Chapter 30 Wi-Fi PDF
Document Details
Uploaded by SolicitousOklahomaCity
null
2021
Tags
Summary
This technical document details Wi-Fi technology, including its introduction, technology, and implementation in offices, residences, and railways. It discusses specific security configurations and maintenance procedures.
Full Transcript
CHAPTER XXX Wi-Fi 30.1 Introduction: 30.1.1 A wireless network or Wireless Local Area Network (WLAN) serves the same purpose as a wired one - to link a group of computers/IP enabled...
CHAPTER XXX Wi-Fi 30.1 Introduction: 30.1.1 A wireless network or Wireless Local Area Network (WLAN) serves the same purpose as a wired one - to link a group of computers/IP enabled devices like mobiles, Smart TV, IP Telephone, IP Camera etc. It is used to augment Railnet to connect many devices supporting Wi-Fi wireless connectivity. 30.1.2 Railnet is the general purpose Enterprise Wide Area network of Indian Railways. Wi-Fi network is allowed to be established as a part of Railnet. 30.1.3 Wi-Fi is also provided by Railways at Railway stations through Railtel and other private agencies for extending the internet to Passengers. 30.1.4 For other networks like FOIS etc. Wi-Fi access can be established if the same is permitted by the Railway Board. 30.1.5 Wi-Fi is also used as a method of connecting two networks or a single device with a network wirelessly, like a CCTV camera where the feasibility of providing a wired network is difficult, costly or time consuming. 30.2 Technology: 30.2.1 Wi-Fi networks operate using radio frequency (RF) technology, in the free band mostly at 2.4 GHz and 5GHz in public band. 30.2.2 An access point (AP) is used for providing a wireless network. The access point is connected to the wired network (Railnet) to provide Railnet/Internet services to its clients. An access point works as a combination of Router, switch and Wireless Radio in one device. 30.2.3 Wireless controllers are used in the LAN to manage the access points. These wireless controllers manage the access points, control the RF power and try to reduce the interference in the WLAN besides providing many advanced user management features. 30.2.4 Nowadays most of the devices like computers and laptops are provided with built-in Wi-Fi feature for connecting to access points, but if not, the device can be made wireless through the use of an add-on adapter plugged into an empty expansion slot or USB port and providing the necessary software 30.2.5 Wireless network is a shared network, more computers connected to a wireless access point the less data each will be able to send and Indian Railways Telecom Manual - 2021 Page 371 receive. Wireless network's speed can vary greatly and the range of the access point can vary too. 30.2.6 The closer to an access point, the stronger is the signal and faster is the connection speed. The range and speed of wireless networks also depends on the environment in which the access point is operating. 30.2.7 Interference is an issue with any form of radio communication. The potential for interference is especially great indoors, where different types of building materials (concrete, wood, drywall, metal, glass etc.) can absorb or reflect radio waves, affecting the strength and consistency of a wireless network's signal. 30.2.8 Interference can be minimized by relocating wireless networking hardware or using access points with special antennas that enhance capacity of radio link using methods like MIMO (Multiple Input-Multiple Output). 30.3 Wi-Fi in Offices/Residences 30.3.1 Wi-Fi has become a necessary access technology in the Enterprise LAN. Wi-Fi network is allowed to be established as part of Railnet. Equipment that provides both 5GHz and 2.4 GHz access may be used. 30.3.2 Security is an important element of Wi-Fi usage in prevention of unauthorized access. The following security measures are used for improved security of networks using Wi-Fi. a. SSID hiding. b. Mac filtering. c. Static IP addressing. d. Use of Strong Passwords for both the device admin as well as the WiFi access. e. Use of strong end to end encryption standards like WPA. f. Changing the default IP address and password of the access point. 30.3.3 In the offices, Wi-Fi access points can be provided as personnel equipment or as a service. It is however desirable to provide Wi-Fi as a service. 30.3.4 As a personnel access point, WPA-2 security shall be configured and the security key shall be handed over to the user. 30.3.5 For the Wi-Fi as a service in the office areas the following shall be followed: Indian Railways Telecom Manual - 2021 Page 372 a. Wi-Fi shall be provided through access points that should be configured as extended service sets whenever possible. Wireless controllers shall also be provided in the network to manage and control all the access points centrally using NMS and to automatically adjust the RF band/power of the access point to reduce the inter-ference and increase the throughput. b. In a typical office environment (data use) 20-25 users per access point is a good number when designing. In view of the increased use of net and Wi-Fi, the system should be upgraded to ensure that each user gets sufficient bandwidth for satisfactory use of the facility provided. c. All access points should be powered through UPS to ensure uninterrupted working. d. The access points may preferably be powered using PoE from the switch port. e. To ensure smooth roaming, the same SSID should be used on all the access points within the same campus/building. The Wi-Fi access point shall be configured to authenticate users using IEEE 802.1x MAC authen-tication through a radius server. Such a system shall allow only authorized Wi-Fi users to roam across the Wi-Fi zone and access Railnet securely. WPA-2 access keys must also be configured and it must be kept the same for all the access points in this scenario. f. Wireless controllers should be planned in redundancy so that in case of failure of one, the other is able to manage all the access points centrally using NMS. 30.3.6 In case an access point is provided for a group of users on a temporary basis, MAC binding should also be configured in the access point in addition to the WPA-2 security key. 30.3.7 Railnet has been made available in many railway quarters. Currently it has been extended using DSLAM and DSL modems. Wi-Fi access with Fibre at Home may be provided in the residences as well. 30.3.8 In the residence, the device working as a Wi-Fi access point should be configured with WPA-2 security and the key shall be made available to the users. If possible, MAC binding shall also be configured taking in the possible devices that may connect to the Wi-Fi access point in a residence. 30.4 Fault Diagnosis: Indian Railways Telecom Manual - 2021 Page 373 30.4.1 Hardware: The equipment is provided with visual indications by which the status of the equipment can be known. The next option is by login into the equipment and test the equipment with standard instructions given by the manufacturer. 30.4.2 Software: The software part like firmware of access point / managed equipment can be checked or upgraded to higher versions depending on the type of the fault encountered. 30.4.3 Media / Channel: The media which actually connects to an access point can be checked with the testing facility given on the interface device or through measuring instruments. 30.5 Installation / Environment: 30.5.1 The equipment should be installed in a dust free environment and temperature within the room shall be maintained as per the equipment manufacturer data sheet. 30.5.2 Uninterrupted Power supply should be provided to increase the life of the equipment as well as to keep up the availability of the access point. The capacity of the UPS shall be decided taking into consideration availability of local power supply. 30.5.3 The availability of the electrical earth having value within the limits is as per standards is to be ensured. 30.6 Maintenance Schedule: i. The equipment shall be kept clean and tidy without dust. ii. Any other checks suggested by manufacturers. 30.7 Do’s and Don’ts: 30.7.1 Do’s: i. Take the printouts of the configuration and document them. ii. Softcopy of the configuration files shall be stored each time the configuration is changed so that it will be useful for uploading the configuration when needed and reduce the down time. iii. Protect the cables connecting the access point and ensure protection from rodents where cabling is done through false ceiling. iv. Train the staff and update the knowledge to maintain the network more efficiently. v. Change the password periodically. vi. Keep the operation and maintenance manual handy. vii. Do proper lacing of internal wiring. Indian Railways Telecom Manual - 2021 Page 374 30.7.2 Don’ts: i. Do not change the IP addressing scheme and IP address of the working network without the written permission of the Network Administrator. ii. Do not change the configuration without the permission of the Network Administrator. iii. Do not share the passwords with your colleagues. iv. Never use water to clean the equipment. -x-x-x- Indian Railways Telecom Manual - 2021 Page 375