Getting Internet Service Requires More Than Excellent Signal Strength

As computers in general, and WiFi in particular, become more like home appliances and less tools or toys owned by the geeky or the wealthy, not everybody who needs Internet access will be able to get it at any given time. Some people aren't aware of the details involved, especially when using the convenient WiFi connectivity. Reports like

My Internet connection is Excellent, but when I start Internet Explorer, I see

The page cannot be displayed.

What is going on here?

are becoming more and more common in many forums.

Between turning on on your WiFi equipped computer, and seeing the home page of your choice pop up in the browser window, there are a few details which you need to consider.

• Is this your WiFi access point? Setup your WiFi access point so you connect only to it.
• Are there any signal interference sources inside your home? Make sure that noise doesn't prevent your connection.
• Is your WiFi security setup properly? Make sure that you can connect, but your neighbours can't hijack your connection.
• Is your selected WiFi channel available? Make sure that there is bandwidth available.
• Have you run a WiFi environment survey? Make sure that there is a channel available.
• Have you tried using Ethernet? Make sure that the problem is with WiFi, not your Internet service in general.

All of these are issues which involve WiFi connectivity, and all different ways. The bottom line, though, is that WiFi will never replace Ethernet. And there are other issues which affect Internet connectivity in general, but might still affect this computer, alone.

>> Top

Windows Vista, and Network Location Awareness, With Multiple Network Adapters

Some owners of laptop computers, running Windows Vista, are reporting an inaccurate network status indicator when the computer is first started, and connected to the network.

When a Vista computer is started, the network status indicator - the little globe icon in the tooltray - will indicate "Local Only" status. If you go ahead and start a browser, or other Internet client component, you'll get a connection, but it may be very slow for a while. Eventually, the network status indicator will change to show "Local and Internet", and connectivity will return to normal.

This is a problem with the Network Connectivity Status Indicator (NCSI) component of the Network Location Awareness (NLA) service, and how it determines Internet connectivity when there is no active network traffic. Even if the NLA is able to verify Internet connectivity, when there is more than one network adapter on the computer, NLA can't determine which adapter has connectivity, so NCSI shows all adapters as being connected locally only. This is a problem when connectivity is through a router, and a DNS probe is used to determine connectivity.

Many late model (which is what you would want running Vista, after all) computers have an IEEE 1394 (Firewire) port. Similar in function to USB (but receiving less consumer support), a 1394 Firewire port is supported as a network adapter in many desktop and laptop computers. If your desktop or laptop computer has the problem with "Local Only", and it has only one network adapter, run "IPConfig /all", and examine the log.

If you see an entry for "IEEE 1394", this could be a problem. You can disable this device from the Network wizard (called in Windows XP, "Network Connections"), or using the Device Manager under System Properties, if you don't intend to use a 1394 network. Not a lot of us use (or intend to use) 1394 networking.

Firewire is the best known alternative networking adapter, which is part of what is being called Personal Area Networking (PAN). Two other possibilities include InfraRed and USB.

Another possible contribution to the problem would be the IPV6 Tunnel adapters. You may get relief from the problem by (KB929852): disabling IPV6.

Microsoft Help and Support: (KB947041): The network connectivity status incorrectly appears as "Local only" on a Windows Server 2008-based or Windows Vista-based computer that has more than one network adapter describes the problem in more detail, and should eventually identify a solution.

>> Top

Analyse Your WiFi Environment Objectively #2

When you have a WiFi LAN, and want to find out why it doesn't perform as well as you'd expect to, the first thing most folks will instruct you is

Do a WiFi site survey. Find out what your neighbours are doing.

When a site survey must be done, the best known procedure is to run NetStumbler.

But NetStumbler, for all its highlights of being easy to use, and well known, has shortcomings.

• It doesn't support 802.11n client equipment.
• It doesn't reliably detect 802.11n networks.
• It doesn't run under Windows Vista.

Fortunately, there are new WiFi spectrum analysers, available now, that may provide help where NetStumbler fails. Two such products are InSSIDer (from MetaGeek), and the Xirrus Wi-Fi Monitor Gadget for Windows Vista.

>> Top

Powerline Networking - A Cabled Network Without Ethernet Cables

When it comes to networking your home or small office, I like to say "Ethernet for security and stability, WiFi for convenience". Unfortunately, you'll occasionally have a problem where you can't run Ethernet cables, and WiFi won't do the job either. Fortunately, any building with computers, and most without, has a third possibility - one that uses cables already installed - the power cables in the walls.

Ethernet Over Power, or Powerline Networking, is pretty simple. At each location where you need a network connection, you plug an EOP bridge into the wall, and an Ethernet cable connects to that. The other end of the Ethernet cable you connect to a single computer, or to a hub, switch, or router.

There are several vendor choices for EOP bridges, and here are 3 examples.

• Linksys PLEBR10
• Netgear HDX101
• Netgear XE102

Ethernet Over Power has its disadvantages, of which you must remain aware.

1. They have a limited market, so you'll have less choices and you'll find them relatively pricey, as compared to WiFi.
2. They are proprietary - each of the 3 choices above will only work with others in the same product line.
3. They use the 120V power circuits, and on a typical 240V service you will have to ensure that all units are plugged in to the same 120V half of the 240V.
4. Like WiFi, they are half duplex. All EOP devices, even if they will not network together, will still have to share the powerline signal spectrum.

Issue 1 is simple economics. More WiFi components are sold than Powerline Networking / Ethernet Over Powerline. More sales volume = more competition = lower prices = more sales volume. Look at the choices for WiFi, and compare that to EOP.

Issue 2 is unfortunate. The HDX101 and the XE102, even with both made by Netgear, will not participate in a network.

An HDX101 may coexist with HomePlug 1.0 products, but is not compatible nor interoperable with NETGEAR’s XE104, XEPS103, XE103, XE102 or WGXB102 Powerline products.

Issue 3 is a fascinating concern. In a typical domestic wiring system in the USA, you'll have a 240V service, which includes 2 hot leads providing the 240V. There will be a third lead, neutral, such that the neutral and either one of the hot leads, in combination, provides 120V. This is a 240V split service, providing 2 "legs" of 120V each.

Small appliances and light bulbs, in the USA, use 120V. With a 240V split service, half of the appliance / lighting circuits will be on one hot lead (1 "leg" of the service), and the other half on the other leg, providing a balanced load. When you setup your EOP bridges, they will all have to be on the same 120V leg, or there will be no signal between the bridges.

Essentially, you could (unreliably) have two EOP broadcast domains. All EOP devices on one leg will irregularly receive signals from the EOP devices on the other leg. When you turn on your kitchen stove, or other 240V appliance, you may get signals from one leg to the other; at other times, both legs will be isolated. If you don't plan for this to happen, you will learn it the hard way.

To identify which legs your prospective EOP bridge locations are on, examine your circuit breaker box. First, identify the breaker servicing each location. Verify the proper breaker, by plugging a lamp into the outlet, flipping the breaker, and watching the lamp go off then on. Having verified the breakers, examine their relative locations. Most breaker boxes will have the breakers arranged in two vertical columns, with alternating rows of breaker slots on different legs.

If you have two breakers vertically adjacent (in either column), it's likely that the two circuits will be on different legs. With breakers separated by 1 breaker slot, they will be on the same leg. With breakers separated by 2 breaker slots, they will be on different legs. And so on.

Note that two breakers, separated by a double width breaker (240V circuit, occupying 2 slots), will still be on opposite legs. Two slots (one double width breaker) is the same as two slots (two single width breakers); and the two breakers on opposite sides of the two slots will be on different legs.

Issue 4 is similar to WiFi. All EOP devices on the same service will have to asynchronously share the powerline signal spectrum, regardless of product line, and only one device can transmit at any time. The more EOP devices you have, the less efficient your powerline network will be. Despite different product lines being incompatible with each other, they all still have to share the powerline spectrum, as peers.

Despite the above problems, though, Powerline networking is a good solution when you can't run Ethernet cables, and when you can't get a WiFi signal to reach.

Note that EOP, for computer networking, is a relatively new technology. X-10 Remote Control Appliances / Lighting, which also sends signals over the AC power grid, is not. The problem of signal propagation on a 240V split service has been a long time problem for X-10 owners. There may be X-10 solutions that are usable in EOP scenarios. It's also likely that EOP and X-10 may be incompatible, on the same service or in the same neighbourhood. X-10 also makes remote (wireless) stereo speaker systems, which may present the same challenge.

>> Top

Ad-Hoc Networking

Microsoft Windows is called a Network Operating System. Computers running an operating system like Microsoft Windows (any of the many versions) were designed to be networked. As I've said elsewhere, if you have one computer, you have the beginning of a network.

The minimum complement of equipment, that you need for a computer network, is 2 computers and the appropriate networking components. The simplest networking component set would be two Ethernet adapters (one in each computer), connected by a bit of Ethernet cable, generally (but not always) a cross-over cable.

That's an ad-hoc Ethernet network. It's similar to hub (router / switch) based Ethernet networking, but without a hub (router / switch).

You can also have a network without any Ethernet cable, if you replace the Ethernet adapters with WiFi adapters. That's called an ad-hoc WiFi network.

An Ethernet based ad-hoc network is frequently limited to 2 computers. An Ethernet cable has just 2 ends - to get any more, you need a hub (router / switch). With a WiFi based ad-hoc network, you can have any number of computers connected, with minimal effort.

But there are several disadvantages to ad-hoc WiFi networking.

• One of the biggest is security. The minimum acceptable standard for WiFi security is WPA. Unfortunately, WPA requires a WiFi Access Point, to manage authentication / encryption. With no WAP, you're limited to using WEP to protect yourself, and WEP just isn't adequate security.
• With a router "in charge" of the network, you'll generally get more throughput. Client - server (with the server in charge) is more efficient than peer - peer (with no one in charge).
• Most WiFi equipment, in ad-hoc mode, will only operate in 802.11b mode, and get up to 11M of bandwidth total.
• Without a router, and a DHCP server built-in, you'll have to use ICS (if you're sharing Internet service), or pre-assign fixed IP addresses to each computer.
• You'll have to pre-assign channel number and SSID on each computer, as the normal WiFi Client won't find your ad-hoc network by scanning. Nor will it give you a signal strength indicator.
• You won't be able to disable SSID broadcast (not that this is a bad thing). In ad-hoc mode, SSID broadcast is forceably enabled.

Remaining aware of the limitations of ad-hoc WiFi, see specific details of the setup process

• About.Com How To Set Up an Ad Hoc (Peer) WiFi Network
• Microsoft Experts: Making the Wireless Home Network Connection in Windows XP Without a Router
• Microsoft Windows Vista Help: Set up a computer-to-computer (ad hoc) network
• Microsoft Windows XP Help: Set up a wireless network without a router

For a quick LAN, ad-hoc WiFi is OK. In an otherwise secure environment (maybe a single conference room deep within your office complex) it's perfect for a quick conference, and application sharing. For long term, really secure networking, though, you can't beat a properly setup, router (WAP) based network.

>> Top

Beware The Honeypot

Many, Many years ago, when the USA was first settled, nobody worried about the neighbours. Anybody living in the wilderness was happy to see another human being - and if you went out to work in the fields during the day, you'd leave the front door latched (don't want the pigs or chickens wandering through the house), but nobody locked anything. If you had a front porch, you'd have an easy chair or two, and a bucket of water there for your guests. Anybody wandering by was free to "set a spell and have a drink".

When WiFi was first developed, nobody cared about freeloading. If you had a WiFi AP, you connected it to your Internet service, and left it open. Anybody wandering by was welcome to "set a spell, and borrow the connection". Then freeloading got serious - people like Walter Nowakowski, in Toronto, became common.

People would protect themselves, and WEP was developed. And people learned to crack WEP.

Some of the more ingenious WiFi owners became devious.

If I have a WiFi AP that's protected, and my neighbour has an AP not protected, any wardrivers will be using my neighbours, right? Nobody is going to go after a protected AP, when there's an unprotected one nearby?

and continued with

OK, if a wardriver sees 2 APs, he can't tell that's not two different people. I'll setup an unprotected AP, and wardrivers can use that.

Kind of like the front porch with the chairs and water bucket.
Yet there was more.

Why should I let folks use my connection, to download kiddie porn? The FBI will notify my ISP, and I'll lose my service. OK, disconnect the Internet from the open AP.

and the open AP became a Honey Pot. You can connect, but you aren't going anywhere.

Some WiFi security experts even laugh about the wanna be wardrivers. Maybe even keep logs by MAC address. The ones who really have idle time to kill might even use NetStumbler or similar software to seek out, by triangulating, the hapless wardriver, maybe take his picture or taunt him otherwise.

The really nasty ones might attach a computer, with a spoofing DNS server, and let you think (initially) that you're connecting to "www.google.com". Then they will try to serve you the hack of the week, from their computer. An old 486 laying around would be perfect for this task. Who cares if it takes 5 minutes to respond? That wardriver isn't going anywhere. Who cares if he gives up?

So, if you are using WiFi, and you're attached to an easy and seemingly available AP that you don't know about, use common sense.

• Use PingPlotter or a similar tool to make sure that it actually connects somewhere.
• And, for heavens sake, protect your computer!
• And learn the difference between seeing

  Connected to XXXXXXX - Signal quality xxxxx.

  and actually having a connection, to the legitimate Internet.

Think.

>> Top

Connecting Two Dissimilar Networks, Intentionally

Microsoft Windows operating systems in general, and Windows NT (2000, XP, 2003) in particular, use Internet Protocol for connectivity. In most cases, when I'm providing advice about connecting two dissimilar networks, I'll advise using a router.

• With two different networks, using a different medium, the differing nature of the network traffic justifies use of a router, for efficiencies sake.
• With two dissimilar networks, with differing security levels, the security differences justifies use of a router.

But what about those cases where you own and control both networks, and you intentionally want to keep the traffic on both networks equal? If you have a LAN, you want all computers on the LAN to be able to access each other, seamlessly. But Windows Networking in general, and NetBIOS Over TCP in particular, doesn't pass thru a router transparently.

What you need is a simple switch, but for two different network mediums. And that is called a bridge.

Now if you do WiFi, you may have already read about making a WiFi bridge from a NAT router. That's a standard solution. But what if you only have a computer, but with 2 different network connectors? Pick 2 of any:

• Ethernet.
• Personal Area Network.
• WiFi.

If you have 2 computers, and a network, and only one of the 2 computers has the proper equipment to connect to the network, but both computer can connect to each other, what do you do? If the one computer (with 2 connections) is connecting to a public network, and the second computer needs access to that public network, you can run Internet Connection Sharing on the first computer.

But ICS provides a routed connection. When the first computer is connecting to a public network, connecting the second computer thru a router makes sense - a router is the outer layer in a layered security strategy.

>> Top

WiFi Authentication

When you setup your computers on your network, and your network is used by more than one person, you'll likely have files and folders on your computer that you don't want other people to access. Windows file sharing, and access permissions, is a complex subject with many issues to challenge you.

When you setup your WiFi LAN, you probably have simpler goals.

• Allow you (and your family, friends, co-workers, other folks you know) to connect to your LAN.
• Prevent folks you don't know from connecting to your LAN.

With these simple goals, you setup very simple security. Give everybody (every computer) a simple, pre-shared key. WPA-PSK is the simplest effective solution for securing your WiFi LAN.

Given the possibility that you might not want everybody to have WiFi access permanently, WPA-PSK may not be versatile enough for you. You can setup individual access, using 802.1x authentication, which generally uses a RADIUS server. To use 802.1x authentication, you have to setup 3 components.

• A RADIUS server.
• Your router or WiFi access point.
• Your WiFi clients.

If you select 802.1x authentication in the WiFi client setup, and you don't have a RADIUS server, your WiFi client will spend a lot of time needlessly trying to contact a RADIUS server. If your WiFi connection drops regularly and resumes with no action taken by you, or regularly hangs with high bandwidth peaks (say every 60 or 120 seconds), check your WiFi client, and make sure that 802.1x authentication is not enabled.

Interestingly enough, 802.1x authentication is a selectable feature on most client connections, Ethernet as well as WiFi. Selecting 802.1x authentication on an Ethernet LAN, without a RADIUS server, isn't usually a problem, as it is with WiFi.

You may also see odd behaviour like this, if you are running two or more WiFi clients.

>> Top

More WiFi Bandwidth? Not This Year

If you have a network of computers, you're probably connected by Ethernet in some portion of the network, so you're used to the Ethernet 100M (or newer 1G) bandwidth. You like the freedom of WiFi, but freedom comes at a cost - loss of bandwidth. The current WiFi standard 802.11g has a maximum bandwidth of 54M (and I should emphasise maximum, here).

So the WiFi manufacturers are trying to satisfy your need for high bandwidth, and they came up with a couple solutions, which will have a maximum bandwidth of 108M. The new standard includes 2 features (using names which vary by vendor):

• MIMO.
  
• Super-G.
  

MIMO, or Multiple-input Multiple-output, uses multiple radios and antennas. MIMO has two components.

• Antenna diversity. If you're familiar with FM radio in your car, and multi-path interference, you'll know the value of antenna diversity. The idea behind antenna diversity is that, if the signal from a radio transmitter is weak on one antenna, because of MPI, it will, hopefully, be stronger on another antenna some distance away from the first. A special processor does nothing but compare the signal being received by two different antennas, and select the stronger.
  
• Beamforming. Antenna diversity counter acts multi-path interference. Beamforming uses the principle of multi-path interference, at the transmitter, to focus the strength of the transmitted signal in one direction. Using the diversity antennas on a MIMO component, it's possible to identify the relative location of the other device in communication; using beamforming, the transmitted signal is focused in that direction.
  
• By combining antenna diversity and beamforming, it's possible to extend the effective range of a WiFi conversation. You can locate the router / access point, and the client computer(s), at a greater distance from each other, and yet get acceptable performance.
  

With 108M, aka Super-G, there is one channel - "6".


Are you curious about how many WiFi channels actually exist?



Both MIMO and Super-G will give you more bandwidth, and more effective range, assuming that you have no neighbours with WiFi. If you have neighbours (and who doesn't), only one of you can use a channel at any given time. Your equipment will have to decide how to share the channel. But, there are additional issues here.

• MIMO will increase the effective size (area) of your WiFi neighbourhood, by increasing the effective distance between WiFi components that can detect each others signals. This increases the number of devices that have to share the channel, at any time.
  
• Super-G will increase the size (volume) of your WiFi neighbourhood, by using more of the frequency spectrum to create more bandwidth. More channels used by your WiFi router increases the number of devices that have to share the channel, at any time.
  
• More devices that have to share the channel means less time each device can transmit, and less bandwidth available to each client device. More devices that have to share the channel means more possibility of collisions, at any time, and again, less bandwidth available to each client device.
  
• Neither MIMO nor Super-G are part of any ratified standards. You can't predict, with any reliability, how well equipment from different vendors will interact with each other. This will affect performance on your LAN, and between your LAN and your neighbours LAN. Check out ExtremeTech: Real-World Interoperability Tests of Five 802.11n Routers for a good discussion of this issue, with actual hardware testing results.
  

The dynamic effect of MIMO beamforming may have another effect. When you setup a WiFi LAN, you're advised to try different channels (most objectively, using NetStumbler or a similar site survey tool). Over some period of time, you should be able to identify the majority of your WiFi neighbours, and pick a less congested channel.

With a WiFi router that uses beamforming, you'll have a dynamic signal pattern, which will change as a WiFi client is moved around the house. There will be a constantly changing visibility of WiFi neighbours, on any given channel (or group of channels). This will cause problems similar to the WiFi hidden node problem. Some victims of a neighbour using beamforming may see this as "channel hopping", as a neighbouring network will come and go, repeatedly, on the channel.

In short, neither MIMO nor Super-G are products which will be useful in neighborhoods of any density.

For more information, and discussions pro and con, see

• 54g.org White Papers Index
• Atheros White Papers Index
• Texas Instruments: WLAN Channel Bonding: Causing Greater Problems Than It Solves

>> Top

Automatic Metrics and The Ability To Roam Wirelessly

If you have a portable computer, and you've setup a WiFi LAN in your house or office, you'll enjoy the freedom of moving around the house, at will, while still connected to the LAN. Even so, sometimes there will be times when the WiFi connection isn't enough. You'll never get rid of Ethernet, completely.

Most portable computers come with an Ethernet adapter, and a WiFi adapter, installed and activated. The Automatic Metric feature in Windows XP let you leave both connections activated, and will use the fastest connection, that is working, at any time.

You can use automatic metrics (by default), or you can manually change the settings to prefer either connection, using the TCP/IP Properties - Advanced wizard.

NOTE: Using the Automatic Metric feature on a laptop having a role as a server on your LAN may cause problems with the browser infrastructure. Don't carry a server around without understanding the complications.

>> Top

Your Neighbour's WiFi

One of the limitations of WiFi is that it's not scalable, and it has a finite capacity. You cannot get more than (currently) 108M bandwidth. You simply won't be able to stream the latest movie in 3D multi-colour to every media computer in your house without seeing some performance limitations. And that is your own performance limitation. If your neighbour has a WiFi LAN, you will also have to share the bandwidth with him (her). WiFi simply does not have unlimited bandwidth, new technology or not.

In any domestic situation with neighbours, for a problem like a loud stereo, the tendency is to turn your own stereo up. Crank that sucker. This is, however, not a good, long term solution.

• You possibly have up to 8 immediate neighbours, and more beyond them. Some of those neighbours, also currently suffering from your neighbour stereo, now have to suffer from yours too.
• Your neighbour will probably turn his volume up yet again, to overcome the new "noise" from your system.

Like every analogy, this one suffers from a major problem. With loud stereos, it's easy to find where the noise is. Just follow your ears. Then call the police, and have them deal with the problem.

If your neighbour has a "loud" WiFi LAN (ie SuperG or MIMO), you won't be able to follow your ears. Nor will, I suspect, the police be interested in becoming involved. You're going to have to find your neighbour, and you're going to have to convince him to turn his stereo (WiFi) down. Or suffer in silence.

You can start with NetStumbler, and triangulate the problem. Then, you'll have to use diplomacy, not technology. You'll not solve the problem by getting a high power AP.

I, and others like me, have seen this situation coming for some time. Here is one possible real life example, and here is a second possible real life example. And even if neither discussion is diagnosed with this cause, this scenario is coming. Channel saturation, and unexplainable intermittent bandwidth variation, will become the norm, not the exception.

>> Top

Choose Your WiFi Client Manager Carefully

When I got my laptop, it came with built-in WiFi, and with 3 programs ("Client Managers") to manage the WiFi connection.

• HP - The laptop vendor.
• Intel - The WiFi card vendor.
• Microsoft - The operating system vendor.

The problem is, only one program can manage a WiFi card at any time. Multiple managers = confusion = random disconnects. Each Client Manager program will be different.

• Information displayed.
• Organisation of wizards to make settings changes.
• Security options.

The Microsoft product, Wireless Zero Config, has one major advantage. WZC runs as a service. If you depend upon your computer having connectivity without you being logged in, or even immediately after you login, you may find this a useful feature.

Just make sure that only one client manager is run, at any time.

>> Top

Setup WiFi - And WPA - Carefully

Setting up a WiFi LAN is a great experience. The convenience of surfing the web from your back yard, or sharing files between your main computer and your music server, without running wires here and there, is exhilarating. But there is stress involved.

When you connect a computer to a WiFi LAN, with WPA (and WPA-PSK is absolutely the minimum security measure that you should - no must - take), you are testing a number of things, simultaneously.

• The WiFi router.
• Your computer.
• Your WPA setup.

Now if you do this carefully, and with a small amount of preparation, the whole project can take an hour - or less. Plan it wrong, or make a mistake, and you could be days figuring out the problems. Use a layered strategy - similar to layered testing.

1. Get each computer connected, by Ethernet, to each other.
2. Setup, and copy, a key set to each computer.
3. Get each computer connected, by WiFi, with no security.
4. Setup WPA on the router, and on each WiFi client.

The different WiFi router vendors have different ideas what type of key their WPA security should work with. Steve Gibson's GRC "Perfect Passwords" Generator will give you a choice of 3. Here's an example of what you might be provided when you click the latter link. Try it, and see.

• 64 random hexadecimal characters (0-9 and A-F) (not case sensitive):
  

  1DBE12287EC82B22233C74B356BAC5E4EDC1447168B5F5A9C985C154220E0568

  
  
• 63 random printable ASCII characters (case sensitive):
  

  Hb+r#^S-T/1!JTP0_~SB 4&rQ7|s"q)7S`teMB`]x_uGATQQ-{B:=%W/_")$w6h

  
  
• 63 random alpha-numeric characters (a-z, A-Z, 0-9):
  

  0btNigYpFmG5MGDBahRnw203t6jQlCYCNcuvCYgGAZVCFSLSwp7deBMj9Iy7Vfr

  
  

All I do is to go to the web page (where it generates a new key set each time - try it), copy the six lines (as in the above list) to a Notepad file, and save the file. Then, with all computers connected by Ethernet (step 1 above), copy the file to each computer. Depending upon the router, one key may work properly, while another won't. Having 3 possibilities, in an identical set on each computer, means repeatedly copying and pasting, without having to worry about getting the computer back online, by other means, to simply copy another file.

After you copy the key set to each computer, start up the WiFi radio, and the WiFi clients. Start with WiFi in open (unencrypted) mode. Make sure that the router works, and you have a working signal, by testing without setting up security.

Since you'll probably be testing the router connection by loading a web page, decide how comfortable you are with giving your neighbourhood open Internet access while you test. If you're not comfortable, then disconnect the Internet feed from the router, while you test, and load the router management web page for your test. Reconnect the Internet service after you get WPA security working.

After you can connect the computer without security, and all network functions work, add WPA-PSK security.

• Configure the router - copy the appropriate portion of 64 random hexadecimal characters into the router management program.
• Copy the identical portion of 64 random hexadecimal characters into the client computer WiFi client manager setup wizard.
• Test the WiFi client. If it works, fine. If not, repeat these steps, trying the 63 random printable ASCII characters, and finally the 63 random alpha-numeric characters.

This is 3 times as complex as it needs to be, and after you've done this a few times, you'll be able to simplify these procedures. But for the first couple times you do this, the careful planning, and the lowered stress level, will make it easier to not make mistakes. By not making mistakes, you're more likely for this to work. And making it work is the reason for my writing this in the first place.

>> Top

Analyse Your WiFi Environment Objectively

When you setup a network of computers, in your home or small office, a mass of Ethernet cables running everywhere can be a problem. WiFi, or Wireless networking, can provide relief from the mass of cables. But WiFi is not an effortless replacement for Ethernet. Installing a WiFi network takes careful preparation.

There are many reasons why you won't get the expected bandwidth from any WiFi network. Some of them you can correct, others you can't. And sometimes, even without you making any changes, you'll have problems. All the planning you do is useless when your neighbours install a WiFi LAN next door.

With all of that in mind, you need to evaluate your WiFi environment objectively, both before setting up a WiFi LAN, and after. When "it stops working", find out why. When your Ethernet network stops working, you can start with a simple IP scan of the subnet. With a WiFi network, you have to go a level deeper than Internet Protocol (sometimes, IP may not even be relevant).

There are many tools to objectively analyse your WiFi network; some are free, others cost good money. Here are but two.

Netstumbler makes a free, lightweight WiFi spectrum analyser from your computer and WiFi adapter of your choice. Netstumbler continuously scans the WiFi spectrum covered by your WiFi adapter, identifying each WiFi network device (whether access point / router, or client), and recording a dozen or so metrics about each network device found.

NetStumbler has two displays, both very useful. The display that you see immediately is the AP inventory, which enumerates each AP observed, and includes over a dozen very useful details about each. But you can discover more.

If you identify an interesting AP from the main list, you can find the MAC address for that AP. From a tree entry in the left column, you select a specific MAC address, and you can observe a running signal to noise graph for that network device.

Netstumbler, though free, and easy to use, has disadvantages.

• It does not work with every known WiFi adapter.
• It does not analyse non WiFi signals. If you have a cordless phone, microwave oven, or nearby ham radio operator, NetStumbler will show those merely as "noise", as part of the signal to noise ratio for any WiFi network device.
• NetStumbler binds to the WiFi adapter just like any other WiFi client. If you run NetStumbler while you're attached normally to your network, using WiFi, you'll experience the same instabilities as when when you run multiple WiFi client managers.
• It's not compatible with Windows Vista.

The Wi-Spy Spectrum Analyzer overcomes some of the disadvantages of Netstumbler. The Wi-Spy is a USB dongle / WiFi receiver, that will receive and analyse signals in the WiFi spectrum.

