Implementing a WLAN: Good Planning is the Key to Success

Wireless LAN (WLAN) technology has matured and become a practical alternative to traditional networks. It offers the kind of anywhere/anytime connectivity that todays highly mobile workforce has come to expect. Wireless LANs can provide full access to network resources from any place within range of an Access Point (AP). On one level, a wireless LAN is very much like a wired LAN. There are endpoint devices (servers, workstations, printers) enabled by network cards and data is transferred with network communication protocols. Instead of traveling on fiber or copper, data is transferred with Radio Frequency (RF) signals. Wireless LANs make it easier for employees to stay on line and in touch. The increased flexibility of Wireless LANs enables more productive work teams, supports greater employee collaboration and contributes to employee satisfaction. Workers like the mobility and sense of empowerment that a WLAN can provide.

Since it has become a popular technology used within a residence, many businesses are familiar with the basics of wireless networking. The ease of setting up a WLAN is contributing to its rapid adoption. However, a successful WLAN implementation requires the same kind of advanced detailed planning and attention to detail as any other network deployment. Networking Requirements Analysis and Deployment Considerations The first step in a WLAN implementation is to conduct a thorough business analysis to verify that wireless technology will meet business needs and deliver the required functionality. The physical environment (indoors, outdoors or both), the kind of traffic the WLAN will need to carry (data, voice, video or all of the above) and the type of business function it is intended to serve (such as conferencing, customer service or sales support) should be considered. It is also important to factor in future application requirements, growth and scalability as part of the initial assessment.

Channelization and deployment standards play an important role in WLAN implementations. A channel represents a narrow band of radio frequency. Since radio frequency modulates within a band of frequencies, there is a limited amount of bandwidth within any given range to carry data, which impacts the overall capacity of the WLAN. It is important that the frequencies do not overlap or the throughput would be significantly lowered as the network sorts and reassembles the data packets sent over the air. There are a few basic deployment standards from which to choose, with more being tested.

The number of radio frequency channels required by an organization is determined by assessing usage requirements. For example, a public hotspot such as a lobby can usually be well supported by the 802.11b standard for e-mail support or viewing web sites. A conference room may be better served by the 802.11a standard for transfer and collaborative work with data files. A home office might be best suited by a 802.11g-based network to help enable good application performance for virtual office workers.

The number of simultaneous users that an AP can support depends mostly on the amount of data traffic traveling at a time (heavy versus light downloads and uploads). Bandwidth is shared among users on a WLAN as with wired network connections.

To increase capacity, more APs may be added, which gives users more opportunity to enter the network. Networks are optimized when the APs are set to different channels

With the requirements and deployment confirmed, its time for a site survey. The best surveys are done literally on-site. Modeling tools can simulate an environment without an actual visit, but they are only as good as the source data. Key elements to be determined in this survey are identifying the number and placement of APs and assessing the attenuation of radio frequency obstacles. The speed at which a WLAN performs depends on many things, such as the efficiency of the wired network, the configuration of the building, and the type of WLAN employed. As a general rule for all WLANs, data throughput decreases as the distance between the WLAN access point and the wireless client increases. An assessment of AP signal strength using various antenna and AP configurations

helps determine the number and placement of required APs needed to provide adequate radio coverage. This process involves: Gathering facility drawings and blueprints, documenting wiring such as the location of host systems and documenting power outlets and structural elements (such as metal firebreaks and walls, doorways and passageways). Assessing environmental radio coverage including the selection of AP devices and radio for the installation areas where signal interference is avoided or minimized. The optimal positioning of access points and antennas is also determined. Assessing channel interference and conducting testing to help ensure radio transmissions do not overlap. Choosing antenna placement including positioning of omni directional and directional antenna. Establish diversity reception including overcoming interference or fading by positioning multiple antennas in certain locations. Assessing electrical systems including review of AP electrical installation alternatives to prevent performance degradation on inherent or random electrical problems. Redundancy should be considered for conference rooms, cafeterias and other multiuse spaces to help ensure good throughput.

