Talking about wireless planning and management based on wired network

Nowadays, new business and new applications of enterprises are very urgent for the mobility demand brought by wireless networks. However, how to better add the wireless layer on the basis of the original network so that it can be fully integrated into the enterprise network without affecting the original network has become an important issue before the next-generation enterprise network. In biology, the scion and rootstock must be the same or similar to each other in internal organization, physiology, and genetics, and the survival rate of grafting is higher. Wireless grafting also has similar guidance methods.

How enterprise mobility is reflected

To solve the problem of grafting wireless networks, we must first understand the meaning of enterprise mobility. In this regard, Yang Hua, general manager of Aruba China, said: "In Aruba's view, the mobility of the enterprise network is reflected in the identification of users, including the scope of network use, access rights, policies and security. Moving together, users are not limited to using the network at the ports and access points of the physical network, but can safely use the network at any location within the scope of the corporate network. "The construction advocated by Aruba is" user-centric " 'S network strategy is exemplifying the mobility of the enterprise. Under such an architecture, users at the edge of the access layer can move arbitrarily within the enterprise and access the network with the same identity and strategy. The reason why users can achieve mobility at the edge of the network is precisely through the centralized management and control of wireless switches.

HP ProCurve is also a manufacturer that actively advocates network edge architecture. Chu Bin, technical director of the company's network business department, believes that the traditional connection-oriented enterprise network is changing. When the network industry and market gradually change from technology-oriented to business-oriented, mobility will also be reflected in the modern enterprise network. , The network will be integrated into all production links and become part of the company's production environment. In this regard, the enterprise network needs to be adjusted in the system architecture.

Content and principles of wireless planning

Since the mobility of the development enterprise is to allow users to move at the wireless level, the wireless network planning work in the early stage of "grafting" is very critical. It is necessary for enterprises to follow relevant methods and design principles when re-planning the overall network architecture .

In this regard, Chu Bin said that the wireless network planning is mainly to investigate the connectivity of wireless signals, whether the signal coverage and strength can meet user requirements. This requires an on-site survey, borrowing various tools, the edge signal strength is not less than 60% is the best. The planning of wireless performance is actually the "trinity" of coverage, performance, and security. It is mainly about whether the concurrency capability of the AP can meet the functional characteristics required by the enterprise, and whether the distribution of AP dynamic ACL can be equivalent to wired. In addition, it is more important to achieve unified security of wired and wireless in the enterprise network.

Zhang Yaosheng, an engineer in the after-sales support department of Trapeze, explained the specific planning work: "Wireless planning is roughly divided into three parts, including AP deployment planning, switch deployment planning, and network management and control. The specific content mainly includes the number of APs and installation locations. , Spectrum planning, and the scalability, security, availability, and reliability of wireless networks (mainly redundancy requirements). "Specifically, the site environment needs to be surveyed to determine the number of APs and location planning, and then according to the required The number of APs, consider the switches that can meet the access of these APs, and finally pay attention to the performance of the connection aggregation of the network core to avoid link bottlenecks.

So, what principles do users need to follow when planning wireless? Wang Zhuo, Technical Director of Aruba China, said: "The original wired network design is not based on users. Therefore, to provide wireless mobile networks on the basis of the original wired network, allowing users to move at the wireless level, you also need to pay attention to the wireless design. Three principles: keep the backbone of the wired network intact; ensure that the original application is intact; and not bring hidden security risks. "In addition, Wang Zhuo also introduced several features of Aruba's design ideas. The first is network hierarchical design-Aruba's wireless is independent of wired, which is different from other manufacturers who regard wireless network as a wired network access supplement; second is mobile design, that is, the application only runs Real mobility can only be achieved on wireless networks; the third is security design, including the security of wireless networks and the security of user identities; finally, multi-service design, so that multiple applications can run.

Focus on actual deployment

After understanding the content and principles of wireless planning, what should be paid attention to when it comes to actual deployment? Fluke is a manufacturer focused on network and communication test equipment. Wu Shijun, a technical expert at the company's Beijing office, said: Wireless planning includes two types of initial deployment and planned expansion. Before planning, we must first clarify the goals and coverage requirements for laying a wireless network. Then, you need to start site survey according to detailed and clear technical requirements. These technical parameters include the expected access rate, the coverage of the AP and the number of APs, the number of users accessing the wireless network now and in the future, the requirements for signal strength and signal-to-noise ratio (allowable radio frequency interference strength). Special attention should be paid to confirm that future wireless networks will not have serious radio frequency interference problems through wireless spectrum analysis. It should be noted that when considering the technical requirements of wireless planning, it must be forward-looking. For example, the increase in the number of users in the future and the deployment of high-bandwidth applications all need to be adjusted accordingly.

