Link to home
Start Free TrialLog in
Avatar of blacksix
blacksix

asked on

25 User Wireless Network Advantages / Disadvantages

Hi,
I'm more or less looking for some good advice here.  I want to do this the proper way.  I've got a client who has a 25 user network.  Their cabling in the walls is old, in some cases full of Cat3 lines and a lot of the drops are connected improperly and such.  They also have a switch that does not quite suit their needs.  We are trying to figure out weather it would be a good idea to scrap the idea of new cabling and a new switch and go with a wireless solution.  Has anyone set up a one building wireless network for 25 users or more within a range of about 300 - 350 ft without losing speed/signal?  I want to know if there are any unforseen issues that would make the concept of going wireless not worth the effort.

Also any recommendations for access points with excellent range are welcome.

All the PCs are newer and should not have any compatibility issues with a new wireless PCI card.  

I'm looking to end up with:
  - Strong signal everywhere in the office
  - Good speeds even with 25 users accessing email, documents & images from server constantly.
  - Spending a comparable amount to what it would take to re-wire the whole building and buy a new switch (HP ProCurv or something around $1500 or so).
  -  Everything should be secure, this is for a law firm.

Thanks for your input.  Points for whoever can give the most helpful info!
 
Avatar of jpferal
jpferal

First off, does the building have cubicles or enclosed offices? Thick internal walls, brick, or masonry could significantly retard the signal and reduce throughput speeds, making a wireless network unsuitable. However, if the internal walls are thin, mostly drywall or glass, or if it's a cubicle environment then a wireless network would be viable.

I would recommend an 802.11g network. My experience with law firms is that law firms transmit a lot of large documents internally - emailing PDFs to one another, copying large files on and off network shares, etc. This would benefit greatly from the additional speed of an 802.11g network.

Security is obviously going to be important. I would make sure to implement a network that supports 802.1x or WAP authentication. It does no good to purchase hardware that supports advanced security if you don't turn on and manage those security features properly. Now, there are a lot of ways to implement strong security. Probably the easiest way that does not require any additional hardware is to purchase Cisco access points and wireless cards and use WPA Pre-Shared-Key. This works much like WEP where each computer shares a key, or a passcode, with the access points. However, WPA Pre-Shared-Key is much more robust encryption than WEP. (WEP can be broken pretty easily by a hacker sitting outside your office with a Linux laptop.)
Unfortunately, WPA PSK does require that you manage each computer individually. A stolen laptop or a disgruntled employee could still gain access to your wireless network unless you change your WPA key manually on each and every computer.

Some people are fans of MAC address authentication. You may already be familiar with the concept of a MAC address - it's a unique code, like a serial number, that each networked computer has. No two computers in the world have the same MAC address. Most wireless access points allow you to specify a list of allowed MAC addresses; unless a computer matches the MAC on the list, it wouldn't be able to access the network. My problem with this is that it's pretty easy for a dedicated hacker to fake (or "spoof") a MAC address. It also does no good against certain forms of hacker attacks.

A better way to secure it would be to use RADIUS and 802.1x. RADIUS allows user-level authentication: you can enable or disable access for particular users on the server, so if an employee leaves or a laptop is stolen it's pretty easy to turn off access to that user. This also allows you to use some more robust form of encryption such as EAP or LEAP. However, this does require that you have a RADIUS server on the network. RADIUS servers can be cheap or expensive - it's fairly cheap to set one up using Linux, but a Windows-based RADIUS server would cost $2000 or more. Some networks already have RADIUS servers - if they have a VPN setup already, or if they're using Windows Small Business Server, they may already have a RADIUS server.

As for the hardware, I'd stick to Cisco or Proxim hardware for this network, as those brands offer a wide variety of security features. Cisco and Proxim 802.11g access points also tend to deliver better range and reliablity than many of the other smaller manufacturers. I'd price out the Cisco Aironet 1200 series of hardware - you should only need one access point, and it should run you around $600-$700. (As of this writing CDW.com is having a special on the Cisco Aironet 1231 for $659. The comparable Proxim access point, the Proxim ORiNOCO AP-4000 is $596.) The Symbol brand of hardware should also provide the features and reliability you need, but I have no direct experience with them.

I would really not recommend the cheap access points (D-Link, Linksys, Netgear, etc). They often have lower output power and their range is never quite up to what they advertise.

The largest expenditure here is going to be the PCI wireless adapters. You can get decent ones (D-Link and Linksys are okay brands for this) for $50 each, or you can get Cisco or Proxim adapters for around $100 each. So even if you go with the less expensive option you're still looking at $50 x 25 = $1250 just for the cards. This should still be cheaper than wiring a whole building however. If you can budget it I would suggest spending the extra money and using cards from the same vendor as your access point - that way you only have to call one manufacturer for support if something goes wrong.

I hope this helps.
Good Evening,

Using a single WAP for 25 users would probably not be recommended.  One great feature of WAPs are they can auto switch between WAPs if one drops or one is providing a stronger signal.   For 25 users a pair of linksys ( recommended b/c of external RP-TNC conncectors for easy antanae upgrades) would work fine.  

From there you could use WEP 128bit which is breakable by snooping about 40MBs of traffic, but combined with MAC authentication and not broadcasting your SSID (network name) you are pretty well off.  WPA-SPK is better than WEP but is the most recent form of security on WAPs and usually requires the latest drivers.    

Here are some details on how to setup 2 WAPs on the same network.

The WAPs have to connected to wired infrastructure and should placed at high locations.  For WEP configure both WAPs with the same WEP key, but use different channels.  Use channels 1, 6 , 11 for the first 3 WAPs for less signal overlap.  Do not use either WAP to serve DHCP so if one does go down you will not lose your DHCP server.

The 100baseT4 standard utilizes 100Mb/s over cat3.  You may want to investigate what infrastructure supports that standard.

Lastly, MAC addresses are not unique for every device in the world.  There are chanced to receive duplicates on one LAN.  Vendors purchase/are assigned a block of MACs to assign.  When they create network devices they go through those assigned MACs and reuse them when they run out.  

Cheers!

Dan
ASKER CERTIFIED SOLUTION
Avatar of Dr-IP
Dr-IP

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial