+ Post New Thread
Results 1 to 12 of 12
Wireless Networks Thread, Wireless Update. Suggestions/recommendations? in Technical; Hi folks, Our wireless system is currently a piecemeal set of D-Link WAPs (around 25). It isn't a managed solution, ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    927
    Thank Post
    840
    Thanked 20 Times in 18 Posts
    Rep Power
    11

    Question Wireless Update. Suggestions/recommendations?

    Hi folks,

    Our wireless system is currently a piecemeal set of D-Link WAPs (around 25). It isn't a managed solution, and each WAP operates independently. They're also mostly 802.11g. To add, they connect into the edge switches around the school, so aren't PoE.

    We're looking to upgrade it, and after recommendations for suppliers/manufacturers/models.

    The only changes we're looking to make are (a) improving bandwidth and (b) a dual SSID system that will create a separate network for visitors.

    My networking is pretty good, but I'm not at the level of switch management and complex TCP/IP setups.

    Any advice is much appreciated.

    TIA

  2. #2

    CPLTD's Avatar
    Join Date
    Apr 2008
    Location
    Northamptonshire
    Posts
    4,089
    Thank Post
    1,407
    Thanked 663 Times in 513 Posts
    Blog Entries
    1
    Rep Power
    263
    Hi Gongalong,

    one word answer- Ruckus...

    Simply put you don't become the most widely deployed wireless solution within UK education without having a solid system, capable of handling with ease the ultra high density nature of classrooms, with unparallelled reliability and a nice straight forward management system.

    I will drop you a PM to discuss getting you some demo hardware so you can see for yourself.

    Thanks,

    Mark

  3. 2 Thanks to CPLTD:

    Gongalong (24th January 2013), mac_shinobi (24th January 2013)

  4. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,304
    Thank Post
    242
    Thanked 1,589 Times in 1,266 Posts
    Rep Power
    344
    There's nothing wrong with individual WAPs configured correctly (on different channels) for Primary Schools. A managed solution can be considerably more, but as so little WAPs are in use it doesn't make any difference. At 25 WAPs I'd say you're borderline whether or not a managed system is better value for money or will deliver a better quality wireless network.

    I generally use HP or Cisco WAPs in Primary Schools, connected via PoE at gigabit, offering up to wireless N speeds.

  5. Thanks to Michael from:

    Gongalong (24th January 2013)

  6. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,304
    Thank Post
    242
    Thanked 1,589 Times in 1,266 Posts
    Rep Power
    344
    I forgot to add, on HP's and Cisco's, you can create multiple SSIDs (4 or so) with different security encryption and password if required. I'd generally recommend WPA2-PSK AES on individual WAPs.

    For guest SSIDs I'd probably recommend WPA-PSK AES, as someone always brings a device in which isn't quite up to scratch security wise. WPA is still secure to the best of my knowledge.

  7. Thanks to Michael from:

    Gongalong (24th January 2013)

  8. #5
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    927
    Thank Post
    840
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    I should add, for context, that we're a Comprehensive with around 1,200 students and 120 staff. All the teachers have laptops, so are currently the only users of wireless.

    The big potential change is that the students will go BYOD, so we could have another 1,200 users. Hence the system would need to cope with that! (On a Visitor SSID)

  9. #6
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    927
    Thank Post
    840
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Also, as mentioned above my network knowledge isn't exactly at expert level. For the Visitor/Guest SSID we'd have to issue IPs via DHCP of course. How would we separate traffic? Is a different IP range/subnet enough?

  10. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,304
    Thank Post
    242
    Thanked 1,589 Times in 1,266 Posts
    Rep Power
    344
    If you went BYOD, you'd most certainly need at least double the amount of WAPs, so a managed solution would be the better choice and allow you to scale better.

    Optionally you can set up VLANs to separate traffic, but this isn't always necessary. If your servers and share permissions are configured correctly you have nothing to worry about.

  11. Thanks to Michael from:

    Gongalong (24th January 2013)

  12. #8

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,273
    Thank Post
    114
    Thanked 244 Times in 195 Posts
    Blog Entries
    1
    Rep Power
    75
    What services would you want to be offering to the BYODs? I'd be tempted to offer only via http/https and build the rest of your services around that limitation. You'd then be able to keep all the personal devices in (a) dedicated VLAN(s) away from your AD, SQL and other potentially exploitable services.


    1200 users != 1200 devices. Consider that almost all users in a BYOD environment will have 1 Laptop and 1 Phone - That's twice the number of devices you just predicted. Some of your users will have laptop phone and tablet..... a wireless device that is not connected to your network is still on the air, taking up airtime.

    When you are building for site-wide high density-high throughput, physics takes over and the number of radios is the same from each vendor. A broad rule of thumb is a maximum of 30 active devices per wireless radio and 70 devices per collision domain. Some AP's have more radios than others, whether fewer APs with a high radio density, or more APs with fewer radios is better, is really down to your site's physical structure.

    You need to specify your requirements strongly. For example:

    Supporting 60 devices in every classroom simultaneously with a throughput of 3Mb/sec per device and average latency of <20ms.
    Supporting 300 devices with a throughput of 1Mb/sec and latency of <80ms in the communal areas
    <-this for example only - the spec above might not be achievable with today's technology.

    By giving clearly defined outcomes you have a baseline to evaluate the suitability and success of any vendor's implementation.

    Hope this gives you food for thought.
    Last edited by psydii; 24th January 2013 at 03:50 PM. Reason: SPAG, Clarity, Minor addition capacity estimates.

  13. Thanks to psydii from:

    Gongalong (24th January 2013)

  14. #9

    Join Date
    May 2012
    Posts
    26
    Thank Post
    1
    Thanked 7 Times in 6 Posts
    Rep Power
    7
    Quote Originally Posted by Gongalong View Post
    Also, as mentioned above my network knowledge isn't exactly at expert level. For the Visitor/Guest SSID we'd have to issue IPs via DHCP of course. How would we separate traffic? Is a different IP range/subnet enough?

    You would have to create a new VLAN and a new DHCP scope. Within your VLAN you would have to add a helper address to your DHCP server. In order to do this you will need an enterprise grade WAP that can handle 802.1q encapsulation/tagging. From there you can create unique web filtering policies and access control lists if desired.

    To set up the helper config on a Cisco/HP Router/L3 switch just add this to your vlan interface configuration:

    ip helper-address <DHCP Server IP>

    Repeat for for each vlan or SSID you want to segment.

    Very simple. Only has to be done at your school's devices that are configured for L3 routing.
    Last edited by SuperfluousAdjective; 24th January 2013 at 05:00 PM.

  15. Thanks to SuperfluousAdjective from:

    Gongalong (24th January 2013)

  16. #10

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,663
    Thank Post
    49
    Thanked 473 Times in 342 Posts
    Rep Power
    142
    As all of the above ...

    You are going to have to hone your networking skill sets as VLANs are essential as will be routing and firewall skills.
    There is no magic bullet, not even the mighty Ruckus can help you if you dont have the underlying infrastructure to carry your traffic.
    How are you going to get unauthenticated visitors through your private network and out of your county proxy without assistance??

    Im afraid that your opening quote,
    "I'm not at the level of switch management and complex TCP/IP setups" will be your first hurdle.
    Step up to the plate and get learning or outsource the whole project to someone who can do it for you.

  17. Thanks to m25man from:

    Gongalong (24th January 2013)

  18. #11
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    927
    Thank Post
    840
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    I suspect the whole thing will be farmed out, as it's too risky a project to just learn on.

  19. #12

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by Michael View Post
    BYOD............ Optionally you can set up VLANs to separate traffic, but this isn't always necessary. If your servers and share permissions are configured correctly you have nothing to worry about.
    Apart from DOS Attacks, Brute force attempts, rouge IP's and other network nasties....Etc......

    Rob



SHARE:
+ Post New Thread

Similar Threads

  1. "N" Wireless Access Point Recommendations?
    By andyturpie in forum Hardware
    Replies: 9
    Last Post: 20th October 2011, 12:59 PM
  2. Wireless access point recommendation
    By BJG in forum Hardware
    Replies: 2
    Last Post: 29th April 2011, 01:25 AM
  3. Replies: 14
    Last Post: 22nd March 2011, 08:41 PM
  4. Hosting Company Suggestions / Recommendations
    By crc-ict in forum Web Development
    Replies: 14
    Last Post: 21st April 2009, 06:08 PM
  5. Spam suggestions/recommendations
    By steelrazor in forum General Chat
    Replies: 19
    Last Post: 18th October 2006, 10:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •