Clear To Send Podcast Episode 62: K12 Wi-Fi Deployments

podcast_logoI recently had the pleasure of joining Rowell Dionicio on the Clear to Send Podcast to talk about Wi-Fi in K12 schools. Clear To Send is a great podcast about enterprise wireless networking and a great way to stay current with the Wi-Fi community.

We talked about K12 requirements, challenges, funding, my design process, security, and everyone’s favorite K12 subject, 1 AP per classroom!

After listening to the podcast, I thought about some other K12 Wi-Fi considerations that I didn’t bring up on the air.

  • K12 often has requirements for mDNS applications like Apple AirPlay for AppleTV or Google Cast for Chromecast. This is a challenge in an enterprise network because mDNS does not cross layer 2 boundaries. It’s important to consider that when designing a new WLAN and selecting the vendor. Many WLAN vendors do have features that can assist with relaying mDNS traffic between vlans. Be careful to limit this traffic to only the vlans where it is required.
  • Excessive multicast traffic can be a burden on channel utilization when it is not controlled. Many WLAN vendors have features that intelligently filter broadcast/multicast traffic, instead of always forwarding it out the AP radio interfaces at the lowest data rate. If you are dealing with mDNS or large subnets (common in K12) it’s worthwhile to understand how the WLAN can manage broadcast/multicast traffic.
  • MSP’s are a great way to get well-designed enterprise Wi-Fi into small to medium size schools that don’t have the internal resources to handle it themselves. MSP’s can be hired to support and operate the WLAN after installing it, which gives them an incentive that VAR’s who just sell the hardware might not have–to design the WLAN properly. E-Rate funding is now available to reimburse schools for managed services contracts with MSP’s.
  • eduroam is available for K12 schools, not just higher education. Check it out!
  • It’s hard to listen to the sound of your own voice.

I really enjoyed talking Wi-Fi with Rowell and I’d love to return to the podcast in the future. Maybe we can talk about healthcare Wi-Fi next? Thanks Rowell!

Have a listen here: CTS 062: K12 Wi-Fi Deployments – Clear To Send

Advertisements

Why K12 Schools Need Wi-Fi Design

Chalk drawing of WIFI

Enterprise Wi-Fi is expensive, very expensive. For schools with limited budgets and a responsibility to be good stewards of tax dollars, it is important to get it right, without spending more than necessary on the initial deployment, ongoing support, or fixing costly mistakes. Any savings can be used in other ways to improve education, so unnecessary spending on Wi-Fi can have an impact on the quality of education in schools.

That’s why it is critical for schools to work with Wi-Fi professionals to develop a sound design for the network before it is purchased and deployed. Fixing mistakes after the fact costs a lot of money. The usual “fix” of installing extra access points in areas where performance is poor can often make the situation worse, when the real solution might be to remove an AP or correct a bad channel plan.

What often happens is this: A vendor talks the school into purchasing one AP per classroom and then the channel planning is left up to auto-channel algorithms (known as RRM, or radio resource management). This is a very simple and seemingly easy way to get Wi-Fi in schools that doesn’t involve the headaches of procuring CAD drawings, performing multiple site surveys, collecting client device data, and other things that delay the installation of the Wi-Fi network and increase the up-front costs.

Don’t do it!

The big problem here is that this is extremely inefficient. Do schools need one AP per classroom? Some do, some don’t. You’ll only find out by doing a proper network design. Maybe the design process reveals that a school only needs one AP per two classrooms. A school like this that doesn’t bother with a design and just does one AP per classroom has spent 100% more money than it needed to.

Capacity issues aside, what about channel planning and radio transmit power control?Nearby AP’s on the same channel interfere with each other. Vendors love to tout their RRM as effective means to automatically set these controls optimally. Just turn it on and let the magic happen.

The truth is, RRM just can’t be trusted. It may work for a while, and then it changes something and it doesn’t. My experience has shown that RRM is fine for simple networks with few neighbors, but in the high density, busy RF environment of K12 schools it often fails miserably. Neighboring AP’s end up on the same channel resulting in interference with one and other. Transmit power goes up and down unpredictably. Your Wi-Fi network is an unpredictable moving target. What you measured and validated at one location one day is different the next day, and so on. The ongoing cost of supporting a network in this state is much higher than one that began with a proper design.

While some vendors’ RRM is better than others, no vendor is immune to this. A better solution is a proper design where channels and transmit power are determined by a Wi-Fi professional who is informed by years of experience and site survey data that RRM algorithms can’t factor into their decision making.

It is critical that schools include a proper Wi-Fi design in their Wi-Fi deployments to save tax dollars that would better be spent on other educational needs, and prevent many future headaches that result from over/under capacity networks and bumbling RRM algorithms. The Wi-Fi design process avoids these issues, and leaves schools with efficient, stable networks and the confidence in knowing that the network was validated against their needs, with the data to prove it.

Beyond the tax dollars, in a 21st century classroom, what is the true cost of poor Wi-Fi?

 

K-12 Needs eduroam Too

As eduroam sweeps across higher education in the United States, I think it’s worth considering its place in K-12 as well. After all, every university and college that joins eduroam is within the boundaries of a K-12 school district, and a longstanding relationship is likely to exist between those institutions.

Where I work, we have Miami University within our district boundaries. Miami has a highly regarded education program and dozens of Miami students student teach at our schools everyday. Miami faculty and staff send their kids to our schools, they volunteer here, and they regularly attend school functions. We maintain a formal partnership with the university.

Our teachers and staff take classes at Miami, teach classes, send their kids there, and attend events at Miami. Some of our high school students attend post-secondary classes there as well. In other words, there is a regular flow of visitors back and forth between the institutions.

Because Miami is an eduroam member, it made perfect sense for us to join too. Visitors from our district could gain automatic and secure Wi-Fi access at Miami, and visitors from Miami could have the same at our district. That’s why I pushed to deploy eduroam at my district, making us the first K-12 institution to join eduroam in the United States.

But what about K-12 schools that don’t have higher education institutions nearby? I think there is still a case to be made for eduroam for these districts too.

Quoting the eduroam US FAQ:

Our institution already has great guest Wi-Fi, why do I need eduroam?

eduroam is not a replacement to your guest network, it is a complement to make your guest network and your community compatible with other eduroam participants.

Enabling eduroam on your campus provides four main features:

  1.  it allows your campus to welcome eduroam enabled visitors in a strongly authenticated way (the strong authentication also provides a way to authorize users to different resources)

  2. it allows your own users to travel to eduroam enabled locations around the world (some places only have eduroam as a guest Wi-Fi)

  3. it saves provisioning time to your institution and to the visitors since authentication is automatic and access is immediate

  4. it improves security since your visitors use a standard protocol (WPA2-enterprise, 802.1X) that encrypts traffic between their devices and the Wi-Fi infrastructure

Doesn’t all of this apply to K-12 as well?

I think it does. K-12 school districts aren’t isolated islands. Teachers attend professional development at neighboring districts, students travel for field trips and athletic events, teachers and leadership attend meetings at local education service centers. Some even share employees who split their time between multiple districts. There is a lot of educational roaming occurring within today’s K-12 community.

School 1:1 Program WLAN Design Considerations

The design of a WLAN to accommodate a school’s 1:1 program can make or break the entire enterprise. A poorly designed WLAN presents connectivity issues, bandwidth issues, co-channel contention, and RF utilization problems that distract end-users from classroom activities and results in a loss of trust in the technology. Similarly, clients with substandard Wi-Fi chipsets will also compromise WLAN performance.

These are some of the important considerations I’ve learned when designing and operating a WLAN to support a school’s 1:1 program.

Wireless LAN

Key points to consider when designing a high-density WLAN to support a 1:1 program:

  • 802.11ac is highly desirable, 802.11n is workable and a minimum requirement
  • Do a site survey to determine optimal AP placements, but design for capacity, not solely coverage
  • Evaluate your switching capacity, including PoE budgets, for AP backhaul
  • Establish client SLA’s before designing the WLAN
  • 5 GHz radios are required
  • DFS channels are required for wide channels or very-high density
  • 2.4 GHz becomes a junk band in high density. Use it only for guest/BYOD clients.
  • Use band-steering to move clients to the 5 GHz spectrum
  • Use the entire 5 GHz spectrum everywhere, and choose channel bandwidths to prevent cell overlap.
    • 80 MHz channels in coverage-areas
    • 40 MHz channels in high-density areas like classrooms
    • 20 MHz channels in really high-density areas such as multi-story classroom layouts
  • Disable low data-rates, all the way up to 24 Mbps. Experiment with going higher.
  • Reduce maximum AP radio power to limit cell sizes
  • Reduce AP radio receive sensitivity to prevent clients at the edge of the cell from associating
  • Use load balancing techniques to spread clients evenly among AP’s
  • Limit SSID’s to as few as possible, generally no more than three. Try this:
    • 1 SSID with WPA2-Enterprise security for school and BYOD devices
      • Use AAA override/dynamic profile assignment (whatever your vendor calls it) to assign security policies, access control, VLAN’s, and QoS policies via RADIUS attributes
    • 1 SSID with no security for guest access
  • Only use WPA2-Enterprise 802.1X authentication. WPA-PSK is a nightmare if you ever need to change the password.
  • Use an MDM solution to distribute Wi-Fi credentials
  • Rate-limit guest and BYOD clients
  • Use QoS to deprioritize traffic from guest and BYOD clients
  • Use layer 7 QoS to deprioritize/rate-limit bandwidth hogs that are not time sensitive including
    • Mac OS, iOS, Chrome OS, and Windows software updates
    • Dropbox, iCloud, and Skydrive syncing
    • Site-specific background data hogs such as an enterprise AV deployment, WSUS server, etc.
  • Track the applications used on the WLAN and use layer 7 QoS to deprioritize/rate-limit bandwidth hogs that are time sensitive, but are only used for recreational purposes on the WLAN.
    • Netflix, Pandora, Grooveshark, etc.

Should time allow, many of these points will become blog posts of their own.

Client Devices

For all of this to work, client devices must meet these requirements. Cheap and used devices rarely meet these specifications. Choose carefully. Don’t compromise.
  • 802.11n minimum, 802.11ac desired
  • The more spatial-streams, the better
  • 802.1X support
  • MDM support
  • 5 GHz band support
  • DFS channel support
Unfortunately many device manufacturers limit the Wi-Fi specs they publish to simply “802.11n” or “802.11ac.” Tracking all of this down is often only possible through testing a device in-person, especially DFS support.