downloading - Network Startup Resource Center

Transcription

UCAD Campus Wireless Network
January 19-22, 2012
Dale Smith (NSRC), Sebastian Buettrich (NSRC), Khoudia
Gueye (UCAD)
Version
V1 seb
20120121
V2 Dale
V3 Seb
20120122
V4 Seb
V5
V6 final
20120126
Dale Smith
Sebastian
Buettrich
Table of Contents
UCAD Campus Wireless Network ......................................................................................................1
Initial observations and status..............................................................................................................2
Wireless Vlan(s)...................................................................................................................................4
VLAN sizing
.....................................................................................................................................................4
VLAN design details...................................................................................................................4
Unifi controller.....................................................................................................................................5
Unifi controller install.................................................................................................................5
Unifi AP configuration.........................................................................................................................9
Enabling L3 management by adding controller to DNS.............................................................9
Unifi AP deployment..........................................................................................................................10
Policy based routing and Captive Portal.............................................................................................11
Policy Based Routing................................................................................................................11
Action Points......................................................................................................................................17
Unifi: Further Reading.......................................................................................................................17
Appendix 1: Discussion of provisioning via Layer 3.........................................................................18
Appendix 2: Tests regarding AP deployment problems, network and DNS issues............................20
Changing IP settings via Unifi controller GUI..........................................................................20
DNS tests...................................................................................................................................21
DNS tests on AP that has IP settings provided by DHCP................................................22
DNS tests on AP manually configured............................................................................23
Network/physical issues around the router routing 172.17.13x.0...................................24
More DNS issues.............................................................................................................26
............................................................................................................................................................26
Appendix 3: Rapport de Mission 01/201201......................................................................................27
Initial observations and status
 Good fiber and ethernet backbone to large parts of campus
 Fiber ending at UCAD2 complex,
no fiber above a northwest/southeast line running close to UCAD2
 Many buildings and departments each have their own ADSL .
There are more than 100 independent ADLS lines on Campus. The cost
of ADSL is 1 MB - 20,000 , so we have an accumulated hidden
connectivity budget of > 2,000,000 CFA ($4000).
 e.g. Library: several ADSL's - more than 100 - including the admins,
the ref desk - nobody is using the campus backbone.
 The wireless network consisting of 3 superwifi ALTAI A8 masts and
connected client/APs is not working at all. #1 works, power issues on
one mast #2, no SSIDs visible on other #3.
 The existing APs/clients are not worth reactivating (TP-Link devices,
home user, old)
 Expected users: maybe 30% of 60.000 have laptops (?)
 Captive portal – UCAD IT has some experience with both pfsense and
chilli.
pfsense seems best suited as there s an existing pfsense VPN anyway,
and the learning curve seems moderate.
Wireless Vlan(s)
VLAN sizing
/16 for all wireless networks
/18 per router
/23 per building (!!! 1400 seats in UCAD auditorium!!! :) )
VLAN design details
The wireless VLANs will mirror exactly the existing voice and data vlans. There
