Network Deployment Checklist
Deployment Progress
0% (0 / 0)
1. Wired Backbone & Switching (STP)
Establishing a solid wired foundation prevents network loops, ensures spanning tree convergence, and guarantees maximum throughput between your gateway and access points.
-
Disable Global Switch Settings: Allow for individual switch configuration to maintain granular control.
-
Set Manual STP Priorities (RSTP): Core Switch: 4096 | First-Tier Downstream: 8192 | Second-Tier: 12288
-
Verify Link Speeds: Check Port Manager to ensure multi-gig links (2.5GbE, 5GbE, 10GbE) are negotiating correctly without dropping to 100/1000 FDX.
2. Wi-Fi Radios & Channel Tuning
Properly tuning radio frequencies minimizes self-interference, balances cell sizes, and ensures devices connect to the fastest available band without signal overlap.
-
Manually Assign Channels: Avoid "Auto" to prevent overlapping interference across multiple APs.
-
Tune 2.4 GHz Band: Set Width to 20 MHz | Restrict channels to 1, 6, 11 | Set Transmit Power to Low.
-
Tune 5 GHz Band: Set Width to 40 MHz | Utilize channels 36, 44, 149, 157 | Set Transmit Power to Medium.
-
Tune 6 GHz Band (Wi-Fi 6E/7): Set Width to 160 MHz | Set Transmit Power to High.
3. SSID Design & Roaming
Separating IoT devices from high-speed clients and enforcing minimum data rates ensures seamless roaming (802.11r) and prevents slow, legacy devices from bottlenecking the network airtime.
-
Optimize Main Network: Restrict to 5 GHz & 6 GHz | Enforce WPA3 Security | Enable Fast Roaming (802.11r).
-
Optimize IoT Network: Restrict to 2.4 GHz only | Set Security to WPA2/WPA3 Transition (fallback to WPA2 only if smart devices fail to connect).
-
Set Minimum Data Rates: 2.4 GHz slider to 6 Mbps | 5 GHz slider to 12 Mbps. This forces devices to drop bad connections and roam to closer APs, completely eliminating "sticky clients".
4. Gateway Security & Routing
Configuring deep packet inspection, hardware-level content filtering, and strict DNS rules protects your network from external threats and internal telemetry.
-
Configure mDNS: Keep Disabled for a silent, strict network. (Enable and map specific VLAN scopes only if cross-network casting/printing fails).
-
Intrusion Prevention (IPS): Set to "Notify and Block". Enable high-risk categories; leave "Attacks and Reconnaissance" OFF to avoid log spam.
-
Content Filtering: Apply "Block Malware" globally. Apply "Ad Block" selectively. If an IoT device like a Smart TV loses functionality, disable Ad Block for that specific VLAN as a first troubleshooting step.
-
Traffic Logging: Set to "Blocked Traffic Only" to preserve gateway flash storage.
-
Fix Block Pages: Ensure the "Block Page" SSL feature is Unchecked to avoid throwing HTTPS browser security warnings on client devices.
5. System Maintenance & Future-Proofing
Securing backups and preparing proper subnet topologies ensures your network can be easily recovered from hardware failure or seamlessly expanded using Site Magic SD-WAN.
-
Cloud & Local Backups: Click "Back Up Now" in the console and Download a local .unf copy to your hard drive.
-
Site Magic Preparation: Ensure new location subnets (e.g., 192.168.30.x) do not overlap with existing location subnets (e.g., 192.168.20.x).
-
Hardware Upgrades: Always power down the Cloud Gateway completely before removing or installing the rear M.2 NVMe storage tray.