Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Networking Wireless Networking

Ask Slashdot: How Do You Deploy Small Office Wi-Fi SSIDs? 172

First time accepted submitter junkfish writes "I am not able to install a controller based Wi-Fi solution in my office due to cost, but I like presenting my users with a single SSID rather than an array of four or five differently named SSIDs from different access points. What is your experience deploying multiple wireless access points with the same SSID and password? I have been doing this with Cisco 1040 series Access Points this year, and have had good success. It seems like the client is able to determine which AP is best to connect to, and is able to roam around the office without too much of an interruption when it connects to a different AP. Is this sloppy practice? Or does the general state of the 802.11 provide for this sort of resiliency? I am really interested in your opinion because I have not seem too much documented on this subject."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How Do You Deploy Small Office Wi-Fi SSIDs?

Comments Filter:
  • I've seen it work (Score:5, Informative)

    by Nefarious Wheel ( 628136 ) on Thursday January 03, 2013 @06:43PM (#42469115) Journal

    I've seen it work with multiple AP's in an office that all had the same SSID. Just cloned the boxes (some cheap Cisco thing, can't remember the part number) and never had any issues with conflicts.

    • Unifi (Score:5, Informative)

      by ProfessionalCookie ( 673314 ) on Thursday January 03, 2013 @07:27PM (#42469569) Journal
      If the only think keeping you from a controller based solution is cost try Ubiquiti's Unifi. You can run without a controller and if you need one you can use any old embedded box. http://www.ubnt.com/unifi [ubnt.com]
      • Re: (Score:3, Informative)

        by Anonymous Coward

        This guy has it. I think the Unifi setup rivals the cost of their other ap's, too, like the Bullet M2 HP and the PicoStation (best outdoor AP for the $). Even better is that as of AirOS 5.5, multiple VLANs are supported. This gets a bit whacky thanks to their vague user-manual and uninformative GUI but is well worth it given the cost and good customer service. It takes some playing around with to understand how they do the VLAN tagging.

        To properly configure client roaming between the AP's, simply name them

      • This is only marginally different from separate access-points, though. Their "controller" is only for management -- it doesn't do anything for helping users roam between the APs, for instance. You need actual enterprise-class equipment if you want that.
      • Re:Unifi (Score:5, Informative)

        by Nimloth ( 704789 ) on Thursday January 03, 2013 @10:43PM (#42471349)
        +1 for Ubiquiti Unifi. I run the controller on my Macbook, the APs are spread across several locations and some locations have several. Roaming is seemless, quality and features are impressive and they are dirt cheap. 3 packs are 250$, that comes to about 85$ / AP. The controller is included and there is no license to pay or recurring fees.
      • Came to recommend this. It is dead easy to set up and it works better than I expected it to. I set up multiple SSIDs for different business units and an open hotspot for our guests that is isolated from the rest of the network. The ability to add an office layout is nice if you are adding more than a couple of hotspots and don't remember where HS249 is located. I haven't found anything close at this price point.
    • Indeed, you should be fine! A single SSID across all access points is the way to go but, as the Cisco 1040 series seem to be 802.11n your choice of channels is limited.

      Make sure you only use channel 1, 6 or 11 as the others overlap [wikipedia.org] which can confuse clients; you are better off having two of your five arrays on identical channels than overlapping them. Just try to keep the access points with identical channels a reasonable distance apart, so that there is an obvious difference in signal strength.

      • by edrawr ( 1572199 )

        Indeed, you should be fine! A single SSID across all access points is the way to go but, as the Cisco 1040 series seem to be 802.11n your choice of channels is limited.

        Make sure you only use channel 1, 6 or 11 as the others overlap [wikipedia.org] which can confuse clients; you are better off having two of your five arrays on identical channels than overlapping them. Just try to keep the access points with identical channels a reasonable distance apart, so that there is an obvious difference in signal strength.

        I couldn't agree more on this. In the past I worked for a small college, and we were having terrible performance issues with a brand new Colubris (now HP) setup. After turning the broadcast power down on each of the APs, we still had clients jumping from AP to AP. After a lot of head scratching and bringing in a professional WLAN analysis contractor, we found that all of the APs were on channel 6. Adjusting them to a pattern to break this up cleaned up all of the issues for us.

