Wireless LAN (WLAN) Design

Dr. Peter J. Welcher, Chesapeake Netcraftsmen

Copyright 2005

About the Speaker

Dr. Pete Welcher
Cisco CCIE #1773, CCSI #94014, CCIP Network design & management consulting, many major customers Specialties: QoS, MPLS, Wireless, Large-Scale Routing & Switching Taught many of the Cisco courses Reviewer for many Cisco Press books, proposals

Over 118 Enterprise Networking Magazine articles

http://www.netcraftsmen.net/welcher/papers
2 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-1

Netcraftsmen Cisco Certifications

Half of our technology experts possess a CCIE 7.6 Cisco certs per person on average Cisco Specializations:
IP Telephony Network Management Wireless Security (Routing and Switching)

Expertise in other areas as well

Copyright 2005

Objectives
Upon completion of this seminar, you will: Know some of the customer requirements to ask about when conducting a WLAN design Know how to improve the quality of your WLAN designs Understand various common WLAN design models, their pros and cons Understand Cisco technical capabilities, their pros and cons Understand gotchas, interactions between features Understand a flowchart for determining WLAN customer requirements
4 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-2

Rationale
WLAN designs and installations are not all the same, different designs fit different needs
Not just picking up a bunch of Linksys WAPs at Best Buy and scattering them around Costly to built WLAN then have to redo to support new/changed requirements

Internal / customer WLAN requirements interact with the design.

Best to get all the possibilities out on the table up-front!

Still need to do a site survey to get # & locations of WAPs

You do need to know is how thorough the site survey has to be
5 Copyright 2005

Topics Previous and Current Common WLAN Designs

WLSM Module: Added Capabilities Determining WLAN Requirements WLAN Gotchas Other Parts of the Solution Conclusion

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-3

Starting Assumptions
Not going to discuss site survey, going to focus on higher-level, features and topology Good to avoid large Spanning Tree Protocol (STP) domains and large-scale L2 approaches Standard routing gives traffic a chance to breach isolation, requiring extensive ACLs or other measures for security WLAN security level and authentication should match the WIRED network This represents my opinions, not specifically approved or endorsed by Cisco!
7 Copyright 2005

WLAN within the Cisco Family

Positioning Where would you use the following in your design?
Linksys Airespace (recent acquisition) Cisco WAPs but not WLSM Cisco WAPs and WLSM

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-4

CD1: Physical Isolation Network

Copyright 2005

CD1: Discussion
Pro
Secure, in the sense of isolating WAPs and mobile users Does allow ACL controls at point of attachment to WIRED network

Con
Does not in itself secure WLAN authentication or provide confidentiality Cost Separate wiring infrastructure (cost) More equipment to manage (cost) Secure management of WLAN switches? Overkill?

10

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-5

CD1B: Cell Phone/WAP Antenna Network

This is a variant of physical isolation, using dedicated coax and fiber
Provides selective cell phone coverage within buildings (single cell phone vendor?)

Coax connects in-building antennas to building aggregation box WAPs connect to coax via aggregation box
Does allow centralization of WAP chassis

Fiber connects aggregation box to central cell phone access box

11 Copyright 2005

CD1B: Discussion
Pro
If youre doing this sort of thing for cell phones, leveraging it for WAPs may make sense

Con
Cost high Divergent wiring infrastructure (opposite of convergence?) The products dont seem to use IP or even normal networking on the coax and fiber (troubleshooting?) Youre doing something non-standard: risk Still leaves data-side connectivity of WAPs up in the air (so to speak) really more about antennas
12 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-6

CD2A: WAP Isolation VLAN(s)

Isolation VLANs separate WLAN from WIRED traffic

13

Copyright 2005

CD2A: Discussion
This used to be a very common approach for those who knew of WEPs vulnerabilities Pro
Simple Can work well for Internet access for guests, mobile users Allows IDS monitoring of WLAN user traffic Can work reasonably well for collapsed core campuses Can use one isolation VLAN per floor for smaller STP domains

