Port Based Network Authentication in a Lab Environment QUESTNet 2000

Transcription

Port Based Network Authentication
in a Lab Environment
QUESTNet 2000
Alison Davis and Peter Kurtz
Contents
•
•
•
•
Introduction
Overview of QUT’s network
Technical part of the LAS Project
Support part of the LAS Project
Introduction
•
•
•
•
•
Laptop Access Project started in 1999
Provide Laptop Access in QUT Labs
Faster and better access
Demand for student labs
Economic considerations
Overview of the QUT Network
•
•
•
•
•
•
•
•
•
•
Potential of 34,000 users - 30K students 4K staff.
6000 x PCs / Workstations
90 Central Servers, 30 x Faculty Servers
2 x WAN ATM Switches
3 x Legacy Routers, 4 x ATM Router Engines
46 x ATM Switches
189 x Ethernet Switches
370 x Ethernet Hubs
48 x Terminal Servers
600 x Digital / Analog Modems
QUT Wide Area Network (Voice/Data) - May 2000
GU
UQ
AARNET
34Mbps
Merivale St
34Mbps
2 x 2Mbps
34Mbps
USQ
Adelaide St
PABX
34Mbps
Kelvin Grove Campus
64k
6 x 2Mbps
PSTN / ISDN
Mt Cootha
KG Offices (4)
4 x 2Mbps
PABX
DIALIN
ACCESS
PABX
Gardens
Point
Campus
Carseldine Campus
PABX
Margaret St Offices
2Mbps Radio Link
Switch
Peel St
2Mbps
155Mbps
2Mbps
Radio
Links
ATM Switch
Legacy Router
Network Projects 2000
• Installing Accellar router switches into the
core of data network.
• VoIP trials
• Carseldine WAN upgrade to155Mbps
• Microwave Links reused for redundancy
QUT Wide Area Network (Voice/Data) - Future
AARNET
UQ
34Mbps
Kelvin Grove
Campus
155Mbps
GU
34Mbps
34Mbps
Mt Cootha
Carseldine
Campus
155Mbps
6Mbps
155Mbps
Gardens Point
Campus
12Mbps
ATM Switch
Legacy Router
Current Networking Issues
• High Availability and High Bandwidth

Integrating voice over the data network
• Network Performance


Wire speed routing
IP only backbone
• Network Security



Breach Monitoring within the LAN
Secure Management LAN
Leaf node (port based) authentication
Laptop Access Project Requirements
• Easy to use authenticated laptop access

Given technical and financial constraints.
• Network Authentication

Use QUT Access username, password.
• Network Access and Performance

Same as in a standard public access lab.
• Before Authentication

Network access must be completely restricted, including
other unauthenticated ports.
Possible Client End Solutions
• Laptop to switch authentication using:



1. Microsoft(NetBIOS) or NetWare Client
2. Browser or telnet Client
3. Extensible Authentication Protocol - EAP
• Laptop to server authentication


Microsoft or Browser client
Server requests port movement from default VLAN to
the authenticated VLAN
Network Authentication Process
Central Dynamic Address
Allocation Server (DHCP)
Central Authentication
Server (RADIUS)
Network Gateway
(Router)
Alcatel Ethernet Switch
Internal
Web and Telnet
Server
Default Port
Virtual LAN
1
2
3
Laptop/PC
Authenticated
Virtual LAN
Network Authentication Process - Detail
1
DHCP Request
DHCP Reply
Central
DCHP
Server
IP, Gateway Address
Primary DNS
Secondary DNS - Switch IP
2
DNS [QUTAccess ]
DNS [Switch IP Addr]
Username, Password
Auth Successful
Switch
Internal
Web &
Telnet
Server
Central
RADIUS
Server
Front
End for
Oracle
DB
ORACLE
Database
Stores:
QUT
Access
Username
Password
Current Solution Specifications
• ISC DHCP Server Ver 2.0

Internet Software Consortium - www.isc.org
• RADIUS Server Radiator

Open Systems Consultants - www.open.com.au
• Oracle Database ver 8 with perl DBI
• ALCATEL Switches




Omnistack 4024,5024, Omniswitch router OSR
Current software 4.1.2 GA
Standard Telnet, Netscape, IE 4,5
Win95,98,NT,Win2000, MacOS, Linux
Radius Log Processor - snapshot
Alcatel Solution
• Switch authentication reliability

software, hardware problems
• Vendor support was good
• Scalability is Costly
Future Direction
• QUT authentication backend change



Directory Service replaces oracle db
User profile detail VLAN
LDAP replace RADIUS
• Goals for switch vendors



Authentication before DHCP
A solution for Operations Systems apart from Win2K
A solution for all L2 Access - Ethernet & Wireless
From the technical detail to the bigger
picture…..
•
•
•
•
Technical
Support
Usage
Cost effectiveness
What other universities are doing
•
•
•
User services list March 2000
University of Melbourne
CAUDIT list June 2000
Information from 23 universities
Institutional Responses
• Most universities are at least considering
laptop access for students (17/23)



9 yes
8 Soon/very small
6 no
• Demand has been much lower than expected
• Many see wireless as the future direction
QUT laptop access areas
• Law Library. September 1999
• Graduate School of Business teaching
facilities. Semester 1 2000
• Gardens Point Library. June-July 2000
• Student superlab – 350 ports – October 2000
Date
9/06/00
26/05/00
12/05/00
28/04/00
14/04/00
31/03/00
17/03/00
3/03/00
18/02/00
4/02/00
21/01/00
Number of users per day
Law library usage statistics
Daily use
6
5
4
3
#users per day
2
1
Law Library usage statistics (cont)
Days used service #Students
1
9
2
3
3
2
4
1
5
1
7
1
10
1
11
1
12
1
23
1
TOTAL
21
Law library usage statistics (cont)
•
•
•
•
•
21 students successfully used the service
9 students only used it on one day
1 student used it on 23 days
Maximum of 5 users on any one day
Usage slowly increasing
Support issues
• Hired laptops (preconfigured)
• Only connect at QUT laptops (configure
once)
• Modem + QUT connection laptops (minor
adjustments)
• Work laptops. Major adjustments.
• Hire network cards or USB connectors
Promotion
•
•
•
•
•
Signage
Official launch
Position
Competition
Feedback
What we’ve learnt
•
•
•
•
•
•
Support
Demand - convenience
Promotion
Equity
Laptop Security
Technical - hardware and management
Likely future
•
•
•
•
•
Wireless
Client software will be inbuilt
Interchangable with desktops
Establish cost effectiveness
Benchmark student access to the university
network

Port Based Network Authentication in a Lab Environment QUESTNet 2000

Transcription

Similar documents

Market Research/Trade Area Analysis

Here - AlanHeavey

Tiny Gift - Christian Record Services

augusten burroughs

UBCP Member / Actor / Voice Coach / Teacher

Risk, Originality, and Virtuosity: The Keys to a Perfect 10. US

Oakshade Town Center

025

Mi Home Estate Agents Are With You Every Step of The Way