Zcomax RCP - Education Case Study

WLAN Solution for Jiangsu University

Customer Introduction

Jiangsu University is a comprehensive educational facility emphasizing both science and engineering as well as teaching and research work. Jiangsu University was founded on August, 2001 by merging Jiangsu University of Science and Technology, Zhenjiang Medical College and Zhenjiang Teacher's College.

Situated in Zhenjiang, Jiangsu a well-known historical and cultural city in China, and covers a very large geographic area

Customer Requirements

Thanks to the improvement of university conditions, Internet access and campus network have been realized gradually, allowing the information within and outside of the campus to be more easily accessed and shared. As the popularity and quantity of network information increases and the price and availability of computer hardware decreases, more and more students and faculty members have their own notebooks, causing a high demand for mobile Internet access within the campus. However, the wiring layout in the old teaching buildings and dormitories, which falls far behind network development needs, greatly limits the modernization of the university.

Under these conditions, wireless coverage within campus, using WLAN technology, becomes the most cost effective and efficient implemenation. This medium can fully meet the mobility and performance features required by students and faculty, and so that their demand for network and internet access can be satisfied.

Project Aim

The project aims to meet the demand of students and faculties in Jiangsu University for accessing the campus network and Internet wirelessly in a convenient, flexible and efficient way. Besides realizing wireless network coverage in parts of the teaching and dormitory areas, the project also needs to achieve seamless connectivity between wireless network system and existing wired campus network systems.

The wireless network coverage area includes::

Teaching Area:

Teaching Building A and the lawn nearby;
Teaching Building B;
Research / Electrical / Computer / Chemical Building;
Corridor;
Main A Building;
Around Jing Lake;
Expert Building;
Library;
Business Management Building

Dormitory Area:

Area 3X01 ~ X08 Building;
Area 4X01 ~ X08 Building;
Area 5 X01 ~ X07 Building;
Area 6 X01 ~ X04 Building

Solution

With the construction considerations of overall planning, appropriate redundancy, demand and step by step Implementation determined by on-site investigation, system requirements and existing network conditions, the WLAN network in Jiangsu University can be divided into three sub-projects, which are:

combined coverage
outdoor coverage
indoor coverage

1. Combined Coverage: Teaching Building A, Dormitory Area 3 X06 Building, Dormitory Area 6 X01 ~ X04 Building

2. Outdoor Coverage: Teaching Building A & Lawn nearby, Teaching Building B, Research/Electrical/Computer /Chemical Building, Corridor, Main A Building, Jing Lake and around

3. Indoor Coverage: Dormitory Area 3 X01 ~ X08 Building (except for X06 Building), Dormitory Area 4 X01 ~ X08 Building, Dormitory Area 5 X01 ~ X07 Building, Expert Building, Library, Business Management Building

Coverage Scope

The general campus view of Jiangsu University is shown below, and those areas within the red frames are the coverage scope of this solution.

Figure 1 Campus General View

Network Planning

- IP Address of APs

The IP addresses of APs are private addresses used by Jiangsu University campus network.

- IP Address for User

Users obtain IP addresses provided by Zhenjiang Mobile through DHCP, the gateway is configured in the third layer router located in each building.

- DHCP Arrangement

Zhenjiang Mobile is in charge of constructing the DHCP server in WLAN network, while Jiangsu University sets DHCP relay on the third layer router in each building.

Equipment in the Main Computer Room of Jiangsu University

1. As the access control server, one Amtium eFlow BRAS 2204 controls access to the external network. It connects to the campus network of Jiangsu University through 1000M Ethernet interface with private IP address of Jiangsu University as the connection address. The uplink port of eFlow BRAS 2204 is a 1000M fiber interface, connecting with a S8016 in Dingmao computer room of Zhengjiang Mobile.

2. One IBM X3550 server acts as AP management system server and WLAN DHCP server as well. Using private IP address of Jiangsu University, it connects into the campus network directly.

- Connection Mode from AP to Radius

The IP address of AP is private campus IP address, while the Radius uses public IPs and is located in the eastern gate computer room of Zhenjiang Mobile; due to this condition, another link is required to realize the interconnection between Radius and campus network. The interconnection address adopts a private campus address. A new firewall setup by Zhenjiang Mobile is required so as to protect Radius and map the IP address of the Radius server into a private one of Jiangsu University.

Figure 2 Network Topological Graph

- Authentication & Accounting Planning

Zhenjiang Mobile has set up a new authentication and accounting software system in the server of its eastern gate computer room for authentication & accounting and user management.

Considering the application conditions of the WLAN network required in Jiangsu University, second authentication has been adopted in this project. It is an efficient authentication management method particularly aimed at this campus network application. Combined with the features of 802.1X management, an effective and highly secure internal network management can be achieved. While using authentication and accounting equipment, users from the internal to external network will undergo second authentication, in this way the flow from the internal and external network can be divided, and the internal network users control and separate accounting funcitons can be realized effectively.

When the user connects to the WLAN, the AP communicates with the Radius server via 802.1x MD5; after successful authentication, it can login to the campus network. The authentication point will connect to the eFlow BRAS 2204 when the user tries to access an external network and only after successful authentication can it be connected. Second authentication can not only take advantage of strong control capability of 802.1x authentication on users, but also make full use of the flexible control and powerful functions of BAS; thus creating an impressive combination of network security and accounting.

Figure 3 Second Authentication Flow Chart

Features of Second Authentication

Share one set of accounting center and account system
Share one client, and can realize second authentication
Authentication through client, using of proxy and P2P download tool can be controlled


Teaching Area Outdoor Coverage	Dormitory Area Indoor Coverage

Now, with a notebook adopting Intel Centrino technology, or with an existing computer and notebook having a wireless adapter, students and faculty in Jiangsu University can access the campus network or Internet wirelessly after being authenticated. This solution is easy to extend, and adding wireless access points in current network allows more users access.

Conclusion

Currently, the first phase project of the Jiangsu University WLAN network has already been completed and received users approval. Relying on acute insight, we see the wireless network extension possibility in this university as it continues to grow. Therefore we take the extensibility for future network systems into consideration for this project; wireless network systems in other campuses can be introduced into the current one more conveniently, setting the stage for a unified wireless campus network within the whole Jiangsu University in the future.