Tennessee won't use digital certificates, because it doesn't want to deal with encryption keys, Hanset says. Instead, the university will use TTLS (Tunneled Transport Layer Security) to authenticate the servers. "It's like SSL, and you don't need a PKI [public key infrastructure]," he says. Meanwhile, Hanset and his IT team will monitor the unsecured segment by MAC address, the same way the university blocks unauthorized usage today.
Tennessee went wireless in 2001, before it was trendy to do so on most college campuses (see "The Hard Sell," below). When the 27,000-student campus launched the wireless network with some donated Agere Systems wireless equipment, students, faculty and staff had to authenticate themselves to the security server; the entire process was encrypted. Not long after that initial security architecture fell flat, Tennessee switched to Proxim Orinoco AP-2000s. They came with standard 802.1x security support and expansion slots for upgrades to 802.11a and 11g.
The total cost of the 802.11b WLAN infrastructure was $2.5 million, plus deployment labor. Users buy their own adapter cards. "If you pay for a wired port, you get wireless for free," Hanset says.
The WLAN is split into large virtual LANs to avoid IP-address contention with the campus' wired network. "With a wireless VLAN, you don't even have to touch the building's wired subnet," Hanset says.