ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Deployment of New Wireless Network

Updated on January 21, 2018

Wireless access points are operated in OSI layer 2. Impacts on lower layers are significantly fewer for the change in IP layer. But for various management purposes and packet handling scenarios in access points urges the support for IPv6 in wireless networks. Some major wireless devices are capable of handling upper layer traffic based on layer 3 and layer 4 parameters. So IPv6 packet handling and packet data management need to be ensured.

Both IPv4 and IPv6 packets can be secured (authenticated and encrypted) with IP Security (IPsec) extensions. Today, IPsec is heavily used with IPv4 to meet wireless security needs where WEP is insufficient or impractical. So we can expect the IPsec usage to continue with IPv6 much as we have seen with IPv4.

Isolated Wireless networks in Office are used to provide LAN access and internet services to the various user groups. Most of the departments maintain their own wireless networks and keep the complete control over them. So there are multi-vender isolated access points distributed throughout the Office.

  • Dept of Sales – 3COM
  • Dept. of Accounts - Linksys
  • Dept. of Engineering - EdiMax

Redesigning the existing wireless network has come in to the picture with the decision of migration of the university network to IPv6. So the exiting standalone access point based wireless network will be replaced with a new centrally managed single unified wireless network for the whole university. It will also be IPv6 capable.

Single Wireless Network for the Whole Office

Currently the Office is having stand alone access points in different administrative divisions and departments. Each wireless network is having subnets based on the address block assigned to the department. Each of them is managed by the respective division.

Having a single wireless network for the whole university has its own pros and cons. It offers central management for the authentication and radio management for the whole wireless network. Similarly someone can see the centralized wireless network is susceptible for attacks and that kind of attack may much more hazardous than a standalone access point based wireless network. As well controller based wireless access points which are used in are much higher in cost.

Controller based access points

In order to have a single wireless network for the whole office there should be a mechanism for centrally manage the entire authentication kind of functions. As well it should be IPv6 capable. (Wireless controllers are considered as layer 3 devices)

So the solution for all these requirements is to deploy an IPv6 capable controller based wireless network for the university.

Required features of new wireless controller base design

Centralized Authentication

With a controller based wireless system, MAC authentications and 802.1 x authentications should be done with a central Radious server or an AD. It can be a username / password based system for whole Office. MAC address filtering and certificate / shared key based authentication need to be done centrally.

Centralized Radio Management

1. Since all the access points are managed centrally interference from the nearby access points can be avoided easily. Otherwise they need to manually configure to use non-overlapping channels for adjacent access points.

2. It need to be capable of shifting the users to adjacent access points if the load on one access point is high and the neighboring access point is lesser.

3. Users can be automatically shifted to neighboring access points if any access point suddenly fails, thereby introducing redundancy in the network.

Group wise customized management

Wireless users can be further segregated in to sub-groups and each group can be given separate network access policies. If we consider the university environment, users may be categorized as departments; students, non-technical staff and lecturers so on. Sometimes temporary needs are come out for testing kind of purposes. Access restrictions needs to be defined. Users may be able to block based on the MAC address or such parameter. There will be different bandwidth requirements for different user groups based on the Office policies.

So the controller should be able to define policies for different groups.

Security

Security is the major consideration in centralized controller based wireless network. Since the network is dual-stack both IPv4 and IPv6 hosts will be there. IF the controller is able to associate with IPSec features to provide the security it will be an added advantage in future IPv6 migration steps.

Wireless controller can dedicate a radio (or whole access points) for wireless intrusion detection and monitor the network for wireless threats like MAC spoofing, honey pot attacks, Denial of Service attacks, Ad-hoc networks etc.

RF visualization

It should be able to visualize the user level and signal coverage related data associating with the floor plan of the network. This option is highly valuable for troubleshooting and monitoring purposes. It should be able to locate any client once the MAC address is entered.

Reasoning

  • Existing separately managed isolated multi-vender access points cannot be easily migrated to a centralized solution.
  • Lack of support for IPv6 configuration and operation in the current wireless setup.
  • Cisco solution fulfills all the above mentioned requirements for a centralized wireless network management.
  • Adequate IPv6 support in WCS based Cisco wireless solution.
  • Value added features and expandability.

Basic key considerations in selecting a new wireless solution are the centralized manageability and IPv6 support. Since this is a major investment for the Office the cost of the migration, configuration and management should also be minimized.

Since most of the existing access points are not IPv6 capable and software upgrades are not sufficient to provide the requirement, physical device replacement is recommended.

There are various venders who provide controller based wireless solutions such as Cisco and Nortel. But they have different approaches in adjusting to IPv6 and having various rates of adaptation of IPv6 for their products.

CISCO Controller Base Wireless Solutions

Cisco Wireless LAN controller

Cisco wireless LAN controllers deliver system-wide wireless LAN services such as security policies, intrusion prevention, radio frequency (RF) management, quality of service (QoS), and mobility. Cisco wireless LAN controllers work in conjunction with Cisco Aironet light weight access points and Cisco WCS to deliver real-time mobility and network access to endpoint devices and users.

Cisco Wireless Control system

Cisco WCS provides a powerful foundation that allows network managers to design, control, and monitor the wireless network from a centralized location. Cisco WCS includes a robust, easy to use GUI that supports centralized RF prediction, policy provisioning, troubleshooting, user tracking, security monitoring, and wireless LAN systems management. Cisco WCS makes wireless LAN deployment and operations simple and cost-effective.

Cisco WCS also supports real-time spectrum intelligence to detect, classify, and locate devices that are causing RF interference. Quick detection of interfering devices improves network performance, coverage and security.

Benefits

  • Cost

With the centralized management, the total cost of ownership will be lowered although the initial cost is high. With the simplified management mechanism via GUI technical, training and operational costs also get reduced.

  • Security

It provides Real-time detecting, locating and containing of unauthorized access points and client devices.

  • Performance

Robust coverage with 802.11a/b/g and unprecedented reliability using 802.11n. The system is able to extend the connectivity to hard-to-wire locations via wireless meshes. With the spectrum intelligence feature, system can automatically detect overlaps and interferences.

Migration Procedure

Step 1:

All the isolated access points should be replaced with Cisco based products. Its recommended to replace with the Cisco Aironet 1250 Series access point to enjoy the enhanced reliability, throughput, and predictability of 802.11n.

Step 2:

Add one or more Cisco wireless LAN controllers to the network.

Step 3:

Transition your wireless LAN management system to the unified architecture by adding the Cisco Wireless Control System (WCS).

Step 4:

Adapting mobility services for the Cisco unified wireless system.

Step 5:

Adapting wireless security enhancements to for the Cisco unified wireless system.

Nortel Wireless Solutions

Nortel Inc. also provides a unified wireless solution which satisfies the above given requirements. Nortel WLAN 800 is a parallel wireless solution as Cisco WCS based system which provides both controller-based wireless experience and IPv6 support in the related products. Nortel WLAN controller combines the functionalities in both Cisco LAN controller and WCS.


3RD Generation WiFi – Carrier Class Secure Mobility

This section describes one of the research areas which related to wireless networking and IPv6. Purpose of this part is to get some idea about the current trends and future of wireless networking in the IPv6 world

Today IPv6 and Wi-Fi is unified to provide a new and enhanced experience to the user. With the introduction of IPv6, various improvements and fresh features have been added to the IP layer functions. Autoconfiguration, network level security and enhanced mobility in IPv6 being u

One of the major features of 3rd generation Wi-Fi network is intelligent access points are able to discover adjacent nodes and dynamically determine their optimal routing topology. Apart from that the 3rd generation network is able to dynamically provision wireless trunks to adjacent nodes in order to improve load balancing and redundancy.

When IPv6 features like stateless node discovery are embedded into 3rd generation access points, adjacent clusters of access points can autonomously determine their optimal connectivity, load balancing and redundancy scheme without any operator configuration.

In the arena of wireless security, WEP is getting obsolete. WEP protocol transmitted the key along with every packet enabling simple monitoring programs like Air Snort to de-encrypt user traffic by breaking the relatively short key. This issue has been addressed with AES within the 802.11i standard. AES also having a problem of not providing a network level security. That’s where IPv6 comes in to the picture. By combining AES 802.11i with IPv6 layer 3 security it will enhance the security to the network level by providing trusted end to end connectivity between mobile users.

The third important component of how v6 is able to facilitate a 3rd generation Wi-Fi solution is through enabling seamless mobility for users. This feature has the benefit of enabling adjacent access points to maintain sessions by switching traffic amongst themselves without the need of a separate switch. By enhancing embedded VLAN switching in access points with v6 we are able to extend the benefits of local mobility to a network level by Mobile IPv6. MIPv6 enables the seamless of IP sessions so that users can travel from their home to their office to a hot spot without having to restart an application.

Summary

1. Intelligent access points leverage v6 stateless node discovery to determine the local topology and work in conjunction with other access points to define the best connectivity, load balancing and redundancy plan.

2. Users can now authenticate themselves using 802.11i to set up a secure link to their local access point which in turn contacts an AAA server to verify accessibility.

3. Once authenticated, the access point contacts the home agent for the user with their new care of address. This enables the user to re-join active IP sessions that he may have been previously using.

4. As users roam within a local cluster of access points VLAN switching is used to maintain connectivity across wired and wireless trunks.

5. For users who move outside an access point cluster into a new group, Mobile IPv6 re-establishes active sessions without the need for application re-starts.

A customized and well improved version 3rd generation Wi-Fi will not be available for a long time. It’s still under research level and relevant protocols are not yet developed.


© 2012 Prasanna Marlin

Comments

    0 of 8192 characters used
    Post Comment
    • profile image

      http://electronetcbl.com/ 

      7 years ago

      Like the good engineer that I am, I sometimes tend to overexplain things. I'm also big on having shoppers understand their requirements so that they can buy a product that best suits their needs. So it's probably not a surprise that my How To Choose the Right Wireless LAN for You may have been a bit much for some readers, especially folks whose first interest is not home networking.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)