Wireless
This document describes the wireless network design, access point deployment, and operational philosophy.
Wireless is treated as an extension of the wired network — not a separate security or policy domain.
Design principles: see Lab Philosophy.
Design Goals
The wireless network is designed to prioritize:
- Low and consistent latency
- Fast, predictable roaming
- Stable performance under mixed load
- Minimal operational complexity
Peak throughput is secondary to responsiveness and reliability.
Platform
Wireless infrastructure is provided by Ruckus access points running Unleashed firmware:
- AP Model: Ruckus Unleashed (Wi-Fi 6)
- Controller model: Unleashed (controller-less architecture)
This provides centralized management without introducing a dedicated controller appliance or cloud dependency.
Access Points
Living Room
- Model: Ruckus R750
- High-density Wi-Fi 6 AP
- Primary coverage for shared living spaces
- Serves latency-sensitive client traffic
Office
- Model: Ruckus R650
- Wi-Fi 6 AP optimized for smaller coverage areas
- Primary coverage for workstations and VoIP devices
Each access point is uplinked via a dedicated 2.5G Ethernet connection to an access switch, which in turn uplinks to the 10G core.
VLAN Integration
Wireless networks map directly to existing wired VLANs.
There are no wireless-only trust domains.
| VLAN | SSID Class | Purpose |
|---|---|---|
| 110 | Trusted | Primary user devices |
| 120 | IoT | Embedded and consumer devices |
| 130 | Camera | Cameras (wired only) |
SSID-to-VLAN mappings are explicit and consistent across access points.
Security Model
Wireless security mirrors wired policy:
- Authentication gates access, not trust
- VLAN assignment determines capability
- All firewall enforcement occurs at the edge router
There are no:
- Wireless ACLs enforcing inter-VLAN policy
- Per-AP firewall rules
- SSID-specific routing behavior
This ensures that wireless and wired clients behave identically once associated.
Roaming & Client Behavior
Fast roaming is a first-class requirement.
- 802.11k / 802.11v / 802.11r are enabled where supported
- AP placement favors overlap and signal consistency
- Client steering is conservative and observable
Roaming decisions are biased toward stability rather than aggressive handoff.
RF Management
RF behavior is explicitly controlled rather than automated.
- Static channel assignment is used exclusively
- DFS channels are not used
- Channel planning is performed manually to ensure deterministic behavior
- Transmit power is tuned conservatively to reduce contention and improve roaming
Automation is avoided in favor of predictable RF behavior and repeatable performance characteristics.
Traffic Characteristics
Wireless traffic includes:
- VoIP and Wi-Fi calling
- Gaming and real-time media
- Video conferencing
- General-purpose client traffic
All traffic is ultimately classified and shaped by the edge router using CAKE in diffserv4 mode.
Ruckus access points preserve and honor DSCP markings and apply appropriate wireless QoS handling internally, ensuring latency-sensitive traffic is treated correctly before reaching the wired network.
Failure Characteristics
Wireless failure domains are intentionally small:
- Loss of a single AP impacts only its coverage area
- Wired infrastructure remains unaffected
- Clients fall back to remaining APs where possible
There is no controller single point of failure beyond the elected Unleashed AP.
Design Notes
- Wireless extends VLANs; it does not redefine them
- Policy remains centralized and auditable
- Roaming behavior favors predictability
- RF behavior is deterministic and manually controlled
This document applies to all current and future wireless infrastructure unless explicitly stated otherwise.