Planning and deployment
12 minute read
Wi-Fi 6E is Wi-Fi 6 (IEEE 802.11ax PHY/MAC) operating in the 6 GHz band offering up to double or triple system capacity compared to previous generations. Note the 6 GHz band is not available in every regulatory domain (region). Ensure you comply with your local regulatory requirements before deploying Wi-Fi 6E.
Key design principles
- Enable 6 GHz by creating a multi-band SSID rather than creating a 6 GHz only SSID.
- Choose Enhanced Open for guest networks, WPA3-Personal for passphrase networks, and WPA3-Enterprise for 802.1X corporate networks.
- Assess your client device mix before enabling compatibility modes for WPA3 or Enhanced Open. Prefer to disable transition mode to improve security.
- Test new security modes like WPA3 and Enhanced Open in a controlled environment before widespread deployment.
- Consider enabling 802.11r (Fast Transition) for WPA3-Enterprise security modes.
- Fast roaming can significantly reduce delays in service when a client transitions between neighboring APs and is crucial for latency sensitive applications like telephony (Voice over Wi-Fi).
- Plan for a capacity based design with overlapping primary and secondary coverage targets verified by end user devices.
- In capacity based deployments, AP density may increase 0-10% in key usage areas. Survey, check, and validate for 6 GHz.
- Coverage based deployments must be revisited and redesigned.
- Plan channel widths per band based on RF layering strategy and regulatory domain allocations.
- For FCC (or other 1200 MHz domains) this generally means 20 MHz in 2.4 GHz, 20 or 40 MHz in 5 GHz, and 80 MHz in 6 GHz.
- With sufficient channel reuse (low density), 160 MHz channel width can be used in 6 GHz.
- With limited channel reuse (high density), like in large public venues, 40 MHz channel width in 6 GHz is desired.
- For Europe (or other 500 MHz domains), this generally means 20 MHz in 2.4 GHz, 20 or 40 MHz in 5 GHz, and 40 MHz in 6 GHz.
- For FCC (or other 1200 MHz domains) this generally means 20 MHz in 2.4 GHz, 20 or 40 MHz in 5 GHz, and 80 MHz in 6 GHz.
- Disable lower management rates in all bands to reduce management frame overhead.
- For example, removing 1, 2, 5.5, 6, 9, and 11 Mbps rates (across applicable bands) and possible based on coverage and client requirements.
Security requirements
Prior to Wi-Fi 6E, the first Wi-Fi generation to enforce security requirements with the introduction of a new PHY/MAC was Wi-Fi 4 (802.11n). Clients are penalized to 802.11a/b/g speeds when using wired equivalent privacy (WEP) or temporal key integrity protocol (TKIP).
Wi-Fi 6E operation in 6 GHz also introduces new required baseline security requirements. Wi-Fi Protected Access 3 (WPA3) or Enhanced Open are mandatory for Wi-Fi 6E deployments and adoption.
Legacy security protocols are not allowed in 6 GHz:
- Open authentication
- WEP, TKIP, WPA
- WPA2
This means existing SSID deployments using WPA2-Enterprise (802.1X) or WPA2-Personal security modes cannot be enabled for 6 GHz.
This forces either configuration changes to existing SSIDs or new SSID deployment and client migrations.
Security mode options for 6 GHz:
- Enhanced Open (OWE)
- Leverages opportunistic wireless encryption (OWE) to replace Open System Authentication
- Diffie-Hellman exchange encrypts all wireless traffic
- Offers encryption without user authentication
- MFP required
- WPA3-Personal (SAE)
- Simultaneous authentication of equals (SAE) replaces the one-way key generation found in WPA2-PSK with a Diffie-Hellman like key exchange
- Hash-to-element (H2E) required for SAE PWE derivation as an industry response to the Dragonblood vulnerability
- MFP required
- WPA3-Enterprise
- AKM:5 key management (SHA-256); CCMP-128 ciphers; MFP required
- WPA3-Enterprise with GCM-256
- AKM:5 key management (SHA-256); GCMP-256 ciphers; MFP required
- WPA3-Enterprise 192-bit (CNSA)
- AKM:12 key management (SHA-384); GCMP-256 ciphers; MFP required; strong EAP-TLS methods only (no mix and match, no PEAP)
Clients
Wi-Fi 6E support requires both driver and operating system support.
