All networks work great, until people start using them. It鈥檚 especially true for wireless networks where known and unknown variables 鈥 configuration, placement, and usage 鈥 affect how well people can communicate, and ultimately, how well virtual meetings can function. It鈥檚 difficult enough to conduct effective meetings when Wi-Fi works well, and nearly impossible when it doesn鈥檛. This article reviews the best practices to help get the most out of your networks.
IT admins know 鈥渢he look鈥 when they鈥檙e called into a meeting where connectivity has been spotty. People often don鈥檛 judge tech teams based upon what goes right: only when they encounter problems. Being proactive and ensuring that the stage is set for a robust network goes a long way to avoiding those awkward encounters and establishing confidence in you and your team.
Three Areas of Focus to Ensure Network Success:
- Device management and troubleshooting
- Video conference optimization
- Access control and segmentation
These activities are not mutually exclusive and the best performing networks are well-managed ones. The following presents the fundamentals of how to quickly achieve success on each of these pillars.
Basic Device Management
There are several different deployment models for enterprise Wi-Fi networks:
- Consumer-grade routers
- A wireless LAN controller (WLC) with access points; and more recently,
- Cloud-based controllerless solutions
These systems may be managed in-house or by your communication service provider (CSP) and can vary in coverage from small offices to entire corporate campuses. It鈥檚 important to note that while these systems may be configured perfectly, they can still experience problems. So using the correct equipment and settings is your starting point.
For an example, let’s assume that you鈥檙e using a consumer-grade router within a small office space. These are good enough for many small businesses and CSPs have vastly improved their offerings, so long as you鈥檝e traded up your equipment (you鈥檙e paying for it anyway). Unfortunately, self-managed routers aren鈥檛 鈥渟et it and forget it鈥: they always require active maintenance.
These are the basic settings to be aware of:
- Install or enable automatic firmware updates.
- Disable ICMP, WPS, and UPnP for better security.
- Use WPA 2 or above, or WPA 2 Enterprise with certificates.
- Enable any built-in firewall (if available).
- Consider a Wi-Fi 6 product if you鈥檙e in a congested area where there鈥檚 likely to be many devices on the same frequencies. Wi-Fi 6 also better supports Internet of Things (IoT) devices and penetrates solid objects better than prior wireless protocols. Some CSPs recently upgraded their equipment to this standard, so it鈥檚 a free upgrade if you 鈥渞ent鈥 their routers.
- Use routers with 鈥渕esh鈥 capabilities to extend your network more efficiently than previous 鈥渆xtenders鈥 implementations that innately downgraded performance. Mesh configurations aren’t always the fastest, but they’re easy to configure.
- Have enough of an internet pipeline to handle your traffic.
More advanced systems will utilize a WLC to centrally manage many access points through a single egress/ingress. This makes it possible for users to roam around a corporate campus and (theoretically) not lose their connectivity through strategic placement of APs and directional antennas (where necessary). WLCs also support external authentication, which is discussed in more detail below.
Controllerless solutions are similar but require less IT overhead to install. They will designate an AP to be the 鈥渕aster鈥 and 鈥渕ember鈥 APs will be managed through it over a web interface. The settings are also similar except controllerless solutions may have the capacity to 鈥渟elf-heal鈥 when problems arise and sniff out sources of interference and bandwidth hogs.
Okay, But I鈥檓 Still Having Trouble
Wi-Fi networks aren鈥檛 infallible and are only as good as the hardwired infrastructure that they鈥檙e built upon. Some of the common problems relate to:
- Network quality
- The connection between your facility and the CSP
- How well some network sensitive apps function over Wi-Fi
- User behavior.
Some of the causes/solutions are obvious, but others are only clear to IT administrators who have extensive experience troubleshooting networks as they evolve or grow over time. In my previous organization, a small to medium-sized enterprise (SME), we experienced all sorts of network issues. In general, these issues are universal no matter the size of the business and could be unrelated to the Wi-Fi network.
Here are some example scenarios:
- Some network cabling was installed over lighting ballasts in the ceiling, which caused interference. Electric cables can also have the same effect.
- Tip: Only use experienced network installers.
- One switch had what we referred to as the 鈥渁naconda in the closet鈥 below it: several hundred feet of network cabling coiled together. Signals were already degraded by the time they reached any other device in that area of the network. Conventional troubleshooting left us spinning our wheels, because nothing helped.
- People who weren鈥檛 very good at terminating cables made their own patch cables in-house to save a tiny sum of money. As my father said, 鈥渢hat鈥檚 a penny wise and a pound foolish.鈥
- Tip: Use commercial-grade cables 鈥 it鈥檚 worth paying a bit more for assurance.
- There was poor placement of APs that weren鈥檛 based upon a wireless site survey to optimize Wi-Fi coverage. Buildings sometimes have obstacles that can degrade signal quality.
- Overall, it was a bad network architecture with a poor quality core switch that wasn鈥檛 up to task.
- An employee installed a rogue router that was unmanaged.
- Tip: Don鈥檛 ever allow this.
Other issues were less obvious and took some more sleuthing to uncover. For instance, our firewall was a bottleneck, because it had a limitation on how quickly it could process SSL traffic. I鈥檝e also encountered sites where the connection between the building and roadside was degraded. Upgrading to an expensive high bandwidth subscription isn鈥檛 going to resolve these types of issues. Even the best designed network won鈥檛 function well with bad infrastructure.
There was still more work to be done even after the network itself was deemed 鈥渟olid.鈥 As mentioned above, some applications are more network sensitive than others, and users can gobble up valuable bandwidth. There鈥檚 still more diligence required to ensure a positive experience for your users and to secure access to your organization鈥檚 assets.
Optimizing Your Configuration for Meetings and Security
A firewall can be your best friend by simply prioritizing certain types of traffic or apps (such as your web conferencing apps) and blocking others. Quality of Service (QoS) settings are by service providers. You only need a basic understanding of firewalls to accomplish this. Apps, such as torrent clients, can consume vast amounts of bandwidth and some firewalls specify which apps to block and even throttle traffic to video/entertainment web properties. Some higher-end consumer-grade routers also have QoS settings that you can deploy.
However, that鈥檚 not the end of it. The IT team before me would rotate passwords to discourage bandwidth hogs, but people are people and soon everyone knew the newest password. To solve this, one option is to use a WLC or controllerless device to 鈥渨hitelist鈥 IPs by MAC address. This is a time-consuming process (a new phone means a revised 鈥渞ule鈥) that鈥檚 not entirely secure. A RADIUS server combined with IPSEC and network segmentation (VLANs) are the best and most scalable approaches to conserve bandwidth for what matters most. These typically require additional server infrastructure and advanced firewall settings, but it鈥檚 possible to deploy these capabilities with less time, expense, and effort by using 黑料海角91入口.
Also note that some applications that use VoIP will drop calls or experience degraded service when you roam around a facility on Wi-Fi. It鈥檚 never completely seamless. Meetings are best conducted in a designated space that also have LAN jacks available as a backup solution.
RADIUS Secures Access to Wi-Fi
These steps may appear far afield from your video conferencing needs, but even the most ideal implementation of the settings above won鈥檛 prevent rogue user/device behavior. Rogue behavior can easily inundate networks during peak hours, leaving IT admins scratching their heads when managers are screaming, 鈥渢he Wi-Fi still doesn鈥檛 work!鈥. Getting it right from the onset preempts support tickets, but only if you have the appropriate resources.
黑料海角91入口鈥檚 RADIUS service uses a combination of certificates and directory user management to ensure that only authorized users get access to your network. This article how that can be accomplished. This is important for reasons more than just bandwidth: it keeps unauthorized users (and devices such as the rogue router that my employee brought from home) out of your systems and makes on/offboarding easier.
We also strongly recommend using a designated 鈥済uest鈥 network for visitors. Many routers include this feature without requiring additional services. It also separates business traffic from nonessential, or potentially harmful, traffic. VLANs are an additional step to cordon off sensitive information from the remainder of your network traffic.
VLANs Are Virtualized, Independent Networks
Your infrastructure may permit you to set up VLANs using a firewall: it鈥檚 your preference and your budget. However, not every SME can afford high-end network devices. That鈥檚 where 黑料海角91入口 comes in by providing Wi-Fi VLAN Assignment. VLANs place users into network segments that best meet their roles and needs, and can be used to separate expensive equipment and IT systems from other users. This is a significant security consideration, because not every resource should be accessed by everyone. It also helps to reserve bandwidth for applications that need it most. You can also ensure that only compliant devices can access your network through policies.
Try 黑料海角91入口
It鈥檚 expensive to install many of these solutions on premises. Fortunately, cost is no longer a barrier to adopting excellent network management and avoiding those awkward encounters when meetings go sideways due to poor Wi-Fi performance. 黑料海角91入口 delivers advanced network security and management capabilities through its cloud directory platform. Start a free today.
