This short guide provides an overview of the factors involved when planning and designing 802.11 wireless network solutions to meet corporate requirements.
For further white papers, information, advice, or cost-effective, industry-leading briefings on all aspects of wireless networks planning and design, call +44 (0)113 398 3300
or e-mail:
Experience in Wireless
LEVER Technology Group PLC are leading architects in wireless network planning, design and implementation. Our experience spans many years, working with market-leading products from the industry's leading vendors.
Moreover, our experience includes Bluetooth, all major 2G and 3G mobile network technologies, trunk mobile networks such as TETRA, and satellite technologies such as VSAT networks, Thuraya and the new emerging LEO broadband satellite services.
This gives us an unrivalled ability to consult and advise on all of the architectures and solutions available for wireless network design, integration and security.
Vendor Neutrality
The wireless network industry sector is almost unique in IT circles, because of the wide range of competing vendors, products, and new technologies available for you to choose from.
This presents us with a rare opportunity to build robust, secure and highly functional wireless networks, that incorporate the benefits of multi-vendor participation. It also presents a range of challenges, not least of which is the need to understand all of the vendor offerings, and to separate truth from hype.
LEVER are both resellers and distributors of leading wireless LAN products. Our cross-vendor knowledge and experience is unrivalled.
Unlike the majority of wireless network suppliers, our advice is always vendor-neutral. This means that your wireless networks will be able to incorporate the strengths of technologies from multiple vendors, combined with open standards compliance where appropriate.
Wireless networks designed by LEVER have the maximum levels of functionality and flexibility available, yet still a lower cost of ownership.
LEVER's Credentials
We deliver advanced wireless technology consultancy services - including wireless network planning, RF site survey, wireless network design, wireless product supply, wireless network installation, training and support - Internationally, to major Telcos, Wireless ISPs, major International IT consultancy companies, UK Times 100 companies, European organisations, Government agencies and the Military.
Through our certified status with more than twelve leading vendors in the wireless networks industry, LEVER are in the unique position to deliver multi-vendor and vendor-neutral solutions.
For those of us who use wireless networking at home, WLANs can seem pretty simple. Just buy an access point, a few wireless client adapters, and you can have a network running almost out of the box.
But architecting wireless networks for corporate use is a totally different proposition that it requires in-depth experience in second-generation 802.11 architectures, identity-based networking, VLANS, VPNs, current vendor engineering practices and their associated products, RF behaviour, RF site survey, traffic modelling, CoS and QoS implementation, and the ten or more different strategies for wireless network security..
Organisations require wireless networks that are:
Functional
Affordable
Scalable
Flexible
Manageable
Secure
Resilient and reliable
Will meet the growing bandwidth requirements of users
Have the lowest cost of ownership consistent with these objectives.
There qualities don't happen by accident!
With the investments that your organisation will make in wireless networks, combined with the need for reliable service delivery and good Return on Investment, the need for careful and authoritative network design, based on knowledge and experience, is clear.
Listed below are just some of the issues that must be addressed when architecting wireless networks for your organisation.
What about Security?
If Wireless networks are not designed correctly, they are Insecure.
Take the Wi-Fi Alliance's Wi-Fi Protected Access (WPA) security scheme for example. WPA is available now, and appears to provide the security we need.
However in practice, it provides only moderate-strength authentication and encryption.
Worse still, it can straight away compromise the security of your existing IT systems.
Did you know, for example, that WPA and Cisco LEAP reveal your corporate user login names?
When users log on to the wireless network, their user name is sent in the clear over the air.
More advanced solutions are already available, and most organisations should employ them.
Listed briefly below are just some of the issues that must be addressed when architecting wireless networks for your organisation.
More than ten different solutions to wireless network security, including WEP, WPA, Cisco LEAP, EAP-TLS, EAP-TTLS, PEAP, Layer 3 VPNs, Layer 7 VPNs (e.g. SSH2), TLS/SSL, WLAN security appliances (EWGs), Layer 2 Enterprise Encryption Gateways (EEG), and Access Point-based VPNs.
The debate over the adequacy of Wi-Fi Protected Access (WPA) compared to the strength of encryption provided by the FIPS-197 approved Advanced Encryption Standard (AES), now supported using Enterprise Encryption Gateways (EEG) from companies such as Fortress Technologies, to provide scalable networks with maximum-strength encryption.
The need to understand the security issues and hidden infrastructure costs that exist with the 802.1x/EAP authentication schemes, including WPA, Cisco LEAP, EAP-TLS, EAP-TTLS and PEAP.
What is true seamless roaming? Which applications require it? How should roaming be achieved? What is the role of IEEE 802.11f? Are proprietary roaming protocols acceptable? What are the differences between Roaming and Mobility? What about roaming between 802.11 WLANs and mobile networks such as GPRS and UMTS.
The need to evaluate proprietary mobility switches and architectures.
The attractions of WLAN security appliances (EWGs), from vendors such as Bluesocket, Colubris, ReefEdge and Vernier Networks, for the provision of Quality of Service (QoS) via means such as Role Based Access Control (RBAC).
The debate over whether fat or thin or Fat versus Thin versus Integrated access points ("fit" access points), and their associated support architectures, should be employed.
The need for Quality of Service (QoS) at the air interface, implementing granular Class of Service (CoS) per-user.
The emergence of Second Generation wireless networks and WLAN products, from companies such as Trapeze Networks Mobility Point (MP™), Mobility Exchange™ (MX™) and Mobility System Software™ and RingMaster™
The need for effective Radio Frequency (RF) site survey, cell sizing, AP location, data rate determination, Access Point placement and Antenna selection (per AP).
The move to Voice over Wireless LAN (VoWLAN) incorporating technologies from Cisco, Symbol, and other emerging vendors.
The need for Authentication, Authorisation and Accounting (AAA) using RADIUS servers, or integrating with LDAP accessible directory services such as Microsoft Windows 2000 Active Directory, Windows NT domains, Novell Directory Services (NDS) and e-directory, or other corporate directory services.
The need to evaluate client-side and server-side software for authentication, such as the Funk Software Steel Belted RADIUS server (SBR) and Odyssey Client and Server products.
The need to detect a rogue APs and Ad-Hoc networks before they cause harm.
The need for Wireless Intrusion Detection Systems, such as those from AirMagnet and AirDefense.
The need to integrate wireless networks with your existing network infrastructure. For example:
How should SSIDs be employed?
Should they be client-determined by client-side settings, or by the Authentication service?
How should the user's VLAN be determined - by SSID or by user/group account membership?
Should all VLANs be distributed to all access points via 802.1Q VLAN trunking?
What is the role of Mobile IP?
Should Proxy Mobile IP be employed?
What are the security issues with Mobile IP and how should they be mitigated?
EAP-MD5 should not be considered, since it does not provide mutual authentication.
WEP is the IEEE's standard for security in IEEE 802.11b/a/g WiFi networks. WEP is fatally flawed in several ways, including its authentication, encryption and integrity checking.
Both WPA and Cisco LEAP use WEP with TKIP, and optionally with the Michael Message Integrity Check (MIC) and broadcast key rotation.
Some wireless network administrators disable MIC, because it degrades network performance.
A rogue AP is an access point, attached to your network, that is not appropriately configured. This may be inadvertent, otherwise the AP has been placed there by a non-technical member of staff, or by an intruder.
