Nortel Networks 1 2.4 Performance and scalability

Voice over Wireless LAN Solution Guide v1.0 December 2005

______________________________________________________________________________________________________

Page 31

WPA-PSK plus MAC authentication is suitable. For WLAN Handsets 2212, Nortel also

recommends use of IPsec from a security perspective. In most cases, avoid WEP. Note that

Nortel does not recommend mixing VPN handsets and WPA/WPA2 due to the complexities

involved. Separate SSIDs are required and MAC authentication rules can potentially become

complex. In most cases, it is best to try to find a common encryption type amongst all devices and

implement that uniformly. If you have PDAs, WLAN Handsets 2212, and laptops, IPsec VPN is a

very viable option.

You can implement MAC authentication through the local database on the WSS 2300 or on a

separate Remote Authentication Dial-In User Service (RADIUS) server. RADIUS MAC

authentication is an easier-to-manage solution because only one database needs to be

maintained, as opposed to multiple WSS 2300 databases all with the same MAC address listings.

MAC authentication must provide the VLAN name for the device, so preferably you would

configure RADIUS or the local database to supply a VLAN name that is different from the data

VLAN. Specifically, Nortel recommends that you separate voice and data into different VLANs on

the wired side even if the wireless side provides one SSID interface.

If the data network and voice network are routed together, then employ access control lists (ACL)

on the WSS 2300 series to prevent access to the data network from the voice SSID. Only the T-

LAN should be accessible from the voice SSID. If the only VoWLAN terminals deployed are

WLAN Handsets 2210/11/12, a particularly effective (and recommended) packet filter on the WSS

2300 is one that only allows SVP traffic to and from the voice VLAN. SVP is easily identified by IP

Protocol Type 119 (0x77). Alternatively, the filtering function can be offloaded to a dedicated

firewall device. The advantage of this is that it avoids the performance impact of ACLs being

processed in software by certain models of WSS 2300. The WSS 2380 can perform this at wire

speed, but other WSS models cannot. A dedicated firewall would likely be stateful, whereas the

WSS 2300 ACLs are just basic packet filters. If the voice VLAN is not logically routed to the data

network then perhaps additional ACLs are not needed on the WSS 2300. They can still be used

as an additional layer of protection, though. An alternative option, instead of implementing a

separate firewall device, is to assign non-routable (private) IP addresses to handsets so that the

WTM 2245 acts like a NAT/firewall between the T-LAN and the WLAN.

If the MVC 2050, MCS Client, or IP Softphone 2050 is also used, then it is secured by the options

available to the device itself. Whether a common SSID or separate SSIDs are used depends on

the same decision points described previously. A firewall or ACL setup becomes a little more

complex because those dual type devices must have access to the data network as well as the T-

LAN (voice).

2.4 Performance and scalability

Following are the general performance and scalability expectations of each major device in the

solution. Because of the potential complexity of the solution as a whole and the dynamic

environment intrinsic to RF technology, it is hard to characterize every situation. For example,

because the WLAN Handset 2210/11/12 and MVC 2050 use different QoS mechanisms,

characterization of one does not apply to the other. In a pure WLAN Handset 2210/11/12

environment or a pure MVC 2050 environment it is easier to find the ceiling on call scalability per

AP. When you mix devices in different proportions, it becomes much more difficult to pin down

the exact expectations. So while it may seem simplistic to deal with this subject on a per-device

basis, it is really the only way to distill performance expectations into a manageable discussion

without performing endless test plans of the endless permutations of potential WLAN designs.

2.4.1 WLAN AP 2330 scalability

Each AP 2330 provides a certain amount of maximum call capacity. This is expressed as a

ceiling, and real-world conditions adjust this threshold downward. There are several factors that

contribute to this adjustment. First, sources of interference such as co-channel interference (CCI)