Upgrading Wi-Fi — What, When, and Why 206
lessthan0 writes "Wi-Fi (802.11x) networks have been around long enough that many businesses and home users run their own. The first widely deployed standard was 802.11b, while most new hardware uses 802.11g. The latest 802.11n hardware is just around the corner. If you run an existing wireless network, is it time to upgrade?"
if it ain't broke, don't fix it (Score:5, Informative)
What kind of question is this? (Score:3, Informative)
If you are are unhappy with 802.11g, well, tough luck: as someone else already mentioned, 802.11n isn't coming out until 2008. Start punching holes in the wall and running some Ethernet cable!
Problem solved.
Re:Depends (Score:3, Informative)
The only reason I can think to upgrade is for better encryption and range.
Re:no it is not. (Score:3, Informative)
2) This is not true. Aside from high-end units that are out of most consumer's price range, there is an Asus WAP that can broadcast multiple SSIDs and have separate security settings for each. In theory, this would mean you could have WPA-Radius encryption on one SSID and have a WEP encryption SSID for your Nintendo DS. I think the model is WL-500g Deluxe--it's hard to come by right now.
Only after the 802.11n spec is ratified (Score:5, Informative)
The conventional wisdom says: (Score:5, Informative)
2. 802.11n is faster than 802.11a,b, and g. But you need to buy everything from the same vendor, because that'll ensure it works together as compatibility is iffy. You can't do as nifty antenna tricks with 802.11n as you can with b and g. The 802.11a rules in the US currently prohibit antenna tricks. So, flexibility with standards means 802.11g.
3. If you use any 802.11 product, use WPA, or upgrade to it, and keep checking for firmware upgrades every few months, then do it.
4. Currently, the fastest *standardized* method is 802.11g. There are various turbo modes that may or may not allow you faster downloads, but most APs are inhibited by upstream throttle-back anyway. And for this reason, you might like it for home use but don't use it on mobile machines as hotspots sometimes have trouble with cards that are in 'auto-turbo' mode.
5. Unless you have backhaul that's faster than the WiFi transport, it's useless to buy anything faster because it will make no difference in speed. If you have a crappy DSL connection, the speed will still be crappy DSL speed. It's nice to have your WiFi router speed as the fastest common denominator because DSL and cable and other transports keep getting faster and faster. If you have asymetrical backhaul, that won't change no matter what you do (example: 3MB/s down, 750KB/s up).
WPA secures at minimum. Using AES with TLS is thought to be the most solid method. Having a temporal key is important as key life had a bearing on breaking the key. Currently, no one will sit around and wait for long keys to be broken unless THEY REALLY WANT YOU. If they do, they'll do something smarter. All WEP can be broken in under 22minutes, period.
For better paranoia, read WiFoo-- currently the most interesting hacker cookbook I've found.
Re:Or.. (Score:4, Informative)
> insane internet speed it's just a waste.
Many places there are quite simply too many nearby using 802.11b/g along with wireless
phones on the same frequency. It is too crowded.
"Upgrading" to 802.11a (different frequencies used than 802.11b/g) will help as there generally
are far fewer 802.11a users. The range may not be the same, though.
Re:Shouldn't it read... (Score:5, Informative)
It should read "move on, nothing to see here ..." since you can't upgrade to something that isn't available yet.
Besides, why would you want to upgrade when nobody can use it? Wait until its been out a few years.
After all, gigbit ethernet has been out for a couple of years now, and look at how many people get along just fine with 100mb.
No (Score:4, Informative)
At the moment the 802.11n standard is at draft 2 stage. The 802.11n gear available now is based on 802.11n draft 1.
The manufacturers of this hardware are betting that any changes in the spec between draft 1 and the final version can be fixed by a firmware upgrade. It is by no means certain that this will be the case.
In addition, it isn't clear whether hardware for the 802.11n draft from different manufacturers will work together.
So the answer (as with most technology) is to wait and see. In this case, given that this is based on a draft, that has been superceded, waiting is certianly a good idea.
Re:if it ain't broke, don't fix it (Score:3, Informative)
i would upgrade for the security (Score:4, Informative)
if anyone is thinking of going G the WRT54GL [amazon.com] with the dd-wrt [dd-wrt.com] firmware is pretty sweet.
whatever you do DO NOT buy a WRT54GS or later model WRT54G models..as they suck pretty much http://en.wikipedia.org/wiki/WRT54G [wikipedia.org]
Re:Time to upgrade? (Score:2, Informative)
I/we have never had a problem finding what we were looking for and the vast majority of it works
great with Linux (WPA, WPA2 + RADIUS). We've achieved this by purchasing products we've used before
and are familiar with. Aside from a couple obvious examples, most vendors remain relatively consistent
if you're referring to the correct product + hw_rev + version. Not sure what your problem is....
Now if your argument is that no reasonable source or technical documentation is available to the general
public for the guts of these devices, I'd agree.
WPA with AES is pretty good (Score:3, Informative)
For those who don't know: WPA (1/2, tkip, AES) in pre-shared key mode is vulnerable to a brute force attack. The four packet authentication sequence can be captured and brute force attacked offline. There are WPA rainbow tables based on dictionary words "in the wild." A long multi word passphrase with some numbers should be sufficient. A 63 character string of upper and lower case letters, and numbers is best. Unfortunately many access point web interfaces do not handle special characters and punctuation well.
You can generate a longer psk with:it is a pain in the ass to manage though.
Re:I installed b in '00 or '01 and just upgraded t (Score:4, Informative)
As for security - I certainly don't trust ANY wireless (or wired, for that matter) system for security. I depend on application level security whenever I can get it (SSL, SSH) and VPNs when that's not an option.
Properly configured WPA and WPA2 are just as secure as your application-level security or VPN (and more secure than some crappy VPNs). Although the weakness of WEP was a major problem, its failure ensured that its successors would get very heavy scrutiny, and the WPA variants have stood up very well. If you really want to be careful, use both wireless network security and end-to-end security. If you don't need to be that paranoid, WPA is just as good as and more convenient than using a home VPN.
OTOH, if you're like me, I like to leave my WLAN open so that passersby can use it if they need it. I appreciate all of the open WLANs I make use of, so I like to return the favor. In that case, a VPN is critical.
No way. (Score:5, Informative)
I think the problem is that it's unlikely that switch supports JUMBO frames. 1500 bytes don't cut it at gigE speeds. Even on a Barton XP 2500+, you get 100% CPU saturation around 250MBps with 1500 byte ethernet packets. My very high quality Intel gigE NICs support jumbo frames of 9000 mtu (and up), but this cheap Airlink switch (the only one I could find in town) is broken past 1500 MTU, meaning it's garbage (don't buy Airlink gear).
I'm sure the Airlink would be fine if you had garbage gigE nics, though, which is probably their target market.
" or they'd have to change the cabling fro cat5 to cat6, or they have one or more boxes that are still runing 100mb, so there is zero point in upgrading."
All of these are bunk. Most cat5 that's properly wired has 4 conductors in it (which is what you need for gigE) and are shielded well enough. You mentioned a switch; you should know that a switch allows for mixed speed devices with no general speed drop (unlike the old hubs that used to exist).
If you have a fileserver in your house serving up to 3-4 client machines like I do, gigE is well worth it, since the network is no longer the bottleneck.
Airlink (OT) (Score:2, Informative)
I'm running a mix of Airlink (rt8169), nFORCE4 onboard, Marvell, etc. on the NIC side. All cheap cards (the rt8169 is now $6 at frys).
I can typically push 350Mbps (all machines are running with an MTU of 1500). CPU utilization on my Athlon64 is maybe 20%. Same on my friend's computer (sempron barton 2800).
I have a SMC switch that specifically supports jumbo frames, but I have not been able to test it because whenever I use jumbo frames I cannot contact machines that are running 100megabit.
I agree with you on the cabling, I have run with 10 year old cat5 that's stapled in my crawlspace, and brand new cat6. Both will run gigabit no problem.
cat5 UTP is not shielded (the U stands for unshielded). STP is available, but generally quite expensive and usually not worth it.
Re:WPA with AES is pretty good (Score:3, Informative)
$ dd if=/dev/random bs=1024 count=5 | tr -dc [:alnum:] | wc -c
0+5 records in
0+5 records out
13
dd if=/dev/random bs=1024 count=5 | tr -dc [:alnum:] | wc -c
0+5 records in
0+5 records out
46
$
You'll want to loop until you have enough entropy.
$ dd if=/dev/urandom bs=1024 count=5 | tr -dc [:alnum:] | wc -c
5+0 records in
5+0 records out
1245
$ dd if=/dev/urandom bs=1024 count=5 | tr -dc [:alnum:] | wc -c
5+0 records in
5+0 records out
1278
$
Then just tail -c 63 for your 63 chars:
$ dd if=/dev/urandom bs=1024 count=5 | tr -dc [:alnum:] | tail -c 63; echo
5+0 records in
5+0 records out
avh2tglob7FQbgOZmMc8OdRjtw616R6CeOtrFro97pDXOa1W6
$ dd if=/dev/urandom bs=1024 count=5 | tr -dc [:alnum:] | tail -c 63; echo
5+0 records in
5+0 records out
COvjA1ubg11q0N5gPZVlO7VrQhLXg3ZXzKAnbuJ8Z5XzkHjEw
$