Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Setting up a WLAN from scratch

  • 11-09-2012 9:48am
    #1
    Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭


    Firstly, apologies if this is in the wrong forum, the last thread I created here was moved :o

    I've recently started a new job and I've been tasked with researching the implementation of a Wireless network to span across our main office with a view to implementing the same solution across other offices.

    Basically I've been looking online for information on the general setup required but I'm really just running into implementation plans and how to plan out your WLAN.

    What I would like to know is what equipment will I need to initially setup a Wireless network from our comms room before I can go ahead and get wireless access points to repeat the signal across the building.

    If anybody has any white papers or links to the step by step creation of a WLAN I'd very much appreciate it.

    Additionally, the request is to have a WLAN for users on iphones and tablets to be able to use and access shared drives etc. - these devices will need to have been added to an access list via MAC in order to access the network.

    However, there is also the request to split his as it were, to also include a guest network with a key for visiting clients and so on, to access the internet - and if they so wish, use it to VPN to their own networks.

    Again, would appreciate any feedback as this is all very new to me.


Comments

  • Registered Users, Registered Users 2 Posts: 1,931 ✭✭✭Zab


    How many clients and what sort of area are you talking about?

    MACs are clonable. They're an insufficient form of security on their own and they're a pain in the ass to manage.


  • Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭D'Agger


    Zab wrote: »
    How many clients and what sort of area are you talking about?

    MACs are clonable. They're an insufficient form of security on their own and they're a pain in the ass to manage.
    Small building - over two floors, off the top of my head we'll say the building would be 100m x 80m - that's rough now I'm useless with measurements.

    Well there would be other security features added, it's just I was told that I would be given MACs of devices which were the only devices to be added.

    From looking into a small amount would I be right in saying that I would need to connect one WAP to a router from the comms room in order to allow it access to the network, then simply setup other WAPs as repeaters as such to ensure the signal is available throughout the building?

    There's already a small router in the office for guests, however in order to make sure there's access to this over the building for clients I could try to use other WAPs to repeat the signal over a larger area. The issue then would be the load that small WLAN can handle.


  • Registered Users, Registered Users 2 Posts: 682 ✭✭✭Xantia


    I use a Fritz Box - which you can get repeaters for and you can turn on a guest network when needed.
    Also you can use MAC address filtering if required, however most routers should be able for this.


  • Registered Users, Registered Users 2 Posts: 357 ✭✭Ctrl Alt Del


    Hi,


    Most of the stuff you can find online but WiFi is a black art,is a local applicable only solution that requires a lot of local assessment, planning,survey,testing and constant adjusting !
    As an example,i have my solution implemented and i need to run background scans for other WAPs or WiFi routers in order to tweak the channel,frequency and power in order to create a nice WiFi coverage shape in each room,with each WAP for a random set of users/devices !
    I had a situation where WAP was working fine in an empty room but when room full of people it created lot of shadows and reflex ions that made the mobile devices to run very badly ! Also,some devices were not roaming properly,hanging on a set WAP for longer than necessary,then i had to play very 'software' aggressively with client's roaming profiles ,to reduce the power of the WAP in that location,so client can move seamlessly from one WAP to another !

    Few questions:

    -what is the layout of the office open space,offices,partitions ?
    -what type of ceiling you have?
    -what is the distance from Comms Room to furthest WAP ?
    -what kind of interfering electrical equipment you have in the office?
    -how many offices/buildings are around your office/building?
    -why WiFi and not cabling ?

    -how many users needs access on office network?
    -what type of traffic,applications,bandwidth,reliability you need/require?
    -what kind of mobile devices you have,how old are they?
    -do you need coverage or content provided by WAPs to clients ?
    -secure network to your network:what "type" of security you really need ?
    -do you need a snapshot of the WiFi running at any given moment,do you need to keep logs for access,traffic and so on ?
    -are using/planning for VOIP ?
    -what type of network you have,routing switching,servers equipment?
    -tablets to use & access shared drives for what !?

    -are you internal staff or external consultant?
    -can you take external IT Consultancy on board of the project ?
    -what type of budget are we talking here ?


