This area focuses on the wireless infrastructure on campus. Radio planning, design of the wireless network, security considerations, including implementation of IEEE 8021.X are covered. eduroam requirements and radius setup is dealt with. Cookbooks for controller based implementations are given. Legal aspects are examined.

WLAN Network Planning and Setup 
The cost-efficiency and reliability of wireless local area networks (WLANs) can be ensured through methodical planning. It is recommended that lecture halls, conference rooms, entrance areas and corridors are prioritised, and that primary attention is be paid to data rates and secondary attention to signal strength.

WLAN Network Infrastructure      
The infrastructure of a WLAN network can be considered to include WLAN access points, and the WLAN controller and software and services related to authentication, such as a RADIUS server and supplicants. In this document, these components of the WLAN network will be described, along with recommendations and configuration guidelines.

Guide to Configuring eduroam Using a Cisco Wireless Controller  
This document is a guide to configuring eduroam in a Cisco controller-based environment, i.e. a configuration based on one or more Cisco controllers, which govern the traffic to and from Cisco lightweight access points (LAP).

Cookbook for Configuration of HP Wireless Equipment  
This document describes the configuration of access points from the HP ProCurve series. Details are provided for both the configuration for eduroam authentication via the 802.1X protocol as well as the configuration for using higher-level authentication mechanisms (typically web authentication).

WLAN Information Security      
WLAN information security includes user authentication and encryption, as well as rules for handling the user’s traffic during the session. 802.1X authentication is recommended due to the high-quality security that it provides. As for encryption, WPA2-AES is recommended, both for its security and because the use of the same encryption on several campuses eases supplicant configuration for roaming. Best practice for traffic management is also stated in the document.

Recommended Security Systems for Wireless Networks
This document provides information about the different security mechanisms available for wireless networks. It describes the shortcomings of using MAC address filters, WEP, web portals, and VPN, and recommends mutual authentication based on 802.1X as the best alternative. EAP using TLS, PEAP and TTLS are also recommended alternatives that can also be supported simultaneously by the system.

The Legal Aspects of WLAN networks      
This document presents an overview of the Finnish legislation pertaining to WLANs, with the aim of providing an overall understanding of what is required of WLANs on Finnish campuses. In all WLAN networks, information security must be ensured and technical quality requirements apply. Legislation makes a distinction between network provision to a restricted set of users, and to a set of users that are not subject to any restriction.

FreeRADIUS database connection
This document describes how to connect a FreeRADIUS server to external user databases and directories. For all practical purposes this is mandatory in order to minimize administrative work. The instructions follow the configuration of a FreeRADIUS server set up according to MobileFunet's FreeRADIUS Configuration best practice document.

CBP Documents
Campus Best Practice documents available to download

Physical infrastructure
Campus networking
Network monitoring
Real-time communications