www.industry-asia-pacific.com
29
'24
Written on Modified on
Antaira News
ENSURING WIRELESS CONNECTIVITY: IEEE 802.11 ROAMING, DROP, AND RECONNECT STRATEGIES
In today’s fast-paced interconnected industrial world, the demand for high efficiency and uninterrupted wireless communication has grown exponentially in recent years.
The advisements in the IEEE 802.11 wireless LAN technology have led to organizations becoming more dependent on wireless communications for daily activity that were once only available through wired LAN networking. Besides efficiency and dependability, next generation wireless networks boast high-speed bandwidth driving state-of-the-art technology such as autonomous rovers, robotic centuries, and with backward compatibility, still supporting legacy handheld devices that are frequently used by employees on the go.
Whether in crowded processing plants, sprawling warehouses, or bustling manufacturing facilities, industrial industries are increasingly reliant on IEEE 802.11 networking for their wireless local area networks communication needs.
Understanding three basic concepts of wireless connectivity can be instrumental in helping you troubleshoot Wi-Fi communication problems within your facility - roaming, dropping, and reconnecting.
ROAMING, DROPPING AND RECONNECTING
We will start with a few definitions.
Roaming occurs when a wireless client automatically transitions from one Access Point (AP) with a weak signal to another AP with a stronger signal, ideally resulting in uninterrupted, seamless service within the same wireless LAN. For instance, when an employee using a wireless barcode scanner in a warehouse moves between several APs without experiencing service interruptions, that is an example of roaming in action. Roaming is required in mobile environments, but it is also beneficial in static environments wherever there is a chance of interference, blocking of the signal, or AP failure.
Dropping happens when a wireless client is outside the coverage range of its associated AP. The further away a client moves, the weaker the AP’s radio signal becomes until it finally disconnects or “drops” the device. Once dropped, the client is no longer able to connect to the wireless LAN or make use of its services.
Wireless access points have limited ranges. In general, an access point has about 300 feet of omnidirectional coverage or approximately 1000 square feet, with variation based on the environment and interference. AP wireless signal strength is measured in decibel-milliwatts or dBm on a scale of -30 to -90.
-30 dBm (maximum signal strength),
-50 dBm (excellent signal strength),
-60 dBm (good signal strength),
-70 dBm to 80 dBm (unreliable signal strength)
-90 dBm (unlikely to connect)
To ensure very high throughput and smooth drops or “handoffs” of high data rates for a client roaming between access points, a signal boundary of -67 dBm is recommended with 15-20% coverage overlap. A signal strength of -67 dBm is considered the minimum value for all services that require high throughput and smooth and reliable data rates of traffic.
We should note that the transmit power from the router or access point is not the same as the Received Signal Strength Indicator (RSSI) which is pulled from the connected client device. Think of RSSI as a measurement of how well a device can “hear” a radio signal from an AP. Each AP will have a minimum RSSI value set that indicates the minimum signal level required for a client to remain connected. If it is turned up too high, the AP can become “sticky” where the client will skip other APs in the building before a handoff.
Commercially available Wi-Fi heatmap software will measure signal strength, as well as Signal-to-Noise Ratio, and interference in different areas. In a color-coded graphical representation, stronger areas are shown in warmer colors like orange and yellow, while weaker areas are represented by cooler colors like blue and green.
Reconnecting is also known as re-associating. After joining a particular Wi-Fi network as designated by its Service Set Identifier (SSID), clients are constantly scanning in the background for other access points with the same SSID. If it finds one with a better signal, the device should seamlessly connect (associate) to it and drop the previous connection, and it should do so at a point that doesn’t result in a poor experience for the end-user. The entire process occurs in the background.
Since authentication is required to associate with the next AP, roaming handover time will be impacted by the authentication method, for instance, 802.11r (fast roaming) provides a faster handover than conventional authentication, as we explain in the next section.
WPA2 ENTERPRISE SECURITY ROAMING: STEP-BY-STEP
Wi-Fi networks typically use 802.1x RADIUS authentication to guarantee the privacy of wireless networks as well as enterprise security.
In this first example we show a Wi-Fi network using WPA2 Enterprise security wireless networking standard. Unless optimized, this configuration requires an 802.1X/EAP exchange which can easily take several hundred milliseconds (ms) even with a wireless local area network RADIUS server. This is considerably longer than the typical target roam time for a client of 50ms. If the RADIUS server is not on the local area network and needs to be accessed over the Internet, authentication could take a minute or more. Here is the non-optimized process:
1. The client determines the downlink RSSI is below its programmable threshold, at which point a scan process is triggered to look for a AP with a stronger wireless signal.
2. The client device discovers an available AP. The targeted AP and the client device exchange information through multiple channels. First, 802.11 re-authorization messages are sent, and then 802.11 re-association messages.
3. Next, the WPA2 Enterprise 802.1X/EAP (client, AP, Authentication server) begins to take data frames and derive an encryption key.
4. The four-way handshake process exchanges four messages between the AP and the client device to generate encryption keys which can be used over the air techniques to encrypt actual data.
5. If successful, the client and AP can communicate.
IEEE 802.11R FAST ROAMING
To address the latency issue, the IEEE Standards Association introduced its 802.11r (FT) standard (“Fast BSS Transition”) in 2002. IEEE 802.11r reduced the eight messages passed between an AP and a client for authentication, association, and the four-way handshake in WPA2 re-associations to just four messages. Fast Basic Service Set Transition (FT) allows encryption keys to be stored on all the APs in the network. FT is very useful for VoIP or other applications where long roaming times between multiple antennas can result in a negative impact on performance including dropped calls and packet loss.
The 802.11r process begins with a client device first authenticating to the wireless network. The authentication process stores and creates new encryption keys that are transferred to the next AP in-line as the client devices roams about.
By using encryption keys that are stored and transferred with a roaming client, authentication attributes, such as the DOMAIN ID don’t need to be re-hashed making the transition to the next AP a quicker process.
The end-user avoids a significant amount of latency that would have previously delayed network connectivity. An addition, without reauthentication, less traffic is generated between the physical layer of the direct link setup, the wireless local area network and the authentication server, improving scalability and reliability of the physical layer of the link.
In environments with wireless controllers and RADIUS servers, using Wi-Fi Protected Access v2 (WPA2) and Centralized Key Management (CKM), the client and RADIUS server generate data using a Master Session Key (MSK). The Master Session Key uses its first 256 bits as part of the Pairwise Master Key (PMK). The Pairwise Master Key is used for individual encryption keys.
In environments with no RADIUS services, a Pre-Shared Key (PSK) is used for authentication. The Pre-Shard Key is the Master Service Key which (just like a RADIUS environment) is used to create the Pairwise Master Key used for individual client encryption.
When implementing 802.11r technology into your enterprise network there are considerations that must be made. Many non-802.11r WIFI devices don’t understand the security key management and the domain key component in the four-way handshake, making the client device un-authenticatable in these types of situations.
MORE FAST ROAMING PROTOCOLS
Other fast roaming IEEE 802.11 protocols are 802.11k and 802.11v. The 802.11k protocol assists the physical layer of the client device in searching for nearby APs that are available as roaming targets. It does this by creating an optimized list of channels, so when signal strength of the current AP weakens, the client will scan for target APs from this list. Similarly, 802.11v lets the network’s control layer influence client roaming behavior by providing it with the load information of nearby APs. The client takes this information into account when deciding among the possible AP targets.
ANTAIRA SUPPORTS 802.11R RAPID ROAMING
In most cases, organizations already have an existing Wi-Fi network in place, but many do not support fast roaming technology. In those cases, Antaira wireless access points can seamlessly be added to create the fast-roaming infrastructure for your organization. Rapid Roaming is available as a feature on Antaira models ARS-7235-AC, ARX-7235-AC-PD-T, and ARY-7235-AC-PD.
Whan adding rapid roaming technology to your network, Antaira advises you to create a separate SSID specifically for 802.11r. This will allow for enhanced monitoring and troubleshooting of connected devices.
TIPS TO IMPROVE ROAMING IN YOUR FACILITY
Ideally, Wi-Fi roaming would be seamless and transparent. However, in the real world, this is not always the case. Devices lose connections, freeze or fail in various other ways during roaming. This makes an industrial Wi-Fi network with multiple hundred access points virtually unusable. Below we list common issues you may experience with your Wi-Fi and how to fix them.
1. Wrong number of APs. Generally speaking, you should follow recommended practices by deploying one AP for every 1,000 square feet of coverage area. Without enough APs you will experience dead zones, slow speeds and dropped connections. Yet installing too many APs is equally problematic. APs in close proximity will cause interference, resulting in slower speeds and poor connection quality. Interference can happen as a result of overlapping channels and signal strength. Having too many WAPs can also create security risks. An attacker could easily hop from one AP to another, making it difficult to trace their activity.
2. Wrong Location of APs. Carefully consider the placement of APs in relation to the area that needs coverage, as well as any obstructions that may interfere with the signal, like walls or warehouse racks. Avoid placing the access point near windows, doors, or other objects that can block, bounce, or absorb radio signals. Omni-directional APs will not provide full coverage above certain heights due to their antenna pattern. Yet in large industrial spaces, AP are often mounted on the ceilings at heights of 25-30 feet or more. Omni-directional APs are designed for no more than 12-15 feet heights. Adjacent channel interference can also be introduced by ceiling mounting APs at great heights. A controller will attempt to lessen this interference by turning down the AP transmit power, leading to weak coverage on the ground below.
3. Leaving Device Settings on Default. Many handhelds let you change their wireless settings otherwise; they are set to AUTO mode. Another of the recommended practices is to manually reset the devices to the 5 GHz Wi-Fi frequency band which holds many advantages over 2.4 GHz Wi-Fi in industrial environments. You’ll also want your devices to use at least the 802.11n standard to avoid multipath issues. Warehouses and industrial plants experience far more signal bounce than in non-industrial settings, leading to multipath intersymbol interference and data corruption. Indoors, standard diversity patch antennas are recommended in extremely high throughput over-multipath environments if legacy 802.11a/b/g Wi-Fi networks are deployed.
4. AP Power is Too High. Many times, when roaming is poor your AP power is too high, which means the client will stick to wireless local area networks or a single AP for too long. By the time it needs to create a roam notification it has already skipped several APs. Adjust the transmit power and roaming threshold. Next, conduct a heat map and tune it based on what you see.
Antaira wireless APs/bridges/repeaters are built to ensure seamless wireless roaming with higher throughput across large industrial spaces and in demanding environmental conditions.
www.antaira.com