Selecting Access Points

When choosing an access point, you should take a number of factors into account. With the emergence of 802.11 as the main vendor-neutral standard, standards compliance is generally not a big factor. Any serious vendor hoping to build large networks must promise compatibility with all existing standards, and will often need to commit to supporting important future landmark standards. Several organizations have launched test programs to certify interoperability. The best-known program is the Wi-Fi Alliance's Wi-Fi certification, though other organizations are seeking to capitalize on the popularity of wireless LANs by launching competing programs. The most rigorous test program in the industry is run by the University of New Hampshire's Inter-Operability Lab (IOL). The IOL test program is not as widely known as the commercial programs because it is intended to help build better products, not to provide marketing "seals of approval" to vendors. As always, when you study certification programs, ensure that the vendor has gone through the relevant tests that are of interest to you.

Security is often a prime concern when deploying a wireless network. With WEP thoroughly broken, you almost certainly want to select an access point that has security capabilities based on 802.1X and 802.11i. Small installations can use pre-shared key authentication, while more security-conscious installations should opt for full RADIUS integration. In larger environments, it may also be worthwhile to select a product that can act as multiple virtual access points as well as mix encryption and authentication types.

In some deployments, getting power to the access points can be a major headache. To blanket an area with the coverage required for a large implementation, access points often need to be placed in an area where power is not easily accessible. Long antenna runs can degrade signal quality unacceptably, so it is much better to bring power to the location. Installing new electrical conduits is often quite expensive. Work must be performed by licensed electricians, and building codes may impose additional restrictions. Many products can supply power over the Ethernet cable. Cheaper products often have proprietary power equipment, while more expensive products can use standards-based power equipment. Network wire is not subject to the same restrictions as electrical cable and can be installed by network administrators.

Some environments may require providing coverage over both indoor and outdoor areas. External antennas are often useful for creating a dense coverage blanket over an area, or for beaming the signal in a particular direction over a courtyard. Not all access points can connect to external antennas; it may be an extra-cost option. Even if an access point has an external antenna connector, there is no guarantee that you'll be able to find a wide range of antennas available for use. 802.11 only requires that any connectors for external antennas have a standard impedance of 50 ohms. If external antennas are important for your deployment plans, make sure that a wide range of antennas is available, whether through the 802.11 vendor or another source. Outdoor installations may require environmentally "hardened" access points or enclosures as well.

Environmental considerations may also play a role in certifications required for APs. Equipment installed in air-handling spaces must be plenum rated. Certified plenum-rated devices are lit on fire and the resulting smoke is tested for clarity. Opaque smoke might be forced through a ventilation system and distributed throughout a building, which would obscure emergency exit signs and would be a hazard. Plenum-rated devices are made of materials that do not release dense smoke. The smoke is often quite hazardous. Plenum-rated APs are safer because they will not obscure exits, not because the smoke is nontoxic. Devices that are installed above the ceiling do not generally need to be plenum rated unless the above-ceiling area is an air return space. Buildings with air-handling ducts do not generally need plenum-rated APs, but many building inspectors will mistakenly require them. Local building codes may also require them.

If roaming is important, you will need to sort through a variety of different technologies and approaches, with the added wrinkle that roaming may not always perform well between different vendors' products. The best way to ensure interoperability between vendors is to select a system that bases roaming and handoff on dynamic VLAN assignment. As stations authenticate, they will retain the same logical point of attachment to the network.

802.11 includes a number of powersaving functions in the standard. Most are optional. If your deployment is based heavily on battery-powered devices, it may be worth evaluating which powersaving features are included with particular devices. It may also be worth experimenting with devices to see just how much longer batteries last with the powersaving functions enabled.

Device management is an important consideration. Wireless networks are a new service, and network staff will need to plan, evaluate, purchase, deploy, and maintain the additional hardware. Large deployments may have tens or hundreds of access points, which can easily make network management a headache without good tools. Does the vendor offer an access point manager to configure large numbers of devices in parallel? Can management of the access points be incorporated into your existing network management infrastructure using tools that you already have deployed? Are the management tools secure enough? Many products can be managed only with cleartext protocols, which may be just an annoyance or a major violation of a security policy. Experience with other network devices has shown that software upgrades are a frequent occurrence. How is the software upgraded, and how much functionality can upgrades add? Can new protocol features be added with firmware updates?

Depending on the size of the deployment, it may be possible to evaluate equipment before buying. See if you can get a feel for the range of each access point and test with a variety of common cards. Capacity on an 802.11 network is ultimately limited by the radio link, but you will want to make sure that there are no other capacity restrictions. Does the access point provide the processing power to run the wireless side at maximum capacity with security protocols enabled? Not all products incorporate cryptographic acceleration for all protocols. Products that depend on a central cryptographic processor to run security systems may run out of capacity if they are upgraded to faster PHY standards, and may also suffer if the uplink is insufficient. Fast Ethernet suffices for 802.11a/g-based networks today, but it will likely limit the performance of radios built on the future 802.11n standard. Try to set up a test network and get a feel for the configuration required to integrate the access points with the rest of your network gear.