will be a /23 subnet associated with each building and these networks will be
routed in throughout the campus network. All wireless will reside on the RFC
1918 address space of 172.17.0.0/16.
Broadcast Passerelle parNombre
défaut IP
172.17.1.255
172.17.3.255
172.17.5.255
172.17.7.255
172.17.1.254
172.17.3.254
172.17.5.254
172.17.7.254
510
510
510
510
172.17.65.255
172.17.67.255
172.17.69.255
172.17.71.255
172.17.73.255
172.17.65.254
172.17.67.254
172.17.69.254
172.17.71.254
172.17.73.254
510
510
510
510
510
172.17.129.255172.17.129.254
172.17.131.255172.17.131.254
172.17.133.255172.17.133.254
172.17.135.255172.17.135.254
172.17.137.255172.17.137.254
172.17.139.255172.17.139.254
510
510
510
510
510
510
172.17.193.255172.17.193.254
172.17.195.255172.17.195.254
172.17.197.255172.17.197.254
510
510
510
Unifi controller
Unifi Controller has been installed on the following server:
 Ubuntu 10.04 LTS (existing 10.10 was not manageable, due to expired /
non-supported repositories)
 Linux dsi-desktop 2.6.32-33-generic #72-Ubuntu SMP Fri Jul 29
21:07:13 UTC 2011 x86_64 GNU/Linux
 cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address 172.16.1.250
gateway 172.16.1.254
broadcast 172.16.1.255
netmask 255.255.255.0
 web GUI at https://172.16.1.250:8443
Unifi controller install
The installation followed
http://forum.ubnt.com/showthread.php?t=45945
The most important steps are:
1. aptget upgrade
2. edit /etc/apt/sources.list
to add
deb http://www.ubnt.com/downloads/unifi/distros/deb/lucid lucid ubiquiti
deb http://downloadsdistro.mongodb.org/repo/ubuntuupstart dist 10gen
3. add GPG Keys
aptkey adv keyserver hkp://keyserver.ubuntu.com recv 7F0CEB10
aptkey adv keyserver hkp://keyserver.ubuntu.com:80 recv C0A52C50
4. update, install & upgrade
aptget update
aptget install unifi
(resolves mongodb dependency by itself)
5. the UniFi webUI can be reached via https://<unifi_ip>:8443/
Securing the controller: see Action Points!
Unifi AP configuration
Enabling L3 management by adding controller to DNS
We configure our DNS server to resolve 'unifi' to your controller's IP address. Result:
sebastian@nsrcauth3:~$ nslookup unifi
Server:
Address:
172.16.1.3
172.16.1.3#53
Name: unifi.winucad.sn
Address: 172.16.1.250
In this way, all APs can find their inform URL,
handshake, adoption etc.
http://unifi:8080/inform, needed for initial
With this step,
full management and provisioning over layer 3 is possible, for all devices
running firmware versions 2+.
Devices can be upgraded from firmware versions 1 to 2 over layer 3, and
across subnets, but this requires additional command line steps, described and
discussed in Appendix 1.
However, there is little motivation to do this it is much easier to
 unpack and test each new device at your NOC/office
 adopt it, upgrade and configure it
 then deploy it to its final location
All configuration changes, upgrades and so forth may then be performed via
the Unifi GUI, regardless of subnet/broadcast domain of the AP.
Unifi AP deployment
We deployed the first batch of Unifi APs to locations at the Rectorate and
others.
Doing so, we faced a number of problems with
adopting, provisioning, configuring
remote Aps.
Detailed tests – documented in Appendix 2 – suggest that the problems are in
•
•
physical network (cables, fiber), packet losses
DNS issues
and not related to any Unifi specific (AP or controller) issues.
Policy based routing and Captive Portal
Policy Based Routing
As we develop a scalable strategy to deploy wireless at UCAD, we have decided
to implement a Wireless VLAN in each building that is present at all UCAD
managed switches. This VLAN is in addition to the Data and Voice VLANs that
are already present at every switch in the network. This Wireless VLAN will
provide routed /23 subnets in the 172.17.0.0 rfc 1918 address block for each
subnet on the UCAD campus.
Prior to the introduction of the captive portal, the campus network looked like:
We will introduce the captive portal on the core switch at DSI (the central
computing center) as follows:
The key challenge is that we need to deliver all traffic from the wireless clients
coming from any address in the 172.17.0.0/16 block to the captive portal so it
can provide authentication services. The function of the captive portal is fully
described in http://en.wikipedia.org/wiki/Captive_portal, however, in simplistic
terms, the captive portal will drop all traffic from a client until the client
authenticates. The authentication happens when the client starts up a web
browser to access the Internet and the captive portal redirects the http or
https request to a web page that provides authentication by requesting a
username and password or some other type of authentication token. Once the
authentication is completed successfully, the captive portal will pass all traffic
from the client on to the destination.
The challenge is that standard routing looks at the destination address of a
packet and forwards that packet based on the routing tables. However, we
need the DSI router to look at the source address of the packets it is
forwarding and for anything coming from 172.17.0.0/16, it needs to forward
that packet to the captive portal. This can be accomplished with Policy Based
Routing. Although it should not be a problem to apply this policy to all ports
except the captive portal output/WAN port (because we should not see any
traffic from 172.17.0.0/16 from the firewall, the captive portal input/LAN port,
or the server net3work) . For example, we will only apply the policy based
routing that says forward any packet from 172.17.0.0/16 to the captive portal
on the ports marked in Green as follows:
Thus, we will not apply this policy to the ports attached to the captive portal,
the firewall, or the server network. For our example, we need to know the
ports assigned to each connection off of the DSI router. Let us assume that we
have the following assignments:
GigEthernet0/1: Rectorat
GigEthernet0/2: FSJP-DORS1
GigEthernet0/3: FST-DORS1
GigEthernet0/4: ENSETP
GigEthernet0/5: ESP-Public
GigEthernet0/6: ESP
GigEthernet0/7: DSI Firewall
GigEthernet0/8: Captive Portal out
GigEthernet0/9: Captive Portal in
GigEthernet0/10: DSI-DORS2
Policy Based Routing uses two key concepts: access lists and route maps.
First, we need to define an access list that matches on a packet with a source
address of anything in the 172.17.0.0/16 block. The access list that describes
this is simple:
access-list 1 permit 172.17.0.0 0.0.255.255
This defines access list number will match any packet with the source address
of 172.17.*.* and will not match on any other packet. Note that access lists
have a default deny at the end of the list, so we don’t specifically have to
configure the deny for all other packets. Please also note that you may
already have configured access list 1, in which case you need to adjust the
examples here accordingly to use a different access list number.
Next we define a route map. The route map has a name that you select and
an order in which the route map is applied (you can apply multiple route maps
on an interface). You should always leave space between the route map
number because you may want to apply a route map either before, after, or
between maps you have defined. Here, we will define a route map called
wireless-client. This name is arbitrary, but should be something meaningful to
your organization. It is important to note that just as with an access list, each
route map ends with an implicit deny all, so you do not have to have that in
your configuration.
route-map wireless-client permit 10
match ip address 1
set ip next-hop <ip address of input interface of captive portal>
This map says that when we match the source address describe with accesslist 1 (any traffic from some device on the wireless network, we will send it out
interface GigEtherent0/8 that is the interface that the next-hop router, which is
the port connected to the input of the Captive Portal. If we do not match the
access list, then default routing will apply to the packet and it will be routed
normally.
Now, in our example, we simply need to apply this route map to each interface
that will have wireless client traffic coming from it (see the diagram above with
the green circles on the interfaces). Note that we can apply this to all ports
except the wireless portal output/WAN port (see discussion below of the
captive portal for more information). Please also note that since at least the
interfaces attached directly to building switches will actually have the routed
interface be a VLAN interface, not the physical interface, so you will have to
adjust the commands used to apply the route map to specify the appropriate
interface (the wireless VLAN or in the case of router-to-router, probably the
actual interface, depending on the router configuration). The configuration
command required to apply the route maps to the interface is generally:
interface <interface name>
ip policy route-map wireless-client
ip route-cache policy
So, if we are attempting to apply this to say VLAN 22 that has a wireless VLAN
to one of the directly served buildings, you would specify:
interface vlan 22
If you were placing this on a non-VLANed direct router-to-router interface, say
Gigabit Ethernet 0/3, the command would be:
interface GigEthernet0/3
You will need to apply this configuration on all interfaces that will see traffic
from wireless clients and can be applied to all interfaces except the output port
of the captive portal. This configuration example also uses the “ip route-cache