Lin Tao, a pre-sales engineer at Trapeze, introduced the experience of the Beijing Normal University project: "Specifically to the actual planning process, it is necessary to investigate the density and coverage of deployment at key locations, as well as the actual applications of users' audio and video." When the role of smart wireless network architecture in Beijing Normal University played, he said that the thin AP architecture advocated by Trapeze involves several aspects: first, unified management, mainly including three aspects of equipment, wireless resources and users; second It is security, mainly the problem of illegal APs, and WIDS or WIPS functions; the third is value-added, support for wireless roaming and positioning; the last is network management, using Ring Master software to achieve a single point of MX controller and AP Wireless management. Trapeze's SmartMobile architecture is also ready for upgrading to 802.11n networks.

Zhang Yaosheng talked about the problem of avoiding wireless interference. If the source of the interference is an unauthorized malicious AP (or RogueAP) in the LAN, the AP needs to be attacked to stop it from working, at least it cannot access the user; if It is non-malicious to interfere with the AP. Usually, it is to adjust the frequency band of the adjacent AP in the enterprise network to avoid interference as much as possible.

With the help of wireless planning tools

In the actual deployment process, tools for wireless planning and performance analysis are also used. Wu Shijun said that there are three main Fluke tools that network engineers often use: First, FlukeInterpretAir wireless LAN analysis software, which can check coverage and optimize network performance before and after wireless LAN deployment; second, AnalyzeAirWi-Fi intelligent spectrum analysis The instrument can detect, identify and locate RF interference in 802.11 WLAN, and then plan, deploy, verify and expand the user's wireless LAN to ensure seamless wireless LAN signal coverage; again is EtherScope network communication, the device can be used for 10MB, 100MB and 1000MB copper wire, fiber and WLAN handheld network troubleshooting.

In addition, a site survey software package is needed to help show how WLAN configuration changes performance and coverage. More importantly, the AP settings are revised through surveys, and WLAN performance and coverage are improved by adding APs or other methods.

In fact, each wireless network equipment manufacturer has its own network testing and analysis software. For example, Trapeze ’s RingMaster software can determine the output parameters such as the number of APs, location, spectrum planning, and AP power estimation by inputting building floors, room CAD drawings, wall loss parameters, and bandwidth to be provided by each AP. Users can also get a vivid coverage map and wireless network layout order planning table.

Graft management: unified wired / wireless management and security

For wireless grafting, the planning and actual deployment of wireless networks are just the first step. The problem of "easy grafting is difficult to survive" also exists in the enterprise network. At present, enterprise networks are not doing well in the access and management of mobile devices, and the security risks of the entire network caused by this are also serious. Therefore, the unified management of wired and wireless networks to ensure the consistency of network security is very important for enterprise networks with wireless networks.

Integrated management platform

For network management, it generally includes network device management and user management. The unified management mentioned here is actually relative to the user management level, mainly related to the identity of users in the entire network. Lin Tao said that at present, in many enterprise networks, authentication gateways are used to manage users' access to the Internet through wired access. After joining the wireless network, you can achieve unified management by sharing the user database of the existing authentication system, and use WebPortal to authenticate users for wireless access. Zhang Yaosheng also believes that the network platform has the same authentication method for wired / wireless. Wired and wireless users can use the same authentication method and access gateway to assign unified access rights for users, so whether the user accesses the network by wireless or wired , Its access to the network is the same. In addition, the management tools of the two networks can also be integrated. For example, Trapeze's RingMaster (supporting SNMP) can be integrated into HP ProCurve's OpenView to form a unified wired / wireless management platform.

In terms of device management, wireless and wired networks are basically similar, both of which are configuration and monitoring issues. However, there is one biggest difference in details. Wang Zhuo said that since the spectrum environment of the wireless network is changing at any time, the wireless network is also required to have environment detection and adaptation and optimization functions for the change.

As for network maintenance and optimization, it is mainly to periodically check the WLAN, collect survey data and perform corresponding performance optimization. Wu Shijun said that you can change the AP location, antenna type and configuration information. By using a site survey tool or a network analyzer to view the status of the access point, you can determine the overloaded AP and interference in the same frequency band to prevent users with slow connection speeds from affecting the overall throughput of the network.

In fact, there are many tools available for wireless management. For example, Aruba has ICSA-certified personal status-based firewall (higher security level than traditional ACL), HP ProCurve IDM identity-driven access control device (such as NAC800 controller), Trapeze SmartPass software, etc., all wired / Good assistant for wireless network management.

Be alert to potential safety hazards

Network management is inseparable from security issues. Once the WLAN is up and running on the wired network, it is necessary to regularly review the monitoring situation of the entire network. Unauthorized access points or clients mean security vulnerabilities.

Lin Tao said that the thin AP architecture of the wireless network mainly includes device security, security of information and protocol communication between devices (including AES encryption, etc.), user network resource security and wireless security. Among them, the security of user network resources mainly includes the function of checking the security integrity of the client, encryption authentication methods such as WEP and WPA, and the access control of network resources in the case of the combination of wired and wireless (acquisition of authority through the user name to obtain network resources , You can achieve security control at different levels). And wireless security includes WIDS and WIPS and other methods, through the monitoring, positioning and counterattack of illegal APs, to prevent wireless users from accessing illegal APs.

