Deploying a mixed WLAN structure with two sites

Last month I implemented a new WLAN infrastructure at my tennis club in western Austria. In this posting I want to share my experiences and describe some pitfalls which can occur during deployment.

The task was to provide guest WLAN in the club building consisting of two offices, a public Café, two cloakrooms for men and women distributed on three floors, partly WLAN in the neighboring tennis hall and on the outdoor site consisting of 9 courts, with different sea levels. The outdoor site is divided from the club building by some parking slots and a road.

The club building is built of armored concrete which results in a poor signal quality over short distances. Fortunately, there are some locations in the building which offers network cables what helped me a lot.

To build up this WLAN I decided to combine multiple devices and technologies:

  • Ubiquiti UAP-AC-LITE APs for all locations which offers network cables
  • Ubiquiti UAP-AC-M APs for indoor and outdoor locations without network cable
  • 2 Ubiquiti NBE-5AC-16 NanoBeams to create an air link between the club building and a maintenance building on the outdoor site.

Further one US-16 and two US-8 switch provide the necessary backend services.  An USG-Pro-4 secures the network to the internet and provides a VPN connection for external maintenance. The CloudKey is used to manage the whole network including the authorization for the guest portal and can also be accessed via VPN or CloudAccess.

The following diagram illustrates the network topology:

Deployment:

The deployment and configuration of this installation was done on two days, including some “infrastructure measures” like mounting a small rack for the components and patching some network cables to a patch panel.

The configuration of the Ubiquiti components mostly works like a charm, only the Mesh-AP caused some configuration troubles, mostly because of a lack in the documentation. At the beginning, I configured all APs by connecting it with network cables to the switch and attaching to fix IP-Addresses. That´s the way I always configure infrastructure components like APs or Switches. Then I tried to establish a wireless uplink from the mesh APs to the wired AP located in the office which didn’t work the Mesh-APs where always marked as “isolated”. After several attempts including firmware updates and downgrades I found an entry (third post) in the Ubiquiti help forum that wireless uplink only works with a dynamic IP-Address. Unfortunately, this was not referenced in the official UBNT documentation.

Then I configured the two NetBeams to connect the outdoor side of the facility. When doing this, it is important to be patient, because the first time it can take up to one hour until the connection is established.

Finally, I configured the “Office” WLAN and then I started with the deployment of the Guest portal.

Guest Portal:

To simplify the administration and the use of the guest portal, I decided to use a default password, which will be changed from time to time. Because of legal restrictions in Austria, we use a “default” password which will be changed from time to.

A very useful feature for WLAN scenarios like this one is the support of DPI restrictions introduced with controller version 5.6.x which allows to block certain kind of communication like P2P which can become a problem for the operator of every WLAN.  Even if I know that this only works with unencrypted P2P communication, it is an additional “proof” that the operator tries to prevent abuse.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *