Solved

Cisco Wireless

Posted on 2007-04-09
5
1,298 Views
Last Modified: 2013-11-12
Hello

I have recently implemented a cisco wireless solution. 2 4400 Wireless controllers, Cisco Authentication Server, and 72 1242 Access Points. There are about 3 to 4 Access points per Hallway in each building. I  have been monitoring the AP's through an analyzer and through the WCS server. I am basically wondering what type of RSSI should I be seeing to determine a good signal. Also the default loads for the access points are set to 12 clients. They state that each access point can hold 250 connections. While I realize that is an unrealistic number since performance would be "0" We have mobile labs that may have up 30 laptops connecting at once.  Is this too many clients for 3 or 4 access points in the area? Performance of the clients seems to be good, but I do get alarms based on the load.

Any advice?
Thank you!
0
Comment
Question by:TimMcGrath
  • 2
  • 2
5 Comments
 
LVL 14

Accepted Solution

by:
warrenbuckles earned 250 total points
Comment Utility
Hello Tim:

Twelve clients per AP is not bad; much more realistic than 250!

Since you have the alarm set to 12 and a client will associate with the strongest AP, you will get alarms with more than 12 clients clustered in one area.  I'm not sure how the loads are limiting the APs - are they alarms or do they reject clients after 12 associate?  Given the density of APs in your facility, there is a good chance that several other APs could easily associate with the units in any conference area.  30 clients over 3-4 APs isn't bad but it depends on the traffic - heavy video or download/upload would be too much but web pages or PowerPoint style instructional content should be great. You might want to consider locating some APs closer to the conference areas or increasing the maximum number of associations for some of the nearby APs (if the limit is 'hard') to see if you can even the load.  

There are two cases a wireless system has to handle: roaming user(s) and clustered users.  Your system seems to have an even density of APs (or am I reading this wrong?) and is probably able to handle the roaming user quite well.  Clustered users can saturate APs and it's best to set up an area with non-overlapping channels to handle the maximum traffic.  If you are B/G, then Channels 1, 6 and 11 are non-overlapping so you could 'cluster' three APs and set them to these channels.  This would give you the maximum non-interfering capacity per area.  Depending on how smart the software is, the APs might do this on their own, but I don't know Cisco (other units I have used don't allocate channels in any intelligent way - they have to be configured 1-6-11 to get non-overlapping coverage).

As I said, I'm not experienced with the Cisco monitoring/control software, so there might be better ways to get more capacity if any given area.

FInally, to answer your RSSI query, using the Cisco 0-100 (really 16-93, but that's a quibble) index, if you are over 50 your system is probably OK but RSSI  doesn't tell the whole story (for one, its only measuring the preamble, not the whole packet) since the load on the individual AP is what determines the overall throughput at a given point in the geographic system.

I hope I haven't shed more darkness on the subject.

wb
0
 

Author Comment

by:TimMcGrath
Comment Utility
wb,

Thanks for the quick response!  They are just alarms they don't limit or drop clients. The load threshold can be raised on individual aps or all of them. Most of the traffic is instructional content. When we did the survey I designed for more along the lines of coverage and not throughput.
You were reading right on the money. Most areas have at least 3 to 4 ap's in a given hallway. They problem with judging a cluster of users is that we have mobile laptop carts that can be moved anywhere at any given time. It is a K-12 environment so I guess it is going to be a monitoring situation, which we wait to see which depts use the carts more and in what areas.  In more widely used areas such as Libraries and lecture rooms we have grouped additional Aps.  All Ap's are set to ue 1, 6 ,11 through a policy pushed out through the controller......If I am reading your response correctly, you are saying this setup will allow non overlapping channels…correct?

While monitoring and analyzing what else would you recommend looking at besides just RSSI?

Again thanks for the info, gives more light into what I want to be looking at as this goes live. All the walk throughs  we have done have showed excellent signals in all rooms in the building with little interference and crosstalk.

Thanks again

Tim
0
 
LVL 14

Expert Comment

by:warrenbuckles
Comment Utility
Hello Tim:

Sorry I didn't get back to you until now.

RSSI is an interesting thing - here's a little bit from Wikipedia (yeah, I know, 12 year olds writing this stuff...) on it: http://en.wikipedia.org/wiki/RSSI

At the end of the article above is a useful link to an RSSI discussion that helps you convert the Cisco numbers to useful dBm values (if you are into such things).  There is also another tidbit there: RCPI is the 'in' measurement as it covers the whole packet and is better defined in 802.11k, a pending standard for radio resource management that will define methods for discovering the best access point rather than the strongest AP.  See more Wiki here: http://en.wikipedia.org/wiki/RSSI

Anyway, to answer your questions - you have a non-overlapping setup with the 1-6-11 arrangement.  It's good you did that.

As far as what to look for, you want to maximize throughput at any point so if there is some way to aggregate throughput data on a per AP basis as well as a per-client basis you might want to do that - it would give you some indications of interference or badly positioned APs (the signal can bounce around and 'ghost' if there are 'hard' objects nearby - things like composite (metal-sheathed) walls, sheet metal, some kinds of paint - oddball things).  This can also indicate problems with client machines, too - damaged or missing antennas (kids like stuff that comes off...).

Being a born-again paranoid, I would look for free riders or external authentication attempts.  I'm not sure how you have security set up (I'm a big fan of MAC lists but they can be a pain to maintain) but there might be some way to detect anyone trying to access the network - some people set one or two otherwise-isolated APs as a 'honey pot' but that takes some maintenance and care, too.

Good luck - it looks like you have good quality gear to begin with (Cisco is the gold standard - it takes lots of gold to have it!) and a properly-designed setup.  Now the fun begins - keeping it on the air!

wb

0
 

Author Comment

by:TimMcGrath
Comment Utility
wb,

Thanks for the links. I hear you on the paranoid thing. Education is a funny environment, teachers like to bring in everything under the sun (personal laptops, wireless routers what ever) Security is setup pretty solid. Several types of authentication. Using  WPA2 with PEAP authentication by machine account and user account (if you aren't part of our domain you aren't getting on!) We do not broadcast the SSID, I know there are 100 applications out there than can "sniff" it out, but it does help deter your novice hacker. We do have a guest SSID which uses a web portal authentication since we have alot of staff educational training and what not with guest presenters. I know it's not the best way to due it, but I setup it up on a vlan with it's own subnet that just gives them internet access, basically they are in our DMZ no internal access to anything (setting up Identiy driven management over the summer to use 802.11x with policy based vlans and all that fun stuff) Cisco management server does a real good job with monitoring failed attempts, Flood attacks, rouges.. Etc. Plus we have a new toy Fluke Networks optiview III…this thing can tell you everything about your network, authentication issues, signal strength, sniffs packets, noise to signal ratios (hence the questions on what type of numbers I should be looking at, dbi rssi…) the list goes on with what this thing can do.  

I did like 3 months of research before implementing this, so I took into consideration what can impede on a wireless signal. We did several walk throughs with access points testing how far signal would go in certain areas and where we would need to cluster more than 3-4 access points. Designing and implementing seemed to be the easiest part. I just want to make sure I had kept everything in mind when I was analyzing and viewing all these numbers. You have been a big help and pointed me in the right direction for additional info. I really do appreciate the time. Thank you

FYI: Had 90 laptops (mobile labs) all cooking in one building in different areas of that building. 60 laptops in another building and 30 in another building. Things went really well. I was impressed (so far) with the speed they were getting and the coverage, one class was even doing some multi-media stuff that went really smooth.

Thanks again!
Tim
0
 

Expert Comment

by:ExproDaleJoaquin
Comment Utility
I raised our threshold to 25...all is good and no more Alarms or complications.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now