Chu Bin emphasized the consistency of enterprise network security management. He said that wireless management needs to be integrated with wired management and scheduling to see if wireless expansion can be unified with the original wired security (not just data encryption, logs , Audit), if it is not possible, the confusion and doubts from users have not been resolved. In fact, the crossover of identities caused by various user passwords is the biggest security risk in the entire enterprise network. If the management system is inconsistent, it is undoubtedly a weakening of the security of the entire enterprise network.


Wireless Graft Practical Manual

definition:

That is, deploy a wireless network on the basis of the original wired network of the enterprise, and build a mutually integrated network with mobility.

place:

Wireless grafting usually occurs in places where the original wired network is difficult to expand or where wireless mobility is required.

Influencing factors:

The main factors affecting wireless grafting are the early planning and later management of the wireless network. The wireless planning includes AP deployment planning, wireless switch deployment planning, and network management and control. Wireless management includes device management, user management, network security, and control.

Tools and methods:

The wireless network planning should first carry out preliminary design according to the actual application and location, and then combined with the situation of the site survey, according to the industry's formula for calculating space loss and coverage, or directly through the spectrum analyzer and WLAN analysis software and other tools for actual wireless planning. Pay special attention to the wireless signal connectivity and the Ping value of the transmitted data, determine the AP signal strength, and the delay and packet loss rate of the wireless terminal accessing the wired network.

Network management is mainly for the identity management of enterprise employees or visitors, and a unified wired and wireless management platform (including authentication methods and databases, etc.) is required to ensure the consistency of user rights throughout the network. At the same time, we must also pay attention to monitoring changes in the wireless environment, conduct daily surveys and maintenance of wireless access points, determine unprotected access points, new sources of RF interference, and potential security risks such as illegal intrusion into APs.

Case 1: Beijing Normal University deploys 500 access points at once

Last month, on the basis of the existing wired network facilities on campus, Beijing Normal University successfully carried out wireless network coverage in teaching buildings and office buildings, making up for the lack of wired expansion capabilities in these places. The new wireless network solution uses a thin AP architecture, including more than 500 Trapeze intelligent WLAN access points (a combination of MP-71 access points and MP-372 access points), and 4 fully redundant high-performance MX-200RWLAN Controller. This is not only the project with the largest number of one-time purchases of APs in the education industry, but also has good compatibility and complementation with the wired network in terms of network interconnection, authentication and billing, security defense, etc., but does not do internal parts of the main structure of the campus wired network. Any changes. In the actual deployment of APs, the case of Beijing Normal University adopts a "zero configuration" approach-that is, AP devices can work directly after plugging in, and users do not need to configure parameters such as IP address, SSID, and encryption for each AP.

The thin AP architecture brings great convenience to the planning and deployment of wireless networks.

Case 2: WLAN illegal intrusion detection of an operator in Beijing

An illegal intrusion of APs in the wireless network of an operator in Beijing has seriously affected the smooth operation of the company's WLAN network. Because the location of illegal intrusion equipment is concealed, it is necessary to use a highly sensitive directional (omnidirectional) antenna to achieve accurate positioning. Network managers use Fluke ’s EtherScope network communication equipment (wireless APs that can locate up to 515 meters, power -100dBm), roam in the room according to the direction of the directional antenna, and find the illegal intrusion by reading the power change of the illegal intrusion AP The AP has the strongest signal, and EtherScope emits a "beep-beep" sound to indicate the actual physical location of the illegal AP (including WLAN and ad-hoc networks). It turned out that the illegal intrusion of the AP was accessed by the office personnel without permission. Successfully deploying a wireless network to the original wireline is not a panacea, and management of equipment and networks is more important than maintenance.

What is the next generation enterprise network

It is also to solve the problem of network mobility of the next generation of enterprises, without a clear flag between the manufacturers: ProCurve always emphasizes the AEA architecture at the user edge, Aruba adheres to the user-centric strategy, Trapeze is more inclined to adopt a decentralized architecture to avoid the network Bottleneck ... It seems that each manufacturer has its own different network architecture and solutions, but in fact there is something in common with each other, which is to better graft the wireless network to the wired network. At the same time, several companies agree that mobility is an important feature of next-generation enterprise networks.

Wang Zhuo said that VoIP is actually a good application, but why can't it be applied now? Mainly because the original VoIP terminals are all running on the wired network. Only by using wireless networks can VoIP terminals be truly applied with the user's movement. In addition to mobility, Yang Hua believes that the next-generation enterprise network should also include several trends such as user-centricity, centralized management and control, emphasis on personalized security services, and operationalization.

Chu Bin believes that, unlike the previous connection-oriented network, the enterprise network is now beginning to shift towards a business-oriented direction, and is no longer an interconnected platform in a closed campus. It turns out that the management method of patching layer by layer through various technical means and security measures is also outdated. Only by adjusting the architecture of the enterprise network is the fundamental solution. The next-generation enterprise network should be business-driven and closer to the organizational structure of the enterprise. By integrating wireless mobility and security in the system architecture, it becomes the production environment of the enterprise and allows the network to adapt to people.

Randm

Shenzhen E-wisdom Network Technology Co., Ltd. , https://www.globale-wisdom.com