Name : KEO SAMNANG

Date: 12/06/2024

Touchstone Task 3: Planning a Wireless

Infrastructure
Review the scenario and client expectations about Greenfield Properties. Make sure you also
review the additional client expectations related to this Touchstone Preparation.

Based on the information provided by the client, answer the following questions in 2-4
sentences each. Be sure to explain your answers in detail.

How many devices will connect to this network wirelessly? Determine the current number of
wireless devices currently, and then add 50% for future growth.

To determine the number of devices that will connect to the network wirelessly, we first need
to calculate the current number of wireless devices and then add 50% for future growth. Let's
assume the current number of wireless devices is 50. Adding 50% for future growth would be
(50 * 0.50) = 25. So, the total number of wireless devices, including future growth, would be
50 (current) + 25 (future growth) = 75 devices.

What network infrastructure components are needed to support the wireless hosts? (Ref:
Wireless Networking Components, Site Survey and Installation Configurations)

To support wireless hosts, several network infrastructure components are needed:

1. Wireless Access Points (WAPs): These devices provide wireless connectivity to client
devices such as laptops, smartphones, and tablets. WAPs transmit and receive wireless
signals, allowing devices to connect to the network wirelessly. The number and placement of
WAPs depend on factors such as coverage area, capacity requirements, and building layout.

2. Wireless LAN Controller (WLC): In larger deployments, a wireless LAN controller may be
used to centrally manage and control multiple WAPs. The WLC coordinates the configuration
and operation of WAPs, ensuring seamless roaming, load balancing, and security
enforcement across the wireless network.

3. Network Switches: Ethernet switches are required to connect WAPs to the wired network
infrastructure. These switches provide power and data connectivity to WAPs and facilitate
communication between wireless and wired devices. PoE (Power over Ethernet) switches are
commonly used to power WAPs without the need for separate power adapters.
4. Router or Gateway: A router or gateway device is needed to provide connectivity between
the wireless LAN and the wider network, including the internet and other network segments.
The router or gateway manages traffic routing, NAT (Network Address Translation), DHCP
(Dynamic Host Configuration Protocol), and firewall functions for the wireless network.

5. Network Security Appliances: Security appliances such as firewalls, intrusion

detection/prevention systems (IDS/IPS), and VPN (Virtual Private Network) concentrators may
be deployed to protect the wireless network from unauthorized access, malicious attacks, and
data breaches. These security measures help enforce network policies and safeguard
sensitive information.

6. Authentication and Authorization Servers: Authentication and authorization servers, such as

RADIUS (Remote Authentication Dial-In User Service) servers, may be used to authenticate
wireless users and enforce access control policies. These servers validate user credentials
and manage user permissions for accessing the wireless network resources.

7. Network Management System (NMS): A network management system provides centralized

monitoring, configuration, and troubleshooting capabilities for the wireless network
infrastructure. NMS tools allow administrators to monitor WAP performance, track client
connectivity, and troubleshoot connectivity issues proactively.

By deploying these network infrastructure components, organizations can create a robust and
reliable wireless network environment that meets the connectivity needs of users while
ensuring security, scalability, and manageability.

On the diagram of the office layout (below), place a circle where you would place each WAP.
The distance between WAPs should be from 30 to 70 feet. The office is 200’ wide by 300’
long. (Here is one circle placed on the diagram, as an example.)

Use as many as needed to ensure good Wi-Fi coverage everywhere in the building. Overlap
the circles slightly to minimize the uncovered spots. Note: This diagram is just a rough draft to
help determine how many WAPs you need; when it comes time to deploy the WAPs, you
would use a site survey application to fine-tune WAP placement and channel capacity.

Color and label the circle to indicate what channel they should be set to. For example, you
might color all the APs that should be set to channel 11 green, and type an 11 in the center of
each one. (Ref: Site Survey and Installation Configurations)
Will you assign the same SSID to each WAP? Why or why not? (Ref: Site Survey and
Installation Configurations)

Assigning the same SSID to each Wireless Access Point (WAP) is generally
recommended for the following reasons:

1. Seamless Roaming: Using the same SSID across all WAPs allows users to
move throughout the building without having to manually reconnect to different
networks. Devices will automatically switch to the WAP with the strongest
signal, providing uninterrupted connectivity.
2. Simplified Network Management: Managing a single SSID simplifies network
configuration and management. Administrators only need to configure the SSID
settings once, and any changes or updates can be applied uniformly across all
WAPs.
3. Consistent User Experience: A single SSID ensures a consistent user
experience, as users do not need to remember and switch between multiple
network names. This is particularly beneficial in environments where users
 frequently move between different areas of the building.

However, there are some considerations to keep in mind:

1. Security Segmentation: If different areas of the building have different

security requirements or access levels, it may be beneficial to use multiple
SSIDs. For example, separating the guest Wi-Fi network from the corporate
network using different SSIDs can enhance security and access control.
2. Network Traffic Management: In some cases, different SSIDs can be used to
segment network traffic based on specific use cases or departmental needs.
For example, using a separate SSID for VoIP devices can help prioritize and
manage voice traffic more effectively.

Given the layout and the use case, a combination of a single SSID for general use
and additional SSIDs for specific purposes (e.g., guest access, VoIP) could be a
balanced approach. This provides the benefits of seamless roaming and simplified
management while also addressing specific security and traffic management needs.

Will you use a wireless LAN controller to manage the access points? Why or why not? (Ref:
Installing WLAN Networks)

Using a Wireless LAN Controller (WLC) to manage the access points is generally a good idea
for several reasons, especially in environments with multiple WAPs, such as the one
described:

1. Centralized Management: A WLC provides centralized management for all access points,
making it easier to configure, monitor, and manage the wireless network from a single
interface. This is particularly useful for deploying consistent policies and settings across all
WAPs.

2. Seamless Roaming: WLCs facilitate seamless roaming by managing the handoff process
as users move between different WAPs. This ensures that devices can switch to the strongest
signal without dropping the connection, providing a better user experience.

3. Scalability: As the network grows, adding and managing additional WAPs becomes more
straightforward with a WLC. It allows for easy scaling of the wireless network without
significantly increasing administrative overhead.
4. Enhanced Security: WLCs often come with advanced security features such as centralized
authentication, encryption, and access control. This enhances the overall security of the
wireless network by providing consistent and robust security measures across all WAPs.

5. Performance Optimization: WLCs can dynamically manage and optimize network

performance by adjusting the channels, power levels, and load balancing across the access
points. This helps to maximize the efficiency and coverage of the wireless network.

6. Simplified Troubleshooting: Centralized logging and monitoring provided by WLCs help in

quickly identifying and troubleshooting network issues. Administrators can gain insights into
network performance and user activity, aiding in efficient problem resolution.

However, there are some considerations:

1. Cost: Implementing a WLC can add to the initial cost, as it involves purchasing the
controller hardware or software licenses. However, the benefits of centralized management
and improved performance often justify the investment.

2. Complexity: Setting up and configuring a WLC requires a certain level of expertise. It adds
an additional layer of complexity to the network, which might require training or hiring skilled
personnel.

Given the scenario of a network with multiple access points and the need for seamless
roaming, centralized management, and enhanced security, using a Wireless LAN Controller
makes sense. The benefits of improved performance, scalability, and simplified management
outweigh the costs and complexity associated with deploying a WLC.

Which Wi-Fi security encryption standard will you enable on the access points? Why did you
choose that one? (Ref: Wireless Security)

For securing the Wi-Fi network, enabling WPA3 (Wi-Fi Protected Access 3) on the access
points is the best choice. Here are the reasons for choosing WPA3:

1. Enhanced Security: WPA3 offers stronger encryption methods compared to its

predecessors (WPA2, WPA). It uses SAE (Simultaneous Authentication of Equals) instead of
the PSK (Pre-Shared Key) method, which significantly improves security by making it harder
for attackers to crack passwords through brute force attacks.

2. Forward Secrecy: WPA3 includes forward secrecy, which ensures that even if a session
key is compromised, previous sessions remain secure. This adds an extra layer of protection
for transmitted data.

3. Improved Password Protection: WPA3 offers better protection for weak passwords by using
Dragonfly Key Exchange, which makes it difficult for attackers to perform offline dictionary
attacks.

4. Protected Management Frames: WPA3 includes mandatory protection for management

frames, which helps prevent attacks like reauthentication and disassociation, making the
network more robust against various types of network attacks.

5. Compatibility and Future-Proofing: While WPA3 is relatively new, many modern devices
support it. Using WPA3 ensures the network is future-proof and adheres to the latest security
standards. It is also backward compatible with WPA2 devices, ensuring that older devices can
still connect securely.

Given the advantages of WPA3 in terms of security and future-proofing, it is the most
appropriate choice for a modern network, ensuring robust protection for wireless
communications and safeguarding sensitive information from potential attacks.