Solved

Wireless network for around 2000 users

Posted on 2014-01-08
12
420 Views
Last Modified: 2014-01-17
Hello,

We are looking a way to setup a network for a mall. The target is to be able to connect to this network around 2000 clients ( customers of that mall).

We will cover the area with Ubiquinti AP-Pro. We are not sure on the network structure to be able to give ip's to at least 2000 concurrent clients that are expected to be in the mall in the peak hours.

If anyone knows or has experience in such a case, please assist.

Thank you
0
Comment
Question by:Comp_support
12 Comments
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 300 total points
Comment Utility
Hi, what exactly do you mean with network structure?

First thing is to make sure you have the available IP's available, make your subnet large enough to provide the necessary amount of IP-addresses, for example 10.1.1.0/21 or 10.1.1.0/20, the /20 allows for expansion.

What DHCP service are you going to use? One thing you can do is make sure you don't set the lease time too high...
0
 

Author Comment

by:Comp_support
Comment Utility
Hello and thank you for your response.

We are planning to install a watchguard 3 series for that reason with lease no more than 6 hours.
0
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
I can't say if the Watchguard will be able to cope managing about 2000 DHCP requests at peak hours, I would not set the DHCP leases to more than 1 to 2 hour tops, I can imagine that most people only browse their mobiles for short moments and for the few people that will be using the network extensively I don't feel like you should make an exception, it's a free service after all if I'm not mistaking?
0
 

Author Comment

by:Comp_support
Comment Utility
We are thinking of limiting the bandwidth of each connection. Also we calculated that an average visit time is 3-4 hours, (shopping, eating, recreational). It will be a free service. The clients will have to accept the terms of using free internet and then redirected to a landing page (mall's home page). We will block torrents and services like that, Also the home page will be installed on a web server running in the same network. Via the Ubiquinti management console i can block access to specific ip's so this will not be a problem. Did you have any "bad" experience with Watchguard? Series 3 is supposed to be able to handle 40.000 simultaneous connections accordingly to their specs.
0
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
I used to support Watchguard Firewalls a while back, the only "bad" experience I had was mostly to do with clustering of the Watchguard Firewalls, besides that not any more "bad" then similar devices, I'm comparing apples with apples of course ... I'm sure most of the issues I encountered back then are taken care of by now.

3-4 hours, if you take into account that leasetime (not saying you will use it) I'd definitely choose for a big enough IP-range, just to make sure you have some room for expansion.
0
 

Author Comment

by:Comp_support
Comment Utility
We are considering to use the 10.1.1.0/20 range. Probably it will be more than enough. And since we are a Watchguard distributor, we will probably go for that.

Do you have any other concerns that should also be my concerns ?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
Besides security, which you probably already are taking into account (e.g DHCP snooping), you covered all bases pretty well. Avoid unnecessary services, block "dangerous" ports and software. Scan the network for rogue AP's regularly...

The /20 range gives you more than 4000 nodes/hosts/clients... So yeah, it'll probably be enough for your goals.

Since you're a Watchguard distributor, I wouldn't doubt using them.
0
 

Assisted Solution

by:nammit-man
nammit-man earned 100 total points
Comment Utility
I would VLAN this network into smaller segments, and route smaller blocks. 4000 nodes in one Layer2 Broadcast domains is going to land you in a whole heap of trouble.
0
 

Author Comment

by:Comp_support
Comment Utility
Dear Nammit,

The network will be only for giving internet access to the clients of the mall. Nothing else. We will use the XTM33 with dual wan / load balancing configuration. We will setup 2 x 50 MBPS lines.

Can you please be more specific on the troubles that we might get ?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
Hi,

Nammit is referring to the fact that DHCP is in itself a broadcast protocol, having many clients on the network can indeed cause network congestion.

This is something you can monitor and adjust for in a later stadium if it seems necessary.

I'd like to refer you to following paper, it's for Dell switches, but the prinicipal stays the same:
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_5.pdf

It will give you an idea what to look out for.
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
Comment Utility
Although I've not done this with the kit you're wanting to use, I do lots of these installations.

In wireless land it's a little bit different when it comes to subnetting.  Cisco, for example, recommend a /21 or /22 in a densely-populated wifi deployment.  It's not a problem.

In reality you'll probably never see 2000 users on the network at the same time if they're just using it for general browsing while they're shopping or having something to eat.  I'd say it's usually somewhere around 20% of whatever you'd expect at most.

Also with wireless it's hard to accurately determine where the concentration of users will be if you decide to VLAN your wireless LAN, and some kit doesn't even allow you to use the same SSID while assigning different VLANs per area, for example.

As a guide I'd aim to do the following at the very least:

1] Use dual-band APs which allow you to use 2.4GHz and 5GHz simultaneously.
 - If they support band-steering, use it.  That will push your clients to the 5GHz band if they support it and will ultimately mean a better experience as at 5GHz there are more channels to play with and subsequently the ability to bond multiple channels to provide more throughput at 802.11n MCS rates.

2] Disable lower data-rates, such as everything less than 24Mbps.
- This will mean clients only connect to closer APs and they will require less air-time overall.  This will have a positive impact on client access.

3] Don't allow inter-client communication across the AP.
- Basically this stops communication between two or more clients on the same AP, thus blocking broadcast traffic amongst other things (only across the radio - not for services such as DHCP).  This will help to reduce unnecessary air-time for clients.

4] Use a short DHCP lease time - around 1 hour.
- Think of how many people may come to the mall during the day, and not just how many people might be in there at the same time.  If you use a 4 hour lease time that might mean you can only ever allow 4000 clients to use the network per working day (based on 8 hours in a working day).  If you use a 1 hour lease time though you could see up to 16000 clients per day.  Also, the AP or authentication server doesn't usually track a user's session by IP so even if the client has to lease a new IP address after a period of inactivity their session should continue without having to reauthenticate.

5] Use a shorter idle timeout, but a longer session timeout.
- If your APs support these settings, use a 5 minute idle timeout, for example, but a longer session timeout.  So if you expect the average client to be in the mall for 3 hours, set the session timeout to 3 hours.  This won't affect the DHCP lease time, which should be shorter than the session timeout.

6] Provide ample overlap between APs, but not too much.
- This will ensure that when you disable lower data-rates clients can still achieve an acceptable link which doesn't trigger unnecessary roaming.

One thing people do want sometimes is location-centric advertising or information delivery, especially where shops are close to the users.  Is this something you've thought about?  If so, that leads me to ask, are you wanting to send users to a login page before they get internet access?  If so, what are you thinking of using for this?
0
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
] Use a short DHCP lease time - around 1 hour.
- Think of how many people may come to the mall during the day, and not just how many people might be in there at the same time.  If you use a 4 hour lease time that might mean you can only ever allow 4000 clients to use the network per working day (based on 8 hours in a working day).  If you use a 1 hour lease time though you could see up to 16000 clients per day.  Also, the AP or authentication server doesn't usually track a user's session by IP so even if the client has to lease a new IP address after a period of inactivity their session should continue without having to reauthenticate.


That's what I was thinking as well ...

Some extensive advice here!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now