客人Wi-Fi接入的5个最佳实践

Mauro Rizzi

February 13, 2018

Pay attention to security, 推出无线网络升级时的带宽和应用程序可见性

升级你的无线网络需要大量的关注. 尽管有很多方法可以配置和使用Wi-Fi, best-in-class organizations should apply these five strategies to get the most out of their networks.

1. Predict changes

没有什么比Wi-Fi网络无人看管更危险的了. 随着时间的推移，人们被增加、移动或替换. 桌子和其他家具在环境变化. A wireless network that isn’t maintained to keep up with these changes degrades over time and provides less-than-exceptional service to users.

However, the chipset power embedded into each access point allows today’s wireless LAN (WLAN) infrastructure to be very fault-tolerant. 一个好的WLAN可以在失去接入点和增加新接入点的情况下存活下来. 无线电干扰将得到主动管理，使影响最小化. All complex configurations and dynamic management of radio channels would be addressed in every AP.

2. 使用智能无线产品

Gone are the days when you had to manage and configure each wireless access point manually and separately. 不断调整功率水平的繁琐工作, 通道分配或启用热备ap已经像渡渡鸟一样消失了.

今天的分布式智能Wi-Fi技术可以处理移动性, keeping an IP address and connection alive while a user on a VoIP call walks between rooms, floors and even buildings. 你应该投资一个不仅能处理移动的Wi-Fi网络, 而且还能处理各种流量，包括语音和视频对话, document and screen sharing and team collaboration with a bunch of people working on the same document at the same time.

3. 理解应用程序并确定优先级

In most networks, 一旦WLAN网络打开, 大楼里的每一部智能手机都自动连接到网络上. 这些设备继续消耗带宽，即使没有人使用它们. 再加上在后台工作的应用程序(如自动备份), software updates, application updates, voice recognition software) and you end up with a wireless network near capacity without a single active user!

解决办法不是禁止随意使用. 它是为了确保关键任务的应用程序, (如VoIP/统一通信, video collaboration, document sharing, transaction processing, and business uses), 优先于非商业和休闲使用. 寻找提供应用程序可见性和控制的Wi-Fi解决方案，例如 阿尔卡特朗讯OmniAccess®恒星无线产品组合, so you can throttle bandwidth depending on specific rules, automatically and dynamically.

4. 制定访客访问策略

Supporting guest access is generally a given in today’s enterprise wireless installations. Guests commonly have a legitimate need to connect to the Internet while visiting an organization. 尽管一些公路战士可能会使用替代技术, 例如4G或LTE，以绕过本地Wi-Fi网络, it is important to plan if and how other guests will connect to the organization’s WLAN.

当然，这些客人不应该要求太多 access to anything inside the normal enterprise network — printing, perhaps, being the occasional exception. Therefore, securing connections to ensure that guest users do not gain elevated privileges is important.

Common alternatives, such as requiring guests to preregister Media Access Control (MAC) addresses or obtain a temporary user name and password, 往往是麻烦的，应该避免. One bad result of a guest policy that is poorly developed or difficult to follow is that staff members might spend valuable time trying to get their visitors logged on to the wireless network. Or, even worse, a staff member might share his access with a guest to connect directly to the internal wired network to bypass issues with the guest access rules and process.

Guest policies must balance requirements for accountability and prevention with the goal of making it simple and quick. 有很多自动化的系统可以做到这一点, however the best and most secure way to get this done is to have an intelligent WLAN system which understands when a guest connects, throttle the bandwidth depending on the application used and tunnel the traffic up to the router for the internet connection.

5. 从一开始就有最高的安全性

Security has always been very important especially when dealing with wireless networks. 现在有各种各样的方法来建造它, however the best would be to have NAC (Network Access Control) not only for WLAN but for LAN users as well. One single point of management can guarantee the highest level of access security no matter the type of connection (wired or wireless) NAC meshes well with wireless deployments because the wireless authentication standard — known as Wi-Fi Protected Access 2 (WPA3 is currently under development, 考虑到最近在WPA2中发现的漏洞)使用802.1X, which is a convenient method for passing NAC information between clients and servers. There are many network management systems that streamline and minimize the complexity from a NAC deployment for the network infrastructure.

These are the five basic rules to follow for providing users with the best experience while keeping the administrator happy with short and relatively simple configurations. The network infrastructure itself will take care of the most cumbersome and boring tasks needed for the optimal operation of the network infrastructure.

For more information about an access point solution that addresses these issues, read about the 阿尔卡特朗讯全接入恒星无线局域网解决方案