Difference between revisions of "Netwerk draadloos"

From Cncz
Jump to: navigation, search
Line 80: Line 80:
  
 
* [nl]Eind 2004 werd besloten om een dekkend draadloos netwerk te verzorgen in Huygens-gebouw fase I. Later werd besloten overal op de RU-campus draadloze netwerktoegang te gaan leveren; financiering kon vanuit het project UTP-uitrol. [/nl] [en]At the end of 2004, it was decided that we wanted blanket wireless coverage in Huygens-building phase I. Later it was decided that the RU would supply wireless coverage everywhere on campus. [/en]
 
* [nl]Eind 2004 werd besloten om een dekkend draadloos netwerk te verzorgen in Huygens-gebouw fase I. Later werd besloten overal op de RU-campus draadloze netwerktoegang te gaan leveren; financiering kon vanuit het project UTP-uitrol. [/nl] [en]At the end of 2004, it was decided that we wanted blanket wireless coverage in Huygens-building phase I. Later it was decided that the RU would supply wireless coverage everywhere on campus. [/en]
* [nl]Na overleg met het [http://www.ru.nl/uci UCI], [http://www.vosko.nl/ Vosko] en [http://www.cisco.nl/ Cisco] werd als access-point het type [http://www.cisco.com/en/US/products/ps6087/ Cisco 1130AG] gekozen. Na een site survey door Vosko zijn 54 van deze access-points geplaatst in Huygens-gebouw fase I. Voor het beheer (van IOS-versie, configuratie, ...) werd een [http://www.cisco.com/en/US/products/sw/cscowork/ps3915/ CiscoWorks Wireless LAN Solution Engine] aangeschaft, later aangevuld met [http://www.airmagnet.com/products/laptop.htm AirMagnet laptop] voor beveiliging en analyse en verhelpen van storingen.[/nl] [en]After meetings with the [http://www.ru.nl/uci UCI], [http://www.vosko.nl/ Vosko] and [http://www.cisco.nl/ Cisco] we chose the [http://www.cisco.com/en/US/products/ps6087/ Cisco 1130AG] as wireless access point. After a site survey by Vosko, 54 of these access points were placed in Huygens-building phase I. To manage these access-points (IOS-version, configurations), we bought a [http://www.cisco.com/en/US/products/sw/cscowork/ps3915/ CiscoWorks Wireless LAN Solution Engine], and later added [http://www.airmagnet.com/products/laptop.htm AirMagnet laptop] for security and troubleshooting.[/en]
+
* [nl]Na overleg met het [http://www.ru.nl/uci UCI], [http://www.vosko.nl/ Vosko] en [http://www.cisco.nl/ Cisco] werd als access-point het type [http://www.cisco.com/en/US/products/ps6087/ Cisco 1130AG] gekozen. Na een site survey zijn 54 van deze access-points geplaatst in Huygens-gebouw fase I.[/nl] [en]After meetings with the [http://www.ru.nl/uci UCI], [http://www.vosko.nl/ Vosko] and [http://www.cisco.nl/ Cisco] we chose the [http://www.cisco.com/en/US/products/ps6087/ Cisco 1130AG] as wireless access point. After a site survey, 54 of these access points were placed in Huygens-building phase I.[/en]
 
* [nl]De initiële opzet was een lastige klus, vanwege de wens de niet door de leveranciers ondersteunde [http://www.freeradius.org FreeRadius] radius server te gebruiken ter controle van loginnamen en wachtwoorden, de wens gebruikers over verschillende subnetten (VLANs) te kunnen spreiden en de wens om een veilig WPA netwerk te krijgen, waarbij voor MS-Windows XP SP2 geen extra programmatuur nodig zou zijn en de gebruiker zijn wachtwoord niet aan onbevoegde servers (zonder juist certificaat) zou geven. [/nl] [en]We had a lot of trouble with the initial configuration, due to our wish to use our existing [http://www.freeradius.org FreeRadius] radius server, which was not supported by our suppliers, our wish to spread the users in different VLANs (subnets) and the wish to make a safe WPA network, for which the users of MS-Windows XP2 SP2 wouldn't have to install extra software and the users wouldn't give their passwords to wrong servers (without correct certificate). [/en]
 
* [nl]De initiële opzet was een lastige klus, vanwege de wens de niet door de leveranciers ondersteunde [http://www.freeradius.org FreeRadius] radius server te gebruiken ter controle van loginnamen en wachtwoorden, de wens gebruikers over verschillende subnetten (VLANs) te kunnen spreiden en de wens om een veilig WPA netwerk te krijgen, waarbij voor MS-Windows XP SP2 geen extra programmatuur nodig zou zijn en de gebruiker zijn wachtwoord niet aan onbevoegde servers (zonder juist certificaat) zou geven. [/nl] [en]We had a lot of trouble with the initial configuration, due to our wish to use our existing [http://www.freeradius.org FreeRadius] radius server, which was not supported by our suppliers, our wish to spread the users in different VLANs (subnets) and the wish to make a safe WPA network, for which the users of MS-Windows XP2 SP2 wouldn't have to install extra software and the users wouldn't give their passwords to wrong servers (without correct certificate). [/en]
* [nl]In de eerste paar weken van september 2005 waren er ca 50 verschillende gebruikers, waarbij de grootste groepen waren: Organische Chemie, die overgestapt zijn van "hun eigen" draadloze netwerk en studenten Informatica en Informatiekunde. [/nl] [en]In the first few weeks of september 2005 50 different users logged in to the wireless network, the largest groups were Organic Chemistry, that switched over from "their own" wireless network and students Computer Science. [/en]
 
 
* [nl]In de loop van 2006 is het draadloze netwerk uitgebreid naar Huygensgebouw fase II en het NanoLab [/nl] [en]During 2006 the wireless network was extended to the Huygens building phase II and NanoLab. [/en]
 
* [nl]In de loop van 2006 is het draadloze netwerk uitgebreid naar Huygensgebouw fase II en het NanoLab [/nl] [en]During 2006 the wireless network was extended to the Huygens building phase II and NanoLab. [/en]
 
* [nl]Daarna is het netwerk nog uitgebreid naar de gebouwen: HFML, Kassen Botanie, RootLab, ITS en Linnaeusgebouw.[/nl][en]After that, the network has been expanded to HFML, Botanic Greenhouse, WortelLab, ITS and Linnaeus building.[/en]
 
* [nl]Daarna is het netwerk nog uitgebreid naar de gebouwen: HFML, Kassen Botanie, RootLab, ITS en Linnaeusgebouw.[/nl][en]After that, the network has been expanded to HFML, Botanic Greenhouse, WortelLab, ITS and Linnaeus building.[/en]
 
* [nl]In de komende tijd zal het netwerk nog uitgebreid worden naar (waarschijnlijk) Mercator III (gerenoveerde A2-vleugel) en zeker een aantal buitenlokaties (grasveld/terras/....). [/nl] [en]In the near future, wireless connectivity will be available in (probably) Mercator III (A2-wing after renovation) and several locations outside (lawn, terrace, ....). [/en]
 
* [nl]In de komende tijd zal het netwerk nog uitgebreid worden naar (waarschijnlijk) Mercator III (gerenoveerde A2-vleugel) en zeker een aantal buitenlokaties (grasveld/terras/....). [/nl] [en]In the near future, wireless connectivity will be available in (probably) Mercator III (A2-wing after renovation) and several locations outside (lawn, terrace, ....). [/en]
* [nl]Over een technische opvolger van dit netwerk, sneller met 802.11n (200+ Mbit/s) en nog veiliger met WPA2 (betere hardware encryptie) hoeft pas vanaf 2009/2010 nagedacht te worden. [/nl] [en]The next generation wireless network will probably be discussed from 2009/2010: faster with 802.11n (200+ Mbit/s) and even more secure with WPA2 (better hardware encryption). [/en]
+
* [nl]De technische opvolger van dit netwerk, sneller met 802.11n (200+ Mbit/s) en nog veiliger met WPA2 (betere hardware encryptie) zal in de loop van 2011 worden uitgerond. [/nl] [en]The next generation wireless network will be implemented somewhere in 2011: faster with 802.11n (200+ Mbit/s) and even more secure with WPA2 (better hardware encryption). [/en]
 
* [nl]Zodra er voor het telefoonverkeer overgestapt wordt op VoIP (Voice over IP, IP-Telefonie), dan zal ook gekeken worden naar VoWLAN (Voice over WLAN) als draadloze spraakoplossing. [/nl] [en]As soon as we switch to VoIP (Voice Over IP, IP-Telephony) for our telephone system, we will look into VoWLAN (Voice over WLAN) as wireless speech solution. [/en]
 
* [nl]Zodra er voor het telefoonverkeer overgestapt wordt op VoIP (Voice over IP, IP-Telefonie), dan zal ook gekeken worden naar VoWLAN (Voice over WLAN) als draadloze spraakoplossing. [/nl] [en]As soon as we switch to VoIP (Voice Over IP, IP-Telephony) for our telephone system, we will look into VoWLAN (Voice over WLAN) as wireless speech solution. [/en]
  

Revision as of 14:55, 7 January 2011

Wireless network Faculty of Science

Within the Science Faculty a secure wireless 54 Mbit/s wi-fi WPA network is available at almost every place in the Huygens building since July 2005. The network advertises itself with the name (SSID) "Science"". It can only be used by people with a Science-login. Since fall 2006 the university RU-wlan is available in the Huygens building for all students and personnel of the RU. Since the update of ru-wlan of September 2007 the Science network only has an advantage for Science-logins without an RU-account.

What you need

To access this "Science"-network, you need:

  • Hardware
    Wi-Fi hardware that supports WPA (more exactly WPA Enterprise with PEAP/MS-CHAP v2). Almost all laptops have this built-in since a few years. All Intel Centrino laptops should be fine. N.B.: There is a security vulnerability in the Intel Centrino Windows-drivers, see Intel support for more information and updates. If one wants to use the Intel PROSet/Wireless software instead of the Windows software, the update above could be necessary.
    Laptops from 2003 or later should be fine too, but often you need a driver-update (see the manufacturers web-site). When the built-in hardware doesn't support WPA, one can buy for about EUR 30,- a PCMCIA-card or USB-stick that does. See if needed wi-fi.org for "certified" hardware. C&CZ has tested two low-cost certified PCMCIA-cards, Linksys WPC54G-EU and D-Link DWL-G650+. Older 11 Mbit/s 802.11b hardware as well as newer 54 Mbit/s 802.11g hardware can be used, as long as WPA is supported.

  • Certificate
    To install the missing certificate, you sometimes need to download this certificate and install it on your device. The certificate can be found at: AddTrustExternalCAroot.CER.

  • Software
    • Either Microsoft Windows XP with Service Pack 2 (SP2). See the extensive installation manual.
    • Or Microsoft Windows Mobile 5 or 6. We have a simple installation manual available.
    • Or Microsoft Windows Vista. Click "Start->Settings->Control Panel->Network". Choose "Setup connection or network". Choose "Setup manually". Choose then "Science" (with 1 capital!), WPA Enterprise and TKIP. Next choose "Change connection settings" and click in the tab "Security" on "Protected EAP" and "Settings...". In the window "Protected EAP properties" one has to check "Validate server certificate" and for "Certificate Authority" check the box: "AddTrustExternalCAroot". Choose the verification method "Protected password (EAP-MSCHAP v2) and withing this in "Configure" uncheck "Automatically use my Windows-logonname and -password (and domain if necessary)". If one doesn't want to make a connection with previously entered account information, one can uncheck "Cache user information for subsequent connections to this network". In the meantime see if necessary the Cable Guy). In the near future, we will provide a detailed installation manual, until then one can use, if needed, the manual as mentioned above. If this is too difficult, don't hesitate to stop by C&CZ with your laptop.
    • Or any other operating system with WPA (WPA-Enterprise) support

  • Username and password
    Before any Internet-traffic is possible, the combination of a loginname and password is checked through the 802.1x mechanism. One should prevent giving the loginname/password combination to a rogue (non-C&CZ) access-point, by checking the server-certificate. All traffic is encrypted with constantly changing keys, which makes eavesdropping impossible.
    • For the "Science" network a C&CZ (science) username and password. Every employee and student of the Faculty of Science has (a right to) that.
    • (For the RU-wlan) a RU-password for every RU-employee and student.
    • Or a username/password of an institution that takes part in EduRoam. Remark: Outgoing wireless connections from the Science buildings to institutes that participate in EduRoam will be available from Q2 2011, after the access points in these buildings have been replaced.

RU-wlan for iPhone / iPod / iPad

Instructions for the iPhone, iPod or iPad user and RU-wlan can be found at the UCI ru-wlan site.

Background and future

  • At the end of 2004, it was decided that we wanted blanket wireless coverage in Huygens-building phase I. Later it was decided that the RU would supply wireless coverage everywhere on campus.
  • After meetings with the UCI, Vosko and Cisco we chose the Cisco 1130AG as wireless access point. After a site survey, 54 of these access points were placed in Huygens-building phase I.
  • We had a lot of trouble with the initial configuration, due to our wish to use our existing FreeRadius radius server, which was not supported by our suppliers, our wish to spread the users in different VLANs (subnets) and the wish to make a safe WPA network, for which the users of MS-Windows XP2 SP2 wouldn't have to install extra software and the users wouldn't give their passwords to wrong servers (without correct certificate).
  • During 2006 the wireless network was extended to the Huygens building phase II and NanoLab.
  • After that, the network has been expanded to HFML, Botanic Greenhouse, WortelLab, ITS and Linnaeus building.
  • In the near future, wireless connectivity will be available in (probably) Mercator III (A2-wing after renovation) and several locations outside (lawn, terrace, ....).
  • The next generation wireless network will be implemented somewhere in 2011: faster with 802.11n (200+ Mbit/s) and even more secure with WPA2 (better hardware encryption).
  • As soon as we switch to VoIP (Voice Over IP, IP-Telephony) for our telephone system, we will look into VoWLAN (Voice over WLAN) as wireless speech solution.