Regardless of what WLAN vendor you have, there are 13 things you should be doing with your WLAN.
- Disable 1,2,5.5,11 data rates – just make sure you’re REALLY done with 802.11b (hey, 1992 called, they want their barcode scanner back)
- No more than 4 SSIDs active per radio – Any more and you’re creating interference for yourself.
- Turn on the multicast functions for all cases – Make sure it’s configured! If you don’t your multicasts will go out as broadcasts and everyone suffers.
- Mobility group (same name) should be 15 controllers or less – It should cover only the RF roaming space. No need for messages from one campus to flow to another.
- Have a low radius timeout depending on usage scenario (not a general change) – Tends to speed up authentications.
- Internal DHCP servers (on controllers/AP’s) shouldn’t be used – They just don’t scale well. (Great for a lab, however.)
- Don’t use local EAP – Does not scale well on larger networks.
- Recommend to change EAP retries to 4, timeout to 400ms – This speeds up the failure if someone types the wrong password.
- Minimum RSSI to –80 for rogue AP’s – Who cares if I can hear someone across the street. It’s not a “rogue”.
- Disable all rogue auto contain settings – unless absolutely needed for security reasons
- Enable Application Visibility – Even if you’re not building a policy for QoS or restrictions, at least it’s there for troubleshooting.
- Enable Fast SSID – Especially for Apple Clients
- Enable CleanAir if you have AP’s that are capable – Take advantage of this feature.
How did you stack up?
Marketing (normally) (well…sometimes) does a good job pointing out NEW features, neglecting some of the cool things that sets Cisco apart from the rest. Here’s 7 that may already on your network you may not know about.
The AAA Override option of a WLAN enables you to configure the WLAN for identity networking. It enables you to apply VLAN tagging, Quality of Service (QoS), and Access Control Lists (ACLs) to individual clients based on the returned RADIUS attributes from the AAA server. This feature has been around since the beginning. Details here.
Radio Resource Management (RRM)
The Radio Resource Management (RRM) software embedded in the controller acts as a built-in radio frequency (RF) engineer to provide consistent, real-time RF management of your wireless network. RRM enables controllers to continually monitor their associated lightweight APs:
- Traffic Load – the total bandwidth used for transmitting and receiving traffic. It enables wireless LAN managers to track and plan network growth before client demand.
- Interference – the amount of traffic coming from other 802.11 sources.
- Noise – the amount of non-802.11 traffic that is interfering with the currently assigned channel.
- Coverage – the receiver signal strength indicator (RSSI) and signal-to-noise ratio (SNR)for all connected clients.
- Other – the number of nearby APs.
RRM Powered by CleanAir Technology
CleanAir technology delivers a systemwide solution that improves air quality with silicon-level intelligence to create a self-healing, self-optimizing wireless network that mitigates the impact of wireless interference and offers performance protection for 802.11n networks.
Bonjour Services Directory
Following best practices, a WLAN is never on the same subnet as our wired client subnet. This fundamentally breaks Bonjour. Bonjour is Apple’s service discovery protocol which locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.
Bonjour Phase 2 for 7.5 release is an enhancement to Bonjour features introduced in 7.4 release. Bonjour feature includes the following: Location Specific Services (LSS) for wireless service, mDNS-AP (enhance VLAN visibility at WLC for non-layer 2 VLANs), Priority MAC support, Origin based service discovery, Per-service SP count limit is removed, Bonjour browser, Bonjour SSO, Bonjour debugging
Application Visibility (and Control)
This feature was added in 7.4 and enhanced in 7.5. Details here.
Client Stateful Switch Over
The new High Availability (HA) feature (that is, AP-SSO) set within the controller version 7.3 and 7.4 allows the AP to establish a CAPWAP tunnel with the Active WLC and share a mirror copy of the AP database with a Standby WLC. The APs do not go into the Discovery state when the Active WLC fails and the Standby WLC takes over the network as the Active WLC. There is only one CAPWAP tunnel maintained at a time between the APs and the WLC that is in an Active state.
Release 7.5 supports Client Stateful Switch Over (Client SSO) in Wireless LAN controllers. Client SSO will be supported for clients which have already completed the authentication and DHCP phase and have started passing traffic. With Client SSO, a client’s information is synced to the Standby WLC when the client associates to the WLC or the client’s parameters change. Fully authenticated clients, i.e. the ones in Run state, are synced to the Standby and thus, client re-association is avoided on switchover making the failover seamless for the APs as well as for the clients, resulting in zero client service downtime and no SSID outage.
With this new feature Cisco has introduced a new part number for several controller models. This part number is much lower cost and will only act as an AP or Client SSO HA controller.
Client Load Balancing
When a wireless client attempts to associate to a lightweight access point, association response packets are sent to the client with an 802.11 response packet including status code 17. The code 17 indicates that the AP is busy. The AP responds with an association response bearing ‘success’ if the AP threshold is not met, and with code 17 (AP busy) if the AP utilization threshold is reached or exceeded and another less busy AP heard the client request.
For example, if the number of clients on AP1 is more than the number of clients on AP2 plus the load-balancing window, then AP1 is considered to be busier than AP2. When a client attempts to associate to AP1, it receives an 802.11 response packet with status code 17, indicating that the access point is busy, and the client attempts to associate to a different access point.
Variables totally configurable. This feature was added in 5.0 code and enhanced several times since. Look here for detail.
Enable Lower Data Rates Only (and other RF tweaks) for Certain AP’s
SIP Snooping and Preferring Calls to a Certain NumberThe Preferred Call feature enables you to specify the highest priority to SIP calls made to some specific numbers. The high priority is achieved by allocating bandwidth to such preferred SIP Calls even when there is no available voice bandwidth in the configured voice pool. This feature is supported only for those clients that use SIP-based CAC for bandwidth allocation in WCS or WLC. Works in 7.0 or newer code. Look here for detail.