Overcoming Wireless LAN Management Challenges

• By Justin Borthwick
• 01/30/04

In 1999, the University of Wyoming rolled out an 802.11-based wireless local area network (WLAN) and has a leading research university with more than 12,000 students and 10,000 faculty and staff. University of Wyoming planned to cover its entire 785-acre campus with a WLAN, requiring about 200 Cisco access points (APs). However, after installing 54 APs, expansion plans were temporarily put on hold. It had become evident that University of Wyoming required a greater degree of control, stability and efficiency in managing its WLAN before it could continue its large-scale deployment.

University of Wyoming needed a system to provide authentication, authorization, dynamic bandwidth management for users, applications to ensure optimal quality of service (QoS) at each access point, and out-of-the-box integration for a variety of AAA/directory systems, granular monitoring, and reporting of all WLAN activity. After conducting on-site evaluations of various systems in a lab environment, University of Wyoming implemented Central Site Director, a WLAN management, control, and integration platform from Roving Planet (www.rovingplanet.com).

Tracking WLAN Usage
Prior to implementing Central Site Director, University of Wyoming struggled with a lack of visibility and reporting. The university could tell whether an access point was up or down and what the aggregate throughput was but couldn’t tell who the users were, how much bandwidth they were consuming, how long they were connected to a given AP, or what applications were being accessed. In addition, they could not track authentication failures, sense AP migration or tell which users were engaged in abusive usage, such as Peer-to-Peer file sharing. Finally, they lacked visibility into all of the AP configuration parameters.

University of Wyoming network administrators now utilize Central Site Director to easily track WLAN activity across its entire campus. Detailed, real-time reports communicate who is accessing the network, when, from where, and how long the applications were being used and the amount of bandwidth being consumed. In addition, University of Wyoming expects the dynamic policy management to become increasingly useful as wireless network utilization increases. For example, University of Wyoming can apply dynamic policy management to address requests from certain instructors to restrict Internet access or access to specific applications during their classes.

Implementing Secure Authentication
With its initial WLAN installation, University of Wyoming had relied on Mac filters for authentication and encouraged students to use Cisco client cards because Cisco LEAP provides a secure authentication and encryption mechanism. However, this meant that students could lend their cards to other non-authorized users, and the Mac-based authentication left the wireless network vulnerable to Mac spoofing. In addition, until recently, any wireless user had been able get to every application available over the WLAN, which frustrated University of Wyoming’s application administrators. They wanted to specify which servers, ports, and applications could be accessed depending upon the user.

Using their standard user IDs and passwords, students could authenticate into the wireless network—leveraging the existing system. They needed safeguards to protect applications, such as student information systems and lab applications.

Central Site Director provided an out-of-the box integration with University of Wyoming’s Active Directory system, enabling University of Wyoming to authenticate users via user IDs and passwords rather than via Mac addresses.

Network administrators can now monitor and protect applications, such as student information systems and lab applications, by specifying which servers, ports, and applications can be accessed depending on the user.

Moreover, WLAN access for visitors and guests, which formerly required the manual entry of a Mac address for each guest user, has been vastly simplified via a default public user group. The University of Wyoming administrators can define this in terms of what applications and network resources will be available to such users.

Fast, Simple Installation
The Roving Planet system comprises an engine and agents, which are accessed and managed via a Web browser interface. The engine maintains all network information and policies, resides out of the data path, and communicates with the agents to deploy policies and manage wireless network activity. The agents are networked in the data path and function as an OSI Layer 2 bridge/pass-through to enforce access and bandwidth controls at each AP. XML gateways and the ongoing development of additional APIs facilitate simplified integration with existing systems and enterprise applications.

The Layer 2 architecture made Central Site Director extremely simple to implement and required very little configuration overhead. University of Wyoming was able to install Central Site Director, get it fully operational in about five hours and begin trouble-shooting network issues via its real-time monitoring and reporting capabilities immediately.

The University of Wyoming is ready for the expected increase in wireless network traffic as broadband access becomes a common feature on many mobile computing devices and incoming freshmen come to expect WLAN access throughout the campus.