• It does not require an add-on WiFi adapter, and has no compatibility problems like NetStumbler.
• It provides the same sort of analyses about all detectable WiFi network devices, as NetStumbler. Also, it analyses the noise (signals from non-WiFi devices) in the spectrum, and attempts to identify the device producing the noise, from a database of known interference sources.
• It works with Linux, Mac, and Windows (Windows 2000 or XP, and yes, Vista).
• It is not inexpensive, but it is worth the price.

Note that NetStumbler has its shortcomings, in lack of support for new technology. Fortunately, alternative products are available.

>> Top

Using Public WiFi Networks

Setting up and using WiFi, as an alternative to Ethernet in your home, is a tricky project. Wifi will never be a true alternative to Ethernet.

There are things that you can't control, as a domestic WiFi LAN owner.

• Noise on the channel (analogue interference).
• Neighbors sharing the WiFi spectrum (digital interference).

When you take your portable computer to the local coffeeshop, you are still subject to the problems of a domestic WiFi LAN. You have additional problems too, issues that you (as a mere customer) can't control.

• Security used by the hotspot, to control access, and to keep the customers safe.
  
• Other customers at the hotspot (digital interference).
  
• The Internet service used by the hotspot.
  

These issues all apply after you are connected to the hotspot.

Security Issues - and the Initial Connection
Initial hotspot connection is a big issue. And authentication / encryption is a part of the connection problem.

• Authentication identifies you to the hotspot Access Point, letting only those who have legitimate access use the network. Authentication prevents unauthorised active use of the network.
  
• Encryption encodes the network activity between your computer and the access point, so no hackers can snoop on your activity. Encryption prevents unauthorised passive use of the network.
  
• WEP, which is the original standard for WiFi security, only provided encryption, with a static encryption key. The hackers figured out how to break the key, so WEP was dismissed as insecure.
  
• WPA / WPA2 has several versions of authentication and encryption. You will probably use the simplest in your home WiFi LAN: WPA-PSK with TKIP. PSK is a pre-shared key, similar to the key used in WEP, but more complex. TKIP is an encryption protocol which starts off by using the pre-shared key, but changes the encryption key regularly, to keep hackers from breaking the key. By preventing unauthorised access (by using authentication), and snooping (by using encryption), a WiFi LAN is safer.
  
• At most big hotspot chains, like T-Mobile, they have dismissed using WPA (or even WEP), because it's a pain to setup and to manage. If you setup a home LAN, you will (should) use WPA or better, because you control the LAN, and because you need to keep YOUR LAN (with maybe some non-WiFi computers even) secure. But how can you do that, if you don't control or can't meet the customers and their computers?
  • Not every Starbucks customer, with a laptop, is capable of setting up a WPA client, without help.
  • Very few hotspots have anybody on staff, even remotely proficient in setting up WPA security, and available during store hours.
  
  

With most hotspot chains, the hotspot AP itself will be open, and use a captive portal for access restriction. You connect to the hotspot, THEN you authenticate using your credit card (or maybe a token provided by the store running the hotspot). Using a hotspot provides challenges similar to, but not limited to, those involved when using a public computer.

To really understand the differences between WEP / WPA / WPA2, and open (with credit card / token), authentication, you have to start with some understanding of the OSI network model, and network layers.

• WEP / WPA / WPA2 authentication and encryption occurs at layer 2, the Data Link layer. Data link authorisation / encryption occurs between your computer, and the hotspot Access Point, with a mere minimum of information transmitted in the clear (ie visible to any hackers). Based upon the WPA shared key and settings on your computer and on the Access Point, a lot of initial conversation takes place, between your computer and the access point, that you don't see.
• Open, followed by credit card / token, authorisation, involves a brief initial conversation, between your computer and the access point, that you don't see (layer 2 again). This is followed by with some portions of the transaction transmitted in clear (unencrypted), and readable by any nearby hackers.
  • Initial connection to the hotspot AP is open to anybody. This eliminates the need for setting up WEP / WPA authentication for each WiFi customer.
  • Once a (Layer 2) connection between the AP and a client computer is established, you the customer see a "Please Login" screen in your browser, and can either enter a credit card number (if connectivity is open to everybody paying), or a token (if connectivity is sold by the store running the hotspot). Generally, the browser will use an encrypted protocol between the browser and the hotspot; if so, you will see the familiar padlock icon in your browser. This allows you to use your credit card with some degree of security (but still be careful).
  • Since you have an open connection (with maybe the credit card transaction encrypted), any Internet use will be unencrypted. Whatever you do with your browser, or any other Internet traffic, is available for snooping by any nearby hackers.
  
  
• Any Internet activity between your home LAN (or a public access point) and a distant Internet server, unless transmitted securely (with the padlock), is open to any Internet snooper. Traffic volume on the Internet is immense though, and merely snooping Internet traffic is likely to be a waste of time. With a properly setup home network, all WiFi traffic between your computer and the access point is encrypted; with a hotspot, this may not be the case. A hacker, snooping local traffic on an unprotected WiFi LAN, is much more likely to pick up relevant secrets from unwary customers.
  

Don't be an unwary hotspot customer. As with using any public computer (and even if you carry your own computer with you), protect yourself when using any LAN that you don't control.

>>Top

Other Customers at the Hotspot

As discussed in my other articles, you have to share the bandwidth. If there are other customers at the hotspot, they will be accessing the Internet too. If they are just browsing the web, and you are doing likewise, you can likely share just fine.

If either you or another customer is using a hotspot to download large music or video files, the other customers may suffer from degraded service. As with any WiFi LAN, depending upon how the hotspot is setup, those with intense network activity (such as downloading large files) may cause unfairly degraded service for the other users.

• Don't go to a crowded hotspot and download large files during peak use periods.
• Don't be surprised when your network performance drops during peak use periods.

>>Top

The Internet Service Provided By The Hotspot
As in your home, the quality of the Internet service provided, to any hotspot, may vary. Cable broadband based Internet service will vary depending upon time of day (and Internet access by the cable customers who are immediate neighbours to the hotspot). DSL based Internet service will vary depending upon the distance from the hotspot to the telephone connection office.

Issues like the WiFi channel used, which you would change at home to avoid interference by the neighbours, will be ones that you won't be able to control. And service outages, that you can only report to your ISP from home, you won't be able to report to the hotspot service provider. They will affect you, nonetheless.

You Have To Share The WiFi Bandwidth

The most common networking medium today is Ethernet. The most popular Ethernet uses 4 wires, 2 for sending and 2 for receiving, to provide 100M full duplex bandwidth. The equivalent to 100M Ethernet is 802.11g WiFi, which provides 54M half duplex bandwidth.

If you have just 2 computers with Ethernet adapters, the simplest thing to do is to connect both with a cross-over cable. If you have 3 or more computers, you'll likely get a switch or router, and connect each computer to that, one Ethernet cable / computer. With full duplex switched Ethernet, you'll get a total of 200M bandwidth in each conversation between a pair of computers - 100M sending, and 100M receiving. As you add computers and Ethernet cables, the total bandwidth provided by your network grows. This is why we say that an Ethernet network is scalable.

