Designing Enterprise Wireless Networks © 2004 Cisco Systems, Inc. All rights reserved. Designing Wireless LANs for Enhanced Enterprise Communications ARCH v
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Radio Frequency Design and Planning WLAN data rates –Lower data rates extend farther from the access point than higher data rates. –Data rate chosen depends on the type of application. –Higher data rates of 11 Mbps and 5.5 Mbps are recommended in a WLAN LAN extension environment. Client density and throughput –The maximum suggested number of active associations is around 10 to 30. –Adjust client power to match the access point power settings.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Radio Frequency Design and Planning (Cont.) WLAN coverage –Consider coverage of common areas, floors, stairwells, and parking areas. RF environment –Use RF design to minimize the RF radiation in coverage areas or directions not required.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Radio Frequency Design and Planning (Cont.) Channel selection Overlapping cells should use nonoverlapping channels. Where the same channels must be used in multiple cells, those cells should have no overlap.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Access-Point Design Considerations
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Campus Infrastructure Design Considerations to Support WLANs Inline power needs –Use in campus and office deployments where access points are unlikely to be mounted near power outlets. VLANs –The WLAN should use a separate subnet from other LAN traffic. IP addressing –Use a separate address space for WLAN clients for security and management purposes. Security considerations –Use WLAN LAN Extension via EAP, WLAN LAN Extension via IPSec, or WLAN Static WEP.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v WLAN High-Availability Considerations Infrastructure availability –Use the existing high-availability services provided by the enterprise network. Back-end system availability –Deploy high availability for security systems, DHCP server, and DNS and application servers. Access-point hot standby redundancy –Configure two access points to use the same channel in a single coverage area. –Only one access point is active.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Roaming and Mobility Considerations Layer 2 mobility –Native Layer 2 mobility is supported in the Cisco access points. Layer 3 mobility –Use Mobile IP on Cisco routers to provide mobility across different VLANs.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v IP Multicast Considerations WLAN security extensions –Use WLAN LAN extension via EAP or WLAN static WEP. Bit rates –If the access point operates at multiple bit rates, send multicasts and broadcasts at the lowest rate. Snooping –To support roaming multicast, turn off CGMP or IGMP snooping. Application performance –Prevent superfluous multicast traffic from being sent out on the air interface. –Configure the access points to run at the highest possible rate (unless multicast reliability is a problem).
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v WLAN QoS Considerations IP telephony –Solutions are best-effort or rely upon proprietary client implementations. Access-point filters –Allow protocols likely to carry latency-sensitive traffic to have a higher priority at the access point. Proprietary QoS for phones –The maximum recommended number of phones per access point is seven. –The planned phone density (per access point) should be less than the maximum recommended. –Follow the WLAN Static WEP solution security guidelines.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v WLAN Security Extensions WLAN LAN Extension: EAP –Recommended for most wireless environments, unless IPSec is needed WLAN LAN Extension: IPSec –Requires users to connect to the network through an IPSec-capable VPN client WLAN Static WEP –Used for specialized clients that are application-specific and support only static WEP
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Security Strategies for Wireless Networks Using EAP
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v SAFE Security Strategies for Wireless Networks Using VPNs
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Small Office WLAN Design Model
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Small Office WLAN Design
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Enterprise WLAN Design Model
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Site Design for Enterprise Wireless LAN
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Remote Office Design for Enterprise Wireless LAN
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Telecommuter WLAN Design
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Summary When designing an enterprise wireless network, consider the RF design, the campus infrastructure, high availability, roaming, IP multicast, and QoS. Choose from EAP, IPSec, and WEP as the security model for a wireless LAN implementation. The choice of security model has far-reaching design implications. In a small office, use a WLAN to extend the network reach to areas where physical constraints, cost, or speed of deployment are an issue. A WLAN is typically an extension to the wired LAN rather than a replacement. Use a Cisco wireless base station to provide access for a location with a small number of users, such as a small remote office or telecommuter.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Learning Activities Case Study: OCSIC Bottling Company Design a wireless network for a North American plant Provide justification for each design decision