Just like at home with the cable company installing your WiFi I find older legacy security protocols enabled on SSIDs where the latest enterprise clients are connecting. Most schools I work in have a refresh of devices every 3 -5 years which means as of today all enterprise devices should be 802.11n at the minimum (and where I am most are).
I haven't seen WEP enabled in a while but I still find a lot of WPA TKIP enabled. These settings are killing the data rates on your devices and the throughput of your wireless network. Deploying WPA TKIP when it's not needed impacts performance do to its backward compatibility with older PHYs.
If you want the latest AC or even N data rates you need to move to WPA2 AES to secure the network. 802.11n doesn’t support WPA TKIP so having it enabled neuters your expensive network back down to 802.11g or 802.11a rates. Another thing I often find is all data rates enabled. This isn't always bad (usually is) depending on your deployment but where I am with 1 AP per classroom and no need to support 802.11b clients this is simply a no no. Having lower "b" and 802.11 prime rates enabled can slow down the network and cause "hidden node" issues. All beacons, broadcasts and multicasts traverse the wireless medium at the lowest mandatory rate so all clients can hear and understand them. This ends up consuming unnecessary airtime in a high density deployment with 802.11n as the lowest common denominator.
More recently in deployments of 802.11ac I find that vendors have enabled 80 MHz channels in high density networks. This is probably do to the fact that the school district demanded the highest possible data rates for their standardized testing or for the fact that they need 30 kids in each classroom to stream HD video all at the same time. I can't fault the vendor for this because they were just doing what they are told and it also helped them sell their product (along with extra unnecessary switching equipment for the 2 drops they ran to every classroom). After the vendor is gone and the network is under load the problems with 80 MHz surface. There simply isn't enough channel space available to deploy 80 MHz channels in high density environments nor have I seen a need for it yet. I back every deployment down to 20 MHz channels and the complaints from districts stop. The tough part is explaining to the school district that the great speed increase they were expecting out of there 802.11ac network was all marketing and wasn't realistic for their needs.
In Summary here are some guidelines for your 802.11 wireless config.
- WPA2-AES (needed for a minimum of 802.11n data rates)
- disable lower mandatory or basic data rates.
- 20 MHz channels in 2.4 GHz always
- 20 MHz channels in 5 GHz unless using DFS channels then you can use 40 MHz if needed
- Enable WMM
