A letter to my potential wireless friend

Dear Potential Friend,

I really want to be your friend. In fact, I want to be the kind of friend you can count on to tell you the truth no matter what the consequences. It's with this thought in mind that I am forced to tell you that, and this may sting a little, you have completely lost your mind by deciding to deploy fifty home wireless routers in an attempt to become a wireless enterprise. There, I said it. For a few moments I thought about allowing you to experience this life lesson for yourself, but then I remembered what my grampa always used to say: "There's two things friends should never do. First, friends don't let friends use home wireless gear to perform enterprise deployments. The other thing friends never do is talk while I'm trying to watch TV. Won't you be my friend?".

It's the first thing that grampa mentioned that forced me to write you this letter. I couldn't, in good conscience, let you go through with this terrible mistake. Here's why (I've enclosed a picture of grampa. If it helps soften the blow you can pretend he's the one talking):

  1. Hardware Quality - Home wireless routers are made to be affordable for personal use under average personal circumstances. The hardware used is not as well tested as enterprise gear, is generally not as sensitive, and is not as rugged. Also, home gear is usually designed to sit on a desk and not to be mounted on walls or ceilings. As such, home gear is probably not plenum rated like a lot of enterprise gear.

  2. Management Interface - Home gear usually has a nice web interface you can use to configure your network. This works great for a single access point, but you are going to waste an entire day logging in to all fifty access points just to make a single configuration change. Enterprise gear is designed to allow easy configuration from a single console for all access points. Log in once, make the change once, and log out. Simple.

  3. Channel and Power Management - Wireless networks operate over a shared-medium. Your access point's signal is transmitting through the same physical space as your neighbours signal. This means there is bound to be some signal interference. Home routers have very poor capabilities for handling interference. Usually the only control you have is channel selection and maybe, if you're lucky, transmit power. Do you really want to log in to every access point and manually adjust these settings on an hourly basis as your environment experiences different levels of interference? Enterprise wireless gear does this stuff for you. It's designed to tune itself so that you only need to get involved in the really tricky situations.

  4. Power - Enterprise access points can be powered via the ethernet cable (PoE). You can do this by using PoE-capable switches or mid-span PoE injectors. Either way, you don't need to worry about how you're going to run an extension cable from the access point's location in the middle of the ceiling to the wall outlet behind a desk.

  5. Features - Home access points are great for getting home users on the Internet because home users usually have very basic requirements: get me on the Internet, and keep me on the Internet. My friend (can I call you that yet?), I could tell you wonderous stories of the features I have seen on enterprise-grade solutions. These solutions can give you different levels of access based on who you are, where you are, which device you are using, and what time it is. These solutions can drop your traffic directly onto the local network or even send it through an encrypted tunnel to a completely different location without you even noticing. Deploying a wireless network in an enterprise is not the same as deploying one for your home. Considerations must be made for each different user, device, and circumstance and I just don't think you'll be able to keep up with your home access points. There are so many more feature I could write about but I think you get the point.

  6. Security - How long does it take you to change the WPA2 pre-shared key (PSK) on your home access point? Now take that time and multiply it by the number of access points you have. That is the level of pain you are going to experience each time a contractor, guest, or employee leaves your company. Not to mention routine PSK changes as a matter of policy. (If you're doing the math, that's a lot of passphrase changes). So, you can either hire a co-op student to constantly change the PSK and notify every employee, or you can use an enterprise-grade solution that allows you to do away with pre-shared keys. That's right, imagine having users connect to the network using the same usernames and passwords they use to log into their computers. Imagine being able to provision individual logon credentials for guests, contractors, and employees who bring in personal devices and want to get online. Again, I don't think you'll be able to keep up with those home access points.

I know home wireless gear is the 'right price'. I get it, but good wireless networks are not commodity items that can just be picked up off the shelf and plugged in. Every wireless network is different and you are going to need to invest in a proper solution that meets and adapts to your specific needs. Sure you can save a few upfront dollars by sourcing home access points, but I think you'll find the additional cost, in dollars and time, of tearing down that deployment because it doesn't work and is too hard to manage, is not going to make you too happy. My potential friend, I urge you to heed my advice by not trying to design by dollars. Leave home (commodity) gear in the home and use the enterpise gear for your business. 

Yours Truly,


Dan C. (My friends call me @SimplyWifi)

P.S. If, after reading this letter you feel that we can still be friends, I'd love to hear back from you. Please send me a letter, or leave a note in the comments section below with any thoughts or questions. Also, please subscribe / follow us and share this with others so you can save them from making the same terrible mistake. 



Want a successful WLAN deployment? Measure twice deploy once.

I've recently come to the sad realization that most technical experts are using the wrong measurements to determine the success of a WLAN deployment. Don't get me wrong; measuring things like throughput, SNR, retry rate, and authentication/re-authentication times is very important. What I'm saying is: these are all measurements used to determine if the hardware and software components are playing nicely together. Am I the only one who finds it disturbing that we claim to design networks for people to use but we don't have a good set of measurements to determine if the 'people component' plays well with the hardware and software components?

It would seem to me that the success, or potential for success, of a WLAN deployment is largely determined by the end-users. If the people components don't jive with the infrastructure components, then your WLAN deployment will fail. After all, what is the use of having a fancy WLAN if nobody uses it? Let's look at a few of the current measurements available to us:

  1. Throughput - Using an application like iPerf, we can get some very accurate figures on just how much data we can cram through our wireless pipe. Higher Mbps values mean faster uploads and download speeds.

  2. Retry Percentages - This measurement is important because a high percentage of retry frames means something is not right. There could be a major source of interference, hidden nodes, LAN-side cabling issues or any number of problems forcing your wireless clients to have to constantly have to repeat themselves. The goal is to have a very low retry percentage.

  3. Latency - Just how long does it take your data frames to get from point A to point B? If latency is too high you'll notice some applications start to act a bit flakey. A good example of this is VoIP: high latency leads to jitter and dropped calls. When it comes to latency you don't want to shoot for the stars because they are far too high. Instead, shoot for the floor since it is nice and low.

I could go on, but giving a summary of all performance measurements is not really the purpose of this post. All I am trying to show is that the current measurements are only designed to give us very technical details about the infrastructure and not about the end-users. If we truly want to determine how successful our WLAN deployment is going to be, I propose a few more measurements:

  1. User Awareness Level - Are the users even aware that your WLAN exists? Are they aware of where it exists? Who to contact if they have issues or questions? Add 1 point each time you answer no and aim for a score of zero.

  2. Barriers to Entry - How difficult is it to get started? Which credentials are required and how do users go about obtaining and configuring them? Does the WLAN work with native wireless supplicants or will users need to install additional software? If your sign-up process requires a lot of technical knowledge or technical staff intervention, then you've got a very high score. Hint: High scores are evil.

  3. Number of User Interactions - From the moment the user decides to connect, to the moment they open their first website, how many user inputs were required? Lowering the number of items that users have to click or enter each time they connect will dramatically improve user satisfaction and adoption.

While infrastructure-focused measurments are very important, we should not allow ourselves to believe that they provide any real insights into the success of a WLAN initiative. The majority of WLANs being deployed are supposed to be making it easier for people to live a mobile lifestyle. Taking some time to think of the users, before and after the technical work begins, should be a mandatory step in any WLAN initiative. Applications and infrastructure care about Mbps, retries, EAP types, and other technical mumbo-jumbo. Users care about the experience. Get it right by measuring both and I predict a successful WLAN deployment in your future.

Dan C.

Do you have any thoughts on what should be measured regarding a WLANs performance, effectiveness, and success? I really like to hear what you have to say on this topic. Leave a note in the comments section or share this post with your colleagues if you feel this is worth further discussion.

Are iDevices a guest WLAN's best friends?

A quick look at the June and July usage statistics from the Milton Public Library guest wireless network reveals some interesting statistics regarding device usage versus data usage. Based on the past two months, iDevices (iPhones, iPods, and iPads) tend to have a much smaller data usage footprint than standard laptops.

Are iDevices a guest WLAN's best friends?

First let’s look at the number of unique devices that connected to the guest WLAN in the month of July. Not surprisingly, iDevices accounted for 45% of all devices using the guest network. This can be attributed to the portability of these devices compared to standard laptops.

Are iDevices a guest WLAN's best friends?

When we look at the total data usage by device type we see that iDevices only accounted for 19% of the total while laptops accounted for a disproportionate 80% of all data usage in July. This indicates that, while more popular and abundant, iDevices are not putting as much load on the guest WLAN infrastructure and data pipe as standard laptops.

Why the discrepancy?

There are several reasons why iDevices currently use far less data than their laptop counterparts:

  1. Mobile versions of videos and other web-content are generally smaller than the full-sized, HD versions being consumed by laptops.
  2. Application updates on laptops are generally much larger than on iDevices.
  3. OS updates can occur wirelessly on laptops and not on iDevices (this will be changing very shortly in iOS 5).
  4. People tend to use laptops and desktops as their primary file-sharing platforms rather than iDevices due to functionality and storage limitations. That being said, peer-to-peer networking did not make the top 10 list of apps used on the MPL guest WLAN thanks to some well-defined traffic shaping rules.

What’s Next?

Apple’s iCloud service might take iDevices from ‘low data consumption’ status to ‘high data consumption’ status in the next few months to come. There is potential for a huge increase in data usage for these devices as more and more people take advantage of iCloud’s music syncing service. The month of June saw iTunes related traffic account for 3.3% of all guest WLAN usage. This grew to 8.2% in the month of July. It will be interesting to see just how much higher this percentage will climb in the near future. If the climb does occur, iDevices may be shifted from the ‘best friend’ category to the ‘worst enemy’ category rather quickly.

Dan C.

I would like to thank the Milton Public Library for allowing me to reference their WLAN statistics. Without their assistance, this post would not have been possible. If you have any questions or thoughts on this post please leave a comment.



Having difficulty making the RF connection?

For some people, learning the RF antenna connector names can sometimes be the most complicated thing about deploying a wireless network. If you are doing an indoor WLAN deployment and your access points have integrated antennas then you have spared yourself the joy of learning connector naming conventions. For those organizations requiring external antennas, the task of keeping all the connector types and names straight can be a somewhat confusing task to say the least.

With this post, I hope to provide a bit of clarification for anyone who is struggling to determine the connector types needed in their WLAN deployment. Here are a few connector types/names accompanied by some tips on how to identify them. (My apologies for the relatively limited selection of connector types but I'm writing this from a hotel room and using my phone to take pictures of the gear I have with me.) :

1. RP-SMA Plug (RP = Reverse Polarity and SMA = Sub-Miniature Type A). You'll note that it has a female inner-receptacle and inner-threading. 

2. RP-SMA Jack. This connector has a male inner-pin and outer-threading. Another name you might see associated with this connector is: RP-SMA Socket.

3. Type N Plug. This connector has a male inner-pin and inner-threading. Another name you might find associated with this connector is: N-Type Plug.

4. Type N Jack. It has a female inner-receptacle and outer-threading. Other names you might find associated with this connector are: Type N Socket, N-Type Socket, N-Type Jack.

5. RP-TNC Plug (RP = Reverse Polarity and TNC = Threaded Neill-Concelman). This connector has a female inner-receptacle and inner-threading.

6. RP-TNC Jack. It has a male inner-pin and outer-threading. Another name you might see associated with this connector is: RP-TNC Socket.

Properly deploying a healthy and secure WLAN can sometimes be a confusing task for the uninitiated. Hopefully, this post can clear away a bit of that confusion by helping to put a name to a few of the different connectors you might encounter.

Dan C.

If anyone has any images of SMA, or TNC connectors, and is willing to share them, please let me know and I will be happy to update this post.

Checkpoint Secure Platform Tip on Open Servers

When installing Checkpoint SecurePlatform (SPLAT) on an open server with several interfaces, it can be hard to locate the interface number to match the network card. This can also be difficult if you have added a NIC or removed one. Many administrators run into this issue, where they think the interface names and numbers are the same as the old configuration after they do a re-install or full upgrade on the same box. However, after a lot of troubleshooting, they realize SPLAT has re-ordered the interfaces and now they do not match your old config.

To avoid this trap, there are a few ways to deal with this. One way is to watch the console of the box while you pull and plug cables in. After pulling cables from the NICs, the console will indicate that eth1 has been unplugged or eth2 has been unplugged. This is one way to track the interface numbers to NICs but isn't optimal since it requires you to cause a network outage.

Another easier way to do this is by using the handy ethtool command, native to SPLAT. In expert mode, you can run the following command:

ethtool –p nickname

For example: ethtool –p eth1

Once this command is entered, it will cause an interface to blink - this will be the correct NIC. In our example, the interface that is blinking will be eth1. This can be repeated for all the NICs starting at eth0. Most broadcom NICs will blink many times and stop automatically while Intel NICs will blink constantly until the command is stopped. This trick works well on quad cards and can also be used when your are adding or removing NICs.

Mike A.

Did you find this tip useful? Do you have a tip that you think people should know about? Please leave your thoughts in the comments section below.