Steps to improve your wireless network by asafwewe


More Info
									Steps to improve your wireless network
Wireless equipment has developed and improved very quickly in the last few
years. Many schools have a mixture of old and new wireless hardware
(laptops and access points) resulting in wireless networks which do not work
optimally in terms of performance and security. Older hardware is preventing
the adoption of modern features. This document is to help plan the steps
towards modernising your wireless network both from a technical and a
financial planning perspective.

The Steps
Audit all wireless equipment
List all wireless equipment at the school. The list should include both access
points and wireless laptops. Include the following details. Make, model,
approximate purchase date. The technician should additionally find out the
driver date (laptops), operating system (laptops) and firmware version (access

Operating system and service pack level
Where ever possible restrict wireless access to computers with Windows XP
service pack 2.
Windows XP has build in wireless support which avoids the need for 3rd party
proprietary software. This will lower the cost of ownership because system
administrators will be able to benefit from automated configuration
(particularly propagation of security setting by USB key or by group policy).
Upgrading laptops from Windows 2000 to Windows XP is not always a
practical option and should not be viewed a necessity.

Update firmware on access points and drivers on laptop
New firmware and drivers will generally give better performance and support
for more up-to-date security features.

Replace old hardware
Older laptops with built in wireless should be replaced in the following
    1. The performance is poor when encryption is configured.
       This may be necessary because older equipment tends not to have
       sufficient processing power to handle the encryption. Ensure that the
       latest drivers and firmware have been applied before testing.
    2. There is only support 102.11b and not 802.11g.
       Be aware that PC card or USB wireless cards can be purchased rather
       than replacing the laptop. If this is done the old access point should be
    3. There is no support WPA or WPA2 encryption. In this case the
       hardware may not need to be replaced immediately but plans should

      be made to replace them when the schools access points are set to
      WPA security (see notes on access points below).

Replace old access points
Access points that do not support WPA or WPA2 security should be replaced.
If this can not be done immediately it should be planned and scheduled for the
near future. The previous wireless encryption standard called WEP encryption
is flawed and can be hacked, it also has interoperability issues. If your school
is still using WEP encryption see document………

Remove backwards compatibility for 802.11b
Once all legacy 802.11b equipment has been removed from your wireless
network configure access points and wireless access cards on laptops to
support 802.11g only. Although the 802.11g standard is “backward
compatible” with 802.11b there is a large performance overhead to achieve in.
By switching to “g only” mode there could be a performance boost to your
wireless network.

Install Windows XP WPA2 patch
Windows XP Service Pack to does not support WPA2 security until an update
has been applied. It a good idea to install the update even if your school does
not yet use WPA2 security. Details of the update and a link to the download
are found at:

Update encryption configuration on access points and laptop
WPA2 is the true standard for wireless security (otherwise known as 802.11i)
but it took many years for the standard to be ratified (finalised in June 2004).
In the meantime, and even to the present, manufacturers produced equipment
to a less formal but nether-the-less perfectly good security standard called
WPA. You can find out which of the 2 security standards are supported on
your equipment by checking out the WiFi certifications on this web site:
Set up encryption on your schools wireless access points to WPA2 if you are
certain that all your equipment is compliant. If all your equipment is not WPA2
compliant or you are not certain then set the encryption to WPA. Both WPA
and WPA2 have 2 modes called Enterprise or Personal (pre-shared key).
The Personal mode is sufficient for primary schools. For further configuration
notes see the document Standard Wireless Configuration for Schools ICT.

Remove unnecessary security settings to improve performance
The following non-standard security settings will not improve security over
WPA(2) and should be removed to improve performance and for ease of
       MAC filtering – allows specific hardware addresses to connect
       Disable SSID broadcast – makes the wireless network invisible to
       unconfigured clients

Consider future needs when purchasing new equipment
There are some clear trends emerging which will help give general guidance
on the type of equipment to buy. The notes below are generalisations which
should be taken in balance with a schools specific needs.
   • Buy WPA2 certified wireless equipment
   • Do not be tempted by claims of fast wireless access. There is no point
       trying to achieve this until the 802.11n standard has been ratified an all
       your equipment is certified. Any wireless access that currently claims
       to be faster than the 54Mb per second standard will be using
       proprietary modification to the protocol and should not be used.
   • If planning for future school-wide wireless coverage buy access points
       and laptops that support both 802.11a and 802.11g standards which
       use different radio frequencies. These products are often labelled
       a/b/g or dual band or tri-mode.


To top