STANDARD FOR WIRELESS INSTALLATIONS
UCit has developed a set of standards for the deployment of Wireless LANs on all UC campuses. These standards will continue to evolve as the Wireless LAN products evolve. We will update this standard periodically until the technology and market is stable. These standards are intended to:
- Provide information and guidance to University LAN Administrators who wish to deploy departmental wireless LANs.
- Allow for maximum possible flexibility and enable UCit to provide campus-wide wireless infrastructure.
- Prevent conflicts in frequency usage between departments.
- Allow for roaming within buildings without loss of signal.
- Prevent unauthorized access to campus and departmental LANs.
- Make use of common standards to maximize product choices and supported platforms.
All wireless LAN installations on the UC campuses must be coordinated by UCit Network & Telecom Services. The following standards must be adhered to for all IEEE 802.11b/g compliant wireless LAN installations.
1. HARDWARE
At this point in time, the access points must be Cisco Aironet 1130 and 1242 Series Access Points. The part numbers are AIR-LAP1131AG-A-K9 and AIR-LAP1242AG-A-K9.
TESTED WIRELESS CARDS
UCit has tested and found several wireless LAN 802.11b and 802.11g standard PCMCIA cards, which are compatible with the UC standard wireless LAN access points. This list should not be considered to be the all inclusive list of cards which will function properly with the UC wireless LAN access points. The list contains only the cards which UCit has tested to date and will support. All compatible cards must support WPA2-enterprise and AES encryption. PCI and ISA cards from the same manufacturer should also be compatible, although not tested by UCit. Cards, which are not on the list, will not be supported by UCit. Support for these should be obtained from the manufacturer or other source. This list will be updated as others are tested.
UCit recommends that you download the latest version of the software for your wireless card, so that you have the latest drivers and bug fixes.
- Cisco/Aironet CB21AG series cards and adapters
- Linksys WPC54G
- 3Com 3CRXJK10075
- Dell internal TrueMobile or newer b/g cards
UCit currently recommends the Cisco CB21AG series, Linksys, or Dell supplied cards and provides complete support for them. Other cards listed above will be supported on a best effort basis only. Cards not listed above will not be supported by UCit
There are many brands and types of external antennas available for use with the access points. Antennas from Centurion are recommended by UCit and the commonly used types are as follows.
|
WXR2400TNSP |
2db Rubber Duck Antenna |
|
CAF94149-RT36 |
5.5db Bi-Directional |
|
CAF95950-RT36 |
9db Patch |
|
CAF94118-RT36 |
8.5db Outdoor Patch |
|
CAF94165-RT36 |
3db Diversity |
|
CAF95988-RT36H |
5db Terrace Diversity |
Antenna extension cables 25 feet or longer must be constructed using LMR-600 coax cable. Cables less than 30 feet may be constructed using either LMR-600 or LMR-400 cable. Following are the part numbers for some extension cables.
|
400F-TLTU-120 |
10 ft. Coax-Primus |
|
400F-TLTU-240 |
20 ft. Coax-Primus |
|
400F-TLTU-360 |
30 ft. Coax-Primus |
2. AUTHENTICATION
New security standards were developed by IEEE to enhance security in the wireless environment. This new level of security known as 802.11i or WPA2 breaks away from using SSID’s and WEP keys to authenticate onto a network and instead relies on the wireless client’s ability to authenticate onto a network with a username and password and then encrypts the data with a higher Advanced Encryption Standard (AES). UCit has enabled WPA2 on all campus access points. Users that wish to use the enhanced wireless security must have hardware capable of supporting WPA2-Enterprise and AES encryption. WPA2 users do not need to register the mac-address of their wireless card. Legacy WEP connectivity is still supported, but not recommended.
3. DHCP
All wireless users will obtain their IP address dynamically. UCit requires that the access points be set to pass DHCP requests to the central UC DHCP servers. To connect to a wireless access point and obtain an IP address via DHCP,
4. ENCRYPTION
Wireless encryption with the WPA2 standard is the Advanced Encryption Standard (AES).
5. ACCESS POINT PASSWORD
The access point read write password must be changed from the factory default on all access points. UCit will assign and maintain the passwords. In certain cases, departmental IT personnel may be granted read privileges to access point log information.
6. CHANNEL ASSIGNMENTS
The 802.11b and 802.11g specifications provide 11 channels, but these overlap, so at most three channels can be used in the same space. On UC campuses, channels 1, 6, and 11 will be used and will be assigned to access points by UCit. Channels other than 1, 6, and 11 should not be used at the University, as they might interfere with compliant infrastructure.
7. SSID
All access points' SSIDs must be configured such that user's can configure their cards to access all UC access points. UCit will supply users with the SSID.
8. RECOMMENDATIONS
- Complete a request through GETit to have UCit perform a comprehensive site survey
Wireless LANs are limited in speed, bandwidth and coverage. The 11Mbps or 54Mbps speed of an 802.11b or 802.11g LAN is the total speed of all users sharing the same access point. A site survey will help to estimate the number of access points needed to cover the desired area at a given level of performance. Optimum access point location and antenna type can only be determined by a comprehensive site survey.
Compliment the wired infrastructure
Where possible, the use of a hard wired connection is preferred because it is faster and easier to expand and does not take bandwidth from other wireless stations. Wireless LANs should not be used instead of hard wired jacks in offices, classroom instructor locations, computer labs, etc. Wireless LANs are practical for areas such as outside open spaces, study areas, large auditorium type classrooms, meeting rooms and conference centers. Given the current lack of maturity of the wireless technology and security features, it cannot be considered a production university service at this time. Therefore UCit recommends that users currently only deploy the technology to support non- critical business functions.
|
