3

A few weeks ago my school district closed their public wifi doors and now just have their secure wifi for teachers and administrations only. The reason was that the access points could not handle all the users and their traffic. When they did this the speed on their secure wifi has greatly increased... substantially. Since then, the secure wifi key spread like wildfire throughout the student body. Now what they had before has happened again, just under one ssid instead of two.

Me (a student(also a network technician)) and the Technology Specialist at my school propose the idea of putting in double the access points that runs parallel and is separate from the secure. The secure network would sit on one network of access points and the public would sit on the other network of access points. We think this is a good economical way to go about the problem.

What do you think? What other ways could we go about this?

tl;dr What are economical ways to combat high amounts of users on access points that cannot handle it? (Upgrading current equipment is unlikely to happen because of price)

Keyword to keep in mind: Low-cost, otherwise this wont work.

3 Answers3

4

Okay, you're using a shared key. That's your first mistake. You need to implement something like 802.1x (users authenticate to the wireless with their own credentials) or alternatively, machine certificate authentication (this can be pretty easy to do if you're running AD and have wireless gear that can handle it).

If you can't do the above, your only solution is to add more access points. Do you have a centralized wireless controller that manages things? As the number of access points increases, the need for a wireless controller goes up pretty quickly, so keep that in mind. It's not always effective to just add access points willy nilly.

EEAA
  • 110,608
2

Here's a tough truth; wifi is harder than people think. Especially if you're jamming 20 or 30 systems transferring a lot of data at once. And throwing more access points at the problem won't necessarily fix it.

We've been struggling with trying to get small mobile labs to work over wireless using Cisco managed AP units; these aren't cheap units, but if you start shoving profiles or home directory data over the wireless, it crawls and causes timeouts.

In short, the only "economical" way to fix it is to get AP's that can throttle client bandwidth and isolate as much as possible what data is spreading over the AP's. Managed APs can help, but if you get too many in one space, you get diminishing returns due to interference.

In other words, you need managed (not cheap) AP's, isolate data being shoved over the network, throttle the clients and use QoS limitations, and limit the number of people hopping on the network and block out services that are saturating your bandwidth (any sharing protocols and usually other services that students feel entitled to use over "free" networks, along with monitoring for potential exploits running on the machines from malware. You're filtering web traffic and requiring anti-malware, right?)

I'm afraid there is no way to do this all on the cheap. Scaling wireless doesn't work like home wireless access, and too many people seem to think that it's a simple matter of throwing SOHO routers with AP's on the network. Afraid it's not. :-/

Bart Silverstrim
  • 31,296
1

the basics of the solution are :just the non-overlapping channels, and spread the APs out. For 802.11b/g, run the radios at the lowest power settings. For 802.11a run it at the higest power setting because we have so many channels. try to keep the APs fairly low, so the bodies can help reduce interference between APs on the same channel.

Add more APs (cheap ones) Getting people off the 802.11b frequencies is good as well.

But these are all mentioned in the question this is a duplicate of.

Jim B
  • 24,276