WiFi for 20 workstations (design needed) - complex

1. For reliability, go for a company that specialises in wireless, e.g. Proxim or Colubris Networks.  I often use the Colubris Networks CN320, which is very reliable.  They have now released a CN330 which has the advantage of supporting all WiFi standards (A, B, and G) because it has two radio units built in.  All standards are stable - that is how they get ratified to become standards!  Some APs are not though, avoid the cheaper home solution options such as D-Link.  Pretty much all new wireless cards are suitable (e.g. Netgear WPN311, ORiNOCO 11a/b/g PCI Card).

2. Depends what kind of bandwidth you want.  20 workstations sharing one 802.11g AP will have between 1 and 2 Mbps each (you will in practise get about 27Mbs out of a 802.11g AP, which is shared among all clients).  If you want more bandwidth for your clients, you could have up to another two APs in the area, and they must be on different channels (e.g. 1, 6, and 11).  If they are on the same channel, they are still sharing the same badwidth essentially, so you will gain no benefit.

3.  As above, all are stable - it is the APs that won't necessarily be!  A and G are faster, but B and G are compatible (i.e. a BG AP can service both B and G clients).  I would suggest to go for just G though - it is faster, and more widely used.

4. If you assume 3 APs on different channels for each area, you will have some redundancy.  Even if two failed, a CN330 would be able to handle 20 clients easily (though note the bandwidth issue).

5. Use WPA2 encryption (802.11i).  This is the most secure ratified standard available at the moment.  You need to ensure both APs and clients support it though, which in practise not many seem to at the moment.  If not, use WPA.  Combine this with a RADIUS server if possible, or MAC filtering.

purplepomegranite,

Very clear and consice.
-going for Colubris
-G network


-Can we use the AP mac filtering to control which workstation connects to which AP ? or there's a better way? WPA ?

i.e.

All in the same area.
Station# = workstations
Ap1 = on channel 1
Ap2 = on channel 2
Ap3 = on channel 3

Station#   AP1       AP2            AP3
1              1                             3
2              1                             3
3              1                             3
4              1                             3
5              1                             3
6                          2                 3
7                          2                 3
8                          2                 3
9                          2                 3
10                        2                 3

Can we use Mac filtering or some sort of feature to implement this design? (how will this affect us if we are going to add another 20 workstations using another 3 new AP's ?

Will there be any issues regarding security WPA2 in this design?
-more on RADIUS server later.



Thanks.

You can use AP MAC filtering to control the wireless this way - just give each AP a different list, as you suggest.  The CN320s can use either their own MAC list (entered via the web interface), or obtain it from a server.  The only problem I can see in your table above is that it is possible (but unlikely) that all stations could connect to AP3 (which I presume you are wanting to use as the redundant AP).  

WPA is an encryption protocol - it is used to encrypt the transmitted data to prevent anyone sitting outside with a radio receiver reading all your network traffic.  You should always encrypt wireless networks - MAC filtering just limits the machines that can connect to the APs, but the traffic is still over the air which means technically anyone can receive it.  WPA2 is more secure than WPA, so if APs and clients support it, use this instead.

If you wanted to add another 20 workstations and another 3 APs, it must be in a different area.  There are only three useable channels for 802.11g (i.e. channels that don't overlap and interfere with the others), so in one area only three APs can be used to increase availability and bandwidth.  To add another 20 workstations in the same area, you would want to use the three APs already in place.

Some APs and clients now support features such as Autocell.  This is a feature whereby the client and the AP communicate and the client will automatically connect to the AP with most availability (http://kbserver.netgear.com/kb_web_files/n101420.asp).  Having said this, I have yet to see an implementation of this that actually works.  Certainly the Netgear solution doesn't (at least, it didn't when I tried at the end of last year, and Netgear themselves finally admitted it was flawed... they have since released new firmware, so maybe it is better now!).  The Colubris APs don't support this (but I'd still rather a CN320 to a WG302!!).

purplepomegranite,

Can we purchase a more powerful AP that can support upto 100 workstations, this way we only need two of these for supporting 40 workstations ?

Is there a specific model on Colubris Networks that is perfect for this scenario?

Thanks.

purplepomegranite,

Thanks so much for you time and patience.

purplepomegranite,

By the way, which os are we going to use to run a RADIUS server?

links would greatly help

Thanks.

That's a very good question... and to be honest I don't really know a lot about RADIUS.  I tend to leave that side of things to other people!  RADIUS is essentially software that can sit on a Win2k3 box, but there are various different providers.  I don't know enough to recommend one over another I'm afraid.

It may be worth posting another question to address this?  There must be experts on here that know much more about RADIUS than myself!