Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Limiting wireless signal

This thread has been viewed 0 times

  • 1.  Limiting wireless signal

    Posted Jul 25, 2017 07:50 PM

    Hello we have a client that want to limit the wireless signal of their SSID so noone can see it on the street.  They got a big building in the city, so they got many access point and the building a glass one.  So the signal travel from inside to outside.    i can maybe tune that they cannot connect if they are really far but they will still see the signal.

    I dont think tis possible doing what they are asking me but i still ask here as you learn everyday soemthing new :)

     

    they also ask me if you could hide the ssid but just from the APS on the first 2 levels but not hide it on the upper APS.(i mean the same ssid) which is not possible as far i know.

     

    They ask me if we could do something about that.

     

    Any ideaS?? i know that many of you got clients with the same question! anyone!?!??

     

    Cheers

    Carlos

     



  • 2.  RE: Limiting wireless signal

    EMPLOYEE
    Posted Jul 25, 2017 08:02 PM
    Is this an open SSID or an encrypted SSID?


  • 3.  RE: Limiting wireless signal

    Posted Jul 25, 2017 08:20 PM

    one is 802.1x and the other is a guest wifi

     

    Cheers

    Carlos



  • 4.  RE: Limiting wireless signal

    EMPLOYEE
    Posted Jul 25, 2017 08:30 PM

    Unfortunately, wifi is just like a spotlight;  If you turn it on, anyone with good vision or binoculars can see it from far away.  Strong encryption is typically the answer for protection.  For the guest SSID, you could enable a local-probe-request-threshold of 15 to 20, but people would be able to see it, but will not be able to connect.  It could be frustrating for some users who see it, but cannot connect.  Long story short, for the public SSID, the lease times should be kept short and the pool should be fairly large to discourage drive-by phones from consuming and holding onto resources...



  • 5.  RE: Limiting wireless signal

    EMPLOYEE
    Posted Jul 25, 2017 08:34 PM

    So the reality is to prevent RF from bleeding outside, there's one fool proof way, and one that you can try to tune and test. 

     

    First, the for sure way is to put RF shielded paint on walls and RF shielding films on the windows. This gets kind of pricey but is used by numerous high security organizations worldwide and works very well. 

     

    The other alternative is a combination of specific AP placements, adjusting AP power, and using APs with external antennas with the antennas firing in to the building away from the walls. So in most cases if RF shielding cannot be used, any perimeter APs will use either APs with narrow downfiring antennas, or APs mounting on the perimeter with directional antennas firing in towards the building coverage area. This is not a fool proof measure but with tuning, proper placement and planning, etc you can get it such that practical use of the RF outside the building is not possible. 

     

    So the first way is easy but expensive, the latter is less costly but time consuming (high labor cost). The other alternative is to do what CJoseph suggested, you can put permiter APs in their own group with some special SSID settings to put a high probe threshold. While it will keep users off, it won't stop sniffing/eavesdropping. You could also move the guest network to a BYOD CP where device registration moves them to a secure network so that per client connections are encrypted once they go through the captive portal and get onboarded into a guest role.