Typically in designing the campus network, internet access and intranet resources are accessible by students and other guests within the campus areas. But, there are some resources that are accessible by authorized users only and even critical resources are accessible by limited users which are typically resides in certain security boundary (aka VLAN).
Desiging Campus network generally also consider in providing public resources that are accessible by users via internet. Providing public resources that can be accessible by internet users should include security considerations. Unless public resources are hosted by external party offsite the internal network, internet public resources should be placed in the security boundary or in the DMZ firewall. With this configuration, all inbound internet traffics are denied to reach the internal campus network but the DMZ network.
Another consideration you should think is providing different level of security access between staffs, students and guests via wireless access. You should not provide the same level of security access between the staffs, students and guests. Guests should be provided less access right than the students, probably only internet access (hotspots). Guests should not get access right to internal resources unless exclusively permitted. How can you design this type of security requirement using wireless infrastructure?
Cisco 521 AP and WLC526 Mobility Express Controller
DNS services and DHCP services are two essential network services in the campus network infrastructure. DNS role is for name resolution, and DHCP services role is to provide IP configuration automatically for all the computer clients on the network. Besides, secured firewall must be deployed in the entry point of the internet. To allow users access the network resources, campus network design should combine transmission medium: wired and wireless type connections.
Core network resources should use wired connection using well managed network cabling. While wireless infrastructure is deployed to allow users access the network resources easily. Cisco offers Cisco 521 wireless access point which is powered by a single-band 802.11g standard that features business-class management, security, and scalability. This access point offers high-performance wireless connectivity for campus network, offices and similar environments. While to provide a flexible, cost-effective wireless solution specifically designed to meet the needs of campus network, you can use the Cisco 500 Series Wireless Express Mobility Controller.
Cisco 521 access point can be configured to operate either in standalone mode, or in controller-based mode with the Cisco 500 Series Wireless Express Controller. With Standalone mode, Cisco 521 connects to the wired infrastructure through an Ethernet switch and provides reliable high-speed wireless connectivity to users in the area they cover. While for campus network usage, you can deploy Cisco 521 access point in controller-based mode deployed in each rooms and hallways, and with Cisco 526 Wireless Express Mobility Controller as the central management to optimize the basic wireless network and support advanced mobility services on top of that network.
The Cisco 521 access point delivers optimal value for campuses, and similar environments. Built-in antennas provide Omni-directional coverage specifically designed for today's open workspaces. Cisco 521 can be installed on the ceiling to provide users with continuous coverage as they roam throughout the campus. Or you can mount it simply and securely on walls for complete coverage with minimal installation cost.
Combined with Cisco 526 Wireless Express Mobility Controller and managed by the Cisco Configuration Assistant software, the Cisco 521 access point helps campus networks attain a lower total cost of ownership.
One of the features to help your campus network allow different access level between internal users and guests is that Cisco 526 Wireless Express Mobility Controller provides secure network access for guest users. With Secure Guest Access, your campus network organizations can easily create and manage a virtual guest network with a Web login portal page for users such as guests, customers, vendors, and contractors. Visitors can have Internet access while safely partitioned from the sensitive campus LAN.
To support better security, Cisco 526 support for a wide range of authentication mechanisms to enable scalable security architectures and minimize security interoperability issues (WEP, MAC Filtering, WPA, WPA2, Web-Auth, 802.1X, and EAP).
To easily expand as your campus network grows for additional wireless coverage and mobility services increase, Cisco 526 support for up to 6 access points per controller and up to 2 controllers per network for a total of 12 access points.
In one single packet of Cisco Mobility Express solution includes the Cisco 526 Wireless Express Mobility Controller, Cisco Configuration Assistant software, and Cisco 521 Wireless Express Access Point which will help your campus network to grow, evolve, and scale easily and securely.
By Ki Grinsing