Wednesday, November 18, 2009

How to choose the right WiFi channel

If you setup your wireless access point, you may want to configure it in such a way minimizing interference in your neighborhood. I found this interesting post with some tips:

  • There must be a spacing of at least 5 channels (or more) between each WiFi network in order to avoid interferences. Two WiFi networks operating on the same channel are forced to share bandwidth, as they can't "talk" simultaneously, which halves each network's bandwidth. In order to evade this effect, you need to change your access point's channel, but taking the adjacent one won't do it, as WiFi channels are arranged in an overlapping pattern, as you can see in the scheme below. The default channel of most wifi devices is channel 6, so in many cases channel 11 or higher are a good choice. Using NetStumbler one can very easily see which channels is used for each access point.

  • If all your WiFi-devices support 802.11g (the 54 MBit/s WiFi-variant), you should set your router to 802.11g-only mode, as the 802.11b-compatibility impacts on bandwidth and range even among 802.11g-devices.

  • Another possible cause of low performance may be proprietary WiFi acceleration modes like "SuperG", "MAXg", "125 High Speed Mode" or "SpeedBooster", if not all devices in your network support the very same mode, why you should disable those.

  • Also note that a lot of cordless phones in NZ operate at the 2.4 GHz band like Wifi and so most of them cause interferences WiFi, that can't be avoided by a channel change, since those phones use a very broad spectrum or perform permanent frequency hopping.

    If you own a 2.4 GHz phone, try switching it off and removing the power supply of it's base station. In case your wireless signal improves, replace your cordless phone with a new one operating at 1.8 GHz or 5.8 GHz.

  • A cheap and easy solution to extend the coverage of your WiFi environment is to place a repeater at the correct location. It will repeat the wireless signal and extend the coverage (no cables needed), without creating a new network. Many very cheap (+-10euro) wifi access points (for example my DLink DWL-G700AP) can be configured to work as a repeater instead of the default access point functionality.

  • Transmit power: In most cases, the transmit power should be set to the highest value. This maximizes range, which reduces the number of access points and cost of the system. If you're trying to increase the capacity of the network by placing access points closer together, set the power to a lower value to decease overlap and potential interference. Lower power settings also limit the wireless signals from propagating outside the physically controlled area of the facility, which improves security.

  • Service Set IDentifier (SSID): The SSID defines the name of a WLAN that users associate with. By default, the SSID is set to a common value, such as tsunami for Cisco products. In order to improve security, you should change the SSID to a non-default value to minimize unauthorized users from associating with the access point. For even better security, some access points let you disable SSID broadcasting. This keeps most client device operating systems (e.g., Windows XP) from sniffing the SSID from access point beacons and automatically associating with the access point. Someone could, however, obtain the SSID using other sniffing tools that obtain the SSID from 802.11 frames when users first associate with the access point.

  • Data rate: Most access points allow you to identify acceptable data rates. By default, 802.11b access points operate at 1, 2, 5.5, and 11Mbps data rates, depending on the quality of the link between the client device and the access point. As the link quality deteriorates, the access point will automatically throttle down to lower data rates in an attempt to maintain a connection. You can, however, exclude specific data rates. For example, you may want communications only at 11Mbps or not at all. This could be necessary to support higher bandwidth applications.

  • Beacon interval: The beacon interval is the amount of time between access point beacon transmissions. The default value for this interval is generally 10ms, that is 10 beacons sent every second. This is sufficient to support the mobility speed of users within an office environment. You can increase the beacon interval and have lower overhead on the network, but then roaming will likely suffer. It's best to leave this setting alone.

  • Request-to-send / clear-to-send (RTS / CTS): The RTS / CTS function alleviates collisions due to hidden nodes, which is when multiple stations are within range of a common access point but out of range of each other. In most cases, it's best to disable RTS / CTS, but refer to a previous tutorial for cases where RTS / CTS may be beneficial and what threshold values to use.

  • Fragmentation: Fragmentation can help reduce the amount of data needing retransmission when collisions or radio frequency (RF) interference occurs. As with RTS/ CTS, refer to a previous tutorial for cases where fragmentation may be beneficial and applicable threshold values.

Wifi security

  • The impact on the performance by using WEP or WPA really depends on the router. Underpowered old routers don't like the encryption overhead and will slow down somewhat. It is expected to be about 10-15% for either WEP or WPA on older units. In many cases, it's also affected by the speed of the client computer, especially if the WPA encryption is done in driver. Fortunately, this hasn't been the case for many years. These days, there's hardly any slowdown of using WEP or WPA on the performance. However, there's a huge difference in security between WEP and WPA.

  • A nice overview on the weakest to the strongest wireless security capacity is:

    • Considered as not safe:

      • No Security

      • Switching Off SSID: same has No Security. SSID can be easily sniffed even if it is Off

      • MAC Filtering: only to be used if nothing else is available, MAC number can be easily Spoofed

      • WEP64: Easy to "Break" by knowledgeable people

      • WEP128: A little Harder, but still easy to "Break" by knowledgeable people

    • Considered as safe:

      • WPA-PSK: Very Hard to Break

      • WPA-AES: Not functionally Breakable

      • WPA2: Not functionally Breakable

  • If you use Windows XP bellow SP3 and did not updated it, you would have to download the WPA2 patch from Microsoft.

  • The documentation of your Wireless devices (Wireless Router, and Wireless Computer's Card) should state the type of security that is available with your Wireless hardware.

  • All devices MUST be set to the same security level using the same pass phrase. Therefore the security must be set according whatever is the best possible of one of the Wireless devices. I.e. even if most of your system might be capable to be configured to the max. with WPA2, but one device is only capable to be configured to max . of WEP, to whole system must be configured to WEP.

  • Even when using WPA2, one still has to be careful and never use the default WEP or WPA password and default SSID. Different applications exist to recover the default WEP/WPA password based on the SSID. For Alcatel / Thomson SpeedTouch router this online generator can be very easy to recover the default password based on the SSID.

No comments:

Post a Comment