• September 8, 2018
  • Comments off

Best Practices – Wireless

Wireless can be something many organizations just set and forget. Indeed, sometimes it is hard to bridge the divide between what works at home and what is needed in a business. Even if a proper sized system is installed, mistakes can happen.

For better or worse, wireless protocols have been developed with backward compatibility in mind, so getting a working connection isn’t usually a big deal. However there is a difference between a working connection and having a system that has enough resilience to push high data rates and adapt to a changing environment.

Regardless of the wireless system, some basic guidelines can be followed to improve wireless performance.

Use a Business-Class Wireless Platform

Just because the box says “business” on it does not make it a business-class device. Business wireless systems are not the same as home systems. You generally have to go through a reseller or vendor to get the right equipment. A business-class wireless system will not be under $100, or even $500.

Here is a recent discussion on access point pricing on Twitter, if you’re curious what Wi-Fi engineers think about pricing. In fact, I commend the entire #WIFIQ discussion to you for your enjoyment.

Business-class wireless equipment works together as a system, and generally corrects itself if it discovers other wireless equipment around (see Radio Resource Management (RRM)). It is also designed to consistently support a higher number of devices.

True business-class equipment is also made with resiliency in mind, and backed by manufacturer warranty. Consumer gear on the other hand is designed to be the cheapest system, and will fail (or will start working inefficiently) much sooner than business-class equipment.

You should expect your wireless infrastructure to work just as well at year 3 as it did on day 1. Actually, you want it to work well enough so that you only need to upgrade when your business requirements change (expanding to a new area, need to accommodate newer protocols for newer devices, etc.), not when the gear outright fails.

If in doubt, use the Gartner Magic Quadrant for guidance. Cisco and Aruba are good choices.

Cisco Aironet 1852I Access Point

Separate VLAN for Wireless

Wireless settings can be different than wired, such as a shorter DHCP lease time, or firewall policy segmentation. Even if these aren’t needed immediately, it is a good idea to have a separate VLAN and IP subnet for wireless devices.

Too often have I been troubleshooting access problems, and the root cause is a full DHCP scope due to stale reservations for wireless devices.

Plan for 25-30 Devices Per-AP

The question often comes up as to how many APs are needed. As usual, the answer is “it depends”. However, you can make an educated guess. As a rule of thumb, plan for 25-30 devices per-AP.

Notice I did not say 25-30 users per-AP. Nowadays a single user can carry a laptop, phone, tablet, and maybe a fitness tracker or even a second phone. That counts for multiple devices.

The product literature might say it can support hundreds of devices, but this is marketing-speak for “ours is bigger than yours”. In reality, 25-30 is a good round number. You can push it and get to 50 or 60 with minor contention problems (depending of course on what the users are trying to do), but more than that and the network becomes unusable.

No More Than 3-4 SSIDs

Each SSID has to be broadcast from each AP separately, and the beacons get transmitted every 100 milliseconds (that’s 10 times per second!). If you have 4 SSIDs available, that’s 40 beacons every second, just to announce the presence of the network! That is a lot of overhead and just takes up precious wireless airtime.

Once you get over 4 SSIDs, the overhead gets to be enough that client access becomes impacted, and client access is really why you have the wireless infrastructure to begin with.

It is no secret that wireless is a half-duplex medium. This means only one device can talk on the same channel at the same time. Don’t waste airtime on unnecessary overhead. It is a bigger deal than you think.

Instead, reconsider the business requirements. For example, don’t let vendors demand their own SSID for their one device; rather create a shared vendor network with client isolation functions enabled.

Turn Off Slow Data Rates

Examine the devices in use on the network. If you don’t have any 802.11b devices (and it’s VERY likely you don’t), then disable those data rates.

The recommendation is to disable everything slower than 12 Mbps, make 12 Mbps mandatory, with everything faster listed as supported. The fastest data rate for 802.11b is 11 Mbps, which is why 12 Mbps is the minimum recommendation.

There are two really important reasons why this is a good idea.

  1. Management frames like beacons are transmitted at the lowest mandatory data rate. Just having them enabled slows down everything.
  2. Clients generally won’t roam until the minimum mandatory rate is reached. If you’ve had wireless problems in the past and tried to fix it by adding access points, it is possible the problem was only made worse. Increasing AP density can be good, but you have to make sure the settings correspond to the higher amount of overlap – both channel selection and data rate usage might need to be adjusted.

Some wireless environments with only newer devices can benefit from turning off more data rates, making the minimum 24 Mbps. If you decide to go this route, please test!

Turn Down Power Levels on APs

AP power levels can be counter-intuitive. If you have a single, centrally-located AP, and you are having trouble accessing wireless from a corner office. How do you get better signal?

Similarly, if you are in a multi-tenant building and have problems because other Wi-Fi networks are overlapping yours, what do you do?

If you said “crank it up to 11″, you would be WRONG. The signal might reach from the AP to the corner office, but you’re still going to have trouble sending the return signal from the corner office back to the AP. And, now with higher power you’re covering additional areas like the other three corner offices and maybe a warehouse and possibly the front sidewalk and across the street and maybe down the block past that.

Blasting over other people only makes it bad for everyone.

The higher the power level, the higher the contention domain, and the poorer service you get as a result. The correct answer is adding more APs and turning down the power levels. Better yet, see if you can move to a different unused channel and these contention problems will evaporate.

Use WPA2 with AES

The point of this recommendation is just to avoid checking every box just in case it’s needed. It’s not, and it only makes your network less secure.

 

Tags: