Re: Multiple AP
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Fri, 09 Nov 2007 08:44:21 -0800
Richie4236 <Richie4236.2zs2af@xxxxxxxxxxxxxxxxxxxxxxxx> hath wroth:
I have a question about the use of multiple AP in an office
environment. I'm an experienced sysadmin, but haven't really touched
wireless, except at home where I have a really simple setup.
I recently started a new job and have some problems which may be
related ot the way our wireless is set up. We have three AP. One is
the internet router, one in an office just down the corridor and another
around 100m away in the warehouse. As far as I can tell, all three are
connected to the same switched LAN, use the same DHCP server to issue an
IP, are on the same channel and have no encryption enabled.
What I need to understand is this: Can the wireless network opperate
in this way, with three AP overlapping, but with no knowledge of each
other?
Yes. 802.11 wireless is CSMA/CA (Carrier Sense Multiple
Access/Collision Avoidance), which effectively time shares the
available bandwidth. It would probably have been better if the 3
access points were working on different on-overlapping channels (1, 6,
and 11), but they are apparently far enough apart from each other that
it would make little difference.
You can use ping to do a simple test to determine if there's a self
interference problem. Connect to one of the 3 access points with a
nearby laptop and ping the IP of the local router or some device on
the LAN. If you get a consistent 1-2 msec latency, it's working just
fine. However, if you start seeing much longer delays and timeouts,
then you're experiencing packet loss, probably due to collisions with
the other access points. You can aggrivate the situation by having a
2nd laptop move traffic through one or both of the other access points
while doing the test.
Is there a better way for this to be set up to increase
resiliance and security? I'm not happy about the lack of encryption but
have only every touched WEP and WPA in a single-AP environment.
I don't know what you mean by resiliance.
Security is mostly based on wireless encryption. WEP is totally
useless and should be avoided. WPA with a long (20 character or more)
encryption key has not been cracked. WPA2 offers a better grade of
encryption with AES instead of TKIP. Also, the authentication
mechanisms are better. However, there's a problem. Most such systems
use a shared key as in WPA2-PSK (pre-shared key). The key must be
entered in every laptop or device that wants to the connect to the
network. That means it can be easily extracted, compromised, and
distributed. To eliminate this shared key, I suggest you consider
setting up a RADIUS server as in WPA2-RADIUS. In addition to
authorizing (login/passwd) each user individually, it also supplies a
one time, maximum length, and unique WPA encryption key, for each
session.
In addition to all this, you can also run a VPN over the wireless
link, which also encrypts the traffic (thus preventing sniffing) and
has it's own authorization and authentication methods. This is often
handy when you want to run a private (VPN based) network, on top of a
fundamentally insecure wireless system that might be used by guests
and visitors.
We have some hand-held devices in the warehouse which keep falling off
the network, and I wondered if our setup is what's causing this to
happen possibly.
Sorry. I can't help you there. The usual problem is packet loss
caused by interference from other networks, your own network, and
non-802.11 sources of interference. A simple microwave oven or
cordless phone will cause disconnects. See:
<http://wireless.wikia.com/wiki/Wi-Fi#Interference>
for a list of possible culprits.
Warehouses are also notorious for reflections and multipath. If there
is more than one path between the access point and the client radio,
then there's a possibility of cancellation (also known as frequency
selective fading). The two 20,000 sq ft warehouses I've done required
multiple access points and directional antennas pointed down the isles
in order to get adequate converage to wireless readers. The antennas
had to be install high, near the 20ft ceiling, in order to illuminate
the isles. It couldn't be done with just one access point.
I suggest you find a Windoze XP laptop and install Netstumbler, or use
a similar Vista tool:
<http://www.netstumbler.com>
Walk around and collect data on the signal strength and signal
quality. Look for dead areas and places where the signal quality
deterioriates. That will give you an idea of how much work it's going
to take to make things work. Running streaming content, with minimal
buffering, is also a good test of bad areas. When the music or video
stops, you're losing packets.
The issue of warehouse coverage has been discussed previously. See:
<http://groups.google.com/group/alt.internet.wireless/browse_thread/thread/dbd697c33c561dd9/cf51af2d60158ced>
Note that this is a 200,000 sq ft warehouse being discussed.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- References:
- Multiple AP
- From: Richie4236
- Multiple AP
- Prev by Date: Re: Bridging wifi into wireless network
- Next by Date: Re: Multiple AP
- Previous by thread: Multiple AP
- Next by thread: Re: Multiple AP
- Index(es):
Relevant Pages
|
