Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Enterprise-Class Wireless LANs: Guidelines for A Successful Architecture and Design

Enterprise-Class Wireless LANs: Guidelines for A Successful Architecture and Design

Chapter Description

This chapter adopts a "60,000-foot view" of the challenges ahead and asks you to answer some key questions on technical, financial, and program management issues. The chapter also introduces such topics as strategic preparation and planning, architectural considerations, and program management. Upon completion, you will be prepared to describe in strategic terms where you will deploy, how you will deploy, how you will fund and manage your deployment.

Design Considerations

The previous section provided guidelines for defining the overarching architecture for your WLAN. The framework formalizes the goal, scope, supported device types, and lifecycle management strategy for your WLAN. More specifically, the architecture defines the strategy for the WLAN's security posture and practices, as well as the WLAN's implementation and operational support structure. The architecture does not, however, address detailed design considerations.

The WLAN design provides the necessary detail on how the solution must be built, integrated, and configured. As such, the design of your WLAN specify specify network topologies, how many access points you need to deploy, their make and model, specific AP configurations, where and how you will connect the WLAN to the rest of the network, IP addressing schemes, QoS parameters, access point management passwords, and so on. In short, the design is focused on the physical layout and configuration of the WLAN.

Many of the decisions that must be made during the design of wired networks are directly applicable in the wireless environment. However, there are also distinct considerations that are unique to WLANs, including the following:

  • The ratio of users to access points, also known as the client-to-AP ratio
  • The impact of roaming from cell to cell
  • The physical placement of the access points

This section focuses on the design decisions that need to be made regarding the client-to-AP ratio and roaming capabilities. Chapter 6, "Wireless LAN Deployment Considerations," provides guidelines for identifying the appropriate physical placement of the access points during the implementation of the WLAN.

Client-to-AP Ratio

Many different factors impact the performance of your WLAN. Internal aspects include the shared nature of the communication medium, the access mechanism for the medium, the use of a limited number of communications channels, and the available bandwidth. External factors consist of the number of users, the types of devices communicating across the WLAN, the types of applications used on the network and the degree of mobility that is demanded by the user community.

As outlined earlier in the section "Identifying the Types of Users and Devices You Want to Support," knowing the traffic types and usage patterns on the WLAN is fundamental to designing a solution that not only performs correctly, but also delivers a relatively consistent level of service. As such, providing the WLAN with the proper number of access points is probably the single most contributing factor to creating a WLAN that meets a performance baseline.

The industry has converged on the metric "client-to-access point ratio" to denote the number of users a single access point can consistently support; however, do not take the term "client" at face value. Indeed, a student that uses the WLAN primarily for e-mail and web browsing will have different bandwidth requirements than an engineer using the WLAN mainly for streaming video and computer-aided design (CAD) applications. As such, carefully consider the types of clients and their respective network needs.

Three different strategies can be used to determine what the correct client-toAP ratio is for your environment. You can perform benchmark tests to identify exactly what works, you can classify users and traffic types as in Table 5-1 to generate more granular client-to-AP ratio specifications, or you can simply adopt client-to-AP ratio guidelines that have been published by most vendors. Each strategy has its merits and drawbacks.

Benchmarking enables the most precise identification of the client-to-AP ratio. Local variations are measured and the ratio can be optimized depending on the exact user profiles and needs. However, not only is this approach time and resource intensive, but it also creates a dated snapshot. If the environment changes, for example, and the HR and engineering departments introduce new software with different traffic signatures, the benchmarks will no longer be accurate.

By classifying both traffic and users, as detailed in Chapter 3, some degree of customization can be captured. The process is relatively straightforward and can be performed by your network architects and designers. A challenge that you will likely face with this method is the identification of the correct segmentation of the users and traffic types. Don't reinvent the wheel. Follow the classification guidelines as set forth in your architecture. Given the benefits of more accurately identifying a client-to-AP ratio that yields a more consistent and satisfactory WLAN user experience, we recommend that you adopt this approach.

The final strategy is to accept the recommended client-to-AP ratio as published by the WLAN equipment vendor. Even though this is the easiest solution, there is potential for over- or underprovisioning the number of access points because the information provided by the vendor does not consider your specific user-base requirements. However, use the WLAN vendor's published recommendations as a sanity check.


Roaming occurs when a device moves its association from one access point to another. By moving the association, the device has effectively traversed the basic service set (BSS) boundary and moved into a new one. However, roaming is not limited to crossing BSS boundaries.

