Networking Wireless

Enterprise Wireless

AP's, WLAN Controllers, enterprise wifi management

Wireless LAN Components

  • Access Points (APs) - Bridge wireless clients to wired network infrastructure
    • Autonomous APs - Standalone devices with full configuration stored locally
    • Lightweight APs - Centrally managed by Wireless LAN Controller (WLC), minimal local config
  • Wireless LAN Controller (WLC) - Centralized management platform for lightweight APs
    • Handles authentication, security policies, and RF management across multiple APs
    • Uses Control and Provisioning of Wireless Access Points (CAPWAP) protocol to communicate with APs
  • Wireless Clients - End devices (laptops, phones, tablets) with 802.11 wireless NICs

802.11 Standards and Frequencies

Standard Frequency Max Speed Range Notes
802.11a 5 GHz 54 Mbps Shorter Less congested, more channels
802.11b 2.4 GHz 11 Mbps Longer Legacy, highly congested
802.11g 2.4 GHz 54 Mbps Longer Backward compatible with 802.11b
802.11n 2.4/5 GHz 600 Mbps Variable MIMO technology, channel bonding
802.11ac 5 GHz 6.93 Gbps Shorter Multi-user MIMO, 80/160 MHz channels
802.11ax (Wi-Fi 6) 2.4/5 GHz 9.6 Gbps Variable OFDMA, improved efficiency

Frequency Bands and Channels

  • 2.4 GHz Band - Channels 1, 6, 11 are non-overlapping in North America
    • Longer range but more interference (microwaves, Bluetooth, other Wi-Fi networks)
    • Only 3 usable channels for enterprise deployment without interference
  • 5 GHz Band - Up to 23 non-overlapping channels available
    • Shorter range but less congested, better for high-density environments
    • DFS (Dynamic Frequency Selection) channels require radar detection compliance

Wireless Security Methods

  • Open Authentication - No security, anyone can connect (not recommended for enterprise)
  • WEP (Wired Equivalent Privacy) - Legacy, easily cracked, should never be used
  • WPA/WPA2-Personal - Pre-shared key (PSK) authentication, suitable for small networks
  • WPA/WPA2-Enterprise - Uses 802.1X authentication with RADIUS server
    • EAP (Extensible Authentication Protocol) methods: EAP-TLS, PEAP, EAP-TTLS
    • Provides per-user authentication and dynamic key generation
  • WPA3 - Latest standard with improved security and SAE (Simultaneous Authentication of Equals)

CAPWAP Protocol

  • Control and Provisioning of Wireless Access Points - Communication protocol between WLC and lightweight APs
  • Uses two tunnels:
    • Control tunnel - Port 5246, carries management traffic (configuration, statistics)
    • Data tunnel - Port 5247, can carry client data traffic (depends on configuration)
  • Provides centralized management, firmware updates, and configuration distribution
  • APs discover WLC through DHCP option 43, DNS, or static configuration

Wireless Deployment Models

  • Autonomous AP Model - Each AP configured individually
    • Used for small networks with few APs (typically <10)
    • Higher management overhead but lower initial cost
  • Cloud-based Management - APs managed through cloud controller
    • Examples: Cisco Meraki, Aruba Central
    • Centralized management without on-premises WLC hardware
  • Controller-based Model - Lightweight APs with on-premises WLC
    • Best for large enterprise deployments (50+ APs)
    • Centralized policy enforcement and RF optimization

RF Management Concepts

  • RSSI (Received Signal Strength Indicator) - Measurement of signal power at receiver
  • SNR (Signal-to-Noise Ratio) - Difference between signal and background noise
    • Minimum 20 dB SNR required for reliable connectivity
  • Channel Width - 20 MHz, 40 MHz, 80 MHz, 160 MHz options
    • Wider channels = higher speeds but more interference potential
  • Transmit Power - Adjustable to optimize coverage and minimize interference
  • Roaming - Client movement between APs with seamless connectivity
    • Requires 15-20 dB signal difference to trigger roam decision

Vocabulary

SSID (Service Set Identifier) - Network name broadcast by wireless access points

BSS (Basic Service Set) - Single AP and its associated wireless clients

ESS (Extended Service Set) - Multiple APs using same SSID for seamless roaming

BSSID (Basic Service Set Identifier) - MAC address of the AP’s radio interface

MIMO (Multiple-Input Multiple-Output) - Technology using multiple antennas for increased throughput

MU-MIMO (Multi-User MIMO) - Allows AP to communicate with multiple clients simultaneously

OFDMA (Orthogonal Frequency Division Multiple Access) - 802.11ax technology for improved efficiency

DFS (Dynamic Frequency Selection) - Mechanism to avoid radar interference on 5 GHz channels

Notes

  • Always use WPA2-Enterprise or WPA3 for production networks - PSK methods don’t scale and lack individual user accountability
  • Channel planning is critical - Use 1, 6, 11 on 2.4 GHz with 20% power overlap between APs for seamless roaming
  • Site surveys are mandatory - RF planning tools can’t replace physical validation of coverage and interference
  • Guest networks require isolation - Use separate VLAN and firewall rules to protect corporate resources
  • Monitor for rogue APs - Unauthorized APs can bypass network security controls
  • Plan for high-density scenarios - Conference rooms and auditoriums need special consideration for client capacity
  • Firmware consistency matters - Keep all APs on same firmware version to prevent CAPWAP issues
  • Power planning - PoE+ (802.3at) typically required for newer high-performance APs
  • Backup WLC configuration - Controller failure can disable entire wireless network in lightweight AP deployments