Professional Documents
Culture Documents
frequency band allows 802.11a to support up to eight non-overlapping • 5 – 10 power users who are constantly on the network and deal
channels. 802.11b and 802.11g support up to three non-overlapping with large files
channels. Frequency ranges and channels may vary by country.
To increase capacity, more APs may be added, which gives users more
The number of radio frequency channels required by an organization is opportunity to enter the network. Networks are optimized when the
determined by assessing usage requirements. For example, a public APs are set to different channels.
hotspot such as a lobby can usually be well supported by the 802.11b
A newer standard that has been developed addresses security
standard for e-mail support or viewing web sites. A conference room
weaknesses regarding both authentication and encryption protocols.
may be better served by the 802.11a standard for transfer and
This selection, 802.11i, encompasses 802.1X, Temporal Key Integrity
collaborative work with data files. A home office might be best suited
Protocol (TKIP) and Advanced Encryption Standard (AES) protocols.
by a 802.11g-based network to help enable good application
performance for virtual office workers.
The Site Survey
The number of simultaneous users that an AP can support depends With the requirements and deployment confirmed, it’s time for a site
mostly on the amount of data traffic traveling at a time (heavy versus light survey. The best surveys are done literally on-site. Modeling tools
downloads and uploads). Bandwidth is shared among users on a WLAN can simulate an environment without an actual visit, but they are only
as with wired network connections. Network performance, as gauged by as good as the source data. Key elements to be determined in this
the number of simultaneous users, hinges on the combined computing survey are identifying the number and placement of APs and assessing
activity. For example, with 802.11b, each hardware access point has up to the attenuation of radio frequency obstacles.
6 Mbps effective throughput. This capacity is adequate for:
The speed at which a WLAN performs depends on many things, such
• 15 – 25 nominal users who are mostly idle and check on as the efficiency of the wired network, the configuration of the
occasional text based e-mail building, and the type of WLAN employed. As a general rule for all
WLANs, data throughput decreases as the distance between the
• 10 – 15 mainstream users who frequently use e-mail and WLAN access point and the wireless client increases. An assessment
download and upload moderately sized files of AP signal strength using various antenna and AP configurations
Plaster Low Inner wall (old plaster lower than new plaster)
helps determine the number and placement of required APs needed One way to make a WLAN more secure is to limit its reach. At the
to provide adequate radio coverage. This process involves: design stage, the WLAN’s engineers should be clear about how far
and wide wireless access is really needed, so they can select APs that
• Gathering facility drawings and blueprints, documenting wiring
will shape the signal’s range and direction. It’s also a good idea to
such as the location of host systems and documenting power
isolate the WLAN from the rest of the network with an internal firewall
outlets and structural elements (such as metal firebreaks and walls,
or Wireless DMZ.
doorways and passageways).
Several security technologies can provide added levels of protection
• Assessing environmental radio coverage including the selection of
for WLANs:
AP devices and radio for the installation areas where signal
interference is avoided or minimized. The optimal positioning of • Service Set Identifier (SSID) identifies the WLAN. Clients must be
access points and antennas is also determined. configured with the correct SSID to access their WLAN. The SSID
should not be broadcast and the key should be shared only with
• Assessing channel interference and conducting testing to help
those having legitimate need to access the network. Finally, the
ensure radio transmissions do not overlap.
SSID should be changed periodically.
• Choosing antenna placement including positioning of omni-
• Media Access Control (MAC) is access based on a filtering system of
directional and directional antenna.
MAC addresses configured for a specific LAN switched port. It
• Establish diversity reception including overcoming interference or restricts WLAN access to computers that are on a list created for
fading by positioning multiple antennas in certain locations. each AP on the WLAN network. It also restricts the connection of
APs and the LAN switch port.
• Assessing electrical systems including review of AP electrical
installation alternatives to prevent performance degradation on • Wired Equivalent Privacy (WEP) is an encryption method that
inherent or random electrical problems. protects WLAN data streams between clients and APs as specified
by the 802.11 standard. There have been flaws identified in this
• Redundancy should be considered for conference rooms, cafeterias security mechanism and its effectiveness is uncertain.
and other multiuse spaces to help ensure good throughput.
• IEEE 802.1X is a security standard featuring a port-based
Attenuation of radio frequency obstacles should also be considered as authentication framework and dynamic distribution of session keys
part of the site survey and assessment. Both the ability of radio waves for WEP encryption. A radius server is required.
to transmit and receive information and the speed of transmission are
impacted by the nature of any obstructions in the signal path. The • IEEE 802.11i is an upcoming security method being developed by
illustration on page 2 shows the relative degree of attenuation for the IEEE that features 802.1X authentication and includes
common obstructions. Advanced Encryption Standard (AES) for added protection. Another
enhancement, Temporal Key Integrity Protocol (TKIP), allows
Wood floors can cause floor-to-floor interaction between APs. It is encryption keys to be changed frequently.
important to ensure that channel selections are appropriate for
vertically adjacent access points. All office and room doors should be • Wi-Fi Protected Access (WPA) is a method that addresses the
closed before beginning the survey in order to assess reception at its encryption issues of WEP by utilizing Temporal Key Integrity
lowest level. The corner of a room should be avoided as a placement Protocol, which wraps around WEP and changes the encryption key
area for an access point. If placed in a corner, about 75% of the AP frequently. WPA also includes the authentication benefits of 802.1X.
coverage is wasted. This also gives unauthorized users outside the
• Extensible Authentication Protocol (EAP) is a point-to-point protocol
room a better chance to access the AP.
that supports multiple authentication methods. The support of EAP
To understand what other frequencies might be present in the proposed types depends upon vendor implementation. EAP provides the
WLAN space, surveys should also include an RF spectrum analysis. framework for the client, the authenticator (the wireless access
device or access point) and the authentication server to authenticate
Security Considerations each other and communicate the encryption keys.
Security is often cited as a key concern in a WLAN implementation, as
Providing security features to a WLAN involves coordinating multiple
it can be a potential open door to the network. Before deployment,
elements. WPA protocol is normally recommended over WEP protocol.
the WLAN’s security issues should be clarified stating clearly what kind
Strong encryption should be used and the default administrative
of authentication measures and encryption methods will be used.
password should be frequently changed. A “strong” password should
Developing and documenting a WLAN security policy is a good first be used, containing at least eight characters, with a combination of
step. Many security breaches can be traced to policy failures, not letters and numbers. The Service Set Identifier (SSID) should not be
technology failures. WLAN security policies should be similar to any broadcast because it forces users to know the name of the network
other network security policy, with a stated purpose, a clear scope and in order to connect. Rogue users won’t see the WLAN as an
assigned responsibilities. available network.
Implementing a WLAN ______________________________________________________________________________________________________________________ 4
operate on separate frequencies. Even though 802.11b and 802.11g programs providing wireless connectivity to a small segment of a larger
products operate on the same frequency, due to modulation environment. Other times, a wireless network solution must be
differences, they need to be designed for dual mode operation or implemented across the entire organization. Many businesses take a
upgraded to ensure compatibility. Build-and-Test approach, bringing up one segment of the WLAN at a
time, then testing and approving it before moving on to the next
APs should be placed in strategic areas to provide adequate coverage.
segment. Each segment test also checks the deployed security features.
Many IT managers avoid outside facing walls to help minimize security
threats from people in parking lots. Overlapping of coverage is Summary
important for maintaining a continuous connection around a building. WLANs help increase productivity and team collaboration and help
APs should be set to different channels to avoid cross talk, or colliding facilitate more efficient decision making. Compared to a wired
with signals that degrade performance while the data packets are network, WLANs can provide a more flexible technical infrastructure,
sorted and put together correctly. at a reduced cost. Since they can be installed or relocated quickly,
New architectural direction incorporates wireless band controllers WLANs offer natural business continuity advantages.
to support APs. The controllers do authentication, aid in QOS, A successful WLAN implementation is a matter of striking the right
and collect statistics. Today, that information allows for a more balance between functionality, performance and security objectives.
scalable implementation. With careful planning and the right advice from experienced
professionals, businesses can expect to benefit from what the wireless
Roll Out
technology has to offer.
Once the design of the WLAN is established, it is important to develop
a plan for deployment. Deployments sometimes consist of pilot
07/13/07 AB-1111
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures.