Announcement

Collapse
No announcement yet.

Multiple WAPs working together

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple WAPs working together

    Hello everyone...happy Wednesday!

    I've been looking around this forum and googled just about every combination I can think of to produce a good guide for what we're wanting to do with our network and I can find nothing...so I'm hoping someone will have an opinion or point me in the direction of a good guide!

    What we're looking to do, is setup a wireless network in our main office which includes at least two (possibly three) access points to cover multiple sections of the office. Normally no more than 15 users of our 40 will be using wireless, however in special cases we may need to support up to 50 wireless users at once.

    The catch here is that the APs will most likely overlap signals...is there any solution where these APs can be integrated together to all run on the same channel with the same SSID? Also, we need at least 2 SSIDs to be configurable (i.e. "Company" and "Guest").

    I'm looking for any first hand experience, equipment suggestions, or reading material recommendations.

    Thanks a lot!
    ~Kara
    ~Kara
    'What we do not make conscious emerges later as fate.' Carl Jung

  • #2
    Re: Multiple WAPs working together

    Just use WAPs that have a relay mode. Even some dinky LinkSys and NetGear WAPs have that ability. I think that you'll want alternating channels for the WAPs though. One of the last places I worked at used 3COM WAPs (about $600 each) with a 3COM wireless switch that had some nifty management features. It looked a bit like this (Sorry, I don't know what exact model it was).

    Are you going to use 802.1X / RADIUS?

    EDIT: Higher end WAPs allow for multiple SSIDs on one transceiver.
    Last edited by Nonapeptide; 10th December 2008, 20:35.
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

    Comment


    • #3
      Re: Multiple WAPs working together

      Thanks for your reply. I did see the 3com managed access points that required a wireless switch (like the one you linked) in addition to some software to manage it all. It sounded like a really great option but with the software added in the cost was going well over $10k which is overkill for what we're needing I think.

      I don't have any experience with 802.1x & RADIUS setup. Does it require a client app to be installed on the device trying to authenticate? I did a bit of quick reading and saw you can authenticate to a user database, does it integrate with active directory? (You can probably guess we're not planning on using it by all my questions). In your opinion is this something we should seriously consider?

      EDIT: By the way...won't relay mode just pass all traffic to the main AP and therefore all users end up on the same device...slowing down wireless bandwidth for all? Or do I have that wrong?
      EDIT2: (sorry) I found a quick read about RADIUS which I found helpful http://www.tech-faq.com/radius.shtml (for anyone else who might not know or be curious).
      Last edited by karatecki; 10th December 2008, 20:53. Reason: adding additional question @ end
      ~Kara
      'What we do not make conscious emerges later as fate.' Carl Jung

      Comment


      • #4
        Re: Multiple WAPs working together

        Originally posted by karatecki View Post
        Thanks for your reply. I did see the 3com managed access points that required a wireless switch (like the one you linked) in addition to some software to manage it all. It sounded like a really great option but with the software added in the cost was going well over $10k which is overkill for what we're needing I think.
        True, it is certainly only viable for large deployments. It's also difficult to explain to management why some WAPs cost US $600+ when they paid $50 for their home WAPs.


        Originally posted by karatecki View Post
        I don't have any experience with 802.1x & RADIUS setup. Does it require a client app to be installed on the device trying to authenticate?
        Yes and no. If you're using most any major OS, the client portion should be baked in. I think the same should go for most smart-phones. I don't believe that you would need some kind of third party RADIUS authentication client unless the WAP system required it... which would be rather bothersome if it did.


        Originally posted by karatecki View Post
        I did a bit of quick reading and saw you can authenticate to a user database, does it integrate with active directory?
        Absolutely. It's nice and easy to simply add AD users to the "Wireless Access" group (or whatever you choose to call it) and then they magically have access to the wireless network. It also helps to track who is using it and when and also be able to restrict users individually or based on group membership.


        Originally posted by karatecki View Post
        In your opinion is this something we should seriously consider?
        My opinion probably won't mean much to you since I have no idea what it is you're trying to accomplish other than wanting a larger wireless network than can be made with one WAP. Maybe have a look at NetGear's business class WAPs. I looked into them for a recent project and liked what I saw of the ProSafe series of WAPs. They can relay and have some other nicer features that home products wouldn't have (for example, peer security so that nodes on the WLAN can't talk to eachother... good for public wireless networks). They may also understand VLANs (AKA dot1q). I think they received decent reviews from folks online.

        Maybe if you tell us a bit more about your situation we could offer more specialized advice?
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment


        • #5
          Re: Multiple WAPs working together

          Great! Thanks so much for your answers.

          More details:

          We have a set number of about 40 employees in this office. And generally no more than 15 of them are going to be using the wireless at any one time; while on wireless they will need access to the LAN/servers etc. We've considered having the "employee" wireless network in a type of DMZ so that they can only access our Citrix servers/email etc as they would from home...therefore blocking server share access until they used their client VPN to get to the inside.