Con
Tempting to create large STP domains for roaming, which weve seen cause instability Connecting to the firewall is problematic in routed core campuses see below
14 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-7

CD2B: Isolation VLANs and IPsec

VPN Concentrator Outer switch Internet router Internet IPsec VPN Firewall Core Switches Isolation VLAN

Trunks Servers
15 Copyright 2005

CD2B: Discussion
This is the form in which isolation VLANs are usually used
The graphic shows use of several isolation VLANs

Older design approach, but still valid Pro

Reduce authentication and confidentiality to a proven approach (IPsec), already supported Handles requirement (guest Internet) and (employee securely internal net) reasonably well

Con
The VPN Concentrator can be a bottleneck PDAs, phones & IPsec??? Contractor, consultant support (internal/external; VPN client?)
16 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-8

CD2C: WAP Isolation + Access Control Device

Isolation VLANs run to WLAN switch for authentication, ACLs, etc. WLAN Switch

17

Copyright 2005

CD2C: Discussion
Notes
Some WLAN switches provide for a remote switch, e.g. in data center Find out if they use tunneling (L2, GRE, IPsec, other) between WAP and WLAN switch? Configured how? How secure?

Questions to ask the vendor

Is it a: Switch Firewall and NAT point NAS or authentication server IDS Etc. Vendors skills in ALL of these areas? How many of these do you really need? How many are duplicative of what you already have?
18 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-9

CD2C: Discussion
Pro
Web authentication and per-user/group access controls are simple, can leverage SSH for secure authentication

Con
Wireless-side confidentiality? Some need one box per L2 domain They assume flat world model, with one WLAN VLAN site-wide Multiple WAP VLAN approach requires more boxes Cost; management complexity More total boxes to manage, plus more vendors Potential bottleneck (failover, behavior under DDoS, etc.?)

19

Copyright 2005

Degree of NAT and ACL Controls?

Per-user ACLs at point of entry may not be sufficiently flexible
Enterasys WAPs also use this approach May well be fine for smaller networks (a few switches) or simple policies (employees everywhere, guests to Internet) All the intelligence has to be in one ACL in the point of entry That may require greater complexity in the ACL

Per-user group NAT or address assignment would alleviate this concern

Meaningful addresses for filtering at other points in the network Does any vendor do this?

20

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-10

WLAN Access Control Device Alternatives

Cisco IOS web auth-proxy
Router CBAC/firewall feature set only May be coming to switches

Cisco BBSM Blue Socket Vernier Bradford Software device (see below, it does a bit more) Airespace* (?) [Docs not visible online, yet] WLSM, below, is a clean alternative but can act as a large-scale choke point
21 Copyright 2005

CD3: Infrastructural WAPs

Use strong authentication and encryption: no need for isolation

22

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-11

CD3: Discussion
Can do separate WLAN VLANs, but theyre for STP reasons, not isolation protect wired STP stability As of WPA and 802.11i, WAP authentication / crypto are now quite acceptable (at most sites)
Non-snooped / cracked login & password Confidentiality of data on wireless link

Pro
Best throughput Avoids MTU and other IPsec issues

Con
Driver support for older PCs, NICs, etc. Device support while PDAs, phones catch up Should some WLAN technology security issue show up (how likely?), theres no easy way to quickly apply ACLs, IDS, etc. for monitoring, control, or cutoff of wireless user traffic
23 Copyright 2005

CD4A: SSIDs and VLANs w/ Infrastructure

VLAN based on SSID Trunks or routed links

24

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-12

CD4A: Discussion
Cisco technology insights:
Can use different VLANs and SSIDs to support devices with different authentication and encryption capabilities Can then apply different ACLs to control traffic based on VLAN / subnet, restrict less-trusted devices traffic

Pro
Flexible accommodation of devices with different capabilities More critical as 802.1x & NAC added to WPA, 802.11i More secure than one SSID/VLAN fits all

Con
More complex Does lead to IP subnet multiplication, see also Clever Addressing Schemes, at http://www.netcraftsmen.net/welcher/papers/addressing.html If the distribution / core is routed, potential for ACL proliferation (cf. WLSM below, however)

