Setting Minimum RSSI threshold for client connections

Unanswered Question
Nov 27th, 2011


We are deploying a new wireless network for guest users of private lounges at airports, using a 5508 WLC and 3501 AP’s. The SSID uses open L2 authentication with a web auth passthrough login splash page.

We require preventing people outside these private areas to connect to the SSID, and we would like to do so by only allowing clients to connect if they exceeed the minimum RSSI guaranteed in the private areas (i.e. prevent connections below a certain level, such as -70dB). We tried to configure this by settings several parameters, for example the “Minimum RSSI” under “Client Roaming” without achieving the desired effect.

Can a minimum RSSI be set up so clients would not connect unless they receive the minimum specified signal level? If so, can anyone please advise how to set this up?

Many thanks in advance for your expert advise…


Luis A

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Sun, 11/27/2011 - 17:34

I doubt if this is do-able.

My reasoning is because not all wireless NIC are the same.  I mean put two or three laptops (of different Wireless NIC) 20 metres in front of you and RSSI signals will be different.  It ain't foolproof.

If you only want clients INSIDE the passenger lounge room to have access to the wireless then Lobby Administration is the only way to go.  This means you have a dedicated staff trained to create a temporary username/password for each passenger.  With the correct scripting, you can have the time of passenger X to be INSIDE the time he has before his flight boards.  In other words, if my flight leaves in 90 minutes, I don't want my access to be 2 hours, right?

George Stefanick Sun, 11/27/2011 - 17:38

One way is to disable the LOWER phy rates. This will cause users to get closer to the AP while increasing their RSSI.

Make sense?

luisandreoni Sun, 11/27/2011 - 17:50

Thanks everyone for the quick replies.

Unfortunately setting username and passwords have been discarded as an option since they want to make it easier to travellers. Lowering power levels is what we are trying as a workaround, but even doing so leaks some signal to the public areas.

Looking forward to more ideas


George Stefanick Sun, 11/27/2011 - 17:53

Lower the PHY rate ... 1 meg PHY rates travel VERY far. If you disable 1,2,5,11,-- all the way up to 24 or so .. you will need to be right on top of the AP. 20 feet or so..

Leo Laohoo Sun, 11/27/2011 - 17:53

This one is an idea (but costly):  Faraday cage (aka Faraday mesh or Faraday shield)

If installed correctly, your wireless signal will be inside the four walls (don't know if you have those glass doors but if you do ...).

Out of curiousity, WHY did you purchase 3501 instead of 3502?

I mean 3501 means it only has 802.11b radio.  And 802.11b is long range and high penetration rates compared to 802.11a radio.

Lower the PHY rate ... 1 meg PHY rates travel VERY far. If you disable 1,2,5,11,-- all the way up to 24 or so .. you will need to be right on top of the AP. 20 feet or so..

What about clients with old portable devices?  That's a risk.

Leo Laohoo Sun, 11/27/2011 - 18:03
Time to get off 802.11b .. "Friends dont let friends use 802.11b"

Or do what one of our wifi "designers" designed:  Lower the bandwidth to 256 k

That way NO ONE will use the internet.  As to what the entire wireless design was for if the project was to follow this, he responded, "The boss wants wireless, he gets one.  He didn't specify that he expects people to USE the wireless.".

Saravanan Lakshmanan Sun, 12/04/2011 - 01:07

unfortunately, what you're looking for is an RF/layer-1 firewall and it is not available on WLC. If coverage hole enabled on WLC, it traps to show those unintended clients at the public area are suffering to get good signal

disadvantage with open security and or webauth. any wifi enabled device crosses the public area would grab an ip, it could drain your dhcp pool. be sure to keep large dhcp pool or lower dhcp lease time.


This Discussion