Wi-Fi Network Design Tips
The main aspects you want to address during the planning stage are throughput, roaming, and capacity requirements, RF interference, optimum access point (AP) locations and channels, and AP powering method.
If you’re planning to use the Wi-Fi for just light traffic like email and web browsing throughput and roaming then this isn’t a huge concern, but they are if you plan to use heavy and sensitive applications like voice (VoWLAN) or video streaming. If using sensitive applications like that, look into the requirements specified by the vendor of the applications (such as minimum signal, latency, and roaming hand-off times) and plan accordingly.
Capacity issues usually only become a concern when you think you’ll have more than 15 to 20 devices simultaneously connected to a single AP. In a typical office environment with wide-spread Wi-Fi coverage and users spread fairly evenly this isn’t usually an issue, but can very likely be if you offer public wireless access for large groups.
To check for RF interference and find optimum access point (AP) locations and channels you should do what is called an RF site survey. You can go around with free Wi-Fi stumblers to check for neighboring wireless networks, but the best option is to perform a full site survey with professional tools. Survey tools, like from AirMagnet, Ekahau, and TamoSoft, allow you to generate heatmaps of signal coverage and other related stats. They also allow you to generate fully simulated Wi-Fi environments to predict coverage and performance from equipment you haven’t deployed yet.
If you suspect there are issues with inference from non-Wi-Fi devices, like other wireless or electronic devices using the same or close wireless band to that of Wi-Fi, you should use a RF spectrum analyzer to help identify it so you can remedy or stop the interference. Some Wi-Fi surveying and analyzer tools support spectrum analyzer integration, but require an additional piece of hardware to scan the airwaves.
For every Wi-Fi deployment, you need to choose a method of powering the APs you mount throughout the building. If you plan on using PoE capable APs and already have a PoE capable switch you should ensure they’re compatible PoE versions. If the switch doesn’t support PoE but the APs do, consider using PoE injectors for each AP.
Configuring the wireless network isn’t usually difficult but time should be spent in choosing the correct settings, such as for the security, network names (SSIDs), and wireless channels.
When choosing a security method for your private SSID(s), remember WEP security is not secure. Use at least the pre-shared key (PSK) mode of WPA2 security with 13+ mixed character passphrases with no words from the dictionary. Most APs allow you to support both WPA (TKIP) and WPA2 (AES-CCMP); however for better security you should select only WPA2 (AES-CCMP).
For businesses or organizations, the enterprise mode of WPA2 should really be used. Though much more complicated to setup than the PSK mode, the enterprise mode uses 802.1X authentication to give each user their own login credentials. Everyone having the same Wi-Fi password is a problem when someone leaves the organization or they lose a device that its saved in; you’d have to change the password when these situations arise. But with the enterprise mode you’d just have to revoke or change the password for just the affected user.
Using the enterprise mode requires you to have a RADIUS server in order to perform the 802.1X authentication. There are many RADIUS server options out there, including open source solutions that are free and hosted services if you don’t want to setup your own.
You usually want to set the same network names (SSIDs) across all the APs to allow for better roaming. But there’s no real right or wrong answer when differentiating between bands (2.4 and 5GHz) in the SSIDs. Setting the same SSIDs for both bands allows the client devices to choose the band, some of which choose smartly, like the one providing the best signal or performance while others just connect to the first one it sees. Specifying the band in the SSIDs allows the end user to choose, but most users won’t understand the difference.
If utilizing multiple SSIDs (more than one SSID per band) than ensure the SSIDs are assigned with the proper settings for the wireless security and VLANs.
When using APs with two or more spatial streams for MIMO, you’ll have the option of using channel-widths greater than the original 20MHz to increase the throughput. However using these larger channel-widths may cause channel overlap and interference issues, especially in the smaller 2.4GHz band. Some APs come by default set to automatically allow all channel-widths, thus you may want to verify it’s set only to 20MHz until you ensure the larger ones won’t cause problems.
We discussed the main aspects to consider when designing your Wi-Fi network. However since Wi-Fi utilizes the airwaves, the security and performance should be monitored closely after deployment as well. At least periodic RF site surveys should be performed to ensure wireless coverage and performance is still acceptable, neighboring networks aren't interfering, and rogue access points or wireless routers haven't been setup. In conjunction with site surveys consider deploying a wireless intrusion detection or RF analyst solution that can monitor the airwaves for these types of issues.