From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

OECG – Chapter 23

486 Words. Plan about 3 minute(s) to read this.

This last section of the chapter describes 3 common wireless deployment scenarios, and highlights important points to ponder about each.

Enterprise Wireless LANs

  • Deployed for convenient access to company data resources.
  • Security is, of course, a major concern.  Layer 2 security should be the focus for enterprise wireless LANs.
  • To provide visitors access to the wireless LAN, a common approach is to place the APs into a DMZ protected by a firewall and force the data connection to be protected with a VPN.
  • It is a best practice to keep RF in the building(s) as much as possible, reducing the chance a hacker outside the premise can get a signal.
  • Voice over wireless is increasing in popularity, with more and more manufacturers producing portable phones that interface with 802.11 APs.  For a successful voice over wireless implementation, consider the following:
    • Perform accurate RF site surveys – this will avoid coverage holes.  Cisco guidelines for WiFi phones recommend 25dB SNR, and 20% coverage overlap between APs.
    • Use APs that support fast roaming – voice will survive a roam that happens under 100ms.  Cisco recommends that at roaming delay be 50ms.
    • Carefully review RF interference – if others RF transmitters are clobbering the band, voice quality is going to suffer.  Possibly consider 802.11a in the 5GHz band, as there’s less likelihood of interference.

Public Wireless LANs

  • Offer an open user interface – don’t deploy proprietary features that would make it needlessly challenging for some users to associate.
  • Implement user authentication and billing – you can do this with an access controller or “smart” AP.
  • Disable L2 security – it’s not practical to require this for a public hotspot.
  • Broadcast SSIDs – you want users to find your network.  Remember to use a distinctive SSID name.
  • Include DHCP services – users will need an IP address, and it’s up to your to provide them one when they associate.
  • Focus on increasing capacity – public hotspots tend to have lots of users in a small area, which can be hard on APs.  Consider more APs, closer together, with lowered transmit power.  This will help spread the load.
  • Enable broadcasting of SSIDs – this is mentioned here in the book, again, although it was mentioned just above as well with a similar explanation.  Not the best chapter in the book.  Oh, well.
  • Monitor for RF interference – in a public hotspot situation, other wireless LANs are often a cause for concern.

Small Office/Home Wireless LANs

  • Purchase a Wi-Fi router.  You need a router that’ll do NAT, DHCP and so on, not just an AP.  Unless you have a real home network, like me, where those needed services are provided by something other than the AP.
  • Centralize the router installation – you need to be able to plug the AP into the broadband Internet access device.  You also want the AP to cover your home with signal well.
  • Configure security mechanisms – ’nuff said.