25 User Wireless Network Advantages / Disadvantages

I'm more or less looking for some good advice here.  I want to do this the proper way.  I've got a client who has a 25 user network.  Their cabling in the walls is old, in some cases full of Cat3 lines and a lot of the drops are connected improperly and such.  They also have a switch that does not quite suit their needs.  We are trying to figure out weather it would be a good idea to scrap the idea of new cabling and a new switch and go with a wireless solution.  Has anyone set up a one building wireless network for 25 users or more within a range of about 300 - 350 ft without losing speed/signal?  I want to know if there are any unforseen issues that would make the concept of going wireless not worth the effort.

Also any recommendations for access points with excellent range are welcome.

All the PCs are newer and should not have any compatibility issues with a new wireless PCI card.  

I'm looking to end up with:
  - Strong signal everywhere in the office
  - Good speeds even with 25 users accessing email, documents & images from server constantly.
  - Spending a comparable amount to what it would take to re-wire the whole building and buy a new switch (HP ProCurv or something around $1500 or so).
  -  Everything should be secure, this is for a law firm.

Thanks for your input.  Points for whoever can give the most helpful info!
Who is Participating?
For a law firm with 25 users I wouldn’t even consider trying to use wireless for the backbone of the network, especially if they are dealing with at lot of scanned images as a lot of law firms are doing now days. The honest truth is, even the least expensive switch will outperform just about any wireless network you can conceive of in the situation you are looking at.

If you’re looking for a cheap solution that will perform well for what you spend this is what I’d do. I go with something like a Netgear FS750T switch. It’s got 48 10-100 ports and 2 copper Gigabit Ethernet ports, and it’s managed too. As for the wiring, if it will run reliably at 10 Megs, full duplex preferably, it should be more than good enough for the workstations. So what I would do is lock all the workstation ports to 10 Megs, and replace any of the runs that have problems instead of rewiring completely.  

A lot of people think that you need 100 hundred Megs to the workstations, but from my experience any performance gain in real life is relatively small. The big gain to be had is at the servers, their you want at lest 100, or ever better Gigabit Ethernet, but don’t waste your money on a Gigabit Ethernet card to go into a 32 bit PCI slot as you will probably see little if any improvement since the buss will overload.

The big problem with wireless is everyone shares the same bandwidth. So if you have 802.11G the theoretical 54 Megs gets divided amongst the workstations and servers that are communicating at that time, so forget about the thought of using just one access point even if you could get full performance 200 feet from it, but that’s not the case since wireless speeds often drop 80% in a mere 30 feet. So figure on at lest three access points to start, and maybe having to add up to four more depending on how the office is laid out. Also don’t be surprised if a lot of the workstations end up with only a Meg or two of usable throughput when all is done, as that seems about par for the course for a wireless LAN the size you are talking about. Which, may, or may not be good enough, but probably won’t for a busy law firm.

As for security, properly set up wireless LAN’s can be pretty secure, but they can never be as secure as a wired LAN can be. This is because you don’t need a physical connection, so anyone who wants to can park close by with a laptop and wireless adaptor and hack away pretty much undetected. If things are set up properly they shouldn’t succeed, but seeing how clever some of them are I wouldn’t bet against it if it’s someone who is skilled, and determined              
First off, does the building have cubicles or enclosed offices? Thick internal walls, brick, or masonry could significantly retard the signal and reduce throughput speeds, making a wireless network unsuitable. However, if the internal walls are thin, mostly drywall or glass, or if it's a cubicle environment then a wireless network would be viable.

I would recommend an 802.11g network. My experience with law firms is that law firms transmit a lot of large documents internally - emailing PDFs to one another, copying large files on and off network shares, etc. This would benefit greatly from the additional speed of an 802.11g network.

Security is obviously going to be important. I would make sure to implement a network that supports 802.1x or WAP authentication. It does no good to purchase hardware that supports advanced security if you don't turn on and manage those security features properly. Now, there are a lot of ways to implement strong security. Probably the easiest way that does not require any additional hardware is to purchase Cisco access points and wireless cards and use WPA Pre-Shared-Key. This works much like WEP where each computer shares a key, or a passcode, with the access points. However, WPA Pre-Shared-Key is much more robust encryption than WEP. (WEP can be broken pretty easily by a hacker sitting outside your office with a Linux laptop.)
Unfortunately, WPA PSK does require that you manage each computer individually. A stolen laptop or a disgruntled employee could still gain access to your wireless network unless you change your WPA key manually on each and every computer.

Some people are fans of MAC address authentication. You may already be familiar with the concept of a MAC address - it's a unique code, like a serial number, that each networked computer has. No two computers in the world have the same MAC address. Most wireless access points allow you to specify a list of allowed MAC addresses; unless a computer matches the MAC on the list, it wouldn't be able to access the network. My problem with this is that it's pretty easy for a dedicated hacker to fake (or "spoof") a MAC address. It also does no good against certain forms of hacker attacks.

A better way to secure it would be to use RADIUS and 802.1x. RADIUS allows user-level authentication: you can enable or disable access for particular users on the server, so if an employee leaves or a laptop is stolen it's pretty easy to turn off access to that user. This also allows you to use some more robust form of encryption such as EAP or LEAP. However, this does require that you have a RADIUS server on the network. RADIUS servers can be cheap or expensive - it's fairly cheap to set one up using Linux, but a Windows-based RADIUS server would cost $2000 or more. Some networks already have RADIUS servers - if they have a VPN setup already, or if they're using Windows Small Business Server, they may already have a RADIUS server.

As for the hardware, I'd stick to Cisco or Proxim hardware for this network, as those brands offer a wide variety of security features. Cisco and Proxim 802.11g access points also tend to deliver better range and reliablity than many of the other smaller manufacturers. I'd price out the Cisco Aironet 1200 series of hardware - you should only need one access point, and it should run you around $600-$700. (As of this writing CDW.com is having a special on the Cisco Aironet 1231 for $659. The comparable Proxim access point, the Proxim ORiNOCO AP-4000 is $596.) The Symbol brand of hardware should also provide the features and reliability you need, but I have no direct experience with them.

I would really not recommend the cheap access points (D-Link, Linksys, Netgear, etc). They often have lower output power and their range is never quite up to what they advertise.

The largest expenditure here is going to be the PCI wireless adapters. You can get decent ones (D-Link and Linksys are okay brands for this) for $50 each, or you can get Cisco or Proxim adapters for around $100 each. So even if you go with the less expensive option you're still looking at $50 x 25 = $1250 just for the cards. This should still be cheaper than wiring a whole building however. If you can budget it I would suggest spending the extra money and using cards from the same vendor as your access point - that way you only have to call one manufacturer for support if something goes wrong.

I hope this helps.
Good Evening,

Using a single WAP for 25 users would probably not be recommended.  One great feature of WAPs are they can auto switch between WAPs if one drops or one is providing a stronger signal.   For 25 users a pair of linksys ( recommended b/c of external RP-TNC conncectors for easy antanae upgrades) would work fine.  

From there you could use WEP 128bit which is breakable by snooping about 40MBs of traffic, but combined with MAC authentication and not broadcasting your SSID (network name) you are pretty well off.  WPA-SPK is better than WEP but is the most recent form of security on WAPs and usually requires the latest drivers.    

Here are some details on how to setup 2 WAPs on the same network.

The WAPs have to connected to wired infrastructure and should placed at high locations.  For WEP configure both WAPs with the same WEP key, but use different channels.  Use channels 1, 6 , 11 for the first 3 WAPs for less signal overlap.  Do not use either WAP to serve DHCP so if one does go down you will not lose your DHCP server.

The 100baseT4 standard utilizes 100Mb/s over cat3.  You may want to investigate what infrastructure supports that standard.

Lastly, MAC addresses are not unique for every device in the world.  There are chanced to receive duplicates on one LAN.  Vendors purchase/are assigned a block of MACs to assign.  When they create network devices they go through those assigned MACs and reuse them when they run out.  


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.