Multiple AP


I have a question about the use of multiple AP in an office environment. I'm an experienced sysadmin, but haven't really touched wireless, except at home where I have a really simple setup.

I recently started a new job and have some problems which may be related ot the way our wireless is set up. We have three AP. One is the internet router, one in an office just down the corridor and another around 100m away in the warehouse. As far as I can tell, all three are connected to the same switched LAN, use the same DHCP server to issue an IP, are on the same channel and have no encryption enabled.

What I need to understand is this: Can the wireless network opperate in this way, with three AP overlapping, but with no knowledge of each other? Is there a better way for this to be set up to increase resiliance and security? I'm not happy about the lack of encryption but have only every touched WEP and WPA in a single-AP environment.

We have some hand-held devices in the warehouse which keep falling off the network, and I wondered if our setup is what's causing this to happen possibly.

Any thoughts gratefully received!

------------------------------------------------------------------------ View this thread:

formatting link

Reply to
Loading thread data ...

Richie4236 hath wroth:

Yes. 802.11 wireless is CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance), which effectively time shares the available bandwidth. It would probably have been better if the 3 access points were working on different on-overlapping channels (1, 6, and 11), but they are apparently far enough apart from each other that it would make little difference.

You can use ping to do a simple test to determine if there's a self interference problem. Connect to one of the 3 access points with a nearby laptop and ping the IP of the local router or some device on the LAN. If you get a consistent 1-2 msec latency, it's working just fine. However, if you start seeing much longer delays and timeouts, then you're experiencing packet loss, probably due to collisions with the other access points. You can aggrivate the situation by having a

2nd laptop move traffic through one or both of the other access points while doing the test.

I don't know what you mean by resiliance.

Security is mostly based on wireless encryption. WEP is totally useless and should be avoided. WPA with a long (20 character or more) encryption key has not been cracked. WPA2 offers a better grade of encryption with AES instead of TKIP. Also, the authentication mechanisms are better. However, there's a problem. Most such systems use a shared key as in WPA2-PSK (pre-shared key). The key must be entered in every laptop or device that wants to the connect to the network. That means it can be easily extracted, compromised, and distributed. To eliminate this shared key, I suggest you consider setting up a RADIUS server as in WPA2-RADIUS. In addition to authorizing (login/passwd) each user individually, it also supplies a one time, maximum length, and unique WPA encryption key, for each session.

In addition to all this, you can also run a VPN over the wireless link, which also encrypts the traffic (thus preventing sniffing) and has it's own authorization and authentication methods. This is often handy when you want to run a private (VPN based) network, on top of a fundamentally insecure wireless system that might be used by guests and visitors.

Sorry. I can't help you there. The usual problem is packet loss caused by interference from other networks, your own network, and non-802.11 sources of interference. A simple microwave oven or cordless phone will cause disconnects. See:

for a list of possible culprits.

Warehouses are also notorious for reflections and multipath. If there is more than one path between the access point and the client radio, then there's a possibility of cancellation (also known as frequency selective fading). The two 20,000 sq ft warehouses I've done required multiple access points and directional antennas pointed down the isles in order to get adequate converage to wireless readers. The antennas had to be install high, near the 20ft ceiling, in order to illuminate the isles. It couldn't be done with just one access point.

I suggest you find a Windoze XP laptop and install Netstumbler, or use a similar Vista tool:

Walk around and collect data on the signal strength and signal quality. Look for dead areas and places where the signal quality deterioriates. That will give you an idea of how much work it's going to take to make things work. Running streaming content, with minimal buffering, is also a good test of bad areas. When the music or video stops, you're losing packets.

The issue of warehouse coverage has been discussed previously. See:

Note that this is a 200,000 sq ft warehouse being discussed.

Reply to
Jeff Liebermann

On Fri, 9 Nov 2007 05:33:22 -0500, Richie4236 wrote in :

Yes. Ideally they should all be on non-overlapping channels (1, 6, 11).

You *definitely* need WPA encryption, preferably with RADIUS authentication. Do not bother with WEP -- it's essentially worthless.

Depends on what "falling off" means, and what kind of gear you have.

Use the same unique SSID on all APs. Provide lots more information on what equipment you're using.

Reply to
John Navas Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.