8.7 Creating WLANs in Public Space

In order to deploy a WLAN in a public space, such as an airport or shopping mall, you need to design the WLAN to meet some additional requirements that are unneeded in a wired-only environment. It is advised that you plan for a single wireless network infrastructure that can be shared across multiple vendors and accessed by multiple groups (segments) of users. The use of a single wireless network infrastructure will help eliminate any radio frequency interference that may be encountered in the public space. Because of the limited number of nonoverlapping channels that are made available in 802.11b devices, having multiple wireless network infrastructures (zones) in the same location can cause interference among wireless APs with overlapping channel frequencies.

8.7.1 Virtual Local Area Networks

For the best level of security, we recommend that you make sure your APs support Virtual Local Area Networks (VLANs), which can provide you with the capability for beaconing multiple SSIDs. They also have the capability for binding each SSID to a separate VLAN. VLAN support enables the AP to route the wireless client to the correct network path . The capability for beaconing multiple SSIDs enables multiple service providers to share the same wireless network infrastructure. After the wireless client associates with the correct SSID, the AP must bind that SSID to the correct VLAN in order to route the network traffic to the correct destination. The AP maintains a network address table that maps each SSID to its respective VLAN number. The public-space WLAN often must provide for and allow non-802.1X wireless clients access to the Internet. To support this capability, the administrator must assign a VLAN number for all non-802.1X wireless clients. The VLAN number routes the non-802.1X clients to a VLAN that is configured to provide non-802.1X clients with 802.1X credentials. As you can see, it is necessary to use enhanced APs for WLAN deployment in a public space.

To provide security for the WLAN environment, an IEEE 802.1X and RADIUS-capable wireless AP is needed. An EAP-capable RADIUS server such as Windows Server 2003 IAS is recommended. In the public-space WLAN environment, it may be necessary to provide billing and accounting services when customers connecting through the public-space WLAN are charged for such access. A public-space WLAN usually charges for the services it provides. These services are typically provided by an ISP to public-space customers connecting through the public-space WLAN. An ISP can charge the customer for this service in several ways. It can bill for the total time connected, the quantity of data transferred, or a combination of the two methods .

It is possible to configure the IAS used to authorize wireless users to capture connection data and save it to an accounting log file. The log file contains the connection time, the amount of data transferred during a session, and other data that can be used to produce billing records for ISP customers. Tools that import the log file into a database are frequently used. These utilities convert the log files into a format that can be read and interpreted from the database using a reports generator or reporting module to provide detailed billing records. In Windows environments, the IAS for Windows Server 2003 is often configured to send such accounting information directly to an SQL server database.