Answering Questions on Choosing Wi-Fi Solutions

Bradley Chambers posted the following questions on his blog concerning his worries about Wi-Fi being more than just Wi-Fi Bake-Off results.

While I do agree with the premise of his post – it’s not all about the “speeds and feeds” – but we need to have a more holistic approach to determining which WLAN Vendor to go with.

Andrew Von Nagy also addresses this topic in his latest blog as well. Many good points, as always, from Andrew at

I would like to address some of the questions posed by Bradley and answer them in this post. Of course these are just my own personal opinions – but based on over a decade of fixing wireless network issues all over the world. Mostly caused by well-meaning IT people who just didn’t understand how Wi-Fi and 802.11 actually work. Those who thought delivering RSSI to a coverage area was all they needed.

So take these recommendations with a grain of salt – just one man’s opinion:

How long does it take to add an SSID for the CEO at the last minute?

ALL Enterprise AP Vendors solutions can do this easily – but some require the admin doing the work actually learn and understand the solution. Many SoHo AP vendors make this quite easy – true. But the simpler the interface usually means there are techniques and features that might be missing.

Double the bid size and explain you are adding on to the building. How does your vendor handle this? Does it require additional management equipment or can it scale up easily?

Great question – scalability with many controller-based systems can be a bottleneck, or not at all. One has to look clearly at the processes and especially the costs for increasing loads on any controller or management platform. Clould-based systems seem to have a bit of an edge here, since the cloud-vendor has already built out expansion capability. This also is EXTREMELY important when going with a Centralized Forwarding Controller model!

How easy is it to build a secured guest network? Is it automatically configured or does require a lot of boxes to check?

Like question #1 – all vendors should be able to do this quickly by copying a pre-loaded template. Again, all admins should receive training on the product of choice so they feel as comfortable as possible with their solution of choice.

Build scenarios that require troubleshooting and get feedback on what are the steps that Technical Support is going to walk you through. Do you call someone local? If not, is someone available in your time zone?

What you are really saying is to pre-test the Tech Support of whatever WLAN Vendor you choose. Some are using ‘Chat’ functions instead of email. Phone calls in your same time zone isn’t as important as being able to easily understand the speech and language of the tech on the other end of the line. Especially check the Support Portal’s Knowledge Base – sometimes the quickest way to get the answers you are looking for.

If an AP dies, how many hours will it be before you get a replacement? Can you drive somewhere locally to pick one up? With WiFi becoming first layer access, it’s no longer possible to wait 3-4 days for a replacement to arrive.

This one is just plain silly! If you need quick replacement, it is far more efficient to order 5% or 10% ‘extra’ Access Points to have on hand, then work within the 2-4 day return process most vendors have for warranty replacement. It is a VERY EXPENSIVE option to have spares on call within driving distance. Simpler to just do this yourself. Not to mention, your design plan for your Wireless LAN needs to have both Primary Coverage and Secondary Coverage (some incorrectly refer to this as Overlap).

How often does new firmware get released? Is it an “all or none” upgrade process or can you test sections of your building at a time?

Another great question. You will want to ‘test’ new firmware in a walled garden area, at least enough to feel comfortable with it before rolling it out to the entire live network. Receiving the latest copy of Firmware should be as simple as going to the Vendor’s Support web site and downloading it. My first reaction is to wait a bit for all newly-released firmware upgrades to let other be the ‘guinea pigs’ and work out the new bugs on their networks before testing it on yours.

How involved is the testing of new code? Does the company expect you to find bugs in the firmware or do they have a strict QA process?

ALL WLAN Vendors expect their customers to beta test their code. They won’t tell you this directly, but there is no way their QA department can test all scenarios – especially something unique about your network. This can be mitigated by waiting a bit for the newly released code to ‘settle down’.

How many minutes does it take to get an AP out of the box and serving clients? Can it be automated past plugging up to power/data?

I’ve seen this be as quick as a under a minute… do you really care about this time? How often are you out changing your Access Points anyway? This is part of an initial rollout. So work on a deployment plan to pre-stage your gear and make this process as smooth as you can. I’ve seen an entire 50-AP high school go from everything in boxes to full working Wi-Fi in a few mere hours.

How often are application control signatures updated? Is it true layer 7 control or just URL filtering?

So this if for those who care more about their AP’s doing something in addition to their main function of converting Wi-Fi 802.11 frames into 802.3 Ethernet frames on your wired infrastructure. Not everyone needs an additional Firewall, or an additional Application Control device built into their Wireless infrastructure. (they already have those services running on their wired network and don’t want or need these redundantly on their WLAN)

If you choose to not have your other network services supplied by world-class solution, but instead want to have your Wi-Fi vendors do multiple-duties – then by all means, check their layer-7 bona fides.

Is the management interface compatible with an iPhone or is it riddled with Flash and other legacy plugins?

Wow… Maybe its just because I’m old and need to wear bifocals – but an iPhone has a mighty small screen for doing management. On the other hand, I totally agree with having HTML5 for all management features for iPad or other Tablet – or any laptop to do management features without the dreaded Flash!

Is the band steering bi-directional or is it just about pushing clients to 5 GHz?

Nice question – but if I can get EVERY SINGLE DEVICE over on 5GHz I’d be a happy camper! – Sure, having some level of control here would be nice. I’d settle just for getting as many devices off of 2.4GHz as possible. The only devices that should be down in the 2.4GHz ‘junk-band’ are those who can NOT do 5GHz. Hopefully as many as possible of these devices should leave our networks as quickly as possible!

Is it an actual WIPS policy or is it reporting a false positive from an AP across the street? Can you test it?

Big can of worms on the entire WIPS debacle. I’ve installed hundreds of overlay WIPS/WIDS. The problem isn’t getting it to work – it’s the inordinate amount of time it takes to CHOOSE which alarms to trigger, and build policies on what to do if/when alarms are triggered. Most organizations I’ve worked with do NOT know how to deal with these larger policy issues. If you aren’t going to do anything positive and quickly about any alarms, then you shouldn’t have them turned on. Too many people turn on WIPS, then get inundated with alarms, then just ignore them. There is a very small subset of Rogues we need to actually deal with. If a Rogue is on your Wire, or inside your facility – then take prompt and proactive action. Else you’ll never have time to track down and validate all the ‘neighbor’ devices.

What’s the process of integrating with {insert anything you want}? Ask them to show you how it works within the management system. What are the troubleshooting steps if it doesn’t work?

Pretty broad topic here. I’ll just leave it with agreeing with the question – as vague as it it.

What is the local VAR like? Do they have trained SEs on that product or are they just basically a funnel to the vendor’s Technical Support? Who do you call for more complex integrations?

I sometimes get frustrated when I follow behind VARs who merely sold the gear, told the customer something like “one AP per classroom” is what you need. This tells me the VAR isn’t actually adding any value at all – and just wants to make their margin on the order and move on to the next customer. Wireless DESIGN is just that – it’s about getting a very tight and well-defined set of customer expectations. Then designing to meet all of those expectations.

Especially for K-12 – the 1-AP per 1-Classroom shows the VAR is either unskilled, or just plain lazy! There are multiple detailed metrics on making Wi-Fi work in high-density situations – like adjacent classrooms. Primary RSSI, Secondary RSSI, SNR, Data Rates – all of which are fairly easy to design for. But to get actually high density and high throughput, one must also design OUT Co-Channel Interference on both 2.4GHz and 5GHz frequencies. One AP per classroom is a cop out – it means the designer never even measured for Co-Channel Interference… the one metric that is a definite measurement of the ability of the Wireless LAN to handle the high density and high throughput requirements.

How complex is the product? Do you need to be a CWNE to figure out a basic deployment?

Complexity is a by product of an enhanced feature set. If you only need SoHo capabilities, you’ll have very simple interfaces. As WLAN requirements get more complex, vendors leave the simple single-page configuration, and must move to an ‘object-oriented’ language for object reuse between SSIDs, Radios, AP groups, etc. Don’t be afraid of complexity because you haven’t had adequate training on the user interface.

I’d like to see more deployments have a CWNE review them – it would sure make for more Wireless LANs that just work. Wireless Designs need to have more design than a mere AP-on-a-stick coverage model.