Using WLAN technology to mobilize your enterprise
An abundance of relatively low-priced but easily configurable products has propelled wireless LAN (WLAN) technology—specifically 802.11b WLAN technology—from early adopters to mainstream users. The allure of flexibility, convenience, and cost savings tempts companies to deploy buildingwide or campuswide WLANs. However, the race to the WLAN market has yielded a variety of products, not all of which are created equal. But with some thought and planning, you can find the right products to create a truly effective WLAN that spans your campus and mobilizes your employees. Let's discuss new WLAN technologies and how you can put them to work in your environment. I describe Access Point (AP) technology, how APs work with roaming and associations in your WLAN, and how to select and deploy these devices at your site.
A typical WLAN infrastructure consists of multiple APs hard-wired to a LAN to form a transparent bridge for wireless clients. Wireless clients are client devices (i.e., laptops, desktops, or PDAs) that have compatible wireless access cards and use a radio protocol at a set frequency to communicate. APs generally provide a transparent way to join a wireless device to a wired network. When a wireless client connects and authenticates to an AP, the client can request an IP address and access network resources.
Most 802.11b APs use Direct Sequence Spread Spectrum (DSSS), a technology the US military developed that's particularly resistant to interference and interception. This technology operates in the 2.4GHz Industrial, Scientific, and Medical (ISM) frequency band, which supports 11MHz to 22MHz channels (three of these channels—1, 6, and 11—don't overlap). The 802.11b technology supports half-duplex data transfer rates of 1Mbps, 2Mbps, 5.5Mbps, and 11Mbps. For comparison, 802.11a uses Orthogonal Frequency Division Multiplexing (OFDM), operates in the 5GHz frequency band, and supports up to 54Mbps. OFDM supports eight channels that don't overlap.
The 802.11b technology is slower than 802.11a, but has been around much longer, and the equipment is less expensive and more readily available than newer 802.11a products. These two standards aren't compatible, so you can't mix 802.11a and 802.11b wireless devices.
If you use APs, you must configure your WLAN for infrastructure mode (as opposed to peer-to-peer—P2P, or ad hoc—mode), which means that network clients connect to an AP for all communication and not directly to other wireless clients. In infrastructure mode, a client can move from AP to AP depending on the client device's roaming capabilities.
In a typical configuration, the AP supports multiple wireless clients connecting to a wired LAN, as Figure 1 shows. Each AP connects directly to the LAN, typically with a Category 5 cable. Multiple APs extend the WLAN mesh and let mobile users roam across the facility or campus, switching APs as necessary. In this configuration, the users are always one wireless hop from the physical LAN.
Some APs act as a wireless bridge to transparently connect two physical LAN networks, as Figure 2 shows. (Some vendors sell network devices dedicated to this purpose.) An example of this configuration is to connect two nearby buildings where a terrestrial line (e.g., T1, Ethernet) isn't feasible or desirable. Because wireless bridges often span long distances, they can benefit from high-gain directional antennae. Depending on the AP model, wireless clients might not be permitted to connect to an AP when it's in this mode. Also, because of the high traffic that bridges handle, they often include filters or other capabilities to better handle broadcast and multicast traffic among the physical networks.
An AP that connects to another AP as its primary node (as opposed to connecting to the physical LAN) operates as a repeater, as Figure 3, page 52, shows. You can use a repeater to extend the range of your coverage area. However, because the AP must receive and retransmit data, the throughput is halved for every repeater in the chain. A repeater is good for extending range, but it doesn't maximize throughput.
The Internet Engineering Task Force (IETF) is working on a proposed mobile IP standard (for more information about this standard, see Request for Comments—RFC—3344 at ftp://ftp.isi.edu/in-notes/rfc3344.txt). Mobile IP is a modification to the TCP/IP stack that assigns two IP addresses, a home IP and a care-of IP, to the wireless client. The OS and applications bind to the machine's home IP address, and this address doesn't change. The care-of IP address is associated with the subnet of the AP to which the wireless client is connected. This second IP changes dynamically depending on which AP the client is connected to. However, applications running on the network device continue to run under the wireless client's unchanging home IP. Someday, a mobile IP might let you travel through a city or a state and transparently switch ISPs without dropping your network connection.
