ASK THE EXPERTS - WI-FI NETWORKS - Page 3

ciscomoderator · ‎07-02-2010

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on different aspects of wireless network design and installation with Fred Niehaus. Fred is a Technical Marketing Engineer for the Wireless Networking Business Unit at Cisco, where he is responsible for developing and marketing enterprise wireless solutions using Cisco Aironet and Airespace wireless LAN products. In addition to his participation in major deployments, Niehaus has served as technical editor for several Cisco Press books including the "Cisco 802.11 Wireless Networking Reference Guide" and "The Business Case for Enterprise-Class Wireless LANs." Prior to joining Cisco with the acquisition of Aironet, Niehaus was a support engineer for Telxon Corporation, supporting some of the very first wireless implementations for major corporate customers. Fred has been in the data communications and networking industry for more than 20 years and holds a Radio Amateur (Ham) License "N8CPI."

Remember to use the rating system to let Fred know if you have received an adequate response.

Fred might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through July 16, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

karthikeyan gopinathan · ‎07-09-2010

hi

i have a wireless controller module( NME-AIR-WLC25-K9) installed in a Cisco 2851 ISR, this setup is in my remote site, we are connected through MAN network. In our main office i have a cisco 4402 wireless controller. so whenever i install a AP in my remote site instead of joiining the remote site WLC, the access point joins my main office 4402 controller, i dont why it is happening, the AP is not even trying to join the remote site WLC..please let me know what i need to check or if you need more info

Karthik

Leo Laohoo · ‎07-11-2010

Hi Karthik,

Did you configure High Availability on each of the WAPs? What version is the firmware?

karthikeyan gopinathan · ‎07-12-2010

High availability is not configured between these two controllers the firmware for one is 5.2.193.0( NME) and 4402 is 6.0.196.0

Leo Laohoo · ‎07-12-2010

1. Configure High Availability for the AP and the AP will join the controller of your choice.

2. You have two WLC running different codes? Why?

3. Cisco has been recommending for everyone to stay away from 5.X and 6.X like a plague.

karthikeyan gopinathan · ‎07-13-2010

We upgraded to 6.x so that we can install 1142n Access points shall I upgrade to the newer version and check

fredn · ‎07-14-2010

Hi John.. User Scottp... did a good job answering this. If you are running Cisco client cards then disabling SSID broadcast is fine but as Scott said some clients have problems with this. Disabling it used to be a great idea back before sniffers and WLAN tools became commonplace.

I don't think I'd bother with trying to hide the SSID anymore - Just enable good security upfront.

73,

Fred

jcosgrove · ‎07-13-2010

Hi Fred, John N2IDN here thank you for taking questions.

SSID.... to broadcast or not to broadcast?

We have a wireless network that consists of greater then 600 AP's that covers a hospital and college campus. We have deployed multiple SSID's for various functions thru the campus but are currently looking at merging the multiple SSID's to a common SSID for most enterprise users. We also have a guest SSID that is open and broadcast.

The question is if we should broadcast our enterprise (secure WPA2) SSID as to make it easier for support people and students to connect to our wireless network.

Any issues come to mind it we broadcast both our guest and enterprise SSID?

I was thinking if guest users or guest devices try too much to connect to the enterprise SSID they may lock themselves out of the wireless network. We also may have a lot of devices try by default to connect to the enterprise network and we may see these attemps and be detected by the IDS functions of the wireless network.

This is a semi public environment that has a lot of people that are guest coming into the building each day.

Any guidence would be great.

JC

Scott Pickles · ‎07-13-2010

JC -

Not broadcasting your SSIDs actually makes it more difficult and unstable for some clients to connect as they have to listen to more beacons to figure out what the SSID is. Also, there are a lot of products out there that can capture the SSID regardless of whether or not it is being broadcast. So by not broadcasting your SSIDs, you're decreasing the performance of your clients a little, and you're not providing yourself ANY security as security through obscurity is no security at all. As you imply, broadcasting your SSIDs will help your users so that they don't fat finger the SSID name in setting up the wireless profile manually, as well as making it a bit more obvious as to what networks exist and what they're used for assuming the names are relevant. By broadcasting your SSIDs, you're not necessarily alerting people to the presence of your wifi and encouraging them to hack it. If properly secured, there is no reason not to broadcast the SSIDs.

A good article is here:

http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

Regards,
Scott

jcosgrove · ‎07-13-2010

Thanks for responding Scott,

I agree with all that you posted. I was not sure about any performance increases and/or roaming improvements. My main concern was that I did not want to broadcast anything that some automated consumer devices may just randomly start trying to connect but fail and generate more IPS alarms with failed attempts. Not a huge problem but I just wanted to make sure I was not missing something on that front.

John

jcosgrove · ‎07-13-2010

I have a rather hard to cover environment that seems to have me going towards an AP in every room.

The general sketch of the building is long and narrow. Center Hallway with patient rooms off the Hallway. Halway and patient rooms are all Cement Block walls and solid fire rated doors. When I try to cover the building from the hallway and radiate out towards the room the coverage is not really bad but the AP's start to get placed at a rate of 1 every 30 feet or so. Since the hallways all line up there tends to be a lot of AP's on the same channel that can see each other as you run down the hallway.

If I go towards covering from the room side I now have a lot more AP's and may end up putting an AP in each patient room. This will really blow any budget and may cause too much channel re-use.

What success have anyone had with using some smaller distributed antenna system to help move the signal closer to the rooms without trying to blow the signal thru the walls?

Any creative suggestions out there? Let me know.

Thanks to all.

JC

Scott Pickles · ‎07-13-2010

JC -

You have to keep in mind what your ultimate goal is, irrespective of the environment. If the building cannot be covered via the hallways, for the reasons you mentioned, then you have to bring your findings back to the customer and have them decide how they would like to proceed. But you give them options such as:

1. Can you move to 5 GHz and stay in the halls?

2. Can you use a mixture of in the halls and in the rooms to at least reduce the number of APs?

3. Can you alter the required signal strength/SNR values (allowing greater coverage per AP)? Depends on what services the wireless network must provide.

4. Are you still worried about co-channel interference if you place APs in the rooms? If yes, then run the APs at 1/4 power or less.

5. If you are using an AP with omnis, you may have to switch to 1242/1252/1260 with external antennas and use something with a lower e-plane, something around 60 degrees to allow APs to be placed closer together.

I think that the installation of the distribution system itself often costs a bit of money as well, so it's difficult to say that a DAS would be a better solution in this case.

Regards,

Scott

4DigitCCIE · ‎07-13-2010

Another thing to keep in mind with a DAS is that Cisco won't support any RF problems that may arise, so future troubleshooting may be an issue. Check the attached link for their stance on it...

-John

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps6973/positioning_statement_c07-565470_ps10092_Products_Data_Sheet.html

Scott Pickles · ‎07-13-2010

JC -

Another thought is to have them deploy in stages, thus spreading the cost out over a couple of budget cycles. When we've suggested this in the past our concerns were these:

1. Introduction of new equipment/models that the customer wants. A mixture of APs essentially places the original survey and design in jeopardy.

2. Deployment that targets disparate hot spot areas to provide immediate services to the areas needed most generally works ok, so long as the rest of the APs installed are the same model and type.

3. Changes in management/staff that derails the continued plan to install.

4. Availability of hardware when it's needed.

Regards,
Scott

Leo Laohoo · ‎07-14-2010

Hi JC,

Don't know if you've seen these document before:

Cisco Medical-Grade Network (MGN) 2.0—Wireless Architectures

http://www.cisco.com/en/US/customer/docs/solutions/Verticals/Healthcare/MGN_wireless_adg.html

Wireless Considerations in Healthcare

http://www.cisco.com/en/US/customer/solutions/ns340/ns414/ns742/ns823/landing_wirelessHC.html

gjbotimer242 · ‎07-14-2010

Hey guys!

Quick one for you: using autonomous 1141n WAPs, but none of the connected wireless clients are getting an IP address from the DHCP server (a router that the 1141n is connected to). They see the SSID just fine, connect just fine to the WPA2 encrypted broadcast, but once connected, cannot do anything (169.254.x.x address). Thanks for any help!

-GJB