Wireless

ccde-written
Published

April 24, 2026

Overview

Wireless network design is a critical discipline within the CCDE curriculum. Unlike wired networks, wireless introduces unique challenges around radio frequency (RF) behavior, device capabilities, spectrum management, and mobility. A successful wireless design requires understanding the 802.11 standards, the RF environment, the devices that will connect, and the security requirements — all before selecting access points or drawing a floor plan.

IEEE 802.11 Standards and Protocols

When designing wireless networks, network designers must understand the different 802.11 standards and protocols, as each has its own capabilities, pros, and cons. Network designers need to compare all of these standards and protocols and align them with end-user device requirements. Not all end-user devices support all standards and protocols, so the designer must identify the standard and protocol that meets the needs of everything in the design, down to the least-common denominator.

Device Wireless Capabilities

When beginning the wireless design process, you need to identify the wireless capabilities of the devices within the customer’s network. Not all devices will have the same functionality. There are also scenarios where you and the customer will not be able to identify what devices will be used, such as in the bring your own device (BYOD) model. The types of information you need to collect include 802.11 support, radio frequency (RF) capabilities, and supported security suites. This information helps determine the common standard protocol and allows you to design a wireless network that supports all of the customer’s devices.

For example, suppose a SaaS customer has hired you to design its campus HQ wireless network. The customer’s device inventory includes wireless 4K security cameras, wireless Voice over IP (VoIP) devices, standard laptops, and high-definition tablets, all with their own specific wireless capabilities. All of these devices are critical to the success of the SaaS customer, so the wireless network design must support all of them completely. Table 1 summarizes the associated wireless capabilities that have been collected.

Table 1: Example SaaS Device Wireless Capabilities
Capability 4K Security Camera Wireless VoIP Standard Laptops High-Def Tablets
Bands supported 2.4 GHz, 5 GHz 2.4 GHz, 5 GHz 2.4 GHz, 5 GHz 2.4 GHz, 5 GHz
802.11 a/b/g/n/ac a/b/g/n a/b/g/n a/b/g/n/ac
Channels: 2.4 GHz 1 to 13 1 to 13 1 to 13
Channels: 5 GHz 36–48, 52–64, 100–140, 144, 149–161 36–48, 52–64, 100–140, 149–165 All, but DFS not recommended
Channel width 2.4 GHz: 20, 40 MHz; 5 GHz: 20, 40, 80 MHz 2.4 GHz: 20 MHz; 5 GHz: 20, 40 MHz 2.4 GHz: 20 MHz; 5 GHz: 20, 40, 80 MHz Unspecified
Data rates: 802.11b Unspecified Unspecified 1–11 Mbps 1–11 Mbps
Data rates: 802.11g Unspecified Unspecified 6–54 Mbps 6–54 Mbps
Data rates: 802.11a Unspecified Unspecified 6–54 Mbps 6–54 Mbps
Data rates: 802.11n Unspecified Unspecified MCS 0–7 MCS 0–6
Data rates: 802.11ac Unspecified Unspecified MCS 0–8
802.11k Not supported Supported Unspecified Unspecified
802.11r (FT) Not supported Supported Supported Unspecified
802.11w Not supported Supported Unspecified Unspecified
Spatial streams 2×2 Unspecified Unspecified 1×1
Antenna gain Unspecified Unspecified 2.4 GHz: 2.4 dBi; 5 GHz: 3.0 dBi Unspecified
Transmit power (max, U.S.) Unspecified 16 dBm 2.4 GHz: 13 dBm; 5 GHz: 12 dBm 2.4 GHz: 13 dBm; 5 GHz: 12 dBm

Looking at the 802.11 support among these devices, all four critical devices support both the 2.4-GHz and 5-GHz bands. Two of the four devices support 802.11a/b/g/n, while the other two add support for 802.11ac. This is important information to ensure the access points (APs) selected in the design provide the required data rates at the corresponding 802.11 level.

When reviewing channels and data rates, the goal is to leverage the highest data rate that all devices support and, in most cases, disable the lower ones so they are not used. If lower data rates remain available, they limit the overall performance of the access point as devices connect at those rates alongside devices using higher rates.

Note

In some wireless designs it may be prudent to create different service set identifiers (SSIDs), with different APs advertising them for legacy devices that only operate at lower data rates. An SSID is used as a wireless network name and can be made up of case-sensitive letters, numbers, and special characters. This allows end users to distinguish from one wireless network to another.

The channels offered may differ because some countries only allow specific channels. For example, if a device only supports 2.4-GHz channels 1 through 11 (the wireless VoIP devices in this scenario), it will only be able to operate in the United States. The high-definition tablets column references a feature called Dynamic Frequency Selection (DFS). DFS enables an AP to dynamically scan for RF channels and avoid those used by other radio devices in the area. RF is a wireless electromagnetic signal used as a form of data communication.

For best performance in a wireless environment, wireless devices should be able to distinguish received signals as legitimate information and ignore background signals on the spectrum. Signal-to-noise ratio (SNR) ensures the best wireless functionality. SNR is the difference between the received wireless signal and the noise floor. The noise floor is erroneous background transmissions emitted from either devices that are too far away for the signal to be intelligible, or by devices that are inadvertently creating interference on the same frequency.

For example, if a client device’s radio receives a signal at -75 dBm and the noise floor is -90 dBm, the effective SNR is 15 dB. Generally, an SNR value of 20 dB or more is recommended for data networks, whereas an SNR value of 25 dB or more is recommended for wireless networks supporting real-time application traffic.

Shifting to RF capabilities, the transmit power level of one device might be very different from another, as shown in Table 1. This difference is directly related to the size of the battery in the device — the smaller the device, the smaller the battery, and the less power the device can leverage to transmit a signal. The location of the device’s antenna can also impact RF performance. Some devices have embedded antennas, while others have external antennas that can be extended as needed. Lastly, the placement of the device in relation to access points, with obstacles obstructing the path, can degrade and limit connections.

Review Questions

1. Which of the following wireless client specifications is helpful in designing the size of an AP cell?

  1. The antenna gain
  2. The receiver sensitivity
  3. The number of spatial streams
  4. Client’s software operating system

b. The receiver sensitivity is the most helpful because it defines the minimum usable signal strength a client can receive from an access point (AP). The AP cell size is determined by the distance a client can be located from the AP before the AP’s signal falls below the receiver sensitivity.

2. Regarding a wireless client in relation to the AP it’s connecting to, which of the following statements is incorrect?

  1. As the client moves away from the AP, the AP’s signal strength decreases.
  2. As the client moves away from the AP, the usable data rate decreases.
  3. As the client moves toward the AP, the SNR increases.
  4. As the client moves toward the AP, the usable data rate decreases.

d. The closer a client is located in relation to an AP, the stronger the AP’s signal will be. With a stronger received signal, and constant or increasing SNR, the client will likely try to use a faster data rate.

Wireless Security Capabilities

In the majority of situations, customers will require the most secure network. Wired networks have some level of inherent security because data transmissions are contained within the physical wire. In contrast, wireless networks transport data over the air, potentially allowing other devices to eavesdrop or manipulate the traffic.

When conducting a discovery session to identify wireless network design requirements, a network designer should ask the following questions:

  • How should access to the wireless network be secured?
  • How should data traveling over a wireless LAN be secured?
  • Do wireless users need to be protected from each other?
  • How will wireless users be protected from everyone else?

The 802.11 standard defines two methods of authentication: open and WEP. All devices should support both methods. WEP has been deprecated due to its inherent security weakness. Open authentication is used in conjunction with 802.1X (network access control [NAC]) security and multiple EAP options to offer a wide range of authentication methods. Table 2 shows the different security specifications for the four device types in this scenario.

Table 2: Example SaaS Device Wireless Security Capabilities
Security 4K Security Camera Wireless VoIP Standard Laptops High-Def Tablets
WEP/WPA/TKIP Security WPA (AES), WPA2 (AES), WPA-Enterprise, WPA2-Enterprise WEP, TKIP, AES-CCMP, WPA (AES), WPA2 (AES), WPA-Enterprise, WPA2-Enterprise WPA (AES), WPA2 (AES), WPA-Enterprise, WPA2-Enterprise WPA (AES), WPA2 (AES), WPA-Enterprise, WPA2-Enterprise
EAP (802.1X) Security EAP-TLS, EAP-PEAP, EAP-TTLS (PAP, CHAP, MSCHAP, MSCHAPv2) LEAP, PEAP, MSCHAPv2, EAP-FAST, EAP-TLS EAP-FAST, PEAP-GTC, PEAP-MSCHAPv2, EAP-TLS PEAP-MSCHAPv2, EAP-TLS

Reviewing the device security capabilities in Table 2, each device can support a comprehensive list of wireless security features and protocols. What you should notice is that these features and protocols are not the same across all devices. Network designers must be aware that not all devices support all security features, protocols, or options, and must identify the proper security mechanisms that all devices support. Securing access to a wireless network involves applying one of the authentication methods in Table 2 to screen the users and devices that try to join.

During the wireless design process, you should list the wireless networks that the customer wants, along with the security mechanisms that should be leveraged to ensure the wireless network is secured. For example, a wireless network meant for the standard corporate laptops might require WPA2-Enterprise with AES, 802.1X with EAP-TLS, and digital certificates. Another wireless network offered to the high-def tablets might require PEAP-MSCHAPv2.

Note

With most wireless products, a wireless SSID cannot run multiple security mechanisms simultaneously. This limitation adds a constraint to any wireless network design and has the potential to increase the number of SSIDs as the security mechanisms required in a design grow.

Review Questions

3. Suppose a customer wants users on their wireless network to authenticate with a username and password before being allowed wireless network access. Which of the following items could be leveraged to add this security requirement in your wireless network design to meet the customer’s needs?

  1. RADIUS
  2. TACACS
  3. SMNP
  4. AES servers

a. The customer is wanting user authentication, so you could leverage RADIUS, AAA, or NAC (Cisco ISE) servers to meet that need.

Wireless Traffic Flow

Network designers need to keep in mind that end-user device traffic flow on a wireless network can be very different compared to the wired side. In the context of a wireless network, the wired network is also known as a distribution network. The distribution network provides the means of connecting multiple APs together. In most commercial wireless network designs, the distribution system is already designed and implemented, enabling the wireless APs to leverage it. The way an end-user device’s traffic flows highly depends on the configuration mode of the access point. The two AP modes are:

  • Autonomous: The AP acts as a direct link between the wireless and wired sides of the network.
  • Centrally controlled: All wireless client traffic is forwarded to the wireless controller via a CAPWAP tunnel. CAPWAP is defined in RFC 5415.
Note

Some vendor solutions have additional features that allow wireless traffic to be locally switched at the access point. For example, Cisco has the FlexConnect option within the Wireless LAN Controller (WLC) configuration that allows for this exact forwarding behavior.

CAPWAP

Control and Provisioning of Wireless Access Points (CAPWAP) is a logical network connection between access points and a wireless LAN controller. CAPWAP is used to manage the behavior of the APs as well as tunnel encapsulated 802.11 traffic back to the controller. CAPWAP sessions are established between the AP’s logical IP address (obtained through DHCP) and the controller’s management interface. Whether in local mode or FlexConnect mode, CAPWAP sessions between the controller and AP are used to manage the behavior of the AP. When in local mode, CAPWAP is additionally used to encapsulate and tunnel all wireless client traffic so that it can be centrally processed by the controller.

CAPWAP sessions use UDP for both the control and data channels, as shown in Figure 1:

  • CAPWAP Control Channel: Uses UDP port 5246
  • CAPWAP Data Channel: Uses UDP port 5247 and encapsulates (tunnels) the client’s 802.11 frames
WLC
WLC
AP
AP
CAPWAP Control
CAPWAP Control
CAPWAP Data
CAPWAP Data
DLTS, UDP 5246
DLTS, UDP 5246
DLTS, UDP 5247
DLTS, UDP 5247Text is not SVG - cannot display
Figure 1: Cisco CAPWAP Control and Data Plane Channels

FlexConnect mode has options for local or central forwarding of traffic. A wireless design can use FlexConnect with central forwarding for a branch site AP that should tunnel traffic to the controller but should also be able to tolerate a WAN failure situation. APs are typically deployed in their own VLAN in a campus environment, or in multiple VLANs if leveraging a Layer 3 access design.

Note

If there is a security device that limits what traffic is allowed within the path between the access point and the wireless LAN controller, the CAPWAP ports listed above will need to be permitted to ensure proper communication of the CAPWAP tunnel.

As the number of APs grows, so does the number of CAPWAP tunnels terminating on the controller. Figure 2 illustrates the logical connection of multiple CAPWAP sessions over the physical infrastructure.

WLC
WLC
Clients
Clients
Upstream Ethernet Switch
Upstream E...Physical Infrastructure
AP
AP
AP
AP
AP
AP
AP
AP
AP
AP
CAPWAP Tunnels
CAPWAP TunnelsText is not SVG - cannot display
Figure 2: Cisco CAPWAP Sessions Between the APs and the Controller

Considering that all APs in local mode use a CAPWAP tunnel to transport wireless data traffic back to the controller, designing both the physical and logical environments to handle the load and scale is paramount. The CAPWAP tunnels ride on top of a physical network that has bandwidth and resource availability limitations. Design aspects that directly impact the overlay CAPWAP tunnel include:

  • The physical connection between the AP and the access switch
  • An estimation of oversubscription of the uplink of the access switch to the network
  • Backbone capacity of the core network
  • WAN connection speeds if the controllers are centralized and APs are in local mode
  • Network access speeds to the controller
  • Performance capabilities of the controller

Another area requiring careful consideration is the path between the controller and key infrastructure services such as AAA and DHCP servers. Additional infrastructure services — including AAA/NAC, DHCP, DNS, SDN controller, and more — may be placed at locations throughout the network that have firewalls protecting them. Understanding the logical path between these services will often require opening firewall rules for the service to interface with the controller.

The wireless controller’s management interface is used to communicate with AAA/NAC servers, as well as directory servers, other controllers, and more. For DHCP, a controller proxies communication to the DHCP server on behalf of clients using the controller’s IP address in the VLAN associated to the WLAN of those clients.

Table 3 summarizes the ports that must be open to allow the controller to communicate with key services.

Table 3: Summary of Cisco Wireless LAN Controller Services Ports
Service Port
RADIUS authentication and authorization UDP port 1812 (some older versions use UDP port 1645)
RADIUS accounting UDP port 1813 (some older versions use UDP port 1646)
DHCP server UDP port 67
DHCP client UDP port 68

Review Questions

4. When you meet with a customer to gather information about an upcoming wireless project, which one of the following items would be the most helpful as you prepare to design the wireless solution?

  1. The scope of the project
  2. A list of the buildings and locations that need wireless service
  3. Floor plans of buildings that need wireless service
  4. Diagrams of the physical network infrastructure

c. Of the options available, the floor plans will be most helpful, as you will leverage these directly into any wireless planning tool to help identify where to place APs within the wireless network design.

Enterprise Wireless Network Design

From an enterprise wireless network perspective, we have to shift our focus from what has been the norm for years to a more modern state. Most, if not all, wireless networks are high density. Historically, this used to be location specific — stadiums, convention centers, and higher education facilities being the most common high-density wireless networks. Today, the list includes enterprise networks, airports, and hospitals, and that list is growing longer as more businesses embrace the wireless network.

Designing for High Density

High density means having more clients attached to the same AP, or set of APs, within a smaller physical location. There are two main differentiators with a high-density wireless network: the number of users within a certain area (density) and coverage area. High-density networks ensure clients are able to have sufficient throughput regardless of the thousands of other clients within close proximity.

A high-density wireless design is focused on RF coverage maximizing the effective AP cell size for the area in question. The key RF relationships in high-density wireless design are:

  • AP to client: How clients hear APs
  • Client to AP: How APs hear clients
  • AP to AP: How APs hear each other

This all starts with Layer 1 of the OSI model — RF design. In a wireless world, this is all about the antenna: determining which type of antenna should be leveraged and where it should be placed. For antenna selection, consider the density of clients that the AP should serve and how far away the AP can be placed and still enable clients to connect. For antenna placement, ensure clear line of sight to clients with no obstacles in the way. Think of locations where users congregate and consider offering them direct frequencies that provide better throughput and signal strength.

If a wireless-enabled device can see the wireless network, it should be able to join it within the coverage area. As more devices and clients move within the coverage area of the AP, increasing the density of clients, they will all compete for the available wireless network resources, including the physical infrastructure resources supporting the APs, such as bandwidth. Figure 3 illustrates this concept with two APs serving overlapping coverage areas.

AP
AP
The network is fast!
The network is fast!
AP
AP
The network is too slow, eh!
The network is too slow, e...Text is not SVG - cannot display
Figure 3: High-Density Wireless Example

From a wireless design perspective, the best way to provide sustained performance to a high density of clients is to predetermine and distribute clients across multiple APs and channels. When doing this, the cell size of each AP must be limited to limit the number of clients that can connect. Because the cell size is limited, the number of APs being leveraged must increase.

In addition to the wireless footprint being added with a high-density deployment, the physical network implications must be kept in mind. Each AP needs to connect back to a switch to provide the connected clients access to the physical network.

Areas such as theaters, auditoriums, stadiums, and classrooms with configured seating allow planners to plan for the number of high-density clients properly. Office spaces are also easy to plan for and usually have a lower client density because of their seating arrangements and layout. When designing any wireless network, keep in mind that the average user carries three to five wireless devices.

Each vendor’s hardware will have its own methods to reduce the cell size, but generally these three actions apply regardless of vendor:

  • Limit the AP’s transmit power level.
  • Select an appropriate antenna for the AP, with the correct gain.
  • Reduce the size of a cell using an omnidirectional antenna.

Focus on leveraging the 5-GHz band in high-density areas, making sure that AP channels are non-overlapping. AP cells should have 10 to 15 percent overlap. Leverage Cisco’s Dynamic Transmit Power Control (DTPC) to automatically influence the transmit power levels of compatible clients.

Always aim for a single SSID in a high-density area. The more SSIDs in the area, the worse the performance for end clients. Each SSID requires a separate beacon and will beacon at the minimum mandatory data rate. Each broadcast SSID will also respond to null probe requests — all of this is exponential amounts of airtime wasted for real client traffic.

Note

Recall that an SSID cannot leverage different authentication methods simultaneously. If there is a requirement to have different security mechanisms for different device types, multiple SSIDs will be required, which limits performance in a high-density deployment.

Review Questions

5. A high-density area in a wireless design is determined by which one of the following statements?

  1. More clients are using the 5-GHz band than the 2.4-GHz band.
  2. A small number of clients in an area are using high-bandwidth applications.
  3. A higher number of clients are associated with each AP in an area.
  4. A higher amount of RF coverage is needed in an area.

c. High density in a wireless design is determined by the number of clients per AP in an area. If the user population is high in a small area, all of the users might end up joining a single AP. The goal of a good wireless design would be to add additional APs and distribute the clients across them, maintaining an adequate level of performance for each AP. For a high-density design, the coverage area and cell size per AP is reduced to allow for higher performance for the clients leveraging each AP.

6. Suppose you are working on a wireless network design that is required to support a high density of clients within a large lecture space at a college. You begin by adjusting the AP’s transmit power level down to its lowest setting, but you find that the AP’s cell size is still too large for your design. What is the next step to take for you to reduce the AP’s cell size?

  1. Use an external omnidirectional antenna.
  2. Use an external patch antenna.
  3. Install a second AP next to the first one and use the same channel on each.
  4. Enable the lowest data rate to reduce the cell size.

b. If the AP is already at its lowest transmit power level setting, your next strategy should be to connect an external directional antenna to the AP. The patch antenna will focus the AP’s RF energy into a smaller area and will help reduce the AP’s cell size.

