Eduroam in a box Eduroam in a box (take 3) (take 3) Rok Pape, - - PowerPoint PPT Presentation

eduroam in a box eduroam in a box take 3 take 3
SMART_READER_LITE
LIVE PREVIEW

Eduroam in a box Eduroam in a box (take 3) (take 3) Rok Pape, - - PowerPoint PPT Presentation

Nov 09, 2022 144 likes •331 views

Eduroam in a box Eduroam in a box (take 3) (take 3) Rok Pape, ARNES, Barcelona, 06.09.2005 ARNES EduRoam 1/2 ARNES EduRoam 1/2 WPA/WPA2 Wireless network WPA Enterprise ( + WPA2 where available) Dynamic VLANs Support for

slide-1
SLIDE 1

Eduroam in a box Eduroam in a box (take 3) (take 3)

Rok Papež, ARNES, Barcelona, 06.09.2005

slide-2
SLIDE 2

ARNES EduRoam 1/2 ARNES EduRoam 1/2

  • WPA/WPA2 Wireless network

– WPA Enterprise ( + WPA2 where available) – Dynamic VLANs – Support for legacy networks (multiple SSID)

  • RADIUS tree hierarhy

– Non-automatic auth (forced EAP-TTLS + PAP) – Send real user-name with Access-Accept – Monitor users (full log + IP, close stale connections) – FreeRADIUS problems (threads, libs, Alan DeKok)

slide-3
SLIDE 3

ARNES EduRoam 2/2 ARNES EduRoam 2/2

  • OpenLDAP

– Very unintuitive software – Reliability vs. Performance (bdb/hdb vs. Lmdb) – Phpldapadmin = administrator tool – siEduPerson schema – Bad documentation about schemas

  • Specification updates
  • L2 security is complex (Catalyst 3750, L2/L3 fw)
slide-4
SLIDE 4

EduRoam administrators EduRoam administrators

  • 50% use trial and error learning

– Low understanding of Wireless security – Low understanding of Ethernet security – Radius servers are missconfigured – Extensive, manual one-time network inspections – Why use LDAP and not MySQL/text files ?

  • Time consuming EduRoam deployment
  • With time - small AAI missconfigurations
slide-5
SLIDE 5

EduRoam in a box – why ? EduRoam in a box – why ?

  • Speed up deployment
  • For less technicaly experianced
  • Deployment of a proven solution
  • Less errors
  • Automated configuration with easier

deployment

  • Easier reporting of data

– Statistics – AP database

slide-6
SLIDE 6

ARNES Eduroams ARNES Eduroams

  • Big EduRoam

– WPA(2) Enterprise – FreeRADIUS – OpenLDAP – ISC DHCPd – MySQL (accounting) – EduRoam monitor – L2/L3 security via

switch

  • Small EduRoam

– WPA(2) Enterprise – FreeRADIUS – OpenLDAP – ISC DHCPd – MySQL (accounting) – EduRoam monitor – L2/L3 security via

Linux firewall

slide-7
SLIDE 7

Eduroam in a box „Home“ Eduroam in a box „Home“

slide-8
SLIDE 8

Eduroam in a box „Network“ 1/2 Eduroam in a box „Network“ 1/2

slide-9
SLIDE 9

Eduroam in a box „Network“ 2/2 Eduroam in a box „Network“ 2/2

slide-10
SLIDE 10

Eduroam in a box „Crypto“ 1/2 Eduroam in a box „Crypto“ 1/2

slide-11
SLIDE 11

Eduroam in a box „Crypto“ 2/2 Eduroam in a box „Crypto“ 2/2

slide-12
SLIDE 12

Eduroam in a box „Accounting“ Eduroam in a box „Accounting“

slide-13
SLIDE 13

Eduroam in a box „Access Points“ Eduroam in a box „Access Points“

slide-14
SLIDE 14

Eduroam in a box „AAI“ 1/3 Eduroam in a box „AAI“ 1/3

slide-15
SLIDE 15

Eduroam in a box „AAI“ 2/3 Eduroam in a box „AAI“ 2/3

slide-16
SLIDE 16

Eduroam in a box „AAI“ 3/3 Eduroam in a box „AAI“ 3/3

slide-17
SLIDE 17

Eduroam in a box - Summary Eduroam in a box - Summary

  • Skeleton/base is done
  • Rough around the edges
  • Still work to do
  • Field deployments
  • Support for other equipment

– „Big EduRoam“ - Catalyst 3750 – Other Access Points