As mentioned in Chapter 1, "Introduction to Wireless LAN Technologies," the BSS is equivalent to a Layer 2 network. Multiple BSSs can be grouped together into an extended service set (ESS), which equates to a Layer 3 network. As such, changing the association from one access point to another can not only cause the client to roam across BSS boundaries, but also ESS boundaries.

Authentication is not the only area that is affected when a user moves its association from one access point to another. Roaming across BSS boundaries creates the following three challenges:

  • Authentication
  • Performance
  • ESS boundaries

Each vendor offers its own solution for these challenges, and each solution has its own strengths and weaknesses. In the end, it is important to understand the impact of roaming. The following sections take a closer look at the challenges that are created by roaming and provide recommendations for addressing them.


If you opt to use authentication to secure your WLAN, switching association from one AP to another triggers a re-authentication process. The new AP does not know that the client is permitted to associate and, therefore, the client must go through the entire authentication process. As the number of times a station roams and the number of stations roaming increases, latency can be introduced due to the authentication traffic and the authentication processing overhead that is handled by the AP.

Note that authentication does not occur only when a client roams. To increase the robustness of WLAN security, it is not uncommon that authenticated credentials expire after a certain amount of time. When this occurs, the station is forced to re-authenticate. In this scenario, a station authenticates multiple times over the duration of its association with the same access point even though it is not physically roaming.

Some WLAN products provide methods to reduce the number of authentication requests that are sent to the authentication, authorization, and accounting (AAA) infrastructure. This process is often known as fast roaming, because the authenticated status of the client is stored locally in the access point or controller, thereby avoiding the need to contact the back-end AAA server directly. This reduces the time for authentication (hence "fast roaming") and the load on the AAA servers themselves.


Performance is not limited to the throughput that a client can achieve. It is also directly related to the client keeping its network connection and communication session intact. When roaming, there is a small amount of time during either authentication or association during which the client will effectively be without a link. The duration of the lost link will determine if and how applications will be impacted. Note that last roaming was specifically conceived to make this link loss during authentication almost unnoticeable to end users.

Applications exhibit a distinctive sensitivity to the duration of a lost link. Transactional applications such as e-mail and web browsing are relatively insensitive, whereas real-time applications such as voice and video are highly sensitive. Ensure that you enable fast roaming to make authentication occur promptly enough to not affect the core WLAN application suite.

ESS Boundaries

As mentioned earlier, roaming occurs when a station moves its association from one access point to another. This effectively makes the station jump from one BSS cell into the next. As long as the client remains in the same ESS, its IP address remains valid and the Layer 3 session can be maintained.

If, however, the station crosses an ESS boundary, it effectively moves into a different Layer 3 network. The IP address that was assigned for the old ESS is invalid, and all active IP sessions terminate as traffic directed toward the station is incorrectly routed. To remediate this routing problem, the client must release its old IP address and request a new one for the subnet that it now finds itself in.

To keep the IP sessions alive, some mechanism is needed to transfer the active connections. A method of achieving this is by empolying Mobile IP, which is an open protocol that comes in different forms but allows clients to move between Layer 3 networks or subnets. However, keep in mind that Mobile IP is no longer the primary mobility method for most vendors. Because it requires client software, it is currently used only in "extreme" roaming situations like those found in moving vehicles with multiple available network types. Most vendors today use some kind of tunneling technology to hide the fact that the user has crossed a Layer 3 network boundary. This tunneling solution is similar to that used for remote VPN access. In essence, a logical overlay of multiple ESSs is instantiated by means of the tunnels, thus enabling roaming without Layer 3 hazards.

If you do not opt to implement solutions that provide Layer 3 roaming capabilities, carefully plan the layout of your WLAN subnets to address this challenge. Avoid creating multiple ESSs in areas where users typically roam. For example, because users typically move around on a floor, create a single ESS per floor. However, a floor-by-floor model can have problems in certain buildings where there is strong signal propagation between floors. In these types of buildings, users can accidentally roam between floors, creating the problems previously described. Carefully measure signal strength on each floor and fine-tune the radio's signal power to avoid it propagating between floors.

Also, consider recommended practices for sizing IP subnets. Subnets that are too large can experience performance issues because of excessive IP broadcast traffic. Adopt the recommended IP addressing practices when designing your WLAN. Plan carefully and strike a balance.

3. Environmental Considerations | Next Section Previous Section