Three Pillars to Achieve (Wireless) Network Success

All networks work great, until people start using them. It’s especially true for wireless networks where known and unknown variables — configuration, placement, and usage — affect how well people can communicate, and ultimately, how well virtual meetings can function. It’s difficult enough to conduct effective meetings when Wi-Fi works well, and nearly impossible when it doesn’t. This article reviews the best practices to help get the most out of your networks.

IT admins know “the look” when they’re called into a meeting where connectivity has been spotty. People often don’t judge tech teams based upon what goes right: only when they encounter problems. Being proactive and ensuring that the stage is set for a robust network goes a long way to avoiding those awkward encounters and establishing confidence in you and your team.

Three Areas of Focus to Ensure Network Success:

• Device management and troubleshooting
• Video conference optimization
• Access control and segmentation

These activities are not mutually exclusive and the best performing networks are well-managed ones. The following presents the fundamentals of how to quickly achieve success on each of these pillars.

Basic Device Management

There are several different deployment models for enterprise Wi-Fi networks: 

• Consumer-grade routers
• A wireless LAN controller (WLC) with access points; and more recently, 
• Cloud-based controllerless solutions 

These systems may be managed in-house or by your communication service provider (CSP) and can vary in coverage from small offices to entire corporate campuses. It’s important to note that while these systems may be configured perfectly, they can still experience problems. So using the correct equipment and settings is your starting point. 

For an example, let’s assume that you’re using a consumer-grade router within a small office space. These are good enough for many small businesses and CSPs have vastly improved their offerings, so long as you’ve traded up your equipment (you’re paying for it anyway). Unfortunately, self-managed routers aren’t “set it and forget it”: they always require active maintenance. 

These are the basic settings to be aware of:

• Install or enable automatic firmware updates.
• Disable ICMP, WPS, and UPnP for better security.
• Use WPA 2 or above, or WPA 2 Enterprise with certificates.
• Enable any built-in firewall (if available).
• Consider a Wi-Fi 6 product if you’re in a congested area where there’s likely to be many devices on the same frequencies. Wi-Fi 6 also better supports Internet of Things (IoT) devices and penetrates solid objects better than prior wireless protocols. Some CSPs recently upgraded their equipment to this standard, so it’s a free upgrade if you “rent” their routers.
• Use routers with “mesh” capabilities to extend your network more efficiently than previous “extenders” implementations that innately downgraded performance. Mesh configurations aren’t always the fastest, but they’re easy to configure.
• Have enough of an internet pipeline to handle your traffic.

More advanced systems will utilize a WLC to centrally manage many access points through a single egress/ingress. This makes it possible for users to roam around a corporate campus and (theoretically) not lose their connectivity through strategic placement of APs and directional antennas (where necessary). WLCs also support external authentication, which is discussed in more detail below. 

Controllerless solutions are similar but require less IT overhead to install. They will designate an AP to be the “master” and “member” APs will be managed through it over a web interface. The settings are also similar except controllerless solutions may have the capacity to “self-heal” when problems arise and sniff out sources of interference and bandwidth hogs.

Okay, But I’m Still Having Trouble

Wi-Fi networks aren’t infallible and are only as good as the hardwired infrastructure that they’re built upon. Some of the common problems relate to: 

• Network quality
• The connection between your facility and the CSP
• How well some network sensitive apps function over Wi-Fi
• User behavior. 

Some of the causes/solutions are obvious, but others are only clear to IT administrators who have extensive experience troubleshooting networks as they evolve or grow over time. In my previous organization, a small to medium-sized enterprise (SME), we experienced all sorts of network issues. In general, these issues are universal no matter the size of the business and could be unrelated to the Wi-Fi network. 

Here are some example scenarios:

• Some network cabling was installed over lighting ballasts in the ceiling, which caused interference. Electric cables can also have the same effect.
  • Tip: Only use experienced network installers.
• One switch had what we referred to as the “anaconda in the closet” below it: several hundred feet of network cabling coiled together. Signals were already degraded by the time they reached any other device in that area of the network. Conventional troubleshooting left us spinning our wheels, because nothing helped.
• People who weren’t very good at terminating cables made their own patch cables in-house to save a tiny sum of money. As my father said, “that’s a penny wise and a pound foolish.”
  • Tip: Use commercial-grade cables — it’s worth paying a bit more for assurance.
• There was poor placement of APs that weren’t based upon a wireless site survey to optimize Wi-Fi coverage. Buildings sometimes have obstacles that can degrade signal quality.
• Overall, it was a bad network architecture with a poor quality core switch that wasn’t up to task.
• An employee installed a rogue router that was unmanaged.
  • Tip: Don’t ever allow this.

Other issues were less obvious and took some more sleuthing to uncover. For instance, our firewall was a bottleneck, because it had a limitation on how quickly it could process SSL traffic. I’ve also encountered sites where the connection between the building and roadside was degraded. Upgrading to an expensive high bandwidth subscription isn’t going to resolve these types of issues. Even the best designed network won’t function well with bad infrastructure.

There was still more work to be done even after the network itself was deemed “solid.” As mentioned above, some applications are more network sensitive than others, and users can gobble up valuable bandwidth. There’s still more diligence required to ensure a positive experience for your users and to secure access to your organization’s assets.

Optimizing Your Configuration for Meetings and Security

A firewall can be your best friend by simply prioritizing certain types of traffic or apps (such as your web conferencing apps) and blocking others. Quality of Service (QoS) settings are recommended by service providers. You only need a basic understanding of firewalls to accomplish this. Apps, such as torrent clients, can consume vast amounts of bandwidth and some firewalls specify which apps to block and even throttle traffic to video/entertainment web properties. Some higher-end consumer-grade routers also have QoS settings that you can deploy.

However, that’s not the end of it. The IT team before me would rotate passwords to discourage bandwidth hogs, but people are people and soon everyone knew the newest password. To solve this, one option is to use a WLC or controllerless device to “whitelist” IPs by MAC address. This is a time-consuming process (a new phone means a revised “rule”) that’s not entirely secure. A RADIUS server combined with IPSEC and network segmentation (VLANs) are the best and most scalable approaches to conserve bandwidth for what matters most. These typically require additional server infrastructure and advanced firewall settings, but it’s possible to deploy these capabilities with less time, expense, and effort by using JumpCloud.

Also note that some applications that use VoIP will drop calls or experience degraded service when you roam around a facility on Wi-Fi. It’s never completely seamless. Meetings are best conducted in a designated space that also have LAN jacks available as a backup solution.

RADIUS Secures Access to Wi-Fi

These steps may appear far afield from your video conferencing needs, but even the most ideal implementation of the settings above won’t prevent rogue user/device behavior. Rogue behavior can easily inundate networks during peak hours, leaving IT admins scratching their heads when managers are screaming, “the Wi-Fi still doesn’t work!”. Getting it right from the onset preempts support tickets, but only if you have the appropriate resources.

JumpCloud’s RADIUS service uses a combination of certificates and directory user management to ensure that only authorized users get access to your network. This article outlines how that can be accomplished. This is important for reasons more than just bandwidth: it keeps unauthorized users (and devices such as the rogue router that my employee brought from home) out of your systems and makes on/offboarding easier. 

We also strongly recommend using a designated “guest” network for visitors. Many routers include this feature without requiring additional services. It also separates business traffic from nonessential, or potentially harmful, traffic. VLANs are an additional step to cordon off sensitive information from the remainder of your network traffic.

VLANs Are Virtualized, Independent Networks

Your infrastructure may permit you to set up VLANs using a firewall: it’s your preference and your budget. However, not every SME can afford high-end network devices. That’s where JumpCloud comes in by providing Wi-Fi VLAN Assignment. VLANs place users into network segments that best meet their roles and needs, and can be used to separate expensive equipment and IT systems from other users. This is a significant security consideration, because not every resource should be accessed by everyone. It also helps to reserve bandwidth for applications that need it most. You can also ensure that only compliant devices can access your network through policies.

Try JumpCloud

It’s expensive to install many of these solutions on premises. Fortunately, cost is no longer a barrier to adopting excellent network management and avoiding those awkward encounters when meetings go sideways due to poor Wi-Fi performance. JumpCloud delivers advanced network security and management capabilities through its cloud directory platform. Start a free 30 Day Trial today.