Wireless Network Design
Wireless Ethernet has great potential as part of a modern security network. For many, the thought of using wireless Ethernet holds great potential; for others, there is fear and uncertainty, with deployment, reliability and security concerns. Today’s wireless is different — it is easy to set up, and it is reliable and secure; however, like any network, advance planning and consideration is critical.
The key to a successful wireless installation is planning and understanding the goals of the deployment. Just as with any network design, there are many factors that must be accounted for.
Environmental Design Challenges
There are several factors that are critical to deploying a successful wireless network. System transmission requirements, RF line of sight and RF operating environment will determine what hardware is used and the mounting location of each device.
Line of sight: A common misconception is a visual line of sight is the same as radio frequency line of sight — it is not. Radio frequencies travel in an ellipsoid shaped area between the Access Point (AP) and the Client(s). This ellipsoid shape is called the Fresnel Zone (see diagram).
As the distance (d) between AP and Client increases, the radius (r) at the mid-point also increases and so the antenna need to be placed at a height greater than r above any obstruction.
You need to make sure your Fresnel zone is clear of any obstructions between the AP and the Client(s) — with only 20-percent obstruction, you start to see signal loss. A good rule of thumb is not to exceed 40-percent obstruction, where significant signal loss begins to occur. Obstructions can range from buildings, trees and even the earth. It is also worth noting that water absorbs radio waves, so while a tree may be a minimal obstruction, the water on the leaves will absorb the radio waves and have a big impact on signal quality if in the Fresnel zone.
RF environment: It is important to understand the RF environment you are going to install your wireless products in. Other access points, cell towers and wireless devices can create a noisy RF environment that can cause interference to a signal.
For example, Comnet’s Netwave wireless products default channel width is 20/40MHz. The AP will determine automatically how much interference there is and auto rate to either 20 or 40MHz. Integrators can override the default setting and select a channel width if desired.
Antenna choice: It is also essential to have the proper antenna for your deployment. Antennae with wide beamwidths are ideal for Point-to-Multipoint deployments but they will pick up more interference than narrow-beam antenna. Narrow beamwidth antennas are good for Point-to-Point, long distance and scenarios where noise and interference must be avoided.
Product & System Topology Selection
Once the environmental conditions of the site are understood, the wireless system can be designed. Product selection should be based on the environmental factors and the amount of data (information) that each wireless link needs to support. At this stage, the topology of the system can also be established.
Throughput of a wireless link is the data rate that the installed link can support. This figure cannot be looked at as static — it changes dynamically with the varying environmental conditions stated above. When looking at the throughput figures of the Netwave range, for example, integrators should design systems based on 65 percent of the stated best throughput figure. Any wireless link’s throughput will reduce with increased distance (increased interference), and as such, the 65-percent design rule is a good practice to follow. Throughput supported on Netwave products range from 95Mbps to 500Mbps, where the throughput figures quoted are best-case laboratory condition figures. The products can be mixed and matched in a system based on the performance requirements.
Topology Choices
There are four primary design arrangements when it comes to wireless system design.
Most wireless designs tend to be made up of a number of different topologies —a hybrid configuration. Every system is different; thus, every design will be different as well.
1. Point-to-Point: This provides the best performance with respect to interference, as the antenna at either end of the link is designed to provide a narrow beam width; thus, the noise received by the antenna is minimized. The throughput figure is dedicated to the single link, and is the maximum for this topology. This design simply links one location with another.
2. Point-to-Multipoint: This topology enables a number of Client devices to connect with a single Multipoint Access Point device. The antenna of the Client units will be the narrow beam width-type — identical to the Point-to-Point units described above. At the Access Point, the antenna tends to be one with a wider beamwidth, as the Client units that want to connect must fall inside this bandwidth coverage. Care must be taken when selecting the antenna, because a wider beamwidth offers a greater chance of increased interference and typically less gain. Throughput in a Point-to-Multipoint system is equally shared amongst the connected Clients; therefore, the individual data rate that needs to be supported at each Client point is critical.
3. Drop-and-Repeat: This topology could also be referred to as a relay point or a linear system. This design is very useful for circumventing immovable objects — such as buildings — or for increasing link distances. There is no set rule for the number of relay points in a linear system but the system can only be as good as the weakest link.
4. Redundant Ring: As the name suggests, this system — which can be built out of a number of dual radio Netwave units — provides a redundant path or ring. This makes the system ideal for safety-critical applications where redundancy must be built in.
Security for Wireless Networks
Wireless Networks might be the most vulnerable when it comes to security, with hacking the network being the most serious. In a wireless network, there are a number of settings and facilities that can be used to increase the level of security and reduce the possibility of data or the full network being compromised.
Here are five important measures security integrators should take once the wireless system is in place:
- Most network-style devices are shipped in a default condition with a number of fields set with generic strings. The administrator “Username” and “Password” strings should be changed immediately to prevent unwanted access to the configuration and management interface of the devices.
- The SSID (Service Set Identifier) is a name broadcast by the Access Point allowing Clients to detect and connect to that Access Point. The SSID transmission should be disabled, meaning that a Client must be manually provided the SSID of the Access Point before it will see and connect to it.
- To secure the traffic flowing across a wireless link, encryption techniques can be employed. We advise the use of WPA2 (Wi-Fi Protected Access) encryption running the AES (Advanced Encryption Standard) cipher. A pre-shared key that runs from eight to 63 characters should be entered by the end-user that is unique to them and that particular system. Strong password rules should be applied when selecting a pre-shared key password.
- In the wireless network, the MAC address of both Access Point and Client can be locked to each other. This prevents an incorrect or unwanted wireless connection in the system if connecting MAC addresses do not match the preconfigured MAC address list.
- The Access Point can also be preloaded with permitted MAC addresses while blocking all others. In either point-to-point or point-to-multipoint systems, both the traffic flow of Client wireless units and their connected devices can be managed based on their associated MAC addresses. This would prevent unknown MAC addresses connecting in to the network to gain access — such as a laptop computer.
Interoperability and Supplier Choice
In its most basic definition, a wireless network is an integration of many different manufacturers’ products. The promise of Ethernet is the interoperability between all manufacturers whose equipment meets the IEEE 802. series of standards.
Wireless Ethernet is part of that and has its own set of IEEE standards, IEE802.11. In the security industry, manufacturers have come together to establish ONVIF, an open industry forum promoting and developing global standards for interfaces of IP-based physical security products.
The ONVIF specifications ensure interoperability between products regardless of manufacturer. They define a common protocol for the exchange of information between network video devices, including automatic device discovery, video streaming and intelligence metadata — which applies to wireless Ethernet communication.
These standards are in place to make designing a system easier.
As with any installation, work closely with one supplier when it comes to selecting your transmission products. The reality is different manufacturers make their products just a little different and interoperability may not be as seamless as possible.
If you can find a single source for Ethernet transmission equipment — be it wireless Ethernet, Fiber Optic Ethernet, Ethernet over copper, Ethernet switches or media converters — the chances of having it interoperate is far greater.
In many cases, working closely with the product manufacturer and supplying them or working with them on the system design will allow configuration testing to happen before the installation. Working closely with the manufacturer allows interoperability issues to arise and be solved in the lab and not in the field.
Frank Haight is VP of Marketing for ComNet. Business Development Manager Iain Deuchars and Design Center Technician Rocky Montoya also contributed to this article. To request more info about ComNet, visit www.securityinfowatch.com/10215705.