Five Quick WLAN Configuration Tips

Tuesday, November 23, 2010

Global Knowledge


Article by Ben Miller

I fly around the country frequently and meet a lot of people who use Wi-Fi.

The consensus, I find, is that it’s a great technology with a few frustrating things. Sometimes it goes out, sometimes it gets slow, the security is opaque, etc.

The good news is that the positives outweigh the negatives (otherwise people wouldn’t use it, right?). The bad news is that direct information on simple config changes that might improve things can be hard to find.

So in an effort to do my part to better humanity (or at least humanity’s ability to have Internet access from their sofa), here are five quick config tips that might improve things.

Tip #1: Choose your channels.

No need to rehash what everybody knows about channels 1, 6 and 11. (And if you don’t know, just trust me and stick to those channels only.) With this tip I’m talking about two lesser-known things; namely, the flaws in automatic channel selection and the ability to choose your band on some notebooks.

When configuring a large infrastructure of controller-managed APs, it’s tempting to use the automatic channel selection function. Don’t. At least, don’t if you need top performance.

Auto-channel selection is great for quick configs of basic Wi-Fi (like for guests, consultants, web access, etc.), but it almost never works as well as planning your channels manually.

If you leave auto-channel select running, you’ll almost certainly end up with adjacent APs on the same channel and lots of interference from power outputs left too high.

On stations, channel selection is quite different. You don’t choose your channel on stations unless you’re creating a peer-to-peer WLAN without an AP. You can still use channel selection to improve performance on some clients however, by using the Band Preference setting.

Band Preference is configurable on most Broadcom mini-PCIe (internal notebook/tablet) WLAN adapters. Just go to the adapter’s advanced properties (Properties > Configure > Advanced) and configure your Band Preference for 5 GHz/802.11a.

The 5 GHz band has more channels and less outside interference, so if you take your station to a WLAN that supports all standards (802.11a/b/g/n), you’ll most likely end up on a smoother channel.

Tip #2: Set your SSID, and set it right.

Here’s one topic that always seems to cause controversy when I’m teaching a class: the SSID. The problem, as I see it, is that there has been so much conflicting information over the years. First they said hide it; now they say broadcast it. First they said make it like a password; now they say keep it simple. What advice do you listen to?

The most important rule when setting your SSID is to configure it differently from your neighbors. One aspect of the whole SSID concept is to allow two WLANs on the same channel to be separated from each other, so start with that. Beyond that most essential rule, here are a few questions to ask yourself:

  • Do I want to allow roaming or do I want users to be able to choose their AP? For roaming to work, the SSID has to be the same on every AP. To allow users to choose their AP, a different SSID must be used on each AP.
  • Do I have stations that leave the network? If stations leave the network, don’t hide the SSID. When the SSID is hidden, stations must probe for the SSID. For most stations, that means probing whether they are around the network or away from it. You don’t want to make stations less secure when they are away from the network, so don’t force them to probe by hiding the SSID.
  • Do I care if people know my location? Wardriving aggregation website like Wigle​.net can be a real nuisance when choosing an SSID. Traditionally the advice was always to configure a unique SSID. The problem is that if you make your SSID too unique, you’ll make it really easy for someone to find the location of your home or business by searching for your SSID on a site that aggregates wardriving maps. If you care that people know your location, choose an SSID that is ordinary enough that it won’t be the only search result on wardriving sites.

Tip #3: Tweak DTIM settings for better battery life.

Everybody hates a weak battery, but not everybody knows that configuration settings on your AP could improve your battery life.

Most modern (meaning post-802.11b) Wi-Fi devices come with power saving features. Some allow you to reduce the transmission power (an obvious battery boost) and some allow you to choose between 802.11 Power Management and 802.11e Unscheduled Automatic Power Save Delivery (a less obvious boost).

To see if your station allows you to make these choices, check your client utility and the adapter’s advanced properties (Properties > Configure > Advanced). My advice is to always drop your transmission power to the lowest level possible and to use U-APSD if it’s available.

The benefit of 802.11 PM or U-APSD varies from device to device. Specifically, small devices tend to see more battery savings from them. That’s because the screen, processor and peripherals of large devices tend to be quite the drain.

The benefit of 802.11 PM or U-APSD also varies from network to network. APs have two config settings — Beacon Period and DTIM Interval — that will affect a station’s battery life.

The basic idea is that a higher DTIM Interval and/or Beacon Period will allow your stations to sleep longer. Stations have to wake up for every DTIM beacon, so the product of those two settings tells your station how many milliseconds it can sleep for (e.g., if BP = 100 and DI = 3, your stations are allowed to sleep for up to 300 ms).

The general advice is to raise your DTIM Interval if you want to squeeze a little more battery life out of smaller devices, but do be careful. Broadcast and multicast data get buffered on the AP between DTIM beacons.

If your wireless devices use time-sensitive applications that use a lot of broadcasts or multicasts (like push-to-talk, for example), you may want to stick with the DTIM defaults.

Tip #4: Adjust your RTS and Fragmentation thresholds.

Now, here are two config settings that are almost never changed: Fragmentation Threshold and Request-to-send (RTS) Threshold. They have much in common in that both are generally disabled by default and neither is well understood by most users. Where they diverge is in their usefulness.

Lowering the RTS Threshold (which is typically set to 2346, the maximum 802.11 frame size) causes your device (could be a station or an AP) to use Request-to-send/Clear-to-send (RTS/CTS) whenever it sends data. RTS/CTS sort of sounds like some kind of permission protocol, but it isn’t.

It actually is a protocol that clears the channel before data is sent. The RTS clears the area around the transmitter, and the CTS clears the area around the receiver.

Lowering your RTS Threshold will reduce collisions in an area with lots of Wi-Fi on the channel. In apartment complexes, hotels and offices you’ll often find more than one AP occupying each channel, and in those cases, RTS/CTS usually helps WLAN performance by eliminating most collisions. RTS/CTS does add overhead to the channel because RTS and CTS frames don’t contain data, but in a crowded area it usually helps, not hurts.

Fragmentation is a little bit different from RTS/CTS in that the protocol overhead often causes it to harm the network. The idea with fragmentation is that smaller transmissions will result in better performance if there’s lots of interference around.

That can be true, but only in rare cases. Best practice is to only lower your fragmentation threshold if there’s significant interference in the area, and even then the results should be tested.

Tip #5: Keep Wi-Fi off when Ethernet is on.

Most Wi-Fi users know that it’s best to turn your wireless off when your wired connection is on. On occasion we might forget or we might get lazy, but we know that leaving Wi-Fi on can cause performance problems or security problems (if Internet Sharing is enabled, say).

Many notebooks offer buttons or switches near the keyboard that will quickly disable the Wi-Fi radio. That helps, but you might still want a backup in case users come down with a case of forgetfulness or laziness. Such backups exist.

There are ways to configure software settings that will result in the Wi-Fi radio being disabled automatically any time an Ethernet connection (or in come cases, any network connection) is made.

If you want to be able to turn Wi-Fi off when Ethernet is on for a variety of notebooks, your best bet is to go through wireless client utility. Both the Cisco Secure Services Client (CSSC) and Juniper Odyssey Access Client (OAC) support this function.

The two clients vary in how they handle simultaneous connections (Cisco’s disables by default while Juniper’s doesn’t; Cisco’s only disables if Ethernet is available while Juniper’s disables if anything besides Wi-Fi is connected), but they are similar in that they can manage any WLAN adapter.

The downside of the CSSC ($60 retail) and OAC ($50 retail) is that they cost money. Prices get lower as you buy large quantities, but if you’re just looking to add that type of protection for yourself, it may be more than you want to pay.

For some WLAN adapters, you may have the option to disable Wi-Fi in a similar way without having to pay for a client utility. Broadcom Mini-PCIe wireless adapters typically come with an option to disable the radio whenever a wired connection is detected.

This option doesn’t come enabled by default, and it’s not in the client. You have to get to the adapter’s advanced properties (go to Properties > Configure > Advanced to do so) to enable it — it’s called Disable Upon Wired Connect. This setting is great for personal use, but it even works when distributing laptops to users if you enable it when creating an image.

So there you have it; five configuration settings that could improve your Wi-Fi experience. Some of them are a little bit complicated or a little bit technical, but if you need better speeds, battery life, or security, you might want to look into them.

Cross-posted from Global Knowledge

Possibly Related Articles:
Wireless WiFi WLAN Configuration
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.