Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Enterprise-Class Wireless LANs: Guidelines for A Successful Architecture and Design

Enterprise-Class Wireless LANs: Guidelines for A Successful Architecture and Design

  • Sample Chapter is provided courtesy of Cisco Press.
  • Date: Jul 21, 2006.

Chapter Description

This chapter adopts a "60,000-foot view" of the challenges ahead and asks you to answer some key questions on technical, financial, and program management issues. The chapter also introduces such topics as strategic preparation and planning, architectural considerations, and program management. Upon completion, you will be prepared to describe in strategic terms where you will deploy, how you will deploy, how you will fund and manage your deployment.

Design Considerations

The previous section provided guidelines for defining the overarching architecture for your WLAN. The framework formalizes the goal, scope, supported device types, and lifecycle management strategy for your WLAN. More specifically, the architecture defines the strategy for the WLAN's security posture and practices, as well as the WLAN's implementation and operational support structure. The architecture does not, however, address detailed design considerations.

The WLAN design provides the necessary detail on how the solution must be built, integrated, and configured. As such, the design of your WLAN specify specify network topologies, how many access points you need to deploy, their make and model, specific AP configurations, where and how you will connect the WLAN to the rest of the network, IP addressing schemes, QoS parameters, access point management passwords, and so on. In short, the design is focused on the physical layout and configuration of the WLAN.

Many of the decisions that must be made during the design of wired networks are directly applicable in the wireless environment. However, there are also distinct considerations that are unique to WLANs, including the following:

  • The ratio of users to access points, also known as the client-to-AP ratio
  • The impact of roaming from cell to cell
  • The physical placement of the access points

This section focuses on the design decisions that need to be made regarding the client-to-AP ratio and roaming capabilities. Chapter 6, "Wireless LAN Deployment Considerations," provides guidelines for identifying the appropriate physical placement of the access points during the implementation of the WLAN.

Client-to-AP Ratio

Many different factors impact the performance of your WLAN. Internal aspects include the shared nature of the communication medium, the access mechanism for the medium, the use of a limited number of communications channels, and the available bandwidth. External factors consist of the number of users, the types of devices communicating across the WLAN, the types of applications used on the network and the degree of mobility that is demanded by the user community.

As outlined earlier in the section "Identifying the Types of Users and Devices You Want to Support," knowing the traffic types and usage patterns on the WLAN is fundamental to designing a solution that not only performs correctly, but also delivers a relatively consistent level of service. As such, providing the WLAN with the proper number of access points is probably the single most contributing factor to creating a WLAN that meets a performance baseline.

The industry has converged on the metric "client-to-access point ratio" to denote the number of users a single access point can consistently support; however, do not take the term "client" at face value. Indeed, a student that uses the WLAN primarily for e-mail and web browsing will have different bandwidth requirements than an engineer using the WLAN mainly for streaming video and computer-aided design (CAD) applications. As such, carefully consider the types of clients and their respective network needs.

Three different strategies can be used to determine what the correct client-toAP ratio is for your environment. You can perform benchmark tests to identify exactly what works, you can classify users and traffic types as in Table 5-1 to generate more granular client-to-AP ratio specifications, or you can simply adopt client-to-AP ratio guidelines that have been published by most vendors. Each strategy has its merits and drawbacks.

Benchmarking enables the most precise identification of the client-to-AP ratio. Local variations are measured and the ratio can be optimized depending on the exact user profiles and needs. However, not only is this approach time and resource intensive, but it also creates a dated snapshot. If the environment changes, for example, and the HR and engineering departments introduce new software with different traffic signatures, the benchmarks will no longer be accurate.

By classifying both traffic and users, as detailed in Chapter 3, some degree of customization can be captured. The process is relatively straightforward and can be performed by your network architects and designers. A challenge that you will likely face with this method is the identification of the correct segmentation of the users and traffic types. Don't reinvent the wheel. Follow the classification guidelines as set forth in your architecture. Given the benefits of more accurately identifying a client-to-AP ratio that yields a more consistent and satisfactory WLAN user experience, we recommend that you adopt this approach.

The final strategy is to accept the recommended client-to-AP ratio as published by the WLAN equipment vendor. Even though this is the easiest solution, there is potential for over- or underprovisioning the number of access points because the information provided by the vendor does not consider your specific user-base requirements. However, use the WLAN vendor's published recommendations as a sanity check.


Roaming occurs when a device moves its association from one access point to another. By moving the association, the device has effectively traversed the basic service set (BSS) boundary and moved into a new one. However, roaming is not limited to crossing BSS boundaries.

As mentioned in Chapter 1, "Introduction to Wireless LAN Technologies," the BSS is equivalent to a Layer 2 network. Multiple BSSs can be grouped together into an extended service set (ESS), which equates to a Layer 3 network. As such, changing the association from one access point to another can not only cause the client to roam across BSS boundaries, but also ESS boundaries.

Authentication is not the only area that is affected when a user moves its association from one access point to another. Roaming across BSS boundaries creates the following three challenges:

  • Authentication
  • Performance
  • ESS boundaries

Each vendor offers its own solution for these challenges, and each solution has its own strengths and weaknesses. In the end, it is important to understand the impact of roaming. The following sections take a closer look at the challenges that are created by roaming and provide recommendations for addressing them.


If you opt to use authentication to secure your WLAN, switching association from one AP to another triggers a re-authentication process. The new AP does not know that the client is permitted to associate and, therefore, the client must go through the entire authentication process. As the number of times a station roams and the number of stations roaming increases, latency can be introduced due to the authentication traffic and the authentication processing overhead that is handled by the AP.

Note that authentication does not occur only when a client roams. To increase the robustness of WLAN security, it is not uncommon that authenticated credentials expire after a certain amount of time. When this occurs, the station is forced to re-authenticate. In this scenario, a station authenticates multiple times over the duration of its association with the same access point even though it is not physically roaming.

Some WLAN products provide methods to reduce the number of authentication requests that are sent to the authentication, authorization, and accounting (AAA) infrastructure. This process is often known as fast roaming, because the authenticated status of the client is stored locally in the access point or controller, thereby avoiding the need to contact the back-end AAA server directly. This reduces the time for authentication (hence "fast roaming") and the load on the AAA servers themselves.


Performance is not limited to the throughput that a client can achieve. It is also directly related to the client keeping its network connection and communication session intact. When roaming, there is a small amount of time during either authentication or association during which the client will effectively be without a link. The duration of the lost link will determine if and how applications will be impacted. Note that last roaming was specifically conceived to make this link loss during authentication almost unnoticeable to end users.

Applications exhibit a distinctive sensitivity to the duration of a lost link. Transactional applications such as e-mail and web browsing are relatively insensitive, whereas real-time applications such as voice and video are highly sensitive. Ensure that you enable fast roaming to make authentication occur promptly enough to not affect the core WLAN application suite.

ESS Boundaries

As mentioned earlier, roaming occurs when a station moves its association from one access point to another. This effectively makes the station jump from one BSS cell into the next. As long as the client remains in the same ESS, its IP address remains valid and the Layer 3 session can be maintained.

If, however, the station crosses an ESS boundary, it effectively moves into a different Layer 3 network. The IP address that was assigned for the old ESS is invalid, and all active IP sessions terminate as traffic directed toward the station is incorrectly routed. To remediate this routing problem, the client must release its old IP address and request a new one for the subnet that it now finds itself in.

To keep the IP sessions alive, some mechanism is needed to transfer the active connections. A method of achieving this is by empolying Mobile IP, which is an open protocol that comes in different forms but allows clients to move between Layer 3 networks or subnets. However, keep in mind that Mobile IP is no longer the primary mobility method for most vendors. Because it requires client software, it is currently used only in "extreme" roaming situations like those found in moving vehicles with multiple available network types. Most vendors today use some kind of tunneling technology to hide the fact that the user has crossed a Layer 3 network boundary. This tunneling solution is similar to that used for remote VPN access. In essence, a logical overlay of multiple ESSs is instantiated by means of the tunnels, thus enabling roaming without Layer 3 hazards.

If you do not opt to implement solutions that provide Layer 3 roaming capabilities, carefully plan the layout of your WLAN subnets to address this challenge. Avoid creating multiple ESSs in areas where users typically roam. For example, because users typically move around on a floor, create a single ESS per floor. However, a floor-by-floor model can have problems in certain buildings where there is strong signal propagation between floors. In these types of buildings, users can accidentally roam between floors, creating the problems previously described. Carefully measure signal strength on each floor and fine-tune the radio's signal power to avoid it propagating between floors.

Also, consider recommended practices for sizing IP subnets. Subnets that are too large can experience performance issues because of excessive IP broadcast traffic. Adopt the recommended IP addressing practices when designing your WLAN. Plan carefully and strike a balance.

3. Environmental Considerations | Next Section Previous Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020