WiFi Best Practice – 5 Cisco Meraki Features to improve WiFi performance.
This article “WiFi best practice – 5 Cisco Meraki features to improve WiFi performance ” is one of many WiFi Best Practices articles, check our website for other informative posts. One of the main challenges for Wireless network planning and support is the management of the Wireless spectrum, specifically what relates to WiFi. Remember, WiFi (802.11) takes up only a part of unlicensed bands of the electromagnetic spectrum. The Spectrum, including the WiFi bands, is a finite resource. I’m sure that you are very well aware of it, especially if you’ve been working in the WiFi world for some time. As you know the WiFi unlicensed bands are the 2.4 GHz and 5 GHz ( with the 6 GHz band becoming available soon), each band has a limited number of channels that WiFi-enabled devices use for communication. The more devices that use it, the more congested they become.
We have written many wif best practice articles that help wireless administrators implement “WiFi best practice” in administrative and technical controls to improve the WiFi performance. However, this time we want to write about Cisco Meraki WiFi best practice and how to apply those WiFi Best practice concepts in the Cisco Meraki Dashboard for proper WiFi implementation and improve wireless network performance. In our WiFi best practice – Multi SSID deployment considerations we talked about the potential negative effects of broadcasting too many SSIDs in a corporate environment. Now we’re turning the very “WiFi Best practice” concepts we talked about into practice in a Cisco Meraki Environment, to make it a Meraki WiFi best practice solution.
With that being said, let’s go over the takeaway point from WiFi Best Practice – Multi-SSID deployment considerations before we see the technical implementation in the Meraki Dashboard.
Meraki WiFi Best Practice.
No more than 3 SSIDs should be enabled on any single Access Point.
This point is a bit contentious because there’s no exact number on the maximum SSID that should be broadcasted on a single Access Point, but the general consensus among experts seems to be between 3 and 5. You can select SSID availability under Wireless\SSID Availability\Per-AP Availability. You can broadcast SSID on APs matching tag.
The truth is less is better, there are some business environments where the WiFi spectrum is so congested from neighboring networks that deploying 3 SSIDs is not a good solution either. Access Points send a beacon frame every 102.4 ms, each frame can be 300-400 bytes in size, so having multiple SSIDs broadcasting will force the AP to contend for airtime to send the beacon frames for the corresponding SSIDs. Perhaps you think that’s not a big deal, but when you take into account that the same applies to networks around you can see the snowball effect.
Enable band steering on SSID broadcasting on both bands.
It is a common practice to broadcast the same SSID on the 2.4 GHz and 5 GHz bands, after all, you want to offer the network access to your wireless clients regardless of their capabilities. We have worked on some projects where we know the WiFi client devices are all 5 GHz capable, in those cases, we design a WiFi network optimized for 5 GHz coverage. We have worked on other projects where support for legacy devices is still needed, and as such we enable broadcast the SSID on both bands. Scenarios like this call for the Band Steering WiFi best practice to be implemented. What Band Steering does is that the Access Point steers the client device connected to utilize the 5 GHz during the association process, of course, the final decision is on the client device. Band steering has been around for a while now and most modern dual-band wireless devices respond well to it. You can enable Band steering under Wireless\Radio Settings\RF-Profiles\General.
Plan SSID coverage – Only enable SSIDs if needed.
This point goes hand to hand with limiting the number of broadcasting SSIDS per access point. In the previous point, we talked about the technical reasons why you should limit the number of broadcasting SSIDs to somewhere between 3 and 5, but we also mentioned that there’s isn’t a magic number and that you should limit SSID broadcasting SSID to the minimum. Now, what happens when you have legit technical and administrative reasons to have multiple SSIDs? Cases like that require the WLAN and Network administrators to work together with the different business units to understand where the network access provided by SSIDs is really required. Chances are the Guest SSID is not required in certain – or most – sections of the company, or specific SSIDs mapping to business units VLANs are not required in other areas, like HR, the VoIP handheld devices, or wireless scanners. You get the get point, proper VLAN planning and deployment will help you improve WiFi performance, and it’s truly a Meraki WiFi best practice.
Implement technical solutions to help you minimize SSID broadcasting while providing.
As you can see, SSID broadcasting is pivotal in WiFi network deployment and administration, thus a WiFi best practice. It’s not only good for an overall wireless network experience, but when coupled with the right technical solutions it makes the job of the IT department much easier. All enterprise-grade WiFi vendors provide technical solutions to minimize SSID broadcasting, some are proprietary and others are integrations with other services. Since this is a Meraki WiFi best practice document we’ll go to Meraki solutions to help you minimize the number of broadcasting SSIDs while providing proper network access to your devices.
- 802.1X Authentication, or Enterprise with my Radius server. You can enable 802.1X with Active Directory authentication and configure the Radius attribute Tunnel-Pvt-Group-ID (VLAN) based on AD group membership to map users to different VLANs. This type of configuration is common in organizations using Windows Active Directory because they already have the infrastructure to build the Radius solution on.
- Applying Group Policies by device type. A group policy is a set of pre-configured network access settings that can be applied to different objects, including wireless clients device types after successful authentication. Meraki allows you to assign the Group Policies at the SSID level by device type regardless of the authentication type. Group Policy objects allow you to configure multiple settings, including VLAN assignments.
- Implement Cisco Identity Service Engine (ISE). – Requires separate license – Cisco ISE is a centralized visibility and management tool that allows you to control and build visibility segmentation. Cisco Meraki can be integrated with Cisco Ice for authentication, so this is a good option for companies with a Cisco ISE in place.
- Meraki System Manager. – Requires separate license – Group policies on Security Appliance and Wireless networks can be automatically applied to Systems Manager MDM clients based on available tags. This allows even the network’s treatment of a device to be handled from within the MDM platform.
Adjust power settings when needed.
Most properly planned WiFi deployments should not need AP power settings adjustment, but there are some situations where it may be needed. A good point to make clear here is that the power settings we’re referring to are the Antenna power settings, which in turn control how far the RF signal travels. In the Meraki world, AP power management is part of the RF Profile settings, and you can adjust the settings for each band individually (2.4 GHz, and 5 GHz). Situations, where you may want to adjust the power settings, include high-capacity WiFi deployments, and multi-floor WiFi deployments.
There you have it. As you saw there are Wireless built-in configuration settings on the Meraki Dashboard that help you improve WiFi performance by implementing Meraki WiFi Best Practice solutions. Keep in mind that these principles are not unique to Meraki, other vendors have their own technical implementations – like Cisco ISE – by the concepts behind it are the same.
We are JDTechsolutions, a WiFi service provider company in Northern NJ. To learn more about our WiFi, Network, Cyber-Security services and solutions Contact us at 888-580-4450, www.jdtechsolutions.net, and [email protected]