Wi-Fi is a Passion


Defining requirements

When the client and applications are known, there are other requirements that the customer can have.

Security requirements
Consider which type of authentication and encryption are used, and keep in mind both the client and the infrastructure need to support it. A Network Access Control (NAC) solution helps with this. Clients need to support a minimal set of requirements before it may access the network.

It is not always possible to pick a security solution with 802.1X, since not all clients support that. For example, most Voice over IP handsets.

Roaming requirements
Also for roaming it is important that it is supported by the client and the infrastructure. For example, not all clients support OKC since this is a proprietary solution. It is the same for the latest 802.11r solution—older clients don’t support this solution.

There are also vendors that have a per user PSK solution. In this case, all the devices have their own unique pre-shared key that they use for connecting to the network.

There is a difference between layer 2 and layer 3 roaming. With layer 3, the application can fail during the roaming, since the client gets a new IP address. With layer 2 roaming, the network connection doesn’t break during the roaming. Voice over IP is an application that is not really happy with layer 3 roaming solution.

Network monitor requirements
Are you going to monitor the network? The wireless network can be very vulnerable for different types of attacks, for example Hijacking, RF jamming (DOS), Protocol attacks, Eavesdropping, Spoofing, Man in the Middle attacks, management interface exploits, encryption cracking, authentication attacks, and peer-to-peer attacks.

Some of those attacks are able to be mitigated by Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS).

Bring your own device is letting personal devices on your network. You can manage those devices with a Mobile Device Management solution. There are some benefits with this. With your own device, you can be more productive than a device that you get from your customer, and this helps also in the satisfaction of the employees. It helps in cost, since the company does not need to buy all those devices.

Guest access
There are different types of guest access to your network, and most of the time it is separated by VLANs. Besides that, there are choices for how to secure the network, such as Open SSID with a payment option or accepting some policies or a secure SSID with WPA2-Personal.

When you have all those requirements, other questions may be asked such as, where do you need coverage?

There are some uncommon areas where companies want Wi-Fi, such as in the restrooms, stairwells or elevators for example. The common areas to have Wi-Fi are workspace areas, break rooms, conference rooms, and hotel rooms, and those are most of the time High Density area. Other areas that need some special attention are industrial areas where you might find a lot of large equipment, metal, or shelving that interferes with the RF propagation. In these areas, you may find forklift trucks and barcode scanners.

Outdoor areas have limited cable possibilities, so think about point-to-point or mesh networks. There are no walls, so using the advantages of MIMO will not work here. You have point-to-point links or point-to-multipoint links. You can use those links for connecting to buildings together as the main connection or as a backup connection. There is a root bridge and a non-root bridge, like with mesh connections with a root access point and a mesh access point. When there are multiple buildings around the HQ the best pick is a high-gain omnidirectional antenna for the HQ and all the other buildings directional antennas. However, with a point-to-point link, most of the time the root and non-root bridge are both directional antennas.

With mesh connection, one of the radios can be used for client access and the other radio for the backhaul. It is, for throughput perspective, better to separate the client access and the backhaul, but it is possible to have client access on the backhaul. Mesh uses a proprietary layer 2 routing protocol and is a self-healing network and reroute automatically.

Do not forget to take into consideration building materials. Wood, concrete walls or lead walls propagate the RF signal different. Also, the ceiling height affects the RF propagation, but as well picking the right type of access point depends on the height of the ceiling. Free-space path loss is not only outside, but also in big open rooms. In multi floor scenarios, the RF do not stop when it sees a ceiling, so access points from other floors can interfere with each other. If you have those access points in your own control is a great. However, there are multitenant buildings where each company has its own floor and their own equipment. In that case you cannot change the settings from the access point below or above you. Those are only wireless based, but look also to the SERs in your building. Wires to the access points still have the 100 meters limit. When you use power over Ethernet for your access points, consider if the switch has enough budget for the amount of access points.