Information Systems:Wireless Infrastructure (WLAN)
Overview
This article is the primary article for the topic of WLANs, and it documents the current wireless infrastructure. A complete overhaul of the wireless was conducted in July 2017; the old article is now located here. However, since this topic has grown quite large, more information has been moved to additional articles. Consult Category:Wireless (WLAN) to see them.
This article is broken down into 2 main sections, Configuration (background information) and Administration (troubleshooting).
Summary of wireless setup
The implementation of wireless (WLAN) at uniPHARM uses the Extreme Networks WiNG platform.
Access Points
- The model of AP is the Extreme Networks AP7532.
- 6 units total - 4 of the external antenna variant, 2 with internal antennas
| DNS Hostname | Alias | Network Hostname | Location | IP address | Notes |
|---|---|---|---|---|---|
| apxoffice2floor | office_2ndfloor | ap_office_2f_controller | Office, 2nd floor (I.S.) | 172.30.18.80, 192.168.1.2 (captive portal interface) | Controller. |
| apxoffice1floor | office_1stfloor | ap_office_1f | Office, 1st floor (Reception) | 172.30.18.82 | |
| apxdchhc | dc_hhc | ap_dc_hhc | Home Health Care | 172.30.18.84 | On picking station shelf. |
| apxdcrec | dc_receiving | ap_dc_receiving | Unity Training Room | 172.30.18.83 | In the small office. |
| apxdclargedown | dc_largedown | ap_dc_largedown | Pillar, large down/fridge area | 172.30.18.85 | Temporarily mounted to pillar. |
| apxdcalt | dc_alt | ap_dc_alt | Spare | 172.30.18.86 | I.T. Cage |
Wireless Networks
These settings are provided here for convenience but may change at any time in the future. Log in to the web GUI to verify actual settings.
| SSID | Purpose | Authentication | VLAN | office_2ndflr 2.4GHz | office_2ndflr 5GHz | office_1stflr 2.4GHz | office_1stflr 5GHz | dc_hhc 2.4GHz | dc_hhc 5GHz | dc_largedown 2.4GHz | dc_largedown 5GHz | dc_receiving 2.4GHz | dc_receiving 5GHz |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| uwd_dcrf | Warehouse RF Guns, Mobile printers (Receiving) | WPA2-PSK, shared key: uwdrf2051 | 1 | on | on | on | |||||||
| uwd_guest | Guest Access | Captive Portal | 2 | on | on | on | on | on | on | ||||
| uwd_staff | Staff Access | MAC Authentication with Captive Portal fallback | 2 | on | on | on | on | on | on | ||||
| uwd_admin | Privileged/Admin Access | WPA2-PSK, shared key: 2051Drugs | 1 | on | on | on | on | on | on | ||||
| uwd_dev | Dev | Routinely changing | 1 | on |
Configuration
Some quick facts to get you caught up with the wireless setup:
- The 2nd-floor AP is the controller.
- The APs have static IP addresses.
- The gigabit interfaces are set to trunk mode: untagged on VLAN 1, and tagged for VLAN 2.
- Only 3 APs (hhc, largedown, receiving) serve uwd_dcrf used for RF guns.
- IP routing is turned off. Much of the IPv6 functionality is turned off.
- The domain controllers are used for DNS resolution.
Virtual Controller AP
One of the APs (office_2ndflr_controller), is being used as a virtual controller - a WiNG feature that allows an AP to manage other APs.
The virtual controller:
- Is what you log into (runs the administration web server).
- Automatically adopts and manages newly detected APs of the same model (and lower models of the same series).
- Pushes settings to adopted APs.
- Pushes firmware upgrades to adopted APs. The controller is where you upload new firmware images.
- Runs captive portal and RADIUS services. Other APs forward captive portal redirections and RADIUS requests to the controller.
The controller can be powered off without affecting existing wireless connections, but captive portal or RADIUS authenticate WLANs will not be able to authenticate new requests.
Wireless security
WPA2-PSK is used for uwd_dcrf for simplicity. Regarding the staff and guest wireless networks, consult this article for more info about the authentication mechanisms used.
