This last section of the chapter describes 3 common wireless deployment scenarios, and highlights important points to ponder about each.
Enterprise Wireless LANs
- Deployed for convenient access to company data resources.
- Security is, of course, a major concern. Layer 2 security should be the focus for enterprise wireless LANs.
- To provide visitors access to the wireless LAN, a common approach is to place the APs into a DMZ protected by a firewall and force the data connection to be protected with a VPN.
- It is a best practice to keep RF in the building(s) as much as possible, reducing the chance a hacker outside the premise can get a signal.
- Voice over wireless is increasing in popularity, with more and more manufacturers producing portable phones that interface with 802.11 APs. For a successful voice over wireless implementation, consider the following:
- Perform accurate RF site surveys – this will avoid coverage holes. Cisco guidelines for WiFi phones recommend 25dB SNR, and 20% coverage overlap between APs.
- Use APs that support fast roaming – voice will survive a roam that happens under 100ms. Cisco recommends that at roaming delay be 50ms.
- Carefully review RF interference – if others RF transmitters are clobbering the band, voice quality is going to suffer. Possibly consider 802.11a in the 5GHz band, as there’s less likelihood of interference.
Public Wireless LANs
- Offer an open user interface – don’t deploy proprietary features that would make it needlessly challenging for some users to associate.
- Implement user authentication and billing – you can do this with an access controller or “smart” AP.
- Disable L2 security – it’s not practical to require this for a public hotspot.
- Broadcast SSIDs – you want users to find your network. Remember to use a distinctive SSID name.
- Include DHCP services – users will need an IP address, and it’s up to your to provide them one when they associate.
- Focus on increasing capacity – public hotspots tend to have lots of users in a small area, which can be hard on APs. Consider more APs, closer together, with lowered transmit power. This will help spread the load.
- Enable broadcasting of SSIDs – this is mentioned here in the book, again, although it was mentioned just above as well with a similar explanation. Not the best chapter in the book. Oh, well.
- Monitor for RF interference – in a public hotspot situation, other wireless LANs are often a cause for concern.
Small Office/Home Wireless LANs
- Purchase a Wi-Fi router. You need a router that’ll do NAT, DHCP and so on, not just an AP. Unless you have a real home network, like me, where those needed services are provided by something other than the AP.
- Centralize the router installation – you need to be able to plug the AP into the broadband Internet access device. You also want the AP to cover your home with signal well.
- Configure security mechanisms – ’nuff said.