From the course: CompTIA A+ Core 2 (220-1202) Cert Prep

Enterprise wireless

From the course: CompTIA A+ Core 2 (220-1202) Cert Prep

Start my 1-month free trial Buy for my team

Enterprise wireless

- Setting up a wireless network in an enterprise environment is very different, but also very much the same as it would be within a small office or a home office. You still have SSIDs, you still have encryption WPA, WPA2, none of that stuff changes. The bands are there, the versions of 80211 are there, but it gets a little bit bigger. One of the big differences we have in an enterprise environment versus a small office home office is we tend to use dedicated wireless access points. These are real WAPs, these are not routers, they're not switches. All they are are wireless access points. And we tend to have lots and lots of these wireless access points laying around. Now, if you've ever looked at the walls, and if you're a nerd, you're going to start looking at walls a lot. One of the things you go, "Hey, I see these wireless access points laying around, but they don't have any AC adapters." Well, there's a very good reason for that, and that's because the vast majority of these types of devices are what we call Power over Ethernet, in that these devices actually get their electricity from the ethernet cable that they connect to. In order to take advantage of power over ethernet, number one, you have to have devices that are POE capable. And you got to be careful here. There's two versions of POE. There's first generation PoE and PoE+. PoE+ provides a lot more electricity for individual devices. So you have to have either PoE or PoE+ wireless access points. You need a good chunk of cable. And here's the big one, you have to have a PoE switch. So this switch has to be designed to actually send out not only all the communication, but also the electricity. So you'll see these switches that are PoE or PoE+. PoE+ is very dominant these days. And if you run into PoE, it's a rare thing. The nice part about PoE is that you don't have to plug any of your access points into a wall. Now, if you don't have a PoE switch, you can use something like this. This is a POE injector. I can plug an AC adapter into this. I can plug this into my switch, and then plug the other end into a PoE wireless access point, and I get the same benefit of having an actual PoE switch itself. Okay. Now, once you've got this configured, and whether you're using PoE or not, in an enterprise environment, a few things change. The first thing that you really start needing to talk about is "where are my wireless access points and their antennas going to go?" So let's draw up a little diagram using, this is more of a heavy duty enterprise tool that's going to be helping me figure out where to put my WAPs. So here's a typical office environment. I've got a really big office on one side, I got this long hallway, and then I have some small offices on the other side. Where we place WAPs can really be important. So like for example, do I want to provide coverage in the hallway? If that's the case, I'm probably going to put very directional antennas on one or both ends of this to provide coverage. Remember, they provide a big, long narrow football shape. If I want to do individual offices, I could put a dipole right in the middle. But another alternative is just to put patches on one side. And that way, with patches, it's putting out information out into the room, but it's not sending stuff outside where other people can get ahold of it. In larger areas, I might want to just consider using dipoles or omnis. Depending on the actual coverage of the space, that will give me some idea of how much coverage I actually need. Now one of the things you can do, and again, this is with more enterprise type wireless analysis tools, is you can actually start placing wireless access points and they'll do what's called a heat map. So let's put some heat on this. So you can see where the red is, that's where the highest coverage is, and then it dissipates out in a rainbow, giving you a good idea of where you might have dead spots or spots that are actually shooting out outside of what you're interested in providing wireless coverage to. Now, I need to warn you, the type of wireless analysis tools that do stuff like this are not free. You're going to be spending a couple of grand on something like that. Or actually, more often than not, you're going to be hiring wireless professionals to come in and they're going to go ahead and do a really aggressive site survey with heat maps and all this stuff to help you get not only your wireless access points, but the types of antennas placed in the right spot for your environment. The other big change that takes place when you go from Soho Wireless to Enterprise Wireless is AAA. Tripe A stands for Authorization, Authentication, and Accounting. What we're talking about here is basically you're going to be using WPA2, but you're not going to be using personal shared key. What you're going to be using are either RADIUS or TACACS+ boxes that will actually provide the authentication you need. So when someone logs into a network, they're not just going to suddenly