Wifi, on the other hand, is not scalable. With your computers connected thru WiFi adapters, whether directly to each other (ad-hoc mode), or to a WiFi router (infrastructure mode), all computers must use the channel together. No matter how many computers you have - 2, 3, or more, your computers will have to share the channel. And if your neighbour has a WiFi LAN on that channel, your computers will have to share the channel with your neighbours WiFi LAN.

By saying "share the channel", I am saying that, when your WiFi router is transmitting, no other computer or router within range of your router can transmit. Only one device - computer or router - can transmit over any channel at any time.

To share the channel, a WiFi device uses a strategy called Carrier Sense Multiple Access/Collision Aviodance (CSMA/CA). CSMA/CA, which is similar to a strategy previously used by classical (pre-switched) Ethernet, is not an efficient strategy.

• Each WiFi component has to listen to the channel for some amount of time, before transmitting, to ensure that nothing else is currently transmitting. Precious portions of your 11M (54M, 128M) bandwidth are wasted, when listening.
• Even with each WiFi component listening to the channel before transmitting, it's always possible to have a collision, when two or more components pick the same time to start transmitting. When there's a collision, both components will have to retransmit; more of your bandwidth is wasted, when retransmitting.

With Ethernet, if you use the proper equipment and design your network within limits (mainly, with each computer connected, by no more than 100 metres of Cat-5 or better cable, to the router or switch), you're pretty much guaranteed 100M bandwidth. With WiFi and CSMA/CA, the general estimate is that you will get 1/3 - 1/2 of the stated bandwidth. And that only involves your computers and router, with your router managing the relationship. When your neighbour's WiFi LAN becomes involved (and both routers have to manage a peer-peer relationship), your channel availability, and bandwidth, drops further.

There are 11 802.11 channels, but only 3 do not overlap. To minimise interference with other WiFi networks, everybody should use only channels 1, 6, or 11.



Non Overlapping Channels
Bottom ("1")
Middle ("6")
Top ("11")


Now, 802.11b and 802.11g are mature, ratified standards. Each manufacturer of standard equipment designs it to perform in a predictable way, so if your WiFi router has to share the channel with a router made by another manufacturer, it will perform properly. But 802.11g doesn't provide enough bandwidth, so the manufacturers have developed a new standard, 802.11n. The new standard was only recently ratified by the various WiFi vendors, and this will limit its effectiveness.

As you increase the effective size (area / volume) of your WiFi neighbourhood, your WiFi components will be able to detect ("see") more WiFi networks using any channel. Since only one WiFi device can transmit at any time, your WiFi network will spend more time waiting to use the channel. When simply waiting becomes unsuccessful, it will spend additional time recovering from collisions. More waiting / collisions = less effective bandwidth = slower file transfers. Pure and simple.

>> Top

Stabilise Your WiFi - Use Only One WiFi Manager

When I got my laptop, I was not at all impressed with the WiFi performance. Two or three times daily, I would have to reboot it, or the WiFi router, to get the laptop online. Compared to Ethernet, and especially compared to the other computers in my LAN, this was unacceptable.

Even after researching all of the known WiFi instability issues, I got nowhere.

A month after first getting the laptop, I reformatted and reloaded the operating system. As a side effect of doing that, I inventoried the WiFi manager programs, and I had 3.

• HP - The laptop vendor.
  
• Intel - The WiFi card vendor.
  
• Microsoft - The operating system vendor.
  

As part of the effort of reloading the operating system, I realised that having three WiFi manager programs loading was not a good thing. So I carefully compared all 3 programs, and in my case, decided that the Intel WiFi manager program was the best for me.

Using Autoruns and Process Explorer, repetitively, I located and removed all startup entries for both the HP and Microsoft WiFi managers.

Since I reloaded the operating system, my laptop has been rock solid reliable. It, as my other computers, generally stays online 24 x 7 x 52.

When you consider doing this, you should plan on both proper preparation, and some detective work.

• WZC, the Microsoft supplied WiFi manager, is a service, and it starts when the computer is started up. WZC, as a service, runs as a system level process.
• Most vendor supplied WiFi managers start after the user logs in to the computer, and run as user level processes. User level processes don't have the ability to start, stop, enable, or disable WZC.
• You should plan on installing the WiFi device(s), and disabling / removing any extraneous processes (whether vendor or WZC), while logged on as an administrator.
• Many vendor supplied WiFi managers run as multiple processes, and you (as the administrator) may have to work to find all processes (as with Autoruns, as referenced above).

Corporate Security Policy

Every company that uses computers, and connects to the Internet in some way, needs a Corporate Security Policy.

A Corporate Security Policy can be simple, or complex.

• It can be as simple as "No surfing the web from company computers".
  
• It can be complex, and include multiple sections.
  
  
  
  • A business section, describing why the company needs Internet access, what it trusts its employees to do, and what they must not do.
    
  • A data protection section, inventorying what essential company data is retained in its computer network, how the data is protected and backed up, and how it will be restored in case of disaster. This is also known as a Business Recovery, or Contingency, Plan.
    
  • A security section, listing what protective measures are taken, both active and passive, including monitoring to ensure that its employees are using its resources properly.
    
  • A technical section, inventorying the company network, and describing the network devices and computers.
    
  • A response section, detailing what steps are to be taken when a problem is detected by its security.
    
  • A legal section, detailing how employees will be treated when they are determined to be in violation of the other sections.
    
  • An ongoing assessment section, describing how periodic evaluation of the CSP is to be conducted. Since a CSP is not static, it must be periodically reevaluated.
    
  
  
• It can include more or less, according to the needs of the company.
  

A CSP with any degree of complexity needs multiple personnel to develop, and approve, its content.

• Information Security.
  
• Information Technology.
  
• Human Resources.
  
• Legal.
  

Setting Up A WiFi LAN

Are you new to networking, or have you setup a few networks in the past? Networking looks really complicated (it can look that way), but it's basically just hooking up a few wires, and praying real well.

Setting up an Ethernet LAN is pretty simple, but it contains one annoying detail. With a wired LAN, unless the computer and router are right next to each other, you have to figure out how to locate the Ethernet cable that connects them. With a wired LAN, you have cables everywhere.

A WiFi LAN lets you remove the cables. With more work in the beginning, you're freer in the end. Without a simple physical cable, which you can see and touch, you have to setup a wireless connection, that you can't see or touch. But know, and understand, the limitations of WiFi.

• Make It Easy For Yourself - Design The Installation Properly.
  
• Plan The Installation.
  
• Setup The Access Point / Router.
  
• Setup The Clients.
  
• Tune The Wireless Setup.
  

Make It Easy For Yourself - Design The Installation Properly
Purchase The Right Equipment. You can setup a WiFi network without using a router / WiFi access point - this is called ad-hoc WiFi. But setting up an ad-hoc WiFi network is more complicated, and less secure, than an infrastructure (router / WAP based) network.

Plan The Installation
Read The Manual. Having carefully selected your WiFi Access Point / Router, and your WiFi Client Adapters, you hopefully spent some time acquainting yourself with their features. Now, spend some time perusing the guides and instruction manuals. Doing so is a good investment of your time.

Test As You Go. If this is the first time you've setup WiFi equipment, you may benefit from testing as you setup. Having 2 computers is a very good idea

1. Connect one by Ethernet to the AP, and use it to make changes in the AP settings.
2. Connect a second by WiFi, and use it to test the changes to the AP.