Attenuation of radio frequency obstacles should also be considered as part of the site survey and assessment. Both the ability of radio waves to transmit and receive information and the speed of transmission are impacted by the nature of any obstructions in the signal path. The illustration on page 2 shows the relative degree of attenuation for common obstructions. Wood floors can cause floor-to-floor interaction between APs. It is important to ensure that channel selections are appropriate for vertically adjacent access points. All office and room doors should be closed before beginning the survey in order to assess reception at its lowest level. The corner of a room should be avoided as a placement area for an access point. If placed in a corner, about 75% of the AP coverage is wasted. This also gives unauthorized users outside the room a better chance to access the AP. To understand what other frequencies might be present in the proposed WLAN space, surveys should also include an RF spectrum analysis

Security Considerations Security is often cited as a key concern in a WLAN implementation, as it can be a potential open door to the network. Before deployment, the WLANs security issues should be clarified stating clearly what kind of authentication measures and encryption methods will be used. Developing and documenting a WLAN security policy is a good first step. Many security breaches can be traced to policy failures, not technology failures. WLAN security policies should be similar to any other network security policy, with a stated purpose, a clear scope and assigned responsibilities

Regular network audits should be performed to identify and disable or reconfigure rogue APs. Rogue APs are those installed without the IT departments knowledge. These APs are not configured with any security settings and may leave an open door for unauthorized access to the network. Some rogue APs may not be connected to the network. However, due to their presence, users may attempt to use the AP by providing valid user authentication information (such as user ID and password), which can be retrieved via other methods such as unauthorized hacking and exploitation. From a physical standpoint, in areas requiring limited access, access points should be placed adjacent to or straddling the high-security area. Businesses may want to consider making the use of virtual private networks (VPNs) part of their security policy. In doing this, users would need to use a VPN to enter the corporate network through a wireless access point.

Equipment With the right up-front planning, the actual implementation of a WLAN is largely a plug-and-play activity. WLANs are engineered with a few types of components. A typical network infrastructure is composed of the following equipment: Hardware WLANs consist of two main building blocks, including an AP that connects to the network and a wireless adapter installed in the computing device. Access point (AP) An AP is a small box, usually with one or two antennas. This radio-based receiver/transmitter is connected to the wired LAN (or broadband connection) using Ethernet cables. Antennas and bridges Antennas enhance radio frequency coverage, extending the range of an 802.11 WLAN (See the Age of the Wireless LAN for more information). Bridges provide a point-topoint wireless connection between two LANs. Wireless adapter A wireless adapter functions like a network interface card (NIC) in that it allows the client computing device access to the network by means of the wireless AP. Clients Clients are items such as workstations, laptops, phones, printers or other WNIC-enabled devices. Most devices on a WLAN are referred to as stations and are equipped with Wireless Network Interface Cards (WNICs). A service set is a collection of stations that can communicate with each other. Service sets are connected at some point to a Distribution System, which is usually a wired LAN. Depending upon security requirements and policies of the user, an authentication server may be needed to validate the user and the AP. A management server may be needed to help monitor and maintain the WLAN. Advanced network management may require a gateway server that provides Quality of Service for different groups of users and applications.

It is important to check for interoperability between the network infrastructure and client-side WLAN components. It is also important to verify that the clients are on the correct frequency by selecting appropriate channels on the APs.

APs should be placed in strategic areas to provide adequate coverage. Many IT managers avoid outside facing walls to help minimize security threats from people in parking lots. Overlapping of coverage is important for maintaining a continuous connection around a building. APs should be set to different channels to avoid cross talk, or colliding with signals that degrade performance while the data packets are sorted and put together correctly. New architectural direction incorporates wireless band controllers to support APs. The controllers do authentication, aid in QOS, and collect statistics. Today, that information allows for a more scalable implementation.

Roll Out Once the design of the WLAN is established, it is important to develop a plan for deployment. Deployments sometimes consist of pilot. One way to make a WLAN more secure is to limit its reach. At the design stage, the WLANs engineers should be clear about how far and wide wireless access is really needed, so they can select APs that will shape the signals range and direction. Its also a good idea to isolate the WLAN from the rest of the network with an internal firewall or Wireless DMZ. Several security technologies can provide added levels of protection for WLANs: Service Set Identifier (SSID) identifies the WLAN. Clients must be configured with the correct SSID to access their WLAN. The SSID should not be broadcast and the key should be shared only with those having legitimate need to access the network. Finally, the SSID should be changed periodically. Media Access Control (MAC) is access based on a filtering system of MAC addresses configured for a specific LAN switched port. It restricts WLAN access to computers that are on a list created for each AP on the WLAN network. It also restricts the connection of APs and the LAN switch port. Wired Equivalent Privacy (WEP) is an encryption method that protects WLAN data streams between clients and APs as specified by the 802.11 standard. There have been flaws identified in this security mechanism and its effectiveness is uncertain. IEEE 802.1X is a security standard featuring a port-based authentication framework and dynamic distribution of session keys for WEP encryption. A radius server is required. IEEE 802.11i is an upcoming security method being developed by the IEEE that features 802.1X authentication and includes Advanced Encryption Standard (AES) for added protection. Another enhancement, Temporal Key Integrity Protocol (TKIP), allows encryption keys to be changed frequently. Wi-Fi Protected Access (WPA) is a method that addresses the encryption issues of WEP by utilizing Temporal Key Integrity Protocol, which wraps around WEP and changes the encryption key frequently. WPA also includes the authentication benefits of 802.1X. Extensible Authentication Protocol (EAP) is a point-to-point protocol that supports multiple authentication methods. The support of EAP types depends upon vendor implementation. EAP provides the framework for the client, the authenticator (the wireless access device or access point) and the authentication server to authenticate each other and communicate the encryption keys. Providing security features to a WLAN involves coordinating multiple elements. WPA protocol is normally recommended over WEP protocol. Strong encryption should be used and the default administrative password should be frequently changed. A strong password should be used, containing at least eight characters, with a combination of letters and numbers. The Service Set Identifier (SSID) should not be broadcast because it forces users to know the name of the network in order to connect. Rogue users wont see the WLAN as an available network.

