The Wi-Fi Blind Spot

Wi-Fi service is a critical component of infrastructure service in business today yet many businesses have no idea how to properly assess, implement, or manage Wi-Fi services within and across their organization.

Commonly Overlooked Facts

  1. allowing older, slower Wi-Fi clients slows all access for everyone
  2. improper channel settings creates interference and degrades performance
  3. access point density can be worse when too high than when too low
  4. guest access is often easily abused to access internal assets
  5. band settings (2.4GHz v 5GHz) must be configured based on environment

Standards Matter

Default settings and vendor documentation will often encourage enabling all options without regard to the security or performance impact of that decision to ensure higher probability of backward compatibility with older devices. This is not the recommendation to follow for best practices.

The older a Wi-Fi standard is (A/B/G vs N vs AC) the slower it is in terms of throughput for data. Wireless access points are a time-share device; each client device requesting data through it shares cycles with all other wireless devices making use of that access point. Each device that takes longer to request and receive their allotted packets before responding to the next request slows all other clients. The more of those slow clients the network has, the more this delay cascades.

Smooth Is Fast

Current generation access points supporting the N and AC standards can offer channel settings which again, vendor documentation will encourage you to set to automatic or at the default settings. This is for best performance – on paper. The actual impact of these channel “width” settings (20, 40, 80MHz) can have a significant impact on channel crowding and performance degradation for client radios. The ‘fastest’ setting is not always the fastest performer.

Access Point Deployments Matter

Adding more access points to resolve perceived performance issues (dead spots, slow service) can often exacerbate the problem rather than relieve it. Channel conflicts, radio frequency interference, and client radio switching can all become a greater problem with a greater number of access points. A mapping of the environment to include the density of users and the density of building materials is essential in a quality Wi-Fi implementation.

Guests Are Not Welcome

Guests to a wireless network should never have access to data and infrastructure assets. This is too often assumed accounted for by creating a separate SSID (Wi-Fi network name) without actually using a different network segment or VLAN for the Guest Wi-Fi.

While still common, the practice of using a static, shared key for Guest Wi-Fi access is an invitation for a security breach. Even if changed periodically, it’s terribly easy to abuse. Best practice is to provide a unique and attributable session per visitor. Not all moderately priced business class Wi-Fi supports this natively, it’s an important consideration when choosing a system.

Employee personal devices should also be considered as a guest device. Best practice is to run a separate SSID for personal devices, unless they are part of a BYOD strategy and managed by Mobile Device Management policy.

The Tortoise & The Hare

Much is made about the ‘miracle’ of 5Ghz channels for Access Points supporting N and AC standards. Along with the channel settings complexity mentioned previously, there are trade-offs to be considered with the choice of running 2.4GHz and 5Ghz radios. While 5Ghz channels offer much higher data speeds, these channels are much more susceptible to signal degradation when passing through objects. Client devices, especially older ones, can find themselves stuck on preferring a 5GHz signal but not having sufficient strength to make it viable. Those client devices which switch smartly can find themselves constantly switching and thereby giving up any speed benefit from 5GHz channels.

Takeaways

While budgets often don’t allow for wholesale replacement of Wi-Fi infrastructure, smart changes to the current implementation can provide the performance upgrade without the capital commitment of a full replacement.