          For the second wireless network (thus the requirement for multiple SSIDs...though it would need to be on a separate VLAN), we would use it as more of a "guest" wireless network that would require WPA-PSK. It will have internet access only. The user count for this purpose could be anywhere from 20-50 depending on the purpose. From time to time we have employee visitors from other districts that are in for training but they do not require any LAN access, only internet, for their functions.

          What we currently have is one WAP which we have one SSID configured w/ WPA. It drops connections from time to time even though the signal strength is high. The WAP is a Cisco Aironet 1100. When it drops connections, it drops everyone at once and begins working a few minutes later. We've not tracked down the issue but it has prompted us to determine we may be at a point where we should upgrade anyway.

          Thanks again!
          ~Kara
          'What we do not make conscious emerges later as fate.' Carl Jung

          Comment


          • #6
            Re: Multiple WAPs working together

            Originally posted by karatecki View Post
            We have a set number of about 40 employees in this office. And generally no more than 15 of them are going to be using the wireless at any one time; while on wireless they will need access to the LAN/servers etc. We've considered having the "employee" wireless network in a type of DMZ so that they can only access our Citrix servers/email etc as they would from home...therefore blocking server share access until they used their client VPN to get to the inside.
            This might be easiest to design using a simple VLAN scheme. Put the employee wireless network on a separate VLAN and only enable that VLAN on the ports and servers that need it. I'm curious to know why the Cisco VPN for the wireless network... proper wireless security should be solid enough for most places. Especially if you're using WPA2 Enterprise. Of course, you know best what your environment needs... I don't want to come off like a second-guessing jerk.


            Originally posted by karatecki View Post
            For the second wireless network (thus the requirement for multiple SSIDs...though it would need to be on a separate VLAN), we would use it as more of a "guest" wireless network that would require WPA-PSK. It will have internet access only. The user count for this purpose could be anywhere from 20-50 depending on the purpose. From time to time we have employee visitors from other districts that are in for training but they do not require any LAN access, only internet, for their functions.
            Make sure you really spec out your prospective WAPs. It might be that the need for multiple VLANs and multiple SSIDs on the same WAP would bump the pricetag up a bit. Are you considering using a wireless switch to manage this or just have separate WAPs without the management station?


            Originally posted by karatecki View Post
            What we currently have is one WAP which we have one SSID configured w/ WPA. It drops connections from time to time even though the signal strength is high. The WAP is a Cisco Aironet 1100. When it drops connections, it drops everyone at once and begins working a few minutes later. We've not tracked down the issue but it has prompted us to determine we may be at a point where we should upgrade anyway.
            Does it have any logs that it dumps? SysLog maybe? Can you tell if it's a hard reboot? Have you updated the firmware? Is there any special time of day that it does it? Are there any microwaves or cordless phones nearby? Whew... sorry for the rapid fire questions.
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment


            • #7
              Re: Multiple WAPs working together

              Originally posted by Nonapeptide View Post
              I'm curious to know why the Cisco VPN for the wireless network... proper wireless security should be solid enough for most places.
              You're not coming off as a second guessing jerk I appreciate your answers...to answer your question it was just presented as an option that would be viable to create only one VLAN for wireless and still allow access into the network for employees (although it is not a Cisco VPN...though that doesn't really matter). It was only presented as something to consider but I don't see us reaching our goals that way.

              Originally posted by Nonapeptide View Post
              Are you considering using a wireless switch to manage this or just have separate WAPs without the management station?
              I was considering the wireless switch to manage until I saw the price tag. Perhaps one day in the future if we plan to roll out managed APs to each district we'd like to centrally manage...it may become an option

              Originally posted by Nonapeptide View Post
              Does it have any logs that it dumps?
              I'm sure it could...we haven't really worried too much about troubleshooting it as it won't do everything we want and it's time to consider a new solution anyway (we have a limited number of resources to devote to troubleshoot when it effects a few people only a couple times a day...unless it becomes a problem for the VP then I'll bet we suddenly have 2 out of 6 people working on it ).

              Originally posted by Nonapeptide View Post
              Can you tell if it's a hard reboot?
              It doesn't appear to be as the SSID is still advertised during the disconnect, though no one can connect to it until about a minute to two later.

              Originally posted by Nonapeptide View Post
              Have you updated the firmware?
              Not yet, there are some added functions by upgrading it...but again it's not really that we want to fix this one so much as it's been a catalyst for deciding it's time to get a better wireless setup.

              Originally posted by Nonapeptide View Post
              Is there any special time of day that it does it? Are there any microwaves or cordless phones nearby?
              There is a microwave about 30 ft away, no cordless phones. However it is up near the ceiling and since we're on the top floor, there is a lot of heavy equipment on the roof that could possibly be interfering but I doubt it...it should all be on a separate circuit and all that. The issue with the disconnect generally gets reported in the early afternoon, around 2pm..but I've seen it occur up to 3 times a day at any time.

              My boss was looking at wireless solutions too...and decided to tap into one of our vendors to check with their reps on what they would put together and recommend. Whatever we decide to go with, I'll post back the result and our experience with it.
              ~Kara
              'What we do not make conscious emerges later as fate.' Carl Jung

              Comment


              • #8
                Re: Multiple WAPs working together

                Originally posted by karatecki View Post
                to answer your question it was just presented as an option that would be viable to create only one VLAN for wireless and still allow access into the network for employees
                I see. That's not half bad, actually. Keeps VLAN management nice and simple... especially if your WAP can't handle more than one SSID or VLANs.


                Originally posted by karatecki View Post
                I was considering the wireless switch to manage until I saw the price tag. Perhaps one day in the future if we plan to roll out managed APs to each district we'd like to centrally manage...it may become an option
                NetGear makes a ~US $2,000 ProSafe wireless switch... but I can't speak for it. I've never used it... I only have (limited) experience with 3COM wireless switches and WAPs. But again, it's hard to explain to some executives why a wireless network for the business costs thousands for just a few WAPs and a wireless switch when they can spend a little over $100 at home for a couple of WAPs and repeat the signal for total coverage.


                Originally posted by karatecki View Post
                There is a microwave about 30 ft away, no cordless phones.
                At one place I work at there was a new cheap-o cordless phone that was causing issues with the wireless network. The interesting part was that the phone was well over 100 feet and several thick walls away from the WAP. Don't ask me how we eventually tracked the issues down to the phone. I'm surprised the thing didn't interfere with NORAD.


                Originally posted by karatecki View Post
                However it is up near the ceiling and since we're on the top floor, there is a lot of heavy equipment on the roof that could possibly be interfering but I doubt it...it should all be on a separate circuit and all that.
                Maybe there's some heavy EMF interference? Or not.


                Originally posted by karatecki View Post
                My boss was looking at wireless solutions too...and decided to tap into one of our vendors to check with their reps on what they would put together and recommend. Whatever we decide to go with, I'll post back the result and our experience with it.
                Great! Let us know what becomes of the issue.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: Multiple WAPs working together

                  Originally posted by Nonapeptide View Post
                  ... it's hard to explain to some executives why a wireless network for the business costs thousands for just a few WAPs and a wireless switch when they can spend a little over $100 at home for a couple of WAPs and repeat the signal for total coverage.
                  Exactly lol! Oh and that switch actually isn't bad...I'll look into the netgear. I was checking out 3com yesterday and it's switch was around the same price but the kicker was it required $11,000 software to manage the manager switch for the managed access points

                  Originally posted by Nonapeptide View Post
                  I'm surprised the thing didn't interfere with NORAD.
                  lol!! And 100ft? That is surprising...there is one wall in between our microwave and WAP...but the door in said wall provides line of sight when it's open. Maybe we have bad luck and bought a microwave from the same manufacturer as your cordless phone
                  ~Kara
                  'What we do not make conscious emerges later as fate.' Carl Jung

                  Comment


                  • #10
                    Re: Multiple WAPs working together

                    Originally posted by karatecki View Post
                    Exactly lol! Oh and that switch actually isn't bad...I'll look into the netgear. I was checking out 3com yesterday and it's switch was around the same price but the kicker was it required $11,000 software to manage the manager switch for the managed access points
                    So that's why the Sr. Network Admin said that our dozen WAP system cost something like $26,000. But trust me, the management software is great... if you need all the bells and whistles. For instance, we loaded a CAD drawing of our building into the management software and then were able to virtually place the WAPs on the drawing. Then we can detect rogue access points, triangulate off of our existing WAPs to pinpoint where in the building the rogue is and also perform what basically amounts to a DDoS attack against the rogue to shut it down. There are logging features to see usage history and statistics as well as other things. For us it was worth it... I think.
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Multiple WAPs working together

                      That is pretty cool. My budget stretches as far as a pointystick to beat people with until they talk.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: Multiple WAPs working together

                        Originally posted by Nonapeptide View Post
                        For instance, we loaded a CAD drawing of our building into the management software and then were able to virtually place the WAPs on the drawing. Then we can detect rogue access points, triangulate off of our existing WAPs to pinpoint where in the building the rogue is and also perform what basically amounts to a DDoS attack against the rogue to shut it down. There are logging features to see usage history and statistics as well as other things. For us it was worth it... I think.
                        Now that is just awesome. I'm sure my boss would have the same opinion, but convincing his boss that it's worth it may be another story At least until we get a bit more of a wireless footprint.

                        And gforce, I've heard pointy stick prices are rising, be sure to get a few extra in on this year's budget before they go sky-high!
                        ~Kara
                        'What we do not make conscious emerges later as fate.' Carl Jung

                        Comment

                        Working...
                        X