WiFi best practice by WiFi Experts in NJ. Improving WiFi performance by implementing VLAN management with Group Policies.
We write extensively about WiFi network configurations, WiFi best practice, WiFi Security, and wireless implementations overall. As WiFi Experts in NJ with a passion for technology, we share our knowledge with other IT technologist enthusiasts like you to help you plan and implement a reliable WiFi network solution. In other WiFi best practice documents we’ve written about the WiFi Multi-SSID deployment considerations and how to improve WiFi performance and Security with 802.1X authentication because one of the most important aspects of WiFi deployment is spectrum utilization.
When we write about WiFi deployments we intentionally focus on Business and Enterprise WiFi, not necessarily the SoHo implementations. Although SoHo and Enterprise WiFi concepts are the same, poor WiFi design has greater implications and it’s usually more difficult to correct at the enterprise level. That’s beside the fact that business and enterprise wireless solutions offer configuration, management, monitoring, security, integration features not available in SoHo deployments. That is why it’s important for companies to do their due diligence and planning during a WiFi network implementation. As the leader of the WiFi experts in NJ, we have extensive experience in WiFi best practice implementation, network configuration, and information security. We are vendor-neutral and recommend WiFi solutions that best align to the wireless network and company requirements, as such, we design, implement, and support WiFi network solutions from Cisco, Cisco Meraki, Extreme Networks, Ubiquiti UniFi, Cambium Networks, SonicWall, Sophos, Fortinet, Aruba all other WiFi manufacturers. Our Wireless network experience and strategic technical vision make us WiFi Experts in NJ, with that being said, let’s delve into this article.
One of the most important aspects of WiFi networks planning and deployments by keeping SSID broadcasting to the minimum, it is a WiFi Best Practice and one of the fundamental aspects of Wifi networking. One of the main reasons for companies to create multiple SSIDs to provide different types of wireless network access, the most common it to provide traffic segmentation by the implementation of VLANs. Though it’s a great idea to segregate network traffic – Also considered a Network and WiFi best practice – it creates a new set of problems when too many SSIDs are broadcasted from the access points, with the most common of them being wireless saturation, which creates its own set of problems. As WiFi Experts in NJ, we recommend implementing the different types of technical solutions such as creating one or two SSIDs and doing VLAN assignments through 802.1X attributes and planning SSID coverage, and only enabling broadcasting in the areas where that network access is required. Another WiFi best practice we want to introduce to you today to keep the SSIDs deployment to a minimum is by using Cisco Meraki Group Policies. Of course, it is taking into account you have a Cisco Meraki Wifi solution in your environment.
WiFi Best Practice – How to configure Cisco Meraki WiFi with Group Policies for VLAN assignment.
In a nutshell, the way it works is that the SSID has a feature to assign group policies by device type. A group policy is pre-determined configuration settings or network template settings that can be applied to objects. You have the option to set up bandwidth limits, Layer 3 and Layer 7 firewall rules, traffic shaping, and VLAN tagging among many other settings. Meraki does a really good job making the process intuitive and easy to follow, making this a WiFi Best Practice.
When you create an SSID in the Meraki Dashboard one of the features is offers it to assign group policies by device type. In a perfect Meraki world Client devices will be fingerprinted by the Meraki Cloud Management system the first time that they connect to the network and perform an HTTP fetch. If the device type fingerprint matches a configured type, the appropriate group policy will be applied at that time. This policy will remain applied until the administrator explicitly removes it from the Client’s overview page. I said perfect Meraki world because there are false positives and negatives where the fingerprinting does not work as intended. Although not 100% accurate in every environment it’s a solution worth exploring, especially if you have a standardized set of wireless clients. As WiFi experts in NJ, we have seen how some don’t get properly fingerprinted when implementing group policies by device type, keep in mind that this is a “best-effort” type of solution. If you experience major inconsistencies with group policies assignments you may want to consider Meraki System Manager or Cisco ISE. If the implementation is primarily for VLAN you can consider implementing 802.1X and VLAN management with system attributes. We are WiFi experts in NJ providing highly efficient Wireless Network Solutions.
Group Policies for device types Configuration.
To configure policies by device type:
- In Dashboard, navigate to Wireless > Configure > Access Control.
- Select the desired SSID from the dropdown at the top.
- Set Assign group policies by the device.
- Add and set policies as desired, selecting a Device type and assigning the corresponding Group policy.
With this Cisco Meraki Solution, you can have one SSID and map VLAN tagging and other configuration settings by the implementation of Group Policies.
We are WiFi Experts in NJ providing resilient, secure, and cost-effective WiFi Services and solutions. Our WiFi solutions and services include WiFi surveys, WiFi planning, WiFi implementation, WiFi Administration, and WiFi as a Service. We hope that this WiFi Best Practice article helps in the administration and improvement of your Meraki WiFi network.