It's nighttime at Pittsburgh International Airport. A traveler lays down her heavy bag, glances at her watch and wonders how she'll pass the time while waiting two dreary hours for the connecting flight. Then, she spots a sign--the airport is offering wireless access to all its customers, anytime, for free. Following a few simple instructions, the traveler connects her Wi-Fi-capable laptop to the network and logs on to the Internet. She glances at her watch again--this time to estimate how much she can get accomplished before the flight.

Thus far, Pittsburgh International is the only major airport to offer free wireless Internet access across its terminals. Pittsburgh travelers who have Wi-Fi can surf the Web and access their corporate VPNs from any food court--and soon, from their seats at the gate--without having to hunt for a network jack.

The new 802.11b WLAN service promises to draw more passengers to the airport. Large companies, such as Bayer and Heinz, are already routing employees through Pittsburgh International as a result of the wireless offering.

But it was a business slowdown, not a technology demand, that first got the WLAN effort off the ground. Since the 9/11 terrorist attacks, Pittsburgh International has been hit hard by changes in airline travel. First, security precautions forced the airport to restrict access to the Airmall, its 100,000-square-foot shopping mall, to ticketed passengers only. Then, the airport's main tenant, US Airways, scratched 100 daily flights in a cost-cutting move. Suddenly, airport management was in dire need of new ways to attract passengers and flights. Pittsburgh International chose free wireless, in the hope of bringing in more connecting travelers, says Tony Gialloreto, IT manager at the Allegheny Airport Authority, which runs the Pittsburgh air facility. Other airports were offering wireless Internet access, but most of them used a third-party service provider and charged 24-hour fees of $11 or more. Pittsburgh International took a different route, providing access through its own Enterasys Networks RoamAbout R2 network.

A traveler with an 802.11b card just powers up his or her laptop, which then goes to a default setting that picks up the wireless signal. "Once users are connected, they go to their browser," Gialloreto says. So far, he adds, the airport gets 8 Mbps to 10 Mbps out of the 11-Mbps wireless pipe, and the WLAN traffic of 1,200 to 1,800 users per month doesn't impair quality of service.

A Secure Policy

With the wireless access service in place, the airport is turning its focus to internal WLAN apps. By next year, wireless PDAs will replace the walkie-talkies that firefighters and other emergency-response workers use in the airfield. The wireless LAN will let the workers file reports from the airfield or emergency site instead of from offices equipped with wired laptops and PCs, Gialloreto says.

Pittsburgh International is also running a wireless pilot with the Department of Homeland Security's Transportation Security Administration. Although security concerns prevent Gialloreto from speaking in detail about the pilot, he admits the WLAN could come in handy for security screening, especially if the TSA grants the airport's recent request to let unticketed passengers back into the gate areas and the Airmall.

The new internal wireless apps will require one feature the free wireless access service doesn't: authentication. Travelers are limited to Internet access via DHCP, HTTP or HTTP-S protocols. An airport firefighter, however, will be able to enter a user name and password to gain wireless access to the airport's backbone LAN, which will authenticate the user's credentials and privileges through data stored on an Active Directory server. TSA employees will also authenticate to the WLAN, but likely with specific group and individual privileges.

It's all about policy. Like any conventional enterprise, Pittsburgh International uses its existing LAN infrastructure as well as security tools to dole out user privileges--Wi-Fi users can't go anywhere but the Internet, and internal users will be allowed access only to specific internal applications from the WLAN. The airport runs Enterasys' NetSight Atlas Policy Manager tool, which sets these user privileges.

Gialloreto and his team manage the airport's WLAN from a central site. With NetSight Atlas, they can write policies--such as a directive to block a particular port when a new virus hits--that are sent to the switches automatically.

Enterasys, meanwhile, is building back-end reporting tools for Pittsburgh International that will let the airport pinpoint by IP address anyone who tries to "ping" its LAN or break a policy on the WLAN.