		Home About IS&T Contact IS&T Site Map	Search Advanced Search

	Preliminary Considerations 802.11b Technology Overview 802.11b Wireless Networks and Networking Protocols Common AP Types and IS&T Networking Guidelines Usage Policies and Configuration Guidelines Privacy, Security, and the MIT Network Service Expectations

	Wireless Installation at MIT Network/Connectivity at MIT

Primer for Private Wireless Access Points on MITnet

Preliminary Considerations

While not explicitly banned on the MIT campus, IS&T recommends against using private access points (APs, also known as "base stations") for a number of technical, financial, and administrative considerations. This table lists areas to consider when choosing to deploy private access points and discusses the benefit of contracting with IS&T when compared to the responsibilities associated with a private installation.

Considerations	Discussion
Survey	While it may be acceptable to deploy a single AP as a one-office coverage solution, it is advantageous to perform a survey to optimize placement and performance whenever a larger target coverage area is considered; a survey is almost a must for large departmental and group spaces. If IS&T does not do the work, the customer must do his own survey or contract for it. Judging by current industry rates, the equipment and know-how needed to perform the survey may be a significant financial burden for the customer.
Placement and Configuration	IS&T offers expert technical consultation in the placement and configuration of APs to provide consistent coverage and performance throughout the target area. Leveraging our experience in the initial deployment of our wireless network infrastructure, IS&T can meet the customer’s expectations while ensuring technical compliance with IS&T policies and guidelines. For a private installation, the customer is responsible for placing and configuring APs, for achieving consistent coverage and performance in the target area, and for complying with IS&T policies and guidelines.
Support	IS&T-deployed APs are considered an extension of the MIT wireless network infrastructure and are owned by IS&T. These APs are supported, maintained, and administered by IS&T, with little or no administrative overhead on the part of the customer. Since the devices are part of the infrastructure, they may also be upgraded over time to keep current with the rest of the campus infrastructure. IS&T does not support a private wireless installation; maintenance and administrative overhead may become a significant burden for customers, especially with more than a few APs. The overhead of upgrades to keep the system up-to-date with the rest of the campus infrastructure must also be born by the customer.
Network Expansion	Should the public wireless network infrastructure deployed by IS&T expand in the future into the customer’s area, interference or duplication of services may require customers to decommission their APs. In almost all cases, this would also imply the client’s wireless network coverage would be replaced by the extension of the IS&T infrastructure. Therefore it may be worthwhile to choose an IS&T-deployed solution in the first place to avoid loss of investment in privately owned APs and the (however minimal and brief) interruption in service while the infrastructure substitution is conducted.
Costs	An IS&T-deployed wireless network infrastructure extension offers competitive pricing and substantial value for customers in a one-package deal combining all of the preparation, expert consultation, deployment, support, and maintenance work needed. When compared to industry rates for consultation and service and market pricing on hardware, the price for these components—which are essential in virtually any multiple-AP deployment—mounts significantly.

[Back to top]

802.11b Technology Overview

Customers who have chosen to deploy privately-owned APs, should have a basic understanding of some details of the wireless LAN (local area network) technology in use at MIT.

The wireless network infrastructure deployed by IS&T at MIT utilizes the IEEE 802.11b wireless LAN protocol. Connectivity is achieved by APs strategically positioned to cover target areas and network interface cards (NICs) in users’ computers. The NICs communicate through APs with the rest of the network; the APs act as receiving and transmitting stations connecting to the existing, wired network infrastructure, akin to how the base station of a cordless telephone operates to bridge the handset with the telephone network.

The IEEE 802.11b is an internationally developed standard from the same organization that has set standards for Ethernet networking in common use throughout the campus. The standard ensures compatibility among compliant wireless devices from different vendors.

802.11b-compliant devices operate in the Industry, Scientific, and Medical (ISM) frequency band, an internationally recognized band for radio LANs, and operates near 2.4 GHz. As the name suggests, the frequency band was previously designated for a variety of industrial, scientific, and medical devices before the 802.11b protocol joined in. Some wireless consumer devices also operate in this band and can be a significant source of interference. For instance, certain cordless telephone units, such as those advertised to be 2.4 GHz and "longest range", operate at or near 2.4 GHz. The frequency band within which 802.11b operates also coincides with the frequency band at which microwave ovens operate - another possible source of interference.

Provisions exist in 802.11b devices that can be turned on to combat some interference, often referred to as microwave robustness, Similarly, industry groups, such as the Wireless Ethernet Compatibility Alliance (WECA), conduct tests on 802.11b (and other wireless) devices to certify them for concurrent operation with other wireless products, such as Bluetooth, an emerging, shorter range wireless communication protocol. Most prominent of these certifications is the Wi-Fi certification, from WECA.

Within the ISM band, there are 14 allocated channels. A channel is a smaller range of frequencies over which wireless transmissions and receptions between devices tuned to that channel take place. ISM channels are similar to channels used for a television broadcast or citizens band (CB) radio. In the United States, the regulating body, Federal Communication Commission (FCC), mandates the use of channels 1 through 11 for 802.11b communications. When tuned to use a specific channel, 802.11b devices utilize that channel primarily, though some less powerful transmission takes place in 4 channels immediately adjacent to the primary channel. So there are some issues of possible interference when configuring independently communicating groups of devices operating in the same area.

802.11b also accommodates two separate frequency technologies, referred to as Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS). Of these, DSSS is the newer and higher data rate standard, and is the one used by the MIT wireless network infrastructure. The "spread spectrum" in both technologies refers to a signal power modulation scheme that makes wireless communications less susceptible to electrical noise and interference.

Since the 802.11b technology is wireless, multiple wireless networks, each with their own APs may sometimes overlap. A number of APs operating in concert as one wireless network are referred to as a Basic Service Set (BSS). In order to distinguish wireless networks from one another, APs can be configured to provide a network name unique to each BSS, also referred to as a Service Set Identifier (SSID). Choosing the same SSID allows users’ NICs to "join" and operate on the same wireless network. APs are also allowed to identify themselves with unique names known as station names or base station IDs. Typically, BSSs advertise their SSID and station IDs at periodic intervals. As a possible security measure, APs can be configured not to advertise their SSID or station IDs in what is referred to as a closed or network mode.

[Back to top]

802.11b Wireless Networks and Networking Protocols

802.11b, a wireless LAN protocol, handles the communications between wireless NICs and APs. On top of 802.11b, various higher-level network protocols, such as AppleTalk, NetBEUI, but most notably TCP/IP, the standard network protocol for the Internet, are used to communicate among computers. These same protocols run over other existing LAN protocols, such as Ethernet, which is deployed widely around campus.

At the network protocol level, the distinction between 802.11b and Ethernet becomes minimal, apart from the fact that underneath, 802.11b is wireless and Ethernet is wired (cabled). In fact, all APs on campus ultimately connect to an Ethernet drop to "latch-in" with the rest of the campus network. This is one reason why the MIT wireless network is considered an extension of our network infrastructure. One limitation of 802.11b is the data rate it allows for communication. The 802.11b standard allows for up to 11 Mbps communications, whereas most locations around campus served with Ethernet are provided with up to 100 Mbps (with notable exceptions, at 10 Mbps) according to Ethernet standards. Further 802.11-associated standards are in development to increase the data rate, but none are in deployment at this time at MIT.

IS&T assigns to each computer connecting to the MIT network a unique IP address, much like a phone number, that identifies it uniquely on the network, as part of the TCP/IP protocol requirements. Associated with each IP address, is a unique hostname, typically a customer-selected name, such as "foo.mit.edu" or "jackflorey.mit.edu", that is easier to remember than the numbers in an IP address. This is the case for all computers on the MIT network, regardless of whether they are connecting via Ethernet or wireless APs.

The majority of wireless network infrastructure customers are users with portable computers who move from location to location across campus. IP addresses assigned by IS&T, however, are typically location-specific, requiring users to utilize a different IP address in every location and that is valid only in that location. This is provided for users (who can register for free) by another IS&T service that uses the Dynamic Host Configuration Protocol (DHCP). DHCP allows registered users’ computers to automatically receive another unique valid IP address at any MIT campus location where this service is provided. These dynamically assigned IP addresses are drawn from a pool for each location, especially reserved for roaming users. When users are at their "home" location (where they received their IS&T-assigned IP address), they simply are provided that IS&T-assigned address by DHCP.

[Back to top]

Common AP Types and IS&T Networking Guidelines

There are a variety of wireless AP devices on the market, each offering different combinations of APs and features from other network devices. These devices behave differently with respect to how they affect services on the networks to which they are connected. They generally fall under three categories:

AP-only products or wireless bridges
Devices with an AP and a multi-port repeater hub (commonly referred to as a hub) or multi-port switched hub (commonly referred to as a switch) built-in
Devices with an AP, a hub or switch, and an (Internet) connection sharing device or mechanism, such as a router device or the Network Address Translation (NAT) protocol built-in

AP-only products or wireless bridges, like those deployed as part of the MIT wireless networking infrastructure, simply "bridge" the wireless LAN and the Ethernet network. They transfer information from the computers connected wirelessly to the Ethernet network, and vice versa.

Devices with an AP and a built-in hub or switch do a bit more. A hub in these devices is a network device with multiple (for instance, Ethernet) ports on it; the hub transfers information from any port to all other ports, and vice versa. A switch is similar, except it transfers information from any port to specific other ports, and vice versa, based on the origin and the destination(s) of the communication. Either of these devices are typically used to create small, independent LANs in small offices and homes.

Devices with an AP, a hub or switch, and a router or NAT built-in do even more. These devices are used to create small LANs, but additionally, they can "share" a single IP address and connection to a larger network, such as that of an ISP with a cable-modem or DSL service. They do this by assigning "dummy" IP addresses (reserved for that purpose, as part of the TCP/IP protocol) to the computers on the small "inside" network, and then routing and/or translating communication from these dummy addresses to destinations on the larger "outside" network, and vice versa.

The latter two types of devices usually have a built-in DHCP server to distribute these "dummy" IP addresses.

[Back to top]

Usage Policies and Configuration Guidelines

Since the MIT wireless network infrastructure uses the 802.11b protocol exclusively, private APs must naturally be 802.11b-compliant products. Other 802.11 protocols or Bluetooth technology are not supported at this time. Ideally, the private APs should also be WiFi certified to minimize interference with other 802.11b and wireless devices.
Customers may opt to turn on measures for interference or microwave robustness in private APs, should they find they decrease interference and improve performance.
Private APs should be configured to use Channel 1, and Channel 1 only. This is to remain consistent with the IS&T deployment configuration and ease troubleshooting.
DSSS capable private APs are preferred, as the technology is better, interference effects are less, and the data rate is higher. IS&T deployed APs also use DSSS.
The SSID, or network name, "MIT" is reserved for IS&T-deployed wireless network infrastructure extensions. Customers should configure private APs to use a different SSID, preferably a descriptive name unique in their area of coverage, such as "FooLab" or "FloreyOffice". For station names or base station IDs, IS&T recommends clients choose a descriptive and locally unique name, such as "north-corner-AP".
MIT network policy and guidelines do not allow the use of connection sharing devices, such as hubs, switches, or routers that can create back-end networks. As such, devices with hubs, switches, router and/or NAT functionality built-in, including those that come with certain APs are not allowed to operate on the MIT network in these modes. It is acceptable to use such devices on the MIT network if and only if they can be switched to work in "bridge" mode, essentially as an AP or wireless bridge only.
Since IS&T provides DHCP services, customers should disable DHCP server functionality, if present, in private APs. Operating what is termed a "rogue" DHCP server in this way disrupts DHCP services for all users on the same subnet. With the AP in bridge mode, each computer utilizing the AP is effectively on the MIT network, and should be configured with its unique IS&T provided IP address (often obtained through DHCP, from the MIT DHCP servers).
Some vendors provide software with their wireless NICs that allow these devices, along with an Ethernet card also plugged-in to an Ethernet network, to be used as what is called a software base station or connection sharing mode. In other cases, built-in connection sharing features in certain operating systems, such as Windows2000, coupled with an 802.11b and Ethernet NIC, operate in the same manner. Such configurations are similar in essence to an AP device with router and NAT (and often, also DHCP) functionality built-in, and are not allowed on the MIT network under the same policy.
Even though an AP operating in bridge mode does not need an IP address, most APs on the market require an IP address for the AP alone to be configured. This is often done to allow administering and configuring the AP over the Ethernet network to which it is connected, typically using some proprietary client software or a web browser interface on a computer also on the Ethernet network. In such cases, customers need to obtain a unique IP address for the AP alone.
Customers should not configure private APs to create what are referred to as closed or hidden (wireless) networks. The following section elaborates a bit more about issues regarding this decision and related security considerations.
Finally, customers can utilize some APs and associated software which come with basic tools to optimize placement of APs, however, with multiple APs in large areas, this process becomes rather difficult. Again, customers considering wireless deployments are encouraged to consult with IS&T and seriously consider IS&T deployment.

[Back to top]

Privacy, Security, and the MIT Network

Wireless LAN technologies in general, and specifically the 802.11b protocol, pose some security issues. Since the communication between wireless devices is, well, essentially wireless, it may be easier for an intruder to gain access to a wireless network and monitor transmissions.

The situation is not so different from wired (cabled) LAN protocols, such as Ethernet, as at the higher network protocol layers, the communication between computers is performed in the same manner. It may appear to be more difficult to "tap in" to a wired network than a wireless network, and to a certain extent this may be true; however, for large scale networks like MIT's network and the Internet, there is no guarantee that anyone on either portion of the network is not malicious.

The 802.11b protocol includes some measures designed to address the issue of access control and security. One of these is the option to conceal SSIDs, forming so-called closed or hidden networks. Another is Wired Equivalent Privacy (WEP) functionality that encrypts traffic between APs and users’ NICs at a relatively weak-level, using passwords. Some APs allow for filtering users’ computers based on a type of globally unique, built-in identifier, much like a serial number, in each NIC, known as a Medium Access Control (MAC) address.

Closed or hidden networks use the "security through obscurity" approach, which is often not effective, in that an intruder can monitor all traffic in the frequency bands used by 802.11b, and from the traffic, be able to extract the SSID and station ID information. Further, they make troubleshooting unnecessarily complicated, should an interference or network-related issue arise.

WEP encryption has been publicly proven to be weak against dedicated attacks, and proof-of-concept demonstrations have shown WEP-enabled networks can be broken into typically in a matter of days. Further, the current implementations of administrative tools on 802.11b-compliant devices do not scale effectively to allow the administration of WEP and other security measures on a large number of APs, such as there are at MIT.

The MIT network is an open network without firewalls or blanket blocks (with minor exceptions to improve performance and protect against known exploits, from time to time). Thus, customers are responsible for maintaining their own systems’ security and keeping up-to-date with vendor updates, upgrades, and patches, while following their and IS&T guidelines and recommendations. Currently, IS&T recommends that customers refrain from using applications and protocols using unencrypted traffic whenever possible. Since the wireless network infrastructure is considered an extension of the MIT network, this applies to wireless configurations as well. This way, security can be guaranteed regardless of whether communication is wired or wireless.

Finally, IS&T provides access to the MIT network through the DHCP service, by assigning IP addresses only to authorized users. The large number of MIT users makes it impractical to perform MAC address filtering at the AP level.

[Back to top]

Service Expectations

Regardless of whether the customer chooses to deploy his own APs or contracts with IS&T for the work, there are some important service aspects to be aware of.

Wireless Networking Does Not Replace Wired Networking
The wireless networking should be considered not a replacement of existing wired (cabled) network infrastructure, but a complement to and an extension of it. There are a number of reasons for this. First, users utilizing the same wireless AP effectively share the bandwidth (or data rates) available through that AP. Since the data rates of 802.11b APs in deployment around campus top at 11 Mbps, when multiple users connected to the same AP(s) initiate high-bandwidth, network-intensive communications,performance for all of these users may deteriorate. IS&T deployments can take into account customer needs for target areas and deploy APs to accommodate the target number of users, but ultimately wireless networks are not the best or most courteous medium over which to perform, for example, transfers of large files. With typical network use, such as reading email or web browsing, most APs should be able to accommodate up to 50 users each without loss of performance.

Performance depends on the quality of the AP
Customers should be aware that performance on an 802.11b-compliant wireless network also depends on signal strength and high signal-to-noise ratio. In areas with large metal filing cabinets, 2.4 GHz cordless phones, microwave ovens, etc., wireless network performance can suffer interference. Thus, it is important to utilize APs with a high tolerance for interference, good signal strength and signal-to-noise ratio specifications that are, preferably, WiFi-certified to minimize interference with other wireless products. All IS&T deployed APs are WiFi certified APs, and IS&T conducts surveys to optimize placement so as to minimize interference.

Connections may get lost when moving between subnets
Since wireless networks cover various locations on campus, it is possible that two wireless networks on different subnets may overlap. In this case, when users move across different wireless networks, they may need to obtain new IP addresses valid in the wireless network subnet they are in. While the DHCP service from MIT allows this to happen automatically in properly configured systems, users may still lose connectivity in applications that require persistent network connections, such as remote terminal or shell sessions. Users will then need to re-establish their connections. This is not a limitation of wireless networking, but rather a byproduct of our network infrastructure and the need to maintainand manage performance.

[Back to top]


		Home \| Getting Started \| Getting Services \| Getting Help \| About IS&T \| Accessibility Ask a technology question or send a comment about this web page.