Saturday, April 26, 2014

High Density Wi-Fi on a Cisco Controller

This blog post applies to those of you who wish to deploy High Density Wi-Fi in your environment.  This is not meant to replace "professional services" – if you are a large sports venue with 75,000 seats, this blog post is not for you.  If you are a smaller environment – such as K-12, University or other college and wish to take a stab at it yourself, please continue reading.

Many of these ideas have been gleaned from the plethora of HD Wi-Fi deployment guides freely available to you on the Internet; Aerohive, Aruba and Cisco to name a few.  I'm going to be using Cisco gear for this post, however please be aware that almost every vendor I know of has an HD Wi-Fi guide and they all say about the same thing.  I'm not taking sides at all – I love all the competition out there!  I would also like to thank a little birdie for sending me a controller for the purpose of this post.

I am under the assumption you know something about how to build an enterprise network, and have deployed an enterprise class wireless network in the past, or had it done for you via professional services and you feel confident in your abilities and want to make your wireless network better.  You should probably have the skill level of a CCNA and CWNA.  I'm focusing on the wireless part – not the backend which will also need to be designed properly.  So, here goes…

The goal is to have smaller cell sizes in the 2.4 GHz range.  This enables faster communication due to higher data rates.  Higher gain directional antennas create small cells and reduce co-channel interference.  More cells equal more throughput, which means more capacity.  More capacity equals happy people. 

One thing to consider if you are designing for your public environment is how many SSIDs you might need.  You many need WLANs for the following groups of users:

a.      Ticketing (scanning tickets to enter the venue)
b.      Point of Sale (textbooks, t-shirts, hot dogs, etc)
c.       Administrative (employee access)
d.      Press (as annoying as they are, they still need access)
e.      Inventory
f.        Dual WLANs separated by frequency (a 2.4 GHz and a 5.x GHz WLAN for             the same purpose)
g.      VoWi-Fi

When designing your WLAN, it is important to have accurate floor plans.  They will help you visualize where your clients will be, where your RF will be, and where you don't want your RF to be.  Place close attention to that last sentence!

The 2.4 GHz spectrum is full.  There are so many devices in there, both 802.11 based and not, that it is difficult for these devices not to be stomping all over each other.  802.11 is a polite protocol – if an AP is on channel one and it hears another AP or client on that channel, the AP will wait until channel one is clear before transmitting.  Adding access points to a large auditorium with omnidirectional antennas does not necessarily increase throughput or the number of users that can be online if many of the access points are on the same channel and can hear each other.

Designing an HD WLAN can be difficult.  There are methodologies that are in place that most of the WLAN vendors all agree upon – so I intend to share them with you since I have read through most of the HD Wi-FI guides out there.  Here are a few that seem to be pretty common goals and methods:

a.      HD Wi-Fi is designed to minimize the cell size
b.      Antenna placement – don't avoid a difficult antenna location because of                  cost
c.       Design more APs than needed and turn off some 2.4 GHz radios if   
d.      Use directional antennas in HD open environments – auditoriums, arenas,             conference centers
e.      Omnidirectional antennas may be used in regular, non-HD Wi-Fi areas – as          long as they are enclosed
f.        You're going to have to get creative with hiding APs and antennas in non-               conventional places

As example, let's use this seating chart of a 16,000 seat basketball arena.

This is a large, open air environment.  We'll aim for 250-500 seats per access point.
If you put three dozen dual band access points with omnidirectional antennas in there, you might find that the Wi-Fi doesn't work that well, even though "the math works out".  Your channel utilization will be excessive – I'll talk more about that later.

However, if you were able to mount APs in the ceiling structure (roughly 50 feet above the seats) with 30 degree beam width antennas aiming down at the seating areas (imagine each one of those colored seating areas as a cell) you might find that co-channel interference (CCI) was reduced drastically.  Notice I stated "from the ceiling structure above", and not "from behind the seating area".  The reasoning behind this is that when your venue is full of people, the signal is attenuated more when the antennas are behind the seating areas.  I've seen APs talk to clients at 93 feet when the antennas are behind the seating area – however it didn't work that well.

The other issue with CCI is that signals come from your non-bowl/arena access points.  You've changed out all those omnidirectional antennas for directional ones, but the signal still leaks in from the lobby and concourse areas.  The key here is to use patch antennas in those areas, aiming away from the seating area.  The more "directionally contained" your signals are, the less CCI you will have.

Keep in mind that there's other Wi-Fi out there.  You might have Wi-Fi in the parking lot outside your facility for the hot dog vendors, ticketing, etc.  The best thing to do here is to use directional antennas when possible to minimize CCI.  At least in those areas you won't have as many users as you might have inside the seating area of your basketball arena. 

Other Wi-Fi exists that you might overlook.  Moveable partitions slide to the side and open up your environment, changing the dynamics of your RF propagation.  Glass walls in arena suites slide open and let RF spill out into a seating area if you are using an omnidirectional antenna.  I cannot stress enough the need to properly survey your area and to use patch/directional antennas!

We're going to start to dive into some of the nuts and bolts of HD Wi-Fi shortly… starting with why we want to minimize the RF propagation of the cell.  By limiting the mandatory and supported data rates and by limiting the power output of the transmitter, we keep the cell size small.  When we do that, we can keep the CCI low and re-use the three channels in the 2.4 GHz spectrum.  The channels I speak of are 1,6, and 11.  If you use anything other than that, you risk overlapping.  If I had a TARDIS, I would go back in time and explain to the IEEE that we only need three channels and plead with them to make the in-between channels unavailable for configuring into your network.

In Wi-Fi, if a frame didn't get to the recipient (the transmitter didn't receive an ACK frame from the recipient) it will try and retransmit the frame and/or lower the data rate and try again.  This leads to an even busier channel!  Think of it as trying to talk to your best friend sitting right next to you at a Van Halen concert.  You have to repeat yourself three times, and then say it slower, then reduce yourself to charades in order to communicate.  Next thing you know, all clients are using charades and your Wi-Fi is unusable.  What do you do?  You go outside in the hallway or break room to have your conversation – you reduce your co-channel interference!

If you are planning an HD deployment for an existing facility, I highly recommend (at a minimum) getting a copy of AirMagnet Survey or equivalent product and learn how to use it.  It will give you the ability to test the coverage patterns of the antennas you would like to deploy.  You may go through several different antenna types before you are happy with your selection.  Keep in mind that surveying a venue full of people is challenging, and that your site survey's data will change dramatically when you compare an empty auditorium and a full one.  If budgets allow, purchase AirMagnet's bundle of Survey Pro, Wi-Fi Analyzer and Spectrum Analyzer.  All will prove themselves valuable over time.  I also highly recommend AirMagnet's training class for using their products.  Check out Keith Parsons' "Seven Rules for Accurate Site Surveys".   Check out all his other stuff, too.

The Certified Wireless Network Administrator (CWNA) book from is also a great resource for aiming you in the right direction.

Don't forget to set your survey access point to the same settings (power, data rates) you want for your production HD WLAN environment.  I recommend surveying at 1.5mW, 3mW or 6mW with a higher minimum data rate of 18 Mbps.  That means that 1,2,5.5,6,9,11 & 12 are disabled.  Keep in mind you are going to be using higher gain, directional antennas which will increase the power in your small cell.

If you are designing Wi-Fi for an existing facility that may already have Wi-Fi installed for ticketing or Point of Sale, I highly recommend planning your new system to cover those areas for them and decommission the other system.  After all, you don't want competing WLANs in the same room!  I wouldn't mention this if I haven't come across it several times.

Let me take this subject to the next level.  Every SSID requires all the management overhead traffic associated with it.  This means the more SSIDs you have, the less airtime you have for your client devices.  If you have older, existing 802.11b ticketing and point of sale systems with 802.11b and other lower data rates enabled, the beacons will all go at the lowest data rate – using up valuable airtime.  One of the best practices in my opinion is to limit your high density environment (basketball stadium, auditorium, or library) to a single SSID.  Other areas in the facility can broadcast up to four, but by all means limit them to the best of your ability.  The next best practice is to disable 802.11b entirely, however some of those ticket/inventory/PoS devices are 802.11b only. 

Moving on – be sure that the gear you select can support the expected number of access points and concurrent client connections.  Don't skimp on redundancy – even though you might not have a basketball game twice a week, that's no reason to not have dual controllers, dual switches and batter backups in case of power failure.  Keep in mind you may see 30-40% of the seats with a client device – that means you may see 6,400 client devices in a 16,000 seat basketball stadium on a college campus.  Each one of those client devices will need an IP address – I highly recommend using a robust DHCP server to handle to the load.  Ignore temptations to use the DHCP service built into your controller.  I've had to dial down the lease times in heavily loaded college libraries to two hours to accommodate the masses flowing in and out on a classroom schedule.

Keep in mind this blog is not being written for you to use as a guideline to install Wi-Fi in a large public venue.  My intended audience is smaller venues where you are planning on doing the design and installation in-house.  If you are a 45,000 seat stadium and want to streaming media via multicast – seek a reputable firm with professional services.  Think CWNE.

