Forum

  • Apologies for the long post..

    1) When deploying a WLAN that will comprise both a business WLAN (hidden SSID) and a guest WLAN (broadcast SSID) (using web authentication), what is the
    best practice regarding SSID naming? Although the SSID name offers little security, to me, it makes sense to make the business SSID some obscure SSID
    so that someone doing reconnaissance cannot determine which business the WLAN belongs to. Obviously if they are close enough, use a directional
    antenna etc, they could make an accurate guess.. but still, in my mind, it is another layer of security (through obscurity ;)).

    2) Likewise, hidden SSIDs offer only minimal defense but as far as I can see, a hidden business SSID and a broadcast SSID for the guest WLAN makes sense
    from a usability perspective. Business users will receive SSID through GP and so will not need it broadcast. Having only the Guest WLAN broadcast
    will only give guests one option (WLAN) with which they can connect (and should do automatically). Thoughts?

    3) From many bandwidth issues I have endured (from a existing WLAN installation), I have seen that measuring bandwidth requirements for a proposed WLAN is fundamental. The details I never see mentioned (in survey books etc) are the specifics. How do you guys work out a clients bandwidth requirements. Typically clients do not know their bandwidth requirements but will obviously know what applications they use. My
    thoughts are to use Wireshark to measure each applications usage. The major hurdle is the sporadic and peaky nature of an applications bandwidth
    usage. Throwing each applcation into a "Low, Med, High, Very High" category just doesn't seem accurate without measurements to back it.

    4) Does anyone know wether the Cisco WLC4402-12 WLC can have the license upgraded to the 25-user and 50-user version. I have found no info from Cisco
    on this. Otherwise, it will be off to TAC...

    5) Probably another one for Cisco but just in case someone is aware.. The "AIR-PWRINJ3" PoE injector has the description of
    "Power Injector for 1100, 1130AG, 1200 1230AG, 1240AG, 521". Is anyone aware wether it works with the LAP1131G? I cannot find an answer from Cisco.

    6) How do you handle start-up application usage? With many applications being deployed at client startup (through GP, SMS, etc), this can bring a WLAN
    to it's knee's (in my experience) if multiple clients are installing the same packages at once. Obviously taken this into account and designing to accomodate this traffic may work, but my preference is to have these applications only deploy when the client is connected via the wired network.

    7) All Site surveying books / articles I have read suggest using the lowest performing client device for the site survey (this client having the lowest Tx power and possibly lower antenna gain).
    The issue comes with site survey software support. With the majority of laptops containing one of Intels WLAN chipsets, this is typically what
    the client will be using once the network is installed. I am looking at AirMagnet Survey Pro which supports the Intel 2915ABG and Intel 3945ABG.
    Two of the more common chipsets of the five or so Intel chipsets available is not bad... But what if your clients don't use one of these (lets say
    that you have all new laptops with 4965s)? What do most people do? My thoughts are to throw a supported Cisco A/B/G card into the laptop and adjust
    its Tx power down to 50mW (in the case of the 4965 I believe, or whatever the client device supports). Obviously this doesn't take antenna gain into
    account but it's probably as good as you can get. Rx sensitivity may also vary which could be accounted for by adjusting AP Tx (although newer Intels and
    Ciscos, etc seem fairly similar with the top date rates)...

    8) Do you typically perform an office site survey when the office is occupied or vacant? When measuring at different points around the office, do you
    actually place the laptop down on a desk at certain points in the walk? If not, the partitioning will not be fully taking into account (despite its
    typical low level of attenuation).

    9) I have read varying procedures for the site survey process. In what order are these components typically performed?
    * Walk-about scanning for 802.11 Interference
    * Walk-about scanning for non-802.11 interference
    * Walk-about to measure signal / data-rate coverage

    10) Are there standard terms used for the "initial site survey (client walk-about) and the final site survey (verification)?

  • Though I haven't done and site surveys professionally I can relate to you the information that I have.

    1 - In our company we do have it designed, yet not implemented, to have the guest network broadcast and simple. Our business networks are generic and don't relate to our company.

    2 - likewise that is how we setup our network.

    3 - cannot speak about this since the majority of our network supports Symbol scanners and CNC devices. low traffic and small packets.

    4 - As I understand it you cannot upgrade the WLC from Cisco. If you purchase and 12 and then need to upgrade your choices are to buy another 12 and run them concurrently or buy a 25 and replace the 12. We are currently working with our reseller to replace our WLSE with a controller.

    5 - UNK

    6 - UNK

    7 - We used a NetGear card for our surveys and then adjusted what our minimum signal we wanted.

    8 - We did the survey during work hours because people absorb / attenuate the signal. As for setting the laptop on different desks, we just walked around and would occasionally step into a cubicle to measure the signal, but never stopped.

    9 - We did the initial survey, checked for non-802.11 interference, post survey to check installation. We are out in the boon-docks and there isn't much .11 noise out here.

    10 - Unk

    Hope this helps a little.

    David

  • 1) Personally, best practice is as you described. Use a nondescript SSID for your business network and a "hotspot like" SSID for your guest access.. Whichever fat AP or controller based system you use should put individual SSID's into their own VLAN

    2) Add an extra degree of security onto the private wlan as well.. 802.1x authentication and encryption should deter the majority of snoopers.

    3) Again, personal opinion, but just "Best Effort" and educated guess.. what will your clients generally be doing over the WLAN ? transmitting small bursts of data, downloading emails (with or without massive attachments) or transferring enormous TIFF images for print and design ?

    4) Dont know .

    5) Dont Actually know, would hesitate a guess at yes it would.

    6) Hope and prey that all users dont decide to log on at once :-) user education ? Dont use roaming profiles for wireless clients... (never really understood why you would use roaming profiles on a roaming machine anyway)

    7) I use a site survey tool that allows me to calibrate the card I am using to match that of a range of other cards in terms of RX and TX capabilities. But again, my personal opinion.. if your client is a "Cisco House".. use cisco kit.. If they are an HP house, use HP Kit.. etc.... as for setting the power to 50mw.. what are you recommending for your AP power.. no point having an AP at 100mw.. the clients can see it, but it cant see them.. The site survey will show a great RSSI footprint that is virtually useless.

    Preferably when the office is full.. Its great fun to wander round with a beeping laptop and when asked "what are you doing" to answer with "Checking for radiation".. which is kind of true. :-) I have had to do a couple in empty facilities.. schools during half term.. (otherwise, take a bouncer to look after your AP while you are wandering around), Just make sure you put a caveat in your report to that effect.

    9) My own order.
    802.11 survey for competing neigbours. (passive survey)
    Non 802.11 survey for other RF noise (Spectrum Analyser)
    802.11 survey for placement of access points (Active Survey)
    Installation... (someone else can do that bit)
    Post installation survey and sign off

    10) None that I have really come across.. unless you count "Passive Survey" and "Active Survey"

    Hope this helps.

  • By (Deleted User)

    4) Does anyone know wether the Cisco WLC4402-12 WLC can have the license upgraded to the 25-user and 50-user version. I have found no info from Cisco
    on this. Otherwise, it will be off to TAC...

    Answer - These are hardware upgrades not software upgrades. You will have to buy additional controllers.

    5) Probably another one for Cisco but just in case someone is aware.. The "AIR-PWRINJ3" PoE injector has the description of
    "Power Injector for 1100, 1130AG, 1200 1230AG, 1240AG, 521". Is anyone aware wether it works with the LAP1131G? I cannot find an answer from Cisco.

    Answer - These work in LWAPP mode. The AP hardware is the same. You may have to play with the power settings on the AP config on the controller depending on your version of code.

  • Thanks very much for the answers. :)

Page 1 of 1
  • 1