Wireless networks are gaining in popularity every year, but many administrators find it difficult to build such networks. Indeed, Wi-Fi technology has its own characteristics that should be considered at the planning stage. Today we will try to give a brief educational program necessary for the successful planning and deployment of a wireless network.
Let's first of all figure out what Wi-Fi is, what advantages and disadvantages it has this technology... Actually the term Wi-Fi originated as a play on words and has no decryption, in this moment it is used to refer to wireless networks according to the IEEE 802.11 standard, more precisely a group of standards. The most common standard is 802.11g, which provides speeds up to 54 Mb / s and 802.11n, which theoretically allows operation at speeds up to 600 Mb / s, the most common n devices support speeds up to 150 Mb / s.
In Russia, 13 channels in the 2.4 GHz band are allocated for the operation of Wi-Fi devices, without registration, you can operate networks only inside premises and industrial areas, and from July 15, 2010, the use of the 5 GHz band is allowed, but the transition to it is difficult due to the need to ensure compatibility with equipment that does not support operation in this frequency range (and this is almost all equipment imported at least until July 2010). Therefore, in the future we will consider the operation in the 2.4 GHz band.
Now we have come to a very important point, the understanding of which is necessary for competent planning and deployment of networks. For data transmission, Wi-Fi uses a certain frequency channel, the channel grid step is 5 MHz, and the channel width is 20 MHz. This means that devices operating on adjacent channels will interfere with each other. For a better understanding of the situation, below is given schematic representation channel allocation in the 2.4 GHz range.
As you can see, there are only three independent channels in the range that can work without mutual interference, for example, 1, 6 and 11. In the 5 GHz range, things are better, you can use 22 independent channels, however, as we already said, the deployment of networks in this range is hampered by compatibility issues. The 802.11n standard allows the use of wide channels (40 MHz wide), which use the band of two adjacent non-overlapping channels, for example 1 + 5 or 5 + 9, so only two conditionally independent channels can be organized.
Why do we pay so much attention to this? Because these factors directly affect the speed of the wireless channel. It should be remembered that the channel bandwidth is used for data transmission in both directions, including overhead information, and the speed also strongly depends on the distance between points and the presence of interference. The maximum achievable speed in practice usually does not exceed half the available channel speed, for 802.11g this value rarely exceeds 20-22 Mb / s. The available channel bandwidth is divided between the devices using it, which should also be taken into account when planning the network and calculating its bandwidth.
All this seriously complicates the construction of efficient Wi-Fi networks, especially in the presence of neighboring networks, so it is worth using wireless networks mainly for Internet access, e-mail, terminal services, etc. services that do not require high network bandwidth. We strongly do not recommend using wireless connection for network nodes demanding to the channel speed.
Before starting planning, it will not hurt to reconnoiter the situation on the air. For these purposes, you can use the free inSSIDer program, below is the situation in the 2.4 GHz band in an ordinary multi-storey residential building.
The program allows you to see that a large number of 802.11n devices are operating in the neighborhood using a wide channel. At the same time, real interference to our network can be created by an 802.11g transmitter operating on channel 11. With this information, you can select the least congested parts of the range to use in your network. However, not everything is so rosy, most of the equipment out of the box is configured for automatic channel selection, so after a while the situation may change.
To build a wireless network, we need at least one access point. If you are deploying an enterprise-wide network or plan to further expand the coverage area, then we recommend using access points, abandoning wireless routers and other combined devices. The fact is that the standard does not describe the interaction between access points and different manufacturers use different technologies, which makes them incompatible with equipment from other manufacturers or even their own equipment of other types. Therefore, we advise you to use equipment from one manufacturer and preferably one model, otherwise it is necessary to additionally clarify the possibility of joint work in the mode of interest.
The first and only access point must operate in the same-named mode (Acceess Point), in this case the device serves client connections, but does not establish connections with other access points. Distinctive feature any wireless network is its SSID, which is unique for each network, within the same network, all devices must have the same identifier, at the same time, several SSIDs allow you to subdivide the network into subnets, for example, with different security levels.
At home or in a small office, one access point is usually enough and most of the problems we have listed are unlikely to be relevant, another thing is a network with a relatively large coverage area when the power of one device is not enough. There are two ways to go here: use a higher gain antenna or deploy infrastructure using multiple access points. The first way, for all its simplicity, is fraught with a number of dangers, your network may be accessible outside the building (territory) and may interfere with neighboring networks, in this case problems with regulatory authorities cannot be avoided. It is also not always acceptable from a security point of view.
What to do when one access point is not enough? Put the second one. Below we will consider in what ways this can be done, their advantages and disadvantages.
If you need a network with high bandwidth and there is a wired network at the locations of the access points, then additional points should also be turned on in the "Access Point" mode, in this mode each access point provides full channel speed in its coverage area, without sharing it with other points.
Both points must have the same SSID and the same encryption parameters, but must work on different channels, preferably independent ones. The relative position of the points should be chosen so that the coverage areas intersect without significant signal attenuation. Client devices make a decision to connect to a particular access point automatically, based on the signal strength. In this way mobile users can move freely throughout the entire coverage area without breaking the connection. If it is necessary to use more than 3 points, then it is necessary to alternate independent channels so that their coverage areas do not overlap.
This scheme is optimal when you need to deploy a wireless network over a wired one, for example, a guest Internet for company clients or in a cafe. However, its implementation is associated with the greatest difficulties, since it is required to use several independent channels, which may not always be possible.
There are situations when it is necessary to expand the coverage area to an area that does not have wired communications, which makes it impossible to use the first scheme, in which case an additional access point can be configured as a Repeater that will relay the signal of the main access point.
Both points must have the same SSID, the same encryption parameters and work on the same channel; in the repeater settings, you must specify the MAC address of the access point or other repeater whose signal you want to relay. In this case, the repeater must be in the zone of reliable reception of another device, which somewhat reduces the total coverage area. It should also be remembered that the channel is divided among all devices in the common coverage area. When using repeaters, the speed of each next link drops, since the channel is divided into the transmission of the same information between network sections (repeater device and repeater access point). Those. if a client device working through a repeater uses a 1 Mb / s channel, the total channel load will be 2 Mb / s, when using two repeaters, 3 Mb / s, etc.
There is one more access point mode - wireless bridge, it can be of the Point-to-point or Point-to-Multipoint types, in this case the access points establish a connection with each other. In Point-to-point mode, only two access points can be connected; in Point-to-Multipoint mode, one point can connect to several. This mode is usually used to connect two sections of the network, when it is impossible or impractical to lay a cable between them, and there are no special requirements for bandwidth. For example, to connect thin clients in a separate warehouse on the territory of the company. In this case, it is advisable to use directional antennas to reduce the coverage area and not interfere with other networks.
Each point must have the same SSID, channel and encryption parameters, in the settings you will need to specify the MAC address of the point from which you want to establish a connection. In this mode, access points do not serve wireless clients. The use of a wireless bridge has its own peculiarities, since the points receive and transmit packets only to each other, it is impossible to detect a working bridge by the client device, inSSIDer will also show a clear range. At the same time, networks using adjacent channels can experience strong interference in the coverage area of \u200b\u200bthe bridge. Therefore, use this scheme only inside your premises or territories, avoiding the intersection of other areas where other wireless networks can be deployed, also always try to use directional antennas with the minimum necessary gain.
And finally, the most delicious, WDS mode, it combines the access point and bridge modes, in this mode the points can establish connections with each other and simultaneously serve clients. This mode allows you to create a wide variety of configurations of wireless networks absolutely transparent for client devices, the point can work both in bridge mode and in bridge + access point mode, which allows, unlike a chain of repeaters, to provide wireless coverage only where you need it. For example, you need to forward the guest Internet to another building, but you do not want it to be available in the parking lot, where you will have to locate an intermediate point.
In this case, you should also use one channel, SSID and encryption settings for all points, and remember that with each link, the speed of operation will drop due to the transmission of repeated data in the common band. It is also worth avoiding point ring circuits if they do not support the Spanning Tree Protocol, as the network speed will drop sharply due to the broadcast storm. When configuring points, you should specify the mode and MAC addresses of the points with which you want to establish a connection.
In conclusion, I would like to give general recommendations: when designing and deploying networks, remember that the frequency range allocated for Wi-Fi is very small, so try not to use antennas with a gain more than necessary, and also take measures to prevent interference with neighboring networks. Remember violation of the rules for the operation of wireless networks entails administrative liability under Articles 13.3 and 13.4 of the Administrative Code, which provide for a fine with possible confiscation of equipment.
Tags:
The heart of any wireless LAN is the access point, through which end devices radio communicate with the corporate network. It determines not only the range and speed of data transmission, but also solves elementary problems of control and security. However, more and more often in large networks with a large number of access points, the above functions are transferred to central network devices. Therefore, the role of the access point is highly dependent on its environment.
Wireless communication networks between computers existed in the 70s, but it was not until 1999, with the approval of the 802.11a / b technical standard, that the IEEE laid the foundation for the development of this technology, which was the impetus for the boom. According to IDC, by the end of 2004 the number of wireless users worldwide should reach 25 million. Analysts at Frost & Sullivan estimate that in 2006 the annual turnover from the sale of equipment for wireless networks in Europe will exceed $ 1 billion. In Germany in 2003 the market volume grew by 74% and reached 199 million euros. In 2004, an increase of 24% is expected, which will increase the market size to 247 million euros. Wireless networks are gaining in importance as public Internet access points (hotspots). Thus, according to a recently published study by the Gartner Group, the number of hotspots (almost all comply with the 802.11b standard) in Europe increased from 829 in 2002 to 15308 in 2003. In 2005, according to experts, their number should reach 39 thousand. The leader in this direction will be Scandinavia, followed by Germany and the UK, and analysts say that by 2006 Germany will take first place in Europe.
The number of manufacturers will also grow explosively. Whereas 3Com, Avaya (Lucent), Cisco, Enterasys and Proxim shared most of the market a few years ago, today the global market for wireless networking equipment numbers several hundred players fighting for their piece of the pie. As before, it is dominated by US companies, but a significant increase in suppliers is also noted in the Asian "wireless paradise". Several German manufacturers such as Artem were able to establish themselves in the market.
MAIN QUESTIONS
Before choosing a specific product for a wireless network (see the main selection criteria in the sidebar "Overview of the most important selection criteria"), first of all, it is necessary to clarify several points, namely: where the equipment will be installed - in a small office, in which it is quite possible to do with one access point; in an enterprise with a moderate number of access points, or in a large enterprise environment with 50, 100, or even 1000 access points? Small offices are typical fat AP applications, as an all-in-one they often have additional features such as ISDN, DSL or cable router, firewall, print server, etc. - and are used for wireless access to the Internet. IN large companies it is more rational to use "thin" access points, since such important functionsmanagement and security are handled by central components, while various additional functions — Internet access and print services — are handled by other means. Another major application is wireless communications between buildings and branches, where access points function as bridges or repeaters.
Another question that needs to be answered is the data transfer rate. There are two (standardized) speeds to choose from: 11 and 54 Mbps, with some manufacturers having developed their own methods to double or even further increase the transfer speed. In some cases, full compatibility with the corresponding base standard is promised. Examples include devices from D-Link (see Figure 1) and Proxim with a transmission rate of 22 and 108 Mbit / s, respectively. When planning, it is necessary to take into account that the real data transfer rate in a wireless network is from 45 to 60% of the nominal, and with an increase in the distance and the presence of obstacles and interference between points, its values \u200b\u200bautomatically, stepwise decrease to a level at which a stable connection can still be ensured ... This automatic deceleration function (in different steps) is integrated with every access point. Small offices where users want to share a 784Kbps or 1.5Mbps DSL connection are generally best served by an 11Mbps wireless network (802.11b). If you are planning more complex wireless infrastructures with high bandwidth requirements or latency-sensitive applications, then consider a 54 Mbps network.
Choosing the maximum baud rate usually involves answering the third question: What frequency range are you planning to use? The choice is possible between two ranges for scientific, medical and industrial purposes. The first is around 2.4 GHz, the second is 5 GHz. For both bands, there are standardized data transfer methods up to 54 Mbps. Broadband applications are served equally well in both. If time-sensitive applications such as speech are to be transmitted over the network, the 5 GHz band is the best choice. The reason is that the 2.4 GHz band is already "overpopulated", and not just wireless LANs. This frequency band uses Bluetooth, a data transfer method built into almost all new cell phones, PDAs and laptops. Devices such as microwave ovens emit fairly strong signals in the same range. All of this generates interference, which is particularly detrimental to real-time applications.
However, the equipment operating in the 5 GHz band has its drawbacks: firstly, because of its complexity, it is more expensive than equipment for 2.4 GHz (by about 30-50%), and, secondly, for physical reasons, the radius its effect is noticeably less. If the transmission range for an access point operating in the 2.4 GHz band reaches 150 m in ideal conditions ("in the open field"), then waves with 5 GHz frequencies propagate only 40-50 m. For Europeans, the wireless technology developed in the USA networks for the 5 GHz band (802.11a) have so far seemed overly aggressive. They needed a function for Dynamic Frequency Selection (DFS) in case a channel was already occupied, as well as a function for automatic adjustment transmission power (Transmission Power Control, TPC) depending on the conditions in order to control the transmission level, so that there is no interference with other radio networks. Both mechanisms are integrated into Hiperlan II, a European competitor to the 802.11a standard, which has lost its significance today. The new 5GHz 802.11h standard brings these features to life and removes the draconian restrictions previously imposed on 802.11a users in Europe by regulators. The rapid adoption of the new standard was largely due to the fact that the American military liked this approach.
If the use of broadband and time-sensitive applications is not planned, then in this case it is worth preferring the version standardized in the middle of last year with a speed of 54 Mbps based on 2.4 GHz technology (802.11g). Not only is it noticeably cheaper than 5GHz systems, it is also compatible with the widespread 11Mbps wireless networks. Longer range, however, is not necessarily a real advantage. If an enterprise, for example, is going to create many small wireless cells that should not interfere with each other, then it is better to turn to 54 Mbps technology with a short range. The number of users per unit area in the case of 5 GHz is also noticeably higher, since each access point provides up to 19 non-overlapping channels (in the case of 2.4 GHz, only three non-overlapping channels). For those who do not want to be limited to a certain range, access points are offered with support for multiple bands and standards, such as 802.11a, b and g. For European users, the ideal combination would be support for 802.11b, g and h.
WIRELESS TELEPHONY
Wireless networks have recently been used to support latency-sensitive applications because radio is a shared medium and traditional WLAN access point technologies aim to evenly share bandwidth regardless of the type of service. Although the industry and standards committees have been working on mechanisms for bandwidth reservation and traffic prioritization for several years now, approval of the already announced 802.11e standard has been continually delayed. So far, the next date for the likely publication of the standard is called the end of 2004. However, users will not have to wait so long for a solution to organize Wi-Fi. By the end of 2003, an intermediate real-time communication standard for wireless networks Wi-Fi Multimedia Extensions (WME) should appear. The core of the WME specification will be a further development of the Distributed Coordination Function (DCF) protocol, which in wireless networks is responsible for evenly sharing bandwidth. If such a separation is undesirable, as in the transmission of speech, which needs to be given priority, then until now there was only one possibility for this - switching to Point Coordination Function (PCF) mode. However, both modes could only be used alternatively. Conversely, the enhanced DCF (Enhanced DCF, EDCF) function must support both uniform and weighted separation, depending on the application. Therefore, buyers should pay attention to WME certification and make sure that the access point can be upgraded to 802.11e once it is approved.
SAFETY AND AGAIN SAFETY
The situation with the protection of wireless networks is the same as with the quality of service (Quality of Service, QoS). This is a critical issue, as poorly configured access points compromise the security of the entire corporate network. Early 802.11b networks offered little to no authentication and only a very weak 64-bit encryption mechanism (WEP). New access points offer MAC-based Access Control Lists (ACLs) as an important measure. A slightly more powerful mechanism wEP encryption 128 is not standard and, moreover, is quite easy to crack.
As with quality of service, the IEEE has been continually postponing the publication of a comprehensive standard (802.11i). The latest forecast mentions mid-2004. The Wi-Fi Alliance did not ignore the situation and at the end of 2002 released an interim Wi-Fi Protected Access (WPA) standard. Among other things, it includes two significant components that should be present in the future 802.11i standard: 802.1x authentication (along with a RADIUS server) and the relatively powerful TKIP encryption technology. 802.1x was offered by some manufacturers even before WPA was approved - but only in their own implementation. Therefore, when choosing, you should pay attention to WPA certification.
Enterprises with high privacy requirements place all WLAN traffic, as well as Internet traffic, in Virtual Private Network (VPN) tunnels. This is still the most reliable method for protecting traffic from espionage, however, on the other hand, such a solution turns out to be very complicated and expensive. VPN software suffers from interoperability issues; In many cases vPN server only compatible with one VPN client. In addition, it is often not available for all wireless clients, especially portable devices. However, if VPN technology is used in wireless networks, then the access point must support IPSec VPN pass-through.
HARDWARE
In enterprises, access points are placed in rooms and corridors at the very top of the wall or on the ceiling, which is quite reasonable, so they should be fairly easy to mount. It is important that the power supply does not need to be supplied separately. Many access points today support power through a cable through which they are connected to a computer network. In small offices, they are often placed on shelves, cabinets or tables. In this case, it is likely that sleek design is more important than being able to mount to a ceiling or provide power over an Ethernet cable.
However, you should always remember about the quality and quantity of antennas. Good access points are equipped with two antennas, and the antenna with the best reception is working at each time. Switching antennas already at a distance of several meters gives an increase in quality and, accordingly, transmission speed compared to "one-armed" access points. Commonly used omnidirectional antennas are fixed to the housing. The radio performance of an access point is largely determined by which antennas are used. So, the same access point with different antennas can be used to solve different tasks... If, for example, the access point is used as a radio bridge between buildings that are 2 km or more away (up to 25 km), then it is preferable to install a directional antenna. Especially for such a case, the access point must support bridge mode and have two radio modules (many points have a free slot, into which a second radio module is installed, if desired). In large halls or long corridors, antennas that are not supplied as standard are often most effective. In any case, the ability to connect external antennas benefits from flexibility.
CONTROL
Management of individual access points in most cases is quick and easy: the serial interface or USB allows them to be directly connected to the control console, support for HTTP and telnet provide convenient administration via the Internet and browser interface; protection remote control carried out using the SSL and SSH protocols. Often, access points come with supporting software tools for measuring radiation power or data rate. The DHCP server performs automatic distribution of IP addresses to all clients, which is especially important for solutions with a single access point. If the access point is connected to a computer network, then correct interaction with the DHCP server available in it is necessary. For it, the access point must be a client and obtain its IP address from the server, and its own clients must access it through the Domain Name Server (DNS) relay function.
If the number of access points exceeds a certain threshold, then both well-established management concepts show serious flaws. This is especially true for security management. The reason is that access points see themselves as the “center of the world” and fundamentally require one-on-one administration. In small installations, this approach, in general, justifies itself, but large enterprises need a higher authority for easy and convenient management of access points from the center. Classic access points are not designed for this, even if the implementation of SNMP-based management allows it to be included in the enterprise management system. While SNMP support is a key consideration when choosing an access point, it is not sufficient for effective administration. For example, defining security rules and applying them to all access points after a few keystrokes — an example of a simple and common task — is impossible. For this reason, manufacturers Bluesocket and Reefedge have developed solutions that can manage all enterprise APs from a single server. WLAN switches such as Nortel, Symbol, and Trapeze (see Figure 2) serve a similar purpose: they take control and security functions away from the access point and outsource the entirety to a higher authority — in this case, a switch. However, the switch and the access points in these solutions form a rigid bundle, and it is very difficult to integrate a "foreign" access point into it. A significant advantage of server-based solutions lies in complete independence from access point manufacturers and even from certain wireless standards... A big advantage of switch-based solutions are inexpensive access points, as well as various additional functions, for example, for planning complex wireless infrastructure.
Stefan Muchler is the Chief Executive Officer of LANline. You can contact him at: [email protected].
? AWi Verlag
Overview of the most important selection criteria
Hardware
- Standard Compliance (Special Features / High Speed \u200b\u200bOnly Available in Single Manufacturer Environment)
- Powerful processor / cryptographic processor
- Simple wall / ceiling mounting
- Power over Ethernet
- Two antennas (switchable)
- Possibility to connect external antennas
- Upgradeable to new safety / quality of service standards
Security features
- WEP encryption / dynamic WEP (WEP Plus)
- WPA security (802.1x / RADIUS authentication and TKIP / AES encryption)
- Network Address Translation (NAT)
- MAC-based Access Control Lists
- VPN IPSec Pass-Through
- Firewall with contextual packet inspection (if the access point is used as an access router)
Control
- Web interface (HTTP server)
- SNMP support
- DHCP Server / DNS Relay
- Planning and configuration tools
Additional functions (access point as an access router)
- Integrated ISDN / DSL / Cable Router
- Integrated switch
- Integrated print server
Other
- Wi-Fi Certification
- Bridge mode
- Quality of Service (WME) support
Wi-Fi is a Wi-Fi Alliance trademark for wireless networks based on the IEEE 802.11 standard. A whole family of standards for transmitting digital data streams over radio channels is currently developing under the abbreviation Wi-Fi.
Typically, a Wi-Fi network scheme contains at least one access point and at least one client. It is also possible to connect two clients in point-to-point (Ad-hoc) mode, when the access point is not used, and the clients are connected through network adapters "directly".
The Wi-Fi standard does not cover all aspects of wireless LAN construction. Therefore, each equipment manufacturer solves this problem in its own way, using those approaches that he considers the best from one point of view or another.
By the way of combining access points into a single system, one can distinguish:
Autonomous access points (also called standalone, decentralized, smart)
Controller-controlled access points (also called "lightweight", centralized)
Controllerless, but not autonomous (controlled without a controller)
By the way of organizing and managing radio channels, wireless local networks can be distinguished:
With static radio channel settings
With dynamic (adaptive) radio channel settings
With "layered" or multilayer structure of radio channels
Benefits of Wi-Fi:
Wireless Internet allows you to deploy your network without cabling. Locations where cable cannot be installed, such as outdoors and in buildings of historical value, can be served by wireless networks.
Allows mobile devices to have access to the network as it is compatible with equipment due to mandatory certification with the Wi-Fi logo.
Mobility since there is no attachment to one place and you can use the Internet in any environment.
Within the Wi-Fi zone, several users can access the Internet from computers, laptops, phones, etc.
The radiation from Wi-Fi devices at the time of data transfer is an order of magnitude (10 times) less than that of a cell phone.
Disadvantages of Wi-Fi:
Many devices, such as Bluetooth devices, etc., and even microwave ovens operate in the 2.4 GHz band, which degrades electromagnetic compatibility.
Wi-Fi has a high overhead. It turns out that the speed of data transfer in a Wi-Fi network is always lower than the declared speed. The actual speed depends on the share of service traffic, which depends on the presence of physical barriers between devices (furniture, walls), the presence of interference from other wireless devices or electronic equipment, the location of devices relative to each other, etc.
The frequency range and operating limits vary from country to country. For example, in Russia, wireless access points, as well as Wi-Fi adapters with an EIRP exceeding 100 mW (20 dBm), are subject to mandatory registration.
The WEP encryption standard can be cracked even if configured correctly (due to the weak algorithm strength). The new devices support the more advanced WPA and WPA2 data encryption protocols. The adoption of the IEEE 802.11i (WPA2) standard in June 2004 made it possible to implement a more secure communication scheme that is available in new equipment.
In point-to-point (Ad-hoc) mode, the standard prescribes to implement a speed of 11 Mbps (802.11b). WPA (2) encryption is not available, only easy-to-break WEP.
For industrial use, Wi-Fi technologies are still offered by a limited number of suppliers.
The use of Wi-Fi devices in enterprises is due to their high noise immunity, which makes them applicable in enterprises with many metal structures. At present, the technology is widely used in remote or hazardous production, where the presence of operational personnel is associated with increased danger or even difficult. For example, for telemetry tasks at oil and gas production enterprises, as well as for monitoring the movement of personnel and vehicles in mines and mines, to determine the presence of personnel in emergency situations.
Today it is rather difficult to find an enterprise or organization where a local area network (LAN) exists without the use of wireless access technologies. The Wi-Fi access type has a whole list of positive aspects:
- economical, since there is no need for installation special cables to all equipment that must be connected to the Internet:
- efficiency of deployment;
- equipment mobility;
- comfort during operation.
However, no matter how many advantages Wi-Fi has over wired networks, the organization and construction of a Wi-Fi network is associated with some difficulties, namely:
- limited bandwidth;
- roaming;
- industrial interference;
- providing secure access;
- vulnerability to hacking and theft of important information.
Wi-Fi in hotels and restaurants
Today, the requirements for the proposed service in hotels are constantly growing, and the presence of a Wi-Fi point, as well as high-quality Internet access, is a prerequisite for an institution providing temporary stay services. Customers initially choose hotels or restaurants where Wi-Fi works well rather than just “eating”. Many hotels and hotels receive additional income from the rental of conference rooms, where there is a place for the installation of Wi-Fi equipment. Since June 2015, establishments providing public access to the Internet have to provide mandatory SMS authorization of users, which imposes additional requirements on Wi-Fi equipment.
Wi-Fi in warehouses
These days, it is difficult to imagine the work of warehouse logistics without the use of wireless barcode scanners. In the past, the workflow "from reception to inventory" took a long time. The introduction of barcodes greatly simplifies the accounting and processing of orders. And here, too, you cannot do without Wi-Fi, but here there is a peculiarity of deploying a Wi-Fi network - it is a large area, "seamless roaming", excluding dead zones and fault tolerance. After all, interruptions in the operation of a wireless network at a given facility can lead to significant losses.
As a result of the use of modern technology, overall productivity is significantly increased due to faster and more accurate order fulfillment.
Building Wi-Fi in a warehouse
To create a Wi-Fi network over a large area and far from a non-standard object, you need to adhere to some requirements, the first of which is the correct choice of the type of equipment. In our country, equipment is tightly entrenched in the warehouse logistics market due to:
- high MTBF;
- the possibility of controller redundancy ("Master" - "Backup") - the possibility of the entire network going down at the same time is excluded;
- technical support and timely software updates from the manufacturer.
For continuous coverage, warehouses typically use equipment with external Omni antennas. The transmitter power is increased above the standard (100 mW). On open areas and ramps, equipment is installed in sealed IP68 enclosures with electric heating.
Now we will learn how to build Wi-Fi networks at sports facilities.
Installing Wi-Fi in stadiums or squares
Typically, traditional Wi-Fi design approaches don't work here. To ensure a stable signal, it is necessary to divide the tribune area into sectors. Using antennas with a narrow radiation pattern, we "cut the cake into small pieces." Thus, they achieve a reduction in interference (the mutual influence of Wi-Fi points broadcasting on adjacent channels) and limiting the number of users within a sector (so as not to overload the point). Particular attention to such events is removed network security and radio control and identification of "radio pests". Significant success in this area has been achieved by a company whose equipment is installed at stadiums and train stations in the capital. Thanks to the use of the virtual BlueSocket controller, these networks are managed from one computer. It provides information on each access point of type " thin client”, Making the Wi-Fi signal strong and distant. In addition, with the help of such a controller, you can see the entire coverage map, see where the signal disappears a little and where there is a problem with it, so that there is a high-quality Wi-Fi network setup.
Installing a Wi-Fi signal in business centers or large office buildings
In order to provide maximum coverage with a wireless Wi-Fi network in large offices, special organization devices are often used - access points of the type that are simply attached to the ceiling (for example -). The limited cone pattern and seamless roaming using 802.11R and 802.11K protocols, coupled with secure 802.1X authorization using WPA2-Enterprise technology, make it available anywhere in your office, so there are no problems with connection.
Equipment location
The location of the equipment for scanning the Wi-Fi signal also depends on the object. As mentioned earlier, if you need to install a signal in the office, an excellent option would be to install such equipment on ceilings. Partitions, which are often found in offices, can interfere with the propagation of a signal from a standard Wi-Fi router, and its power may not be enough.
Installation of equipment in objects with a large area, whether it is a stadium or an area on the street, poles would be an ideal installation option. You can install access points with antennas on them, and the controller itself can be installed in the server room or at the site of the hosting provider.
Factors affecting signal quality
In truth, this point should be given special attention. Many people do not hesitate to sculpt Wi-Fi access points anywhere, and then complain about equipment manufacturers, simply not realizing that radio interference can become an obstacle to a high-quality signal. They can be due to interference, microwave ovens, other radio signals, and so on. Before you want to install the equipment for operations at important objects, be sure to carry out a special one that will show if there are conflicts that interfere with high-quality signal transmission. During the course, the engineer will determine the optimal installation locations for the equipment, the type of antennas used and the optimal radio channels with less interference. Particular attention should be paid to this for those who want to install such equipment in business centers where there are already many private Wi-Fi networks, as well as in industrial facilities, because a large amount of industrial interference can also worsen the signal-to-noise ratio, making its data transmission less high quality.
Typical mistakes when installing a Wi-Fi hotspot
Since there are a lot of mistakes in deploying a Wi-Fi network, it will not be possible to list everything. Therefore, choosing the most "popular", we will describe them.
- Placement of wireless network equipment, as well as intermediate access points on short distance from metal structures that negatively affect the Wi-Fi signal strength.
- Using points with built-in antennas. This problem has consequences in the form of a small signal transmission radius. And again, the unfortunate creators of this equipment are to blame for everything. It should be noted that it will be cheaper to install Wi-Fi points with standard antennas, however, the transmission quality will be seriously lame.
- Network insecurity. In modern Wi-Fi networks, as a rule, WPA2-Enterprise encryption is used to ensure security with authorization on the RADIUS server using the IEEE 802.1X protocol. This type encryption ensures the security of the wireless network much better, but its presence alone will not save you from DoS attacks and man-in-the-middle password theft. To detect unwanted activity, it is recommended to use Wi-Fi points with a built-in sensor or separate Fluke Air Magnet sensors. Special software collects statistics and informs the administrator if unauthorized actions are detected in the controlled Wi-Fi network.
Thus, we have identified the basic requirements that must be considered when organizing wireless communications. It is also important to pay special attention to the choice of equipment, since the quality of the transmission of information streams will have Wi-Fi at the facility depending on its power and bandwidth.
Do you need help building a Wi-Fi network or selecting equipment? us, we will definitely help!
I need a consultation. Contact me.
Wi-Fi wireless network is a trademark of the Wi-Fi Alliance. Wireless Fidelity can be translated as accuracy wireless transmission data. The most common application of this technology is office wireless networks, through which employees connect to the Internet and internal company resources from portable devices (laptops, tablets, smartphones, etc.).
Our profile is the design, implementation and maintenance of Wi-Fi solutions of any complexity: from hotspots in hotels, restaurants, hostels to wireless multiservice networks with hundreds of access points and continuous coverage of large rooms, buildings and territories, with authentication of mobile subscribers according to the 802.11 standard X through directory services (e.g. Active Directory), monitoring systems and IDS / IPS.
The Wi-Fi wireless network standard (IEEE 802.11) defines both mandatory device functions and optional ones, the implementation of which is at the discretion of the manufacturer. The main feature of the corporate sector equipment is the application of these functions. In our projects, we offer the best option for solving the assigned tasks using equipment that has the functions necessary and sufficient for each specific situation.
.jpg)
Wi-Fi wireless network structure
We implement solutions for wireless networks Wi-Fi
In recent years, the wireless network market has been oversaturated with solutions from various vendors. Some market players conduct aggressive marketing policies, most often focusing on advertising campaigns and attracting customers, and last of all on the quality of the solutions offered. The task of choosing reliable and high-quality equipment is not easy: it is desirable to have extensive experience in implementation and experienced engineers, whose knowledge is confirmed by certificates. In our work, we rely on the experience of successful projects, and offer solutions that have proven to be reliable and stable. We prioritize the three largest vendors' portfolio of Wi-Fi solutions for multiservice networks:
- Cisco solutions for wireless Wi-Fi networks;
- Aruba Wireless Wi-Fi Solutions;
- HP Wireless Wi-Fi Solutions.
The Unique Benefits of Wireless Wi-Fi
Widespread distribution. Today, a Wi-Fi chip is found in any portable device (laptop, tablet, smartphone), which makes it possible to provide access to the network to any user without additional investment in wireless adapters.
Bring Your Own Device (English Bring Your Personal Device). BYOD is a security policy whereby employees of a company are allowed to bring their own portable devices (laptops, tablets, communicators) on workplace and use these devices to access privileged company data and services. The term is also used to describe the same practice in educational institutions where students use personal devices for educational purposes. With this approach, all corporate security policies are implemented, the local network remains protected from possible threats. It is more convenient for staff and students to work from their personal devices, and this practice has become a general trend. Our task is to design and configure a Wi-Fi network in accordance with the modern needs of the Customer.
High level of security. Wi-Fi uses sophisticated encryption methods that cannot be bypassed or "broken" with modern computing power. Access is provided both by password and by security certificate. Logging into a wireless Wi-Fi network is just as secure as connecting to a corporate switch port.
Scalability. Not every implementation requires further scalability (e.g. hotels, restaurants, cafes). But if you are faced with the task of building a scalable wireless network, then the main point is the choice of the manufacturer and the line of access points. Not all access points scale from a standalone access point to a cloud of lightweight access points managed by a Wi-Fi controller. In scalable wireless networks, the first step is to install and configure multiple access points. The development of the company and the increase in needs will not entail a complete replacement of equipment. It will only be necessary to update the software (firmware) on the existing access points and add wireless components. In some cases, it may be necessary to move the access points to a new location.
Seamless roaming (roaming of mobile subscribers "without a single break"). To implement voice (VoIP) or video communication, the corporate infrastructure uses fast roaming mechanisms (analogous to handover in cellular networks). The Wi-Fi wireless network controller transfers service to mobile subscribers as they move from one access point to another without delays or packet loss.
Automatic control and management of radio resources of the system. The WLAN controller performs dynamic redistribution of frequency channels and transmit power of access points according to specified algorithms. Due to this, the level of interference created by neighboring points is reduced. Mechanisms for redundancy of access points are implemented - if one of the devices fails, the neighboring points increase the power and "intercept" clients, the service does not suffer.
Protection of radio air from interference and malicious clients. Standard Wi-Fi wireless LAN equipment is not capable of detecting interference from non-IEEE 802.11 devices. The task of monitoring the radio broadcast falls on access points with an additional spectrum analysis function, or specialized radio sensors that complement the infrastructure of a wireless Wi-Fi network. In some cases, this role is assumed by access points that are switched to analysis mode and do not serve clients. After detecting interference, the system rebuilds the channel plan of the access points. Moreover, so that channels adjacent to interference are assigned to access points that are as distant as possible from their sources. In addition, the system allows you to record attempts to "jam" the network, and block malicious attempts to guess the access password. In all cases, events are logged and reports are generated indicating the localization of wireless threats on the floor plan, and recommendations for their elimination.
Determining the location of devices. Dedicated services running on the Wi-Fi controller allow you to locate emitters based on the signal strength received by multiple access points. These include both client gadgets and computers, and sources of interference (microwave ovens, cameras), malicious devices ("jammers", access points - twins). The system determines their location and displays them on the floor plan. There are several options for the implementation of such systems, their accuracy is about 3-5 meters. Position data can be used to collect statistics, as well as to prohibit the use of mobile devices in certain areas on the building plan, such as meeting rooms or bathrooms.
Stable high access speed. To ensure high speeds of access to the network, it is necessary to fulfill a number of factors, the main of which remains the competent design of the WLAN. The job of the surveyor or point placement engineer is to provide continuous coverage throughout the building. In this case, the system must be configured in such a way as not to accept connections from clients outside of a stable connection. In this case, the network will not be overloaded with re-sending packets, and all clients will be provided with a guaranteed connection speed, regardless of the load of each.