25

Copyright 2005

CD4B: 802.1x and Dynamic VLANs

VLAN based on authentication (login, group) Trunks or routed links

26

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-13

CD4B: Discussion
This is similar to static SSIDs/VLANs, except that the VLANs are assigned dynamically based on 802.1x login (user/group info), based on RADIUS server
Can do this for both WIRED and WLAN networks WIRED does require 3550, 3750, 4500, 6500

Pro
Very powerful for heavily mobile user base and flexibility No client-side SSID reconfiguration if group VLAN mapping changes Can combine with MS login

Con
Adds one more thing to troubleshoot Routed links present the same issue in larger networks
27 Copyright 2005

CD4C: Bradford Campus Manager

VLAN assigned by central server(s) Trunks or routed links

28

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-14

What is Bradford?
www.bradford-sw.com Combines NetReg functionality with dynamic VLAN assignment across vendors (switches, WAPs) Colleges adapted Bradford heavily this past Fall Reviews mixed
You do need to do your homework Rapid development lead to some bugs Bradford swamped by new customers May have scaling issues (5000+?)

Uses SNMP traps to the box to trigger port VLAN assignment (via CLI or RADIUS)
Does DHCP into walled garden VLAN for pre-scan (virus, vulnerabilities, etc.), then re-assign VLAN and re-DHCP Registers MACs for permanent dynamic VLAN assignment and subsequent connections
29 Copyright 2005

CD4C: Discussion
Pro
Solves several problems for colleges Forced pre-admission virus / worm scan Forced patch application Lack of client-side drivers supporting 802.1x etc.

Con
Complex They did some smart things to scale but are counting on reliably receiving SNMP traps as PCs connect may not be a good foundation, especially at high-volume times Supports L3 core (mostly) but started out in the VLAN-spansthe-campus (students, faculty, admin) world

30

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-15

But What About a Routed Core?

Guest / contractor with Internetonly access

Trunks or routed links

31 Copyright 2005

WAP VLANs and L3 Core/Distribution

Potential issue #1: roaming, re-association time
If not same VLAN, have to re-DHCP Probably ok for carrying laptop around Not ok for walking with wireless phone Large VLANs lead to STP issues Even in same VLAN, have to re-authenticate to WAP to associate Ok on campus Can be slow if enterprise RADIUS server remote, across WAN
32 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-16

Potential issue #2: Routing Containment

Every router provides the chance for traffic to escape
Makes it awkward to force guest VLAN traffic to only go to Internet Running isolation VLANs across the routed core can get ugly Tends to lead to ACLs on every campus interface

L2 work-arounds can get ugly (plumbing) Can try PBR for this, it gets as ugly or uglier

33

Copyright 2005

Routing Containment, contd

What you have is really a routing issue: want different VLANs and user groups to have different routes available to them Can use MPLS-based VRF-Lite technology for perVLAN routing tables
It provides per-logical interface private routing tables Avoids most of the complexity of MPLS Requires newer gear supporting this I have yet to see anyone do this

Common Design CD5: WLSM, see below

Can combine some of the above models with WLSM to address these issues with routed distribution/core

34

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-17

Topics
Previous and Current Common WLAN Designs

WLSM Module: Added Capabilities

Determining WLAN Requirements WLAN Gotchas Other Parts of the Solution Conclusion

35

Copyright 2005

WLSM!
Cisco Networkers 2004 slides about WLSM Sources:
http://www.networkers04.com/published/ACC2011/ACC-2011.pdf http://www.networkers04.com/published/RST2506/RST-2506.zip

WLSM does require 6500 w/ 720 engine Other requirements:

WAP code version WLSE code version See documentation for details
36 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-18

WLSM: Things to Watch For

Fast Secure Roaming (FSR) caches keys
FSR requires CCKM (Cisco Centralized Key Management): TKIP or WPA with CCKM See the documents for compatible cipher suites Supported for LEAP or EAP-FAST (as of 2004) Cisco or CCX compatible clients

L3 FSR roaming is fast for unicast, not as fast for multicast

Need join to wired network, etc.: some delay But can deliver high multicast rates using mostly wired paths

Need to watch the WLSM scaling numbers

No inter-WLSM blade roaming! Keep an eye on AAA scaling (not as big a concern)
37 Copyright 2005

Other WLSM Factoids

Read the Design and Deployment Guide (RTDDG)
URL is on the next slide Cf. page 35 re MTU and GRE Cf. page 39, PING doesnt work in a couple of cases Can do HSRP-like redundancy, state lost on failover Without CCKM, roaming works but re-association is slow L2 broadcast apps wont work with WLSM Cant have NAT in between WAP and WLSM, WLCCP message not fixed up (yet) QoS takes some configuration effort Limited QoS in hardware for GRE tunnels, prior to the PFC-3B

38

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-19

References: WLSM
WLSM links can seem well-hidden
Some are under switch services modules, some under WAP 1200 alternative: use Search to find them

Services module page (includes video clip):

http://www.cisco.com/en/US/products/ps5865/index.html

WLSM Deployment Guide:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod _technical_reference09186a0080362bd0.html

WLSM Detailed Design and Implementation Guide:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/ networking_solutions_implementation_guide09186a00803890 6c.html
39 Copyright 2005

Topics
Previous and Current Common WLAN Designs WLSM Module: Added Capabilities

Determining WLAN Requirements

WLAN Gotchas Other Parts of the Solution Conclusion

40

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-20

Start

Get Wired
Collect information about any existing or planned WIRED infrastructure L3 to access? How far? Security: match WIRED 802.1x or NAC? IPsec in use for remote access? CS/ACS in place? PoE: match WIRED
Does the WIRED design use a L3 core?

A successful design must consider requirements for the next 2 or more years to minimize the risk and costs of substantial infrastructure changes

Gather Requirements Information

Layer 3 core & distribution switches: consider WLSM in light of other requirements.

Does the WIRED design provide PoE?

WAP power alternatives: 1) All switch blades: IPT deployment 2) Add a PoE blade to support WAPs 3) Add power injectors at closet 4) Add power circuits to point of WAP deployment (time, cost)

Will the WIRED network be using 802.1x or NAC?

It usually makes sense to have WAP authentication and admission control match the wired network.

To Page-2

41

Copyright 2005

Roaming, Authentication
Gather info about any near-term roaming, mobility requirements Ask about sources of potential wireless authentication issues (PDA, phone, etc.) Listen to whether desktop drivers may be an issue

From Page-1

Gather Requirements Information (contd)

Mobility required? What kind of roaming?

Consider VoIP over WLAN, wireless PDA, etc. Determine L2 vs. L3 mobility needs. Consider WLSM. VoWLAN also increases site survey complexity and costs, and equipment costs.

Device authentication limitations?

Consider PDAs, phones, bar code scanners, WLAN smoke detectors, etc. May need multiple SSIDs, VLANs. Determine capabilities and needs.

Desktop authentication limitations, e.g. drivers, support?

Colleges, etc. may not want to deal with desktop drivers for 802.1x, etc.

To Page-3

42

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-21

Mobility and Roaming

Be sure to gather info and think about:
L2 vs L3 Fast Secure Roaming How tight a time for roaming to occur (VoWLAN?) Scope for L2 roaming Scope for L3 roaming Do people really type while they walk? Talk on phone & walk?

43

Copyright 2005

Mobility and Roaming 2

WAP can do smaller scale WDS, L2 mobility New 2800/3800 routers can do larger scale WDS, only L2 FSR mobility at present Need WLSM for largest-scale WDS and L2/L3 FSR mobility right now
44 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-22

Security
Listen to management concerning wireless security fears, needs, requirements Look at existing security policy, if available Examine potential risks (snooping, adverse publicity, etc.) Find out if multiple static or dynamic VLANs match site security needs Listen for any other security needs that might interact with the WLAN Document requirements, cycle with customer

From Page-2

Gather Requirements Information (contd)

Need guest or other group isolation?

Degree of severity of guest isolation?

OK with Infrastructural WLAN?

