Workshop Presentations and Lab Materials
Instructors
- José Domínguez, University of Oregon Network Services
- Jeff Hite, University of Oregon Network Services
- Steven G. Huter, NSRC
- Dale Smith, University of Oregon Network Services
- Sebastian Buettrich, NSRC
Time Schedule
| Schedule | |
| Session I | 0830-1030 |
| Break | 1030-1100 |
| Session II | 1100-1300 |
| Lunch | 1300-1400 |
| Session III | 1400-1600 |
| Break | 1600-1630 |
| Session IV | 1630-1800 |
Monday
0830-0900: Welcome
- Prof. F . Brown
- Prof. Meoli Kashorda
0900-0930: Case Studies/Engineering Roundtable
- United States International University (USIU)
0930-1030: Introduction to Campus Network Design (Dale Smith): PDF | PowerPoint (12.6MB)]
What are we trying to solve?
- Network design goals
- Reliability
- Resiliency
- Manageability
- Scalability
- Layering
- Complexity versus simplicity
- Difficult balance between growth, capacity, resilience versus simplicity
1030-1100: Coffee/Tea Break
1100-1300: Hierarchical design building blocks PDF | PowerPoint
- Build star networks
- Separate core and edge functions
- Develop and use standard building blocks
- Have a strategy that allows incremental growth
IP address management
- How to plan IP address management from the beginning to accommodate growth
- How to segment different areas of the LAN with IP subnets
- Network addressing strategies
- NAT or not
- Need to be able to aggregate
1300-1400: Lunch
1400-1600: Quality of Service (QoS)
- Are you going to provide preferential handling of some types of traffic? Can get very complex.
- Only useful where you develop queues.
- Campus networks: probably not. Over provision bandwidth.
Service Level Agreements (SLAs)
- Can be very complex, but that isn't what we mean
- Almost a mission statement
1600-1630: Coffee/Tea Break
1630-1800: Physical Cabling Infrastructure (Dale Smith and Jeff Hite): PDF | PowerPoint
- Fiber Optic Systems
- Physics of Fiber Optic Cable
- Cable types
- Copper cabling systems
Netdot demonstration: PDF
Tuesday
0830-0900: Case Studies/Engineering Roundtable
- Kenyatta University
0900-1800: Fiber termination lab for the rest of the day (Jeff Hite): PDF
- Hands on lab
Wednesday
0830-0900: Case Studies/Engineering Roundtable
- Strathmore University
0900-1300: In-building Network Design (José Domínguez) PDF | PowerPoint
Best practices in Campus Network Design
- Switch versus Hub versus Router
- Switching Architectures (star topologies - aggregation switch serves edge switch)
- Virtual LANs (VLANs)
- Increases complexity
- Not necessarily a security mechanism. Don't confuse VLANs with host or data base security
- Don't build VLAN spaghetti
- Examples of where we recommend VLANs
- Technology and practical hints
- Tagging and untagged
- Trunking
- Q in Q
1030-1100: Coffee/Tea Break
1100- 1300 Best Practices continued
- Spanning Tree Protocol (STP)
- 802.d
- 802.1w
- 802.1s
- Selecting appropriate switches
- class="lroman"> Must be managed
- SNMP, SSH, access control techniques
- Fault Tolerance
- Port bundling
- Spanning tree (using loops to your advantage)
- Network Management
- Switching and security considerations
- Rogue DHCP server prevention
- How does it work
- Uplink/downlink configuration
- Dynamic ARP inspection
- 802.1x/network access control
- Rogue DHCP server prevention
1400-1600: Afternoon Lab PDF | Word Reference Sheet
- 4-6 groups with 5 or 6 switches per group
- Build layer 2 network consisting of aggregation switch and edge switches
- Configure spanning tree across fabric
- What kind of spanning tree to configure?
- How to make different types inter-operate
1600-1630: Coffee/Tea Break
1630-1800: Afternoon Lab continued
- Configure Rogue DHCP prevention
- Add 2nd aggregation switch to provide redundancy
- Why did that happen?
- Growing your network
- Use aggregation
- If you can't...
- VLANs
- Introducing and distributing VLANs
Thursday
0830-0900: Case Studies/Engineering Roundtable
- Maseno University
0900-1300: Campus routing infrastructure - Layer 3 (José Domínguez) PDF | PowerPoint
- Routing Architectures
- Where to route?
- High Availability and Fast Convergence
1030-1100: Coffee/Tea Break
1100-1300: Campus Routing Protocols PDF | PowerPoint
- Interior Routing Protocols (IGP)
- OSPF
- Exterior Routing Protocols (EGP)
- Routing Protocols and security considerations
1300-1400: Lunch Break
1400-1600: Lab exercises PDF | Word
- Configure router to serve both VLANs on your Layer 2 network
- Configure your router to have routes to your neighbors
- Dynamic versus static
- Configure OSPF
- Build dual core routed network
- Configure First Hop redundancy with HSRP
1600-1630: Coffee/Tea Break
1630-1830: Lab exercises continued
Friday
Presentations
- Designing Scalable Wireless Networks in the Campus LAN: PDF
- Introduction to WiFi: PDF
- Low Cost WiFi Hardware - Choices and Procurement: PDF
- Antennas and Transmission Lines: PDF
- General Wireless Security: PDF
- Security Tools and Resources PDF
- Captive Portals: PDF
- Roaming in the Wireless Campus Network: PDF
- Wireless Lab PDF
0830-1800: Designing scalable wireless networks in the campus LAN (Sebastian Buettrich) PDF
0830-1030: Introduction to wireless PDF
- Standards: ISM bands, WiFi and related standards
- Basic WiFi Modes
- Topologies in wireless networking
- Hardware: Vendors & Choices PDF
- Antennas PDF
Integration with a Campus LAN
- Network IP design
- "Same rules as for general network, only applied even more rigid: separate core / edge, subnetting, structure, ...
- Network separation via Frequency & Polarization planning
- Maximum sizes of wireless cells / network segments
- Bridged networks vs. routed networks
- DHCP, NAT, subnetting
- Examples for best practices
Wireless roaming in the campus network
- Roaming: Definition and Challenges
- Broadcast Domains
- Solutions
- WDS - not a solution
- A simple effective approach: Implementation on Layer 2/3
- MAC-IP via ARP
- Implementation via managed thin APs
- Enterprise grade roaming solutions
Authentication in the campus wireless system
- Authentication approaches
- PKI based
- Internet Cafe / Voucher approach
- Captive Portals
- Principles of Captive Portals
- Examples of captive portals
- Free: Coova, WifiDog, Nocat (deprecated), Chillispot (deprecated)
- Commercial: Aruba, Cisco, Aptilo
- Home grown
- Coova in detail
- Integration with back end user stores - very briefly
- Radius
- LDAP, Active Directory, Kerberos
- homegrown databases
- Stand alone authentication on portal
- Captive portals beyond technology: Communication
- AUP
- Communication
- Social engineering
Security in the campus wireless system
- Introduction to wireless security
- Definition & Challenges
- Essential tools
- kismet
- netstumbler a. o.
- wireshark
- etherape
- nmap
- aircrack
- tool collections: backtrack
- Wireless 'Security' Measures & Circumvention
- Remarks on our understanding of "security"
- Encryption: WEP, WPA / cracking
- MAC based ACL / spoofing
- IP based / spoofing
- Cookies / ...
- Obscurity / ...
- User store integrated, captive
- End-to-end approaches: ssh, VLAN, tunneling, data encryption / -
LAB: Hands on wireless PDF
- Basic AP configuration - Groups
- Advanced configuration - Group
- Firmware Flashing
- Mesh
- Captive Portal - Coova Demo / Group