This is a real-world example of how not to design a Wi-Fi network. Some caveats upfront – the serious Wi-Fi guys around here are not going to learn anything new, but they might slow down and look, just like for a train wreck. And I don’t mean to pick on the motel I’m using for an example – why would a motel manager know how this stuff works? I do, however, blame whatever consultant/reseller/brother-in-law set this network up. That guy needs to be kept away from anything technical forever!
Earlier this year, I took my wife and kids on a long overdue trip to see grandma. Making a leisurely trip of it, we stopped a few other places for the night, including a few popular California tourist destinations. Now, I guarantee you the most important thing to the kids when we got to any motel (dad too, truth be told) was to get on the Wi-Fi – immediately! I’m sure readers can relate. In fact, customer satisfaction with Wi-Fi is a key metric across the hospitality industry these days.
One particular motel we stayed at was, to put it mildly, not up to snuff. This place was not one of the major brands, but mom-and-pop places need Wi-Fi too. I’ve designed a LOT of small business hospitality Wi-Fi over the years and I had to remind myself – or my wife would have reminded me – that I was on vacation and marching over to the office and volunteering to clean some of it up was a bad idea.
Instead, I took some screen shots and captures, and thought this would be a good negative example to examine Wi-Fi design basics. Here’s a scan of the 2.4 GHz channels…
What a mess. OK, so why do I say it is a mess?
No roaming
First of all – it’s NOT a Wi-Fi network, but multiple Wi-Fi networks. Every “Sandpiper-xx” SSID connects to the same wired network, but since each has a unique SSID, no automatic roaming. That is, the whole point of a single SSID across multiple APs is so my device decides which AP to use. I can wander over to the pool, or to the continental breakfast, and not have to think about what AP to use. If I move, my device should automatically notice “hey, the signal’s gotten weak, and here’s a much louder AP. I think I’ll switch.” Doesn’t matter if it’s a motel, or a school or a business campus. Even if these are independent APs, not centrally managed and coordinated by a WiFi Controller such as every FortiGate includes, this is just bad.
Signal strength isn’t everything.
Initially, I didn’t pull out the fancy Wi-Fi scanning tool you see above. I did what a normal person, instead of a Wi-Fi engineer, does: I looked at the available networks screen, swore slightly about multiple “sandpiper” SSIDs, and picked the strongest one.
And the connection was terrible. My laptop struggled to load a web page. My kids started complaining, “Dad! The Wi-Fi doesn’t work!” I needed to break out the Wi-Fi analyzer before my ears started to bleed.
Once I had the above view, I told everyone to switch to “Sandpiper-02”, which had a terrible signal strength, but which was a much better connection. Not great, but better. How could it be better?
First, the not great part was because the signal was pretty weak. I do not want to torture anyone with explaining decibel math. “Decibels”, and the basically never used Bel, were invented by Bell Labs and are a logarithmic scale for comparing ratios. Everyone easily understands when a top paid movie actor is described as making “low 8 figures”. In decibels, which I’m sure the Hollywood press will adopt any day now, that would be “around 70 decibel dollars,” or 7 zeros. With Wi-Fi, instead of dollars we use milliwatts and because the signal gets weaker as we go further from the transmitter, a minus sign indicates decimal zeros. -70 dBm is decimal 7-zeros milliwatts or 0.0000001 milliwatts.
A solid signal and a design goal for everywhere in a Wi-Fi network is -67 dBm. That’s really all you have to remember – more than ‘neg 67’ (-60, -50) is great. Good enough for a voice-over-Wi-Fi phone call.
SSIDs “Sandpiper-07” and “Sandpiper-05” should have been great at -62 dBm. That’s more than twice -67 dBm (I know. Logarithmic math.) “Sandpiper-02” was 100 times weaker, at -82 dBm. It definitely wasn’t good enough for streaming video, but it was serviceable for loading web pages and checking email, and it beat the heck out of the stronger APs. Why?
It's the interference
With ALL radio technologies, two radios on the same frequency can’t talk intelligibly at the same time – they interfere, the same way two people trying to talk at the same time on a Zoom call. It’s actually worse, because Wi-Fi can’t tell someone talked at the same time, unlike Ethernet. The Wi-Fi protocols operate very much like using walkie-talkies – if no one says “roger that” ( for Wi-Fi, an ‘ack’ packet is sent) the message needs to be repeated. This motel had 3 APs, and associated clients, on overlapping channels so that only one ‘cell’ could work at a time.
You might have heard that the only Wi-Fi channels you should use in the 2.4 GHz band are 1, 6, and 11. “But there are 13 channels! How does that make any sense?” It’s because of history. The 2.4 GHz channels that Wi-Fi uses were defined in 1947! Each channel is 5 MHz apart from the others. That’s actually pretty wide spacing - FM radio channels are only 0.2 MHz apart - but Wi-Fi spreads the signal over 20 MHz, making it a spread spectrum technology, which is actually highly resistant to interference for low power transmissions, but not infinitely resistant. The channels used have NOTHING to do with the technology itself. It’s arbitrary what channels Wi-Fi uses in principle; the available channels are government regulatory decisions only.
The poor schnook who configured this network clearly did not know any of this and set these APs on channels 1, 2, and 3. That’s actually worse than having them all on the same channel. If they were on the same channel, at least the three APs would recognize Wi-Fi traffic from what they would see as a neighbor network and have some cooperation mechanisms. Because they are on slightly different channels, it’s all random noise at random times, and a lot of it, judging by my experience and the full parking lot.
The single most important aspect of any Wi-Fi network design is the channel plan. Of course, unless you enjoy manual channel planning (even I don’t), when using the FortiGate WiFi Controller, you can allow DARRP (Distributed Automatic Radio Resource Provisioning) to coordinate and regularly update the channels the FortiAPs use.
The worst part of this very bad Wi-Fi deployment was the (lack of) channel planning.
The Kicker
There were a few other problems here. Some Sandpiper APs are 11g (Wi-Fi 3) only one (in a different scan) can also do 5 GHz channels. The beauty of 5 GHz channels is a rant for another day. But the kicker is, when I got onto the network, it had captive portal authentication from FORTINET! This place was running a FortiGate, which includes a completely free, part of FortiOS, WiFi controller that would automatically take care of all these problems without the motel owner having to understand any of this Wi-Fi stuff as long as he had FortiAPs!
These folks need an upgrade, so if you cover small hospitality deals on the California Central Coast region, give me a call.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.