Selasa, 29 Mei 2007

With hundreds of Cisco 350 802.11b access points (APs) installed throughout its campus, Dartmouth College was struggling to keep up. Managing and upgrading these APs had become unbearable. Meanwhile voice, video, 802.11a and 802.1X were all on the Wi-Fi horizon. But Dartmouth had no way to easily get to where it wanted to go. Enter Aruba Networks.

Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.


Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.

With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”

According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”

To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.

“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”

Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”


Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.

Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.

For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”

The Aruba system gives us complete flexibility to implement 802.1X, for
example, for any and every port on the network from a central point without
having to upgrade the entire wired network.

David Bourque: Network Engineering, Dartmouth College