Recommendation is to always know and understand the capabilities of the clients being serviced by the APs in order to configure and plan accordingly.
Minimum versions required:
-
Android 13+
-
iOS 16.1+, check which Apple devices support Wi-Fi 6E
-
Windows 11+ with a capable NIC such as the Intel AX210
Software updates can improve the capabilities enabled by hardware. Recommend to periodically check release notes and update client OS and drivers.
SSID planning
With Wi-Fi 6E traditional dual-band enterprise SSID layouts must be considered for how they might evolve into a tri-band deployment.
Consider this deployment approach prior to Wi-Fi 6E.
| 2.4 GHz | 5 GHz |
|---|---|
| Corporate (802.1X) | Corporate (802.1X) |
| BYOD (802.1X) | BYOD (802.1X) |
| Guest (Open) | Guest (Open) |
| IoT (PSK) |
Potential strategy after migrating to Wi-Fi 6E.
| 2.4 GHz | 5 GHz | 6 GHz |
|---|---|---|
| Corporate (802.1X) | Corporate (802.1X) | |
| BYOD (802.1X) | BYOD (802.1X) | |
| Guest (OWE) | Guest (OWE) | |
| IoT (PSK) |
Multi-band SSIDs are recommended for the following reasons.
- Traditional active/passive scanning does not scale well when adding up to 59 more 20 MHz channels in 6 GHz. HPE Networking APs automatically append Reduced Neighbor Reports (RNRs) to out-of-band (OOB) BSSes in 2.4 GHz and 5 GHz. When the client scans in 2.4 GHz or 5 GHz, the RNR acts as a seed telling the client exactly where to discover a 6 GHz network.
- APs operating with a single radio and a 6 GHz-only will force clients to do in-band discovery which is a much slower discovery process and may cause a poor connection experience.
- Multi-band SSIDs provide a fallback band when the 6 GHz band is not available due to pending frequency coordination (AFC) bring up or expiration.
In the majority of cases, multi-band SSIDs should restrict bands to 5 GHz and 6 GHz. In other words, use the infrastructure to restrict where clients can connect. This is due to the BSS selection (discovery and association) being primarily up to the client, however, after connection HPE Networking ClientMatch can be used to influence (nudge) the client to a more optimal band. For example, place 2.4 GHz only IoT clients on a 2.4 GHz only SSID. Place tri-band capable clients on a 5 GHz + 6 GHz multi-band SSID.
There are some options to consider when deciding whether to create a new SSID or modify the configuration of an existing SSID to enable 6 GHz.
Migrate all security modes
Migrate security modes of all SSIDs to WPA3-Enterprise, WPA3-Personal, or Enhanced Open (OWE) with a multi-band SSID across 5 GHz and 6 GHz.
If transition mode is disabled, this will remove all legacy client support and is applicable for certain greenfield deployments or pop-up event networks like HPE Discover where users are professionals who typically refresh their BYOD devices often.
Proceed with caution and understand the client population.
Single SSID approach
Band specific SSIDs
This option is to create a new SSID for exclusively for 6 GHz support.
Dual SSID approach
SSID-A dedicated to WPA3-only devices and 5 GHz + 6 GHz bands. Disable transition mode.
SSID-B dedicated to WPA2 and legacy devices on the 2.4 GHz and/or 5 GHz bands. This allows support for WPA2-only clients to connect and minimizes any impact of operational parameters with WPA3-transition causing client bugs due to poor implementation or outdated drivers.
This approach adds an additional SSID which does increase management frame overhead, but can be negated by trimming lower basic rates. In general, aim to keep the number of SSIDs per AP low.
Existing SSIDs
Certain SSIDs like Hotspot 2.0 passpoint SSIDs such as eduroam recommend a single multi-band SSID. This approach should be taken for other federated SSIDs like Govroam, OpenRoaming, Cityroam, etc.
Before:
| Bands | Security | SSID |
|---|---|---|
| 2.4 GHz + 5 GHz | WPA2-Enterprise | eduroam |
After:
| Bands | Security | SSID |
|---|---|---|
| 5 GHz + 6 GHz | WPA3-Enterprise | eduroam |
Transition mode may be enabled to maintain support for WPA2-Enterprise only clients. Test in a controlled environment before widespread deployment.
AP planning
Propagation loss of 6 GHz vs 5 GHz is similar, 1-2 dB, when comparing free space path loss (FSPL). Real world tests show an additional 3-6 dB difference depending on the frequency location in the 6 GHz band and measurement points.
An industry study also shows propagation loss through different common building materials will have different effect. For example, brick has a much larger impact than drywall. Plan to increase AP density for 6 GHz when interior walls are composed of thick, dense materials.
In existing high-density deployments there may be no changes required for AP placement, but depends on the effective power levels for 6 GHz compared to 5 GHz. Factors include channel width, LPI, and SP depending on the regulatory domain. As an example, in the FCC domain under LPI rules, an 80 MHz channel width achieves higher EIRP than a 20 MHz channel because the more restrictive limit is based on power spectral density (PSD) rather than total power.
In general, the recommendation is to always place APs close to users with an unobstructed view. For example, do not place APs above ceilings. Prioritize placing APs in critical areas such as conference or training rooms. APs in hallways may not sufficiently provide 6 GHz coverage and will require to be moved in room.
Always survey, test, and validate using target end user client devices before widespread deployment.
Channel planning
With up to 59 additional channels, there are two main channel width selection choices depending on regulatory domain.
graph TD;
reg("Regulatory domain")
fivehundo("500 MHz")
twelvehundo("1200 MHz")
twenties("20 MHz or 40 MHz")
eighties("80 MHz or 160 MHz")
reg-->fivehundo;
reg-->twelvehundo;
fivehundo-->twenties;
twelvehundo-->eighties;
If the regulatory domain allows up to 1200 MHz, 80 MHz is recommended for most deployments as each channel will line up with a preferred scanning channel (PSC) which will optimize both in-band (PSC) and out-of-band (RNR) scanning.
| Channel width | # of channels in 1200 MHz |
|---|---|
| 20 MHz | 59 |
| 40 MHz | 29 |
| 80 MHz | 14 |
| 160 MHz | 7 |
If the regulatory domain is restricted to the lower 500 MHz of the 6 Ghz band, 40 MHz channel width is recommended.
| Channel width | # of channels in 500 MHz |
|---|---|
| 20 MHz | 24 |
| 40 MHz | 12 |
| 80 MHz | 6 |
| 160 MHz | 3 |
These recommendations primarily focus on Low Power Indoor (LPI) deployments.
For Standard power (SP) deployments, use 40 MHz channel width or 20 MHz if AP density is high (such as in LPV). Note that channel availability depends on frequency coordination.
| Channel width | # of channels in U-NII-5 + U-NII-7 |
|---|---|
| 20 MHz | Up to 41 |
| 40 MHz | Up to 20 |
| 80 MHz | Up to 9 |
| 160 MHz | Up to 4 |
Automatic frequency coordination
In general, 6 GHz usage falls under two categories.
- Low power indoor (LPI) - no frequency coordination.
- Standard power (SP) - frequency coordination mandatory.
Standard power APs need to be able to self-locate and submit geolocation information to an AFC provider. HPE Aruba Networking APs use a Frequency Coordination Orchestrator (FCO) service in Central to communicate with AFC.
Geolocation information can be collected in two different methods by HPE Aruba Networking APs.
- Positional data collected by the APs GPS/GNSS radio.
- An AP can leverage positional data broadcasted from a neighboring AP in AOS-8.13 and AOS-10.8 or later.