Want 802.1x user group dynamic VLANs?

Other WLAN security needs?

Document Requirements & Revise

Document customer requirements

Customer approval of reqts document?

To Page-4

Revisit requirements from the top

45

Copyright 2005

Security
Really need to understand customer security requirements and plans, on the WIRED as well as the WLAN side Web login? 802.1x & NAC? Dynamic VLANs? (Which form of them?) Needs regarding secure WLAN authentication Needs concerning WLAN confidentiality Risks and needs and policies concerning guest & contractor access Risks and fears concerning WLAN, liability
46 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-23

Basic WLAN Risk Model

Do you trust WLAN authentication to be at least as secure as your wired port authentication technique?
Have you thought about conference rooms and unused wall ports lately? Visitor controls?

Do you want to isolate the WLANs in case future security issues turn up? Do you have WLAN guest users? Consider personal firewall for WLAN users (home or away)!!!
47 Copyright 2005

Securing WLAN Secure Management

Need secure way to manage WLAN infrastructure switches and WAPs Cisco WLAN Solution Engine (WLSE) Separate management VLAN ACLs restricting traffic to/from mgmt VLAN SSH instead of telnet TFTP: no authentication, but must be enabled to launch image transfer
48 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-24

Design
After determining requirements and other factors, build a design First make big choice (WLSM or not) Then layout topology Then fill in high-level features to be used Site survey: there are choices on this Document design and rationale, and cycle with customer

From Page-3

Complete WLAN Design Details

Determine WLAN topology layout

Include WLSM if appropriate.

Rough site survey to estimate # of WAPs

Consider VoWLAN needs in site survey planning

Determine supporting equipment needs: WLSE, WLSM, ACS, PoE, etc.

Consider PoE versus power injection or power to WAPs

Determine WLAN highlevel configuration details

SSIDs, VLANs, dynamic VLANs, addressing, authentication, encryption, roaming support, etc.

Document WLAN design, review by customer, etc.

49

Copyright 2005

Topics
Previous and Current Common WLAN Designs WLSM Module: Added Capabilities Determining WLAN Requirements

WLAN Gotchas
Other Parts of the Solution Conclusion

50

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-25

Gotcha #1: IPsec Is Not a Panacea

IPsec is tempting when youre getting started
Good authentication, fairly simple, well-understood, already supported But it doesnt scale as usage grows

Wired replacement with WLAN means you have a lot of VPN clients and throughput
Stresses VPN Concentrators Need more VPN Concentrators ($$$$) Encrypted traffic & QoS?

Alternative
Infrastructure plus VLANs, WLSM?
51 Copyright 2005

Gotcha #2: Not All Devices Are Created Equal What else might you want on your WLAN?
Wireless phones 802.11-capable cell phone of the near future PDA with 802.11 Sensors with PoE and 802.11 (HVAC, smoke, door, etc.)

Potential issue: authentication and encryption! This is where the flexibility of multiple SSIDs and VLANs provides future-proofing
52 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-26

Gotcha #3: Site Surveys

Site surveys come in different degrees of cost and rigorousness:
Thanks, Ill save $$ and do it myself You may get what you pay for? SWAG WAP count, buy some extras, locate, finetune (perhaps using WLSE assisted walkthrough) Does take time, still Professional light (locates potential interference and other problems up front) Professional heavy (for VoWLAN support) See URL on VoWLAN slide (next), the 7920 phone document has a lot of good info in it
53 Copyright 2005

Gotcha #4: VoWLAN

Good thing, very popular in medical environments But needs to be done right, as VoWLAN is more demanding Site survey requirements and care in installation tighter
See Cisco Wireless IP Phone 7920 Design and Deployment Guide http://www.cisco.com/en/US/products/hw/phones/p s379/products_implementation_design_guide_book 09186a00802a029a.html

Consider QoS, Security, and other issues

54 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-27

Gotcha #5: Mismatch with Wired Security

You made your WLAN very secure
But the WIRED network is wide-open??? Contractors, guests, etc.?

Suggestions:
Dont get overly uptight about WLAN security and overlook WIRED security Do consider using similar authentication for both, e.g. 802.1x WLAN does need encryption on wireless transmissions for confidentiality

55

Copyright 2005

Minor

Gotcha #6: CCX Version 2

Needed with WLSE for assisted walkabout, client-side rogue detection, etc. See http://www.cisco.com/en/US/partners/pr46/pr1 47/partners_pgm_partners_0900aecd800a7907 .html for vendor support Should be fairly well supported

56

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-28

Topics
Previous and Current Common WLAN Designs WLSM Module: Added Capabilities Determining WLAN Requirements WLAN Gotchas

Other Parts of the Solution

Conclusion

57

Copyright 2005

Other: WLSE
Management of WAPs
Configuration archival Templates to send out configlets to WAPs WAP Fault Management WAP Performance Exception Management RF management, assisted walk-through, rogue WAP tracking
http://whatever:1741

Required for WLSM

If you have WLSM, you probably have enough WAPs you really need WLSE anyway

58

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-29

Other: Power Over Ethernet (PoE)

The alternatives
Get electrical circuits and junction boxes installed at WAP locations More costly than youd first think Inflexible as to (re-) location of WAPs UPS?? Use power injectors Slight amount of cabling complexity Use PoE blade in switch to support WAPs Cost-effective, flexible Careful: switch power supply big enough? Full PoE in closets Due to cost, this is probably done as part of preparation for IP phone deployment

59

Copyright 2005

Other: Security Devices & Blades

CiscoSecure ACS
Needed for WLSE / WDS in WLAN deployment

VPN Concentrator
Consider VPN Service Module for 6500

IDS
Consider IDS Services Module for 6500

Firewall
Consider Firewall Services Module for 6500

60

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-30

Topics
Previous and Current Common WLAN Designs WLSM Module: Added Capabilities Determining WLAN Requirements WLAN Gotchas Other Parts of the Solution

Conclusion

61

Copyright 2005

References: Networkers 2004

Networkers 2004 had numerous presentations on WLAN, see
http://www.networkers04.com/catalog/controller/cat alog

62

Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-31

WLAN Book References

OReilly Press
802.11 Wireless Networks: The Definitive Guide (O'Reilly Networking) by Matthew Gast http://www.amazon.com/exec/obidos/tg/detail//0596001835/qid=1105022925

Cisco Press
Cisco Wireless LAN Security by Krishna Sankar, Sri Sundaralingam, Darrin Miller, Andrew Balinsky http://www.amazon.com/exec/obidos/tg/detail//1587051540/qid=1105022925 802.11 Wireless Network Site Surveying and Installation by Bruce Alexander http://www.amazon.com/exec/obidos/tg/detail//1587051648/qid=1105022925/ Wireless Local-Area Network Fundamentals by Pejman Roshan, Jonathan Leary http://www.amazon.com/exec/obidos/tg/detail//1587050773/qid=1105023211/
63 Copyright 2005

Summary
Having completed this seminar, you should now: Know some of the customer requirements to ask about when conducting a WLAN design Know how to improve the quality of your WLAN designs Understand various common WLAN design models, their pros and cons Understand Cisco technical capabilities, their pros and cons Understand gotchas, interactions between features Understand a flowchart for determining WLAN customer requirements Thanks for coming!
64 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-32

Any Questions?
For a presentation copy, please email pjw@netcraftsmen.net Chesapeake Netcraftsmen Can Provide
Network design review: how to make what you have work better Periodic strategic advice: whats the next step for your network or staff Network management tools & procedures advice: whats right for you Implementation guidance (your staff does the details) or full implementation

Chesapeake Netcraftsmen does

Small- and Large-Scale Routing and Switching (design, health check, etc.) Security design and management (IDS, firewalls, VPN, enterprise-scale security information management, security reviews) QoS (strategy, design and implementation) IP Telephony (preparedness survey, design, and implementation) Call Manager deployment Network Management (design, installation, tuning, tech transfer, etc.)
65 Copyright 2005

Copyright 2005, Chesapeake Netcraftsmen

Handout Page-33