Filter
Top Products
Voice over Wireless LAN Solution Guide v1.0 December 2005
______________________________________________________________________________________________________
Page 29
because three is the minimum number that can be tiled such that no two neighboring APs are
controlled by the same WSS 2300. In this scenario, if any one WSS 2300 fails, the impact to RF
coverage will be reduced. The affected cells will still have the main outage during the interval
between failure and detection. However, during the reset after the failure is detected, the
resiliency will be much improved. The cells that are lost during the power cycle are surrounded by
cells that are still providing coverage. So client devices are able to roam to another working AP in
the meantime.
2.2.3.4 Subnet high availability
An easily overlooked aspect of high availability with the WLAN 2300 solution is access to
VLAN/subnets. Because the MU can be assigned to a VLAN by AAA, that VLAN should also
have multiple WSSs connecting to it. This way if a WSS fails, another WSS can offer connection
to the assigned VLAN/subnet. Put differently, if only one WSS has a connection to the “blue”
VLAN, and that WSS fails, any device assigned to the “blue” VLAN will no longer have access to
the network. So VLAN/subnet redundancy is accomplished by ensuring that each client VLAN
has at least two WSSs connected to it. Similarly, if you are configuring N+2 WSS redundancy as
in the previous section, then design the network such that every client VLAN/subnet has at least
three WSSs connected to it. The network is no more redundant than the least redundant
component.
2.2.3.5 WLAN Telephony Manager 2245 high availability
The WTM 2245 has limitations to high availability. There are some types of failure that can result
in complete outages. Every group of WTM 2245s in a single subnet has a master node. If this
node fails or connectivity to it is lost, the entire WTM 2245 group will not survive. All active calls
will be lost and no future calls can be placed until the master WTM 2245 is replaced (either by
installing a spare or by reconfiguring one of the slaves to be a master).
On the other hand, if one of the slave WTM 2245s fails, then the group as a whole will survive,
although some individual calls may be lost due to the reassigning of handsets throughout the
group. Keep in mind that one less WTM 2245 also means that the call capacity of that node is lost
until the WTM 2245 is replaced.
2.3 Security
Given that not all devices support the same security features and that amongst security features
some are more secure than others, it is sometimes desirable to implement multiple SSIDs and
customize network security and network access according to devices and security features
implemented. For example, a data SSID can be configured to require 802.1x authentication with
WPA2, while a voice SSID that has limited connectivity to the network implements WPA pre-
shared key (WPA-PSK) and Media Access Control (MAC) authentication. The general rule of
always requiring separate SSIDs for different security types no longer applies. The only invalid
combination for the AP 2330 is the mix of encrypted types and clear access together on the same
SSID. All other mixes of encryption types, like WEP + WPA + WPA2, are valid possibilities. Today
the main drivers for separate SSIDs are client dependencies and commonsense security
practices. An example of the latter is to avoid mixing static Wired Equivalent Privacy (WEP) and
WPA2 on the same SSID because the broadcast key used in such a scenario is the static WEP
key.
Client dependencies are more complex. Some devices will not associate to an AP that allows a
mix of encryption types, and others will. In particular, the WLAN 221x handsets will not work in a
mixed encryption environment. So if a combined handset/data SSID is desired, ensure that the
encryption type is the same for both devices. For example, laptops using 802.1x+WPA2 and
handsets using WPA2-PSK will work, but laptops using WPA2 and handsets using WPA will not.