.0/24
VLAN 3
172.16.3.0 /24
AP Manager VLAN
VLAN 7
172.16.7.0 /24
Page 9 of 26
Page 10 of 26
60% of the students will be using wireless at any given time (Considering Electrical
Students, Electrical students and Motor Mechanic students who will not be using the
network much. Also we assume that 100% IT students will not be using wireless at
any given time).
100% staff will need to use wireless at any given time.
50% of guests will be using wireless at any given time.
Therefore a maximum number of 625 users will need to use the wireless network at peak
hours. If every wireless user needs to access internet at the same time, which is very
unlikely to occur, each user will get a data rate of 6.55Kbps, which is reasonably sufficient
for browsing web. IMPORTANT: This is not due to any fault in the wireless network. This is
solely due to the single-home internet connection of the existing wired network of the
institute.
Page 11 of 26
The following graph shows the projected 24 hour wireless internet usage.
The following graph shows the projected 24 hour wireless network usage.
Page 12 of 26
Device
Model
Number
Price (Approx.)
of units
Total Cost
Access Point
27
$25,650.00
Wireless LAN
Controller
Cisco Air-CT2504
$1,900.00 per
unit
$7,600.00
$33, 250.00
Page 13 of 26
23*23*4.8 cm
System Memory
128MB DRAM
32MB Flash
Powering Options
Software
Page 14 of 26
Maximum Number of
Nonoverlapping Channels
2.4 GHz
802.11b/g
20 MHz: 3
802.11n
20 MHz: 3
5 GHz
802.11a:
20 MHz: 21
802.11n:
20 MHz: 21
40 MHz: 9
Maximum Transmit
Power
2.4 GHz
802.11b
23 dBm with 2
antennas
802.11g
20 dBm with 2
antennas
802.11n
20 dBm with 2
antennas
5.0 GHz
802.11a
20 dBm with 2
antennas
802.11n
20 dBm with 2
antennas
* reference - http://www.cisco.com/en/US/docs/wireless/access_point/3500/quick/guide/ap3500getstart.html
Page 15 of 26
Dimension (W*L*H)
Wireless Standards
IEEE 802.11a
802.11b
802.11g
802.11d
WMM/802.11e
802.11h
802.11n
Page 16 of 26
Security Standards
Encryption
Authentication,
Authorization, and
Accounting (AAA)
IEEE 802.1X
RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
RFC 2716 PPP EAP-TLS
RFC 2865 RADIUS Authentication
RFC 2866 RADIUS Accounting
RFC 2867 RADIUS Tunnel Accounting
RFC 3576 Dynamic Authorization Extensions to RADIUS
RFC 3579 RADIUS Support for EAP
RFC 3580 IEEE 802.1X RADIUS Guidelines
RFC 3748 Extensible Authentication Protocol
Web-based authentication
TACACS support for management users
Management Interfaces
*reference - http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
Page 17 of 26
Page 18 of 26
Heat Map
Page 19 of 26
Page 20 of 26
Heat Map
Page 21 of 26
Security
Wireless user authentication using AAA server
The WLC will be using a AAA server to access the user database and authenticate users to
the wireless network. The AAA server is already implemented in the existing network and
the WLC only needs to be configured to use the AAA server for user suthentication.
WPA2 encryption
Wi-Fi Protected access 2 has been used for encrypting the data for secure transmission.
Thisis believed to be extremely secure method of data transmission. WPA2 Pre-shared key
used to authenticate users (Except Guest users)to the wireless network. Afterwards, Web
authentication will be used for user authorization.
Client Misassociation
When a client saves an SSID, the computer tries to connect to that SSID when its seen
again. An attacker can spoof the SSID and a clients computer may automatically connect to
the rouge SSID and the client may be unaware of this. An attacker may steal information
from your computer this way.
Mitigation: Management Frame Protection
Basically, what this means is, an Access point broadcasts a unique key with its beacons, and
if there is a key mismatch the connection will not occur. Also if legitimate APs detect any
rouge APs without the unique key, they can be reported to the controller.
Ad Hoc Networks
An ad hoc network is a wireless network formed between two clients. An attacker can form
an Ad Hoc network with a client and try to steal information.
Mitigation:
Implement corporate security policies to stop users from forming Ad Hoc networks with un
trusted devices. If using company devices, implement polices to disable Ad Hoc networks.
Access attacks: An attacker tries to gain access to data, devices, and/or the network.
Mitigation: using MAC-based authentication for some VLANs as well as Wi-Fi Protected
Access (WPA2).
Denial-of-service (DoS) attacks: An attacker attempts to block legitimate users access to
services
and
resources
they
require.
Mitigation: Intrusion Prevention System (IDS/IPS) sensors can be installed in addition to
Management Frame Protection.
Page 23 of 26
Mobility
One mobility group is used for each campus
Users connected to a VLAN can roam inside the campus without losing their connection to
the network. When a user walks between Access points, the second access point recognizes
the client and keeps the client in the same VLAN. The whole process takes place between
the Access Point and the Controller, within 10 milliseconds, and its transparent to the user.
The user can keep on using the network and walking between buildings will not interrupt
any active downloads or active Voice calls (such as Skype).
Page 24 of 26
Yes
Yes
Provide pre-shared key
No
Yes
Access Granted Enjoy
Page 25 of 26
Conclusion
This proposed wireless network has been designed according to accepted wireless
standards. Equipments used in the proposed plan are of high quality and high performance.
The wireless network is scalable and redundant and allows future growth. Wireless network
coverage can be easily extended by simply adding more access points to the access layer
switches.
Simple Solutions has been in the industry for more than 5 years, and is a well reputed
organization in the industry. We hope this proposal is will cater your needs for a wireless
solution.
Simple Solutions is delighted to be a part of this project and is looking forward to be actively
involved in the implementation of the wireless network project of Binthanna Institute.
Page 26 of 26