Here are some Network Design and Configuration recommendations:

1.      Keep WLANs being broadcast down to one WLAN in HD areas, and four or                 less in your non-HD areas.  Cisco shops can use AP groups if you are sharing          a  controller.  Other vendors I'm sure have similar features.  *hint* *hint* (I don't            have any other gear to play around with)

2.      Examples of WLANs are:

a.      Employees
b.      Point of Sale
c.       Ticketing
d.      Press/Guest
e.      Students/fans
f.        VoWi-Fi

3.      WLC controller redundancy
4.      WLC sizing – make sure your controller can handle all those clients
5.      Aim for single digit Channel Utilization when your building is empty (it can be               done)
6.      Remove lower data rates on both 5GHz and 2.4 GHz (I will show you how)
7.      Use 5GHz for mission critical WLANs such as PoS, Ticketing & Press
8.      Cisco's RF Profiles in 7.2 and above will help out for HD vs non-HD WLAN                  coverage areas when using a single controller.

Network Operation recommendations:

1.      Use your spectrum analyzer to sweep the channels you are using to see if              there are any interference sources.  I once saw a     high definition camera            on a 5Ghz WLAN channel during a sporting event, so I quickly removed that          channel from our Dynamic Channel Allocation list so it would not interfere.

2.      If you are constantly changing your power and channels, you'll need to                    resurvey each time.

I mentioned Cisco's RF Profiles.  An RF Profile can be created for the 2.4 GHz radio or the 5GHz radio.  The profile is applied to a group of access points in an (Cisco) AP Group.  An AP group, for instance, is an area of your network that you want a specific group of WLANs broadcast – the lobby might require admin and press, but no guest WLAN.  If you were designing your college's basketball arena, you would probably create an AP group to limit the seating area to one SSID.  In that AP group, you would assign an RF Profile that removes all of those lower data rates and limits the amount of power via a threshold.

There is also a Cisco command that helps to deafen an access point.  What this means is that you can set your controller/access points to ignore everything starting at a level you determine, -78 dB, for example.  You won't want to do this for every AP in your network, so instead of using the global command you can set each AP individually.  The command is controller> config 802.11a|802.11b rx-sop threshold -78 ap <name of AP>
The threshold value is 0 for disabled, or -60 to -100 dB.  Use this command with caution!  With any luck, that will be built into the RF Profiles feature in the next version of code.

Now we're going to configure a controller for High Density Wi-Fi.   Let's pretend we're a college with a descent basketball team and a great library system - and both departments have dug deep into their pockets to fund this project.  Both departments have a high density of WLAN client devices and they're fed up with the really slow Wi-Fi.
Let's start with defining some of the SSIDs that have been requested on campus.  We have determined to put the Library and Basketball arena on the same controller along with a few small buildings, and we're going to size and configure the WLANs and VLANs as follows. 
1.      ChickenHawk
a.      5000 devices
b.      Secure Wi-Fi for students
c.       802.11a/g/n, WPA2,PEAPv0, MS-CHAPv2, AES, OKC, Silver QoS

2.      GoHawksFast
a.      5000 devices
b.      Open access Wi-Fi for events
c.       802.11a/n/ac, Open auth, Bronze QoS

3.      GoHawks
a.      5000 devices
b.      Open access Wi-Fi for events
c.       802.11g/n, Open auth, Bronze QoS

4.      VoWiFi
a.      100 phones
b.      Non-broadcasted WLAN for Wi-Fi VOIP handsets
c.       802.11a/n, WPA2-PSK, AES, OKC, Platinum QoS

5.      Barcode
a.      40 scan guns
b.      Non-broadcasted WLAN for ticketing
c.       802.11a/g/n, WPA2-PSK, AES, OKC, Platinum QoS

6.      HawkPoS (point of sale)
a.      60 terminals
b.      Non-broadcasted WLAN for PoS terminals
c.       802.11a/g/n, WPA2-PSK, AES, OKC, Platinum QoS

7.      PressBox
a.      60 press users
b.      Broadcasted WLAN for ease of use
c.       802.11a/g/n, WPA2-PSK, AES, OKC, Platinum QoS

For security reasons, our ChickenHawk SSID will map to its own VLAN that will be secured on the backend, as will the VoWiFi and Barcode SSIDs.  Again, this blog is lightly touching on the basics of VLAN and WLAN controller configuration since I'm writing this more for how to configure HD Wi-Fi. 

The GoHawksFast (5GHz) and GoHawks (2.4 GHz) WLANs are for our HD areas – the basketball "bowl" and the large libraries where the students congregate and stream media while studying.  The thought behind the "fast" is to try to entice people to choose the 5GHz WLAN if they see it on their device.  Both WLANs are going to map to the same VLAN on the backend.

After a considerable amount off thought, I decided to lab up this fictitious HD environment in the lab on a Cisco controller running 7.6.x, however you'll only need 7.2 or greater to do the things I am writing about.  Stay tuned and I will show you show you what worked for us in our real environment.  Your environment may vary from ours, so please take that into consideration and don't copy this configuration in entirety and expect it to fit your environment perfectly.

I am also open for comments and suggestions and will revise this post as necessary.  If you see an error, or think I should add in more information, please feel free to comment and we can modify as needed.  After all, this post is to try to help others out as much as they help me!

I'll start off with screenshots of the 5GHz (802.11a) global parameters

A number of Wi-Fi clients present in production environments do not actually support connections in the UNII-2 Extended Band. This allotment of channels ranging from 100 to 140 is essentially invisible to older Wi-Fi clients created before this band was made available for Wi-Fi by the FCC.  Since we have many channels to choose from, I'm going to exclude them.


 Now for the screenshots of the 2.4 GHz Global settings… (note 802.11b is turned on)

With the above defaults applied to all WLANs, I used AirMagnet Wi-Fi Analyzer to look at channel one's channel utilization.  This is a snapshot of the CU when five APs are currently set to channel one in a simulated HD Wi-Fi environment in an RF isolated lab.  The APs are in the default AP Group, and there is one client device - my laptop.  The CU is going to change drastically for the better and I'm going to show you how to do just that.

Now let's take a look at what this post is focusing on – the HD Wi-Fi WLAN Profile.  I'm going to focus on the GoHawks 2.4 GHz WLAN since that is the WLAN where we are seeing most of our wireless clients at sporting events.  Here's a screenshot of the most important WLAN when it comes to a basketball game, and a few "before and after" shots as well.  Below is the HD WLAN Profile for 2.4 GHz in the basketball arena.  It has no security, is mapped to a VLAN outside the network and is meant for fast Internet access.  It also has a high channel utilization!


It is tempting to turn on Application Visibility on this WLAN for statistics, but we chose not to.  You can read up on this nifty feature in a previous post of mine.

I'm going to point out that this is the only WLAN we are applying any ACLs to.  We're doing this to cut down on the Bonjour traffic since most of the clients devices in our HD Wi-Fi environment have that feature enabled.

So lets create two ACLs.   Here we go:

Apply those two ACLs to your HD WLAN.

Now here's the "secret sauce" for decreasing that channel untilization and making your HD environment a lot better for your clients.  We're going to use the Cisco's RF Profiles along with the AP Group feature to override those 2.4 GHz default settings.  I'm going to create an RF Profile then an AP group and call it Basketball_seating and lastly, apply it to all of the access points inside the arena.  Keep in mind when you do this, the arena APs all reboot.

Since this post is focusing on HD Wi-Fi, I'm going to concentrate on the basketball's 2.4GHz RF Profile.  Create an RF Profile.  Use a naming convention that makes sense for your environment.  Mine are "RFP" for RF Profile, <name of WLAN> <coverage area> <24=2.4GHz>.  You'll thank me later for this advice.

Here is where we override the 2.4 GHz defaults and disable 802.11b and make our lowest supported 802.11g rate 18 Mbps.

We're using the RRM tab to override the controller's defaults to limit the power thresholds in our basketball arena.

We didn't change anything on these last two tabs.

Now create an AP group for the HD Wi-Fi area.  I cannot stress enough to use a proper naming convention so you can figure out what it is for months from now.

Edit the AP group after it is created, and use a proper description so you can figure out what it is for a few months from now.

AP Groups allow you to only broadcast the WLANs you want.  For the basketball arena we only want to broadcast one WLAN.  If we used the default AP group, we would automatically broadcasts all WLANs.

Then we apply the RF profile we created in the earlier step, overriding the global 802.11b 2.4 GHz parameters.

Use the APs tab to add the arena's access points to the newly created AP Group.  They'll reboot.

After the APs reboot, they come up and I let my AirMagnet Wi-Fi Analyzer run for about ten minutes.  The CU is now down in the single digits!

So, to recap, this is what we did to make our HD Wi-Fi exponentially better.
  1. Replace omnidirectional antennas with directional ones and created small cells
  2. Create ACLs to block Bonjour
  3. Create RF Profiles to limit data rates and transmit power
  4. Create AP groups to limit number of WLANs being broadcasted

Here are a few screenshots from AirMagnet Survey Pro.  These are the coverage patterns from a recent walkabout through the bleachers with directional antennas mounted up high, aiming down at the seats:

This is the walkabout with all 2.4 GHz channels shown.  Notice how we're not getting all the way down to the front seats.  This is because those seats are the farthest from the antennas.

Here's channel one.  The light blue areas are where the signal is strongest, which is where the antennas are mounted.  This walkabout was done when the venue was empty.  This changes when full.

Here's channel six.

Channel eleven:

Here's channel 149.  I decided to show one 5GHz channel just so you could see the coverage pattern differences.  The cell is much smaller than the 2.4GHz channels - but that's fine because we have more 5GHz antennas online than 2.4GHz.  The APs are all dual band, however we shut some of the 2.4GHz radios off.

Please feel free to write to me with any feedback, comments, concerns, or what you did in your HD Wi-Fi environment.