FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 8 - Deploying Wireless Networks > Features for high-density deployments

Features for high-density deployments

High-density environments such as auditoriums, classrooms, and meeting rooms present a challenge to WiFi providers. When a large number of mobile devices try to connect to a WiFi network, difficulties arise because of the limited number of radio channels and interference between devices.

FortiOS and FortiAP devices provide several tools to mitigate the difficulties of high-density environments.

Broadcast packet suppression

Broadcast packets are sent at a low data rate in WiFi networks, consuming valuable air time. Some broadcast packets are unnecessary or even potentially detrimental to the network and should be suppressed.

ARP requests and replies could allow clients to discover each other's IP addresses. On most WiFi networks, intra-client communication is not allowed, so these ARP requests are of no use, but they occupy air time.

DHCP (upstream) should be allowed so that clients can request an IP address using DHCP.

DHCP (downstream) should be suppressed because it would allow a client to provide DHCP service to other clients. Only the AP should do this.

NetBIOS is a Microsoft Windows protocol for intra-application communication. Usually this is not required in high-density deployments.

IPv6 broadcast packets can be suppressed if your network uses IPv4 addressing.

You can configure broadcast packet suppression in the CLI. For example, to suppress ARP, downstream DHCP, NetBIOS, and IPv6 packets on the conf-net network, enter:

config wireless-controller vap

edit conf_net

set broadcast-suppress arp-known arp-unknown arp-reply dhcp-down netbios-ns netbios-ds ipv6

end

 

Multicast to unicast conversion

Multicast data such as streaming audio or video are sent at a low data rate in WiFi networks. This causes them to occupy considerable air time. FortiOS provides a multicast enhancement option that converts multicast streams to unicast. A unicast stream is sent to each client at high data rate that makes more efficient use of air time. You can configure multicast-to-unicast conversion in the CLI:

config wireless-controller vap

edit <vap_name>

set multicast-enhance enable

end

 

Ignore weak or distant clients

Clients beyond the intended coverage area can have some impact on your high-density network. Your APs will respond to these clients' probe signals, consuming valuable air time. You can configure your WiFi network to ignore weak signals that most likely come from beyond the intended coverage area. The settings are available in the CLI:

config wireless-controller vap

edit <vap_name>

set probe-resp-suppression enable

set probe-resp-threshold <level_int>

end

 

vap_name is the SSID name.

probe-resp-threshold is the signal strength in dBm below which the client is ignored. The range is -95 to -20dBm. The default level is -80dBm.

Turn off 802.11b protocol

By disabling support for the obsolete 802.11b protocol, you can reduce the air time that beacons and management frames occupy. These signals will now be sent at a minimum of 6Mbps, instead of 1Mbps. You can set this for each radio in the FortiAP profile, using the CLI:

config wireless-controller wtp-profile

edit <name_string>

config radio-1

set powersave-optimize no-11b-rate

end

 

Limit power

High-density deployments usually cover a small area that has many clients. Maximum AP signal power is usually not required. Reducing the power reduces interference between APs. Fortinet recommends that you use FortiAP automatic power control. You can set this in the FortiAP profile.

  1. Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile for your AP model.
  2. For each radio, enable Auto TX Power Control and set the TX Power Low and TX Power High levels. The default range of 10 to 17dBm is recommended.

 

Use frequency band load-balancing

In a high-density environment is important to make the best use of the two WiFi bands, 2.4GHz and 5GHz. The 5GHz band has more non-overlapping channels and receives less interference from non-WiFi devices, but not all devices support it. Clients that are capable of 5GHz operation should be encouraged to use 5GHz rather than the 2.4GHz band.

To load-balance the WiFi bands, you enable Frequency Handoff in the FortiAP profile. In the FortiGate web-based manager, go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the relevant profile. Or, you can use the CLI:

config wireless-controller wtp-profile

edit FAP221C-default

config radio-1

set frequency-handoff enable

end

 

The FortiGate wireless controller continuously performs a scan of all clients in the area and records their signal strength (RSSI) on each band. When Frequency Handoff is enabled, the AP does not reply to clients on the 2.4GHz band that have sufficient signal strength on the 5GHz band. These clients can associate only on the 5GHz band. Devices that support only 2.4GHz receive replies and associate with the AP on the 2.4GHz band.

Setting the handoff RSSI threshold

The FortiAP applies load balancing to a client only if the client has a sufficient signal level on 5GHz. The minimum signal strength threshold is set in the FortiAP profile, but is accessible only through the CLI:

config wireless-controller wtp-profile

edit FAP221C-default

set handoff-rssi 25

end

handoff-rssi has a range of 20 to 30. RSSI is a relative measure. The higher the number, the stronger the signal.

AP load balancing

The performance of an AP is degraded if it attempts to serve too many clients. In high-density environments, multiple access points are deployed with some overlap in their coverage areas. The WiFi controller can manage the association of new clients with APs to prevent overloading.

To load-balance between APs, enable AP Handoff in the FortiAP profile. In the FortiGate web-based manager, go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the relevant profile. Or, you can use the CLI:

config wireless-controller wtp-profile

edit FAP221C-default

config radio-1

set ap-handoff enable

end

 

When an AP exceeds the threshold (the default is 30 clients), the overloaded AP does not reply to a new client that has a sufficient signal at another AP.

Setting the AP load balance threshold

The thresholds for AP handoff are set in the FortiAP profile, but is accessible only through the CLI:

config wireless-controller wtp-profile

edit FAP221C-default

set handoff-sta-thresh 30

set handoff-rssi 25

end

 

handoff-sta-thresh sets the number of clients at which AP load balancing begins. It has a range of 5 to 35.

handoff-rssi Sets the minimum signal strength that a new client must have at an alternate AP for the overloaded AP to ignore the client. It has a range of 20 to 30. RSSI is a relative measure. The higher the number, the stronger the signal.

Application rate-limiting

To prevent particular application types from consuming too much bandwidth, you can use the FortiOS Application Control feature.

  1. Go to Security Profiles > Application Control.
    You can use the default profile or create a new one.
  2. Click the category, select Traffic Shaping and then select the priority for the category.
    Repeat for each category to be controlled.
  3. Select Apply.
  4. Go to Policy & Objects > Policy > IPv4 and edit your WiFi security policy.
  5. In Security Profiles, set Application Control ON and select the security profile that you edited.
  6. Select OK.

 

 

 

 

 

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy