Implementing a WLAN: Good
Planning is the Key to Success
Introduction
Wireless LAN (WLAN) technology has matured and become a practical
alternative to traditional networks. It offers the kind of anywhere/anytime
connectivity that today’s highly mobile workforce has come to expect.
Wireless LANs can provide full access to network resources from any
place within range of an Access Point (AP).
On one level, a wireless LAN is very much like a wired LAN. There are
endpoint devices (servers, workstations, printers) enabled by network
cards and data is transferred with network communication protocols.
Instead of traveling on fiber or copper, data is transferred with Radio
Frequency (RF) signals.
Wireless LANs make it easier for employees to stay on line and in
touch. The increased flexibility of Wireless LANs enables more
productive work teams, supports greater employee collaboration and
contributes to employee satisfaction. Workers like the mobility and
sense of empowerment that a WLAN can provide.
Since it has become a popular technology used within a residence,
many businesses are familiar with the basics of wireless networking.
The ease of setting up a WLAN is contributing to its rapid adoption.
However, a successful WLAN implementation requires the same kind of
advanced detailed planning and attention to detail as any other
network deployment.
Networking Requirements
Analysis and Deployment Considerations
The first step in a WLAN implementation is to conduct a thorough
business analysis to verify that wireless technology will meet business
needs and deliver the required functionality. The physical environment
(indoors, outdoors or both), the kind of traffic the WLAN will need to
carry (data, voice, video or all of the above) and the type of business
function it is intended to serve (such as conferencing, customer service
or sales support) should be considered. It is also important to factor in
future application requirements, growth and scalability as part of the
initial assessment.
Channelization and deployment standards play an important role in
WLAN implementations. A channel represents a narrow band of
radio frequency. Since radio frequency modulates within a band of
frequencies, there is a limited amount of bandwidth within any given
range to carry data, which impacts the overall capacity of the WLAN.
It is important that the frequencies do not overlap or the throughput
would be significantly lowered as the network sorts and reassembles
the data packets sent over the air. There are a few basic deployment
standards from which to choose, with more being tested. Four
considerations will be discussed in this paper, including 802.11b,
802.11g, 802.11a and 802.11i.
Data rates up to 6 Mbps of effective throughput (throughput used for
data transfer vs. overhead) can be supported with an 802.11b deployment.
This selection is often chosen if there are a small number of users per
AP, if WLAN access is needed for handheld PCs or if an existing
802.11b WLAN needs to be expanded to accommodate more traffic.
802.11b does penetrate walls and provide good indoor range. To
prevent interference with other equipment, the physical environment
should be free of other wireless devices, such as cordless phones,
microwaves or elevators utilizing the same 2.4 GHz frequency.
Because it can provide effective throughput up to 25 – 30 Mbps, 802.11g
may be a good option for businesses needing more throughput.
Businesses using an existing 801.11b network can upgrade to 802.11g
since they both operate on the 2.4 GHz frequency. Applications needing
high bandwidth and speed, such as large graphics, audio, data and video
files, are commonly used with this selection. Similar to 802.11b, 802.11g
penetrates walls, offers good indoor range and may experience
interference from other devices on the same frequency.
Another deployment selection that offers enhanced throughput to
support applications requiring high bandwidth is 802.11a. This
selection provides lower interference with other devices than 802.11b,
but typically has a slightly shorter indoor and outdoor range than
802.11b and 802.11g. 802.11a operates on a 5 GHz band, which is a
different and wider frequency spectrum than 802.11b and 802.11g,
allowing more channels and more overall throughput. The wider
Implementing a WLAN ______________________________________________________________________________________________________________________ 2

frequency band allows 802.11a to support up to eight non-overlapping
channels. 802.11b and 802.11g support up to three non-overlapping
channels. Frequency ranges and channels may vary by country.
The number of radio frequency channels required by an organization is
determined by assessing usage requirements. For example, a public
hotspot such as a lobby can usually be well supported by the 802.11b
standard for e-mail support or viewing web sites. A conference room
may be better served by the 802.11a standard for transfer and
collaborative work with data files. A home office might be best suited
by a 802.11g-based network to help enable good application
performance for virtual office workers.
The number of simultaneous users that an AP can support depends
mostly on the amount of data traffic traveling at a time (heavy versus light
downloads and uploads). Bandwidth is shared among users on a WLAN
as with wired network connections. Network performance, as gauged by
the number of simultaneous users, hinges on the combined computing
activity. For example, with 802.11b, each hardware access point has up to
6 Mbps effective throughput. This capacity is adequate for:
• 15 – 25 nominal users who are mostly idle and check on
occasional text based e-mail
• 10 – 15 mainstream users who frequently use e-mail and
download and upload moderately sized files
• 5 – 10 power users who are constantly on the network and deal
with large files
To increase capacity, more APs may be added, which gives users more
opportunity to enter the network. Networks are optimized when the
APs are set to different channels.
A newer standard that has been developed addresses security
weaknesses regarding both authentication and encryption protocols.
This selection, 802.11i, encompasses 802.1X, Temporal Key Integrity
Protocol (TKIP) and Advanced Encryption Standard (AES) protocols.
The Site Survey
With the requirements and deployment confirmed, it’s time for a site
survey. The best surveys are done literally on-site. Modeling tools
can simulate an environment without an actual visit, but they are only
as good as the source data. Key elements to be determined in this
survey are identifying the number and placement of APs and assessing
the attenuation of radio frequency obstacles.
The speed at which a WLAN performs depends on many things, such
as the efficiency of the wired network, the configuration of the
building, and the type of WLAN employed. As a general rule for all
WLANs, data throughput decreases as the distance between the
WLAN access point and the wireless client increases. An assessment
of AP signal strength using various antenna and AP configurations

Obstruction Degree of Attenuation Example

Open space None Cafeteria, courtyard

Wood Low Inner wall, office partition, door, floor

Plaster Low Inner wall (old plaster lower than new plaster)

Synthetic materials Low Office partition

Cinder block Low Inner wall, outer wall

Asbestos Low Ceiling

Glass Low Non-tinted window

Metal tinted glass Low Tinted window

Wire mesh in glass Medium Door, partition

Human body Medium Large group of people

Water Medium Damp wood, aquarium, organic inventory

Bricks Medium Inner wall, outer wall, floor

Marble Medium Inner wall, outer wall, floor

Ceramic (metal content or backing) High Ceramic tile, ceiling, floor

Paper High Roll or stack of paper stock

Concrete High Floor, outer wall, support pillar

Bulletproof glass High Security booth

Silvering Very High Mirror

Metal Very High Desk, office partition, reinforced concrete, elevator

shart, filing cabinet, sprinkler system, ventilator
Implementing a WLAN ______________________________________________________________________________________________________________________ 3
helps determine the number and placement of required APs needed
to provide adequate radio coverage. This process involves:
• Gathering facility drawings and blueprints, documenting wiring
such as the location of host systems and documenting power
outlets and structural elements (such as metal firebreaks and walls,
doorways and passageways).
• Assessing environmental radio coverage including the selection of
AP devices and radio for the installation areas where signal
interference is avoided or minimized. The optimal positioning of
access points and antennas is also determined.
• Assessing channel interference and conducting testing to help
ensure radio transmissions do not overlap.
• Choosing antenna placement including positioning of omni-
directional and directional antenna.
• Establish diversity reception including overcoming interference or
fading by positioning multiple antennas in certain locations.
• Assessing electrical systems including review of AP electrical
installation alternatives to prevent performance degradation on
inherent or random electrical problems.
• Redundancy should be considered for conference rooms, cafeterias
and other multiuse spaces to help ensure good throughput.
Attenuation of radio frequency obstacles should also be considered as
part of the site survey and assessment. Both the ability of radio waves
to transmit and receive information and the speed of transmission are
impacted by the nature of any obstructions in the signal path. The
illustration on page 2 shows the relative degree of attenuation for
common obstructions.
Wood floors can cause floor-to-floor interaction between APs. It is
important to ensure that channel selections are appropriate for
vertically adjacent access points. All office and room doors should be
closed before beginning the survey in order to assess reception at its
lowest level. The corner of a room should be avoided as a placement
area for an access point. If placed in a corner, about 75% of the AP
coverage is wasted. This also gives unauthorized users outside the
room a better chance to access the AP.
To understand what other frequencies might be present in the proposed
WLAN space, surveys should also include an RF spectrum analysis.
Security Considerations
Security is often cited as a key concern in a WLAN implementation, as
it can be a potential open door to the network. Before deployment,
the WLAN’s security issues should be clarified stating clearly what kind
of authentication measures and encryption methods will be used.
Developing and documenting a WLAN security policy is a good first
step. Many security breaches can be traced to policy failures, not
technology failures. WLAN security policies should be similar to any
other network security policy, with a stated purpose, a clear scope and
assigned responsibilities.
One way to make a WLAN more secure is to limit its reach. At the
design stage, the WLAN’s engineers should be clear about how far
and wide wireless access is really needed, so they can select APs that
will shape the signal’s range and direction. It’s also a good idea to
isolate the WLAN from the rest of the network with an internal firewall
or Wireless DMZ.
Several security technologies can provide added levels of protection
for WLANs:
• Service Set Identifier (SSID) identifies the WLAN. Clients must be
configured with the correct SSID to access their WLAN. The SSID
should not be broadcast and the key should be shared only with
those having legitimate need to access the network. Finally, the
SSID should be changed periodically.
• Media Access Control (MAC) is access based on a filtering system of
MAC addresses configured for a specific LAN switched port. It
restricts WLAN access to computers that are on a list created for
each AP on the WLAN network. It also restricts the connection of
APs and the LAN switch port.
• Wired Equivalent Privacy (WEP) is an encryption method that
protects WLAN data streams between clients and APs as specified
by the 802.11 standard. There have been flaws identified in this
security mechanism and its effectiveness is uncertain.
• IEEE 802.1X is a security standard featuring a port-based
authentication framework and dynamic distribution of session keys
for WEP encryption. A radius server is required.
• IEEE 802.11i is an upcoming security method being developed by
the IEEE that features 802.1X authentication and includes
Advanced Encryption Standard (AES) for added protection. Another
enhancement, Temporal Key Integrity Protocol (TKIP), allows
encryption keys to be changed frequently.
• Wi-Fi Protected Access (WPA) is a method that addresses the
encryption issues of WEP by utilizing Temporal Key Integrity
Protocol, which wraps around WEP and changes the encryption key
frequently. WPA also includes the authentication benefits of 802.1X.
• Extensible Authentication Protocol (EAP) is a point-to-point protocol
that supports multiple authentication methods. The support of EAP
types depends upon vendor implementation. EAP provides the
framework for the client, the authenticator (the wireless access
device or access point) and the authentication server to authenticate
each other and communicate the encryption keys.
Providing security features to a WLAN involves coordinating multiple
elements. WPA protocol is normally recommended over WEP protocol.
Strong encryption should be used and the default administrative
password should be frequently changed. A “strong” password should
be used, containing at least eight characters, with a combination of
letters and numbers. The Service Set Identifier (SSID) should not be
broadcast because it forces users to know the name of the network
in order to connect. Rogue users won’t see the WLAN as an
available network.
Implementing a WLAN ______________________________________________________________________________________________________________________ 4
Regular network audits should be performed to identify and disable or
reconfigure rogue APs. Rogue APs are those installed without the IT
department’s knowledge. These APs are not configured with any
security settings and may leave an open door for unauthorized access
to the network. Some rogue APs may not be connected to the
network. However, due to their presence, users may attempt to use
the AP by providing valid user authentication information (such as user
ID and password), which can be retrieved via other methods such as
unauthorized hacking and exploitation. From a physical standpoint, in
areas requiring limited access, access points should be placed adjacent
to or straddling the high-security area.
Businesses may want to consider making the use of virtual private
networks (VPNs) part of their security policy. In doing this, users
would need to use a VPN to enter the corporate network through a
wireless access point.
Equipment
With the right up-front planning, the actual implementation of a WLAN
is largely a plug-and-play activity. WLANs are engineered with a few
types of components. A typical network infrastructure is composed of
the following equipment:
• Hardware – WLANs consist of two main building blocks, including
an AP that connects to the network and a wireless adapter
installed in the computing device.
• Access point (AP) – An AP is a small box, usually with one or two
antennas. This radio-based receiver/transmitter is connected to the
wired LAN (or broadband connection) using Ethernet cables.
• Antennas and bridges – Antennas enhance radio frequency
coverage, extending the range of an 802.11 WLAN (See the Age of
the Wireless LAN for more information). Bridges provide a point-to-
point wireless connection between two LANs.
• Wireless adapter – A wireless adapter functions like a network
interface card (NIC) in that it allows the client computing device
access to the network by means of the wireless AP.
• Clients – Clients are items such as workstations, laptops, phones,
printers or other WNIC-enabled devices.
Most devices on a WLAN are referred to as stations and are equipped
with Wireless Network Interface Cards (WNICs). A service set is a
collection of stations that can communicate with each other. Service
sets are connected at some point to a Distribution System, which is
usually a wired LAN.
Depending upon security requirements and policies of the user, an
authentication server may be needed to validate the user and the AP.
A management server may be needed to help monitor and maintain
the WLAN. Advanced network management may require a gateway
server that provides Quality of Service for different groups of users
and applications.
It is important to check for interoperability between the network
infrastructure and client-side WLAN components. It is also important
to verify that the clients are on the correct frequency by selecting
appropriate channels on the APs. 802.11a products are inherently
incapable of communicating with 802.11b products because they
Automotive Company Overcomes WLAN Design Issues
Business Situation
An automotive manufacturing company wanted to
implement a WLAN to help boost productivity and
efficiencies for multiple business units. The network
design needed to handle several diverse requirements:
• Each business unit required separate access to specific
resources – segmentation and separation of resources
was required for confidentiality
• The same wireless network needed to provide access to
guests as well as internal restricted resources
• Guests should only have access to the Internet
• Wireless access could not reach beyond the
host buildings
• The wireless network needed to have a variety of
security features to help prevent it from being a
gateway into the rest of the corporate network
Networking Solution
Senior Security Consultants were provided to review the
current network design. A wireless site survey was
performed to identify access point and signal strength
needs. Authorized wireless hacking methodologies, such
as wireless detection, sniffing and network scanning, were
conducted to check the performance of the design.
Several troublesome design issues were discovered, including:
• The signal was available in the parking lot and beyond
• There was no authentication on the WLAN
• The WLAN was connected to the server segment
without a firewall
Authentication issues were rectified by implementing
Wired Equivalent Privacy (WEP – is a scheme that is part
of the IEEE 802.11 wireless networking standard to help
secure IEEE 802.11 wireless networks), which was the only
safeguard available for the procured equipment. Configuration
changes and detailed network design recommendations
were provided to restrict access to the WLAN, restrict
access between the WLAN and the corporate network and
address common architectural practices. Specifically, the
company was shown how to restrict users to appropriate
network resources. For example, lobby guests were
segmented away from the rest of the network. Finally,
corporate servers were firewalled away from the wireless
LAN and additional layers of authentication were
implemented to help ensure authorized access. The
automotive manufacturer was left with a WLAN solution
that helped improve employee productivity and
accommodate the access needs of the business.
Implementing a WLAN ______________________________________________________________________________________________________________________ 5
operate on separate frequencies. Even though 802.11b and 802.11g
products operate on the same frequency, due to modulation
differences, they need to be designed for dual mode operation or
upgraded to ensure compatibility.
APs should be placed in strategic areas to provide adequate coverage.
Many IT managers avoid outside facing walls to help minimize security
threats from people in parking lots. Overlapping of coverage is
important for maintaining a continuous connection around a building.
APs should be set to different channels to avoid cross talk, or colliding
with signals that degrade performance while the data packets are
sorted and put together correctly.
New architectural direction incorporates wireless band controllers
to support APs. The controllers do authentication, aid in QOS,
and collect statistics. Today, that information allows for a more
scalable implementation.
Roll Out
Once the design of the WLAN is established, it is important to develop
a plan for deployment. Deployments sometimes consist of pilot
For more information contact your AT&T Representative or visit us at www.att.com/business.
07/13/07 AB-1111
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures.
programs providing wireless connectivity to a small segment of a larger
environment. Other times, a wireless network solution must be
implemented across the entire organization. Many businesses take a
Build-and-Test approach, bringing up one segment of the WLAN at a
time, then testing and approving it before moving on to the next
segment. Each segment test also checks the deployed security features.
Summary
WLANs help increase productivity and team collaboration and help
facilitate more efficient decision making. Compared to a wired
network, WLANs can provide a more flexible technical infrastructure,
at a reduced cost. Since they can be installed or relocated quickly,
WLANs offer natural business continuity advantages.
A successful WLAN implementation is a matter of striking the right
balance between functionality, performance and security objectives.
With careful planning and the right advice from experienced
professionals, businesses can expect to benefit from what the wireless
technology has to offer.