know the private shared key. Their client is going to make them sign in with a username and a password, and assuming they get that, then they're assigned their WPA2 information, and they're in good shape, and then they actually connect. So when you're talking about triple A, you're talking about very, very aggressive authentication and authorization to make sure, we don't want just anybody jumping on this. And you could add things like smart cards and all kinds of extra stuff, but in general, it's usually just a username and a password. Now, if you're go through all this, you still have to go through the process of configuring your wireless access points. So what I've got right here is I've got two wireless access points, and I went ahead and figured out what their IP addresses are. Most of the time when you get enterprise level WAPs like these, they're going to come with this, and you basically plug any computer into this switch and it will go out and query them as a group. In this case, we're going to do them individually. All right, so here I am in one of these two wireless access points. First of all, the big thing you're going to notice, there's nothing in here but wireless. There's not going to be any firewall settings or DHCP servers. That's not what these are for. It's just a WAP. So I've got a quick summary here. And I can check my LAN status, for example, I can see what my IP address is. By default, Gateway, all that type of stuff. Got my wireless status, right now I don't have anything turned on. It's all turned off for the moment. And obviously I won't have any wireless clients. So I could do a quick start, but what fun is that? Let's go to Configuration. Now the first thing is, is I'm going to have user accounts. These are accounts that can actually log in and do stuff to these wireless access points. So for now, I'm just going to keep the default, which is admin, admin, but you would normally change this. So the next thing I'd be doing on the LAN side is I'd probably want to give it some kind of descriptive name, because if I have 500 of these, I'm going to want some kind of name that helps me remember all of them. Now, the other thing we're going to do is probably set static IP addresses. I'm going to leave it as DHCP for right now, but if these were my wireless access points, I would start, for example, 10.11.12.10.11.12.13. I would have a bunch of these all preset on static IP addresses, 'cause I don't want this address to change at any time. Now on the wireless side, a lot of this stuff should look pretty familiar. Let's go ahead and set up a basic SSID. So I've got a radio one and it says N-Only, G-Only, B/G and N. So we know just because we know our different 80211 extensions that this is a 2.4 gigahertz radio. So what I'm getting ready to do is set up SSIDs for each one of these individual devices, but that rarely happens in an enterprise environment. In an enterprise environment, what we're setting up is called an ESSID. An ESSID is a single SSID name, whatever you want to call it, we can call it "mike24," "mike50," but it's the same SSID on all of the different WAPs. If you set up the same SSID on a bunch of different WAPs, and if all these WAPs plug into the basic same local area network, you'll create an ESSID and magic things happen. For example, by setting this up, I could be closer to this WAP, and I'll be connected there on my Google or whatever, but as I walk across campus or whatever it might be and get closer to this one, it will automatically hand off. I don't have to do anything. There is nothing to configure. It just works. And I'll just pick up from this guy right here as though I never disconnected from anything, there is actually a millisecond handover, but it's really, really quick. So the secret to an ESSID is make the same SSID on all of the different devices, and make sure they're all a member of the same LAN. Got the idea? Okay. 'Cause we're going to do this the hard way first, then I'm going to show you an easier way. So I'm going to enable this one, and because I know this is the 2.4, I'm going to call it "mike24," and I'm going to broadcast it. Now, here's another setting I want you to be aware of. This is called isolation. In a wireless isolation, what's taking place, normally at a wireless network, if you've got your network discovery turned on and stuff, you can share folders and files and do anything you want. It works great. However, if you do isolation, what's going to take place is that the only computer on the network your wireless colleagues can talk to is the actual wireless access point. They won't even be able to share folders or files. They wouldn't be able to ping each other. So it's a really powerful way, if you want like a coffee shop, where you want people to be able to get on the internet, but you don't want them passing folders and files. So isolation is very convenient. And we can set this up to be on a particular VLAN. I'm going to leave it at the default from here. You can even set the maximum number of clients. So I'm going to go ahead and save this. Now I'm going to go over to radio two. So I instantly know that this is my five gigahertz radio.

Contents