        • You adjusted the power before changing the channels? That's like...wireless 101! (However I may be biased, having worked for an ISP).

    • by Anonymous Coward

      If an office network mixes brands, models, and 802.11g access points with 802.11n access points, is it still best practice to have them share SSIDs?

    • Why not get a couple routers, set up DD-WRT and use WDS. That's what it's there for and it's simple to configure.

  • by pclminion ( 145572 ) on Thursday January 03, 2013 @06:47PM (#42469149)
    I thought that was the standard way of doing it anyway. Is it not?
    • by Dishwasha ( 125561 ) on Thursday January 03, 2013 @07:00PM (#42469329)

      Yes, that is the biggest mistake no-name wireless installers and IT consultants (i.e. the guy installed a wireless AP in his house and now he's an expert) do with small businesses is they use different SSIDs and WEP keys for each access point. It is extremely annoying. Use the same SSID and the same WEP/WAP key for each access point. In the 802.11X standard, it is the responsibility of the wireless client to automatically determine which AP is best and automatically switch and potentially hop channels. You will want slight overlap of the wireless zones, but don't place them too far away or to close to each other. Be aware of any areas where a "firewall" is installed (not an electronic firewall, but a wall with extra insulation that protects different areas from spreading fire) and plan APs accordingly. One you place the APs with approximate locations, do a slow walk-around with your laptop and use airsnort [shmoo.com] to get signal strengths and tweak AP location before physically installing them in the ceiling or walls or wherever. A popular thing for businesses with the removable ceiling tiles is to cut a small hole in the tile and let the APs antenna(e) point downwards in to the actual normal airspace. Of course, this typically requires running power in to the crawlspace somehow.

      • by Anonymous Coward

        I've actually had reasonable luck with AP's above the drop ceiling without putting the antennas through.

        But otherwise this is exactly how I do it. AP's are spread throughout the building, all the same SSID & WAP cred. I do use different channels in different areas, and it doesn't seem to confuse the wireless clients.

      • by Anonymous Coward

        I use gear than can run on POE when I set up something above the ceiling tile

      • by GlobalEcho ( 26240 ) on Thursday January 03, 2013 @10:16PM (#42471149)

        Be aware of any areas where a "firewall" is installed (not an electronic firewall, but a wall with extra insulation that protects different areas from spreading fire) and plan APs accordingly.

        You know a website (viz Slashdot) is geeky when quotation marks have to go around the original meaning of the word firewall.

      • by jfanning ( 35979 )

        Something that doesn't seem to have been mentioned explicitly is that DHCP has to be turned off on all access points/wireless routers. There must be only one central DHCP server for the entire network.

        But as mentioned, this is part of the spec. I only realised the same thing last year though, so it was nice to be able to remove my 4 different SSIDs from my home network and just use one.

        The only down side is that it isn't obvious which AP is in use by any particular device (g or n) or if any AP has died. But

    • Comment removed based on user account deletion
  • by Anonymous Coward

    The Airport Extreme's seem to handle this fine. I setup several using the same SSID to extend the signal.

  • Ubiquiti Wireless (Score:3, Interesting)

    by Anonymous Coward on Thursday January 03, 2013 @06:47PM (#42469159)

    I would highly encourage you to look at the Ubiquiti UniFi system. Software based centralized computer and basic APs are only $66. We're switching to them from Cisco and have been very happy.

    http://www.ubnt.com/unifi

    • by jaseuk ( 217780 )

      They are pretty good, but really work just the same way as the OP described.

      Unifi offers a pretty convenient way to monitor and configure a larger number of access points without anywhere near the cost or infrastructure required with a controller.

    • Thanks for pointing Ubiquiti's UniFi system out. I use their equipment for bridging locations together and it has been really good...
      • Argh! Their routers / bridges run Linux. Why is this software not available for Linux?
        • Not everything that runs on Linux is open source.

          • And your point is? My point is that I don't want to rely on Windoze for infrastructure tasks....
            • by hjf ( 703092 )

              I wouldn't hire anyone using the word "Windoze".

              You know, professionalism, yadda yadda.

              • Re: (Score:2, Insightful)

                by epyT-R ( 613989 )

                well, I wouldnt hire anyone citing 'professionalism' as justification for anything. Fallacious ' reasoning' is the cornerstone of passive- aggressive office politics.

        • Re:Ubiquiti Wireless (Score:5, Informative)

          by lebean ( 638838 ) on Thursday January 03, 2013 @07:03PM (#42469367)

          It's available for linux, go to the forums at their site, the UniFi section and look at any version announcement. They even have a Debian/Ubuntu repo, if you're on RHEL/CentOS you just grab a tarball and install the mongodb bits yourself.

          • Cool....
          • by hjf ( 703092 )

            I use their cameras. The cameras are OK (not awesome), but the management software just plain SUCKS. You can't schedule it to auto-delete old recordings! So you can't have a "set it and forget it" thing.

            But, their linux support is fantastic. I can't believe "apt-get install airvision airvision-nvr" JUST WORKED. Impressive.

            Oh, and their 900Mhz APs.. man, that is awesome. I have two locations 1 km apart with a couple 8-10 stories tall buildings right in the path, and I get a steady signal. At only 6mbit, it

    • Adding another vote for UniFi. I took a shot on them because they were cheap, basically a last chance for Ubiquiti as I had been burned by a lack of support on the RouterStation Pro a few years back. So far it's turned out to be a good choice. I have two customers running six APs each who are very happy with them, another rolling out nine (they're offered in a discounted three-pack, so multiples of three are a matter of convenience).

      The "controller" package is only really used for configuration, firmware

    • This.
      Just last month I picked up a 3-pack from newegg for like $130. Install took minutes and the system automatically configured and updated firmware as I deployed the APs.
      I was considering Cisco mainly because I wanted something reliable, but couldn't get myself to buy their software and certainly didn't want to battle IOS just for a few WAPs.

      If a portion of your building needs better coverage, add another. The Unifi software will automatically detect it and with one click 'adopt' it into your existing WA

  • by Anonymous Coward

    What you are talking about will work fine in smaller offices. As far as I can tell, though, there is no handover when a signal is poor, only when it is lost. The laptop will stay connected to whatever the original access point is until it can not contact it anymore. If the distance increases after initial connection and the signal becomes crappy, it won't automatically connect to a closer AP until the original connection drops completely.

    That said, Cisco does make some equipment that handles that, I believe

  • I've set a few up and it's relatively simple. Make sure they have the same SSID - Passphrase and Security type (WPA2-PSK is what i use). Just make sure you have one doing DHCP or atleast a box on your network doing it and just kick the rest into bridge mode.
  • by hawguy ( 1600213 ) on Thursday January 03, 2013 @06:54PM (#42469267)

    Is there another way to do it? I've always set office (and my home) Wifi networks up like this -- as long as the AP's are all on the same subnet, roaming among them should be fairly transparent.

    Try to use non-overlapping channels as much as possible. (i.e. channel 1 at the east end of the office, channel 6 in the middle and channel 11 at the west end). If you can't use non-overlapping channels, some tuning of power levels to prevent interference between nodes can help -- i.e. if you have a long office with 4 nodes on 3 channels: [1, 6, 11, 1] you may see better performance if you turn down the transmit levels on the two channel 1 nodes so they don't interfere with each other as much. And dual-band 802.11n can help even more both because there's more channels on 5Ghz, and because the 5Ghz signals will be attenuated more.

    In my current office, I have about 120 Wifi nodes (through a Cisco WLAN controller), all are broadcasting the same SSID.

    • by Anonymous Coward

      ubiquity. makes acess points that will mesh without a controller, they are cheap too (about $90 each).

    • You can stagger on the low bands to avoid overlapping channels, or if the machines are modern, and support N-high, then use the non-adjacent N channels for even wider, non-overlapping support. Using N-high as your propose is a great idea, and forcing users to N if their hardware uniformly supports it, will speed the hell out of the network; make sure you have sufficient backhaul for the traffic, which could get huge. Also make sure you stagger DHCP IP address ranges to help preserve sessions.

      Sadly, some RPC

  • by Anonymous Coward

    Answered already but it is build into the protocol.

    http://superuser.com/questions/122441/multiple-access-points-for-the-same-ssid

  • Old PC + pfSense (Score:1, Interesting)

    by iMouse ( 963104 )

    Why not install pfSense on an old PC (Pentium 4-class is more than enough) with a couple of NICs and the FreeRADIUS 2 module? Put the APs in bridged mode and set up 802.1x authentication.

