Proposal to:

College Computing Committee

Suffolk County Community College

PROJECT SUMMARY
And
BUDGET REQUEST

For

SCCC WIRELESS ACCESS NETWORK

(SWANet)
Budget Year 2002-2003

Submitted by:
Richard Johnston, Department Director
Stephen Clark, EDU Network Analyst
Networking & Telecommunications

1
Introduction:

The College has implemented several small or isolated wireless networks to address
specific needs within individual departments or buildings. These sub-nets provide
connectivity for activities in the Health, Sports & Education Building, laboratory access
in the Sagtikos and Smithtown Science Labs, and development in the Computer Center.
These networks use different and sometimes incompatible protocols or RF signalling.
Since these networks have specific requirements and are not offered to the College
Community for general-purpose access, the limitations of the technologies implemented
are not significant. But for a general-purpose wireless network to be made available for
faculty, staff and the student population, specific technology and protocol standards must
be adhered to. The IEEE and other standard organizations have certified inter-operability
between vendors for wireless networks using the current version of 802.11b networking
standard. Although many issues and challenges remain before a fully secure and
protected wireless network emerges, the technology has matured to a point where a
community can perform reliable communications using multiple vendor products. It is
the intent of this proposal to outline the structure of a network to introduce wireless
communications to the College Community.

Current Technology

The network can be constructed using existing protocols and standard networking
devices. This will insure that the network and its components are robust to endure the 24
hour-per-day by 7 days-a-week operation requirement. The devices required are Access
Points, L2/3 switches, and server/routers.

The Access Points are the devices that provide connectivity between Laptops, computers,
PDA's, and other devices that communicate via IEEE 802.11b standard. These devices
have the function to convert the digital signals to and from RF signals. The RF signals
use a spread-spectrum carrier over the 2.4-4.1 GHz. This is similar to the frequencies
used by wireless telephones.

The Access Points will be connected to core switches that will isolate the traffic from the
rest of the Campus networks. The isolation is done within the switches by using the IEEE
802.1p and 802.1q protocols. These protocols implement a network scheme that is
referred to as a Virtual Local Area Network or VLAN. The use of the VLAN allows the
devices to be logically connected regardless of their physical location on the network.
The devices on a VLAN may communicate with only the devices that participate on the
VLAN and will not interfere or communicate with any other device or VLAN. The
College has been using VLAN's for several years to isolate academic and administrative
network traffic.

The third component is the Router/Server. This device has two principle functions; One,
to authenticate sub-net members and allocate IP Addresses. The allocation scheme is
handled using the Dynamic Host Configuration Protocol or DHCP. This protocol allows

2
a device to become a part of the sub-net for a specified period of time while an IP
Address is "leased" to the user. The second principle function of the Router/Server is the
conversion of the sub-net IP Addresses to a single real IP Address. This process uses a
process call Network Address Translation or NAT. The benefits of NAT are; protection
of the sub-net from the outside network through the use of firewall techniques and the
conservation of "real" Internet IP Addresses. The College has a finite number of
registered addresses and using NAT and DHCP allows for network expansion without a
large impact on a constrained resource.

In the future, the network components will have an increased role in the implementation
of network security for the sub-net with the addition of "User-Level Authentication",
Policy-based switching, bandwidth management, and addition firewall protections

User Community

It is the intent of this project to provide a network that allows faculty and students to
utilize College computing and Internet resources without physical location restrictions.
The demand for this type of network originated with the use of networked computers in
laboratories and other instructional areas that required mobility to/from multiple spaces
and with the faculty, primarily adjuncts, who requested network connections for personal
laptops in both office spaces and classrooms. The Networking Industry was not able to
supply an economical or technical solution until the development of the above mentioned
standards were combined to form a flexible wireless network. In addition, the College has
been in a rapid increase in the traditional network connections and increasing the
bandwidth for both academic and administrative requirements. This process has created a
robust infrastructure but has consumed the attention, budget and focus of the network
build process for several years. The focus is now redirected on the internal functions of
the network and how to further utilize current and future applications.

As the cost of laptops and hand-help devices has decreased and the functionality
increased. Many professionals, both academic and administrative, rely on them for
everyday usage. Also, Colleges have moved from supplying physical network
connections to logical connections for the academic environment. The "Laptop Computer
College" concept has been successful at many institutions and has decreased the reliance
of the institution to supply or build large general-purpose computer labs. In addition, the
Colleges have decreased their funding for academic computing facilities and redirected
the savings to network infrastructure or other pursuits. In the past, our institution has
proposed a number of initiatives to use laptop and hand-help devices in the academic
environment but have met resistance because the student body was "economically-" or
"technology-challenged" in acquiring the devices. Other issues related to a lack of
support in the core network infrastructure. As stated earlier, the technology has removed
many of these constraints. Recent pricing of these devices has increased the market size
for people who are purchasing them and many devices are now in the cost range of a
sophisticated calculator but with the applications of a desktop computer.

3
The selection of the Libraries and the Student Centers as the initial locations for the
installation of a global wireless network was done to provide the service in areas where
both Students and Faculty congregate for the purpose of research and work.

Technical Challenges

Several technical challenges exist for the initial network: Security of the core network
will be minimal but controllable. The use of low-cost routers that will provide the
minimum required firewall services but will not provide such sophisticated management
services as policy-based filters and bandwidth management. The College will initially
protect itself by limiting the network to access the Internet and EDU Network services.
Future versions or equipment enhancements will allow the user to take advantage of
administrative services and high-bandwidth applications.

Security of a current user will be based on MAC authentication versus User ID and
password. Since the MAC of the laptop will be registered prior to being allowed on the
network, usage can be tracked and traced. The administration of how individual devices
are registered requires separate procedures to be developed. Future versions of the
network will allow members to log-on to the network and have access to resources based
on their College-wide profile.

The buildings within the College are constructed using reinforced concrete, steel pan
floors and have grounded frames. These dampen the propagation of RF signals and will
limit the bandwidth and number of simultaneous users on an access point. As the number
of covered spaces increase and more users take advantage of the wireless network,
additional access points will have to be installed. In the future a student or faculty
member should be able to move from area to area or building to building without a loss
of signal. An increase in the number of access points will have the additional benefit of
providing "over-shoot" coverage to areas bordering the buildings such as the parking lots,
central walkways, and recreational fields.

The initial design of the project will accommodate up to 16 users per access point. This is
similar to the technology limits of a 10Base-T Hub (circa 1985 LAN technology). To
increase the number of simultaneous users in an area, multiple access points will be
required and greater bandwidth management controls in the switches must be present.
These enhancements will be either part of the infrastructure upgrades or specific upgrades
to areas that are to be brought on-line.

Proposed Network and Implementation Budget

The network will be comprised of three sub-nets, one for each campus, that will provide
independent IP Addressing, DHCP, NAT, and MAC authentication. For each sub-net,
access-points will be installed in common student areas such as the Cafeterias and

4
Lounge Areas of the Student Centers and the common research/study areas of the
Libraries. The sub-net within each building will be interconnected to form a campus-wide
VLAN that will connect to an independent router and then to the EDU Core Network.
The access-points will be situated to provide the widest coverage and signal strength
based on the limitations of the products used and the building structure restrictions. As a
result the distribution of access-points is not a function of student population but of
coverage and anticipated use.

Ammerman Campus

Building Covered Area # of APs

Huntington Library 1st & 2nd Floor Study Areas 4
Babylon Student Center Cafeteria & Faculty Dining 2
Babylon Student Center Main Lounge 1
Babylon Student Center Lobby & Assembly Areas 1
TOTAL APs 8

Brentwood Campus

Building Covered Area # of APs

Sagtikos Library Study Areas 2
Captree Commons Cafeteria 2
Captree Commons Meeting Rooms 1
TOTAL APs 5

Riverhead Campus

Building Covered Area # of APs

Peconic Library Study Areas (2) 2
Peconic Cafeteria Cafeteria & Dining Area 2
Peconic Lobby LaPlayer Lounge 1
TOTAL APs 5

Equipment Costs

Campus Device/Item Price Quantity Item Total

Ammerman Access Points 750.00 8 6000.00
Router 300.00 1 300.00
Wiring 250.00 8 2000.00
Brentwood Access Points 750.00 5 3750.00
Router 300.00 1 300.00
Wiring 250.00 5 750.00
Riverhead Access Points 750.00 5 3750.00
Router 300.00 1 300.00
Wiring 250.00 5 750.00

Total Project Cost $17900.00