Roaming and Associations
When you start a wireless client, it locates and associates itself to the best AP. The client, using an often-proprietary radio protocol, distinguishes the best AP by its signal quality. Vendors define signal quality differently, but criteria typically include signal strength and AP load (but not necessarily proximity). Movement away from the associated AP often adversely affects the signal quality between the wireless client and that AP, which causes the radio protocols' roaming support to instruct the client to reassociate with a different AP.
Roaming is the feature that lets you move from AP to AP without dropping your network connection. For example, you might bring your laptop to the conference room to take notes during a meeting. In the conference room, your wireless client associates with a nearby AP and periodically confirms the quality of the signal. As you travel back to your office, moving away from the conference room, the signal quality might degrade to the point that your wireless client will automatically associate with a new AP that has a stronger signal. This handoff occurs at the physical layer, and the reassociation with the new AP should occur without dropping packets or losing your network connection. If your network doesn't have strong roaming support, your client might associate with an AP and stay with it regardless of signal quality—even to the point of disconnection. In such cases, you can usually force a manual reassociation by restarting the wireless network card. Roaming is often a particularly weak area of interoperability among AP models from different vendors; you might find that you can't roam from one vendor's AP to another without forcing a manual reassociation (and thereby breaking the network connection). For more information about choosing APs, see the sidebar "AP Selection."
Some high-end products let you set the beacon period, which controls the timing of 802.11 beacon packets, to try to improve roaming. The beacon plays a role in radio network synchronization and can provide faster response for roaming nodes (imagine running across campus and transparently switching APs as you go), but the beacon can also generate much more radio traffic and adversely affect throughput.
In the examples I've provided, I assume that you're roaming within a subnet, which means that your wireless clients can move among APs without having to change IP addresses. To achieve this configuration, you can either configure the client to use a static IP or request an address from a DHCP server on the LAN.
Roaming Across Subnets
Roaming across subnets is much more difficult than roaming within a subnet, and it requires additional software or hardware. Imagine maintaining a WLAN that consists of multiple APs on a large campus that has a different subnet for each building. DHCP servers on the LAN allocate IP addresses to client machines in each building. Your wireless client must request a new IP address when you pass from one building to another (or, more accurately, from an AP in one subnet to an AP in another subnet). When you find yourself between buildings, you might end up with an IP address from either building, depending on which AP your device associates with. Windows 2000 has made changing IP addresses dynamically much easier than it used to be, but the process still isn't invisible and will likely require some effort. In addition, IP changes might cause some open applications to fail or behave strangely.
Vendors and Internet proponents alike have tackled the challenge of roaming across subnets. For example, Proxim offers a centralized product called the Harmony AP Controller that receives all traffic from Proxim wireless clients on APs located on different subnets. APs throughout the campus connect on any subnet and register with the AP Controller. Wireless clients have an IP address on the same subnet as the AP Controller and can roam and connect to any registered AP in any subnet. An AP encapsulates traffic from the wireless client and delivers it over the wired network to the AP Controller, which then unencapsulates the package and delivers the packet on the LAN. To other network-connected devices, all wireless connections appear as if they come from the AP Controller's subnet—regardless of the subnet that the wireless client's host AP is connected to.
A simpler solution than roaming across subnets that also offers security benefits is a WLAN-dedicated subnet that supports all APs across the entire campus. This configuration lets you roam within a subnet and use a firewall or other device to isolate the WLAN subnet from the other LAN subnets. By compartmentalizing your network, you can limit corporate network exposure from wardrivers or WLAN crackers. However, this solution might not work well for organizations that use subnets for policy boundaries (e.g., by department or building). This solution requires a more in-depth understanding of your network topology and might require new WLAN-specific virtual LANs (VLANs) and firewalls to isolate the wireless users and protect the wired network.
Before you can place any hardware, you must conduct a site survey, which consists of a thorough investigation of the proposed WLAN environment and ultimately serves as a map that identifies the best AP locations. To start, get a floor plan or drawing of your campus or facility. This map is the basis of your WLAN topology. To create your WLAN topology, take the following steps:
- Mark all obstacles, including walls, office furniture, partitions, HVAC ducts, electrical wiring, and any other source of possible interference (e.g., microwave ovens, 2.4GHz cordless phones). Note whether walls are drywall or concrete.
- Mark the usual locations of your wireless users, including their desks, conference rooms, lunchrooms, hallways, stairwells, and anywhere else they might use the wireless connection. Classify the usage zones as heavy, medium, and low.
- Determine the maximum desired data rate for your APs. For example, 802.11b at 11Mbps has an approximate indoor range of 150' and at 1Mbps, a range of 350'. At faster data rates, more APs are necessary to cover the same area. (Although everybody wants to go as fast as possible, you can often save some money by deploying fewer APs at slower data rates.)
- Determine and mark the location of the physical LAN ports into which you'll connect your APs. Also note the power source for your APs. Some vendors support power over Ethernet and offer devices to power their APs over Cat 5 cable, which can save considerable cost of wiring power drops at each AP location.
- Determine the number of independent WLAN segments you want to deploy. Each WLAN segment must operate on its own channel and might be subject to interference to other nearby WLAN segments. Use nonoverlapping channels or reduce the AP's radio power to help reduce any interference. Not all AP utility software lets you adjust the radio power.
- Outline the campus or building perimeter to define the WLAN outer boundaries. Strive to place your APs far enough into the building perimeter to minimize radio seepage beyond these boundaries.
- Decide whether you want AP redundancy. Placing more APs closer together provides redundancy in the event one goes down. However, 802.11 operates under Carrier Sensing Multiple Access (CSMA), and throughput might lessen because of retransmission delays resulting from frequency and signal collisions. Some APs support a Hot Standby mode in which a secondary AP waits dormant until the primary AP fails, at which time the secondary AP actively takes the place of the primary AP.
This initial survey will help you choose your AP make and model and any accessories that match your now-defined requirements. Consult your vendor about how to optimally place and configure APs. The vendor can also recommend optimum antenna type and location and offer ideas for WLAN AP redundancy or repeaters if necessary. For more information about AP antennae, see the sidebar, "Bolster Your WLAN with Custom Antennae."
The Dry Run
Set up your APs close to one another and configure them for use. (Setting up APs close to one another makes troubleshooting easy.) Follow the manufacturer's directions for configuring the APs. Generally, configuration consists of setting the Service Set ID (SSID), IP information, any authentication and encryption parameters, and radio information. To enable roaming, most of the parameters (except the IP information) must match on each AP. If your APs span a long distance, some products let you adjust the timing of the radio protocol to accommodate any signal- transmission delay.
Deploy the APs
Confirm that a test wireless client can connect to each AP and communicate with devices on the wired network. Next, you're ready to deploy the APs throughout your facility based on the locations you identified during your site survey. As a rule of thumb, for best reception, mount the APs near the ceiling (or if outside, about 20' up). Connect the APs to the wired network and to a power source. You might save on electrician costs if you can take advantage of some vendors' Power over Ethernet (PoE) solutions, which deliver power to the AP over unused wires in a Cat 5 Ethernet cable. The Ethernet cable then plugs into a special power-providing switch, patch panel, or special power-infusing Ethernet device.
Test, Adjust, Retest
After you finish setting up your APs, take a laptop and a signal-strength meter and walk through your building or campus to look for dead zones or interference. Conduct this walkthrough during business hours, when network use and corresponding interference are at typical levels. Add APs or adjust their positions to optimize coverage throughout the building. Next, walk the perimeter of your building or campus to get an idea of what an eavesdropper might be able to hear. Adjust the location or power level of APs to try to match but not exceed the perimeter of your building or campus.
Some APs include radio diagnostic tools to help you adjust antennae or identify the clearest channels. Your vendor might offer a client utility to help you perform the walkthrough. Look for a utility that samples fairly quickly (i.e., several reads per second) and measures signal strength (in dBm), noise level (in dBm), and packet loss. Measuring noise level is important. Even with a strong signal, if you have large amounts of background radio frequency (RF) noise, your signal-to-noise ratio might be too low and cause problems. A histogram can help you identify trends as you walk around a suspect zone. Some utilities offer an active mode in which you can specify an AP to associate to, packet size, and the number of packets to send to that AP. This active testing lets you concentrate your testing on one AP without inadvertently associating to another AP. A strong set of diagnostic tools will greatly aid your deployment and future troubleshooting efforts.
Not All Are Equal
Building an effective WLAN requires some planning. You must carefully consider the needs and habits of your mobile users. When you're ready to implement, the process can greatly benefit from the use of proprietary features and tools. Despite the overwhelming availability of inexpensive 802.11b products, you shouldn't pass up the higher-end products if you're looking for a multi-AP WLAN with good roaming support and flexible configuration. In this case, you really do get what you pay for.