Wireless plant network

Hi all,

I've been asked to put together a wireless network for a factory so that (a) it makes life really easy for all the onsite techs who can then wirelessly troubleshoot their PLC's and not be tied to cabinets, and (b) the manager can walk around with his shiny new tablet looking at production figures in realtime. OK, it's mostly just reason b (isn't it always?).

Anyway. Just wanted to get an idea of how a good wireless network gets linked together if anyone has any expertise. I've got allowance for one antenna in every room as most of the walls are firewalls and I don't imagine wireless signals like them a whole lot. But what I'm wondering is how I can set them all up so that I define one wireless network tied to all of these antennas? So that if I walk from one room to the next, my laptop/tablet will switch from one antenna to the next to the next seamlessly without having to drop out and reconnect every time. Can anyone give me any pointers here? I realise it's a bit of a vague question, so if more information is required just tell me what you need to know

Thanks!

I've done this by setting the wireless channel on each AP manually. I used six wireless APs over a 10 acre outdoor area with multiple buildings. It's been a while, but as I remember when I researched it, there are really only three non-overlapping channels. One, six and eleven come to mind, but may not be correct. Anyway, I was able to use those channels more than once based on how far apart the APs were and how much 'shielding' I had between them. An AP set to channel one could not see the other AP set to that channel and devices couldn't see both those APs at the same time. It works very well. Wireless devices would roam from AP to AP simply by changing wireless channels with no noticeable disruption in service. This was an 802.11G setup. All APs had the same SSID and connection credentials.

ASF said:

Hi all,

I've been asked to put together a wireless network for a factory so that (a) it makes life really easy for all the onsite techs who can then wirelessly troubleshoot their PLC's and not be tied to cabinets, and (b) the manager can walk around with his shiny new tablet looking at production figures in realtime. OK, it's mostly just reason b (isn't it always?).

Anyway. Just wanted to get an idea of how a good wireless network gets linked together if anyone has any expertise. I've got allowance for one antenna in every room as most of the walls are firewalls and I don't imagine wireless signals like them a whole lot. But what I'm wondering is how I can set them all up so that I define one wireless network tied to all of these antennas? So that if I walk from one room to the next, my laptop/tablet will switch from one antenna to the next to the next seamlessly without having to drop out and reconnect every time. Can anyone give me any pointers here? I realise it's a bit of a vague question, so if more information is required just tell me what you need to know

Thanks!

Click to expand...

Contact Aruba Networks. They have the gear to do this, and do this right.

http://www.arubanetworks.com/products/wireless-lan/

My former employer's IT department deployed Aruba access points and AP controllers with great results. I may be able to put you in touch with the guy that deployed the system. Let me know if you're interested and I'll see what I can do.

A word to the wise - Aruba's gear is reasonably friendly, but it's enterprise-level equipment, so you have to know what you're doing to set things up properly.


-rpoet

ASF said:

Hi all,

I've been asked to put together a wireless network for a factory so that (a) it makes life really easy for all the onsite techs who can then wirelessly troubleshoot their PLC's and not be tied to cabinets, and (b) the manager can walk around with his shiny new tablet looking at production figures in realtime. OK, it's mostly just reason b (isn't it always?).

Anyway. Just wanted to get an idea of how a good wireless network gets linked together if anyone has any expertise. I've got allowance for one antenna in every room as most of the walls are firewalls and I don't imagine wireless signals like them a whole lot. But what I'm wondering is how I can set them all up so that I define one wireless network tied to all of these antennas? So that if I walk from one room to the next, my laptop/tablet will switch from one antenna to the next to the next seamlessly without having to drop out and reconnect every time. Can anyone give me any pointers here? I realise it's a bit of a vague question, so if more information is required just tell me what you need to know

Thanks!

Click to expand...

Ok it depends a lot and I mean a lot on how many AP's you need. if more than 2-3 you will be better served with a controller based system and the controller can either be hardware or software depending on who you go with.

You need to be looking at Aruba, Cisco, Ruckus, Ubiquiti in that order.

For roaming to be smooth you will need handoff which can be done in the controller or from AP to AP. Vendors call AP to AP hand off different things like Ubiquiti calls it zero handoff and Aruba calls it Client Match, etc.

The systems from different vendors are very different and are applied based on the project at hand but the brands I have listed at the top take care of any situation I have ever come across and I have installed each of those brands several times. They all have there good and bad points.

You also need to consider security. You may want a Firewall between the WLAN and the Automation Assets as well as a radius server for security. Connection to the WLAN that the automation Assets sit on should be limited to specific pre approved devices only.

If you facility does not currently have wireless you can get units that support multiple WLAN's and Virtual AP's so your corporate network and your automation network can use the same AP hardware but still keep the security and segregation the automation network needs to be robust and secure.

Thanks for all the tips! We've allowed for Ubiquiti UniFi AP Pro's so I guess we're onto a good thing there. We will have around 10 antennas initially, once the new warehouse goes in there will be a few more. So I'll read up on zero handoff, or you mentioned that it can be done in a controller? What are the options for a ubiquiti controller?

I intend to configure the network to be non-broadcasting and I'm assuming the ubiquiti software will be able to be configured so that only pre-approved mac addresses can connect - I would have thought that would be enough security, but you are suggesting I may need a firewall as well?

Not sure about the ubiquiti controller on handoff. I do know that the zero handoff on ubiquiti can be cumbersome with lots of ap's because it forces them all to be on the same channel and thus device never knows it switching ap's but when you have multiple ap's on the same channel with overlapping coverage it can cause issues.

Limiting connections by MAC filter is just going to be a PITA and will provide no real security. I could stand outside your building and defeat MAC filtering in under 2 minutes and any script kiddie worth his salt could do it in less than 5.

Same goes for hiding the SSID. A PITA for the users and provides no real security. If you want security use RADIUS. Anything less is just ****ing in the wind.

RADIUS is the minimum I would do when implementing WIFI on a Automation network and I would not sleep well at that because I could get through RADIUs albeit more work and social engineering it can be done. Most WIFI implementations I do these days on automation networks are setup for 2 factor authentication using one time passwords.

OK, a few interesting things there. From the Ubiquiti KB and forums, Zero Handoff is set up with software, and then once the AP's are all configured you can take the PC offline and the AP's look after themselves. So that part of it's OK. Although I did find mention that, as you say, if the AP's are too close to one another they have issues with ZH. In which case I'd be better off to disable ZH. To be honest having read into it a bit more I'm not entirely sure that ZH is even really necessary - if I were to have my programming laptop talking wirelessly and I walked to the other end of the factory with it, across say 4 different AP's, how likely is it that RSLogix would disconnect and force me to reconnect? Keeping in mind that I'm not stupid enough to be doing something really critical like flashing firmware while I'm connected via wifi in the first place and then, I suppose, what is the performance of the manager's tablet going to be like in the same instance? He'll be running a FTView SE Client, and at the end of the day if his figures freeze for a few seconds while his connection finds a different AP I doubt he'll even notice. Just so long as he doesn't have to do anything to make it come back after those few seconds. Anyone got any real world experience on this sort of thing?

Aaaaaand then security. Don't hackers have anything better to do than to make a poor innocent PLC programmer's life difficult?

Can you give me some more info on RADIUS? And what do you mean by "I could get through RADIUS albeit more work and social engineering it can be done"?

And what about the two factor authentication with one time password setup? How is that implemented?

What if I were to use something like this: http://www.ubnt.com/unifi-switching-routing/usg/ - would that protect me from the nasty hackers?

Thanks!