Having 1 computer, doing dual duty, can be done; but having 2 computers is a lot less stressful.

Stage The Installation. Setting up a WiFi LAN can be pretty stressful - it's 3 or 4 times as complicated as setting up an Ethernet LAN. If you plan, and setup in stages, you can reduce your stress level significantly.

Setup The Access Point / Router
You still need an Ethernet cable when you setup the access point / router. Whenever you make configuration changes to a router (wired or wireless), the router may have to restart itself. When that happens, you will lose connectivity. Reestablishing connectivity with a wired connection is bad enough; reestablishing a wireless connection in some cases (if, for instance, you get the WPA key wrong) will be impossible. Always connect by Ethernet, if not absolutely impossible, when making changes.

Even though you may have bought the router that afternoon, it may have been sitting in the store for a while, and the vendor may have issued firmware updates for it since it was shipped from the factory. Check with the vendor, and see if any firmware updates are available.

• Setup your computer as a DHCP client.
  
• Install an Access Point / NAT router, and give it power.
  
• Connect an Ethernet cable to the router, and to your computer.
  
• Power your computer up.
  
• Connect your computer to the router thru your browser.
  
• Install any available firmware updates to the router.
  
• Make all the necessary IP and WiFi settings to the router.
  

NOTE: Most access points and routers, wired or wireless, will come with installation guides and configuration utilities, and some will offer to install software on your computer. If you plan your installation properly, no additional software should be necessary. Your Windows system has a browser, and that should be all the software that you need to connect to your access point or router. Don't install unnecessary software.

The changes to a WiFi access point / router include Internet Protocol settings (like a wired NAT router), and WiFi settings. WiFi settings include:

• Connectivity settings.
  
  
  
  • Channel. You need a channel with no other devices within range, to get maximum bandwidth.
    
    
    
    • You can choose from any channel number 1 - 11 (in the USA). To minimise interference, and maximise satisfaction between WiFi neighbours, we choose between 3 non-overlapping channels 1, 6, and 11.
      
      
      
      Non Overlapping Channels
      Bottom ("1")
      Middle ("6")
      Top ("11")
      
      
      
    • With 802.11g-super, there is no channel choice. If a channel number is displayed, it will be "6", and be unselectable.
      
    • If there is any other network within range, using any channel which your router may use, you won't get maximum bandwidth. You will have to share the channel with your neighbor.
      
    
    
  • Interoperability. What standard will you use - 802.11b, 802.11b/g, 802.11g, or the newest (and currently not complete) 802.11n?
    
    
    
    • With 802.11b, you'll get a maximum bandwidth of 11M (half duplex).
      
    • With 802.11b/g (having a combination of 802.11b and 802.11g devices on your LAN), you will get between 11M and 54M (probably substantially less than 54M though). (Again, half duplex).
      
    • Only with 802.11g will you have a prayer of getting a full 54M (and that's with no 802.11b networks anywhere visible). (And still, half duplex).
      
    • If you have 2 802.11Super-G devices, from the same vendor, and no other WiFi devices are within range, you might be able to get 108M.
    • If you get 802.11n equipment, and have no other networks within range, you might get 108M or higher. This simply can't be objectively predicted, for any location, though.
    
    
    
    
  
  
• Security settings.
  
  
  
  • Authentication. How will the wireless clients identify themselves to the router?
    
  • Encryption. How will the wireless clients keep your communications, between themselves and the router, private?
    
  • Logging. How will YOU know what is happening on your WiFi LAN?
    
  • Visibility. Hiding the SSID will not help you, and may hurt network performance. Setup a unique, yet not personally identifying SSID. If you have multiple APs, use the same SSID on each AP, to enable roaming by the clients.
    
  • The issue of Security is covered, in detail, in my article Setting Up A WiFi LAN? Please Protect Yourself!. Please note the above details.
    
  
  

Setup The Clients
Having made the necessary changes, you are free to turn the radio portion of the router on, and to setup the wireless clients. If your main computer also has a WiFi adapter, you can now remove the Ethernet cable between that computer and the router (but keep the cable handy for any future changes that you may make).

Setting up a wired LAN is simple - you connect the cables, things you can see and touch. With WiFi, you have the access point(s) out there - but you can't see or touch them. With WiFi, you setup the WiFi Client, which is a program provided by several vendors. Depending upon your setup, you may have any or all of these clients.

• The computer manufacturer.
  
• The WiFi adapter manufacturer.
  
• Microsoft.
  
• NetStumbler.
  

Before you install the WiFi adapter on your computer, check with the vendor, and see if any driver updates are available. This may include an update to the vendor's WiFi client.

Your access point can have only one WiFi Client managing it; having more than one Client active can cause conflicts. Conflicts can cause erratic performance, loss of connectivity, even the WiFi adapter may turn itself off. Know the possibilities, and only run one WiFi Manager at a time. If you choose to use the native Windows product - Wireless Zero Config aka WZC, consider applying the Wi-Fi Protected Access 2 / WPS IE (updated January 2007) update.

Each WiFi Client will present you with a list of visible access points. You choose, by signal strength, channels, and name, with which access points you wish to associate. The access points that you choose become your Preferred Access Points. The WiFi Client may periodically scan the spectrum for the strongest access point, and connect your computer to that access point. Note that this behaviour may be subject to SSID Visibility.

Any access points that you do not choose are still available for your use. Your WiFi Client probably has a selection to this effect - "Automatically connect to non-preferred networks", for instance, is a selection with the Windows Wireless Zero-Config Client. Make sure that this selection is not enabled automatically. You do not want your client to connect to your neighbors WLAN unexpectedly.

Some Clients also let you prioritise the preferred access points - so you make a list, then you order the list, from top (most preferred) to bottom (least preferred). Your client will then automatically connect you, at any time, to the more preferred access point that is available.

With any access point of interest, if it uses any authentication or encryption, you will have to enter the appropriate information. Your client will create a profile for that access point, and keep that profile available for the future. When you remove an access point from your preferred list, you will delete the profile. You will then have to re enter the profile information later.

Without the correct profile information, you cannot connect to the network provided by the access point. If your client tells you that you are connected (however strong the signal), but you have no IP configuration, check the profile. If in doubt, delete and re enter the profile.

Whenever you setup a WiFi client profile, make sure that you select the appropriate authentication options. Selecting 802.1x authentication, without the complete infrastructure, will cause problems.

When you setup the WiFi client, you'll be using the setup wizard provided by the vendor (or Microsoft). Understanding the above issues, and reading the instruction manual or guide for the WiFi equipment, is essential. See, for instance, Windows Cable Guy Windows XP Wireless Auto Configuration.

Tune The Wireless Setup
Having done the Initial Setup, and having Secured your WiFi LAN, you may want to tune the physical setup. Maximum bandwidth is based upon maximum signal strength. There are a few things that you can do, when installing the equipment, that will prevent you from getting maximum signal strength.

Having completed all of the above tasks, enjoy the freedom.

>> Top

WiFi Will Never Be As Fast As Ethernet

With "Fast" Ethernet, you expect (and generally get) 100Mbps performance from the network. With Gigabit Ethernet, you expect (and possibly get) 1000Mbps. With 802.11g WiFi, you expect 54Mbps, but you seldom get that. Why is WiFi less reliable?

