WHITE PAPER

Deploying
802.11
Wireless
LANs

CONTENTS
Executive Summary.................................1
Introduction............................................1
Business Drivers ......................................1
Deployment Considerations....................3
Why 3Com? .........................................12
Deployment Examples ..........................14
DEPLOYING 802.11 WIRELESS LANS
Deploying 802.11 Wireless LANs
Executive Summary
This paper demonstrates how you can
successfully deploy Wi-Fi wireless
LANs (WLANs) within your company.
It illustrates the business drivers and
the tangible benefits that you can real-
ize. In addition, this paper examines
issues involved in deploying wireless
networks to help you make the right
decisions when planning and purchas-
ing a WLAN solution. Whether you are
adding wireless extensions to your
existing LAN or installing a wireless
network from scratch, this white paper
will help you overcome potential pitfalls
and address the issues you may face.
Introduction
Not so long ago, wireless networking
was a technology accessible only to spe-
cific vertical industries. Warehousing,
retail, and healthcare were among the
first industries where wireless network-
ing brought functional advantages and
made economic sense. Today, technol-
ogy has developed to the point where
WLANs are now being deployed across
all industry sectors from small busi-
nesses to large enterprises. The
worldwide business 802.11x WLAN
hardware unit shipments are in the mid-
dle of a tremendous growth surging
from 2.6 million units shipped in 2000
to an estimated 41.7 million in 2006.1
It is not difficult to see why. WLAN
technology is one of the most effective
IT tools there is to establish a competi-
tive advantage for your company.
Adding WLAN elements to your cur-
rent network will bring dramatic
increases in workforce productivity.
There will be demonstrable cost savings
from more efficient use of resources and
infrastructure. Not least of all, the
flexibility it will add to your IT infra-
1
Source 2002 In-Stat/MDR Group
structure, which will help satisfy the
needs of your network users more easily.
Business Drivers
Increased Productivity
WLANs enable workers to be more
productive with access to the Internet,
e-mail, and network files wherever
they are in the business campus. This
is especially useful when working
away from the primary office location.
Ten minutes idle-time between meet-
ings can be used to deal with
important e-mails. Many job functions
get huge productivity benefits from
immediate access to critical informa-
tion. For example, doctors can retrieve
patient information from anywhere
within a hospital, or logistics managers
can query detailed inventory informa-
tion from any place in a warehouse.
More Efficient Meeting
Data can be shared between users and
accessed on the corporate network
more easily from within conference
rooms, cafeterias or corridors. This
saves time and helps decision-making
in formal meetings, and delivers on-
the-spot information to support
productive informal meetings any-
where in the building.
New Services
WLAN connectivity enables companies
to deliver new services over their net-
works. For example, instant messaging
can be used to communicate and make
time-critical business decisions anytime
anywhere. Existing network services
can also be used more productively, for
instance, IT administrators equipped
with laptops are able to provide desk-
top support to users from any place in
the company.
1

For more information about
wireless technologies and
3Com wireless solutions, visit
www.3Com.com/wireless
2 DEPLOYING 802.11 WIRELESS LANS
Ease of New Installations
WLANs dramatically reduces the time
and cost of adding PCs and laptops to
an established network. For small and
medium companies a complete wire-
less network can be set up within
hours, with minimal disruption to the
business.
Out-of-office Connectivity
A laptop or PDA with WLAN capabil-
ity allows mobile employees to be
more productive by working from
public “hot spots” at airports, hotels,
and coffee bars.
Temporary LAN.
Campus style networked communica-
tion can be achieved with minimal
time and effort through WLAN con-
nectivity at off-site training sessions,
trade shows, or for mission-critical
applications during disaster recovery.
Cost Savings
Tangible cost savings will come pri-
marily from three areas.
Reduced Installation Costs
The cost of running cabling varies,
but averages $150 per drop.
Environments where it is difficult to
pull wires may cost as much as $250
per drop—and even more in such
hard-to-reach areas as cafeterias, lob-
bies, or within older buildings. For
businesses with established networks
where the wiring is inadequate, or
businesses installing a new LAN from
scratch, this alone is more than
enough to justify the incremental cost
of equipping new desktop PCs with a
wireless adapter, or adding a wireless
workgroup bridge to connect to desk-
tops. In this way, wireless can present
a significantly lower installation cost.
Return on Investment through More
Efficient Use of Resources
Small and medium businesses
installing a WLAN can share
resources such as printers and scan-
ners. They can also save on ongoing
telecommunications costs by sharing a
single broadband connection for
Internet access. ROI increases as the
business expands because the grow-
2
Local regulations outside of the United States may limit the authorized radiated power output of building-to-building
bridges. The maximum range expected outside of the United States is approximately 1.6 km (1 mile).
ing number of employees will share
resources even more efficiently using
the WLAN network.
For larger campus-based companies,
multiple buildings up to 16.9 km (10
miles)2 apart can be connected via Wi-
Fi links using wireless building-to-
building bridges. These also allow a
single link to replace T1/E1 links cost-
ing thousands of dollars per month.
ROI from Increased Productivity
A simple example shows there should
be no doubt that a WLAN provides
significant productivity returns. Take
the case of office-based employees
using WLAN-enabled laptops.
Assume the typical knowledge worker
salary is $60,000, equating to $90,000
after benefits and other costs to the
employer. An average worker puts in
2,000 hours over 50 weeks so the
hourly cost is $45 per hour. If a wire-
less LAN provides an additional
productivity of 15 minutes per week
for this worker, the total productivity
gain would be $562.50 per year.
Wireless LAN costs for this employee
are $150 composed of $100 for the client
device (PC Card in a notebook) and $50
share of an access point (assume a con-
servative 8 users per access point, $400
total cost for the whole AP).
Greater Flexibility
It is much easier to add new clients to
a network using WLAN connections.
Network users can roam throughout
the company, and are free to work
from various locations or sites without
burdening IT administration
resources. Equipment such as PCs and
printers can be re-arranged within the
office without the need for a support
call. Additionally, customers and
other visitors will be able to access the
Internet or their own corporate net-
works with minimal support.
As long as certain key issues are
addressed when deploying WLAN
technology, you can more easily sat-
isfy the needs of your network users
while also gaining cost and productiv-
ity benefits.
 Deployment Considerations
There are more and more laptop com-
puters with embedded Wi-Fi clients,
as well as an increasing number of
public hot spots. The result is that
Wi-Fi enabled products will become
more prevalent, even within compa-
nies that have no WLAN. So it is
important to reap the rewards offered
by WLANs, but at the same time
understand the issues associated with
well-managed deployment.
Standards
Among the most fundamental steps to
take when planning a wireless LAN is
to learn about the various IEEE 802.11
standards, decide which ones are
appropriate for your application
requirements, and plan your deploy-
ment accordingly. 802.11 systems are
generically called “Wi-Fi”. The Wi-Fi
Alliance is responsible for awarding
TA B L E 1 . T h re e F u n d a m e n t a l 8 0 2 . 1 1 S t a n d a rd s
Standard Radio Modulation Max. Link Max.
Band Coverage Data Rate
More
established 802.11b 2.4 GHz DSSS 100m/328ft 11 Mbps
standard
802.11a 5 GHz OFDM 50m/164ft 54 Mbps
Newer 802.11g 2.4 GHz OFDM 100m/328ft 54 Mbps
standard
802.11b should be considered if:
- you do not intend to use high-
bandwidth applications.
- you need a wider coverage area.
- price is a primary consideration. An
802.11b WLAN costs roughly a
quarter as much as an 802.11a net-
work covering the same area at the
same data rate.
The main disadvantage of 802.11b is
its lower maximum link rate. And
since it occupies the 2.4 GHz band
used by other technologies (e.g.,
Bluetooth and cordless telephones),
this rate may be reduced further due
to interference issues.
DEPLOYING 802.11 WIRELESS LANS
the Wi-Fi CERTIFIED logo that
ensures 802.11 compatibility and
multi-vendor interoperability.
The original 802.11 standard estab-
lished in June 1997 defined a 2.4 GHz
system with a maximum data rate of
2 Mbps. This technology still exists in
legacy wireless LANs, but should not
be considered for new deployment.
Today there are two basic categories of
IEEE 802.11 WLAN standards. First are
those that specify the fundamental
protocols for the complete Wi-Fi sys-
tem. These are called 802.11a, 802.11b,
and 802.11g. Second, there are exten-
sions that address weaknesses or
provide additional functionality to
these standards. These are 802.11d, e,
f, h, i, and j.
The following table shows the three fun-
damental 802.11 standards at a glance:
Max. # Non- Other Issues
overlapping
channels
3 - 802.11b networks have the largest
installed base.
12 (fewer in - Needs 802.11 extensions to be
some regions) used in some regions (e.g., EMEA)
3 - Backward-compatible with 802.11b
- Fully ratified
802.11a should be considered if:
- you need to run higher-bandwidth
applications such as voice or video.
- you have small densely packed con-
centrations of users. The greater
number of non-overlapping chan-
nels allows access points to be
placed closer together without
interference.
The main disadvantages of 802.11a are
that it is not compatible with the
older 802.11b WLAN standard and
costs roughly four times as much to
cover the same area.
3
 802.11g should be considered if:
- you need to run higher-bandwidth
applications and also need a wide
coverage area.
- you need backward compatibility
with 802.11b equipment.
The main disadvantage of 802.11g is
that maximum data throughput is
reduced when 802.11g and 802.11b
equipment shares the same network.
Finally since it uses the same 2.4 GHz
band as 802.11b it faces the same
interference issues.
The following 802.11 extensions
(except .11h and .11j) apply to all
variants of Wi-Fi:
802.11d addresses regulatory consider-
ations in countries that do not yet
have rules in place for the operation
of 802.11 LANs. .11d ensures interop-
erability of WLANs in those
countries.
802.11e defines quality of service
(QoS) levels for applications such as
voice and video. Although the stan-
dard is not yet ratified, this is
expected to happen in third or fourth
quarter of 2003, and 802.11 access
points should be upgradeable via new
firmware in the future.
802.11f is the Inter Access Point
Protocol (IAPP). It improves the han-
dover mechanism in 802.11 between
access points and switched segments
as users roam between them. 802.11f
is not yet ratified (expected late in
third quarter of 2003) but products
implementing IAPP have started to