As with many other purchasing decisions, of course, there are a number of "soft" factors that may not be easily quantifiable. Warranties, a relationship with the vendor, and the quality of the technical support may all influence the purchasing decision. Soft factors are not technical nor easily quantifiable, however, so I will not discuss them.

Are Access Points Really Necessary?

Access points are not required for a wireless network. Wireless stations can be used in independent networks, which do not require an access point. Building a Unix box that routes between an Ethernet network and a wireless network is not difficult, and hardware can often be reused from the scrap pile. Why, then, would anybody use an access point?

Now that most access points have fallen well below the $100 mark, building a Unix router is no longer a cost-effective option for single-access point networks. Once you consider what your time is worth, building a Unix router is a pretty silly use of time. Access point hardware has some advantages over redeployed general-purpose platforms, too. Access points are small devices with no moving parts. As a result, they do not consume a great deal of electrical power and do not generate much heat. There is one notable exception to this rule, though. Apple offers a "software base station" that transforms any desktop machine into a bridging access point. With a few mouse clicks and very little effort, a desktop computer can become a base station.

Unix-based routers have never been effective in larger deployments because of the lack of mobility support. Effective roaming requires transparent bridged access, not routed access, to the link layer at different physical locations. However, roaming with 802.11 is possible only when access points can communicate with each other to track the movement of a wireless station. In the future, it is likely that an open source Unix distribution will have the features necessary for an access point: low-level access to fundamental 802.11 parameters on the card, Ethernet bridging, and an IAPP. Until then, though, there is no substitute for commercial products.

Unix Based Access Points

One of the most basic preconditions for making a Unix-based access point is enabling access point functions in the wireless interface card. One of the major hurdles is rewriting the 802.11 headers. All traffic in an infrastructure network flows through the access point. Access points must rewrite the transmitter and receiver addresses in the 802.11 headers. Other management functions may be required as well. For example, 802.11 includes a number of powersaving mechanisms for infrastructure networks in the specification, but they can be used only on networks with access points that implement them.

There is also a nontechnical hurdle. Many vendors have actively supported the development of open source Unix drivers for their cards. After all, vendors make money selling hardware, and it is a good thing for them to sell cards for all client systems, even those that run open source Unix. Access points are a different story, however. Vendors have not been as forthcoming with the interface used to put cards into the access point mode. Access points are quite lucrative, and providing a driver interface in the access point mode in the card could potentially cannibalize access point sales.

At one point, the only way to get an Intersil-based card to act as an access point interface was to purchase the reference design from Intersil. (The reference design shipped with firmware that had access point functionality, and that firmware was not sold separately.) Intersil's shipping station firmware does, however, include something called a "Host AP Mode." In the Host AP Mode, the PRISM chipset automatically takes care of "menial" tasks, such as transmitting Beacon frames and acknowledging incoming transmissions. Jouni Malinen has developed a driver to use the Host AP Mode with Linux. In conjunction with the Ethernet bridging implementation in the kernel, this driver can be used to build an access point with full 802.1X and WPA support. It is available from

With the present state of driver software, it is possible to build a Unix-based router. (I mean "router" pedantically, as "layer 3 network device.") One interface would connect to a wired network as it always has, and a second wireless interface could be run in IBSS mode. Ross Finlayson has established a community network at a coffee house in Mountain View, California using a FreeBSD-based router. The project's home page is at, and there is a page devoted specifically to the router itself at wireless/unix-base-station.html.

Introduction to Wireless Networking

Overview of 802.11 Networks

11 MAC Fundamentals

11 Framing in Detail

Wired Equivalent Privacy (WEP)

User Authentication with 802.1X

11i: Robust Security Networks, TKIP, and CCMP

Management Operations

Contention-Free Service with the PCF

Physical Layer Overview

The Frequency-Hopping (FH) PHY

The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)

11a and 802.11j: 5-GHz OFDM PHY

11g: The Extended-Rate PHY (ERP)

A Peek Ahead at 802.11n: MIMO-OFDM

11 Hardware

Using 802.11 on Windows

11 on the Macintosh

Using 802.11 on Linux

Using 802.11 Access Points

Logical Wireless Network Architecture

Security Architecture

Site Planning and Project Management

11 Network Analysis

11 Performance Tuning

Conclusions and Predictions

show all menu

802.11 Wireless Networks The Definitive Guide
802.11 Wireless Networks: The Definitive Guide, Second Edition
ISBN: 0596100523
EAN: 2147483647
Year: 2003
Pages: 179
Authors: Matthew Gast
Similar book on Amazon © 2008-2017.
If you may any questions please contact us: