Wireless Networking Policy and Plan for CSB -- 2nd Draft

Goal for wireless networking in the CSB

Areas of the CSB (Bass 3&4, Gibbs 3 and 4N) will be covered with uniform wireless access. The wireless access should be secure, preventing non-CSB people from gaining access to our network. It should also be easy to use and maintain.

Requests have been made to support wireless connectivity to both the CSB internal network and the Yale network (see below).

Specific policies and goals include.

Wireless coverage in common areas will be added as needed. Individual labs may provide for coverage within their areas, but access points will be managed by CSB staff in accord with CSB procedures.
Uniform connection and authentication procedures throughout the CSB.
Continuous coverage of all areas of the CSB is not a goal at this time.

Which Network?

This plan allows for wireless users to choose whether to connect to the CSB internal network or the Yale network.

CSB Network

Connecting to the CSB network will give the same access to CSB computing resources as with any other computer on our network. Access to the rest of Yale and the outside world is transparent. In order to protect our network, security and authentication procedures will be required as described below.

Yale Network

If you use your computer in Yale libraries or other non-CSB areas of Yale University, you will already be set up to connect to and authenticate yourself on the Yale network. It may be convenient connect in the same way within the CSB. In addition, visitors who are not registered users in the CSB will still be able to connect to the Yale network. In order to gain access to the internal CSB network from the Yale network, it will be necessary for the user to install and configure a VPN client on his/her computer.

Plan for Deployment for CSB internal network

By April 1, 2003, CSB staff will install a wireless access point (WAP) in the CSB Core, for connection to the internal CSB network. and assign a standard SSID (name) and WEP password.
By May 1, 2003, all wireless access points (WAPs) connected to the CSB internal network must be turned over for adminstration by the CSB staff, and will be converted to the standard SSID and password.
By April 1, the CSB staff will have a procedure for registering wireless computers. Access to the Core WAP will be limited to registered MACs.
By May 10, all WAPs connected to the CSB internal network will be restricted to servicing computers with registered MACs.
Based on experience, we may require that all WAPs connected to the CSB private network be replaced with a standard device, probably the Cisco Aironet 1200.
Eventually, we may convert to using a RADIUS server for authentication, providing username/password signon for access to the network and all resources.

Plan for Deployment for Yale network

Any lab wanting wireless access to the Yale network may directly contact Yale ITS and arrange to have them install and administer a WAP. Computers using that WAP are unlikely to be part of the csb.yale.edu subnet, but that should make little difference.
By June 30, we will establish a WAP on the csb.yale.edu subnet. We will experiment with using the WAP in NAT mode, so that all computers connecting through this WAP will appear to have the same, fixed IP address.
We will configure the existing GNATbox VPN server, and test it with various clients. This will allow properly-configured computers using the csb.yale.edu WAP to access the CSB internal network.
Depending on the results of these tests, we will deploy additional WAPs on the csb.yale.edu subnet.
We will investigate installing a more powerful VPN server.

Last Modified: Friday, 21-Feb-2003 15:46:56 EST

RC Home | Search | Table of Contents | General Information

Richards Center (www.rc.yale.edu) at Yale University (www.yale.edu)
Contact: webmaster_at_ben^rc^yale^edu