MSPSS: is there life after the helpdesk?

sharing solutions to uncommon IT problems

Archive for the ‘WiFi’ Category

No security, WEP, WPA or WPA2 which is the fastest?

leave a comment »

Lately we have been requested to review our WiFi security configuration. Originally we used to have a “no security/no SSID broadcast” network but that did not meet neither the security nor the ease of use requirements.

WPA2 was obviously our first pick considering security and PSK but the question that was raised was: wouldn’t that affect network performance?

On the internet I found plenty of people rambling on different theories and hypothesis but no one provided actual figures or results for practical tests.

Obviously it would take a big effort to reproduce real network usage, with several people on one AP producing traffic and other APs creating congestion, for the moment I only had the time to make one simple test, using to test our broadband speed over different security.

4 APs: Cisco Aironet 1100 configured on “no security”, WEP, WPA and WPA2

20Mbs symmetric network

Client: windows 7

For each security configuration I made 5 tests and calculated the average


Ping to local ISP

Download Mb/s(

Upload Mb/s (

ping to packets dropped

no security




29ms 1%





27ms 4%





35ms 1%





27ms 2%


Looking at these figures I had to conclude that, at least under these parameters, this test was inconclusive. I was unable to prove any protocol was particularly slower or more unreliable than others.

I did notice a slightly higher number of drops for WEP but I would not take this as a proof of unreliability. It would be nice actually if someone could provide me with some WEP statistics like a 24h ping to an external resource (avg. speed and packets dropped).

At the end we decided to go for WPA2 and the only advice I can give you is to always go for corporate level AP (WPA on non corporate APs did not work well… at all).


Written by zantoro

June 28, 2011 at 9:18 am

Posted in WiFi

WiFi Networks: Manual channel selection against Dynamic Channel Assignment (DCA) in 802.11b/g

with 2 comments


  • Wi-Fi channels actually broadcast on a wider range than the 2.4Mhz namely assigned. Each channel roughly “talks” over 20Mhz: this means that if we put an AP on channel 1 and another on channel 4 we will inevitably have interference.
  • Interference causes a degradation of throughput performances (which could be overlooked when using data but becomes clearly visible in VoIP communications). Cisco proves it here (
Channels selected Throughput (Kb)
1, 1, 6, and 11 601.1
1, 4, 8, and 11 348.9
  • Channels 1,6 and 11 are the only ones to choose if you want to avoid interferences

Dynamic Channel Assignment (DCA) on standalone APs:

DCA allows an AP to choose autonomously its channel based on channels utilization at booting time. Some APs also have the capability of changing channels as the situation varies although this could lead to client disconnection or maybe worsen the channel congestion (if the algorithm gets it wrong).

Moreover APs seem not to take into consideration the actual spread of interference a single AP (20Mhz).

Dynamic Channel Assignment (DCA) with controller:

Centralizing the configuration for all the APs you deploy might help getting a better picture of the whole network. A single AP configured on DCA could miss a conflicting AP standing not far from it.

Manual Channel Selection:

Choosing channels among 1,6,11 manually for each AP is universally recognised as the safest method for both performances and reliability

Points against or in favour of each method:


  1. it takes much longer to implement and depending on user density and network topology, it could be difficult if not impossible to achieve the “perfect result”
  2. if you make a mistake in planning, you could actually make the situation worse


  1. You would rely on an algorithm which cannot be fully trusted
  2. You are not in full control of your network, which is fine as long as everything works fine…
  3. In situations of high WiFi congestion, DCA has been proven to switch channels too often causing user disconnections and poor performances



I searched every dark remote corner of the internet looking for some scientific answers on this subject. I did find scientific answers but, interestingly enough they were one against the other.

This ppt presentation is in favour of DCA. It shows statistics where throughput with DCA is on average worsened by only 5% (is that worth the trouble????):

JANET WAG (Wireless Advisory Group) supports manual configuration in a thorough document, in particular they point fingers towards the necessity of knowing your network and the unreliability of DCA algorithms.

If you don’t have particularly tight budget, here Cisco makes a very good case on why use a Controller with DCA enabled:

My conclusion is that I’m still very confused, at the moment I feel the best compromise would be a DCA with controller based exclusively on channels 1,6,11.

Update: we ended up configuring DCA on channels 1,6,11… well, in a room with 3 APs deployed we had 2 APs on the same channel and never switched automatically to a different channel.

Cisco support answered that this automatic selection only happens at boot time, after that, given that APs are unable to talk to each other, the change will have to be applied manually. If you want a dynamic selection you better you’ll have to buy a WiFi controller.

Written by zantoro

April 25, 2011 at 7:23 pm

Posted in WiFi