We use Bluesocket for our campus WLAN as well. Like you, we are only using Bluesocket to authenticate against our existing RADIUS/Kerberos authentication services. The Bluesocket Wireless Gateway (WG-2100) acts as a DHCP passthrough only, and no VPN or DHCP services are terminated on the WG-2100. All users are put into the same role.
We actually use a single WG-2100 (plus a failover) for the entire campus at this point. We accomplished this by running a separate fiber from each of our 6 core node sites back to our NOC. We used existing dark pairs that were already built and simply patched them through. All of these fiber pairs connect back to a Cisco 2912M fiber switch. Then there is a single connection from that switchto the managaed port on the WG-2100. The protected side is connected to one of our 6509 core switch ports.
Separate VLANs were set up on the managed side of the WG-2100. AP's are put into a special VLAN. Using static routes on the 6509 we point the subnet that corresponds to a wireless vlan to the WG-2100. All traffic goes through the WG-2100. Our main SSID (UMASS) sits on one big VLAN. Other specialized SSIDs are in different VLANs. Everything goes back to the WG.
This has proven to work very well so far. We built the fiber runs back to one WG-2100 because we only had a couple of AP's at first and could not justify the cost of several boxes. Now we are close to 50 Ap's and demand is creeping up. What we intend to do is purchase more WG-2100's and "pull back" one segment at a time by installing the new WG's in each of the core sites.
Hope this helps.
Mike
*************************************************************** Michael Dickson Phone: 413-545-9639 Network Analyst Fax: 413-545-3203 University of Massachusetts Email: [EMAIL PROTECTED] Network Systems and Services ***************************************************************
Colleen Syzmanik wrote:
We are currently testing the Bluesocket devices and are having success so far. We have many separate WLANs deployed on campus where we are looking to implement this technology, varying in sizes and usage. We are investigating different design options for campus WLAN deployment, especially for some of the smaller WLANs we have deployed. It does not seem be cost effective to deploy a separate authentication gateway for each (especially when we are talking about 1-2 APs in a location). On a side note, we are using separate IP subnets for each WLAN. Is anyone using vlans to go back to one authentication gateway for this purpose? Any major issues? I should probably add that we are only using these Bluesocket devices for authentication (we are not using them as DHCP servers or differentiating between class of service, and all valid users have the same role or authorization).
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
