Best Practices In Wireless LAN Deployment

We always hear most wireless problems are due to design, and I totally agree with that. I want to share best practices during the WLAN deployment of my field experience, and I hope it helps.

1) Please do not mount the Access points on the wall that are designed for Ceiling Mount. Omni-directional Antenna Access points designed for Ceiling Mount are Mounted on the wall, which changes the Polarization (Position ) of the Antenna and leads to performance issues. A common mistake is observed, People Plan the number of Access points required for proper coverage of RF using the vendor-provided tools, and these tools do not facilitate change in Polarization. When deploying, the Access point is Mounted on the wall, which completes changing the Antenna's Position. As shown in the picture, planning was done to mount the AP for RF coverage shown in Green but mounted and achieved as shown in Red.

2) Ensure AP’s are not deployed in the Straight line. IF we need to install two access points, the access points should be in a diagonal position where the Access points can see each other. For example, Assume in the classroom (Rectangle in shape) as below. If we install two Access points as shown in Red, it may lead to performance issues, but if we install two Access points as shown in green, it will give optimal coverage.

3) The Minimum distance between the two AP’s needs to be 5-6 meters (Dense Deployment) to load balance the clients between Access points.

4) Remove the lower rates below 24 if the distance between the two AP’s is 5 to 6 meters. Power values Min 12, Max 15 for 5 GHz, and Power values Min 6Max 9 for 2.4 GHz to influence the clients' load balance between Access points.

5) Remove the lower rates below 12 if the distance between the two AP’s is 10 to 15 meters. Power values Min 12 Max 18 for 5 GHz and Power values Min 9 Max 12 for 2.4 GHz to influence the clients' Roaming between Access points.

6) Disable 80MHz (not VHT) If “X” AP’s or more are in Line of Sight. The “X “number depends on the number of 80MHz bonded channels supported in the regulatory domain. For example, Singapore Regulatory Domain has five 80 MHz channels.

7) Do not deploy a mix of 802.11ax/802.11ac/802.11n AP’s

Example: In Classroom 802.11 AC AP and 802.11n AP (not OK)

In a school, First Floor 802.11AC AP and second floor 802.11n AP. (OK)

Disable 80 MHZ and VHT functionality on 802.11 AC AP and Install AP in the classroom where 802.11n AP already exists. (OK), else this will lead to problems in Roaming wireless client devices.

To conclude, if we need to deploy a mix of 802.11ax/802.11ac/802.11n AP’s, bring all the AP's lowest operating mode like 802.11n, as explained in the above example.

8) Enable only 20MHz for 2.4 GHz as we have only 3 non-overlapping channels.

9) Ensure broadcast & Multicast traffic is optimization is enabled to ensure only legitimate traffic is allowed both on Wired & Wireless.

10) Use Radius with EAP-TLS or EAP-PEAP for Secure wireless connection to avoid MITM attacks. Please ensure users are not allowed to disable validate the server certificate on the user devices.

11) Have different AP groups based on Location to have a suitable RF profile etc. For Example, Dense deployment Radio Frequency (RF) settings will differ from Normal Staff working Area.

Example: AP’s at Auditorium in One group. (Dense deployment)

AP's at Staff work Area in one group.

AP’s with an external antenna in another group etc.

12) Enable Airtime fairness in dense deployments. Airtime fairness works per radio basis. Enabling Airtime fairness allocates a similar airtime/duration (not identical) for all devices. For example, 8011a and 802.11ac clients will be allocated a similar duration.

13) Site Surveys are of two types

a) Pre-Deployment of Site survey typically done to identify where to Mount Access point to have optimal coverage and identify interference /Noise in the premises with the help of spectrum analyzer to avoid /remove the inference /noise possible.

For example, if there is Radar Interference (like Weather Radar), we can avoid using specific 5GHz channels as per the Regulatory domain.

Before transmitting in a DFS channel, the access point must validate (by first listening for 60 seconds) that there is no radar activity on it. Access point detects radar while using the DFS channel must vacate that channel immediately and switch to another DFS channel, imposing (at least) a one-minute outage.

b) Post-Deployment of Site Survey – This is to verify Access points are mounted as per plan and ensure the coverage of signal expected in all the Areas with no blind spots.

14) Secured Sites can use Faraday cage or RF Shielding Paints to avoid spillover of Wi-Fi SIGNAL.

15) Below are the Wireshark filter I use commonly while troubleshooting

Wlan.fc.type==0 Show all Management frames

Wlan.fc.type==1 show all control frames

Wlan.fc.type== 2 show all Data frames

Management Frames sent & received by client mac-address like association request.

Wlan.fc.type==0 && wlan.addr contains <few characters of client MAC>

Data Frames sent & Received by Client Mac-address like EAPOL key.

Wlan.fc.type==2 && wlan.addr contains <few characters of client MAC>

16) Staging /Lab environment is one of the most important things lot of people ignore. Staging environment should be similar or identical to actual environment and all the Critical End-User devices should be there for testing for example medical devices like heart beat monitors, Computer on wheels (CoW) etc. Wireless IP Phones, Bar Code readers etc to ensure all the Critical devices are working as per the expectation of the customer.

Advantages of Stage Environment:

• will help to ensure Management interfaces can be accessed only in secured way like https /SSH only and change the default password for all the network devices without fail.

• will help to ensure to test the Access policies like END-users are restricted to access Network devices like switches , controllers etc.

• To Ensure upgrade of the critical End-User devices do not cause any performance issue/effect the End-User experience.

• will help to test a new software before roll out to have no impact/ minimal impact (specific one or two users) in production environment etc. For example : If there is new software for Network device like controllers fixing vulnerabilities and did not undergo any testing in staging environment and rolled out directly in production may lead to Performance issue/bad END-USER experience which triggers to roll back/fall back plan.

• Will help to test any solution before rolled out and ensure things are working as expected. For example, The Customer want rollout softphone for all the employees. If we rollout softphone without proper testing in staging environment and Support team will receive tons of complaints saying voice quality using softphone is not good. softphone requires QoS END to END and if we deploy without testing staging environment and deploy in production environment and try to fine tune /configure QoS directly may lead other performance issues and affects End-User experience.

17) Documentation for all the problems(simple/complex/single user device related /complete or partial network outage) observed in Staging and Production environment, diagnosis and solutions /work around. Most important thing to have good End-User Experience but often ignored or given least importance. PLEASE, PLEASE, PLEASE recommend to all the Customers to have knowledge base/document for all the Problems observed in the network and how problems were resolved.