Solved

Wireless network setup for a school

Posted on 2013-01-25
11
680 Views
Last Modified: 2013-02-06
Hi There

I have the following scenario:-

School with approx 55 classrooms/offices. I need to setup wireless connectivity throughout the school. The school has 3 floors and the futhest distance from the server room will be approx 100metres.

I have been doing some research on using a radius server which seems to be the best way to go.

1. What would I need in terms of hardware and software to set this up?
2. Do i need to put an access point in each classroom?


Please advise on best possible solution.

Thanks
0
Comment
Question by:ltrading
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 22

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 250 total points
ID: 38818302
You should definitely go for Radius and 802.1X authentication.
But will the school provide PCs for the students, and will PCs be domain joined? Or will they only have username and password in domain and bring their own equipment?
That will limit if you should use EAP-TLS or PEAP-MsChapV2 as authentication, the first is with certificates, and the second one is with Domain Username and Password.
YOu can also choose wether you want to authenticate computers AND users, or only one of them. All these settings is done on Radius server (WIn2008R2 or 2012 server i hope??), and settings on client device.

For the wireless, go for a controller-based solution, where all access point is managed and monitored centrally.
Hardware Setup:
Buy swithces with PoE - i use either Cisco Catlyst 2960 or HP ProCurve 2520 -- remember to buy a swicth with Gbps ports for the wireless (!)
I'd recommend Aruba Networks hardware, controllerbased and with 802.11n access points. If your budget is limited you can buy Instant Access Points, where the first AP will become a master for the rest and settings done on AP1 will replicate to all other APs.
With the controllerbased you will get a full stateful firewall, application visibility, roles and role derivation, bandwidth limitiation, user visibility and advanced radio and spectrum monitoring and management.

When it comes to the amount of APs:
- Coverage in terms of range (getting a radio signal to cover a certain area) is no longer the issue.
- You need to plan for users, and remeber - a user most likely have more than one device. Many wireless networks where deployed based on employees or students - but for one device each. Now users have PC, SmartPhones and tablets that need access aswell.
- plan for around 25 - 30 users per AP ---
0
 
LVL 17

Assisted Solution

by:TimotiSt
TimotiSt earned 250 total points
ID: 38822118
The number of access point depends on user/client numbers (as @jakob_di says, expect 2+ devices/human being), coverage depends on the physical attributes of the buildings.
Do some coverage testing with some old AP, just to get a feel for the building.

Example:
- I can cover 3-4 classrooms with one AP in our new building, where walls are drywall.
- I can only cover one classroom with one AP in our old buildings, where we have 1m thick solid stone walls...

For a controller based solution, the more APs you have, the better. You can't really have too many, the controller will manage channels and power levels dynamically.

A cheap controller-based solution is the Ubiquiti Unify system: the controller runs on a PC/server, the APs do layer2 bridging without much layer2 security. POE is not standard, which is a pain, and the system sometimes has issues. But, it's cheap.
If you can afford an Aruba, definitely go with that.
Not much personal experience with other wifi vendors, like Ruckus, HP, Juniper or Cisco. I did hear something about Ruckus giving very nice prices for schools, though.

Tamas
0
 

Author Comment

by:ltrading
ID: 38854397
Thanks for the feedback.


1. some pc's will be on the domain and some won't.
2. Will a 2008 r2 Server surfice as a RADIUS Server or do I need a seperate pc loaded with Radius software?
3. Thanks, I will look at the Aruba Solution. Will I still need a radius server if I go controller based?
4. classrooms have thick walls so it will probbaly be 1 AP per classroom.
5. I will look into Ruckus as well.

Thanks
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 17

Assisted Solution

by:TimotiSt
TimotiSt earned 250 total points
ID: 38854443
1. No problem, you can define multiple networks and SSIDs. Define one with good security for the domain members, others for logged in users, and another for guests.
2. As long as you can install IAS on it, it should be okay. Some versions (like SBS) may not be able to run IAS; also not sure about licensing.
3. The Aruba can do authentication on an internal username-password database, but it's fairly basic. If you want advanced stuff, you'll need a Radius server.
0
 
LVL 22

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 38857220
1. for domain joined computers, use machine authentication with user re-authentication, for non-domain joined - user user authentication. All should use PEAP-MsChapV2 - which is unbreakable
2. Radius server, NPS in 2008 - is best practice to collocate with DC - i.e on same server :-)
3. Yes
4. if you budget allows is - buy an Aruba IAP105 - which is a AP105 from Aruba that can run without a controller. Move this from room to room to see what coverage you'll get. BUT - remember to plan for at least 2 devices per user - and try to get a max of 30-40 users on an AP (PEAK numbers of course)
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38858813
"unbreakable": there is no such animal. :)
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 38858823
with todays available technology - there is no way to crack either encrypted PEAP tunnel or the dynamic WPA keys assigned to each user --- so if you go wireless - use PEAP-MsChapV2 or EAP-TLS with WPA2-AES keys
no way anyone today will break that.
apart from the social engineering/stealing password part
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38858878
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 38858887
that's why put the ms-chap-v2 inside an encrypted PEAP tunnel ;-)
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38858957
Okay, that makes sense.
Back to OP's problem, I don't think the schoolkids will hack any kind of serious EAP/PEAP.
0
 

Author Comment

by:ltrading
ID: 38859425
I have been in contact with Aruba Network suppliers in my country and we are working on a suitable solution.

Thanks for pointing me in the right direction.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question