Increased user loyalty. In the service sector (hotels, hotels, hostels, restaurants, cafes, bars, business centers, shopping centers and malls, etc.) the provision of services free access to the Internet via Wi-Fi significantly affects the client's attitude to the service provider and increases the "stardom". For some potential customers, internet access is critical. In large shopping centers and malls, buyers receive additional information and product reviews online and are more likely to shop. In addition, on the basis of free access to a wireless Wi-Fi network, an interactive product catalog can be implemented on the web portal platform, as well as a shopping cart, contextual advertising, an interactive scheme of a shopping center, and other services.
Web authentication. Popular solution for hotels, airport terminals, shopping centers. Its essence is that a mobile subscriber connects to a Wi-Fi network without a password, opens an Internet browser and enters an arbitrary URL. The authorization system automatically redirects him to the authentication page, where he can enter his username and password. After successful input, the user gains access to the Internet. Web authentication systems are popular in corporate wireless Wi-Fi networks, where data from Active Directory are used as login and password.
Guest portal for hot spots. Often, in places with open access, before getting on the Internet, users go to the service provider's page (restaurant, store, mobile operator, etc.). From where, after viewing the mandatory advertising, the client is redirected to the Internet. This approach is similar to web authentication, but does not require a username / password pair. The portal is a web page on the basis of which any web services, statistics collection services, connection durations, etc. can be implemented. It should be noted that advertising covers the cost of Internet access for clients, which, among other things, may be limited in speed / time / volume, etc.
Quality of Service (QoS) mechanism: The Quality of Service (QoS) mechanism classifies traffic by type and importance, sending high priority data packets first. Without this mechanism, the simultaneous passage of large amounts of simple data and voice communication (VoIP - Voiceover Internet Protocol) or video conferencing over the network is impossible. In the absence of this technology, the connection "croaks", is interrupted, the image of the interlocutor is fragmented and covered with "squares".
Applications of wireless Wi-Fi networks
Small Business Wi-Fi Solutions... Small business solutions are simple, cost effective and fast to install. Wireless access in such solutions is provided to access the internal network and the Internet. Support for voice and video communications, as well as streaming data is significantly limited. Typically, the number of access points in these solutions does not exceed 4-5, with about 6-8 clients connected to each. Such configurations do not require the use of hardware controllers; all access points are configured separately. To manage the network, it is necessary to carry out identical manipulations with each point separately, which requires higher qualifications of IT personnel and reduces the functionality of the system as a whole.
Wi-Fi solutions for midsize businesses. In such installations, both software and hardware controllers of wireless Wi-Fi networks can be used. At the same time, the management of the entire network is centralized from one point, which allows you to quickly configure all access points. Their number varies from 10 to 50 pieces. Depending on the needs, support for the guest network and hotspots, roaming of client devices (transition of subscribers between access points without breaking the connection) with support for voice communication and video calls can be implemented. In solutions of this class, wireless IP-telephony can be implemented with subnetting for of this class devices and prioritizing voice calls over traffic through QoS mechanisms.
Corporate solutions. In installations of this level, hardware controllers of wireless Wi-Fi networks are always used. Solutions of this class assume the use of up to 3000 access points, and support the simultaneous operation of up to 30,000 client devices. When using specialized radio sensors and access points with the radio broadcast monitoring function, a system for determining the location of subscribers, sources of interference and intruders posing a threat to the security of the network can be implemented. At the same time, the system has the ability to self-repair: when interference occurs, the channel is dynamically selected, the least affected by the interference. Failover mechanisms are implemented. If an access point fails, its clients are intercepted by neighboring access points without losing the connection. Connection security is implemented in the most reliable way: through a RADIUS server with WPA2 encryption based on security certificates.
Warehouses and hangars. For warehouse complexes and premises, specialized access points are used, protected from external physical influences. For solutions of this class, it is extremely important to choose the location of access points and antennas, since there are a large number of metal structures in the environment. Strict adherence to installation rules is required for stable and uninterrupted operation of the systems. Warehouse solutions are focused on working with wearable terminals and barcode scanners, as well as RFID radio tags. To control the movement of equipment and goods, specialized readers and sensors are used, connected into a single system and representing a single solution. Our company has extensive experience in successful installations of this type of wireless Wi-Fi networks, which is a guarantee of the quality of work.
HORECA (hotels, restaurants, cafes). The specificity of Wi-Fi solutions for hotels, hotels, restaurants involves the use of a wireless network for Internet access, e-mail, VoIP telephony and video communication. Such schemes do not require the implementation of client roaming functions without breaking the connection, since the main traffic flow comes from fixed points. A software controller can be used to configure and monitor access points. To ensure the security of guests' data and to facilitate the configuration of client devices, WPA2 password-based encryption is used, since this excludes the possibility of wiretapping and interception confidential information... For the convenience of administering and selling Internet access services via Wi-Fi, you can provide a Personal Account for each mobile subscriber.
Educational institutions. In addition to commercial use, the trend of deploying Wi-Fi networks in educational institutions is gaining momentum. In schools and universities, wireless access from tablet PCs completely translates the entire educational process into an interactive environment, which can significantly improve the quality and level of education. To attend lectures, it is not necessary to be physically in the classroom, the issue of access to information carriers is being resolved: paper manuals, libraries, timetables. Interaction between teacher and student becomes available anywhere in the world.
Medical institutions. Using Wi-Fi in medicine it is instant access to the most relevant information from the Internet, any reference manuals, the ability to write prescriptions with one touch of the screen, storage and backup of all patient records on servers, etc.
