The University of Ghana is one of six public universities and the premier university in Ghana with a student population of about 41,000. With the growing number of students and faculty it was obvious that we could not continue expanding our computer labs to facilitate learning and research, since we had limited space and limited funds to equip these computer labs.
The solution was to go wireless so that any student with his/her laptop could access the network. This however could not be achieved immediately due the status of the network at the time. It was a big flat, un-managed network, with lots of problems - IP conflicts, rogue DHCP severs, large broadcast domains just to mention a few.
Because the IT unit was not providing a wireless service to the community, users became impatient and started connecting their own wireless routers to the network. This made network management even more difficult. It became obvious that if we did not provide a wireless service to the user community, they would find their own way of doing it.
Our first step in addressing the problem was to redesign our network from a flat network to a more structured one with core, distribution and access layers.
This brought a lot of stability to the network. Because of the managed switches, identifying problems became much easier too. The structured wired network gave us a good foundation to build a wireless network that complements the wired network and meets the growing needs of our users.
A number of factors were considered in determining the type of Access Point (AP) to deploy. Some of these were:
Because of the size of our network we decided to go for an Enterprise Solution which would make management much easier. Due to the high cost of these Enterprise Solutions ($600 per Access Point and above + cost of the controller ) we ended up in a long debate over which product to use for the WiFi implementation. We consulted NSRC (the Network Startup Resource Center at University of Oregon) who were also looking into affordable and scalable wireless solutions and they pointed us to Ubiquiti UniFi which costs about $80 per Access Point and has a free software controller. Together with NSRC personnel we did a survey and ran a successful pilot with 10 Access Points. Because of the cost, functionality, manageability and ease of deployment, University of Ghana decided to scale up from the pilot using Ubiquiti UniFi Access Points and the network quickly grew from 10 Access Points to 90. For security, UniFi APs support both WPA Personal and WPA Enterprise which allows users to authenticate with a radius server. In addition to all of the deployment advantages of Ubiquiti, we found that there was a large UniFi user community that provided good technical help in the event of problems.
Initial AP setup and configuration involved connecting an AP to a network switch port in the same vlan as the controller server. The AP goes through adoption when connected; this allows the new AP to register itself with the controller for management. After initial setup, the AP is then connected to the designated department’s wireless vlan on a switch.
Private IP addressing was adopted for the wireless network on campus. There are on average 25 /24 wireless subnets in departments, faculties, school and college.
Bandwidth allocation to the wireless network is 10% of the University’s STM1 bandwidth. Current growing wireless users coupled with growing emerging applications will require more bandwidth to give a good browsing experience.
Users and APs authenticate with a radius server using 802.1x. Both student and staff account details are stored in a Mysql database. The campus wireless network exists in separate vlans from the wired for easy identification and management.
The University Of Ghana Campus Wireless Network has three major Networks/SSIDs - STAFF, STUDENT, GUEST.
This SSID/Network is available to active staff of the University. Staff are required to authenticate with their staff ID and PIN as username and password respectively to login.
This SSID/Network is available to students of the University who have registered for a given academic year. Students authenticate with their student ID and PIN as username and password respectively to login.
This SSID/Network is available to guests who visit the University within a period of time. Guests are required to request authentication account details from the IT department by submitting their details.
One of our main challenges was getting a good Cat5 cable for the installation. In addition it was somewhat challenging to get the cable to the right location since the buildings were not designed with this in mind. Bandwidth is also a challenge but we are trying to limit peer-to-peer activity on the network using cyberoam.
We (the IT Department of the University of Ghana) operate the wireless network ourselves. We have immediate plans to expand the wireless network until we get as much coverage of our campus buildings as we can. This will then reduce the need for our students to setup their own APs making our job managing the network much easier!