WiFi RFP / Tender Guidelines

WiFi is WiFi, right?  Wrong!

So many times we have been called in to 'fix' a WiFi network, only to find that the whole thing was under-specified, under-engineered and .. well.. under-budgeted!  Unfortunately, many network engineers (or plain old IT cowboys) who grew up on wired networks and got themselves a WiFi router at home believe that all WiFi hardware is the same.  This is plain and simply WRONG!

So, to help you avoid the aches and pains of being lumped with an incapable, inefficient and difficult to manage WiFi infrastructure, we have sourced a list of requirements you should always put in your RFPs or Tender specifications.  Like everything else we do, it's vendor-agnostic, so don't expect to find any Cisco-specific or Ruckus-preferring requirements in the list, but it will instantly separate the wheat from the chaff.

If you're lucky enough that you don't have to go to Tender, this is still a helpful list of questions to ask yourself or your integrator.

1. Access Point Technical Requirements

  1. The APs should support the 802.11a, 802.11b, 802.11g standards. It should also support 802.11n standard in the 2.4 and in the 5 GHz bands.
  1. The access points should be centrally managed.
  1. In some small isolated environments the AP should be able to function as a stand-alone access point without the requirement of a controller.
  1. The access point should be automatically upgraded to the appropriate software by a central management system or controller.
  1. The access points may be placed on the same LAN as the controller or on a remote network across a WAN.
  1. Security mechanisms should be in place to protect the communication between the Access Point controller and the Access Points.
  1. Since most radio interference comes from the WLAN network itself the vendor should specify what mechanisms such as beam steering/ adaptive antenna technology/ beamforming are available in combination to focus the energy on the destination STA and minimize radio interference with the surrounding environment of the AP. The vendor should specify if the activation of such feature is still compatible with 802.11n spatial multiplexing.
  1. Since the WLAN network will be using an unlicensed band the solution should have mechanisms that reduce the impact of interference generated by other radio equipment operating in the same band.
  1. The equipment should support DFS and should be at least EN 301 893 v1.5.1 compliant.
  1. The access point should be able to detect clients that have dual band capability and steer those client to use the 5GHz band instead of the 2.4GHz band.
  1. The access point should be operational even in situations where it is not connected to an Ethernet port. It should be able to reach the network using a radio link with other access points. The establishment of those radio links should be automatic.
  1. All the access point antennas should be in the access point enclosure to minimize damage and create a low profile unit that does not stand out visually.
  1. The access point should have anti-theft mechanisms.
  1. The access point should have at least two Ethernet ports allowing the cascading of multiple access points.
  1. The access point should support 802.1q VLAN tagging
  1. The AP should be manageable on a tagged VLAN.
  1. The solution should support indoor and outdoor AP management from the same controller.
  1. Outdoor version of the AP should be IP 67 rated.
  1. Outdoor version of the AP should support temperature ranging between -40°C and 65°C.
  1. The access point should support WPA2 enterprise authentication and AES/CCMP encryption.
  1. The administrator should be able to turn off LEDs on the access point.
  1. Preferably provide a directional antenna array.
  1. Implement Wi-Fi alliance standards WMM, WMM-PS, 802.11d, 802.11h and 802.11e
  1. Support FTP to propagate the configuration file and firmware to the Wi-Fi enabled device
  1. Support RF auto-channel selection by the following three methods: a) measuring energy levels on the channel; b) monitoring for 802.11 signal structures and; (c) detecting radar pulses
  1. Channel selection should be based on measuring throughput capacity in real time and switching to another channel should the capacity fall below the statistical average of all channels without using background scanning as a method. 
  1. At least 6 BSSIDs for multiple differentiated user services (e.g. voice)
  1. For troubleshooting purposes, the administrator should have the ability to remotely capture 802.11 and / or 802.3 frames from an access point without disrupting client access. 

2. Controller Technical Requirements

  1. Controllers always have a hard or soft limit to the number of access points they can manage.  A hard limit may be a fixed limit imposed by the manufacturer (normally can be upgraded by adding more licenses).  A soft limit is when the controller software itself does not have a specific limit, but it is limited by the hardware it is running on, or by the amount of bandwidth available.  Therefore, calculate how many APs you plan to deploy right now and in the next 5-7 years, then multiply by 1.5.  Then specify that:
    1. The Access Point controller should be able to support up to [Total APs now and in 5-7 years' time] access points.
  1. The same goes for the number of concurrent users.  Be careful here!!  Most vendors will hide this number in very small print, leading you to believe there is no limit to the number of clients that can connect.  This number should be at least 20x the maximum number of APs supported by the controller.
    So you would specify:
    1. The Access Point controller should support up to [number of APs x 20] concurrent users.
  1. The access point controller should be able to automatically adjust the channel and transmit power on each AP automatically to achieve optimal performance.
  1. When using wireless network uplink (as specified in Section 1, Point 11), the controller should be able to show the wireless topology on floor plans.
  1. All features listed in any attached literature must be included with the access controller pricing in the offer.  If some features require the acquisition of some licenses, this must be specified.  The vendor should specify which feature requires which type of licensing.
  1. The controller should be manageable via HTTPS.
  1. The controller should be able to present a customizable dashboard with information on the status of the WLAN network.
  1. The AP should be able to scan for rogue access points and the controller should be able to locate them on a floor map. The controller should be able to send a notification to the administrator when a rogue AP has been detected.
  1. All authentication (management and end-user) must be done against a Microsoft Active Directory infrastructure and/or via RADIUS.
  1. The solution should be able to provide a web page accessible via Ethernet or a provisioning SSID where a new client can get access. After user authentication a pre-shared key unique to that user should be generated and the wireless client configuration should be done automatically, either through an applet or an application pushed from that web site.
  1. The controller should provide a captive portal in order to authenticate users that are not part of the organization. The solution should be able to provide a web-based application that allows non-technical staff to create user accounts that are valid for a limited duration.
  1. If the controller is connected to a 802.1q tagged port, the administrator should be able to limit administration through a tagged management VLAN only.
  1. In order to troubleshoot issues with a specific device, the controller should be able to show the following statistics:
    1. AP to which the STA is associated
    2. Signal strength of the STA measure by the AP
    3. All alarm/event messages related to that STA including association de-association
    4. Amount of data received/transmitted by the STA
  1. In order to have good visibility on the utilization of an AP, the controller should be able to provide the following statistics for each AP:
    1. List of all the SSIDs deployed on each of the radio of the AP
    2. Number of STAs associated on each radio
    3. Average client RSSI
    4. Data sent/received
    5. Air Time utilization (%RX, %TX, %Busy)
    6. Statistics on retransmitted packets
  1. At a minimum, the controller should be manageable using SNMP v2. The vendor should have their own MIB allowing the statistics mentioned in two previous questions to be polled by a management platform.
  1. The controller should be able to raise critical alarms by sending an email. The email client on the controller should support SMTP outbound authentication and TLS encryption.
  1. Have the ability to tunnel data from the access points to the controllers
  1. Have the ability to distribute data directly from the access points