0 Preface
Wireless LAN (Wireless LAN), referred to as WLAN, is often used in public areas such as offices, homes and airport waiting halls, and even inside buildings and campuses. Typical distances range from tens of meters to hundreds of meters. IEEE 802.n standard. The wireless campus network has been accepted by more and more users in China. Whether it is the design of the distribution of information points within the campus or the network connection between buildings on the campus, wireless network technology can play an irreplaceable role. In addition, the introduction of the wireless network environment also provides an application platform for the construction of educational informatization.
1 Wireless campus network application demand analysis
Now most schools have built a wired LAN, but with the development of the school, more and higher requirements are placed on the existing campus network:
(1) Modern teaching needs. Nowadays, the school conducts a large number of networked teaching activities, and many quality courses or courseware must be obtained through the Internet. Students want to access the network teaching resources at any time and any place in the school, and perform activities such as submitting homework.
(2) Restrictions on the number of ports. Generally speaking, it is impossible to place too many information points in classrooms, libraries, meeting rooms, etc. in wired LANs. With the popularity of notebook computers among students and the popularization of modern teaching equipment, these places often have a large number of computers at the same time. , And the current wired campus network has no way to enable students to surf the Internet in these areas, but use the wireless method to connect the wireless access point to the port, you can easily expand from one port to dozens or even hundreds of ports without wiring Applications.
(3) Mobile office. With the increasing number of mobile office equipment for faculty and staff, and the requirements for mobile office are also relatively high, such as meetings, principal office, etc. are suitable for the use of wireless LAN.
(4) Temporary activities. With the improvement of the school's educational level, the school's academic atmosphere is becoming stronger and stronger, foreign exchanges are becoming more frequent, and there are more and more academic activities. In addition, the school also organizes some other activities every year, such as sports meets and talent Exchange activities, etc. Due to the particularity and flexibility of these applications, the wired LAN will not be able to meet the demand, and the wireless LAN can solve these problems well. Make every corner of the campus in the network, forming a real campus network.
2 Design principles of wireless campus network
The design principle of campus wireless network is based on fully considering the needs of school use, and strives to meet the reliability, advancement, compatibility and safety of the entire campus network.
(1) Reliability: To ensure the reliable operation of the system, key equipment should be redundant.
(2) Advancement: adopting the most advanced and mature technology today, so that the newly established system can best meet the needs of future technology and business development.
(3) Compatibility and extensibility: During the construction of the scheme, we strive to make the sword network structure clear, reasonable and have expansion capabilities; advanced and reliable hardware configuration; friendly system software interface, easy to operate and maintain.
(4) Security principle: Security has always been one of the weak links in network and system management, and users have very high requirements for network security, so the security principle is very important.
3 Selection of wireless network equipment
This design analyzes the products of two manufacturers with mainstream business and high cost performance, namely the products of H3C, the largest domestic data communications manufacturer, and the products of Ruijie, which is focused on the education industry. Technical solutions. The following mainly introduces the selection of products related to wireless controller, wireless AP and network management software.
3.1 Wireless controller
According to the demand, the technical characteristics of Ruijie 10G wireless controller RG-WS5708 were analyzed. The product adopts MIP64 multi-core processor architecture, can break through the layer 3 network to maintain communication with the AP, and is deployed in any layer 2 or layer 3 network structure without changing any network architecture and hardware equipment, thereby providing seamless and secure wireless network control . RG-WS5708 provides 8 Gigabit optical multiplexing ports and 2 multiplexed 10 Gigabit ports, which can support the management of up to 768 wireless access points. RG-WS5708 products use enhanced security and cluster technology to provide network services through identity-based networking. Multiple wireless controllers in the cluster can share the user database, enabling wireless users to roam seamlessly across different areas of the entire network
3.2 Wireless AP
RG-AP220 E adopts the latest standard 3 × 3 MIMO802.11n technology and adopts a dual-channel hardware system design. A single-channel RF can provide at least 6 times the access bandwidth of traditional 802.11a / b / g wireless networks. This product fully considers the important factors such as wireless network security, radio frequency control, mobile access, service quality assurance, and seamless roaming. It can cooperate with the Ruijie network wireless controller to complete wireless user data forwarding, security, and access control. The appearance of the product is wall-mounted, and it can be safely and conveniently installed in various locations such as walls and ceilings. Provide 6 RP-SMA external antenna interfaces, support local power supply and remote Ethernet power supply mode.
3.3 Wireless network management software
The network management system selected the RG-SNC intelligent network commander here. The product can be remotely coordinated for maintenance and management, adopts a non-agent mode, can define management tasks, actively collect network status and timely backup, so as to respond to status changes in a timely manner, and timely recovery in case of failure; provide a beautiful network topology map and bandwidth , Traffic, link and other abnormalities, timely display on the topology map. The RG-SNC product is specially embedded with a wireless network management component system RG-SNC-WLAN. This management component relies on the SNC unified network management platform to achieve wired and wireless integrated management. On the basis of the system's comprehensive wired network management, it provides wireless Network management capabilities.
4 Wireless network structure planning
4.1 Design of backbone layer of wireless campus network
The network mainly uses a mixed mode of wired and wireless to make full use of the high bandwidth of the wired network to improve the robustness of the network. Each AP is connected to the floor aggregation switch through twisted pair, and then connected to the core switch in the central computer room through optical fiber. According to the physical distribution of Northeast Petroleum University and the characteristics of the actual network structure, the wireless network solution of wireless controller + "thin" AP can be selected. (Such as wireless WiFi phone, wireless video multicast, etc.) make adequate technical platform preparations.
As shown in Figure 1, based on the existing wired campus network, a wireless controller that supports the simultaneous management of 700 APs is deployed in the network center. The wireless controller will be connected to the core switch via optical fiber to realize the interconnection between the wireless LAN and the core equipment. According to the coverage requirements of the wireless network, it is designed to deploy nearly 500 APs in the entire campus to achieve wireless coverage in the main campus. The wireless network system adopted this time is seamlessly compatible with the original network system, and has good compatibility and complementation with the wired network in terms of network interconnection, authentication and billing, etc.
4.2 Access point planning
The access point planning is based on the method of complete coverage, the purpose is to make the signal cover every corner of the area that needs to be covered. When installing access points, avoid interference sources as much as possible. Outdoor user access points are installed at the corners of various buildings to radiate all areas around and try to avoid obstacles. All access points are arranged in a cellular shape . The first teaching building is taken as an example to explain the layout of the AP.
The first teaching building has a total of 5 floors, and the plane structure of each floor is shown in Figure 2. One AP is installed in each part of the A ~ H block, and one AP is installed in the connecting part between the two blocks. Since the cultural corridor on the 2nd floor is relatively empty and there is no cover, only 3 APs need to be installed, so the 2nd floor needs a total of 15 APs are installed, and 12 APs need to be installed on each floor of other floors, for a total of 63 APs.
5 User Security Access Authentication Plan
For a large-scale deployment of wireless networks, the most suitable network access authentication methods are Web-based authentication and 802.1x-based authentication. Using Web-based authentication, wireless network authentication needs to be able to integrate with wired networks. The wireless controller itself can well support the Web-based authentication function. It can be used as a distributed authentication for web-wide web authentication. It performs web authentication for wireless users. The background uses the wired network web authentication gateway as a Radius server for linkage. It can ensure that the wired and wireless authentication accounts of the entire network are unified. During this process, users do not need to install any client products, and can complete online login using a standard browser.
The specific authentication method is shown in Figure 3.
Connect the authentication server to the aggregation switch, and add a Radius accounting authentication server to the server group to store access user information. When the user requests to access the network, they are forced to the Web page of the authentication server before passing the authentication, and the user name and password are required to be entered. After the user enters the account number and password, click login, the authentication server will send the user's information to the Radius server, Radius server Compare the user name and password entered by the user with the user information in the database. When the user name and password are the same, the Radius server will send a response message to the authentication server for the user to pass the confirmation. The authentication server will give the user permission to access the network. Otherwise, the user's authority is closed, which fully guarantees the security of the wireless network, avoids access by illegal users, protects data from being stolen by illegal users, and can also differentiate the permissions of different users and limit their access rights.
6 Conclusion
This paper combines the engineering practice of wireless campus network deployment of Northeast Petroleum University, breaks through the security strategy of traditional wireless LAN deployment, and adopts the "wireless controller + thin AP" architecture for campus network deployment, which realizes the intensive wireless network and security. The processing function is transferred to the centralized wireless controller, and the AP only serves as a wireless data receiving and sending device, which greatly simplifies the management and configuration functions of the AP, and can even achieve "zero" configuration.
Bamboo Kitchen Paper,Bamboo Kitchen Paper Towel,Bamboo Kitchen Paper Roll,Bamboo Kitchen Roll
BODA ENTERPRISE LIMITED , https://www.bodapaper.com