Multiple gigabit throughput planning
The maximum PHY rate on a given channel is determined by the channel width, RF environment, and MCS rates used by the client(s).
In the best case scenario, with the widest channel width and highest order MCS rate, these PHY data rates are possible.
| Radio chains | Wi-Fi 5 | Wi-Fi 6/6E |
|---|---|---|
| 1 | 0.8 Gbps | 1.2 Gbps |
| 2 | 1.7 Gbps | 2.4 Gbps |
The maximum data rate a client is capable of is determined by the client capabilities such as number of radio chains, maximum MCS rate and channel width supported on both sides of the link, of course along with the ideal RF conditions (SNR and EVM) to sustain those rates. Most clients have one or two radio chains. Consider that mobile clients with two radio chains sometimes disable one of two chains to conserve battery life.
The maximum throughput a single AP is capable of is determined by similar factors across each of the radios.
| 5 GHz channel width |
6 GHz channel width |
Total bandwidth | Multiple gigabit capable | Channel reuse | |
|---|---|---|---|---|---|
| 20 MHz | 40 MHz | 60 MHz | No | Yes | |
| 20 MHz | 80 MHz | 100 MHz | No | Yes* | |
| 40 MHz | 80 MHz | 120 MHz | Yes | Yes* | |
| 40 MHz | 160 MHz | 200 MHz | Yes | Yes* | |
| 80 MHz | 160 MHz | 240 MHz | Yes | No | |
| 160 MHz | 160 MHz | 320 MHz | Yes | No |
In the majority of deployments, 2.4 GHz cannot be considered in AP system capacity planning due to limited channel reuse in the crowded ISM band.
Multiple gigabit needs are determined by the configured channel widths along with environmental and traffic patterns. Aggregate data throughput on a tri-band tri-radio AP can easily exceed 1 Gbps under certain conditions.
For example, in environments with a single client per band each using maximum channel widths and rates, multiple gigabit throughput can be achieved during saturation testing.
However, consider target traffic usage patterns and expectations and active client count. As the client count increments on the same channel, throughput is reduced due to the contention based mechanisms in the 802.11 protocol.
- Each client must wait the channel to become idle before transmitting (listen before talk)
- When a channel is busy, each client picks a random backoff timer from a contention window and waits that many slot times before transmitting. If a collision occurs, the window size increases, spreading out retry attempts to reduce further collisions.
Thus, each additional client on a given AP reduces throughput and extends transmit opportunity (TXOP) durations as clients content for the medium.
Multiple APs on different channels are a way to scale, up to the channel reuse limits in the neighboring area with the goal of minimizing co-channel interference as much as possible.
Additionally, expected traffic usage patterns are an important characteristic to consider when determining multi-gigabit to the AP is a requirement.
Power sourcing
Additional radios and capabilities come with increased power requirements. Tri-radio APs require more power than dual-radio APs — 802.3at/CL4 or better required. The AP-650 is the only series which can operate and combine two 802.3af/CL3 sources. 802.3bt/CL6 is recommended for new deployments.
| AP series | PoE standards | PoE redundancy |
|---|---|---|
| 600R | No | No |
| 600H | 802.3bt, 802.3at, 802.3af | No |
| 610 | 802.3at, 802.3af | No |
| 630 | 802.3bt, 802.3at | Failover |
| 650 | 802.3bt, 802.3at, 802.3af(x2) | Sharing |
| 670 | 802.3bt, 802.3at | No |
Intelligent power monitoring
Intelligent power monitoring or IPM is a method for controlling power usage of HPE Aruba Networking APs. The approach actively measures power usage and dynamically adapts the power budget and restrictions.
When IPM is disabled, static power management will apply reductions in order to not exceed worst case limits and stay within the confines of the power budget.
When IPM is enabled, dynamic power management allows the AP to enable full functionality and performance in the majority of cases.
Enabling IPM will allow for, in most cases, most features when tri-radio APs are powered by a 802.3at/CL4 PSE.
Recommendation is enable IPM.
Feedback
Was this page helpful?
Glad to hear it!
Sorry to hear that.