Your challenge: Design a campus-wide cellular communication system. This demanding but manageable task requires an understanding of how 802.11 radios work, the differences between vendor implementations, and the effect of varying building structure elements and sources of external interference.

You'll also need to think about core network services--including IP address management, authentication, encryption, access control, accounting, and maybe even quality of service down the road a bit--that must be delivered to wireless users.

Radios and Rabbit Ears

Radio has been around for more than a century. A current in a wire is transformed into radio waves and transmitted through the air, where it is received by other radios. On WLANs, every device is a transceiver, capable of both transmitting and receiving radio signals. By employing any one of a variety of radio modulation schemes--essentially, playing around with the shape of the individual 2.4-GHz sine waves--we can use radio to transmit digital information. Unfortunately, predicting the behavior of a specific WLAN system in a specific environment is challenging.

Approximate Spectral Placement of 802.11 Channels Click here to enlarge

Using identical components, effective system range may be well over 100 meters in one location and less than 50 meters in another. A number of variables, including building layout, construction materials and noise sources can all affect transmission range. Experienced WLAN designers can walk into a building, give it a once-over and make educated guesses about how the system should be designed. For the rest of us, it's trial and error. Fortunately, site-survey tools available from most enterprise-oriented vendors have improved significantly over the past several years, letting you customize an RF system.

Some people consider the range limitations of radio to be a big problem, but in fact it is the main ally of a wireless-system designer. That's because range limitations let you reuse frequencies, just like you do with conventional wireless services like FM radio. For example, the FCC awarded a license to WAER FM in Syracuse to operate at 88.3 MHz. A different station is likely reusing that frequency in your locale. In the case of 802.11b WLANs, the resource consists of 83.5 MHz of bandwidth. As shown in "Approximate Spectral Placement of 802.11 Channels", designers usually work with channels 1, 6 and 11--three non-overlapping channels--to maximize bandwidth.

In other words, you could theoretically install three APs (access points) in a room, each transmitting and receiving within a distinct range of frequencies, with no interference to one another.

802.11 Overlapping Cell Design Click here to enlarge

In some some rare circumstances, you might want to install three APs in a single room to take advantage of the greater aggregate bandwidth, but in most cases, there's a different challenge. Assume a building requires 21 APs to deliver service to all users, and seven APs are installed on each of the three non-overlapping channels (1, 6 and 11). You need to ensure not only that cells overlap (to avoid dead spots), but you must also make sure that an AP on Channel 6 isn't interfering with another access point in the building that's also operating on channel 6. "802.11 Overlapping Cell Design" shows a sample cell layout that ensures full coverage while avoiding interference.

Of course, providing full coverage while avoiding interference is much easier to do on paper than in real life. In the real world, you need to think in three dimensions and factor in the possibility that a cell on the first floor will interfere with a cell on the second floor. This limitation in the number of available channels at 2.4 GHz is one of the primary appeals of 802.11a, which offers eight non-overlapping channels at 5 GHz, though cell diameters usually are smaller.

Designing a Cell Plan

Laying out individual coverage cells can be time-consuming. Start with building plans and make some rough estimates about coverage based on raw distances and the configuration of workspaces (particularly whether there are cubicles or closed offices). You might, for example, work with 100-foot radii that would each require an AP, and sketch out some locations. Then it's time to head into the field, equipped with appropriate tools.

Most WLAN vendors offer site-survey utilities that let you temporarily install APs and measure signal levels at various locations. Because you are focusing exclusively on the RF design, you do not need an active Ethernet connection to the AP to do this work. However, do consider the feasibility of running Ethernet to the various possible AP locations, since you will need to do this eventually. You may want to select a product that supports "power over Ethernet" so you won't need to provide 110-volt power outlets for each AP. Although many of these systems are proprietary, the IEEE 802.3af Power over Ethernet standard should be completed later this year (see "IEEE P802.3af DTE Power via MDI Task Force").

Because it's awkward to operate a notebook computer while moving around, a Pocket PC device makes a great survey tool, though the power and flexibility of the underlying site-survey applications may not be particularly mature. If you use a PDA for site surveys, we recommend picking one that accepts standard PC cards (the Compaq iPaq is a popular choice) because these will likely be the most commonly deployed radios. We like to test with Agere Orinoco, Symbol Spectrum24 and Cisco Aironet NICs to get a representative idea of coverage patterns. Some professional installers carry gel-cell DC batteries and DC-to-AC power inverters with them so they can position access points in virtually any location, even if an AC outlet is not nearby.

Microcell Design With Interface From a Single High-Power Client Click here to enlarge

Note that some APs and NICs can be configured to reduce the output power of the radio, effectively shrinking the RF cell radius and reducing user contention in high-density environments. However, you can't control the output power on all 802.11b products, so this microcell design can get tricky. Unless you are in a position to strictly enforce the wireless devices used on your network, a single rogue device could wreak havoc. "Microcell Design With Interface From a Single High-Power Client" shows a microcell design with all APs transmitting at 10 milliwatts. A single client device operating at 100 milliwatts can effectively interfere with multiple cells.

Pass the Doughnuts

Another important variable to consider is the type of antenna. Antennas usually provide signal gain by radiating RF signals in a predictable beam pattern. For example, the antennas shipped on most APs are omnidirectional, which means that the antenna will transmit a 360-degree beam width in the rough shape of a doughnut, where the antenna pokes up through the hole in the doughnut. Thus, if you install an AP with an omnidirectional in the corner of a building, it will radiate along adjacent hallways as well as out to the parking lot. Note also that the alignment (polarization) of an omnidirectional antenna can affect its transmission pattern--think about turning the doughnut on end.

Some vendors, including Cisco and Symbol Technologies, offer a variety of antennas. These antennas may provide additional gain--thereby increasing range--by altering the direction and beam-width of the radio signal. Patch antennas, for example, may radiate signals using an 80-degree beam width instead of the 360-degree beam width of an omni. Other antennas, like ceiling mounts, are not designed to provide additional gain but rather to blend into the physical environment, with the AP typically concealed above the ceiling. In designing a campus WLAN, be aware it may not be legal to purchase APs from one company and configure them with third-party antennas. This is because when vendors submit their products for FCC certification, they include an antenna, and it is the combination antenna-AP or antenna-NIC the FCC certifies. That's another reason why it makes sense to purchase APs from a vendor that provides multiple antenna options.

Beyond RF

Some might argue that the site survey, though technically complex, is the easy part of designing a WLAN. The tougher challenges are assessing and meeting bandwidth requirements, ensuring security, and implementing an appropriate management infrastructure. Again, these are the same issues we have wrestled with on conventional LANs for years, but enterprise-class solutions just aren't as readily available for WLANs.

First, you need to determine how much bandwidth is needed throughout the physical environment, paying particular attention to the density of users and typical per-user bandwidth requirements. For example, in conference rooms and classrooms many users will contend for access on the same radio channel. Think smaller cell sizes. On the other hand, in a warehouse where only a few users share a vast space, you want to have as large a cell size as possible. Think high-gain antennas.

Unfortunately, the number of concurrent users is only one factor driving bandwidth requirements. The other is the bandwidth intensity of the applications and the relative "burstiness." That's not only difficult to estimate at the outset, it's even more difficult to project. If there's any good news, it's that the two most common WLAN applications--e-mail and Web access--are not tremendously bandwidth intensive and are very bursty.

So in most environments, a single 802.11b channel, which typically provides effective aggregate throughput of about 6 Mbps, can support 30 to 50 users, maybe more. In essence, we're back to the old days of shared-media Ethernet, so bandwidth monitoring will be important.

If specific applications are critical, you may decide to select an AP that allows some level of traffic prioritization. Third-party products can provide more flexible traffic shaping, though this can add significant cost to the implementation.

Putting It Together

Once you've studied the RF characteristics of the campus, evaluated bandwidth requirements and laid out your AP-cell design, you need to figure out how to integrate the WLAN with the existing wired network. This has both technical and policy dimensions.

On the technical side, you need to develop a security plan and figure out how to tie the access points to the LAN switching infrastructure, factoring in the management of IP addresses and application roaming requirements. The security strategy should consider authentication, privacy, access control and accounting. Some WLANs are wide open; others need to meet high security standards. Most of the major vendors, including Cisco, Agere, Proxim and Symbol, offer their own security frameworks that, while based on open standards, may lock you into that specific vendor's APs and NICs. You also can consider third-party management and security products Bluesocket, Columbitech, Ecutel, Funk, NetMotion, NetSeal, ReefEdge, Vernier and others. Finally, many organizations use standards-based VPN gateways and VPN clients on all mobile devices to provide a security overlay on their WLANs.

How you tie APs into your existing network infrastructure will depend a lot on its architecture and the capabilities of the existing Ethernet equipment. For example, if you have lots of bandwidth and fairly advanced Ethernet switches, you might establish wireless VLANs--maybe even a single wireless VLAN--to more easily manage addresses and to enforce security policies. The wireless VLAN can then be separated logically from the campus wired LAN, and policies can be developed that determine who can cross that boundary.

The downside to the campus-wide wireless VLAN design is the same as any flat network: Performance may degrade as a result of excessive broadcast traffic. On the positive side, it addresses one of the most challenging aspects of campus WLAN design: how to facilitate roaming users. With a flat network, users maintain a single IP address. However, when WLANs are associated with IP subnets, roaming will be more challenging. If your primary need is to provide portability so notebook users can move between subnets, it might be reasonable for them to simply restart their machines (or renew their DHCP leases) to get valid IP addresses in each location. However, if mobility is a key requirement, think about deploying a system that facilitates this requirement. NetMotion, for example, serves as a proxy server for all WLAN traffic, thus facilitating roaming. Other solutions use Mobile IP or customized VPN capabilities to accomplish similar goals.

The policy issues are linked with the technical. First, determine who in your organization is authorized to deploy a WLAN. In many enterprises, policy will dictate that APs must be installed and maintained by the IT department, which will be held responsible for their operation. Other organizations may be more permissive of departmental systems. In many respects, it's similar to the trade-offs we faced in the days when staff members hooked modems up to their office PCs and dialed in from home. Security-conscious organizations generally rejected this as a breach of security.

You're Not Done Yet

Many organizations do an excellent job designing their WLANs but don't give enough thought to ongoing maintenance and troubleshooting. If your goal is to provide four-nines reliability, you'll probably need to invest in some additional hardware and software.

First, think about how you're going to manage hundreds of access points. Configuration of APs in an enterprise environment needs to be automated. Some AP vendors, including Proxim, design their systems with this in mind. Others, including Agere and Symbol, provide management software to accomplish that goal. In some cases, you may find it valuable to turn to third-party systems, such as Wavelink's Mobile Manager, for added functionality or to integrate APs from multiple vendors under a single management framework.

Monitoring and troubleshooting tools are also critical. If you've had occasion to use a protocol analyzer on your Ethernet network, you'll also need a version for your WLAN. Capable products are available from Network Instruments, Sniffer Technologies and WildPackets. You may also find it desirable to acquire a spectrum analyzer to troubleshoot RF problems. High-end spectrum analyzers, which may cost $20,000 or more, are available from Agilent and Tektronix. Lower-priced systems designed specifically for WLANs are available for less than $3,000 from Avcom-Ramsey.

Sometimes it makes good business sense to buy a lower-end spectrum analyzer. After all, it's not likely to be a tool you use every day, and you may not need all the advanced features of a high-end unit. But over-economizing on campus WLAN design is, in general, a bad idea. Take the time to thoroughly understand the issues and select products from reputable vendors. Cutting corners may save you a few dollars today, but the cost of reduced productivity will be a price you'll pay tomorrow.