Campus cool

The American University of Beirut (AUB) has completed the first phase of an ambitious campus-wide wireless network implementation with the help of wireless specialists Aruba Networks.

  • E-Mail
By  Simon Duddy Published  October 26, 2004

|~|rabih_m.jpg|~|“The Aruba solution will be deployed to solve the RF security challenge by insuring that interference sources are correctly detected, located and avoided and rogue access points are detected, located and stopped.” - Rabih Itani, network and security manager at the AUB.|~|The American University of Beirut (AUB) has completed the first phase of an ambitious campus-wide wireless network implementation with the help of wireless specialists Aruba Networks. The installation is being carried out by Lebanon’s Triple C and will provide indoor and outdoor Wi-Fi coverage across the 70 acre site. The project is expected to be completed by September 2005 and will include more than 300 802.11a/b/g access points covering 33 multi-storey buildings and 21 outdoor areas. The Wi-Fi project will replace legacy 802.11b based equipment that had been deployed on an ad-hoc basis. The AUB has upgraded to add value to its students and boost the appeal of the university and felt that the Aruba solution had the sophistication to meet that goal. “The legacy access points were supplied by different manufacturers and they lacked central radio frequency (RF) management and RF security capabilities,” says Rabih Itani, network and security manager at the AUB. The wireless network is designed to integrate seamlessly with the university’s existing Ethernet network without making any changes to the existing core network. “The wireless solution will be deployed as an overlay on top of the existing Ethernet network infrastructure. Aruba switches [which are tailored specifically for wireless deployments] will connect to the network core and will control the access points that are connected at the network edge,” says Itani. “The existing core network design divides the AUB campus into seven zones that are interlinked with meshed Gigabit Ethernet connections. Each zone aggregates all its buildings’ connections into one core Gigabit Ethernet Layer 3 switch from Avaya. One or more Aruba 2400 switch will be dedicated for each zone and will be connected to the zone core switch with dual Gigabit Ethernet connections,” he adds. This allows the Aruba switch to manage and control the access points in the zone in which it is installed using RF technology. At the same time, each access point will connect to the network edge using 3Com Ethernet switches based on 100Mbps Ethernet connections. The access points will be powered from the 3Com switch using Power over Ethernet (PoE) and will connect to the Aruba switch in its zone using generic routing encapsulation (GRE) tunnels over standard IEEE802.1Q tagged virtual LANs. The Aruba management system allows the AUB to carry out tasks automatically, such as channel allocation and re-allocation, transmission power level settings, coverage hole detection and correction, user mobility, coverage availability and interference detection and avoidance. “The access points are plug-and-play and we will be able to push configuration files and upgrades automatically to the access points through the wireless switches,” says Itani. Securing the network is a top priority for the AUB and Itani has identified three key challenges; securing the RF plane, user authenticity and data confidentiality. “The Aruba solution will be deployed to solve the RF security challenge by insuring that interference sources are correctly detected, located and avoided and rogue access points are detected, located and stopped,” continues Itani. An advantage of the solution being centralised is that if an access point is lost or stolen it will not carry sensitive information, such as passwords or SNMP community strings, which could be used by hackers to plan attacks. To overcome the user authenticity and data confidentiality challenges, the university will deploy IPsec based virtual private networks (VPN) coupled with digital certificates. These will be based on VPN concentrators from Juniper Networks. In addition, the AUB will deploy a range of firewalls and intrusion detection and prevention systems.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code