Multiple access points and sql connnection help

A

Acer

n00b
Joined
Aug 25, 2004
Messages
42
I am having trouble figuring out what to do. Our company was contracted to setup a wireless network for a factory in which people use tablet pcs' throughout the facility (sometimes very quickly switching through wireless access points) We have setup 8 access points throughout the facility. The program the they use has a constant, always on sql database connection. We are using linksys wap 54g acess points to do the job.

It has been just fine until we tried to add mac address filtering, and wpa. Then all hell broke loose. We would get constant disconnects from the wireless (intel 2200 wireless card) and everyone was running really slow. So we took off wpa, and left just mac address filtering. So far it has been decent, but it has still been running slow and some of the time we get sql "connection failures"

My questions:
1. The access points are connected using hubs, would switches help? Or would the switches get confused from the constant switching of clients between access points?

2. Should the Linksys wap's be good enough for our application? Should mac addressing be that slow?

3. Why wouldn't wpa work for our situation?

4. Is there anything we can do to make sure each of the access point know about each other so that the tablets only have to authenticate once for mac address filtering?

5. Is there a better solution for our situation?

I would really appreciate any suggestions, this has been a big struggle for us.
 
Why would you run a consumer grade AP in a business? Also a switch couldn't hurt, and if you use a nicer switch then you can run the MAC address filtering from the switch is better set up for that, although then people could theoretically access the WAN portion of the network that resided before the switch. Most likely the reason WPA is not working is due to the fact that it has a large overhead and takes a fair amont of processing power which can cause issues for time sensitive applications, although SQL normally has a fairly large timeout. Seriously though, you need to let the people know that they seriously under-spec'd this isntallation and while it may work now, I seriously doubt the longer term stability of this type of installation.
 
For a situation like this I would have gone with an set of APs that can actually support true roaming between access points like some of the Cisco Aironet stuff. Obviously this is going to be exponentially more complicated than using Linksys WAP54Gs. Those really aren't suitable for this type of situation.

Furthermore, MAC address authentication is pretty much a waste of time as a security mechanism. Its very easy to sniffer and thereby spoof a mac address.

I'm not sure on the WPA authentication and speed. There is more overhead involved here, this could potentially be a problem with the AP or the client adapters in the tablets.
 
I am glad I'm not the only one who thinks the linksys ap's arent good enough. I started working there after they already installed that setup. I kind of figured the access points are seriously under spec. The owner of the business specifically wanted something that would be very easy to find, and cheap to replace if one failed.

Another comment (to add to the list above) Would switches actually work in that enviroment?

example: you connect to one access point, make a transaction, and while still in the middle of a new transaction you switch between access points, have to re authenticate with mac filtering, and then switch has to find that you IP has switched from one part of a network, to another part. Wouldn't a hub prevent some confusion for the network since it broadcast to the whole network anyway?

Thanks again
 
For a situation like this I would have gone with an set of APs that can actually support true roaming between access points like some of the Cisco Aironet stuff. Obviously this is going to be exponentially more complicated than using Linksys WAP54Gs. Those really aren't suitable for this type of situation.
Click to expand...

What does true roaming between access points do?



Furthermore, MAC address authentication is pretty much a waste of time as a security mechanism. Its very easy to sniffer and thereby spoof a mac address.
Click to expand...

Ya, But that is the only sort of security we could add to the wireless(besides being on a domain of course) from all of the trouble we had with preivious attempts.
 
Hmmm..... From what I read you have to have both a cisco card in the pcs and also a cisco access point. And it looks like you have to use a cipher instead of standard wpa if you don't want it to reauthenticate. I'm not too sure that our client would go for that. Thanks for the links though, very interesting reading.
 
Business environment, especially one that needs 8 AP's and the primary application is a sql server that requires constant connectivity require business class Access Points. Whomever put Linksys gear in there should be fired. Legitmately. That is not an exaggeration. You don't have to put Cisco gear in there in it's place. There are many corporate/enterprise level wireless vendors that don't pinch your wallet quite as bad as Cisco. Proxim is a bit cheaper. Pegasus. RadioLAn. Even something like Buffalo Tech would be worlds better than linksys. Linksys? Holy shit. That would be amusing if it weren't so irresponsible of the company that installed them.

The reason encrpytion and MAC filtering, any kind of security measures really, make roaming more difficult is it take the client longer to associate correctly. Apparantly long enough to time out on the SQL database connection.

This is easy. Tell em to cut their losses, hire someone competant, and put quality gear in.
 
Thanks for the responses. It is extremely hard to convince the guy in charge of the business to switch to something more expensive. Unfortunately I am just a tech in the middle of it all. I am still concerned about the switching between different access points (they are switching between the linksys aps' very fast), and how adding security will effect it.

Here are my goals:
1. To implement strong security.

2. To not make the whole thing not go down in flames after I do implement it.
 
Acer said:
Thanks for the responses. It is extremely hard to convince the guy in charge of the business to switch to something more expensive. Unfortunately I am just a tech in the middle of it all. I am still concerned about the switching between different access points (they are switching between the linksys aps' very fast), and how adding security will effect it.

Here are my goals:
1. To implement strong security.

2. To not make the whole thing not go down in flames after I do implement it.
Click to expand...


Hard to do with consumer lever stuff. You can only be as strong as your weakest link! My company uses Cisco Aironet A/G APs + an NT CA running RADIUS. Roaming works pretty nicely between APs even thoughwe use wireless A exclusively which makes the radius for APs even tighter.
 
My company uses Cisco Aironet A/G APs + an NT CA running RADIUS. Roaming works pretty nicely between APs
Click to expand...
.

I don't have alot of experience with radius. From what I've read your radius server takes care of authentication, and then the access points just transmit data. How do you integrate cisco aps with the server? Is it pretty hard to setup?
 
Acer said:
Thanks for the responses. It is extremely hard to convince the guy in charge of the business to switch to something more expensive. Unfortunately I am just a tech in the middle of it all. I am still concerned about the switching between different access points (they are switching between the linksys aps' very fast), and how adding security will effect it.

Here are my goals:
1. To implement strong security.

2. To not make the whole thing not go down in flames after I do implement it.
Click to expand...
1. Use 802.1x.
2. Make sure to use enterprise grade equipment.
 
Cisco Aironet's running LWAPP and a Cisco 4400 Wireless LAN controller will solve all of your problems.

Obviously Cisco equipment is more expensive than all of the consumer grade gear out there, but that does not mean a business case can not be made for it...
 
Cisco Aironet's running LWAPP and a Cisco 4400 Wireless LAN controller will solve all of your problems.
Click to expand...

Sounds great. This may be what we need to fix the problem. Anybody have any experience with these products?
 
Whilst not really a reply to your original conundrum, and i whole heartedly agree with what has been said before, is the app you use bespoke? if it is can you not just have the amendments made to the way the client interacts with the server. I would imagine that the overhead of 2-3 days of programming time, will be lower than that of the hardware and consultancy costs of replacing the current equipment.
 
Acer said:
Sounds great. This may be what we need to fix the problem. Anybody have any experience with these products?
Click to expand...

Yes, thus the reason I posted it... :p

Using the LWAPP enabled AP's in conjunction with the WLAN Controller allows central management of your Wireless LAN, allows instant configuration of new AP's as they are added to the network, gives you real-time air space management, and the list goes on. From an admin perspective they are a must have when you have more than a handfull of AP's to manage and these AP's are critical to the functionality of the business.
 
The programmers tell me that it is not possible to have the sql connection to have a timeout that allows the sql connection to be broken. Does that sound right to you guys? I'm no programmer myself.
 
If you (or your company) are writing the application, you should be able to check the status of the connection before doing a query to the database and reconnect if there is a problem. It depends on what language you are using. But, with C and VB it's possible.
 
You must log in or register to reply here.
Back
Top