Ethernet (IEEE 802.3), and WiFi (IEEE 802.11) are Layer 2 specifications of the OSI Network Model. Physical Ethernet also occupies Layer 1 of the model.

If you observe the limitations imposed by IEEE specifications, you get predictable results - those limitations should exceed your operating requirements. For instance, 100M Ethernet is provided for cable runs of up to 100 Metres (300 feet) between the computer, and the other network device (generally a hub / router / switch, or another computer).

With Ethernet, you control the environment completely. That is, you own the physical network, and you control what you own. With WiFi, you use the radio frequency spectrum included in IEEE 802.11, but share that spectrum with other electronic devices. Some devices may be non compliant with 802.11 (baby monitors, portable phones, and microwave ovens may transmit on that frequency band), and may be treated as analogue interference. Other devices may be 802.11 compliant, but owned by your neighbours, may also operate in the same frequency spectrum, and may be treated as digital interference.

The bottom line - with WiFi, there are things you can't control easily, and others that you can't control at all.

• Ethernet is a full duplex, dedicated medium. WiFi is half duplex, and shared - it has one media, the WiFi channel, which has to be shared for both sending and receiving the packets. And it's shared with your neighbours.
  
  
• Ethernet is a mature technology - it's been around for much longer than WiFi. WiFi components have frequently upgraded firmware. Any time you ask the vendor for help, their first question will be "What version firmware are you running?". This is not a delaying tactic, or needless protocol - it's an attempt to ensure that your drivers are up to date, so they can help you effectively.
  
  Any time you get new hardware, you should always consider the possibility that the firmware was upgraded after your unit was packaged. Always get up to date firmware - and get it from the vendor.
  
  
• Ethernet is a scalable medium. With Ethernet, each computer has its own cable connecting it to the network. With "n" number of computers in an Ethernet network, you can theoretically have "n/2" simultaneous conversations between computers. As you add computers, and cables (and higher rate cables), the total amount of bits being passed in any network, simultaneously, increases constantly. With WiFi, there is a ceiling. At any location in a WiFi neighbourhood, you can have a maximum number of bits being passed, "simultaneously", shared among all WiFi devices near that location. WiFi is not scalable.
  
  
• Ethernet is a much more stable medium. With switched Ethernet, you have two hosts, for instance a router / switch, and a client computer. The two hosts are connected by a physical cable. The firmware and hardware on each host has to manage the conversation only with the other host.
  
  With WiFi, each host is managing / blocking conversations with dozens of other hosts (multiple channels, locations, and networks) constantly, and no two hosts are seeing the same complement of other hosts at any time or in any place. Managing relationships in the constantly changing WiFi population takes resources - and can make the WiFi device slower than it should be.
  
  Besides the constantly changing and differing population issue, there's the security needs. WEP, WPA, WPA2, AES, CCMP, TKIP... The list of security protocols and standards is endless, and changes frequently. Managing security in any WiFi conversation takes resources - and can make the WiFi device slower than it should be.
  
  
• Can you actually see a computer from the Access Point? With WiFi, if you don't have a clear line of sight visibility between the network devices, you'll not get a full strength signal. Distance is another factor. Signal strength falls off as distance increases. Put the computer in one room, and the AP in another (a normal use for WiFi), and see what signal strength you get. Walls and floors are a major signal problem. Signal loss will be higher if the signal has to travel diagonally thru the wall or floor, rather than at a right angle.
  
  
• Look at the antennas on the AP and the computer, and see how much they are parallel - you will get maximum signal strength only when the 2 are perfectly parallel. Draw an imaginary line, extending at a right angle, from one antenna towards the other. Does it intersect the other? Try and make a line between the two intersect at a right angle. Signal loss will be higher if one network device is located directly above the other, and on another floor, if both antennas are pointed vertically.
  
  To make this simplest to understand, look at some examples.
  
  
  
  • If the AP and a computer are in the same room, locate both devices so both antennas are the same height off the floor. Point both antennas vertically.
    
  • If the AP and a computer are on different floors, locate both devices so the antennas are immediately above and below each other. Point both antennas horizontally.
    
  • If the AP and a computer are in different rooms, position both so a line from one to the other goes at a right angle thru the wall. Locate both devices so both antennas are the same height off the floor. Point both antennas vertically.
    
  • When you can't be so precise in physical placement, point both antennas parallel to each other, per the above strategies.
    
  
  
• An Ethernet cable is a media that YOU own, and physically control. With WiFi, you have to share the channel with all of your neighbours. And, with CSMA/CA, the sum of your usable bandwidth plus your neighbours usable bandwidth will never add up to 54M (for 802.11g) or 108M (or whatever is promised, for 802.11n). Relying upon Collision Avoidance will always require wait time, where neither of you is transmitting. And the more neighbours that you have, the more time that your equipment will be waiting to use the channel.
  
  
  
  • If your equipment is compatible, you may benefit from using NetStumbler, or a similar product. Find out how many of your neighbours are also using WiFi, and how close each is.
    
  • Try using a channel that isn't being used by a neighbour close to you. With 802.11G 54M, only channels 1, 6, and 11 don't overlap in frequency. If you have 2 neighbours - one on channel 1, and the other on channel 6, your best choice (avoiding digital interference) is channel 11. Analogue interference, or noise, may make this conclusion less certain.
    
  • Remember that wireless networks may come and go, so watch over a period of hours, if not days. NetStumbler is great for this - leave it running, and it will make a running list, showing each observed access point, and graphing its signal strength by time.
    
  
  
• Your wireless neighbours are interference sources outside your home. You probably also have interference sources inside your home.
  
  
  
  • Baby monitors.
    
  • Computers.
    
  • Cordless phones.
    
  • Microwave ovens.
    
  • Wireless stereo speakers.
    
  
  If you install a WiFi device on your desktop computer, try and get one with an antenna that you can move above, and away from, the computer. Signal loss will be higher with a PCI WiFi card, with the antenna stuck at the back of the computer. This is particularly the case if your computer is a tower, sitting on the floor. The higher the antenna from the floor, the better the signal level.
  
  
• You will only get maximum performance from similar equipment, and with no WiFi neighbours. You will have to share the channels with your neighbours. In any WiFi neighbourhood, no two WiFi devices will be within range of the same complement of other WiFi devices. The hidden node problem, where it is recognised that no two networks have to share the spectrum with the identical complement of other networks, is a well known WiFi issue.
  
  
• Maybe the router configuration has a setting that's causing your problem. Start by checking your Transmission Rate setting.
  
  
  
  • If it's on Auto, try setting it to a realistic rate. Start by setting it at the rate you think you're getting, and see if your bandwidth improves even slightly. If there is any problem with your signal, auto may make the router spend more time recovering from problems, and less time actually sending and receiving.
    
  • If it's on a low rate, try setting it at a higher rate. See if your bandwidth improves.
    
  • When tuning your Transmission Rate, using NetStumbler to analyse performance would be a very good idea.
    
  
  
• For more thoughts on this subject, see BBR Forums How Can I Boost My Range? (#10944).
  
  
• And consider that, even though WiFi doesn't use wires as heavily, general physical networking principles may still apply.
  

And however you set up your WiFi in the end, please secure your LAN. The performance hit you get, when your neighbours WiFi LAN comes on, pales in comparison to what happens if your computer is hacked, and joins a botnet.

>> Top