    Personal choice:

    -get a "proper" managed switch (L3 possible)
    -run CATx from each port to each WAP (i'll stay away from repeaters)
    -get PoE and UPS for WAPs (possible with separate injectors or from within the switch)
    -install managed WAPs for coverage and content (based on office layout)-> check for WiFi coverage with a dedicated software/hardware tool
    -create VLANs for office network and for guest network (as per switch how-to on L2 and L3 if possible,also by creating multiple SSIDs on WAP with individual settings)
    -use routing table for guest mobile devices (with dedicated internet gateway or shared with your own internet access router i'll avoid it)
    -security-wise,MAC and WPAx/RADIUS for internal,WPA2 for guests
    -security on Switch MAC address,shutdown port for x minutes
    -enable time restrictions and shutdown PoE after a specified working time (let's say power ON at 7am,power OFF at 7pm)
    -others...


    As a baseline budget ,i guess you'll need around €5k with a upper maxim limit of €10k to do it properly.

    Finalizing a similar project here,if you need further help,just ask here...



    Good luck..


  • Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭D'Agger



    Few questions:

    -what is the layout of the office open space,offices,partitions ?
    -what type of ceiling you have?
    -what is the distance from Comms Room to furthest WAP ?
    -what kind of interfering electrical equipment you have in the office?
    -how many offices/buildings are around your office/building?
    -why WiFi and not cabling ?

    -how many users needs access on office network?
    -what type of traffic,applications,bandwidth,reliability you need/require?
    -what kind of mobile devices you have,how old are they?
    -do you need coverage or content provided by WAPs to clients ?
    -secure network to your network:what "type" of security you really need ?
    -do you need a snapshot of the WiFi running at any given moment,do you need to keep logs for access,traffic and so on ?
    -are using/planning for VOIP ?
    -what type of network you have,routing switching,servers equipment?
    -tablets to use & access shared drives for what !?

    -are you internal staff or external consultant?
    -can you take external IT Consultancy on board of the project ?
    -what type of budget are we talking here ?


    Personal choice:

    -get a "proper" managed switch (L3 possible)
    -run CATx from each port to each WAP (i'll stay away from repeaters)
    -get PoE and UPS for WAPs (possible with separate injectors or from within the switch)
    -install managed WAPs for coverage and content (based on office layout)-> check for WiFi coverage with a dedicated software/hardware tool
    -create VLANs for office network and for guest network (as per switch how-to on L2 and L3 if possible,also by creating multiple SSIDs on WAP with individual settings)
    -use routing table for guest mobile devices (with dedicated internet gateway or shared with your own internet access router i'll avoid it)
    -security-wise,MAC and WPAx/RADIUS for internal,WPA2 for guests
    -security on Switch MAC address,shutdown port for x minutes
    -enable time restrictions and shutdown PoE after a specified working time (let's say power ON at 7am,power OFF at 7pm)
    -others...


    Good luck..


    Thanks very much for the level of detail Ctrl Alt Del, appreciate it!

    We have cabling, however we will have users who use mobile devices who will want to be able to access certain shared folders etc. on their mobile devices around the office.

    To be honest I think it's overkill but I've been asked to look into it and to be honest I'd like to know more about implementing a WLAN anyway.

    The building is in a 'H' shape covering the top two floors, not entirely sure what the ceiling is tbh but I'll look into it.

    The number of users depends on the release of the iphone 5 - if that comes out soon then we'll be purchasing a number of them and we'd have roughly 40 users on the wireless network - between iphones and ipads.

    There would be roughly 3/4 other offices within the building we're in, however I would imagine only one of these would have wifi enabled.

    I'm only in my second week in the company and this is only scratching the surface to see how we would go about implementing this in the office, so I'm still unsure of the number of routers and switches. No budget has been mentioned and external consultancy would be used I'd imagine - if not then I'd be setting it up and that won't end too well!! :pac:

    I'm aware that I'm being vague here but I'm only looking for initial setup details like the one's you've provided regarding setting up the VLAN for Guest and VLAN for work.

    Thanks again for the info


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,789 ✭✭✭wandererz


    Based on prior experience.
    The image below shows projected propagation in the 2.4Ghz range for a single floor in an H-shaped building 100x80 meters, along with access point placement.

    This should provide excellent coverage (and you could potentially go with fewer APs if cost is a problem).

    Green areas are excellent coverage, yellow are medium, red is bad.

    9DNwW

    - The AP's will be cabled to a POE switch.
    - If you don't have POE switches, or don't have any intentions to get POE switches, then you would have to get a power supply with each AP.
    - Each AP will tunnel via ethernet cable to a wireless controller located in your comms room.
    - Internal user wireless access can be via WPA2/Enterprise (authenticating to an internal DB such as RADIUS on your AD server) or WPA2/Personal.
    - Access can also be limited to MAC address.
    - Guest users can connect to the Guest SSID and be presented with a captive portal login screen with your corporate disclaimer etc.
    - Guest accounts can be managed by a receptionist or similar via a dedicated portal.
    - You would/should be able to apply Web Filtering, AV filtering, IPS and App Control to protect your network/clients and traffic shaping to protect your bandwidth. This could be done on the wireless controller.
    - To connect to another building you could use two external AP's to provide bridging between the networks.
    - Not recommended to have more than 30-40 clients per AP.
    - 5Ghz propagation will be slightly smaller than below.
    - With band steering supported, client which support 5Ghz will be steered to the 5ghz range.

    All of this nicely manageable from a central console.

    A controller supporting up to 16 AP's should cost in around €1500 with a more capable controller supporting 32 APs about €3700
    Indoor APs should be around €450+ each

    So
    - 1x controller @ €3700
    - 14 x APs @ 450 = €6300

    All in €10,000 worst case scenario.

    or

    - 1x controller @ €1500
    - 14 x APs @ 400 = €6300
    = €7800


  • Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭D'Agger


    That's an amazing amount of detail wandererz thanks very much.

    I'd imagine we'll need to get a consulting company in with regard to setting it up - I'm inexperienced at this and with wireless requiring high security, I'll most certainly be unable to configure this myself.

    That said, what I was looking for was entry information regarding cost and general implementation - thanks a million to yourself and the other, above posters for providing this to me.


  • Registered Users, Registered Users 2 Posts: 4,015 ✭✭✭Hijpo


    Is there a way to go about load balancing for the AP's?

    with AP's being half duplex, if such a scenario cropped up that 20 clients connected to one AP would it effect bandwitdh much?


  • Registered Users, Registered Users 2 Posts: 2,789 ✭✭✭wandererz


    Hijpo wrote: »
    Is there a way to go about load balancing for the AP's?

    with AP's being half duplex, if such a scenario cropped up that 20 clients connected to one AP would it effect bandwitdh much?

    What you could do is figure out what is the max bandwidth you expect each client to use.

    Based on that and the capability of the AP you have a max number of clients you want to connect to the AP so you:
    - limit to that number
    - and perhaps setup traffic shaping so that each client is limited to a certain speed, say 3mbps.

    Any other clients over your configured max should connect to the next available AP instead.

    Also, depending on the capabilities of the AP if the AP is getting overloaded new clients could be automagically moved to a nearby less loaded AP.


  • Registered Users, Registered Users 2 Posts: 2,789 ✭✭✭wandererz


    D'Agger wrote: »
    That's an amazing amount of detail wandererz thanks very much.

    I'd imagine we'll need to get a consulting company in with regard to setting it up - I'm inexperienced at this and with wireless requiring high security, I'll most certainly be unable to configure this myself.

    That said, what I was looking for was entry information regarding cost and general implementation - thanks a million to yourself and the other, above posters for providing this to me.

    No problem. Glad to help. It doesn't necessarily need to be difficult at all.
    If you need a list of providers who can help then PM me and i can provide about half a dozen.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 357 ✭✭Ctrl Alt Del


    I've built recently a solution around 40 WAPs.
    Each covering own room,100M full duplex ,2xMiMo,power tweaking for lower coverage (channel overlapping) and i needed for capacity,around 25 mobile clients doing multimedia access traffic type.Speed,WiFi N,but current clients are not equipped with N cards only B/G built-in (tablets).
    Forgot to mention seamless clients roaming from one WAP to another,with full events' sysadmin logs generated (for you as an IT guy) and no end -user intervention required to move around office while having a permanent connection.

    Price wise,hard to estimate for your own environment,due to lot of unknown facts and that can affect the final price and technical configuration.

    Got some prices around,without doing any site survey,just email back to me,starting from €300-€400 per WAP and limited CALs for controllers with mad prices for using extra upgrades for WAPs.Some of these WAPs are using half duplex and they relay in serial,one through another,creating a nice mesh.Let's say Switch -A - B - C - D - E - client.But if of one of the "serial" WAPs goes offline,quite hard to find out where,who ,how and to reconfigure the traffic from A to D or from switch to client.That's why i chose dedicated,one-to-one point switch to WAP.

    I've used UniFi in the end and cost based,they came at around €150 per WAP.On top of that,you'll need to add charges for CATx cable going from switch to each point.
    As a WiFi controller,any Windows machine and the UniFi FREE management software came to another €1,000.The controller takes unlimited WAPs so there is no hardware or software restrictions (except IP v4 addressing and sub-nets),no additional charges for extra WAPs to be added on the network or in the management console:just plug,turn-on,adopt and configure !

    You'll need a managed switch,that could come in region of €500-€1000.I will not spare/save any money against the switch,just get a proper ,enterprise level switch that will "switch" all your infrastructure.In the end,i pick HP 5000 series 48 ports for L3 and capacity.

    So in the end,you multiply:

    -the cost of each WAP of €150,
    -the cost of each net cable poe switch-to-wap (around €50-€100)
    -€1000 for a managed switch
    -€1000 for WiFi controller.

    One off cost,nothing to worry in eventuality that you'll need to add future WAPs or clients.
    Above prices are based on recent quotations and do not reflect accurately your current or needed setup.They are based on my best educated guess from past experience and on your information supplied here.

    Get few quotes before commit to install.
    Get the companies to call over,to see your site before getting any draft prices.
    I've got prices myself without the quoting guys even showing up in the site...

    Regards


  • Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭D'Agger


    Will do cheers CAD

    My main problem is that I've had limited exposure to wireless technology, while not completely ignorant I'm not up to the standard required to implement something of this scale - again, I know it's not for a huge company, but I feel that if it's to be setup, it needs to be setup well to avoid issues going forwards - a good base from which to grow.

    I'll need to study up on the underlying tech involved, then look to get quotes - from there I should understand what exactly is required for the project and from there be able to provide costing.

    Again, thanks for the advice - very much appreciated!


  • Registered Users, Registered Users 2 Posts: 357 ✭✭Ctrl Alt Del


    D'Agger wrote: »
    Will do cheers CAD

    My main problem is that I've had limited exposure to wireless technology, while not completely ignorant I'm not up to the standard required to implement something of this scale - again, I know it's not for a huge company, but I feel that if it's to be setup, it needs to be setup well to avoid issues going forwards - a good base from which to grow.

    I'll need to study up on the underlying tech involved, then look to get quotes - from there I should understand what exactly is required for the project and from there be able to provide costing.

    Again, thanks for the advice - very much appreciated!

    Don't get stuck with this learning and exposure to technology !
    You have to manage the business side of it ! Once you outlined well the business aspects ( WHY),then few technicality(HOW),you are passing the dirty job (how-to) to the winner of your tender.If not properly designed or functioning ,the blame/the fault is going to be ,guess on which side !!?

    WiFi is a black art,never ever fully understood and properly implemented ! Always it will happen today to work and tomorrow ... maybe ,after somebody got a DECT phone in the office !!

    First,compile a list of business requirements,then follow with some technical lines.Get as many quotes as you can ,minimum 3 maxim 5.There are few Wireless players in the local market so all are going to use similar hardware/software platforms,just different views and ...prices.Some of them are going for big customers,while others are looking for smaller one.
    You'll be shocked to discover what you've asked and what you've been quoted !

    Read all quotes and make your mind re what you need !!! :)
    At that point you can go purely technical...asking for why,how,what,where,when,how much !

    I know it sounds like "time waster" for people that quote you,but why not,you can do it and you can afford it ! ;)

    Have fun...
    Good luck !


  • Registered Users, Registered Users 2 Posts: 13,385 ✭✭✭✭D'Agger


    My boss will most likely deal with quotes depending on what we need - thing is, he's asking me what we need so I do need to know a little more about the tech - not as in depth as you'd think however, just the general how-to set it up and possible architectures/topologies involved.

    That said, if he comes back and asks me for quotes I'll use your methods and then go into tech detail where needed :)


Advertisement