ship. Before 802.11f is ratified you
should ensure that your access points
are Wi-Fi Certified to achieve interop-
erability.
802.11h adds better control over trans-
mission power and radio channel
selection to 802.11a. This standard is
primarily to address the requirements
of European regulatory bodies.
802.11h is expected to be ratified by
the end of 2003 and will increase the
availability of 802.11a products
within EMEA.
4 DEPLOYING 802.11 WIRELESS LANS
802.11i provides enhanced security. It
includes the use of 802.1X authentica-
tion protocol, an improved key
distribution framework and stronger
encryption via AES (Advanced
Encryption Standard). The 802.11i
standard is due to be ratified by late
2003.
802.11j addresses adding channel 4.9
GHz to 5 GHz for 802.11a in Japan.
Security
There is a widespread perception that
wireless LANs are insecure, but that
concern is resolved if the appropriate
mechanisms are in place. It is true that
due to the nature of RF transmission
and its inherent risks, WLANs require
additional security considerations.
However, your wireless LAN can be
just as secure as the rest of your LAN.
As described in the previous section,
802.11i is an extension to the current
WEP security standard that will bring
greater security to Wi-Fi networks
through improved encryption, key
distribution, authentication, and a
range of other features most appropri-
ate to wireless networks. However,
this will not be ratified until late
2003. In the meantime, there are some
very simple steps that can be taken to
make WLANs more secure.
Turn on WEP
WEP (Wired Equivalent Privacy) is
the standard 802.11b wireless security
protocol. Designed to provide wired-
like protection by encrypting wireless
data as it is transmitted, WEP pro-
vides a baseline level of security that
can be very effective when used in
conjunction with other security
mechanisms. First, WEP should be
enabled, with the WEP key changed
from the default. Ideally, WEP keys
should be generated dynamically
when a user logs on, making access to
wireless data a moving target for
hackers. Session-based and user-based
WEP keys offer the best protection
and add another layer of deterrence.
 Use Secure Authentication (preferably
802.1X-based authentication)
802.1X is the new standard for Layer 2
authentication. It defines a generic
framework for port-based authentica-
tion. Instead of checking a local MAC
list, this feature allows wireless clients
to associate with the wireless access
point and authenticate with a RADIUS
server that has been set up on the
wired network. The IEEE 802.1X stan-
dard is used for the client
authentication communications, and
ensures that only authorized wireless
clients are permitted to access the
wireless LAN. The 802.1X standard is
a framework based on the Extensible
Authentication Protocol (EAP), which
can support multiple implementation
methods, including EAP-MD5, EAP-
TLS (Transport Layer Security), PEAP
(Protected EAP), etc.
Keep an Eye on Emerging Standards
WEP is one security layer of many
and should not be relied on as the sole
security measure. Wi-Fi Protected
Access (WPA) is a subset of the cur-
rent 802.11i draft, taking certain
pieces of the 802.11i draft that are
ready to bring to market today, such
as its implementation of 802.1X and
TKIP. To improve data encryption,
WPA utilizes Temporal Key Integrity
Protocol (TKIP). TKIP enhances WEP
to provide a per-packet re-keying
mechanism, adds a Message Integrity
Check (MIC) field to packet, and uses
802.1X. WEP has almost no user
authentication mechanism. To
strengthen user authentication, WPA
implements 802.1X and EAP. Together,
these implementations provide for
stronger data encryption, key man-
agement and user authentication.
Employ VPNs
A Virtual Private Network (VPN) is a
security enhancement option that pro-
vides an excellent higher layer of
security and an alternative to 802.1X.
In this approach all wireless clients
are treated in the same way as remote
access VPN clients. The VPN provides
a secure, end-to-end tunnel over an
“un-trusted” network—which in this
case is the WLAN and in the case of
remote users is the Internet. Whereas
DEPLOYING 802.11 WIRELESS LANS
WEP and TKIP encrypt frames on the
wireless link (layer 2) only, layer 3
VPNs such as IPSec can be used to
encrypt data end-to-end from the
remote access clients to security gate-
ways at the private network edge.
Minimize RF Leakage
Steps should be taken in the configu-
ration of your WLAN to minimize the
risk of potential eavesdroppers out-
side company buildings from
accessing your WLAN. The simplest
method is to ensure that appropriate
antennas are used and RF signals are
directed at the intended area of cover-
age. Signals should not be boosted
needlessly. Besides the inexpensive
option to scale down the output
power, the additional, and more
expensive, step of shielding external
walls prevents radio traffic leaking
outside the walls of your building,
and again offers an excellent method
of helping secure your network.
Check for Unauthorized Access Points
Many Wi-Fi products are now easy to
install. In an enterprise network, there
is a possibility that rogue access points
may be connected to the network by
well-intentioned users unbeknownst to
the IT organization. However, without
correct configuration or management
these could pose a serious risk to secu-
rity. Regular physical inspections
should be made and, preferably, net-
work management tools should be
used to routinely scan for the presence
of rogue access points.
Management
Effective use of network management
is essential in larger enterprise net-
works but is good practice in
businesses of all sizes. This is especially
true for WLANs, which have the par-
ticular management needs described in
this section. With business drivers set
to fuel tremendous growth in Wi-Fi, it
is important that the right tools and
mechanisms are adopted from the start
to ensure a well-managed approach to
deployment.
5
 Traffic Analysis
Although monitoring and analysis of
network traffic is important in wired
networks, a wireless LAN is a much
more fluid environment. Users are free
to move throughout the network and
capacity demands shift. For example,
there may be company meetings or
training sessions where an exception-
ally high number of users are accessing
the network from a single location.
Monitoring tools can be used to indi-
cate which access points are being
used the most (or least) and highlight
the need for moves or additions.
In the presence of interference, a per-
formance drop may be reported by
users, or indeed observed through
traffic analysis. In these cases, bench-
marking of throughput and the effects
of adjusting optional configuration
settings in MIB (e.g., CTS/RTS
described in the following section)
provides a method of dealing with
such problems.
Discovery and Configuration
For larger wireless networks, adminis-
trators need to have tools that allow
them to discover various wireless
devices within the network segment,
configure parameters, run diagnostics,
monitor performance, view device
properties, and select a device for
individual configuration. It is recom-
mended that you protect each
network infrastructure access point
by setting up a username and pass-
word to control access to the
configuration settings. To ease admin-
istrative burden for larger networks,
capabilities such as “save and load
facility” are useful because they allow
you to configure one device and prop-
agate the same configuration to
similar devices on the network.
Migration to a Centralized Management
Scheme
As the number of wireless users
begins to grow, and Wi-Fi is used for
high-speed and mission-critical appli-
cations, it becomes increasingly
important for management of the
WLAN to be centralized, providing
network administrators the ability to
6 DEPLOYING 802.11 WIRELESS LANS
discover, manage, and upgrade access
points across the network. If they are
not already using another SNMP-
based central management tool,
organizations that require this func-
tionality should look to their WLAN
vendor to provide it. Embedded Web
Server that works with any Web
browser that supports HTML and Java
Script is an added plus for easy con-
figuration and management. Support
for SNMPv3-compliant management is
critical for secure management of
access points.
A centralized approach also allows for
increased levels of functionality and
bandwidth management. IT depart-
ments can organize the WLAN by
domains, granting privileges and access
rights to different user groups as they
see fit. For larger networks, this func-
tion can be automated and centralized
such that when a wireless user is
authenticated via 802.1X and RADIUS,
the enterprise access point automati-
cally assigns the user to the appropriate
VLAN. Security breaches can be auto-
matically detected with access points
flagging security breaches or configu-
ration errors to the management
console. Also, unauthorized access
points can be tracked down and
removed or properly configured.
Eventually, the goal for larger enter-
prises should be to incorporate
management of their wireless LANs
within their overall network manage-
ment system, such as HP OpenView.
Some vendors are already making this
possible. Smaller businesses not want-
ing to employ centralized management
should consider deploying Wi-Fi
equipment web-based management
capabilities. This will give them the
ability to perform upgrades, reconfig-
uration, and simple performance
monitoring over the network via a
standard web browser.
Performance
There are several key reasons why
802.11 technology is now being
embraced by such a wide user base:
 1. Wireless performance has reached
levels similar to wired Ethernet.
2. The silicon technology today allows
to implement more sophisticated
algorithm schemes for equalizers to
be embedded in the wireless chipset.
3. Large production volumes help drive
down the cost of underlying silicon.
However, it is important to consider the
factors affecting performance and how
this can be appropriately handled to
suit your needs.
Choose the Appropriate Wi-Fi Type
The choice of 802.11 variant is a fun-
damental decision. The advantages
and disadvantages of 11b, 11a, and
11g are outlined in the earlier section
“Standards,” but there are some addi-
tional considerations affecting
performance.
As with conventional Ethernet tech-
nologies, quoted “data rates” of 11
Mbps (11b) and 54 Mbps (11a and
11g) are theoretical maximum signal-
ing rates and exclude protocol
overheads. Estimates of realistic maxi-
mum data throughput are:
- 5 Mbps to 6 Mbps for 11b
- 27 Mbps to 30 Mbps for 11a and 11g
It should be noted that this is the total
shared throughput available to a sin-
gle user communicating through a
single access point operating using a
particular frequency channel. This
throughput subsequently decreases as
more users connect to the access
point. Each Wi-Fi variant defines a
multiple number of non-overlapping
radio channels. If there is another
access point within range using a dif-
ferent non-overlapping channel, it
provides additional throughput capac-
ity for these users.
802.11a provides twelve non-overlap-
ping radio channels. However, the
802.11b and 802.11g standards define
three non-overlapping channels. A
good implementation today is to use
802.11a access points in areas occu-
pied by densely packed users such as
“hot desk” areas or meeting rooms
where a higher throughput may be
DEPLOYING 802.11 WIRELESS LANS
needed. 802.11b should then be used
to provide blanket coverage for the
entire facility.
Access points that provide configurable
dual modes (for example, 802.11a and
802.11b) of operation are ultimately the
best solution, because you can mix and
match radio bands to meet different
coverage and bandwidth needs within
the same area. Such configurations are
now readily available.
IP Address Management
To ease integration into the existing
network environment, the access
point may act as a DHCP server to the
clients that are wirelessly associated
with it. Alternatively, the DHCP
server of the access point should have
the ability to defer to any other DHCP
servers that exist on the network, so
that it can only become active if the
access point does not detect another
DHCP server.
Properly Set Channels
You must ensure that the channel
selected is compatible with the chan-
nel ranges supported by the wireless
clients that will be associating with
the access point. To ease administra-
tive burden, look for an access point
that can automatically scan the spec-
trum of all available regulatory
channels, and select the one with least
interference. The best channel avail-
able is the channel where no other
wireless devices are causing interfer-
ence on the radio frequency (RF).
Clever architectures to suit the range
and density requirements can be con-
structed using the non-overlapping
channels of 802.11a and 802.11b. For
instance, “cellular architectures” can
be deployed by mixing the three non-
overlapping channels (channels 1, 6,
and 11) of the 802.11b standard, while
minimizing the risk of inter-access
point interference.
Provide Adequate Coverage
The maximum data rate is only avail-
able within a limited distance from an
access point. Typically this is
100ft/30m for 802.11b and 802.11g
and 30ft/10m for 802.11a. If a client
moves farther away, data speed is
7
 reduced. For example, an 802.11b
client’s performance will diminish
from 5.5 Mbps to 2 Mbps and finally
to 1 Mbps as a user moves away from
an access point. It is therefore impor-
tant that access points are not placed
too far apart.
Attenuation due to obstacles such as
interior walls can reduce coverage, as
well. This is more of a problem for
802.11a, which is inherently less able
to penetrate such obstacles. For larger
sites, or for buildings with solid inte-
rior walls, an RF site survey is a
valuable tool in coverage planning.
Site Survey
This type of tool is invaluable in
deciding the best place to position a
new access point. The tool provides
statistics on the transmission perfor-
mance of the access point in each
proposed location, making it easy to
compare and choose the best location.
Minimize RF Interference Effects
This is another issue that primarily
affects 802.11b and 802.11g. These
standards use the 2.4 GHz band that is
also used by other technologies such as
Bluetooth and cordless phones.
Although Bluetooth and Wi-Fi are
complementary technologies, and they
both operate in the 2.4 GHz band, each
has different technical and usage char-
acteristics. Bluetooth uses a quick
Frequency Hopping (1600 hops per
second) and Spread Spectrum (FHSS)
technology. Most implementations sup-
port a range of up to 10 meters (30 feet)
at a data throughput of 0.721 Mbps.
802.11b is a Direct Sequence Spread
Spectrum (DSSS) technology, and offers
speeds of 1, 2, 5.5, and 11 Mpbs, cov-
ering a range of about 100 meters
indoors. As Wi-Fi and Bluetooth activ-
ity grows in public areas and
enterprises, interference issues may
need to be alleviated. Possible solu-
tions to the problem include separating
the two devices by more than 3.5
meters. Then as Bluetooth units hop
over the full ISM band, they will over-
lap with the 802.11b signal for about
25 percent of the hop frequencies
while the 75 percent that do not over-
lap will not be a problem.
8 DEPLOYING 802.11 WIRELESS LANS
Configure Optional Settings
CTS/RTS is an optional 802.11 protocol
setting that can help improve perfor-
mance in cases when clients are
hidden from each other (e.g., due to
physical obstacles). In these cases,
excessive collisions and re-transmis-
sions can waste bandwidth and
reduce throughput. CTS/RTS resolves
this by introducing a hand-shaking
mechanism between client and access
point. The CTS/RTS uses a threshold
that can be adjusted until throughput
is maximized.
Fragmentation is another optional
802.11 protocol setting that helps
improve performance in cases where
interference is reducing throughput
by causing bit errors and re-transmis-
sions. Frames are broken into smaller
fragments before transmission to
reduce the chances of errors. Again,
this can be implemented within indi-
vidual client devices by adjusting the
threshold to provide the best
throughput.
802.11a Turbo Mode is another feature
of some current products. If both the
access point and client support turbo
mode, which is vendor specific, it
boosts maximum data rate to 108 Mbps.
Quality of Service
QoS is defined as the control of four
network categories: bandwidth,
latency, jitter, and traffic loss.
Bandwidth is defined as the total net-
work capacity. Networks must
provide sufficient bandwidth for each
application’s throughput require-
ments. Latency is the total time it
takes for a frame to travel from a
sender to a receiver. Latency is crucial
for receivers with QoS requirements.
Packets arriving too early require
buffering or worse may be dropped.
Packets arriving too late are not useful
and must be discarded. Jitter is the
variation in the latency among a
group of packets between two nodes.
Jitter requires a receiver to perform
complex buffering operations, so that
packets are presented to higher levels
with a uniform latency. Traffic loss
refers to the packets that never arrive
at the receiver.
 The introduction of wireless channels
to the overall networking fabric intro-
duces variability to these main QoS
performance parameters. In addition,
roaming and other capabilities create
problems that do not exist in wired
networks. Therefore, individual com-
panies and IEEE 802.11 TGe are
striving to endow wireless LANs with
mechanisms for effectively managing
QoS parameters as well as wireless
characteristics.
There are several factors that make
QoS a requirement in 802.11. One is
the wireless transmission of home
entertainment via a Wi-Fi WLAN.
Another is the trend in the corporate
environment to converge voice and
data on a single wired communications
infrastructure. If this were extended to
the WLAN environment, company net-
works could carry wireless voice
communications—creating possibilities
for a range of new applications and
delivering significant cost savings.
As described earlier, a new extension
(802.11e) will define quality of service
(QoS) levels for applications such as
voice and video. However this will
not be ratified until third or fourth
quarter of 2003. Therefore it is essen-
tial that current products from
reputable vendors should be firmware
upgradeable to provide this function-
ality in the future.
While there are some proprietary QoS
schemes on the market today, it is
important to remember that an effec-
tive solution needs end-to-end
implementation. Proprietary chipsets
may not be compatible with main-
stream Wi-Fi products when a
standardized solution is available.
Mobility
Roaming is a critical component of the
mobility equation. Wireless clients
must be able to roam among all access
points within the same subnet on the
user’s LAN segment, as well as across
subnets, without discernable inter-
ruption of data communications and
security controls.
DEPLOYING 802.11 WIRELESS LANS
Location-Dependent Configuration
A mobile employee using their Wi-Fi
enabled laptop will need the capabil-
ity to connect to a number of different
network types and configurations.
Different sites within the company
will usually be consistent, but when
connecting at home or from public
wireless hotspots there could be the
need to reconfigure various client set-
tings. This can be difficult and
inconvenient for users, and as a result
it is worth considering some form of
profile management solution.
Inter-Access Point Roaming
As a user roams within the wireless
LAN there needs to be a system of
seamless movement among access
points. Until recently, this was
achieved by proprietary mechanisms
from particular vendors. However,
industry progress is evident based on
recommended implementation of IEEE
Std.802.11f/D2.2, December 2001
draft on Inter-Access Point Protocol
(IAPP). The goal of IAPP is to facilitate
seamless roaming in between access
points from different vendors as long
as the access points are part of a
Distribution System (DS) implement-
ing IAPP. IAPP handles the
registration of APs within a network
and exchange of information when a
user is roaming among coverage areas
supported by different vendor’s access
points. It will help with fast hand-off
from AP to AP. The 802.11f standard
specifying IAPP is soon to be ratified
and products are now shipping com-
patible with it.
Roaming and Security
If a user is using 802.1X for authenti-
cation and dynamic key management
then IAPP roaming is required in
order for the user to roam from one
AP to the other without the need to
re-authenticate. An alternative for
sites that are not 802.1X enabled is to
maintain a consistent username and
password database locally within each
access point to which a client could
potentially roam. This would enable
the client to roam without having to
re-enter credentials.
9
 Extended Roaming
While Layer 2 roaming refers to the
users’ capability to roam from one AP
to another without crossing router
boundaries (i.e., within the same IP
sub-net), layer 3 roaming refers to the
users’ ability to roam across router
boundaries as they move about the
enterprise campus. One of the imple-
mentations for Layer 3 roaming can be
achieved through the renewal of its
Dynamic Host Configuration Protocol
(DHCP) lease for its IP address. This
can be undertaken either manually or
automatically. A manual DHCP imple-
mentation does require user
intervention, where the users perform
a manual “release/renew” using the
Windows WINIPCFG utility.
For enterprise environments where
native DHCP services are not avail-
able, the embedded DHCP server
within a local host can take the role of
automatically assigning a valid IP
address as the client roams across
router boundaries. In the future, this
implementation would become easier
as IPv6 becomes widely deployed, and
as all devices needed in the implemen-
tation support IPv6.
RF Issues
Before a WLAN is deployed, a wire-
less site survey will show the level of
interference from other 2.4Ghz
devices such as cordless phones and
other WLANs. It will also identify the
required location of each access point
and the antennas necessary to provide
adequate cell coverage and bandwidth
capacity and to avoid co-channel
interference between access points.
For a larger enterprise, a wireless site
survey from a professional wireless
LAN consultant will usually provide
the most satisfactory solution.
However for a smaller company this
may not be necessary, especially when
only one or two access points are
needed. In any case it is helpful to
understand the basic RF (radio fre-
quency) issues when planning a
WLAN deployment.
Antennas
Access points are usually supplied
with omnidirectional dipole antennas.
10
These provide 360 degrees cell cover-
age around the axis of the antenna
and will be suitable for most deploy-
ments. It should be noted that office
spaces contain obstacles to radio
transmissions, in particular metal
objects such as partition frames and
wall studs. These can reflect RF sig-
nals and cause a phenomenon known
as multipath distortion. To help over-
come this, access points that use a
diversity antenna system (two identi-
cal antennas a small distance apart)
should be used wherever possible
since they will provide enhanced cov-
erage to the same geographic area.
There may be instances where the
antenna supplied with the access
point is not suitable. For example the
best position for the antenna might be
on a ceiling or a wall where position-
ing an access point would be difficult.
In these cases an add-on ceiling or
wall-mounted aerial can usually be
used connected to the access point by
an appropriate cable.
Also, there are cases when an omni-
directional antenna might be
inappropriate. Where there are
restrictions in locating access point or
within an awkwardly shaped office
space it might unnecessarily radiate
signals outside exterior walls present-
ing a possible security risk. Also in
802.11b and .11g networks, a too-
wide coverage might interfere with
adjacent cells on the same channel. In
these cases a “sector-panel” (or
“patch”) aerial can be used to direc-
tionally focus cell coverage. These
antennas are usually housed in flat
boxes and mounted flush onto walls.
They will produce hemispherical cov-
erage, spreading away from the mount
point at a width of between 30 and
180 degrees (depending on the partic-
ular antenna).
Antennas do not boost signal power
but concentrate the power in a certain
direction, which gives more focused
coverage pattern by trading-off the
width (or angle) of the cell. A yagi
antenna provides a more directional
beam for long corridors and tunnels,
and a parabolic aerial can be used for
DEPLOYING 802.11 WIRELESS LANS
 long-distance, highly directional con-
nections between buildings.
Building-to-Building Bridges
A building-to-building bridge can be
used to link buildings with 802.11b.
Such bridges will usually require an
aerial placed outdoors on an external
wall or roof. The choice of aerial
depends upon the nature of the con-
nections required. For example, a
campus requiring wireless connection
between several buildings in close
proximity may use an omnidirectional
or sector-panel antenna; but a longer
point-to-point connection between
two buildings may need a more direc-
tional yagi or parabolic antenna.
In order to avoid signal degradation
over long distance wireless links,
there should be an obstacle-free zone
wider than the point-to-point line of
sight. The Fresnel (pronounced “fre-
nel”) zone is an elliptical area
immediately surrounding the visual
path into which the RF signal will
spread. The Fresnel zone can be calcu-
lated from the length of the signal
path and the frequency of the signal,
and it must be taken into account
when designing a wireless link.
Country-specific regulations will also
restrict the length and type of build-
ing-to-building links, so they should
be consulted before designing wire-
less inter-building links.
Coverage Planning
An essential goal in WLAN deploy-
ment is to ensure all areas are
adequately covered. The coverage of
each wireless cell depends on the
location of the access point and the
antenna used. Office spaces often have
internal walls and obstacles and are
rarely circular. A careful plan is neces-
sary to maximize coverage and
performance with the fewest possible
access points and least susceptibility
to co-channel interference.
Due to variability in the composition
and thickness of building materials the
only guaranteed way of determining
the cell coverage area of an access point
is by on-site measurement. However,
DEPLOYING 802.11 WIRELESS LANS
there are some general guidelines that
will help with planning:
1. In an open plan office such as those
with cubicles, there should be little
attenuation of the radio signal. An
802.11b or 802.11g access point
with an omnidirectional antenna
will provide a cell with radius of
around 328ft/100m (100ft/30m of
this at maximum data rate). An
802.11a access point will cover an
area with an approximate radius of
164ft/50m (30ft/10m at the maxi-
mum data rate).
2. 2.4 GHz (802.11b and 11g) WLAN
signals will generally penetrate
internal walls although there may
be some signal attenuation, espe-
cially if the walls are made from
cinderblock. It is worth noting that
internal walls often have part-metal
construction and this can increase
signal attenuation, too.
3. 5 GHz (802.11a) signals do not pen-
etrate interior walls well and this
should be taken into account when
planning.
4. In a multi-floor building, there may
be some signal leakage between
floors. For example, an access point
mounted midway between the floor
and ceiling on the second floor may
radiate signals through to adjacent
floors depending on the gain and
coverage of the antenna. This can
be especially relevant for the floor
above a ceiling-mounted antenna.
5. Penetration through brick or stone
walls by Wi-Fi of either band is
possible but unreliable. So any plan
should not be based on the assump-
tion of signals penetrating walls.
6. Metal walls or floors will not be pen-
etrated by Wi-Fi signals and need to
be planned around. This also applies
to elevator shafts that will present an
obstacle to WLAN signals.
11
 Why 3Com?
So far this paper has outlined the
business benefits driving the need for
wireless networking, and has exam-
ined the issues you will need to
consider during deployment. This sec-
tion highlights just some of 3Com’s
wireless solution features that will
help successfully address these issues.
Security
As described earlier, the key to effec-
tive WLAN security is to utilize a
combination of appropriate security
mechanisms. 3Com today delivers
industry-leading wired and wireless
security options, so that you can
deploy the solution most appropriate
to the level of security required for
your network.
Standards-based Encryption
3Com products support 40-bit (some-
times called 64-bit) and 128-bit WEP.
By turning on WEP and managing
keys effectively, a base line level of
security can be achieved that discour-
ages casual wireless eavesdroppers.
Dynamic Security Link
3Com provides an enhanced method
of encryption and key management
that addresses the main weakness
within WEP, namely a manual static
key. Instead a unique 128-bit key is
dynamically assigned to each user,
and this is changed for every new ses-
sion. Additionally, a local username
and password database maintained
inside of each access point enables a
more secure user-based authentication
mechanism.
Secure Authentication Options
802.1X port-based authentication is
supported for different EAP types,
including EAP-MD5, EAP-TLS, EAP-
TTLS, and PEAP. 3Com supports
802.1X for non-XP clients including
Windows NT and Windows2000 sys-
tems.
MAC address authentication is also
supported, either locally within the
access point or via a RADIUS authen-
tication server.
12
XJACK® connector
The XJACK connector on 3Com client
devices provides a simple but highly
effective method of securing data on
laptops by turning off the radio when
it is not required
Management
3Com offers a number of different
options to manage WLAN devices.
SNMP Support
WLAN products can be integrated
into an enterprise-class network man-
agement system such as HP Openview.
3Com Network Supervisor
This is a powerful yet easy-to-use PC-
based management tool that offers
many of the benefits of centralized
management identified in an earlier
section. It is included in the price of
the product.
Web-based Management
Individual devices can be securely
monitored, configured and upgraded
using a standard web-browser.
Save and Load Cloning
3Com access points can be added to an
existing network with maximum ease
by cloning configuration settings
from another access point.
Performance
Autonomous Load Balancing
This feature is unique to 3Com’s client
devices and helps maximize traffic
capacity of the wireless network with-
out user intervention. 3Com’s WLAN
clients are smart enough to automati-
cally associate with the access point
providing the highest available
throughput, not just the closest one.
This is especially effective at improv-
ing performance for high-bandwidth
users located in more densely packed
areas of the network served by multi-
ple access points.
Clear Channel Select
3Com’s access points can be set to scan
the available radio channels and auto-
matically use the least loaded one.
Performance-reducing co-channel
interference is minimized. This simpli-
DEPLOYING 802.11 WIRELESS LANS
 fies placement planning and channel
selection of access points, especially
for 802.11b technology which inher-
ently only has three non-overlapping
channels.
Dual-band Radio Products
The ideal solution of maximum geo-
graphical coverage with highest
performance at minimum cost could be
achieved through blanket deployment
of 802.11b with pockets of 802.11a or
802.11g. Even if the higher perfor-
mance is not needed today, it should be
the network-planner’s goal to allow for
smooth future migration. 3Com’s access
points now ship with dual-slot modular
802.11a/ 802.11b support (802.11g
available from June 2003).
Inter-Access Point Protocol (IAPP)
802.11f describes the handover
process for mobile users using IAPP
that allows them to roam between dif-
ferent vendors’ access points.
Although this standard will not be
ratified until later in 2003, 3Com’s
new access points have begun to ship
supporting IAPP. On earlier models,
the Auto Network Connect function
allowed users to roam between 3Com
access points; future firmware
upgrades will allow IAPP support on
these products.

802.11a Turbo Mode

For maximum throughput, 3Com’s
802.11a access points and client
devices support “turbo mode,” which
boosts performance from 54 Mbps to
108 Mbps.

Mobility
Client Profile Management
3Com’s client devices can be config-
ured with profiles specifying
appropriate configuration settings for
multiple locations. As the user moves
between head office, branch office,
home or public hotspots, the client
device will automatically detect the
location and activate the correct pro-
file. The device will also launch a
VPN session if determined by the par-
ticular profile.

DEPLOYING 802.11 WIRELESS LANS 13

 Deployment Examples provide 802.11b connectivity giving
all employees access to the Internet
This section shows two scenarios of and the corporate network and e-mail
how WLANs have been effectively system. An 802.11a module was
deployed. added to the Access Point 8200 to
serve the hot desk area with higher
Figure 1 shows a WLAN deployment
throughput for downloading of large
in a large multi-sited company manu-
presentations, product details, and e-
facturing volume IT products.
mails from the corporate network.
One of the regional sales offices is a
At the head office campus, some
newly acquired site and has 10 office-
legacy 1 Mbps 802.11 had been used
based staff and a “hot desk” area for
in the distribution warehouse to help
regional sales executives normally on
with basic stock control. This was
the road. A WLAN was newly
upgraded to 802.11b using the 3Com
installed from scratch to serve all
Access Point 8200 providing higher
client devices including desktops. It
bandwidth and greater coverage. This
was the ideal place to begin the corpo-
has facilitated the use of an up-to-date
rate 802.11 rollout. One 3Com Access
inventory management system with
Point 8200 was installed to initially

FIGURE 1. WLAN Deployment in a Large Multi-sited Company

00
AP82
Head Office Campus 00
3Com .11b card
8 02
AP82 1 x
3Com .11b card
02
1x8 elds
and-h
TM

less h
Wire s
d la ptop
ters N an
quar irele
ss LA
Head
ge
bps W ing Brid
e 11M
Offic C o m -B u ild
3 g- to
BX rver Buil d in 00
3Com tack 3 N IUS se AP82
ss Supe
rS /RAD 3Com .11b card
Wire
le LAN 02
® 11 a
/b/g 00 1x8
3Com PC Card
s AP82 se
3Com .11b card
ss LA
N ehou
War
K
XJAC 1x8
02 irele ge
bps W ing Brid tion
11M
tribu
TM

ild
3Com g- to-Bu Dis
u il d in
k 3
® B
rStac
Supe
3Com 4400
it c h
Sw nter
TM

3
SuperStack
3C17203

r pri
)
gacy w) Lase
d (le e
Wire less (n
wire ents bps e
and c li 11 M Phon
top 3Com ss LAN NBX
3

3Com
SuperStack

desk
3C17203

le
Wire roup
3Com tack 3 Work
g
rS
Supe ll Bridg
e
a
Firew
TM

00
AP85
3Com .11a card
00 02 Room
AP85 1x8 ence
3Com .11a card
02 Co nfer
1 x 8 .11b card
1x8
02 Main
1
T1/E
Link
om
in g Ro
Train
fing/
r Brie s)
ome ll
Cust lded wa AP82
00
(shie 3Com .11a card
02
802.11b coverage 1 x 8 .11b card
02
1x8
802.11b & 802.11a coverage with s
tops rd
Desk CI ca
less P
wire with s
tops rd
Desk CI ca
less P
wire
Volume IT product manufacturer
Head Office Campus and New Regional area
desk
Sales Office Hot

3
SuperStack
3C17203

ice
s Off
na l Sale
) Regio
(New

14 DEPLOYING 802.11 WIRELESS LANS

 connectivity for warehouse personnel
using hand-held devices, and senior
managers using laptops. A 3Com 11
Mbps Building-to-Building Bridge
provides the warehouse with a high-
speed connection into the corporate
network. A smooth future transition
to 802.11a or 802.11g in the ware-
house is made possible by the Access
Point 8200’s modular capability.
The main office headquarters already
had an established wired network.
However, the use of the 3Com
Wireless LAN Access Point 8200, that
can be upgraded to dual-mode with
11a/11b/11g radios, throughout the
campus provides benefits of increased
productivity and greater flexibility
described earlier in this white paper,
especially for the high proportion of
mobile employees. The 3Com 11a/b/g
wireless LAN PC Cards with XJACK
antennae provide maximum flexibility
with support for all three IEEE 802.11
standards – 11a, 11b and 11g – and
enhanced security including 128-bit
AES and WEP encryption and WPA
support to help keep data private.
This card helps provide a complete
enterprise wireless offering when
combined with the 8200, 8500, or
8700 access points. In the main con-
ference room, a 3Com Wireless LAN
Access Point 8500 provides localized
802.11a connectivity. Fast access to
up-to-date sales information, reports
and inventory information means
senior management meetings are more
informed and decision-making is more
collaborative. A new training room for
sales executives served by high-band-
width 802.11a means sessions can be
more interactive and new information
such as product specifications and
sales presentations can be delivered to
them on the spot. This room also
serves as a new customer briefing cen-
ter. It has screened walls and is
connected to the rest of the network
via 3Com SuperStack® 3 Firewall. The
3Com Wireless LAN Access Point
8500 provides dual band Wi-Fi cover-
age for maximum compatibility with
customers’ laptops.
DEPLOYING 802.11 WIRELESS LANS
3Com Wireless LAN Workgroup Bridge
wirelessly links to the office headquar-
ters’ 3Com Access Point 8200 and
provides additional wireless connectiv-
ity for up to four Ethernet enabled
devices including an NBX phone, desk-
top PC and laptop without an available
PCI or PC card slot, and network
printer. There are plans for deployment
of several new network services. For
example wireless instant messaging will
bring real-time sharing of information
communication and decision-making
across all company sites.
Figure 2 shows a WLAN deployment in
a small private finance company. There
are thirty employees at a single loca-
tion, with several remote employees
telecommuting from home offices most
of the time. The WLAN was a new net-
work installation, and it was more
economical to provide connectivity to
office desktop PCs and laptops using a
wireless connection. A single 3Com
OfficeConnect® 11g Wireless Access
Point provides up to 100 meters (328
feet) of coverage for up to 128 users, at
the maximum data rate of 54 Mbps.
Among the first products in the indus-
try to ship fully compliant with the
newly ratified IEEE 802.11g standard,
the 3Com solution offers reliable wire-
less networking at speeds up to 54
Mbps. The 3Com OfficeConnect
Wireless 11g Access Point supports
802.11b as well as 802.11g notebooks,
PCs, and other wireless client devices.
Advanced 256-bit WPA (Wi-Fi
Protected Access) encryption provides
maximum security to the wireless LAN,
while 40/64- and 128-bit WEP
(Wireless Encryption Protocol) shared-
key encryption helps protect data, and
retains privacy of wireless transmis-
sions with legacy wireless clients that
do not support WPA. The ability to
deliver support for VPN tunnel initia-
tion and termination,
industry-standard Stateful Packet
Inspection (SPI) firewall, NAT protec-
tion, built-in LAN ports, and
broadband access is delivered through
the OfficeConnect Cable/DSL Secure
Gateway, located at the small-office net-
work perimeter.
15
 FIGURE 2. WLAN Deployment in a Small Private Finance Company

Main Office
TM

TM

1Mbps
om 1
h 3C
C wit pter
top P a
Desk ss PCI Ad
TM

®
le nect nnect
Wire eCon int iceCo
m
® Offic
c c e ss Po h Off rds
3Co less A p s wit C a
Wire Lap to 1g P
C
11g less 1
Wire

nect
eCon Gateway
Offic re
3Com SL Secu
le/D
h Cab
C wit bps
top P ect 11 M pter
Desk n da
ff ic eCon N USB A
O A
less L
Wire rovid
ed
dem
ISP p and mo
db
broa

net
Inter
802.11b/g coverage

VPN Tunnel
nect ay
atew
eCon / DSL G
ed Offic ble
rovid dem 3Com ss 11g Ca
ISP p and mo le
db Wire
Private Finance Company broa

Single Site Office with

telecommuter access TM

nect
eCon
Offic
to p with C Card
Lap 1g P
less 1
Wire
ily’s
Fam PC
e
Hom
r
mute
com
Tele

For telecommuters, mixed wired and 802.11g-equipped PCs and laptops,

wireless environments, and simultane- combined with an integrated 10/100
ous users on a single cable or DSL four-port switch and backward com-
Internet connection, a small office and patible with 802.11b wireless LAN
home office wireless LAN provided by equipment make it an ideal solution for
the 3Com OfficeConnect Wireless 11g telecommuter wireless broadband
Cable/DSL Gateway provides a broad- Internet sharing. VPN pass-through
band connection (via the ISP supplied permits secure connections to remote
modem) to the main office from a lap- offices, including Stateful Packet
top or a desktop PC anywhere in the Inspection firewall, hacker pattern
small office and home office. A high- detection, and URL filtering.
speed routing engine, 54 Mbps
wireless connection for users with

For more information about

wireless technologies and
3Com wireless solutions, visit
www.3Com.com/wireless

16 DEPLOYING 802.11 WIRELESS LANS

3Com Corporation, Corporate Headquarters, 5500 Great America Parkway, P.O. Box 58145, Santa Clara, CA 95052-8145
To learn more about 3Com solutions, visit www.3com.com. 3Com Corporation is publicly traded on Nasdaq under the
symbol COMS.
The information contained in this document represents the current view of 3Com Corporation on the issues discussed as
of the date of publication. Because 3Com must respond to changing market conditions, this paper should not be interpret-
ed to be a commitment on the part of 3Com, and 3Com cannot guarantee the accuracy of any information presented after
the date of publication. This document is for informational purposes only; 3Com makes no warranties, express or implied,
in this document.
Copyright © 2003 3Com Corporation. All rights reserved. 3Com, the 3Com logo, OfficeConnect, SuperStack, and XJACK
are registered trademarks of 3Com Corporation. Possible made practical is a trademark of 3Com Corporation. All other
company and product names may be trademarks of their respective companies. While every effort is made to ensure the
information given is accurate, 3Com does not accept liability for any errors or mistakes which may arise. Specifications
and other information in this document may be subject to change without notice.
503126-001 07/03