Choose the right wireless AP for your business

Wireless networks are now an essential requirement for businesses that want to be more productive. The proliferation of tablets, laptops, mobiles and smartphones in the workplace means employees don't need to be tethered to their desk and can reap the benefits of increased mobility.

Wired networks with structured cabling are expensive to install and difficult to upgrade so it makes sense to deploy a wireless network. With the right business-grade access points (APs) in place, they can be expanded easily to keep up with your growing business and the latest products offer vastly increased wireless performance and tight security.

Intense competition in this market sector means prices for business-class access points (APs) are dropping all the time. This is great news for SMBs as they can get a basic, secure wireless network up and running for under 100.

Radio waves

Wireless technology has come on in leaps and bounds over the past year, with the latest 802.11ac Wave 2 APs offering a number of valuable benefits. Along with increased throughput, Wave 2 APs offer a feature called MU-MIMO (multi user multiple input multiple output).

MU-MIMO builds on the older MIMO standard by using a larger aerial array that ups the number of spatial streams from three to four. It essentially increases the number of lanes on your wireless road and enables concurrent downstream communications with multiple devices, allowing it support a large user base without causing congestion.

The downside is Wave 2 APs are more expensive with prices starting at around 250. Worry not though, as you can still get cheaper Wave 1 AC1750 APs along with Wave 2 AC2500 and AC2600 APs.

The numbers refer to the total available data rates, with AC1750 offering 450Mbits/sec on the 2.4GHz band and 1,300Mbits/sec on the 5GHz band. AC2500 and AC2600 are the same (with a little added marketing flair) and push the numbers to 800Mbits/sec and 1,733Mbits/sec.

Business class ticket

Small offices may be tempted by cheap consumer-grade wireless routers, but they'll be missing out on many features essential for business operations. Many business-grade APs have the ability to present multiple SSIDs (service set identifiers) allowing wireless networks to be created for different user groups.

Each SSID can have its own security scheme and authentication method where it could apply a user and group list maintained on the AP or tie in with an external RADIUS server. Security can be tightened further with MAC address black and white lists so only specific systems will be allowed to connect to an SSID.

The first thing a partner or client will whip out when they visit your offices is their smartphone or laptop and providing instant wireless connectivity adds professionalism to your business. You'll want to apply even tighter security, so look for APs that provide guest wireless features such as L2 isolation which stops users on the same SSID from seeing each other.

For general guest wireless access, consider APs that offer a captive portal. This can be used to redirect them to a custom web page where they provide details about themselves, enter login credentials and agree to an AUP (acceptable use policy) before being allowed Internet access.

Intruder alert

When deploying wireless services it's all too easy to forget about the supporting backend network, which could leave a gaping hole in your security. Remember, if you can plug a wireless AP into your LAN - so can someone else.

A recent case in point is an educational establishment that couldn't understand why their ISP was reporting a much higher Internet usage than their internal web filtering appliance. After investigation, it transpired that some enterprising pupils had plugged six old BT home wireless routers into the school network, hidden them in cupboards, set them to hide their SSIDs and passed the details to all their classmates.

The web filtering appliance was configured as a simple proxy but the main gateway server happily handed out DHCP and DNS services to any device plugged into a classroom wall socket. It also placed them on the default VLAN thus circumventing the filtering appliance completely and giving the pupils unmonitored Internet access.

The lesson here is to tighten up your backend systems so this can't happen. Furthermore, all business-class wireless APs can scan for and list neighbour devices, and for greater control consider those offering features such SSID-to-VLAN mapping or intrusion prevention that can block 'rogue' devices.

Standalone or managed

A standalone 11ac AP will be fine for a small office but if you have many areas to cover or big expansion plans, look for those offering central or remote management. It will reduce support overheads as you can create one set of wireless networks and have all managed APs broadcasting the same SSIDs.

This brings roaming into play so as staff or guests wander around your offices, their mobile devices will move seamlessly from one AP to the next - ensuring they always get the best service. Clustering is a very flexible option as products that support this allow a 'master' AP to look after multiple 'slaves' which can be reverted to standalone operations on a whim.

Cloud management is ideal if you're looking after wireless networks in different geographical locations. Cloud enabled APs connect with your portal account to get all their settings, making it simple to manage, monitor and support each location from a single web console no matter where you are.

Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.