Regular network audits should be performed to identify and disable or reconfigure rogue APs. Rogue APs are those installed without the IT departments knowledge. These APs are not configured with any security settings and may leave an open door for unauthorized access to the network. Some rogue APs may not be connected to the network. However, due to their presence, users may attempt to use the AP by providing valid user authentication information (such as user ID and password), which can be retrieved via other methods such as unauthorized hacking and exploitation. From a physical standpoint, in areas requiring limited access, access points should be placed adjacent to or straddling the high-security area. Businesses may want to consider making the use of virtual private networks (VPNs) part of their security policy. In doing this, users would need to use a VPN to enter the corporate network through a wireless access point

Equipment With the right up-front planning, the actual implementation of a WLAN is largely a plug-and-play activity. WLANs are engineered with a few types of components. A typical network infrastructure is composed of the following equipment: Hardware WLANs consist of two main building blocks, including an AP that connects to the network and a wireless adapter installed in the computing device. Access point (AP) An AP is a small box, usually with one or two antennas. This radio-based receiver/transmitter is connected to the wired LAN (or broadband connection) using Ethernet cables. Antennas and bridges Antennas enhance radio frequency coverage, extending the range of an 802.11 WLAN (See the Age of the Wireless LAN for more information). Bridges provide a point-topoint wireless connection between two LANs. Wireless adapter A wireless adapter functions like a network interface card (NIC) in that it allows the client computing device access to the network by means of the wireless AP. Clients Clients are items such as workstations, laptops, phones, printers or other WNIC-enabled devices. Most devices on a WLAN are referred to as stations and are equipped with Wireless Network Interface Cards (WNICs). A service set is a collection of stations that can communicate with each other. Service sets are connected at some point to a Distribution System, which is usually a wired LAN. Depending upon security requirements and policies of the user, an authentication server may be needed to validate the user and the AP. A management server may be needed to help monitor and maintain the WLAN. Advanced network management may require a gateway server that provides Quality of Service for different groups of users and applications. It is important to check for interoperability between the network infrastructure and client-side WLAN components. It is also important to verify that the clients are on the correct frequency by selecting appropriate channels on the APs.

APs should be placed in strategic areas to provide adequate coverage. Many IT managers avoid outside facing walls to help minimize security threats from people in parking lots. Overlapping of coverage is important for maintaining a continuous connection around a building. APs should be set to different channels to avoid cross talk, or colliding with signals that degrade performance while the data packets are sorted and put together correctly. New architectural direction incorporates wireless band controllers to support APs. The controllers do authentication, aid in QOS, and collect statistics.

Roll Out Once the design of the WLAN is established, it is important to develop a plan for deployment. Deployments sometimes consist of pilot, that information allows for a more scalable implementation. programs providing wireless connectivity to a small segment of a larger environment. Other times, a wireless network solution must be implemented across the entire organization. Many businesses take a Build-and-Test approach, bringing up one segment of the WLAN at a time, then testing and approving it before moving on to the next segment. Each segment test also checks the deployed security features. Summary WLANs help increase productivity and team collaboration and help facilitate more efficient decision making. Compared to a wired network, WLANs can provide a more flexible technical infrastructure, at a reduced cost. Since they can be installed or relocated quickly, WLANs offer natural business continuity advantages. A successful WLAN implementation is a matter of striking the right balance between functionality, performance and security objectives. With careful planning and the right advice from experienced professionals, businesses can expect to benefit from what the wireless technology has to offer.

Please write this article in your words