Manualshelf

User's Manual

ManualsBrandsAerohive Networks ManualsElectronics802.11 a/b/g/n access point
11121314151617181920
Table Of Contents
Deployment Guide 17
PLANNING
The quality and performance of a Wi-Fi network is a function of the signal-to-noise ratio. To avoid noise issues,
check the area for common noise generators such as industrial microwave ovens, wireless video cameras,
cordless phones and headsets, and Bluetooth devices. Such devices especially cause interference in the 2.4 GHz
spectrum.
Plan appropriately for high ceilings. With an omnidirectional antenna, the downward coverage is not great. In
normal office space, the ceilings rarely exceed 15 feet, so this issue does not come up very often. In
environments such as warehouses, where ceilings can be up to 50 feet high, ceiling-mounted access points are
not optimal. It is best to deploy them on non-metallic walls about 10 feet to 15 feet above the floor. If this is
not feasible, using patch antennas can help direct the RF energy downward.
In high-density or high-capacity environments, placing access points on exterior walls allows for a greater
number of cells inside the building and more capacity. In other deployments, it is recommended that the outer
access points be no farther than 30 feet from the exterior walls to ensure coverage.
Preparing the Wired Network for Wireless
One of the advantages of moving to an Aerohive WLAN is that you do not have to make changes to the underlying
network, such as putting controllers into wiring closets. This can save you considerable time and effort during
installation. However, some network changes might make sense for some deployments. For example, you might
want to add additional VLANs or security settings. This section covers a few of the more common considerations
that IT departments are handling.
802.1Q VLANs
HiveAPs can segment users into VLANs if an administrator wants. This decision can be made by a returned
RADIUS attribute or it can be configured as part of a user profile or SSID. Enterprises often set up separate
VLANs for wireless and guest access, so that this traffic is segmented from the rest of the network; however, it
is possible to set up any number of other VLANs for further segmentation. (For an example, see "Example 9:
Creating WLAN Policies" on page 126.)
•Firewalls
Depending on the environment, enterprises might use firewalls to segment wired and wireless data. This can be
implemented as a discrete firewall enforcing traffic between VLANs or between ports, or you might use the
stateful firewall that is integrated in HiveOS (the HiveAP operating system).
RADIUS Authentication
If RADIUS authentication is required, then a RADIUS server must be in place and be able to support the
necessary protocols for wireless—often called 802.1X EAP types: PEAP, EAP-TLS, EAP-TTLS, WEP 8021.x (dynamic
WEP), LEAP, EAP-FAST, and captive web portal authentication using CHAP.
DNS and DHCP Configuration
If you use the Aerohive HiveManager (see the section on "Operational Considerations" on page 18), it is possible
to install HiveAPs without any extra configuration and they will be able to contact HiveManager for
management. If the HiveAPs are linked to a different subnet than the one to which HiveManager is connected,
then you can set either a DHCP option or DNS entry to give the location of HiveManager (see "How HiveAPs
Connect to HiveManager" on page 95).