Presentation on theme: "Wireless Update Notes from the field; Best practices for deploying 802.11n ICT Managers Forum – Oct 2010 Paul Young / Bernie Rasenberger D-Link Australia."— Presentation transcript:
Wireless Update Notes from the field; Best practices for deploying n ICT Managers Forum – Oct 2010 Paul Young / Bernie Rasenberger D-Link Australia
Agenda Why a/b/g/n Standards Deployment Update Industry Drivers for n How Three Main N Innovations Deployment Considerations Frequency 2.4Ghz v 5Ghz AP Density Security PoE Wireless Clients The D-Link Difference Challenges of a Legacy Wireless LAN Deployment Features & Advantages Case Studies n
Current Wireless Standards Standards802.11a802.11b802.11g802.11n Ratification DateOctober 1999 June 2003Sept 2009 Frequency5 GHz2.4 GHz 2.4 & 5 GHz Throughput (Typical)23 Mbps4.3Mbps19Mbps74-120Mbps Max. Data Rate54Mbps11Mbps54Mbps300Mbps Modulation techniqueOFDMDSSSOFDM Range (Indoor)*~35 m~38 m ~50 m Range (Outdoor)**~120 m~140 m ~250 m
Deployment Update By 2011, nearly 80% of Wi-Fi shipments will be n.
How Does it Work? Three main innovations of n: MIMO (Multiple Input Multiple Output): spatial multiplexing, beam forming, multipath Packet Aggregation: combining packets into a single frame with less overhead Channel Bonding: increases throughput to 150Mbps per 20MHz channel plus combines two channels into one 40MHz channel. Channel bonding is more effective in 5GHz band. Even with channel bonding there are 11 non-overlapping channels.
802.11n can operate on 2.4 GHz or/and 5 GHz and is backward compatible with a/b/g. NOTE : There is still a performance hit if you mix n clients with b clients on 2.4Ghz If you want to use channel bonding for maximum throughput, it consumes 2 of 3 non overlapping 2.4Ghz channels – HAVE to use 5Ghz in Dense AP architecture Deployment Considerations - Frequency
AP’s can be: single radio (2.4GHz only or 5GHz only): e.g. DAP-1353; switchable dual radio (switchable between 2.4GHz and 5GHz): e.g. DAP-2590; concurrent dual radio (operates 2.4GHz and 5GHz at the same time) e.g. DWL-8600AP. Deployment Considerations – Frequency
Deployment Considerations - Frequency When introducing n into existing a/b/g WLANs both bands (2.4GHZ and 5GHz) can have n enabled. In case of dense AP architecture channel bonding for 2.4GHz should be disabled (set to 20MHz). Or if there are other 2.4GHz networks in the area – disable channel bonding for 2.4GHz n can be offered to throughput-critical clients only which support 11n: 5GHz band can be set as “11n only”. Leaving 2.4GHz for the rest of the clients which will not interfere with the critical data (802.11b/g/n). dual-radio n AP 2.4GHz b/g/n 5GHz n only (WPA2) High Speed Wi-Fi n client Legacy mixed Wi-Fi AES encryption only (WPA2) for maximum n speeds
Slide 10 Deployment Considerations – Clients If you deploy Dual Radio AP’s on 2.4Ghz AND 5Ghz, some client chipsets are not ‘smart’ enough to connect to the faster 5Ghz network by default Instead, they default to the slower 2.4Ghz radio which has a stronger signal UNLESS you lower its power output Reduce the power on 2.4Ghz Radio If client Wi-Fi adaptor has a ‘Band Preference’ setting, set it to ‘Prefer a’ (or 5GHZ in other words) Failing this, create separate SSID (Networks) for Optimal 5Ghz & Legacy 2.4Ghz networks RECOMMENDATIONS
Slide n can only achieve higher speeds and reliability OR longer range. Not both. Misconception: with 11n AP’s one can use less dense AP structure since the signal travels further. Pitfalls of such structure: Distance is achieved at a cost of throughput. More clients per AP – more load on AP, less bandwidth available. With smaller number of AP’s it is hard to obtain an even signal coverage across whole area. Your wireless solution still needs to cater for legacy 11a/b/g clients. VS. Deployment Considerations – AP Density
Slide 12 TKIP/WEP no longer supported in n Speeds limited to 54Mbps if you use WEP or TKIP encryption For this reason, recommended you use WPA2, with AES (Either with Pre Shared Key or even better, deploy RADIUS Server) Deployment Considerations – Security WPAWPA2 Enterprise Mode (Business, Government, Education) Authentication: 802.1x/EAP Encryption: TKIP/MIC Authentication: 802.1x/EAP Encryption: AES-CCMP Personal Mode (SOHO, Home/Personal) Authentication: PSK Encryption: TKIP/MIC Authentication: PSK Encryption: AES-CCMP
Slide 13 Deployment Considerations – PoE 802.3af delivers 12.95Watts per device up to 100m away (15.4W raw output). New PoE standard recently ratified: 802.3at (PoE+) will offer up to 30Watts. All the new technologies in n are power hungry. But AP’s with one radio operating at a time can still use 802.3af PoE. However AP’s with simultaneous two radio operation (and 3x3 MIMO) may require more power than the PoE standard can deliver. Hence proprietary PoE solutions: special injectors, special switches, dual PoE ports. Solution: New n chipset Devices based on the new chipset (e.g. DWL-8600AP) are less power hungry, can operate on standard 802.3af PoE.
D-Link 2 nd Generation Unified Wireless N Solution DWS-4026 Wireless Switch DWL-8600AP Wireless N Access Point The D-Link Difference
Ch 6 Decentralized AP configuration, security and management Difficult to maintain wireless area coverage Channel overlapping causes network performance degradation Layer 3 Switch Server Farm Layer 2 switch Challenges of Legacy WLAN Deployment Coverage hole Rogue AP RF Interference, Security breach
D-Link Unified Wireless Solutions a/b/g/n DWS-3024L 24 port Gigabit PoE switch/controller Up to 24 (96) AP’s DWL-3500AP b/g thin/thick Access Point DWL-8500AP a/b/g Dual Radio thin/thick Access Point DWL-8600AP n Dual Radio thin/thick Access Point DWS port Gigabit PoE switch/controller Up to 48 (192) AP’s DWS port Gigabit PoE switch/controller with two 10Gigabit slots Up to 48 (192) AP’s n DWS port Gigabit PoE switch/controller with two 10Gigabit slots Up to 64 (256) AP’s DWL-8600AP n Dual Radio thin/thick Access Point
DWS-3000 firmware R3 If DWS-3000-series support DWL-8600AP why would you buy a DWS-4026? DWS-3000DWS-4000 Controlled AP’s per switch AP’s per Fast Roaming group96 – Max. number of peered switches48 Switch clusteringNoYes Switching capacity48 – 88 Gbps88 Gbps Number of 10Gig slots2 (DWS-4026 only)2 Rogue AP detectionYes Wireless intrusion detectionNoYes Wireless intrusion mitigationNoYes Centralised RADIUS authenticationNoYes AP-to-AP tunnellingNoYes
Switch Clustering (DWS-4026) Pre-set configuration profiles and centralized AP management; RF management: - Automatic channel adjustment - Automatic power adjustment Self-healing wireless network; Load balancing; Enhanced security enforcement; Fast wireless roaming; Simple network monitoring; Captive Portal with Web-based Authentication; Suitable for medium to large scale network deployments. Features & Advantages of Unified Wireless Switch Solution:
Security can be pre-set and management of AP’s can be centralized. A configuration profile is applied to a managed AP when the AP initially transitions to managed mode or when the AP is reset. Wireless switch will automatically detect all APs attached to the switch. When an AP is removed or added, switch automatically configures the new AP with the same configuration using the pre-configured profile. Wireless switch AP-1 AP-2 AP-3 1.AP-3 attached to a wireless switch port 2.Switch detects the new AP APs detected on the network AP-1 AP-2 AP-3 3.AP gets configured with a pre-set configuration Preset Profiles & Centralised Management
Centralized Policy Control: Security settings/configuration can be modified and saved even when the AP is powered off. Wireless Switch L3 switch L2 switch Pre-set profile configuration Contents of pre-set profile configuration packet: RADIUS server settings Security settings Radio configuration SSIDs, VLAN & Tunnel settings QoS configuration Pre-set profile configuration Preset Profiles & Centralised Management
Automatic channel adjustment: Wireless Switch automatically adjusts channels in the controlled Access Points in an event such as a new AP being added or being removed. Wireless Switch can be programmed to automatically readjust channels periodically at certain time or upon a certain interval. Wireless Switch Channel 36 Channel 40 Channel 44 Channel 48 New AP attached to the network Scan RF area for occupied channels… Select non-interfering channel Channel 44 Rogue AP introduced which is using channel 44 Signal interference detected, Change channel New channel 52 RF Management
AP can adjust power up OR down to minimise cell overlap without compromising client connectivity When a Managed AP is powered down, the power of its neighboring AP(s) managed by the same switch is immediately increased by 20% (Self-healing feature). Wireless coverage area Another AP installed on the network Power adjusted to prevent interference The AP is powered down Power increased Automatic Power Adjustment RF Management
Wireless switch performs load balancing across the switch-managed access points on per radio basis, based on User Count AND AP’s network utilization rate. The APs report bandwidth utilization to the wireless switch regularly. If the bandwidth utilization reaches a configured threshold then the new client associations are rejected. The new client will be forced to connect to an overlapped neighbor AP with lower utilization. Wireless Switch Default bandwidth utilization: 60% AP1 AP2 user4 AP1 utilization rate increased Utilization threshold reached AP2 utilization rate 10% Attempts to connect to AP1 User4 rejected Forced to connect to AP2 User4 connected to AP2 Load Balancing
Mitigate attacks from Rogue AP Disable Rogue AP once detected Mitigate attacks from Rogue Clients Disable Rogue Client once detected DWS-4026 supports advanced Wireless Intrusion Detection and Mitigation: Detect and Classify AP Managed, Standalone, Unknown Rogue (fake managed AP, fake SSID, illegal channel, etc…) Detect and Classify Wireless Client Authenticated, Black-listed Rogue (probe attack, flooding network, etc…) Unified Switch Authenticated Black-Listed Rogue Managed Standalone Unknown Rogue Wireless AP Wireless Client Detect & Classify Mitigate Rogue -Not in client database -Probe attack -Flooding network -Too many failed auth -Authenticated with Unknown AP -Etc… -Fake managed AP -Fake managed SSID -AP using illegal channel -AP using invalid channel -Incorrect security config -Invalid SSID -Unexpected WDS device -Etc… Rogue Detection & Mitigation
Roaming allows wireless clients to move from one location to another, seamlessly switching from one Access Point to another and maintaining access to the network. This feature can be supported within a subnet (Layer 2) or across subnet boundaries (Layer 3). When a wireless client (fast) roams between different APs on the same SSID, the same security setting and IP address “follows” the client. That means there is no need for IP re-allocation and re-authentication in order to keep the connection alive. Hence, it is seamless. Scales upto 192 AP’s with legacy solution, and 256 AP’s with new DWS-4026 solution Wireless switch No re-authentication when user moves With Fast Roaming feature mobile users can move to any place where covered by overlapped neighboring AP’s without the need to re-authenticate. Client moves here Fast Roaming
Professional Site Survey – **Free** from D-Link A Quality Site Survey can make the difference between ‘best effort’ & guaranteed wireless coverage It is a map to a successful implementation of a wireless network The surveyor can find out the RF behaviour, coverage, interference and optimal hardware placement Ensures wireless LAN clients have continual strong RF signal strength & required throughput Meet the customer’s requirement to make best recommendation on hardware, installation & configuration Estimate the cost of the wireless implementation Where do I Start with Wireless Deployment?
The D-Link Difference EXPERIENCE – D-Link are the 2 nd oldest network vendor in the World. We have Deployed over 2000 Access Points to 50+ Queensland & NT Schools, supporting over 20,000 student & teacher wireless devices RESOURCES employee’s worldwide, 75 in Australia and a local Queensland presence in both a Sales & Technical Capacity Sq. Metre Warehouse in Sydney holding $10m stock LIFETIME WARRANTY – on all Commercial Product SUPPORT – D-Link are with you every step of the way, providing FREE no obligation wireless site survey, FREE pre & post deployment support, FREE upgrades, FREE training SOLUTION – All the benefits of our Unified Solution including load balancing, fault tolerance, redundancy all based on Industry Standard Hardware
The D-Link Difference Queensland Catholic Schools St Rita's College, Clayfield 56 Access Points Iona College, Wynnum 53 Access Points Loreta College, Cooparoo 16 Access Points Xavier Catholic College, Hervey Bay, 29 Access Points St Mary's College, Marybourgh, 12 Access Points St Mary's College, Cairns 18 Access Points Chisholm Catholic College, Cornubia, 23 Access Points Siena Catholic Primary School, Sippy Downs, 16 Access Points Queensland Independent Schools Somerville House, South Brisbane 96 Access Points Toowoomba Grammar School, 48 Access Points Rockhampton Grammar School, 45 Access Points Northside Christian College, Everton Park 20 Access Points Southside Christian College, Salisbury 15 Access Points Brisbane Boys College, Toowong 100 Access Points Rockhampton Grammar School, 60 Access Points Queensland Anglican Schools Matthew Flinders Anglican College, Buderim 101 Access Points The Glennie School Toowoomba 62 Access Points St Paul's College, Bald Hills 36 Access Points Forest Lake College, Forest Lake, 42 Access Points Whitsunday Anglican School, 12 Access Points Queensland Lutheran Schools Faith Lutheran College, Redlands 62 Access Points Peace Lutheran College Cairns, 20 Access Points Prince of Peace Lutheran College, Everton Hills, 20 Access Points St Johns Lutheran School, Kingaroy, 10 Access Points Queensland Uniting Church Schools Moreton Bay College, Wynnum, 52 Access Points Moreton Bay Boys College, Wynnum, 18 Access Points Here are just some of the Queensland schools with D-Link Unified Wireless Networks PLEASE speak to your peers and see why they recommend D-Link Unified Wireless Solutions for School 1-to-1 Laptop Programs