WLAN mapping
Not all WLANs need to be mapped to all APs. Furthermore, the WLANs don't necessarily need to be mapped to both radios on each AP. Each WLAN/AP/radio is a BSSID, and having too many BSSIDs causes network inefficiencies e.g. wireless devices consume more power as they have to 'process' all the BSSIDs during their regular network scans. Check the chart above to see which WLANs are mapped to which radios. These are set with device overrides.
Channels and antenna power
Wireless channels and output power are manually tuned per AP. No auto is used (that would be a severe indication of technical incompetence). Some things to note:
- On 2.4GHz, channels 1, 6, 11 were selected strategically to minimize overlap between the APs.
- Only a few APs (mostly the ones serving the RF guns) are enabled for 2.4GHz.
- 5GHz channels were also selected strategically to minimize interference/overlap. Most APs have the 5Ghz radio enabled as this spectrum allows for less overlap.
- Power was tuned by trial-and-error; most radios are at 50% of max power, since the antennas have tremendous reach.
These are set with device overrides.
Hardware mounting and PoE
Currently, none of the APs are permanently mounted. Ideal hardware mounting solutions for each AP is under exploration.
PoE adapters were purchased separately and currently power the APs. It is expected that PoE switches will be acquired in the future, perhaps as part of the VoIP upgrade project.
Administration
Web administration GUI
- Web GUI: https://172.30.18.80
- Login: (username/password found here)
For the most part, there is little administration to be done, as wireless is a set-and-forget type of deal (especially when the platform and devices are very stable). To monitor WiFi health (but specifically, RF gun performance) check these two areas:
- Statistics panel of the WiNG Web GUI
- Round-trip times in the Statistics section of the TekTerm server Web GUI
Hardware and software support
Extreme Networks Web Portal: https://extremeportal.force.com (username/password found here)
Tickets can be submitted via the web portal.
The 6 APs are covered under:
- Limited Lifetime Warranty for hardware.
- Software and TAC (support) on an annual basis.
Limited Lifetime Warranty likely has a 7-10 turnaround time. The purchase of additional units to replace failed ones can also be considered; there is no need for higher tiers of hardware replacement agreements. Firmware downloads and software support requires Software and TAC, but it is a gray area whether a separate Software and TAC license is required for each AP, or just the controller AP. However, they are very cheap and thus 5/6 APs have Software and TAC (the 6th was purchased used and for some reason wasn't able to be put under the agreement).
Adding staff devices to RADIUS
Management of staff devices has been moved to this article.
Upgrading the firmware
Backing up the config and upgrading firmware has been moved to this page.
Other Notes
Acquisition of Zebra
The WiNG platform was originally a product by Motorola (their mobile enterprise division), which was acquired by Zebra. Zebra evolved the platform for several years, then their WLAN portfolio was acquired by Extreme Networks. From discussions with Extreme Networks reps, it seems they plan to continue with the WiNG platform despite having their own wireless platform (ExtremeWireless). They did hint at integration of the two at some point, perhaps from a management standpoint (i.e. converging the software to be able to manage both types of APs).
WiNG vs WiNG Express
WiNG Express is a scaled down version of WiNG. The 7532 APs actually use WiNG Express as a default. Upon inspection, WiNG Express appeared too simplistic. A CLI command exists to switch to WiNG from the default WiNG Express.
Wireless performance and future optimization
Since the primary objective of the wireless infrastructure upgrade was to solve the connectivity issues with the RF guns, no analysis of throughput and latency has been conducted. In fact, wireless coverage (signal strength), was the only factor taken into consideration in the placement and settings configuration during initial implementation.
Wireless QoS and Fast Transition (802.11r) is something to be explored in the future if the plan to use VoIP cordless phones comes to being.
Wireless site survey
A site survey was strongly considered, but in the end was forgone. It was determined that it was just not necessary given the particularly low requirements of our current wireless needs. It may be considered in the future should the requirements change (e.g. a need to support VoIP).
Power outages
Power outages remove the AP names in the web interface. This is for sure a glitch.
On a brighter note, on October 2, 2017, a power outage was experienced, downing several APs, including the controller. However, there were no calls from the warehouse. One AP must be on the UPS and supported all users at that point. The system came up gracefully when power was restored. Therefore, the group of APs as a unit have proven to be quite resilient and each recovering its configuration elegantly when the controller comes back up.