policy” to turn on fast switching of the packets rather than process switching
when processing policy commands on this interface. Without fast switching, all
policy processing is handled by the router's CPU. This can cause serious
performance problems in a slower router, or if the traffic load is heavy.
Requirements of the Captive Portal
The above example of Policy Routing to deliver packets to the Captive Portal
makes several assumptions:
1. The captive portal has an input and an output port. In descriptions of
captive portals, these may be called the LAN (interface towards the
wireless clients or GigEthernet0/8 in the above configuration) and WAN
(interface towards the network or GigEthernet0/9 in the above
configuration). You will need to configure these interfaces with IP
addresses on both the router and the captive portal. The LAN and WAN
networks must be different subnets.
2. The captive portal will act as a router. Since it is a router, it needs to
know how to route traffic in your network. You should point a route to
the wireless client network towards the LAN interface and a route to the
Internet towards the WAN interface. In this case, you would point a
route to 172.17.0.0/16 to the LAN and a default route to the WAN.
3. The captive portal must authenticate on IP addresses, not MAC
addresses. In this design, the captive portal will not be able to see the
MAC addresses of the wireless clients.
4. The captive portal must be configured to “white list” certain types of
traffic. Virtually all captive portals allow you to white list various types of
traffic. You will need to read the captive portal documentation to find out
how to do this with the captive portal you have chosen. The following
traffic should be “white listed” by the captive portal to pass the traffic
without authentication:
a. All traffic to/from the IP addresses of the Access Points. This will
allow the controller to manage the access points and nagios to ping
the access points. If you wanted to be more restrictive, you could
make the “white listing” to be all traffic to/from access points
to/from the controller, nagios, and any other machines you may
want to use to ping access points (the subnet for your network
engineers).
b. All DHCP and DNS traffic to/from any wireless client (a laptop or
tablet connected to the wireless network). This will allow the
laptop/tablet to get an IP address and resolve a name using the
DNS. The DNS is very important because the way authentication
works is that the user must launch a browser and try to access the
Internet. When the browser tries to access the Internet, it must be
able to resolve a name (www.google.com for example) to an IP
address or the browser will not attempt to make an http query.
Action Points
• Controller: check and adjust the servers security and failover status
• Controller: key based ssh access instead of password auth
• Controller: Root password on Controller – change!
• Protect Unifi web GUI by means of firewall and/or htaccess
• Add key elements of the wireless network to Nagios
• Start work on one central user store, e.g. ex Oracle, LDAP/AD
Unifi: Further Reading
• essential: http://wiki.ubnt.com/UniFi_FAQ
is the closest thing to a technical manual (that currently does not exist).
• Quickstart: http://www.ubnt.com/downloads/guides/UniFi/UniFi_AP_QSG.pdf
• User Guide: http://www.ubnt.com/downloads/guides/UniFi/UniFi_AP_APLR_User_Guide.pdf
Appendix 1: Discussion of provisioning via
Layer 3
The following notes discuss the management of Unifi Aps over L2 and L3,
specifically whether Unifi Aps can be fully deployed and management across L2
broadcast domains, meaning: only depending on Layer 3 connectivity.
We will not discuss the subtle differences between “subnet” and “L2 broadcast
domain” here.
Both subnets and broadcast domains should be defined and limited by routers,
without overlaying mulitple IP subnets over one router/switch.
Our controller network: 172.16.1.0
Our wireless (V)Lan: 172.17.2.0
We add and adopt an AP on the 172.16.1.0 network, i.e on the same subnet as
the controller. This works OK and it can upgrade .
We can add and adopt an AP on 172.17.2.0 network, BUT it cannot upgrade
from v1 to v2
We can ssh into two Aps with firmware version 2, whether these are on the .
1.0 or .2.0 network
Both these APs can
ssh
ping
http 80 , 8080
An old firmware AP, version 1 - can it do the same? YES.
It can ping, ssh, http the controller, no matter what network it is located on.
However, it can not be upgraded from the controller side., as firmware version
1 does NOT offer L3 management capabilities.
Solution:
ssh [email protected]
NOTE THAT WE ARE USING ubnt/ubnt as this AP is at default and not adopted yet!
BusyBox v1.11.2 (20110321 14:21:41 PDT) builtin shell (ash)
Enter 'help' for a list of builtin commands.
BZ.v1.2.3#
BZ.v1.2.3# ping 172.16.1.250
Pinging the controller
PING 172.16.1.250 (172.16.1.250): 56 data bytes
64 bytes from 172.16.1.250: seq=0 ttl=63 time=0.430 ms
now, from this v1 device, do
syswrapper.sh upgrade http://172.16.1.250:8080/dl/firmware/BZ2/<versionnr>/firmware.bin
(the exact firmware version needs to be checked, by looking into
/usr/lib/unifi/dl/firmware
on the controller.)
Here in our case it is
syswrapper.sh upgrade http://172.16.1.250:8080/dl/firmware/BZ2/2.2.0.996/firmware.bin
This works fine, so you can indeed fully upgrade them over L3,
even if not on the same broadcast domain / IP subnet .
Appendix 2: Tests regarding AP deployment
problems, network and DNS issues
Looking into the various problems we encountered when provisioning remote
Aps,
detailed tests – documented in what follows – suggest that the problems are in
•
•
physical network (cables, fiber), packet losses
DNS issues
and not related to any Unifi specific (AP or controller) issues.
Crucial tests:
Changing IP settings via Unifi controller GUI
Can an AP, that has received IP settings via DHCP, be moved to fixed IP via the
Controller GUI?
1a) keeping the same IP address as DHCP had given? YES
Setting 172.17.130.26 manually via controller GUI - works fine.
1b) can i move an AP to a fixed address in the range 172.17.x.1...20?
Setting 172.17.130.10 manually via controller GUI - works fine.
DNS tests
Remarks on differences between nslookup and system resolver
nslookup and system resolver both use the /etc/resolv.conf file, but in diferent ways.
nslookup talks to only one name server at a time.
This is the biggest difference between nslookup's behavior and the resolver's behavior.
The resolver makes use of each nameserver directive in resolv.conf. If there are two
nameserver directives in resolv.conf, the resolver tries the first name server, then the second,
then the first, then the second, until it receives a response or gives up. The resolver does this
for every query.
On the other hand, nslookup tries the first name server in resolv.conf and keeps retrying until
it finally gives up on the first name server and tries the second.
Once it gets a response, it locks onto that server and doesn't try the next.
In other words,
When there are multiple nameservers in /etc/resolv.conf, the resolver
queries them in the order ABCABCABC..., but nslookup uses the order
AAA...BBB...CCC....
And once it gets a response from a server, it
locks onto that one for the rest of the session (or until you use the
"server" command to select a server explicitly).
Source: http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch12_01.htm
Also read:
http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/nslookup-flaws.html
http://veggiechinese.net./nslookup_sucks.txt
DNS tests on AP that has IP settings provided by DHCP
BZ.v2.2.0# ifconfig br0
br0
Link encap:Ethernet HWaddr 00:27:22:BC:69:9B
inet addr:172.17.130.27 Bcast:172.17.131.255 Mask:255.255.254.0
BZ.v2.2.0# cat /etc/resolv.conf
search winucad.sn
nameserver 172.16.1.3
nameserver 196.1.95.15
BZ.v2.2.0# nslookup less.dk
################### takes30 seconds !!!!!!!!!!!!!!!!!!!!!!!!!
Server:
172.16.1.3
Address 1: 172.16.1.3 serveur3.winucad.sn
Name:
less.dk
Address 1: 80.71.132.234 80-71-132-234.u.parknet.dk
BZ.v2.2.0# nslookup nsrc.org
Server:
172.16.1.3
Name:
nsrc.org
Address 1: 2001:468:d01:103::80df:9d13
Address 2: 128.223.157.19 nsrc.org
BZ.v2.2.0# nslookup nsrc.org 196.1.95.15
################### takes 1 min 30 seconds !!!!!!!!!!!!!!!!!!!!!!!!!
Server:
196.1.95.15
Server:
196.1.95.15
Address 1: 196.1.95.15
Name:
nsrc.org
Address 1: 2001:468:d01:103::80df:9d13
################### takes 30 seconds !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Server:
172.16.1.3
Name:
nsrc.org
Address 1: 2001:468:d01:103::80df:9d13
BZ.v2.2.0#
DNS tests on AP manually configured
BZ.v2.2.0# ifconfig br0
br0
Link encap:Ethernet HWaddr 00:27:22:54:DE:47
inet addr:172.17.130.26 Bcast:172.17.131.255 Mask:255.255.254.0
BZ.v2.2.0# cat /etc/resolv.conf
nameserver
172.16.1.3
#### NOTE we give no domain, search info
BZ.v2.2.0# nslookup nsrc.org
####### instant result !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Server:
172.16.1.3
Name:
nsrc.org
Address 1: 2001:468:d01:103::80df:9d13
BZ.v2.2.0# nslookup unifi
Server:
172.16.1.3
nslookup: can't resolve 'unifi': Name or service not known
Network/physical issues around the router routing
172.17.13x.0
### from Controller 172.16.1.250 out to the APs 172.17.130.x
sebastian@nsrc-auth-3:~$ ssh [email protected]
[email protected]'s password:
Linux dsi-desktop 2.6.32-33-generic #72-Ubuntu SMP Fri Jul 29 21:07:13 UTC
2011 x86_64 GNU/Linux
Ubuntu 10.04.3 LTS
#################### pinging
--- 172.17.130.27 ping statistics --100 packets transmitted, 97 received, 3% packet loss, time 99128ms
rtt min/avg/max/mdev = 1.223/1.263/1.373/0.053 ms
--- 172.17.130.10 ping statistics --100 packets transmitted, 16 received, 84% packet loss, time 99128ms
rtt min/avg/max/mdev = 1.178/1.261/1.287/0.045 ms
### gateway:
#### broken cable on 172.17.130.10 ???
eth0
Link encap:Ethernet HWaddr 00:27:22:54:DE:47
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500
Metric:1
RX packets:4550 errors:2993 dropped:2842 overruns:0 frame:1
TX packets:1357 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:558355 (545.2 KiB) TX bytes:478810 (467.5 KiB)
Probably faulty cable!
#### 172.17.130.27 is not good either!
eth0
Link encap:Ethernet HWaddr 00:27:22:BC:69:9B
UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST MTU:1500
Metric:1
RX packets:138633 errors:8277 dropped:8243 overruns:0 frame:2
TX packets:46621 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12063270 (11.5 MiB) TX bytes:22760622 (21.7 MiB)
More DNS issues
############# from laptop connected to AP test1 172.17.2.3:
sebastian@nsrc-auth-3:~$ nslookup unifi
Server:
Address:
172.16.1.3
172.16.1.3#53
############# from AP test1 172.17.2.3:
BZ.v2.2.0# nslookup unifi
Server:
172.16.1.3
nslookup: can't resolve 'unifi': Name or service not known
Name:
unifi.winucad.sn
Address: 172.16.1.250
Appendix 3: Rapport de Mission 01/201201
Dakar, le 25 Janvier 2012
Rapport de Mission 01/201201
Du 18 au 22 Janvier 2012, nous avons reçu une mission conjointe du Network
Startup Resource Center (NSRC) et du Centre International de Physique Théorique
Abdus Salam (ICTP).
Cette mission a porté sur les 4 points suivants :
1. Audit du réseau de campus
En compagnie de Dale SMITH, Marco ZENNARO et Sebastian BUETTRICH, nous
avons visités les différents nœuds du backbone de l’UCAD (DSI, FSJP et FSJP),
en parcourant les chemins de câbles et en visitant certains regards.
A l’issue de cette visite, nos hôtes ont noté des forces, mais aussi des
faiblesses sur l’infrastructure du réseau de l’UCAD. En effet, ils ont salué la
remise à niveau du local technique de la DSI, l’existence des switchs
manageables et managés avec l’outil Nagios, la segmentation des domaines de
broadcast avec la création des VLANs voix et données par institut, l’existence
des liens en fibre sur toute l’étendue de l’UCAD, même si la plupart des liens
sont en multimode.
Toutefois, ils ont noté quelques faiblesses notamment un taux de perte de
paquets assez élevé entre la DSI et FSJP, du au fonctionnement en mode
dégradé depuis la rupture de la fibre, des câbles réseau souvent mal sertis
amenant des pertes de connexion, une instabilité du serveur DNS, l’existence
de lignes ADSL partout dans l’université en lieu et place d’un accès Internet
haut débit, symétrique et mutualisé à la DSI.
2. Wireless Survey :
 Visite de sites :
En faisant le parcours des chemins de câbles du backbone pour les besoins de
l’audit réseau, nous avons visité le réseau Wi-Fi existant de l’UCAD. Ainsi, nous
sommes rendus à l’ESP, à la FST, à la BU et à l’UCAD II pour tester les zones
de couvertures du signal Wi-Fi. L’accès Internet à partir du réseau Wi-Fi ne
fonctionnait qu’au niveau de la BU. Si à l’ESP on voyait le SSID, au niveau des
autres stations de base (UCAD II et FMPOS), tous les équipements étaient
éteints.
En définitive, nous avons constaté que seul le Wi-Fi de la BU fonctionnait
correctement, mais utilise une ligne ADSL et n’est pas supervisé.
 Tâches réalisées:
Pour permettre à l’UCAD de bâtir un modèle de réseau Wi-Fi géré et contrôlé
avec le maximum de zone de couverture, notre partenaire le NSRC a envoyé
des experts, assisté de l’équipe réseau de la DSI de l’UCAD pour faire ce
wireless survey.
Afin de concevoir un modèle de réseau sans fil évolutif et utilisant
l’infrastructure filaire de l’UCAD, nous avons créé de nouveaux VLANs dédiés
au trafic sans fil. L’avantage d’une telle configuration est de séparer les
domaines de broadcast par institut et de définir des règles de filtrage adaptées
à chacun de ces VLANs.
A termes, le nouveau réseau Wi-Fi de l’UCAD devra utiliser l’accès Internet
mutualisé, où tous les APs seront directement connectés au réseau filaire au
lieu d’utiliser un accès ADSL comme c’est le cas aujourd’hui
Le plan d’adressage défini pour router le trafic des VLANs Wireless est le
suivant :

downloading - Network Startup Resource Center

Transcription

Documents pareils

Campus Networking Best Practices Session 5: Wireless LAN

Temperature Control Unit TT-188

EAP300 - RTSiFRANCE

NBG5715

Safety Controller CPU Module User`s Manual

Wireless Home Network Security Guide

2 ac motor controller 100

PD1-013 / PD2-013 / PD3-013 Stepper Motor with

Linksys WRT310N Datasheet

Energetics and the evolution of human brain size

Strategic Plan