Information Systems:Old Wireless (WiFi) Infrastructure (pre-2017)
Note: This page is old. Refer to this article instead.
Overview
This page describes the current wireless (WLAN) infrastructure at uniPHARM. As of September 2016, there is a business case to redo the entire infrastructure, so the info on this page is slated to change drastically.
There are 3 sets of access points in the current infrastructure: a set of 4 APs for the RF guns, a set of 2 APs for the mobile belt printers used in receiving, and a set of 2 APs for a guest wireless network connected to the Loomis network (DHL/Loomis). All SSIDs operate on the 2.4GHz; there are no 5GHz networks enabled as there is no current need for such.
Configuration
Access points
| Access Point Group and Model | Hostname | Location | IP address | Wireless channel | Radio capability, current setting | Wireless MAC address | Admin login |
|---|---|---|---|---|---|---|---|
| RF Guns - Psion Teklogix 9160 G2 | |||||||
| ap7recv.unipharm.local | Receiving overhang | 172.30.18.117 | 11 | b/g, g-only | 00:08:A2:08:38:90 | admin/visionAP7 | |
| ap13ship.unipharm.local | Shipping overhang | 172.30.18.125 | Disabled | 00:08:A2:04:A7:94 | admin/visionAP13 | ||
| ap9cage.unipharm.local | Forklift runway/Large Down | 172.30.18.119 | 6 | 00:08:A2:08:3C:E0 | admin/visionAP9 | ||
| ap12narc.unipharm.local | Narc cage | 172.30.18.124 | 11 | 00:08:A2:04:C4:C8 | admin/visionAP12 | ||
| Belt Printer Access Points - Cisco AP541N-A-K9 | |||||||
| ap10c541n.unipharm.local | Receiving overhang | 172.30.18.122 | 11 | a/b/g/n, b/g/n | 00:21:29:07:76:50 | cisco/vision10 | |
| ap11c541n.unipharm.local | Server room | 172.30.18.123 | 11 | 64:AE:0C:EA:7C:00 | cisco/vision11 | ||
| Loomis Access Points - Cisco WAP4410N | |||||||
| ap1guest | Narc cage | 192.168.1.253 | Disabled | b/g/n, n-only | adminit/vision1t | ||
| ap2guest | Promo area (receiving) | 192.168.1.252 | Disabled | adminit/vision1t |
Wireless networks
| SSID | Purpose | AP Group | Security Type | Password | Notes |
|---|---|---|---|---|---|
| unitek2 | RF gun network | Psion Teklogix 9160 G2 | WPA-Enterprise | User: gunuser2, Password: keepscan9 | Authentication server is internal RADIUS server within cluster. |
| uwddc1 | Mobile belt printers | Cisco AP541N-K9 | WEP | UWDVan20dyke52 | Implemented because mobile belt printers had trouble connecting to Psion access points. (I've validated this - the printers don't handle WPA-Enterprise well. -norwizzle (talk)) |
| unioffice2 | Guest wireless (Walled garden) | Cisco WAP4410N | WPA2-Personal | Unipharm6y0d | Entire network disabled due to interference. Re-enabled upon visits from authorized guests. |
Notes
02/17 - Access point failure causing massive and random outages
In Jan. to Feb. 2017, major issues were being experienced with the network serving the RF guns (Psion cluster). The guns would experience red locks (Lock-B) in TekTerm, which strongly indicates a loss of wireless connectivity (as opposed to the yellow Lock-H, which indicates being in host-wait i.e. attempting to resume communication with Bart). The most heavily affected area was OTC. After weeks of monitoring and investigation, it seems that one or more of the access points in the cluster are experiencing internal failure (likely the internal flash), due to age. Syslog indicated that some of the internal processes of the APs were restarting at random points in the day.
It is theorized that a failure of even one AP in the cluster has major ramifications to the operation of the entire cluster. This could be because wireless clients unknowingly roam/reassociate to the failing AP, or because any one access point contributes some processing in the cluster mechanism.
In an attempt to fix this, the AP8SHIP access point was replaced with AP13SHIP, a spare AP of the same model. During the replacement, the antenna connectors broke, such that the new AP did not seem to emit a strong enough signal for any of the guns to operate, despite being an active member (in other respects than wireless) of the cluster. Meanwhile, it was always a theory that the roaming between AP8SHIP and AP9CAGE to serve the main picking area (OTC,HTC,RX etc) was more detrimental than beneficial. This is due to the fact that the cluster is secured with WPA2-Enterprise - which requires slow, RADIUS authentication - coupled with the fact that no fast-roaming technologies are implemented (due to the client-side and AP-related barriers). Therefore, AP13SHIP is in place and running but not serving wireless (no wireless clients can connect to it).
Outcome: The Psion cluster serving the RF network has been effectively reduced to 3 APs (AP9cage,receiving, and narc). Feedback has been very positive thus far.
Misc. changes
- MAC filtering turned off for Psion cluster. It's a useless and antiquated security measure.
To-do
- Roaming and roaming authentication
- Roaming stickiness
- Transmit power
- Presence of wireless b clients