Wireless Design Principles and Best Practices

by | Dec 19, 2017 | Blog

…another guest post from Ahmad Nassiri

 

Like any other technology solution the purpose for a WLAN (Wireless LAN) deployment is the most important aspect. The purpose will dictate the design requirements and parameters.

The wireless services are no longer provided for guest users only. Enterprises are investing heavily on wireless technology for the very notion of having their staff connected at all times and on any wireless device available. In some of my recent deployments wireless is selected as the primary mode of delivering network services to users. Technologies provided over the wireless medium are actively changing as the user expectations are increasing and ever evolving. Thus making it challenging to design a WLAN which is fit for purpose and resilient enough to last for a while.

Requirements to consider:

  • Why a wireless network is needed?
  • How many clients will use it (density)?
  • Who will use it (staff, contractors and guest)?
  • What is dictated by the security and use policy?
  • What types of client devices are there?
  • Is BOYD an option?
  • What applications will be utilised over the wireless medium; (Voice, Video, RTLS or Data)?
  • Where and under what conditions the wireless services are provided?
  • What amount of throughput and data rates are deemed optimal?
  • Are there suitable supporting infrastructure in place?
  • Is mobility and roaming a factor to consider especially for Voice &Video applications?
  • What is in pipeline for future growth, expansion etc.?
  • How big is the Internet link size/speed?
  • What is the type, age and capabilities of wired network devices supporting the wireless network, (Switches, Routers, Firewalls, and NAC etc.)?

It is very important to define, assess and fully understand the above requirements as they are the building blocks for the wireless design.

So, can we build a WLAN that is fit for purpose?

The answer is yes! Having understood the above requirements, detailed planning, following design principles & best practices, we can design a wireless network to cater for the current demand and future growth.

I have considered and applied the below design parameters in all my designs and would like to share it with the wider wireless community. As every deployment is different and must be directed specifically the below lines should be used as a high level guide only. Additional research based on the environment, deployment type and vendor must be undertaken.

  • Understand the difference between coverage and capacity, do NOT design your wireless network for coverage only
  • Consider scalability thoroughly during the planning phase to accommodate for future growth and additions
  • Some wireless devices have specific requirements that must be addressed in the design phase. Confirm device types and capabilities like channels, receive sensitivity, authentication and encryption methods/types supported
  • Check the regulatory domain and channels you can use in any particular region, especially the 5.0GHz band
  • Keep the number of WLANs (SSIDs) to a minimum, 1-3 to avoid overhead caused by the management frames
  • The choice of antenna makes a great difference in delivery of RF signal, pick the right antenna for different environments. An Omni-directional antenna radiates a 360 degree horizontal radiation pattern and ideal for an office space, while a direction antenna focuses the RF signal in a particular direction for example hallways, warehouse and retail stores aisles
  • Band Steering or Band Selection as called by different vendors must be used cautiously depending on end user device types, it does not work on all wireless devices and at times client devices cannot make a connection at all
  • Run RRM (radio resource management) or dynamic radio management with caution and do not rely on it delivering optimal performance, it needs lots of tweaking and regular monitoring. The best option is to enable it, tweak it, test it as per your requirements and then disable it
  • Rate limit clients on the Guest WLAN using applications like YouTube, iTunes etc. as per the wireless use policy
  • Consider application throughput requirements specially for voice and video
  • Use the -65dbm or -67dbm RSSI (received signal strength indicator) with SNR of 25-30dbm as bench mark as most vendors recommends this for voice applications. Having optimal signal quality on the floor results in client devices taking less air time by using higher data rates
  • Secondary coverage (second AP) must exist at the same level as primary for applications such as voice and video
  • Consider cell overlap, Fast Secure Roaming (FSR) and scanning of available APs by voice capable devices
  • Every wireless vendor has their own requirements for the percentage of overlap, study the product blue prints thoroughly
  • If security policy permits, use pre-shard key on the voice WLAN due to lower number of messages exchanged as compared to 802.1x with policy/radius server
  • Keep in mind the data rates supported by the client devices and use the weakest client’s wireless NIC characteristics for the design
  • Disable lower data rates (802.11b), discourage presence of 802.11b clients in the network, if they do exist try to isolate them as much as possible by localising them in a particular location within the facility
  • Understand transmit power requirements for devices. The AP transmit power should be equal or lower than that of the client
  • Security is very critical to a wireless network deployment as RF is unbounded and hard to limit its propagation
  • What is dictated by the Security Policy for user access? Usually it is the value of the asset (information) that dictates security measures
  • Use of standardised and secure authentication and encryption methods are critical in securing the wireless network from malicious access and data integrity vulnerabilities
  • Recommend the use of WPA2-Enterprise (802.1x with EAP-TLS) with a policy server together with strong encryption like AES for corporate wireless users/devices and stringent rules for BYOD and guest networks
  • If WPA2-Personal is to be used, it should adhere to strict use policy. A least 20 characters pre-shared key size, complex enough to secure against dictionary attacks and regularly updated with new key
  • Use WIDs/WIPS for rogue detection and containment as well as monitoring the RF spectrum for any security threats
  • Remember capacity cannot be increased just by adding APs, instead it is the planning and placement of APs against factors like Co-Channel Interference (CCI), transmits power, frequency band in use, data rates etc. that is important
  • High density locations like large lecture rooms and auditoriums have their own design challenges. Placement of APs to provide for capacity must be done carefully to provide required coverage but at the mean time to minimise CCI. This is achieved by a careful channel plan
  • Use 5.0GHz band as much as you can for additional channels, possibility of higher bandwidth per channel, support for 802.11ac Wave1& 2 and less interference. 2.4GHz band is widely used by wireless and non-wireless devices and extremely congested.
  • Use dual band APs in case there are legacy client devices and enable 802.11k client load balancing and 802.11r fast roaming
  • Air time for any application is very important to consider based on the frequency band in use, channel width and client device performance. The faster a device transfers the sooner the medium is free for other devices to start transferring
  • Be mindful of channel bonding option with 5.0GHz band as it reduces your channel count.
  • In high density areas obstruction of signal is beneficial due to high number of APs deployed, where the channels can be reused without causing CCI
  • At times it is not possible to install APs on the ceiling like auditoriums and lecture rooms due to height, aesthetics etc. Consider installing the APs on the walls with directional antenna or under the seats
  • Use low transmit power in high density deployments to reduce CCI but not as much to cause coverage holes
  • Use 20Mhz channel width as compared to 40 or 80mhz where channels are bonded and reduced
  • If deploying Real Time Location System (RTLS), remember the AP placement differs from a data or voice WLANs. With RTLS grade wireless, APs are to be installed within and in the perimeters of the coverage area to form a triangulation pattern. A client device must be heard by at least 3 nearby APs to calculate an accurate location. The more APs hearing a client the better for accuracy and redundancy purposes
  • For highly critical deployments like hospitals where RTLS accuracy is very important (duress system). It is highly recommended to Calibrate the wireless network
  • Study the building structure wisely and understand inter floor attenuation factors. If APs are stacked in the same location between multiple floors it will cause issues like co-channel interference (CCI), RFID tags identified in wrong floors, transmit power and coverage reduced (if Radio Resource Management RRM is enabled)
  • With core wireless infrastructure consider central or distributed deployment based on requirements and fit for purpose principles. At most instances locally switched data is more realistic rather than sending traffic over expensive WAN links to a central controller
  • Consider local controllers in large deployments
  • Cloud based controllers are around for a while now and an option for small to medium deployments
  • Use Gig switches with PoE capabilities where possible as opposed to older switches and power injectors
  • Built redundancy and fault tolerance in every layer whether it is the APs, controllers, switches, power source, authentication/policy servers, management, and all other upstream network devices.

Summary

Wireless network deployment is not as simple as a wired network. Work does not finish after the wireless network is deployed and operational. It needs constant maintenance, monitoring, tunning, performing regular surveys and analysis to achieve optimal performance and discover any security threats.