Campus

Campus networks usually include several buildings with a high density of client devices brought by students and faculty that usually below requirements need to be considered:

Since different roles, like faculty, student, will access different services and servers, one simple design is to create different SSIDs for different VLANs to separate the traffic such as "Student SSID", "Faculty SSID", however, this design might not be flexible and cause more tedious management issues.

Another good practice is to leverage "Security Group" of the AD server so that everyone accesses the single "Campus SSID" and let pre-defined "Security groups" of "Faculty" and "Student" of the same AD server control the "role-based" privilege of the user to access authorized services or servers.

Since HD AV streaming is commonly used in training courses in the classroom for students to watch the same video at the same time, multicast is needed for one-to-many streaming distribution and forward broadcast packets from one multicast server to many clients. Unicast streaming, on the contrary, creates a session between the streaming server with every single client, which has less packet loss and higher bit rate.

Broadcast and multicast traffic will always impact the clients in the same subnet, especially when broadcast storm happens. More VLANs will be highly recommended to limit the broadcast traffic within small group of clients in a VLAN. However, if administrator pre-groups the clients to different VLANs, it's hard to manage the group, and cannot expect how many VLAN clients will actually use the Networks to limit the traffic.

In the auditorium, there might be lots of students and faculty using WiFi for certain events like graduation ceremony that hundreds of clients will need to access the AP's while each AP has limited client connection.

When more AP's are deployed in a high-density area, the channel interfering can become a key issue of performance. More channels will definitely lower the channel interference.

EduRoam allows any user from an EduRoam participating site to get network access at any institution connected to EduRoam, depending on local policies at the visited institutions, which stays securely at the local institution for remote institutions to query when EduRoam users visit the remote campus.

For the authentication server to be able to be queried from other campus servers, the query traffic needs to be protected that "RadSec" is required between the authentication servers. It's also highly recommended to have "RadSec" between AP and Authentication Radius servers.

EduRoam is a member of the Wireless Broadband Alliance (WBA) and a pioneer member of the OpenRoaming federation service. enabling automatic and secure Wi-Fi.