Escolar Documentos
Profissional Documentos
Cultura Documentos
June 2003
Outline
Goals and Objectives Challenges for Public Access WLAN What is a Virtual Access Point? What Is Required for a Virtual Access Point? Recommendations
Submission
Bernard Aboba/Microsoft
June 2003
Submission
Bernard Aboba/Microsoft
June 2003
June 2003
Wouldnt It Be Great If
A single network could be shared by multiple providers? Each provider could retain the flexibility to announce their own SSID, and select the services they wish to provide (rates, security mechanisms, etc.)? Each provider could manage their own users without interfering with other providers? Customers could discover any of the offered networks without needing to preconfigure their stations? These are the benefits that Virtual Access Points provide!
Submission
Bernard Aboba/Microsoft
June 2003
Submission
Bernard Aboba/Microsoft
June 2003
Channel 6
Channel 6
AP B
STA
AP A
Virtual APs
SSID: Bar BSSID: B Rates: 1,2,5.5,11 Security: Open
Channel 6
AP A
Submission Bernard Aboba/Microsoft
June 2003
Virtual AP Scenarios
Airports
Same infrastructure shared by airlines, FAA and wireless ISPs Separate VLANs for each provider (for traffic isolation) Support for different security schemes
WISPs may support both Web Portal and WPA Airline may support WPA only FAA may want IEEE 802.11i only
Hot Spots
Multiple wireless ISPs sharing infrastructure provided by a wholesaler Support for different security schemes
WISPs may support both Web Portal and WPA
Separate VLANs for each WISP User authenticates to their home authentication server
Submission
Bernard Aboba/Microsoft
June 2003
Pre-authentication routing.
Determination of the target SSID prior to Association (for routing of pre-authentication traffic).
Multiple VLANs.
Allow a unique VLAN (and unique default key) to be assigned to each Virtual AP.
June 2003
Need for a single, industry-wide solution WFA can help by providing guidance
Submission
Bernard Aboba/Microsoft
June 2003
Cons
Summary
Dont do this - wont work reliably!
Bernard Aboba/Microsoft
Submission
June 2003
Pros
Can support different capability sets for each SSID Allows discovery of multiple SSIDs
Some existing drivers will over-write previous advertisement with the new one Cant support multiple capability sets within an SSID Doesnt support pre-authentication routing Dont do this - wont work reliably!
Bernard Aboba/Microsoft
Cons
Summary
Submission
June 2003
Pros
Cons
Summary
Submission
June 2003
Pros
Cons
Summary
Submission
June 2003
Solution
Unique BSSID per Virtual AP AP includes SSID in Access-Request, based on target BSSID AAA proxy routes traffic based on SSID, NAI
Submission
Bernard Aboba/Microsoft
June 2003
Deployed approaches
Multiple IP addresses one for each virtual MIB SNMP proxy
Individual providers query the proxy
Contexts
Enables maintenance of separate virtual tables for each context SNMPv3 contextName used to distinguish virtual instances Requires SNMPv3 support Requires support within the SNMPv3 agent Recommended approach for support of virtual tables per ESSID
Submission
Bernard Aboba/Microsoft
June 2003
Summary
Support for Virtual APs is important to the long-term future of Public WLAN access Vendor community is adopting multiple, incompatible mechanisms for support of Virtual APs Several of these solutions cannot work reliably!
Result: customer pain, industry confusion
Multiple BSSID approach offers best mix of compatibility and flexibility Recommendation: WFA needs to provide guidelines on how to implement Virtual APs.
Submission
Bernard Aboba/Microsoft
June 2003
Feedback?
Submission
Bernard Aboba/Microsoft