A couple years ago, our high school principal purchased some laptops to use in the media center. Our media center is small, and frequently crowded, and there wasn’t room for more tables full of computers. Still, he wanted to accommodate as many students as possible. With the freedom of wireless technology, it seemed like a natural fit.
We knew from the outset that we were going to want to use the computers in other areas of the building, too, and that wireless security was going to be an issue. We also thought that it would make sense to build a network that students could access with their own wifi devices, too. The project was getting more and more complicated.
In the end, we created a separate network for our wireless devices. We placed a firewall between the wireless network and the wired network. If a device connecting to the wireless network is a “known” device — one that we’ve set up — it behaves like our normal student-use computers. If the device is an “unknown” device, it requires the user to authenticate through a web browser, and then gives them access to the web. With this setup, we could leave the access points wide open, so configuration is easy. The security comes at the firewall level.
This system has worked fairly well. We purchased fifteen laptops for the media center. These computers can be carried down to the cafeteria, or to the large group instruction room, or outside to the football stadium. No configuration changes are needed to connect to the network, the system is secure, and everyone’s happy.
The problem came when we bought another fifteen laptops. Now, we have 30 laptops in the media center, all connecting through the same access point. Since our access points are only really designed to handle about 12 connections at a time, that presented a problem. We added a second access point, but the clients all connect to the one with the better signal, and it still gets overloaded. There isn’t any reasonable way to load balance them without using multiple SSIDs, and that would mess up the connections in other locations.
As is often the case in our district, the solution came in the form of open source software. The Linksys access points we’re using have a firmware that runs on linux. Since this software is open source, the source code for the firmware is also available. As it turns out, there are many different alternative firmware packages for these devices. The one we settled on is DD-Wrt. We flashed the access points with this software, and suddenly found ourselves with a lot of new configuration options. One of these allows us to set the maximum number of clients that can connect at a time. So we set up three access points, limited each to 12 simultaneous connections, and voila: a load-balanced solution.
This path isn’t for the faint of heart. It’s possible to render the access point unusable if something goes wrong with the software install. We’re also proceeding cautiously until we can verify the reliability of these things. But it looks like a very promising solution.