geantcampus » start page » wireless_sept_2011

GN3/NA3/T4 Wireless Training/Workshop

Dates September 12 2011
Venue Faculty of electrical engineering
University of Belgrade,
Bulevar Kralja Aleksandra 73
Pavilion building, Meeting room on the 1st floor
See this link
Language English
Practical information See this link

Training/Workshop Objective

Academic network of Serbia (AMRES) recognized a need to organize a training/workshop for IT staff of its member institutions which would cover wireless technology topics. The training is going to be organized in September 2011 within the GEANT3/NA3/T4 task “Campus Best Practice” and it is going to cover best practices in wireless networks. Four countries, with extensive experience in implementation of wireless solutions, are contributing to the agenda of the training.

AMRES member institutions have a lot of wireless equipment. Usually these are low cost, standalone solutions, employed to provide the Internet connectivity at places where the lacks of wired network are experienced. There are some rare cases where serious radio and coverage planning was performed previous to wireless infrastructure implementation, thus resulting in a few major WLAN installations in AMRES at the moment.

Interest in topics concerning wireless technology topics is increasing in AMRES as a result of popularization and spreading of the eduroam service during the year. Earlier this year, eduroam training was held resulting with increasing number of institutions connected to eduroam (at the moment about 15) and eduroam hostspots (20 in Serbia). The focus of eduroam training was on the service architecture, ways to join the service, as well as the FreeRADIUS server configuration, monitoring, logging and security incidents propagation.

During and after the eduroam training there were a lot of questions from AMRES IT staff beyond the scope of the training. Most of these questions were related to wireless infrastructure, AMRES recommendations for wireless solutions and protocols as well as solutions for common security issues in wireless networks. This indicated a need for an additional training/workshop and NA3/T4 wireless training is seen as complementary to the eduroam training available at AMRES Media Portal. It will be organized with the aim to answer actual questions and to cover the topics regarding best practices in wireless infrastructure deployment which are most important for AMRES.

Target group is network engineers working with deployment of wireless technology and eduroam service in AMRES member institutions.

The wireless training/workshop is going to be organized as part of the GEANT3 project within the NA3/T4 task "Campus Best Practices".

Registration

See the list of participants.

If you would like to attend this event, please register.

The registration is open till 7.9.2011 22:00 pm.

The number of seats is limited (by size of the meeting room where the event is organized). Cancellations should be sent to helpdesk@rcub.bg.ac.rs.

For any further information, please contact helpdesk on e-mail helpdesk@rcub.bg.ac.rs or tel. +381 11 3031257.

Program

More details on the talks could be found below.

The talks are recorded. The recordings are available at AMRES Media Portal.

Monday September 12, 2011

Session Title Person Duration
S1 0900-1030
S1.1 Welcome Wenche, Gunnar, Mara 5-15 min
S1.2 WLAN Network Planning Anders Nilsson, SUNET75-85 min
Coffee
S2 1100-1230
S2.1 802.1x and eduroam Rok Papez, ARNES 30 min
S2.2 WLAN Information Security Wenche Backman-Kamila, FUNET 30 min
S2.3 WLAN Infrastructure Monitoring and Supplicants Wenche Backman-Kamila, FUNET 30 min
Lunch
S3 1400-1530
S3.1 Controller Based Solution Vidar Stokke, UNINETT 45 min
S3.2 FreeRADIUS Marko Stojakovic, AMRES 45 min
Coffee
S4 1600-1730
S4.1 Eduroam Debugging Gunnar Boe, UNINETT 30-45 min
S4.2 Q&A (all topic) All 45 min

Description of the talks

This preview gives insight in topics on wireless workshop agenda. The accent is on two main subjects: WLAN infrastructure and WLAN security.

Most of the IT staff of AMRES member institutions have a lack of experience with WLAN infrastructure planning and positioning of the wireless access points. Usually, a few low cost (standalone) wireless access points are installed in their premises without radio and coverage area planning previously performed or coverage area testing performed afterwards. It is not unusual to see, for example, overlapping channels of wireless access points causing low throughput, thus causing non-optimal wireless solution. Recommendations on radio and coverage area planning - the cost-efficiency and reliability of WLANs can be ensured through methodical planning, which will be presented on the training/workshop.

It was noticed that the lightweight wireless solution, which AMRES is deploying in eduroam, is new for the most of the IT staff in AMRES. AMRES is donating lightweight APs to every member institution, and these APs connect to one of five WLCs (Wireless LAN Controllers), forming centrally managed wireless solution. This is a bit specific usage. Therefore, the most common usage of lightweight wireless will be presented. The general concept of lightweight wireless solution will be explained in aim to achieve the better understating of the AMRES specific eduroam wireless solution. Still, presenting WLC configuration and similar configuration details will have lower priority because none of the AMRES institution members don’t have or plan to have Cisco WLCs.

The necessitate for thorough knowledge of recommended practices for WLAN security issues, which is important for secure and reliable wireless service, is recognized among IT staff in AMRES. Therefore, the workshop presentations will emphasize the need to migrate to 802.1x - describing the shortcomings of using MAC address filters, WEP, Web portals and VPN and recommends mutual authentication based on 802.1X as the best alternative. Also, part of the talk will cover the encryption method which should be used (which is the strongest) and which are vulnerable.

S1.2 Network planning (Anders Nilsson, SUNET)

Content include:

  • basic wireless theory with radio frequencies, channels and implications for network planning
  • cell planning
  • practical issues relating to building structures
  • tools to help in planning (focus on freeware tools)
  • general tips and practical experiences

S2.1 802.1x and eduroam (Rok Papez - ARNES)

  • 802.1x theory
  • EAP methods
  • user database considerations
  • eduraom hierarchy
  • practical eduroam experiences
  • wired 802.1x deployments

S2.2 WLAN Information Security (Wenche Backman-Kamila - CSC/Funet)

  • authentication
  • supplicants
  • encryption
  • traffic management

Emphasis will be put on presenting different methods and assessing the security that they provide.

S2.3 WLAN infrastructure monitoring and supplicants (Wenche Backman-Kamila CSC/Funet)

In this presentation the most common supplicatns will be presented and reviewed. Best practices related to monitoring the WLAN infrastructure will also be explained.

S3.1 Controller Based Solution (Vidar Stokke - UNINETT)

Managing larger wireless networks can be a challenge if you do not have a coordinated way of managing the APs. A controller based solution offers many advantages.

  • History of wireless networks at NTNU
  • The wireless network with standalone APs
  • The wireless network with controller based APs
  • Client traffic patterns on a traditional deployment
    • Client traffic with a H-REAP deployment
    • The AP discovery and join process
    • Mobility groups
    • Auto-RF
  • Pros and cons of controller based networks
  • Demo of UNINETT WCS

S3.2 FreeRADIUS (Marko Stojakovic - AMRES)

RADIUS server is an integral part of port based authentication in wireless networks. FreeRADIUS is a popular RADIUS server implementation, and this presentation will give an overview of FreeRADIUS modular platform and configuration along with recommendations on installing, upgrading and troubleshooting the server. The emphasis will be on authentication configuration, including chosing the right EAP type, virtual server configuration and connection to LDAP or Active Directory user database. The complete list of topics regarding authentication configuration is:

  • Which EAP type to deploy
  • Virtual server configuration
  • EAP type configuration and digital certificate installation
  • NAS client parameter configuration
  • Connection to user database
  • Proxying of authentication requests
  • RADIUS Accounting configuration

Besides these topics, useful functions like ip address management using FreeRADIUS and user logging using CUI attribute will be also presented.

S4.1 Eduroam debugging (Gunnar Boe - UNINETT)

Debugging problems related to eduroam connection can be challenging. Solutions are availabe to help with some of these problems.

 
 
geantcampus/wireless_sept_2011.txt · Last modified: 2011/10/05 11:14 by mara@rnd.feide.no

Viktig melding: openwiki.uninett.no

UNINETT OpenWiki er under utfasing. Wikier som er lite brukt er satt i kun-lese-modus. Ta kontakt med UNINETT for å åpne for skrivetilgang ved behov.

Group memberships: no groups