You are on page 1of 19
WHITE PAPER Deploying 802.11 Wir eless LANs
WHITE PAPER Deploying 802.11 Wir eless LANs

WHITE PAPER

Deploying

802.11

Wireless

LANs

CONTENTS

Executive Summary 1 Introduction 1 Business Drivers 1

Deployment Considerations 3 Why 3Com? 12

14

Deployment Examples

Deploying 802.11 Wireless LANs

Executive Summary

This paper demonstrates how you can successfully deploy Wi-Fi wireless LANs (WLANs) within your company. It illustrates the business drivers and the tangible benefits that you can real- ize. In addition, this paper examines issues involved in deploying wireless networks to help you make the right decisions when planning and purchas- ing a WLAN solution. Whether you are adding wireless extensions to your existing LAN or installing a wireless network from scratch, this white paper will help you overcome potential pitfalls and address the issues you may face.

Introduction

Not so long ago, wireless networking was a technology accessible only to spe- cific vertical industries. Warehousing, retail, and healthcare were among the first industries where wireless network- ing brought functional advantages and made economic sense. Today, technol- ogy has developed to the point where WLANs are now being deployed across all industry sectors from small busi- nesses to large enterprises. The worldwide business 802.11x WLAN hardware unit shipments are in the mid- dle of a tremendous growth surging from 2.6 million units shipped in 2000 to an estimated 41.7 million in 2006. 1

It is not difficult to see why. WLAN technology is one of the most effective IT tools there is to establish a competi- tive advantage for your company. Adding WLAN elements to your cur- rent network will bring dramatic increases in workforce productivity. There will be demonstrable cost savings from more efficient use of resources and infrastructure. Not least of all, the flexibility it will add to your IT infra-

1 Source 2002 In-Stat/MDR Group

structure, which will help satisfy the needs of your network users more easily.

Business Drivers

Increased Productivity

WLANs enable workers to be more productive with access to the Internet, e-mail, and network files wherever they are in the business campus. This is especially useful when working away from the primary office location. Ten minutes idle-time between meet- ings can be used to deal with important e-mails. Many job functions get huge productivity benefits from immediate access to critical informa- tion. For example, doctors can retrieve patient information from anywhere within a hospital, or logistics managers can query detailed inventory informa- tion from any place in a warehouse.

More Efficient Meeting

Data can be shared between users and accessed on the corporate network more easily from within conference rooms, cafeterias or corridors. This saves time and helps decision-making in formal meetings, and delivers on- the-spot information to support productive informal meetings any- where in the building.

New Services

WLAN connectivity enables companies to deliver new services over their net- works. For example, instant messaging can be used to communicate and make time-critical business decisions anytime anywhere. Existing network services can also be used more productively, for instance, IT administrators equipped with laptops are able to provide desk- top support to users from any place in the company.

Ease of New Installations

WLANs dramatically reduces the time and cost of adding PCs and laptops to an established network. For small and medium companies a complete wire- less network can be set up within hours, with minimal disruption to the business.

Out-of-office Connectivity

A laptop or PDA with WLAN capabil-

ity allows mobile employees to be more productive by working from public “hot spots” at airports, hotels, and coffee bars.

Temporary LAN.

Campus style networked communica- tion can be achieved with minimal time and effort through WLAN con- nectivity at off-site training sessions, trade shows, or for mission-critical applications during disaster recovery.

For more information about wireless technologies and 3Com wireless solutions, visit

www.3Com.com/wireless

Cost Savings

Tangible cost savings will come pri- marily from three areas.

Reduced Installation Costs

The cost of running cabling varies, but averages $150 per drop. Environments where it is difficult to pull wires may cost as much as $250 per drop—and even more in such hard-to-reach areas as cafeterias, lob- bies, or within older buildings. For businesses with established networks where the wiring is inadequate, or businesses installing a new LAN from scratch, this alone is more than enough to justify the incremental cost

of equipping new desktop PCs with a

wireless adapter, or adding a wireless workgroup bridge to connect to desk- tops. In this way, wireless can present a significantly lower installation cost.

Return on Investment through More Efficient Use of Resources

Small and medium businesses installing a WLAN can share resources such as printers and scan- ners. They can also save on ongoing telecommunications costs by sharing a single broadband connection for Internet access. ROI increases as the business expands because the grow-

ing number of employees will share resources even more efficiently using the WLAN network.

For larger campus-based companies, multiple buildings up to 16.9 km (10

miles) 2 apart can be connected via Wi-

Fi links using wireless building-to-

building bridges. These also allow a single link to replace T1/E1 links cost- ing thousands of dollars per month.

ROI from Increased Productivity

A simple example shows there should

be no doubt that a WLAN provides significant productivity returns. Take the case of office-based employees using WLAN-enabled laptops.

Assume the typical knowledge worker salary is $60,000, equating to $90,000 after benefits and other costs to the employer. An average worker puts in 2,000 hours over 50 weeks so the hourly cost is $45 per hour. If a wire- less LAN provides an additional productivity of 15 minutes per week for this worker, the total productivity gain would be $562.50 per year.

Wireless LAN costs for this employee are $150 composed of $100 for the client device (PC Card in a notebook) and $50 share of an access point (assume a con- servative 8 users per access point, $400 total cost for the whole AP).

Greater Flexibility

It is much easier to add new clients to

a network using WLAN connections. Network users can roam throughout the company, and are free to work from various locations or sites without burdening IT administration resources. Equipment such as PCs and printers can be re-arranged within the office without the need for a support call. Additionally, customers and other visitors will be able to access the Internet or their own corporate net- works with minimal support.

As long as certain key issues are addressed when deploying WLAN technology, you can more easily sat- isfy the needs of your network users while also gaining cost and productiv- ity benefits.

2 Local regulations outside of the United States may limit the authorized radiated power output of building-to-building bridges. The maximum range expected outside of the United States is approximately 1.6 km (1 mile).

Deployment Considerations

There are more and more laptop com- puters with embedded Wi-Fi clients, as well as an increasing number of public hot spots. The result is that Wi-Fi enabled products will become more prevalent, even within compa- nies that have no WLAN. So it is important to reap the rewards offered by WLANs, but at the same time understand the issues associated with well-managed deployment.

Standards

Among the most fundamental steps to take when planning a wireless LAN is to learn about the various IEEE 802.11 standards, decide which ones are appropriate for your application requirements, and plan your deploy- ment accordingly. 802.11 systems are generically called “Wi-Fi”. The Wi-Fi Alliance is responsible for awarding

the Wi-Fi CERTIFIED logo that ensures 802.11 compatibility and multi-vendor interoperability.

The original 802.11 standard estab- lished in June 1997 defined a 2.4 GHz system with a maximum data rate of 2 Mbps. This technology still exists in legacy wireless LANs, but should not be considered for new deployment. Today there are two basic categories of IEEE 802.11 WLAN standards. First are those that specify the fundamental protocols for the complete Wi-Fi sys- tem. These are called 802.11a, 802.11b, and 802.11g. Second, there are exten- sions that address weaknesses or provide additional functionality to these standards. These are 802.11d, e, f, h, i, and j.

The following table shows the three fun- damental 802.11 standards at a glance:

TABLE 1.

Three Fundamental 802.11 Standards

Standard

Radio

Modulation

Max. Link

Max.

Max. # Non- overlapping channels

Other Issues

Band

Coverage

Data Rate

802.11b

2.4

GHz

DSSS

100m/328ft

11

Mbps

3

- 802.11b networks have the largest installed base.

 

5 GHz

OFDM

50m/164ft

54

Mbps

12 (fewer in some regions)

- Needs 802.11 extensions to be used in some regions (e.g., EMEA)

 

2.4

GHz

OFDM

100m/328ft

54

Mbps

3

- Backward-compatible with 802.11b

   

- Fully ratified

More

established

standard

802.11a  - Fully ratified More established standard 802.11g Newer standard 802.11b should be considered if: -

802.11g- Fully ratified More established standard 802.11a Newer standard 802.11b should be considered if: - y

Newer

standard

802.11b should be considered if:

- you do not intend to use high- bandwidth applications.

- you need a wider coverage area.

- price is a primary consideration. An 802.11b WLAN costs roughly a quarter as much as an 802.11a net- work covering the same area at the same data rate.

The main disadvantage of 802.11b is its lower maximum link rate. And since it occupies the 2.4 GHz band used by other technologies (e.g., Bluetooth and cordless telephones), this rate may be reduced further due to interference issues.

802.11a should be considered if:

- you need to run higher-bandwidth applications such as voice or video.

- you have small densely packed con- centrations of users. The greater number of non-overlapping chan- nels allows access points to be placed closer together without interference.

The main disadvantages of 802.11a are that it is not compatible with the older 802.11b WLAN standard and costs roughly four times as much to cover the same area.

802.11g should be considered if:

- you need to run higher-bandwidth applications and also need a wide coverage area.

- you need backward compatibility with 802.11b equipment.

The main disadvantage of 802.11g is that maximum data throughput is reduced when 802.11g and 802.11b equipment shares the same network. Finally since it uses the same 2.4 GHz band as 802.11b it faces the same interference issues.

The following 802.11 extensions (except .11h and .11j) apply to all variants of Wi-Fi:

802.11d addresses regulatory consider- ations in countries that do not yet have rules in place for the operation

of 802.11 LANs.

erability of WLANs in those countries.

.11d ensures interop-

802.11e defines quality of service (QoS) levels for applications such as voice and video. Although the stan- dard is not yet ratified, this is expected to happen in third or fourth quarter of 2003, and 802.11 access points should be upgradeable via new firmware in the future.

802.11f is the Inter Access Point Protocol (IAPP). It improves the han- dover mechanism in 802.11 between access points and switched segments as users roam between them. 802.11f is not yet ratified (expected late in third quarter of 2003) but products implementing IAPP have started to ship. Before 802.11f is ratified you should ensure that your access points are Wi-Fi Certified to achieve interop- erability.

802.11h adds better control over trans- mission power and radio channel selection to 802.11a. This standard is primarily to address the requirements of European regulatory bodies. 802.11h is expected to be ratified by the end of 2003 and will increase the availability of 802.11a products within EMEA.

802.11i provides enhanced security. It includes the use of 802.1X authentica- tion protocol, an improved key distribution framework and stronger encryption via AES (Advanced Encryption Standard). The 802.11i

standard is due to be ratified by late

2003.

802.11j addresses adding channel 4.9 GHz to 5 GHz for 802.11a in Japan.

Security

There is a widespread perception that wireless LANs are insecure, but that concern is resolved if the appropriate mechanisms are in place. It is true that due to the nature of RF transmission and its inherent risks, WLANs require additional security considerations. However, your wireless LAN can be just as secure as the rest of your LAN. As described in the previous section, 802.11i is an extension to the current WEP security standard that will bring greater security to Wi-Fi networks through improved encryption, key distribution, authentication, and a range of other features most appropri- ate to wireless networks. However, this will not be ratified until late 2003. In the meantime, there are some very simple steps that can be taken to make WLANs more secure.

Turn on WEP

WEP (Wired Equivalent Privacy) is the standard 802.11b wireless security protocol. Designed to provide wired- like protection by encrypting wireless data as it is transmitted, WEP pro- vides a baseline level of security that can be very effective when used in conjunction with other security mechanisms. First, WEP should be enabled, with the WEP key changed from the default. Ideally, WEP keys should be generated dynamically when a user logs on, making access to wireless data a moving target for hackers. Session-based and user-based WEP keys offer the best protection and add another layer of deterrence.

Use Secure Authentication (preferably 802.1X-based authentication)

802.1X is the new standard for Layer 2 authentication. It defines a generic framework for port-based authentica- tion. Instead of checking a local MAC

list, this feature allows wireless clients

to associate with the wireless access

point and authenticate with a RADIUS server that has been set up on the wired network. The IEEE 802.1X stan- dard is used for the client authentication communications, and

ensures that only authorized wireless clients are permitted to access the wireless LAN. The 802.1X standard is

a framework based on the Extensible

Authentication Protocol (EAP), which can support multiple implementation methods, including EAP-MD5, EAP- TLS (Transport Layer Security), PEAP (Protected EAP), etc.

Keep an Eye on Emerging Standards

WEP is one security layer of many

and should not be relied on as the sole security measure. Wi-Fi Protected Access (WPA) is a subset of the cur- rent 802.11i draft, taking certain pieces of the 802.11i draft that are ready to bring to market today, such

as its implementation of 802.1X and

TKIP. To improve data encryption,

WPA utilizes Temporal Key Integrity Protocol (TKIP). TKIP enhances WEP

to provide a per-packet re-keying

mechanism, adds a Message Integrity Check (MIC) field to packet, and uses 802.1X. WEP has almost no user authentication mechanism. To strengthen user authentication, WPA

implements 802.1X and EAP. Together, these implementations provide for stronger data encryption, key man- agement and user authentication.

Employ VPNs

A Virtual Private Network (VPN) is a

security enhancement option that pro- vides an excellent higher layer of

security and an alternative to 802.1X.

In this approach all wireless clients

are treated in the same way as remote access VPN clients. The VPN provides

a secure, end-to-end tunnel over an

“un-trusted” network—which in this case is the WLAN and in the case of remote users is the Internet. Whereas

WEP and TKIP encrypt frames on the wireless link (layer 2) only, layer 3 VPNs such as IPSec can be used to encrypt data end-to-end from the remote access clients to security gate- ways at the private network edge.

Minimize RF Leakage

Steps should be taken in the configu- ration of your WLAN to minimize the risk of potential eavesdroppers out- side company buildings from accessing your WLAN. The simplest method is to ensure that appropriate antennas are used and RF signals are directed at the intended area of cover- age. Signals should not be boosted needlessly. Besides the inexpensive option to scale down the output power, the additional, and more expensive, step of shielding external walls prevents radio traffic leaking outside the walls of your building, and again offers an excellent method of helping secure your network.

Check for Unauthorized Access Points

Many Wi-Fi products are now easy to install. In an enterprise network, there is a possibility that rogue access points may be connected to the network by well-intentioned users unbeknownst to the IT organization. However, without correct configuration or management these could pose a serious risk to secu- rity. Regular physical inspections should be made and, preferably, net- work management tools should be used to routinely scan for the presence of rogue access points.

Management

Effective use of network management is essential in larger enterprise net- works but is good practice in businesses of all sizes. This is especially true for WLANs, which have the par- ticular management needs described in this section. With business drivers set to fuel tremendous growth in Wi-Fi, it is important that the right tools and mechanisms are adopted from the start to ensure a well-managed approach to deployment.

Traffic Analysis

Although monitoring and analysis of network traffic is important in wired networks, a wireless LAN is a much more fluid environment. Users are free to move throughout the network and capacity demands shift. For example, there may be company meetings or training sessions where an exception- ally high number of users are accessing the network from a single location. Monitoring tools can be used to indi- cate which access points are being used the most (or least) and highlight the need for moves or additions.

In the presence of interference, a per- formance drop may be reported by users, or indeed observed through traffic analysis. In these cases, bench- marking of throughput and the effects of adjusting optional configuration settings in MIB (e.g., CTS/RTS described in the following section) provides a method of dealing with such problems.

Discovery and Configuration

For larger wireless networks, adminis- trators need to have tools that allow them to discover various wireless devices within the network segment, configure parameters, run diagnostics, monitor performance, view device properties, and select a device for individual configuration. It is recom- mended that you protect each network infrastructure access point by setting up a username and pass- word to control access to the configuration settings. To ease admin- istrative burden for larger networks, capabilities such as “save and load facility” are useful because they allow you to configure one device and prop- agate the same configuration to similar devices on the network.

Migration to a Centralized Management Scheme

As the number of wireless users begins to grow, and Wi-Fi is used for high-speed and mission-critical appli- cations, it becomes increasingly important for management of the WLAN to be centralized, providing network administrators the ability to

discover, manage, and upgrade access points across the network. If they are not already using another SNMP- based central management tool, organizations that require this func- tionality should look to their WLAN vendor to provide it. Embedded Web Server that works with any Web browser that supports HTML and Java Script is an added plus for easy con- figuration and management. Support for SNMPv3-compliant management is critical for secure management of access points.

A centralized approach also allows for increased levels of functionality and bandwidth management. IT depart- ments can organize the WLAN by domains, granting privileges and access rights to different user groups as they see fit. For larger networks, this func- tion can be automated and centralized such that when a wireless user is authenticated via 802.1X and RADIUS, the enterprise access point automati- cally assigns the user to the appropriate VLAN. Security breaches can be auto- matically detected with access points flagging security breaches or configu- ration errors to the management console. Also, unauthorized access points can be tracked down and removed or properly configured.

Eventually, the goal for larger enter- prises should be to incorporate management of their wireless LANs within their overall network manage- ment system, such as HP OpenView. Some vendors are already making this possible. Smaller businesses not want- ing to employ centralized management should consider deploying Wi-Fi equipment web-based management capabilities. This will give them the ability to perform upgrades, reconfig- uration, and simple performance monitoring over the network via a standard web browser.

Performance

There are several key reasons why 802.11 technology is now being embraced by such a wide user base:

1. Wireless performance has reached levels similar to wired Ethernet.

2. The silicon technology today allows to implement more sophisticated algorithm schemes for equalizers to be embedded in the wireless chipset.

3. Large production volumes help drive down the cost of underlying silicon.

However, it is important to consider the factors affecting performance and how this can be appropriately handled to suit your needs.

Choose the Appropriate Wi-Fi Type

The choice of 802.11 variant is a fun- damental decision. The advantages and disadvantages of 11b, 11a, and 11g are outlined in the earlier section “Standards,” but there are some addi- tional considerations affecting performance.

As with conventional Ethernet tech- nologies, quoted “data rates” of 11 Mbps (11b) and 54 Mbps (11a and 11g) are theoretical maximum signal- ing rates and exclude protocol overheads. Estimates of realistic maxi- mum data throughput are:

- 5 Mbps to 6 Mbps for 11b

- 27 Mbps to 30 Mbps for 11a and 11g

It should be noted that this is the total shared throughput available to a sin- gle user communicating through a single access point operating using a particular frequency channel. This throughput subsequently decreases as more users connect to the access point. Each Wi-Fi variant defines a multiple number of non-overlapping radio channels. If there is another access point within range using a dif- ferent non-overlapping channel, it provides additional throughput capac- ity for these users.

802.11a provides twelve non-overlap- ping radio channels. However, the 802.11b and 802.11g standards define three non-overlapping channels. A good implementation today is to use 802.11a access points in areas occu- pied by densely packed users such as “hot desk” areas or meeting rooms where a higher throughput may be

needed. 802.11b should then be used to provide blanket coverage for the entire facility.

Access points that provide configurable dual modes (for example, 802.11a and 802.11b) of operation are ultimately the best solution, because you can mix and match radio bands to meet different coverage and bandwidth needs within the same area. Such configurations are now readily available.

IP Address Management

To ease integration into the existing network environment, the access point may act as a DHCP server to the clients that are wirelessly associated with it. Alternatively, the DHCP server of the access point should have the ability to defer to any other DHCP servers that exist on the network, so that it can only become active if the access point does not detect another DHCP server.

Properly Set Channels

You must ensure that the channel selected is compatible with the chan- nel ranges supported by the wireless clients that will be associating with the access point. To ease administra- tive burden, look for an access point that can automatically scan the spec- trum of all available regulatory channels, and select the one with least interference. The best channel avail- able is the channel where no other wireless devices are causing interfer- ence on the radio frequency (RF). Clever architectures to suit the range and density requirements can be con- structed using the non-overlapping channels of 802.11a and 802.11b. For instance, “cellular architectures” can be deployed by mixing the three non- overlapping channels (channels 1, 6, and 11) of the 802.11b standard, while minimizing the risk of inter-access point interference.

Provide Adequate Coverage

The maximum data rate is only avail- able within a limited distance from an access point. Typically this is 100ft/30m for 802.11b and 802.11g and 30ft/10m for 802.11a. If a client moves farther away, data speed is

reduced. For example, an 802.11b client’s performance will diminish from 5.5 Mbps to 2 Mbps and finally to 1 Mbps as a user moves away from an access point. It is therefore impor- tant that access points are not placed too far apart.

Attenuation due to obstacles such as interior walls can reduce coverage, as well. This is more of a problem for 802.11a, which is inherently less able to penetrate such obstacles. For larger sites, or for buildings with solid inte- rior walls, an RF site survey is a valuable tool in coverage planning.

Site Survey

This type of tool is invaluable in deciding the best place to position a new access point. The tool provides statistics on the transmission perfor- mance of the access point in each proposed location, making it easy to compare and choose the best location.

Minimize RF Interference Effects

This is another issue that primarily affects 802.11b and 802.11g. These standards use the 2.4 GHz band that is also used by other technologies such as Bluetooth and cordless phones. Although Bluetooth and Wi-Fi are complementary technologies, and they both operate in the 2.4 GHz band, each has different technical and usage char- acteristics. Bluetooth uses a quick Frequency Hopping (1600 hops per second) and Spread Spectrum (FHSS) technology. Most implementations sup- port a range of up to 10 meters (30 feet) at a data throughput of 0.721 Mbps. 802.11b is a Direct Sequence Spread Spectrum (DSSS) technology, and offers speeds of 1, 2, 5.5, and 11 Mpbs, cov- ering a range of about 100 meters indoors. As Wi-Fi and Bluetooth activ- ity grows in public areas and enterprises, interference issues may need to be alleviated. Possible solu- tions to the problem include separating the two devices by more than 3.5 meters. Then as Bluetooth units hop over the full ISM band, they will over- lap with the 802.11b signal for about 25 percent of the hop frequencies while the 75 percent that do not over- lap will not be a problem.

Configure Optional Settings

CTS/RTS is an optional 802.11 protocol setting that can help improve perfor- mance in cases when clients are hidden from each other (e.g., due to physical obstacles). In these cases, excessive collisions and re-transmis- sions can waste bandwidth and reduce throughput. CTS/RTS resolves this by introducing a hand-shaking mechanism between client and access point. The CTS/RTS uses a threshold that can be adjusted until throughput is maximized.

Fragmentation is another optional 802.11 protocol setting that helps improve performance in cases where interference is reducing throughput by causing bit errors and re-transmis- sions. Frames are broken into smaller fragments before transmission to reduce the chances of errors. Again, this can be implemented within indi- vidual client devices by adjusting the threshold to provide the best throughput.

802.11a Turbo Mode is another feature of some current products. If both the access point and client support turbo mode, which is vendor specific, it boosts maximum data rate to 108 Mbps.

Quality of Service

QoS is defined as the control of four network categories: bandwidth, latency, jitter, and traffic loss. Bandwidth is defined as the total net- work capacity. Networks must provide sufficient bandwidth for each application’s throughput require- ments. Latency is the total time it takes for a frame to travel from a sender to a receiver. Latency is crucial for receivers with QoS requirements. Packets arriving too early require buffering or worse may be dropped. Packets arriving too late are not useful and must be discarded. Jitter is the variation in the latency among a group of packets between two nodes. Jitter requires a receiver to perform complex buffering operations, so that packets are presented to higher levels with a uniform latency. Traffic loss refers to the packets that never arrive at the receiver.

The introduction of wireless channels to the overall networking fabric intro- duces variability to these main QoS performance parameters. In addition, roaming and other capabilities create problems that do not exist in wired networks. Therefore, individual com- panies and IEEE 802.11 TGe are striving to endow wireless LANs with mechanisms for effectively managing QoS parameters as well as wireless characteristics.

There are several factors that make QoS a requirement in 802.11. One is the wireless transmission of home entertainment via a Wi-Fi WLAN. Another is the trend in the corporate environment to converge voice and data on a single wired communications infrastructure. If this were extended to the WLAN environment, company net- works could carry wireless voice communications—creating possibilities for a range of new applications and delivering significant cost savings.

As described earlier, a new extension (802.11e) will define quality of service (QoS) levels for applications such as voice and video. However this will not be ratified until third or fourth quarter of 2003. Therefore it is essen- tial that current products from reputable vendors should be firmware upgradeable to provide this function- ality in the future.

While there are some proprietary QoS schemes on the market today, it is important to remember that an effec- tive solution needs end-to-end implementation. Proprietary chipsets may not be compatible with main- stream Wi-Fi products when a standardized solution is available.

Mobility

Roaming is a critical component of the mobility equation. Wireless clients must be able to roam among all access points within the same subnet on the user’s LAN segment, as well as across subnets, without discernable inter- ruption of data communications and security controls.

Location-Dependent Configuration

A mobile employee using their Wi-Fi

enabled laptop will need the capabil- ity to connect to a number of different network types and configurations. Different sites within the company will usually be consistent, but when connecting at home or from public wireless hotspots there could be the

need to reconfigure various client set- tings. This can be difficult and inconvenient for users, and as a result

it is worth considering some form of

profile management solution.

Inter-Access Point Roaming

As a user roams within the wireless LAN there needs to be a system of seamless movement among access points. Until recently, this was achieved by proprietary mechanisms from particular vendors. However, industry progress is evident based on recommended implementation of IEEE Std.802.11f/D2.2, December 2001 draft on Inter-Access Point Protocol

(IAPP). The goal of IAPP is to facilitate seamless roaming in between access points from different vendors as long

as the access points are part of a

Distribution System (DS) implement- ing IAPP. IAPP handles the registration of APs within a network and exchange of information when a user is roaming among coverage areas supported by different vendor’s access points. It will help with fast hand-off from AP to AP. The 802.11f standard specifying IAPP is soon to be ratified and products are now shipping com- patible with it.

Roaming and Security

If a user is using 802.1X for authenti-

cation and dynamic key management then IAPP roaming is required in order for the user to roam from one AP to the other without the need to re-authenticate. An alternative for sites that are not 802.1X enabled is to maintain a consistent username and password database locally within each

access point to which a client could potentially roam. This would enable the client to roam without having to re-enter credentials.

Extended Roaming

While Layer 2 roaming refers to the users’ capability to roam from one AP to another without crossing router boundaries (i.e., within the same IP sub-net), layer 3 roaming refers to the users’ ability to roam across router boundaries as they move about the enterprise campus. One of the imple- mentations for Layer 3 roaming can be achieved through the renewal of its Dynamic Host Configuration Protocol (DHCP) lease for its IP address. This can be undertaken either manually or automatically. A manual DHCP imple- mentation does require user intervention, where the users perform a manual “release/renew” using the Windows WINIPCFG utility.

For enterprise environments where native DHCP services are not avail- able, the embedded DHCP server within a local host can take the role of automatically assigning a valid IP address as the client roams across router boundaries. In the future, this implementation would become easier as IPv6 becomes widely deployed, and as all devices needed in the implemen- tation support IPv6.

RF Issues

Before a WLAN is deployed, a wire- less site survey will show the level of interference from other 2.4Ghz devices such as cordless phones and other WLANs. It will also identify the required location of each access point and the antennas necessary to provide adequate cell coverage and bandwidth capacity and to avoid co-channel interference between access points. For a larger enterprise, a wireless site survey from a professional wireless LAN consultant will usually provide the most satisfactory solution. However for a smaller company this may not be necessary, especially when only one or two access points are needed. In any case it is helpful to understand the basic RF (radio fre- quency) issues when planning a WLAN deployment.

Antennas

Access points are usually supplied with omnidirectional dipole antennas.

These provide 360 degrees cell cover- age around the axis of the antenna and will be suitable for most deploy- ments. It should be noted that office spaces contain obstacles to radio transmissions, in particular metal objects such as partition frames and wall studs. These can reflect RF sig- nals and cause a phenomenon known as multipath distortion. To help over- come this, access points that use a diversity antenna system (two identi- cal antennas a small distance apart) should be used wherever possible since they will provide enhanced cov- erage to the same geographic area.

There may be instances where the antenna supplied with the access point is not suitable. For example the best position for the antenna might be on a ceiling or a wall where position- ing an access point would be difficult. In these cases an add-on ceiling or wall-mounted aerial can usually be used connected to the access point by an appropriate cable.

Also, there are cases when an omni- directional antenna might be inappropriate. Where there are restrictions in locating access point or within an awkwardly shaped office space it might unnecessarily radiate signals outside exterior walls present- ing a possible security risk. Also in 802.11b and .11g networks, a too- wide coverage might interfere with adjacent cells on the same channel. In these cases a “sector-panel” (or “patch”) aerial can be used to direc- tionally focus cell coverage. These antennas are usually housed in flat boxes and mounted flush onto walls. They will produce hemispherical cov- erage, spreading away from the mount point at a width of between 30 and 180 degrees (depending on the partic- ular antenna).

Antennas do not boost signal power but concentrate the power in a certain direction, which gives more focused coverage pattern by trading-off the width (or angle) of the cell. A yagi antenna provides a more directional beam for long corridors and tunnels, and a parabolic aerial can be used for

long-distance, highly directional con- nections between buildings.

Building-to-Building Bridges

A building-to-building bridge can be

used to link buildings with 802.11b. Such bridges will usually require an

aerial placed outdoors on an external wall or roof. The choice of aerial depends upon the nature of the con- nections required. For example, a campus requiring wireless connection between several buildings in close proximity may use an omnidirectional

or sector-panel antenna; but a longer

point-to-point connection between two buildings may need a more direc- tional yagi or parabolic antenna.

In order to avoid signal degradation

over long distance wireless links, there should be an obstacle-free zone wider than the point-to-point line of sight. The Fresnel (pronounced “fre- nel”) zone is an elliptical area immediately surrounding the visual path into which the RF signal will spread. The Fresnel zone can be calcu- lated from the length of the signal path and the frequency of the signal, and it must be taken into account when designing a wireless link.

Country-specific regulations will also restrict the length and type of build- ing-to-building links, so they should be consulted before designing wire- less inter-building links.

Coverage Planning

An essential goal in WLAN deploy- ment is to ensure all areas are adequately covered. The coverage of each wireless cell depends on the location of the access point and the antenna used. Office spaces often have internal walls and obstacles and are

rarely circular. A careful plan is neces- sary to maximize coverage and performance with the fewest possible access points and least susceptibility

to co-channel interference.

there are some general guidelines that will help with planning:

1. In an open plan office such as those with cubicles, there should be little attenuation of the radio signal. An 802.11b or 802.11g access point with an omnidirectional antenna will provide a cell with radius of around 328ft/100m (100ft/30m of this at maximum data rate). An 802.11a access point will cover an area with an approximate radius of 164ft/50m (30ft/10m at the maxi- mum data rate).

2. 2.4 GHz (802.11b and 11g) WLAN signals will generally penetrate internal walls although there may be some signal attenuation, espe- cially if the walls are made from cinderblock. It is worth noting that internal walls often have part-metal construction and this can increase signal attenuation, too.

3. 5 GHz (802.11a) signals do not pen- etrate interior walls well and this should be taken into account when planning.

4. In a multi-floor building, there may be some signal leakage between floors. For example, an access point mounted midway between the floor and ceiling on the second floor may radiate signals through to adjacent floors depending on the gain and coverage of the antenna. This can be especially relevant for the floor above a ceiling-mounted antenna.

5. Penetration through brick or stone walls by Wi-Fi of either band is possible but unreliable. So any plan should not be based on the assump- tion of signals penetrating walls.

6. Metal walls or floors will not be pen- etrated by Wi-Fi signals and need to be planned around. This also applies to elevator shafts that will present an obstacle to WLAN signals.

Due to variability in the composition and thickness of building materials the only guaranteed way of determining

the cell coverage area of an access point

is by on-site measurement. However,

Why 3Com?

So far this paper has outlined the business benefits driving the need for wireless networking, and has exam- ined the issues you will need to consider during deployment. This sec- tion highlights just some of 3Com’s wireless solution features that will help successfully address these issues.

Security

As described earlier, the key to effec- tive WLAN security is to utilize a combination of appropriate security mechanisms. 3Com today delivers industry-leading wired and wireless security options, so that you can deploy the solution most appropriate to the level of security required for your network.

Standards-based Encryption

3Com products support 40-bit (some- times called 64-bit) and 128-bit WEP. By turning on WEP and managing keys effectively, a base line level of security can be achieved that discour- ages casual wireless eavesdroppers.

Dynamic Security Link

3Com provides an enhanced method of encryption and key management that addresses the main weakness within WEP, namely a manual static key. Instead a unique 128-bit key is dynamically assigned to each user, and this is changed for every new ses- sion. Additionally, a local username and password database maintained inside of each access point enables a more secure user-based authentication mechanism.

Secure Authentication Options

802.1X port-based authentication is supported for different EAP types, including EAP-MD5, EAP-TLS, EAP- TTLS, and PEAP. 3Com supports 802.1X for non-XP clients including Windows NT and Windows2000 sys- tems.

MAC address authentication is also supported, either locally within the access point or via a RADIUS authen- tication server.

XJACK ® connector

The XJACK connector on 3Com client devices provides a simple but highly effective method of securing data on laptops by turning off the radio when it is not required

Management

3Com offers a number of different options to manage WLAN devices.

SNMP Support

WLAN products can be integrated into an enterprise-class network man- agement system such as HP Openview.

3Com Network Supervisor

This is a powerful yet easy-to-use PC- based management tool that offers many of the benefits of centralized management identified in an earlier section. It is included in the price of the product.

Web-based Management

Individual devices can be securely monitored, configured and upgraded using a standard web-browser.

Save and Load Cloning

3Com access points can be added to an existing network with maximum ease by cloning configuration settings from another access point.

Performance Autonomous Load Balancing

This feature is unique to 3Com’s client devices and helps maximize traffic capacity of the wireless network with- out user intervention. 3Com’s WLAN clients are smart enough to automati- cally associate with the access point providing the highest available throughput, not just the closest one. This is especially effective at improv- ing performance for high-bandwidth users located in more densely packed areas of the network served by multi- ple access points.

Clear Channel Select

3Com’s access points can be set to scan the available radio channels and auto- matically use the least loaded one. Performance-reducing co-channel interference is minimized. This simpli-

fies placement planning and channel selection of access points, especially for 802.11b technology which inher- ently only has three non-overlapping channels.

Dual-band Radio Products

The ideal solution of maximum geo- graphical coverage with highest performance at minimum cost could be achieved through blanket deployment of 802.11b with pockets of 802.11a or 802.11g. Even if the higher perfor- mance is not needed today, it should be the network-planner’s goal to allow for smooth future migration. 3Com’s access points now ship with dual-slot modular 802.11a/ 802.11b support (802.11g available from June 2003).

Inter-Access Point Protocol (IAPP)

802.11f describes the handover process for mobile users using IAPP that allows them to roam between dif- ferent vendors’ access points. Although this standard will not be ratified until later in 2003, 3Com’s new access points have begun to ship supporting IAPP. On earlier models, the Auto Network Connect function allowed users to roam between 3Com access points; future firmware upgrades will allow IAPP support on these products.

802.11a Turbo Mode

For maximum throughput, 3Com’s 802.11a access points and client devices support “turbo mode,” which boosts performance from 54 Mbps to 108 Mbps.

Mobility Client Profile Management

3Com’s client devices can be config- ured with profiles specifying appropriate configuration settings for multiple locations. As the user moves between head office, branch office, home or public hotspots, the client device will automatically detect the location and activate the correct pro- file. The device will also launch a VPN session if determined by the par- ticular profile.

Deployment Examples

This section shows two scenarios of how WLANs have been effectively deployed.

Figure 1 shows a WLAN deployment in a large multi-sited company manu- facturing volume IT products.

One of the regional sales offices is a newly acquired site and has 10 office- based staff and a “hot desk” area for regional sales executives normally on the road. A WLAN was newly installed from scratch to serve all client devices including desktops. It was the ideal place to begin the corpo- rate 802.11 rollout. One 3Com Access Point 8200 was installed to initially

provide 802.11b connectivity giving all employees access to the Internet and the corporate network and e-mail system. An 802.11a module was added to the Access Point 8200 to serve the hot desk area with higher throughput for downloading of large presentations, product details, and e- mails from the corporate network.

At the head office campus, some legacy 1 Mbps 802.11 had been used in the distribution warehouse to help with basic stock control. This was upgraded to 802.11b using the 3Com Access Point 8200 providing higher bandwidth and greater coverage. This has facilitated the use of an up-to-date inventory management system with

FIGURE 1. WLAN Deployment in a Large Multi-sited Company Head Office Campus Office Headquarters a/b/g
FIGURE 1. WLAN Deployment in a Large Multi-sited Company
Head Office Campus
Office Headquarters
a/b/g Wireless
®
3Com
11
PC Cards
XJACK
3Com
AP8200
3Com
1 x 802.11b
card
SuperStack 3 NBX
3Com
AP8200
TM
TM
1 x 802.11b
card
3Com
AP8200
1 x 802.11b
card
LAN/RADIUS server
TM
TM
3Com
Building-
11Mbps
Wireless
LAN
Wireless
hand-helds
and laptops
to-Building
Bridge
TM
TM
3Com SuperStack
Wired
(legacy)
®
3C17203
SuperStack 3
3C17203
SuperStack 3
and
wireless
(new)
Switch 4400
3Com
11Mbps
Wireless
LAN
desktop
clients
3
Building-
3Com
AP8200
to-Building
Bridge
1 x 802.11b
card
TM
TM
3Com
3Com
Mbps
SuperStack 3
Distribution Warehouse
11 LAN
Wireless
Firewall
3Com AP8500
Workgroup
Bridge
Laser printer
1
x
802.11a card
3Com NBX Phone
1
x
802.11b card
802.11b coverage
802.11b & 802.11a coverage
Volume IT product manufacturer
3Com
AP8500
Customer Briefing/ Training Room
1 x 802.11a
card
Main Conference Room
Head Office Campus and New Regional
Sales Office
T1/E1
Link
(shielded walls)
Desktops
with
wireless PCI
cards
3Com AP8200
1 x 802.11a card
1
x
802.11b
card
Hot desk area
Desktops
with
wireless PCI
cards
3C17203
SuperStack 3
(New) Regional Sales Office

connectivity for warehouse personnel using hand-held devices, and senior managers using laptops. A 3Com 11 Mbps Building-to-Building Bridge provides the warehouse with a high- speed connection into the corporate network. A smooth future transition to 802.11a or 802.11g in the ware- house is made possible by the Access Point 8200’s modular capability.

The main office headquarters already had an established wired network. However, the use of the 3Com Wireless LAN Access Point 8200, that can be upgraded to dual-mode with 11a/11b/11g radios, throughout the

campus provides benefits of increased productivity and greater flexibility described earlier in this white paper, especially for the high proportion of mobile employees. The 3Com 11a/b/g wireless LAN PC Cards with XJACK antennae provide maximum flexibility with support for all three IEEE 802.11 standards – 11a, 11b and 11g – and enhanced security including 128-bit AES and WEP encryption and WPA support to help keep data private. This card helps provide a complete enterprise wireless offering when combined with the 8200, 8500, or

8700 access points. In the main con-

ference room, a 3Com Wireless LAN Access Point 8500 provides localized 802.11a connectivity. Fast access to up-to-date sales information, reports and inventory information means senior management meetings are more informed and decision-making is more collaborative. A new training room for sales executives served by high-band- width 802.11a means sessions can be more interactive and new information such as product specifications and

sales presentations can be delivered to them on the spot. This room also serves as a new customer briefing cen- ter. It has screened walls and is connected to the rest of the network via 3Com SuperStack ® 3 Firewall. The 3Com Wireless LAN Access Point

8500 provides dual band Wi-Fi cover-

age for maximum compatibility with customers’ laptops.

3Com Wireless LAN Workgroup Bridge wirelessly links to the office headquar- ters’ 3Com Access Point 8200 and provides additional wireless connectiv- ity for up to four Ethernet enabled devices including an NBX phone, desk- top PC and laptop without an available PCI or PC card slot, and network printer. There are plans for deployment of several new network services. For example wireless instant messaging will bring real-time sharing of information communication and decision-making across all company sites.

Figure 2 shows a WLAN deployment in a small private finance company. There are thirty employees at a single loca- tion, with several remote employees telecommuting from home offices most of the time. The WLAN was a new net- work installation, and it was more economical to provide connectivity to office desktop PCs and laptops using a wireless connection. A single 3Com OfficeConnect ® 11g Wireless Access Point provides up to 100 meters (328 feet) of coverage for up to 128 users, at the maximum data rate of 54 Mbps. Among the first products in the indus- try to ship fully compliant with the newly ratified IEEE 802.11g standard, the 3Com solution offers reliable wire- less networking at speeds up to 54 Mbps. The 3Com OfficeConnect Wireless 11g Access Point supports 802.11b as well as 802.11g notebooks, PCs, and other wireless client devices. Advanced 256-bit WPA (Wi-Fi Protected Access) encryption provides maximum security to the wireless LAN, while 40/64- and 128-bit WEP (Wireless Encryption Protocol) shared- key encryption helps protect data, and retains privacy of wireless transmis- sions with legacy wireless clients that do not support WPA. The ability to deliver support for VPN tunnel initia- tion and termination, industry-standard Stateful Packet Inspection (SPI) firewall, NAT protec- tion, built-in LAN ports, and broadband access is delivered through the OfficeConnect Cable/DSL Secure Gateway, located at the small-office net- work perimeter.

FIGURE 2. WLAN Deployment in a Small Private Finance Company Main Office TM TM Desktop
FIGURE 2. WLAN Deployment in a Small Private Finance Company
Main Office
TM
TM
Desktop PC with 3Com 11 Mbps
Wireless PCI Adapter
TM
TM
®
®
3Com
OfficeConnect
802.11b/g coverage
11g Wireless Access Point
TM
TM
Desktop PC
LAN with
11 Mbps
OfficeConnect
VPN Tunnel
Wireless
USB
Adapter
Laptops with
OfficeConnect
Wireless
11g PC
Cards
3Com OfficeConnect
Private Finance Company
Secure Gateway
Cable/DSL
Single Site Office with
telecommuter access
ISP provided modem
broadband
Internet
ISP provided modem
broadband
3Com
OfficeConnect 11g Cable/ DSL Gateway
Wireless
TM
TM
11g OfficeConnect
Laptop
Family’s
PC Card
Wireless with
Home
PC
Telecommuter

For more information about wireless technologies and 3Com wireless solutions, visit

www.3Com.com/wireless

For telecommuters, mixed wired and wireless environments, and simultane- ous users on a single cable or DSL Internet connection, a small office and home office wireless LAN provided by the 3Com OfficeConnect Wireless 11g Cable/DSL Gateway provides a broad- band connection (via the ISP supplied modem) to the main office from a lap- top or a desktop PC anywhere in the small office and home office. A high- speed routing engine, 54 Mbps wireless connection for users with

802.11g-equipped PCs and laptops, combined with an integrated 10/100 four-port switch and backward com- patible with 802.11b wireless LAN equipment make it an ideal solution for telecommuter wireless broadband Internet sharing. VPN pass-through permits secure connections to remote offices, including Stateful Packet Inspection firewall, hacker pattern detection, and URL filtering.

3Com Corporation, Corporate Headquarters, 5500 Great America Parkway, P.O. Box 58145, Santa Clara, CA 95052-8145

3Com Corporation, Corporate Headquarters, 5500 Great America Parkway, P.O. Box 58145, Santa Clara, CA 95052-8145

To learn more about 3Com solutions, visit www.3com.com. 3Com Corporation is publicly traded on Nasdaq under the symbol COMS.

The information contained in this document represents the current view of 3Com Corporation on the issues discussed as of the date of publication. Because 3Com must respond to changing market conditions, this paper should not be interpret- ed to be a commitment on the part of 3Com, and 3Com cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only; 3Com makes no warranties, express or implied, in this document.

Copyright © 2003 3Com Corporation. All rights reserved. 3Com, the 3Com logo, OfficeConnect, SuperStack, and XJACK are registered trademarks of 3Com Corporation. Possible made practical is a trademark of 3Com Corporation. All other company and product names may be trademarks of their respective companies. While every effort is made to ensure the information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice.

503126-001 07/03