    If you didn't want to use self-signed certs and a private CA, your only cost would be for certificate purchases/renewals. The cost is negligible if you count your staff IT hours as costing you nothing.

    • Re:Old PC + pfSense (Score:5, Informative)

      by ProfessionalCookie ( 673314 ) on Thursday January 03, 2013 @07:29PM (#42469589) Journal
      Because the power to run a Pentium 4 for 2 years would cost more than getting a modern little embedded box.
      • Because the power to run a Pentium 4 for 2 years would cost more than getting a modern little embedded box.

        It is in some countries with heavily subsidized electricity and high import tarifs.

      • by pnutjam ( 523990 )
        Then get a small embedded box, there are several x86 embedded boxes that are appropriate, alix, soekris, or something beefier with VIA or Atom. I like netgate for my embedded devices, but pfsense has some other hardware resellers listed.
    • by Anonymous Coward

      I'm an admin with several 5508 controllers. They do a whole lot more than 802.1x authentication (hands-off coverage management, rogue detection, fast roaming w/o client reauth, etc). But on a budget, FreeRADIUS is a great solution and your 1040's will support it. It's a very bad idea to use anything except WPA2-Enterprise (essentially 802.1x with CCMP) in an office environment since TKIP is broken and using pre-shared keys is a management nightmare. 802.1x gives you the ability to grant and revoke network a

  • by Anonymous Coward

    afaik you need to choose one SSID and one password for all the access point, but you should configure them to different channels so they dont interfere with each other. With this setup the client should choose automatically the best access point and roam to the next when he moves to another room.

  • by Kernel Kurtz ( 182424 ) on Thursday January 03, 2013 @07:38PM (#42469675)

    the options are limited. You can use the same SSID on the various APs (separating channels as mentioned). So long as the clients are all on the same vlan (usually a DHCP scope), it will work reasonably well. Most of the protocols are fairly forgiving. If you have WDS capability, by all means use it.

    802.1x adds complications, but if you have a RADIUS type server a WLAN controller should be a more realistic consideration.

  • Ubiquity networks provide a product line that are centrally managed and support up to 4 SSID's per access point / network. The management software is a little messy, however the access points are less that $100 each, and come with PoE injectors and mounting brackets for wall mount, or ceiling mount. A really nice clean product.
  • I'm running this configuration in a small office right now with two WRT-54GL routers running DDWRT.

    Really great setup, and works seamlessly as I go back and forth between the two offices.
    One of the wireless units acts as the router, the other acts as simply an access point and forward's it's traffic to the router over an ethernet cable.
    Super simple to setup, the only trick is to make sure that the two units are on different channels.
    The cost for both units was less than $100 and the hardest thing was having

  • It'll Just work..... (Score:5, Informative)

    by RedLeg ( 22564 ) on Thursday January 03, 2013 @08:12PM (#42470039) Journal
    It's part of the standard, and I know, cause I helped write it.

    Set the SSID the same for each AP. Set them on different channels so that the AP's don't "step on" each other's bandwidth. Roaming is a station-side (client in common usage) decision, so your PCs will automatically pick the AP with the best signal strength.

    As far as authentication goes, this all depends on the AP. All should support PSK (preshared secret keys, aka passwords) and in that scenario, set them all to the same value on each AP. The PSK should be at least 24 characters long, and the SSID for the net unique to keep the security at acceptable levels and reduce the possibility of offline dictionary attacks against the PSK.

    Assuming the APs support it, Enterprise grade authentication with individual per-user passwords is within reach at little to no cost. You can tie into Active Directory or set up a free AS (Authentication Server) using FreeRadius on a linux box. The definitive reference for doing this with an MS server is a book titled "Deploying Secure 802.11 Wireless Networks with Microsoft Windows". Make sure you check for updates to the book online, and there is an appendix which details how to set it all up in a lab environment, which will let you prove principle without screwing with the production network.

    Google around and you will find loads of information on how to do this with Open Source, the key articles being some from Linux Journal from about 6-8 years ago.

    Hope this Helps......

    • by kriston ( 7886 )

      Perhaps you can help clear up a debate that has been happening on and off for years.

      Is it really necessary to space the channels so far apart? It seems to be a conventional wisdom that flies in the face of the intent of the standard. Sure, the spectrum does overlap somewhat, but isn't the protocol and the air interface designed to handle this situation gracefully?

      It sure does in the city where we have multiple APs coming in five-by-five on each and every channel.

      Thanks in advance!

      • Perhaps you can help clear up a debate that has been happening on and off for years.

        Is it really necessary to space the channels so far apart? It seems to be a conventional wisdom that flies in the face of the intent of the standard. Sure, the spectrum does overlap somewhat, but isn't the protocol and the air interface designed to handle this situation gracefully?

        It sure does in the city where we have multiple APs coming in five-by-five on each and every channel.

        Thanks in advance!

        The collision avoidance protocol works most efficiently when the devices sharing the spectrum are on the same channel. Having to content with partially overlapping interferes is not going to improve the spectrum usage.

      • by Maow ( 620678 )

        Perhaps you can help clear up a debate that has been happening on and off for years.

        Is it really necessary to space the channels so far apart? It seems to be a conventional wisdom that flies in the face of the intent of the standard. Sure, the spectrum does overlap somewhat, but isn't the protocol and the air interface designed to handle this situation gracefully?

        It sure does in the city where we have multiple APs coming in five-by-five on each and every channel.

        Thanks in advance!

        I am not expert, but I do believe that the channels are kept apart by as much as possible because any given channel can use enough bandwidth to overlap a couple channels next to it. Hence having as big a gap allows best utilization of each channel.

        Wikipedia's Wifi Limitations section [wikipedia.org] explains it better:

        A Wi-Fi signal occupies five channels in the 2.4 GHz band. Any two channels numbers that differ by five or more, such as 2 and 7, do not overlap. The oft-repeated adage that channels 1, 6, and 11 are the onl

    • Just a humble question since you seem to know the standards: if all APs have the same SSID but have each a different MAC address (which of course is the case by default), won't the clients require to enter the (same) password for each AP?
      Or in other words, is the SSID enough to ensure an AP "unicity"? (and having all APs with the same SSID makes clients "believe" they access the same point)
      • by nateb ( 59324 )
        Client sees the same network it was just on on a different channel and tries the same credentials. Bingo, everything works! Problem solved from that perspective..
  • by Above ( 100351 ) on Thursday January 03, 2013 @08:16PM (#42470075)

    Controllers came well after AP's were invented, so people had to solve this problem for years without them as an option at all. Multiple AP's sharing the same SSID and key is exactly how the standard was designed, and was the best practice for deployment for many years. The short answer is, it works great, and is how you should be deploying.

    For the long answer, you have to understand what happens when a user needs to switch AP's, and how the controllers improve that process. When a client wants to switch from one AP to another it must dissociate from the first, associate with the second which includes exchanging new session keys, gratuitous ARP to inform the L2 network, and then carry on. This process typically takes between 100-500ms, depending on the client, AP, and random luck. For most users doing most things this is all fine, if you're browsing the web and chatting on IM it's a non-issue.

    However, for some clients like VoIP phones and video chat a 100-500ms pause is a disaster. Enter the controller solution. The WiFi protocol was divided between things that require hardware (transmitting at the right time, rf modulation, etc) and things that were all in software, just on the AP like exchanging key material. The hardware kept doing the hardware things, but the software activities were moved to the controller. The advantage is that the entire session does not need to be torn down, the radio can switch AP affinity (BSSID) while using the same key material since the key material is tunned back to the controller from both AP's. A client can now switch AP's in 10-50ms, which for most VoIP apps and video conferencing means seamless connections.

    Note to the pedantic: yes, there are some other details, controllers enable triangulation features and some other RF analysis, there are a few protocol nits I omitted, and this omits a lot of important design considerations like proper AP placement and channel selection.

    Now, go back to the requirements. If you don't deploy WiFi VOIP phones, and don't have other real time streams, controllers may be a total waste of your money. If the goal is to get users e-mail and web access when sitting in the conference room or courtyard, vendors are selling something not needed when they push controllers.

    Second note to the pedantic: Controllers can make networks scale better, so if you're deploying 25+, or more likely 100+ AP's my previous paragraph doesn't apply, but that's not what most people reading this are doing.

    So to the OP, yes, put them on the same channel. For less than 10 AP's with no real time requirements it is the best practice, and a perfectly valid way to deploy a WiFi network. A controller may be able to get some advanced features (auto-channel management, threat detection, triangulation), but in most small businesses they are features that would rarely if ever be used. There are thousands of WiFi networks deployed without controllers that work quite well. Do read a good document on how to place AP's and select channels, you'll want to use non-overlapping channels in a grid pattern and try and get it to where clients can always see 2-3 AP's, no more, no less.

    If you really want a controller, there are some lower cost options than the big players. Ubiquity has a nice solution in their UniFi line, and Netgear now offers an appliance based controller. Aruba has several mid priced offerings. They don't all have the features of say high end Cisco gear, but offer a lower cost solution.

    • I'm with you right up to using the same channel. Hell no! This is suicide. Avoid co-channel interference.

      Lay out your wifi install and figure out your channel plan. Survey for placement. I have several sites where RRM did a horrid job, and I've had to statically assigned channels to get performance up. Cisco design docs are available, google is your friend [cisco.com].

      While WPA2/PSK works, and I use it at home for a 3 AP network, you actually can get faster roaming using 802.1X with key caching between APs.

      Many client

      • by Above ( 100351 )

        Oh crap, totally missed that in my proof reading. It should have said "put them on the same SSID", not channel.

        I 100% agree that a proper channel plan is necessary using non-overlapping channels. And you're right that 802.1x caching can help.

        Folks, mod up, not down the AC post I'm replying to, he's right and I made an important typo.

  • by Lumpy ( 12016 )

    Why write off a proper wireless network right away?

    http://www.ubnt.com/unifi [ubnt.com] I can put in a 4 AP managed system with a cheap PC as the controller for less than the cost of ONE stand alone Cisco AP.

    Plus it's better quality that anything you can buy from Dlink, Cisco, etc...

  • as everyone's stated, what you've done so far is correct.. IMHO, controllers are well worth the money - though shop around, cause (again, IMHO) juniper and cisco are way too expensive for what they are.

    What a controller will give you is a unified simple way of managing it all. I.e. configure it in one spot rather then every AP. They also often include things like portals, authentication services and firewalls. I.e. a central CA for using certificate based auth, a captive wifi portal for open access points t

  • I did it with cheap Linksys APs once. All I did was to see the SSID to be the same on all three Linksys APs but with different channels broadcast channels. I was then able to seamlessly transition from one AP to the next hoping from one to the other with no issues.
  • Multiple AP with same SSID just works, and moving client switch from an AP to another smoothly. You just have to take care about channels used by your AP: try to have as few overlap as possible.
  • I am not able to install a controller based Wi-Fi solution in my office due to cost...

    Yes, you are.

    Check out UniFi by Ubiquity Networks [ubnt.com] - they're cheaper than you think (in the same ballpark as premium consumer wifi gear) and the controller is a software instance you can run on just about anything. Management is through a web browser and is dead easy.

    The wifi networks have great throughput, the Pro access points have 3x3 MIMO, and they're stable and reliable.

    You also get some other good features, such as traffic analysis and reporting, a captive portal for guests that can either use tickets

  • Why not considering using Aruba instant solution? http://www.arubanetworks.com/products/instant/ [arubanetworks.com]
    • by johu ( 55313 )

      In my opinion this is only good solution proposed so far. With Instant one gets most benefits of controller based solution without actually purchasing controller.

  • We've started using Open-Mesh https://www.open-mesh.com/ [open-mesh.com] . It's cloud controlled which means the AP require internet access. It's also a mesh so it can be used for areas without a network connection or the mesh can continue working in the event a line does dead. For our budget conscious clients it definitely fits the bill.

  • You could have a look at FortiWifi ( http://www.fortinet.com ).

    A FortiWifi that acts both AP and controller and additional Forti AP's to get the coverage needed.

  • You can try ubiquiti solutions. They provide controller which you can install on any PC (Linux or Windows) and run cheap APs. We do it for our hotspots and it works great

  • Use OpenWRT assuming you have compatible wifi routers, then you can set up seamless single-SSID with ease.

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...