Specifications
OmniAccess Reference: AOS-W System Reference
238 Part 031652-00 May 2005
802.1x authentication based on PEAP is used to provide both computer and
user authentication. Domain credentials are used for computer authentication,
and the user’s Windows login and password are used for user authentication.
A single user sign-on facilitates both authentication to the wireless network
and access to the Windows server resources. WEP is used as a link-layer
encryption technology, with dynamic per-user WEP keys being provided
through the 802.1x authentication process. A migration to either WPA or
802.11i is planned for this network, which will be automated through group
policy objects.
Physical Topology
A map of the network, excluding individual APs, is shown below. The
OmniAccess 6000 switch has been deployed in the main server room, with
half of the APs directly attached to the switch via Cat5 cabling from the
classrooms. The Alcatel switch provides power over Ethernet (POE) for these
APs. The rest of the APs are home run to a wiring closet on the second floor,
where they connect to a standard Ethernet switch supporting POE. The
second floor wiring closet connects to the first floor server room through a
fiber link connected to a router port.
The OmniAccess 6000 switch connects to the rest of the network through a
port on the main routing switch. This port is part of the 10.1.1.0 subnet, on
which most of the servers also exist.
Redundancy was not a primary design concern in the wireless network, since
other parts of the network are not redundant.
Wireless Network Operation
Normal wireless network operation is defined by the following processes.
Wireless Laptops
1. Wireless laptop boots Windows XP and comes up with a Windows domain
login screen.
2. In order to gain network connectivity to the domain controller, the
Windows laptop associates and authenticates to the wireless network.