Designing for Voice and Video

Most user devices will make use of “data” traffic that has no special QoS requirements other than basic responsive throughput. For real-time applications like VoIP, videoconferencing, or collaboration, the network must handle the traffic differently. The following effects need to be minimized so that voice and video sessions can be heard and seen consistently, without interruption or corruption:

  • Latency: The amount of time required to deliver a packet or frame from a transmitter to a receiver
  • Jitter: The variance of the end-to-end latency experienced as consecutive packets arrive at a receiver
  • Packet loss: The percentage of packets sent that do not arrive at the receiver

To keep these factors minimized, the adverse conditions in a wireless environment must be controlled. A source of interference can cause packet errors that interrupt a voice or video stream. As packets are lost, they can be retransmitted and delayed, increasing latency and jitter. Other factors like poor RF coverage, high channel utilization, and excessive collisions can also impede good data throughput and integrity.

When designing for wireless voice and video, leverage the 5-GHz band as much as possible. The 5-GHz band includes more non-overlapping channels, which reduces the chance of interference from non-wireless devices. Lower data rates require more time to transmit the same data than a higher data rate, and when a lower data rate is being leveraged, it occupies the channel longer. Limiting data transmissions to higher data rates means stations transmit data quicker and get off the air sooner, allowing other stations to leverage that same channel. This directly affects latency and jitter, which are critical to real-time applications.

An effective design should take call capacity into account. For example, voice calls use bidirectional RTP streams to transport audio. Each call uses two separate streams, but they cannot be transmitted simultaneously because of channel contention. At a 24-Mbps data rate, up to 27 simultaneous bidirectional RTP streams can exist, or up to 13 calls. A 6-Mbps data rate can support only 13 streams or 6 calls. Therefore, the maximum number of calls depends on the data rate used as well as the channel utilization.

Review Questions

7. In a data-only wireless deployment (non-real-time traffic), which one of the following statements is true?

  1. Strict jitter requirements must be met.
  2. Strict latency requirements must be met.
  3. Strict packet loss requirements must be met.
  4. No specific requirements must be met.

d. A data-only wireless deployment without any additional real-time applications being leveraged is usually used when clients use normal applications that have no specific performance requirements; thus, there is no need to account for jitter, latency, or packet loss.

8. Suppose a customer wants to use a real-time application that requires jitter to be less than 30 milliseconds. Which one of the following wireless network deployment models should be leveraged for this wireless network design requirement?

  1. Data deployment model
  2. High-density deployment model
  3. Voice deployment model
  4. There is not enough information given to determine a deployment model.

c. A voice deployment model is indicated because of the strict jitter requirement given. Jitter implies network performance that is necessary for real-time applications such as voice and video.

9. Which of the following statements are valid design goals for wireless network design that will support voice over the wireless network for calls? (Choose all that apply.)

  1. Make 12 Mbps the lowest mandatory data rate.
  2. Design for call capacity per AP.
  3. Use every possible 5-GHz nonoverlapping channel.
  4. Consider avoiding 5-GHz DFS channels.

a, b, and d. Wireless network designs focused on voice should use a minimum data rate of 12 Mbps. It is important to consider the number of simultaneous calls that each AP can support, based on the minimum data rate. As a general guideline, you should leverage the many 5-GHz channels, but carefully validate that you can use each DFS channel, only if radar signals have not been detected on them.

Summary

This chapter covered various wireless network design topics, including IEEE 802.11 standards and protocols and enterprise wireless network use cases. To avoid wireless design defects, network designers need to always incorporate the wireless network design topics covered in this chapter in an integrated holistic approach rather than designing in isolation. Moreover, considering the top-down design approach is a fundamental requirement to achieving a successful business-driven design. Although this chapter focused on the wireless side, there are design implications within the physical infrastructure that also need to be kept in mind. For example, as you add more APs to solve wireless requirements (high density of users), each of these APs still requires physical network connectivity and power. These are all factors that must go into your wireless network design decision process.

Previous: Security | Next: Automation