3

A few weeks ago my school district closed their public wifi doors and now just have their secure wifi for teachers and administrations only. The reason was that the access points could not handle all the users and their traffic. When they did this the speed on their secure wifi has greatly increased... substantially. Since then, the secure wifi key spread like wildfire throughout the student body. Now what they had before has happened again, just under one ssid instead of two.

Me (a student(also a network technician)) and the Technology Specialist at my school propose the idea of putting in double the access points that runs parallel and is separate from the secure. The secure network would sit on one network of access points and the public would sit on the other network of access points. We think this is a good economical way to go about the problem.

What do you think? What other ways could we go about this?

tl;dr What are economical ways to combat high amounts of users on access points that cannot handle it? (Upgrading current equipment is unlikely to happen because of price)

Keyword to keep in mind: Low-cost, otherwise this wont work.

  • possible duplicate of [Why is Internet access and Wi-Fi always so terrible at large tech conferences?](http://serverfault.com/questions/72767/why-is-internet-access-and-wi-fi-always-so-terrible-at-large-tech-conferences) – Jim B Jun 09 '11 at 01:54
  • What kind of firewall and switches do you have? What kind of access points do you have? You could set something up like this with VLANs depending if your equipement supported it or not. – Nixphoe Jun 09 '11 at 01:55
  • Its all Cisco equipment. –  Jun 09 '11 at 02:08
  • 1
    `closed their public wifi doors` - this is a sound idea. Back when I was younger, our school was a very early adopter of 802.11b. I just forked out $80 for a PCMCIA 802.11b WiFi card (Hey, the < 10Mbps WiFi speed was better than the 56k I had at home), waited for the WEP key to be decoded from "Interesting Packets" and voila, free internet. My mate lived within the schools 802.11 broadcast area, so I would just go to his place to borrow the schools internet. So, unless you want something like this going on, you'll want a captive portal on the public networks, or even better 802.1x – Mark Henderson Jun 09 '11 at 02:19

3 Answers3

4

Okay, you're using a shared key. That's your first mistake. You need to implement something like 802.1x (users authenticate to the wireless with their own credentials) or alternatively, machine certificate authentication (this can be pretty easy to do if you're running AD and have wireless gear that can handle it).

If you can't do the above, your only solution is to add more access points. Do you have a centralized wireless controller that manages things? As the number of access points increases, the need for a wireless controller goes up pretty quickly, so keep that in mind. It's not always effective to just add access points willy nilly.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • +1, it's hard for people to accept it, but as WiFi networks get more users they need to evolve and become more complex (which means costly, either costly equipment or lots of your time to implement something homebrew). – Chris S Jun 09 '11 at 02:01
  • First off, I really like your input. Adding machine certificate authentication would be a great idea and it would kick everyone else off thus speeding up the wifi but ultimately I think the students and guests of the school should be able to use wifi too. I guess wifi for everyone that is decent in speed what we were trying to accomplish. –  Jun 09 '11 at 02:14
  • Then use cert auth for staff/faculty and 802.1x for students. You still have to deal with the numbers issue, though, and the only remedy for that is more access points and likely a wireless controller. – EEAA Jun 09 '11 at 02:16
  • If you're lucky it might help a little. We have multiple access points to handle 20-30 systems at a time and we have definite issues still handling the data being pushed through the access points. Throwing more access points at the problem will help only until there's interference issues. Research the question about why wireless sucks at conferences; Joel Spolsky did articles (podcasts?) about it, and basically the answer is that this is NOT a simple thing to fix. Like I said in my answer, it's not like scaling your home wireless up to get working. – Bart Silverstrim Jun 09 '11 at 10:15
2

Here's a tough truth; wifi is harder than people think. Especially if you're jamming 20 or 30 systems transferring a lot of data at once. And throwing more access points at the problem won't necessarily fix it.

We've been struggling with trying to get small mobile labs to work over wireless using Cisco managed AP units; these aren't cheap units, but if you start shoving profiles or home directory data over the wireless, it crawls and causes timeouts.

In short, the only "economical" way to fix it is to get AP's that can throttle client bandwidth and isolate as much as possible what data is spreading over the AP's. Managed APs can help, but if you get too many in one space, you get diminishing returns due to interference.

In other words, you need managed (not cheap) AP's, isolate data being shoved over the network, throttle the clients and use QoS limitations, and limit the number of people hopping on the network and block out services that are saturating your bandwidth (any sharing protocols and usually other services that students feel entitled to use over "free" networks, along with monitoring for potential exploits running on the machines from malware. You're filtering web traffic and requiring anti-malware, right?)

I'm afraid there is no way to do this all on the cheap. Scaling wireless doesn't work like home wireless access, and too many people seem to think that it's a simple matter of throwing SOHO routers with AP's on the network. Afraid it's not. :-/

Bart Silverstrim
  • 31,092
  • 9
  • 65
  • 87
  • Agreed. While the theoretical limit on number of clients for 802.11 is what, 256 per radio? In our experience the practical limit is an order of magnitude less than that. – EEAA Jun 09 '11 at 02:12
  • Kind of like the theoretical limit to the number of people you can put in a conference room. Sure, cram them shoulder to shoulder. Good luck getting anything done in those conditions, though. – Bart Silverstrim Jun 09 '11 at 10:16
  • We're using expensive managed AP's from Cisco and it's not fixing the bandwidth issues. I think the OP wants to just slap more AP's or a Linux hack together and in our experience, that just doesn't work. What works for home or coffee shops doesn't work for classrooms or saturated links. *Wireless is hard.* – Bart Silverstrim Jun 09 '11 at 10:18
1

the basics of the solution are :just the non-overlapping channels, and spread the APs out. For 802.11b/g, run the radios at the lowest power settings. For 802.11a run it at the higest power setting because we have so many channels. try to keep the APs fairly low, so the bodies can help reduce interference between APs on the same channel.

Add more APs (cheap ones) Getting people off the 802.11b frequencies is good as well.

But these are all mentioned in the question this is a duplicate of.

Jim B
  • 23,938
  • 4
  • 35
  • 58
  • Haha, I understand that this question may seem duplicated but the situation is unique. I think spacing out the APs will be easy because the school is very big compared to a ballroom with a bunch of geeks in it. –  Jun 09 '11 at 02:32