Enterprise WiFi Knowledge Base
Definition: WiFi (Wireless Fidelity) is a wireless networking technology that uses radio waves in the 2.4GHz, 5GHz, and 6GHz bands to provide high-speed network connectivity.
1. WiFi Standards
System Admins must understand IEEE specifications to consult and deploy appropriate equipment.
| Commercial Name | Standard (IEEE) | Key Specifications | IT Notes |
|---|---|---|---|
| WiFi 4 | 802.11n | 600Mbps, 2.4GHz & 5GHz. | Obsolete, often causes network congestion. |
| WiFi 5 | 802.11ac | 3.5Gbps, 5GHz Only. | Current standard for most enterprises. |
| WiFi 6 | 802.11ax | 9.6Gbps, OFDMA technology. | Optimized for High Density environments. |
| WiFi 6E | 802.11ax (Ext) | Extends to the 6GHz band. | Less interference, requires 6GHz capable devices. |
| WiFi 7 | 802.11be | 46Gbps, 320MHz channel, 4K-QAM. | Future tech, ultra-low latency. |
Quality Impact Factors
- Distance: Signal attenuates with the square of the distance.
- Obstacles: Concrete walls, glass doors, and elevators significantly weaken signals.
- Interference: Microwaves, Bluetooth, cordless phones (especially on 2.4GHz).
- Device Count: More devices mean less shared bandwidth per device.
Admin Tools
- WiFiman (Ubiquiti): Beautiful UI, Speedtest, Latency check, Ad-free.
- NetSpot: Generates Heatmaps to identify Dead Zones.
-
macOS Wireless Diagnostics:
Tip: HoldOption+ Click WiFi icon > Open Wireless Diagnostics.
Automatically scans and suggests the best channels.
3. Enterprise WiFi Applications
The core difference between Home and Enterprise WiFi lies in management capabilities and service integration.
A. Network Segmentation & VLANs
One AP broadcasts multiple SSIDs, each mapped to a specific VLAN:
- Staff Network: WPA-Enterprise authentication (User/Pass AD). Access to Server, ERP.
- Guest Network: Client Isolation, Internet access only. Uses Captive Portal.
- IoT Network: Dedicated for Cameras, Timekeepers. Prevents lateral movement attacks.
B. Roaming & Centralized Management
The Problem:
At home, moving between floors causes disconnections before reconnecting. This drops VoIP/Teams calls.
Enterprise Solution:
Use a Controller and Roaming protocols:
- 802.11k: AP sends neighbor list to the client.
- 802.11v: AP steers client to a better station.
- 802.11r (Fast Roaming): Ultra-fast re-authentication (<50ms).
C. Advanced Applications
- WiFi Marketing: Collect customer data (Age, Phone) in retail. Heatmap analysis of customer dwell time.
- High Density: Supporting hundreds of devices in auditoriums, wireless printers, and casting screens.
- IoT & Logistics: Connecting smart forklifts, AGV robots in warehouses, and vital sign monitors in healthcare.
4. Technical Deep Dive
TX/RX & Half-Duplex
WiFi works like a Walkie-Talkie (Half-Duplex). Only one device speaks at a time.
Classic Error: Admin sets Router TX Power to Max.
Result: Phone sees full bars (Good RX) but sends weak data back (Weak TX) -> Router can’t hear -> Connection stalls.
Solution: Set TX Power to Medium or Auto.
Result: Phone sees full bars (Good RX) but sends weak data back (Weak TX) -> Router can’t hear -> Connection stalls.
Solution: Set TX Power to Medium or Auto.
Antenna Technology
- MIMO: Multiple antennas transmitting/receiving simultaneously (2×2, 4×4) to increase bandwidth.
- MU-MIMO: AP talks to multiple devices at once (reduces latency).
- Beamforming: Focuses signal directly towards the device instead of broadcasting in a circle.
Interference & DFS Channels
Interference:
- Co-Channel (CCI): Devices “queue up” to speak.
- Adjacent Channel (ACI): Most dangerous (e.g., Ch 1 & 2).
- 2.4GHz Rule: Only use channels 1, 6, 11.
DFS (5GHz):
Channels 52-144 are shared with Military/Weather Radar.
If Radar is detected, WiFi drops clients to switch channels -> Disconnection.
Advice: Prioritize channels 36-48, 149-165.
Advice: Prioritize channels 36-48, 149-165.
RSSI Signal Metrics (dBm)
-30 to -50 dBm: Excellent.
-65 to -67 dBm: Enterprise Standard (Voice/Video).
-70 to -80 dBm: Poor, lag, buffering.
< -85 dBm: Noise Floor (Disconnected).
5. WiFi Security
A. Authentication Models
| Type | Features & Application |
|---|---|
| WPA-Personal (PSK) | Shared password. Hard to manage offboarding. Easy to leak. Home use only. |
| WPA-Enterprise (802.1X) | Individual accounts (AD/Radius). Instant revocation upon termination. Standard for Enterprise. |
AAA Model: Supplicant (Laptop) -> Authenticator (AP) -> Authentication Server (Radius/NPS).
B. Encryption Standards
- TKIP: Cracked. DO NOT USE.
- AES: Military-grade. Always choose WPA2/WPA3 – AES.
Latest WPA3:
– SAE: Anti-offline dictionary attacks.
– OWE: Encryption for Open networks.
– SAE: Anti-offline dictionary attacks.
– OWE: Encryption for Open networks.
Common Attacks
- 1. Rogue AP: Employee plugs unauthorized router into network -> Use Controller to detect & block.
- 2. Evil Twin: Hacker mimics Company SSID to steal credentials -> Use Certificates for server validation.
- 3. Deauth Attack: Sending disconnect packets -> Enable PMF (Protected Management Frames) to prevent.
Comprehensive Guide for IT System Administrators. Updated 2024.