Chapter 10: Quality & Acceptance

Acceptance testing criteria, quality comparison standards, and commissioning checklists for wireless security deployments

Quality acceptance is the formal process of verifying that a wireless security deployment meets all design specifications, security requirements, and performance targets before handover to the operations team. A structured acceptance process prevents the handover of non-compliant installations that would require costly rework and creates documented evidence of compliance for audit purposes. This chapter defines the acceptance criteria, testing procedures, and quality standards that must be met before a deployment is considered complete.

10.1 Installation Quality Comparison

The most common quality failures in wireless security deployments are physical installation defects — incorrect AP placement, improper cable management, missing labels, and inadequate mounting. The following comparison illustrates the visual difference between a non-compliant and a compliant installation, providing a clear reference standard for quality inspectors and installation teams.

Installation Quality Comparison - Non-Compliant vs Compliant

Figure 10.1: Installation Quality Comparison — Non-Compliant (left) vs. Compliant (right) AP Installation Standards

Quality Dimension	Non-Compliant (Fail)	Compliant (Pass)
AP Mounting Location	Wall-mounted near floor, obstructed by furniture	Ceiling-mounted at center of coverage zone, unobstructed
Cable Management	Loose cable hanging without conduit or support	Cable routed through conduit, secured with ties every 300mm
Cable Labeling	No labels on cable or AP	Asset label on AP, cable labeled at both ends with AP ID
Mounting Security	Taped or loosely screwed, no tamper protection	Tamper-proof screws, security cable lock where required
Physical Environment	Dusty, near heat sources, inadequate clearance	Clean, ventilated, minimum 300mm clearance from obstructions
AP Orientation	Tilted, incorrect antenna orientation	Level, antennas oriented per manufacturer specification

10.2 Acceptance Testing Criteria

10.2.1 RF Coverage and Signal Quality

Test Item	Acceptance Threshold	Test Method
Minimum RSSI at coverage boundary	≥ -70 dBm (data) / ≥ -67 dBm (voice/video)	Wi-Fi site survey tool, heatmap
Signal-to-Noise Ratio (SNR)	≥ 25 dB at all coverage points	Spectrum analyzer + site survey
Channel Utilization	≤ 50% at peak load	WLAN Controller dashboard
Co-channel Interference	≤ -20 dB relative to serving AP	Spectrum analyzer
Coverage Overlap	15–25% between adjacent APs	Site survey heatmap
Dead Zone Coverage	Zero dead zones in defined coverage area	Walk-test with site survey tool

10.2.2 Security Configuration Verification

Security Test	Expected Result	Test Method
WPA3-Enterprise SSID active	All enterprise SSIDs use WPA3-Enterprise only	Wi-Fi scanner, controller config audit
WPA2/WPA1/WEP SSIDs absent	No legacy security SSIDs present	Wi-Fi scanner sweep
PMF (802.11w) mandatory	PMF required on all enterprise SSIDs	Controller config audit
802.1X authentication functional	EAP-TLS authentication succeeds with valid cert	Test client with valid certificate
Invalid cert rejected	Authentication fails with revoked/expired cert	Test client with revoked certificate
VLAN assignment correct	Client lands in correct VLAN per group membership	DHCP lease verification, VLAN tag check
Guest VLAN isolation	Guest clients cannot reach RFC1918 addresses	Ping test from guest VLAN
WIPS active	Rogue AP detection alerts generated within 60s	Deploy test rogue AP, verify alert

10.2.3 Performance Acceptance

Performance Test	Acceptance Threshold	Test Method
Authentication latency (EAP-TLS)	≤ 2 seconds end-to-end	Timed 802.1X authentication test
Roaming latency (802.11r)	≤ 150ms inter-AP roam	Roaming test with timing tool
Throughput per client	≥ 10 Mbps at -67 dBm RSSI	iPerf3 throughput test
Controller failover time	≤ 30 seconds AP rejoin after primary failure	Simulate controller failure, measure AP recovery
RADIUS failover time	≤ 5 seconds to secondary RADIUS	Stop primary RADIUS, time new auth success

10.3 Final Acceptance Checklist

The following checklist must be completed and signed off by both the installation team and the customer's network security team before the deployment is accepted. All items must pass before handover.

Physical Installation: All APs mounted at correct location, height, and orientation per site survey plan. Tamper-proof screws installed. Asset labels affixed.
Cable Management: All cables routed through conduit or cable tray. Cables labeled at both ends. No cable runs exceed 100m. Bend radius maintained.
RF Coverage: Site survey heatmap confirms ≥-70 dBm RSSI across entire coverage area. No dead zones identified.
Security Configuration: WPA3-Enterprise active. PMF mandatory. No legacy SSIDs. 802.1X functional. VLAN assignment verified.
Authentication Testing: EAP-TLS success with valid cert. Revoked cert rejected. Guest isolation verified. RADIUS failover tested.
WIPS Verification: Rogue AP detection tested and functional. Alert notifications delivered to SIEM within 60 seconds.
Performance Testing: Throughput, roaming, and authentication latency meet acceptance thresholds.
Documentation: As-built drawings, AP inventory, VLAN map, and test results delivered to customer.