Managed Wireless Networks

With the increasing importance of wireless networks in the corporate, educational and hospitality world and the proliferation of WiFi infrastructure to service these demands, it has become even more important that the network administrator has the tools at hand to quickly manage, configure and generally administer the various elements of the network. At its most basic this might be simply to change the SSID of one particular access point (AP) or, at the other end of the scale, it might be to en-mass administer a firmware update; the ability to centrally control and manage all elements of the WiFi network is now a vital tool for any system where there is a large, distributed wireless infrastructure.

The basic elements of any managed wireless system is a collection of distributed access points (APs) which connect through wired network connections to the access controller (AC). The access controller is the device or server which facilitates control functions of the APs. The AC unit can take the form of a stand alone controller, a WLAN switch, or even a computer/software implementation. Although a wired network would be the norm for control connectivity to the access points, it is also possible to use a secondary wireless infrastructure for the data connectivity.

In a managed WiFi network, consisting of multiple access points and the access controller, the level of data control and management the AC has to furnish depends upon the level of autonomous operation the APs have. Essentially there are three levels of access points, THIN, FIT and FAT, with increasing level of autonomous operation. In simple terms a THIN access point has zero capabilities for autonomous operation and all functions are performed by the controller. At the other extreme a FAT access point is an AP capable of full stand-alone operation, these are more the type of access points a user will be used to. Traditionally systems based around FIT or THIN access points would be lower cost than a FAT AP setup however, in the last few years, the price for access points have dramatically come down so this is now less of an issue.

Explanation: Fit, Thin & Fat AP's - click here

Access Controller and Control Functions

The critical component of a managed WiFi system is the Access Controller (AC). Where the AC can take the form of extra functions incorporated into a switch (PoE or not – typically called a WLAN Switch), or a router, or stand alone device or software on a PC.

The exact features and functions that an AP+AC system can deliver vary from make and model and vendor however, typically, the interface between the APs and the AC is responsible for the following:

• Discovery and selection of an AC by AP

• Firmware download to the AP by the AC—upon startup and upon triggering by the AP

• Capabilities negotiation between the AP and the AC

• Mutual authentication between the AP and the AC

• Configuration, status, and statistics exchange between the AP and the AC

• QoS mapping across the wired and wireless segments

In addition an AP+AC scenario might also include functions such as Radio Resource Management (RRM) and rogue AP detection based on configuration and monitoring of the various access points in its domain of control. The extent of these functions varies according to the vendor implementation. Another important function provided by some ACs is mobility management (roaming).

Discovery and AC Selection

An AP discovers an AC to connect to through discovery request messages, to which one or more ACs can respond (depending on the network topology). The AP determines which AC to connect to and then tries to establish a management session with the AC. Usually this management session is over a secure link.

Subsequently configuration and information exchanges can take place between the AC and AP. This exchange can include (actual functions supported will vary between make, model and vendor):

• IEEE SSID

• Security parameters (for WEP, WPA, and WPA2)

• Data rate that is to be advertised

• Radio channels to be used

• RF power management - includes reducing and increasing the strength automatically or on user input for example, if two APs controlled by an AC are interfering with each other

• AP configuration such as beacon period, maximum transmit power level, Orthogonal Frequency Division Multiplexing (OFDM) control, antenna control, supported rates, QoS, encryption, and so on.

• AP statistics such as number of fragmented frames, multicast frames transmitted and received, number of transmit retries, excessive retries (failed count), number of successfully transmitted and failed Requests to Sends (RTS), number of errored frames: duplicate frames, failed acks, decryption errors, frame-check-sequence (FCS) error count, etc.

• AP functionality such as hardware, software, or boot version, maximum number of radios, radios in use, encryption capabilities, type of radio (802.11b/g/a/n), type of MAC (local, split, or both), etc.

• AC information such as hardware or software version, number of mobile stations currently associated with the AC, number of APs currently attached to the AC, maximum numbers for each of these, security parameters (authentication credentials) between AC and AP, control IPv4 or IPv6 address, and so on.

• Depending upon the model and make the APs can also be configured with an IP address from the AC. Another parameter that can be configured is ACLs at the MAC address level.

• Rebooting (reset) of the AP can also be done by the AC at any time.

Summary

With the explosion of handheld wifi clients (phones, tablets, etc) that has occurred over the last couple of years it's now becoming more important that companies, hospitality and educational establishments offer some form of WiFi connectivity. This can be simply to facilitate internet access or as a business tool for an internal intranet. The days where companies can get away with WiFi access only available from the single WiFi router are gone. It's not uncommon now for sites to have multiple APs scattered across the site in order to offer complete coverage. Trying to maintain the settings, configuration, and firmware for a collection of individual access points can be a nightmare! Even simple tasks like updating the security passphrase can take an extended time to accomplish and there's the accompanied issue of making a mistake. Using a centrally managed AP+AC scenario can not only save a lot of time but also reduces the risks of configuration errors or mistakes.

 

Explanation: Fit, Thin & Fat AP's - click here