Ask the Wi-Fi Guru, Episode III

By Aaron Weiss

May 15, 2008

In the May installment of our monthly column, Aaron Weiss, our resident Wi-Fi Guru, answers your burning questions about small-scale Wi-Fi deployments. In this edition, he covers indoor/outdoor solutions, Vista networking issues, and some WPA/WPA2 security basics.

In the May installment of our monthly column, Aaron Weiss, our resident Wi-Fi Guru, answers your burning questions about small-scale Wi-Fi deployments. In this edition, he covers indoor/outdoor solutions, Vista networking issues, and some WPA/WPA2 security basics.


If one theme has become clear reading everyone's excellent questions to the Wi-Fi Guru, it is that technology makes life easier--if by "easier" you mean, “a lot more complicated.”  Before the advent of wireless networking, there was no question that we could not connect computers together without wires, so we had no reason to try. Life was simple. But now, not so much. If you don't see your question, or your problem, in this week's episode, the Guru again suggests a visit to our bustling Wi-Fi Planet Forums in search of knowledge, or at least, commiseration.

Q: If WPA2 is enabled on a home wireless network, what protection is afforded the wireless router other than a strong password for administrative access and restricting remote access? Can access to the wireless router be encrypted? -- Kay

A: There is a lot to be said for a strong password, even with WPA/WPA2 networking. As recently covered here on Wi-Fi Planet, even though WPA is fundamentally more secure than the old WEP, it can still be vulnerable to compromise, particularly when your pre-shared key (PSK) is made up of common everyday words. But recommending strong (aka: long, random) passwords is a lot like advising people to start investing in your twenties for retirement or check your tire pressure every month—few actually do it. Which is understandable—as a species, we are attracted to convenience over caution. If that sounds familiar, you're not alone. Sometimes I don't bother to lock my front door. Er, I've said too much.


In terms of administrative access to your router, there are actually several layers of protection available. First, if you are already using WPA/WPA2 security, the data stream flying between your computer and the router is being encrypted. Unless someone has or deduces your WPA PSK, that data will be gibberish. However, if someone does unravel your PSK, they could attempt to connect to your router's administration page.


Administrative access to your router is also protected by a password. Out of the box, routers come with a default password for administration. You definitely should change your router's administration password from the default, because these defaults are widely known (and published on the Web). The reality is, many—if not most—people never set a new password for their router. Do it. (The precise steps differ for each router, which means doing something else most of us never bother to do—read the manual.)


Next, many wireless routers allow you to further restrict administrative access in three more ways:


1. Change HTTP access to HTTPS. This will require your browser to make an encrypted, secure connection to the browser for administration.


2. Disable wireless administration access. Some routers will let you require that only computers hardwired to the router can access the administration pages.


3. Disable remote access. Many routers will let you disable remote access, which allows computers outside your LAN to connect to the router's administration pages. This option is usually disabled by default, which is good. If you do wish to enable remote access, there is often a companion setting to require HTTPS rather than HTTP.


For Linksys models, you can often find these settings under Administration, Management in the administration interface. Other brands will have similar settings.


Q: I have a UTStarcom cable modem with built-in Wi-Fi (802.11b/g) and one single Ethernet port. My HP NC64xx laptop running Windows XP works fine on my WLAN, as does my older HP laptop, which is also running Windows XP. However, my colleague's newer Dell running Vista cannot access my network. Signal strength is excellent and the WEP key has been typed in correctly, but no packets have been received and hence no DHCP address has been assigned. – Vasan

A: Apologies for condensing your question, but suffice it to say, you have tried the logical troubleshooting steps, like disabling wireless security, and you know that this laptop's wireless works elsewhere. The item that caught my eye in your question is that the troublesome PC is the only client in your network running Vista. There is a certain air of mystery to wireless connectivity problems, which sometimes even stump even the most Monk-like detectives among us. But the fact that the Vista client is not working here would be a good starting point for launching an investigation, because there are several known issues with Vista and networking.


Two problems in particular crop up with some frequency with Vista when connecting to a network:


1.IPv6. Out of the box, Vista's networking is designed to be "future forward." Today, most Internet IP addresses are assigned using a system called IPv4. But, like with area codes, empty land, and oil, we're running out. The newer IPv6 system will create a lot more network "real estate," but it is not yet widely adopted, and progress is moving slowly. Although servers and routers should gracefully handle requests from a client that supports both IPv6 and IPv4, it doesn't always work out that way. Try disabling IPv6 under Vista, following the instructions published by Microsoft.


2.DHCP is the established protocol used by routers to automatically assign IP addresses to clients. When Vista PC's request an IP address, they do so using something called the "broadcast flag," which earlier versions of Windows did not. However, some routers do not support the broadcast flag—meaning, they don't understand Vista's request, and no IP address is assigned. Many consider Vista the odd man out in this scenario, but you can tell Vista to disable its broadcast flag. The official procedure is also published by Microsoft.


You might also try manually assigning an IP address to the Vista wireless network adapter, to isolate whether DHCP is the problem.


Q: One of my clients has a large indoor/outdoor greenhouse area in which his employees roam with wireless handheld devices that always need to have a connection to the network providing Internet access, etc. There can be no packet loss when they're roaming. I understand the best way to accomplish this is a signal extender or repeater?  However, you have mentioned that installing too many can cause network lag?  Is there an alternative for clients, such as these? – David

A: Technically, multiple repeaters should not add very much network lag, assuming their wireless links are strong and solid. However, conventional repeaters will cut in half the available bandwidth downstream of that repeater. Whether this is acceptable or not depends a lot on the kind of network activity taking place. In the world of wireless, there are many ways to skin a cat (note: we do not support skinning cats). Often you can divide these solutions into commercial and homebrew. The Wi-Fi Guru loves homebrew solutions, but sometimes it makes sense to go commercial.


It sounds like your client needs a supported solution to cover a large area with reliable wireless. I would look into a product like Meraki Pro, a hardware/software platform designed to create a very scalable wireless mesh network. A mesh network is different from a basic repeater architecture. When you set up repeaters, it is like building a chain composed of multiple links. A mesh network is more like a spider web—each "node" in the network is connected to two or more other nodes. This increases reliability and availability, because if an individual node goes down, the network can "route around" it, maintaining client connectivity.


Meraki sells equipment you can use to build a mesh network; their outdoor nodes currently cost $199 each for the "pro" version, which supports user management without ads (a cheaper $99 version includes ads and can't be managed). This isn't an endorsement—there may be competing mesh networking solutions worth considering.

[Editor's note: For more on Meraki, read: "How to: Set up a Wi-Fi Hotzone Using Meraki (Part I)," "How to: Set Up a Wi-Fi Hotzone Using Meraki (Part II)," "Meraki in Tiers," "Review: Meraki Mini and Outdoor Router/Repeaters," "Meraki: Making Network Operators," "Meraki Frees the ‘Net in San Francisco."]


Aaron Weiss is a freelance writer, editor, and Wi-Fi enthusiast based in upstate New York. To submit your questions to the Wi-Fi Guru, simply click on Aaron's byline and put "Wi-Fi Guru" in the subject line. Click here to read last month's column.


 

    


Comment and Contribute
(Maximum characters: 1200). You have
characters left.