Solutions for operators. The main problem when deploying a cellular network is the limited bandwidth of each cell. All the speed available to the base station is divided between the subscribers. To increase the speed, operators are trying to reduce the number of subscribers by reducing the coverage area of \u200b\u200beach cell. This entails unreasonably high costs for increasing the number of expensive base stations to cover the same area. In this case, use Wi-Fi. Cheap Wi-Fi hotspots provide Internet access exactly where you need it most. Voice calls of subscribers are carried out through the existing GSM and 3G networks. There is no need to deploy additional 3G base stations. In another scenario, Wi-Fi is deployed in conjunction with short-range cells (pico and femto cells) in locations with the highest subscriber density to reduce the load on cellular base stations. In addition, the vast majority of mobile devices are equipped with Wi-Fi, even entry-level tablets and eBooksin which there is no other wireless communication. All these devices can connect via Wi-Fi to the operator's networks, expanding the subscriber base and increasing the economic feasibility of deploying such networks. The same situation is observed in 4G networks (WiMAX / LTE). These technologies are often used as a backbone to deliver traffic to specific locations. This traffic is then distributed locally over the Wi-Fi network. This process is called offload. At the same time, the subscriber of the cellular network continues to receive voice calls and SMS through cellular networkand all internet traffic goes through Wi-Fi. At the same time, Internet telephony and video conferencing services such as Skype and Lync remain available. Billing for Wi-Fi at local points can be organized by anyone affordable way: via payment terminals, paid SMS with temporary passwords, etc.
Combining two locations with a radio bridge (point-to-point communication). Our company offers solutions for organizing point-to-point wireless communication channels, radio bridges. These technologies are indispensable for facilities where it is not possible to organize a communication channel via wired networks, or it is not economically feasible. For example, it is more profitable to organize communication between various buildings on the territory of one object through a radio channel - this is a reliable solution in cases when it is not rational to lay a cable underground or lay overhead lines to transmit a small amount of traffic. An example of such a solution is the connection of a checkpoint building located at a considerable distance from the main building. As a rule, equipment is used that is produced specifically for organizing point-to-point channels, which is not compatible with other equipment of the Wi-Fi standard. Specialized antennas with narrow radiation patterns are used, as well as access points designed for use in various weather conditions, with extended temperature range, sealed and resistant to aggressive media. Such solutions require high-quality installation in compliance with all the rules and in accordance with the requirements of the legislation in the field of communications. The possibility of installing such systems is limited by the conditions of line of sight and cleanliness of the area in which the radio signal propagates between the antennas.
This area, called the Fresnel zone, is an ellipse with vertices on the antennas. The fulfillment of these conditions requires preliminary radio reconnaissance and, as a rule, the installation of antennas on masts. Moreover, the further away the objects are, the lower the speed at which communication is possible. On average, acceptable results in terms of speed and connection quality can be expected from a connection over a distance of about 1-2 km.
Solutions for private houses and apartments. As a rule, when connecting an Internet channel to an apartment, the provider provides the opportunity to purchase a subscriber device with a built-in Wi-Fi access point. Its installation and configuration is carried out by the provider's personnel, therefore our company does not deal with Wi-Fi solutions in apartments. However, the issue of designing a Wi-Fi network in cottages and country houses requires special attention, and is a non-trivial task. In such solutions, not only the design and quality of wireless operation play an important role, but also the aesthetics of the placement of access points in residential premises. The increase in the coverage area in the house is achieved by installing additional access points. Since the main traffic in home networks is multimedia, the development of the system is based on the location of devices-consumers of content and its sources - NAS (Network Attached Storage) network storages, satellite TV converters, game consoles, laptops, printers with Wi-Fi, etc. P. At the same time, the policy of assigning frequency channels is determined according to the needs of the client, as a rule, the most high-speed configurations of the 802.11n standard are used: a 40 MHz channel and several spatial MIMO streams for devices with multiple antennas. The specialists of our company carry out a full range of works to ensure wireless country houses and cottages.
Wi-Fi technologies
.jpg)
Wi-Fi systems can operate in two frequency bands - 2.4 GHz and 5 GHz. In the first, there are only 3 non-overlapping channels: No. 1, 6 and 11. Non-overlapping means that they are not subject to harmful mutual influence. Overlapping results in slower speed, increased response, and packet retransmissions. There are 8 such channels in the 5 GHz range. Until recently, this range was closed for free use in Russia. Since 2011, the situation has changed. The use of 5 GHz devices is now more preferable due to the fewer interfering devices and more free channels. There are currently 4 Wi-Fi standards: a, b, g and n. Standard a only works in the 5 GHz band, b and g in 2.4 GHz. The latest n standard allows operation in both bands. The b standard is outdated, with a maximum speed of 11 Mbps. Versions a and g can support connections up to 54 Mbps. The n standard allows data transfer at speeds up to 600 Mbps. This speed is achieved mainly by combining two 22 MHz frequency channels into one 40 MHz channel. Additionally, systems with multiple receiving and transmitting antennas MultipleInput - MultipleOutput (MIMO) are used, which allow organizing up to 4 parallel spatial streams (depending on the number of device antennas).
Wireless controller: Without a wireless controller, access points support multiple SSIDs and one authentication method (such as WP2). To use a wider functionality and all the advantages described above, it is necessary to implement a wireless network controller. The controller is a separate hardware and software complex that connects to the wired infrastructure and connects all access points into a single WLAN (Wireless LAN) network.
Access points used in a Wi-Fi network may differ both in architecture (autonomous / managed) and in supported functionality and standards. So, for example, in the line of access points, you can choose equipment with several radio modules (2.4 GHz and 5 GHz), with support for radio control mechanisms, a different number of MIMO streams. Most access points controlled by the controller are characterized by a "light" version of the firmware - the controller performs the client management functions, each access point "specializes" only in connecting to clients over the radio channel and transmitting all data to the controller through a secure tunnel.
Implementation of wireless Wi-Fi networks
Designing and installing Wi-Fi wireless networks is a complex engineering task, in the solution of which specialists from several directions take part. In order for the network to meet all the customer's requirements and provide a reliable service, at all stages of implementation, the requirements for the placement of access points, antenna orientation, installation of SCS for powering access points via PoE and connections with switches must be strictly met. The equipment should be adjusted by engineers who have knowledge of the technique and physics of radio wave propagation, as well as have experience with the equipment being installed. Otherwise, you may be sold a large amount of equipment that individually meets all the requirements, but installed in such a way that it is a "pile" of expensive non-functioning "hardware". Our specialists have the appropriate education, knowledge and experience, and are also certified by equipment manufacturers, so you can rely on us. This is evidenced by the partner statuses of our company, successful projects and the confirmed qualifications of our engineers.
