Learn how to set up a reliable, secure, and fast wireless network in your organization that won't cause any headaches for you, your employees, or your guests.
“It is not rocket science to set up a Wi-Fi network! After setting up a couple of access points around the place, what could possibly go wrong?!” I’ve heard statements like this a hundred times. But is it really that easy? If you are a wireless administrator, your daily tasks constantly convince you that the opposite is true. So, if you are currently struggling with Wi-Fi performance issues, the following tips will help you get things back on track.
1. Remember, a wireless network operates on two frequency bands. Make your life easier on 5 GHz.
You might have heard: “The 2.4 GHz band is still the most important.” Well, let me break it to you – it isn’t. A wireless network operates on two frequency bands – 2.4 GHz and 5 GHz. And the second one has evolved for multiple reasons:
- More available non-overlapping channels (25 in comparison to 3 in the 2.4 GHz frequency band); consequently co-channel interference is less likely to happen.
- Less interferers (microwave oven, Bluetooth devices, cordless phones, and others all interfere with wireless devices using 2.4 GHz. There are not many commonly known interferers using 5 GHz).
Basically, all future developments are focused on the 5 GHz band. The fact is that all access points on the market today are dual band, which means that they can operate on both frequency bands, so they will still support your (legacy) 2.4 GHz-only clients. However, designing just for the 2.4 GHz usage is not a smart way going forward. Design your network for 5 GHz and take out the 2.4 GHz clients entirely, if possible. If not, use band steering mechanisms to push clients toward the 5 GHz band.
Wi-Fi Frequency Bands
2. More on frequencies: Use the 2.4 GHz channels wisely
Because in most cases the 2.4 GHz band can’t be eliminated entirely, unfortunately, a wise design for the 2.4& GHz band is crucial. Even though there are 13 available channels, only 3 of them should be used to avoid adjacent channel interference. Ensure that your access points are only using channels 1, 6, and 11. To avoid co-channel interference, ensure that the adjacent access points are not using the same channel. Since there are not enough channels, you may still have some co-channel interference, despite the fact that you are using a reuse size of 3. To minimize the chance of co-channel interference, try to design small cells (minimize the access point transmit power).
Even though newer standards (e.g. 802.11n and 802.11ac) bring channel bonding to achieve higher throughput, this shouldn’t be used in the 2.4 GHz band under any circumstances.
In reality, all enterprise equipment usually automatically follows those guidelines, using the RRM (Radio Resource Management) algorithm, which you may just need to fine-tune. However, you may need to manually set all the equipment produced for the non-enterprise environment.Channel reuse size of 3 and possible co-channel interference (source: ekahau.com)
3. Maximum power kills performance
Setting all your access points to maximum power will not provide better coverage but will rather degrade the overall Wi-Fi performance. And why is this so?
First, access points will cause co-channel interference to each other because normally those access points are not separated enough. Second, and even worse, the client’s maximum transmit power is not equal to the access point’s maximum transmit power (typically it is somewhere around one quarter, 14 dBm). This means that even though your client will hear the access point quite well, the access point will not hear the client and retransmissions will occur.
To avoid such issues, let the RRM algorithm do its job and just adjust the power levels that the algorithm can use to values between 5 dBm and 17 dBm.
Access Point to Client Communication
4. Site survey is a must!
There is some truth to the saying failing to plan in planning to fail. Or to put this in our context, how will you know how many access points you need? And where to place them (and why)? What kind of access points do you need? A site survey will provide the answers to those questions. Since you can’t predict the impact of obstacles to wireless signal propagation or other interferers, a site survey is crucial for access points’ proper placement. It will save you from a lot of stress after the Wi-Fi is up and running, so, think of it as a good investment.
Unfortunately, in most cases a predictive site survey, which is more of a design than a site survey, won’t be enough. You will need to perform a manual site survey on-site. And … you need to perform it everywhere. If the Wi-Fi is needed in the restrooms, this means you need to perform a site survey in the restrooms as well. In addition, don’t forget that you will need to perform a site survey for 2.4 GHz and 5 GHz.
In addition, a spectral analysis is desired as well to see if there are any interferers that you should avoid. To validate the design and network operation after the deployment, a post-deployment site survey should be performed as well!
5. Placement does matter
You have taken the time to perform a site survey. Why spoil everything with improper access points’ placement? When mounting access points, be aware that whatever stands between the access point and the end client will degrade the signal quality. Avoid all unnecessary obstacles, such as metal, walls, glass, plastic, etc. in front of the access point since this all impacts the signal.
If you can place an access point in front of a metal construction on the wall, place it! If you can place the access point on the ceiling, don’t place it above the ceiling. And, do I have to point out that placing an access point in the metal closet is not the most brilliant idea?
Moreover, if using access points with external antennas, their orientation does matter. Antennas are not just a bunch of plastic – they also have their (electromagnetic) characteristics. One of them is electromagnetic polarization. For optimal Wi-Fi performance, the polarization of the access point’s antenna should be the same as the polarization of client’s antennas, which is usually vertical. The orientation of an antenna can affect its polarization. For this reason, external dipole antennas, for example, should always point in the up and down direction.
Don't do that (source: cisco.com)
6. It is not all about the access points
Unfortunately, a good network design and the latest access points are not all that it takes to achieve good Wi-Fi performance. It depends on the clients as well:
- To leverage the 802.11ac (wave 2) features, you will need an 802.11ac (wave 2) capable client. In other words, standards supported on the access points should be supported on the clients as well.
- Having 802.11a/b/g clients in your network will consequently affect the performance of all the clients since those clients will use lower data rates to communicate.
- Keep in mind that dual band clients can still prefer the more crowded 2.4 GHz band because the signal strength is better in comparison to 5 GHz.
Furthermore, keep in mind that Wi-Fi is a shared medium, meaning that only one can talk at a time. More clients on the same access point can, therefore, affect the throughput of each client.
7. Don’t forget the security
When you are confident with the wireless performance, it’s time to consider other aspects, one of them being security. Admit it or not, most of everyday business is done using Wi-Fi. As we take care of security on the wire, we should do so in the air as well.
When configuring security mechanisms, you should ensure to keep in mind that the WPA2 security mechanism is the bare minimum. Avoid using the TKIP encryption and rather use AES if all clients support it, since it is considered more secure. The preshared key authentication (e.g. WPA2-Personal) is not intended to be used in enterprise environments. Whenever deploying Wi-Fi in an enterprise environment, try to use WPA2-Enterprise, e.g. the 802.1X authentication to provide the strongest security possible.
Don’t be misled by false security mechanisms that can be quickly bypassed, e.g. hidden SSID or MAC filtering. How can they be bypassed? A hidden SSID is actually hidden only in beacon frames but you can see it in all other frames. If hiding the SSID is the only security, it won’t take much for an intruder to get in. Regarding the MAC filtering, I probably do not have to tell you that spoofing a MAC address is as easy as shooting fish in a barrel.
If you are setting up or completely redesigning your enterprise wireless network, there are two key things that you should remember:
- Planning Wi-Fi from the beginning is crucial. Start with a site survey, and take at least one day for it. After deployment, be sure to validate the operation, performing a post-deployment site survey that will show you if RRM is doing its job. At the end, don’t forget to configure proper security.
- Don’t underestimate the wireless network setup. It is not a “couple of hours” task. Of course, it all depends on the size of the organization, architecture of the building(s), security/performance requirements etc., but for a typical SMB environment it will take some days to conduct a proper setup.
Unfortunately, the majority of us don’t have the luxury to build the Wi-Fi network from scratch and we have to work in the existing environment. If you are experiencing performance issues, check the tips that I have listed and try to identify the most severe issues and fix them. Typical low-hanging fruits would be to use Wi-Fi on multiple locations to determine its performance, check the clients signal strength as seen from the AP perspective, use tools such as inSSIDer to quickly determine neighbors Wi-Fi and channel usage. If that won’t help and you run into a dead end, we are here to help so just reach out and we’ll figure it out together.