Centralized Bluesocket Implementation

 

The University of Georgia has standardized on Bluesocket authentication gateways as a means of controlling access to the campus network through wireless access points. The WG1100 Bluesocket gateway (with 100 Mbps interfaces) can support up to 15 802.11b access points, and the WG2100 model (with 10/100/1000 Mbps interfaces) can support up to 60 802.11b access points. (A recently introduced model, the WG5000, can support up to 150 802.11b access points.) The predominant implementation involves an appropriately sized Bluesocket gateway installed in a building that interfaces with all of the access points in the building. This implementation method is cost effective when the number of access points supported by a Bluesocket approaches its capacity. It is not cost effective, however, when there are only a few access points in the building.

 

The UGA Wireless Task Force recommends a centralized Bluesocket approach for future wireless (and potentially wired) implementations to insure more cost-effective deployments. This approach is depicted in the diagram found in the appendix. Some access points can be connected directly to the Ethernet switch in the main wiring closet, as shown in Building A. The port to which the access point connects will be configured as part of an 802.1Q wireless VLAN. A second 802.1Q wireless VLAN port will connect to a copper-to-fiber converter via a Cat 5E patch cable. The converter will be patched into a pair of multi-mode fibers from the building to a core network location (e.g. Boyd GSRC). A copper-to-fiber converter will connect to the multi-mode fiber pair and a Cat 5E patch cable, which will plug into a 24-port, layer 2 switch in the core. The switch will connect via a Cat 5E patch cable to a WG2100 Bluesocket gateway via Gigabit copper ports. The Bluesocket gateway will connect to the Foundry BigIron 8000 router in the core location via a Gigabit copper connection.

 

If an access point must connect to a layer 2 switch in an interior wiring closet (as depicted by Building B), the port to which it connects will be configured to be part of the 802.1Q wireless VLAN. The switch port that connects to the main wiring closet switch port must be configured to not only support the wireless VLAN, but it must also support other traffic from the switch associated with one or more wired VLANs. This port is referred to as a trunked VLAN port. In the main wiring closet and core location, copper-to-fiber converters will connect the building wireless VLAN to the core in the same manner as described above. (Note: In either the Building A or B scenario, all of the switching equipment in the path between the access points and the switch in the main wiring closet, must support the 802.1Q VLAN standard.)

 

Having a centralized Bluesocket gateway in a core location will allow departments deploying wireless networks in connected buildings to share in the capital and ongoing maintenance cost of the gateway. The WG2100 Bluesocket gateway costs approximately $9,000 and the annual hardware and software maintenance is roughly $1,800. A pair of copper-to-fiber converters with Cat 5E and multi-mode fiber patch cables will cost approximately $600 per building. The Bluesocket gateway would be managed by EITS, and the departments utilizing the gateway would have to agree to the sets of services that the gateway would allow and disallow, e.g., allow regular and secure Web services and disallow Telnet and FTP services. If necessary, delegated administration can be provided to departments to add/modify/delete local users and "exception devices" such as personal digital assistants, switches and access points.

Appendix