Tweaking Your Wi-Fi Router or Access Points

by [Published on 20 Sept. 2012 / Last Updated on 20 Sept. 2012]

In this article, the author reviews various settings of wireless routers or Access Points (APs).

Introduction

Whether you have a single wireless router or multiple access points (APs), there are some settings and features you can utilize to tweak your Wi-Fi network. And many of these can help you increase performance and security. So log on to the web-based control panel of your router or APs and we’ll review some settings to see if you can improve your network.

Wireless Security

There are three main Wi-Fi security options to encrypt and password-protect your Wi-Fi: WEP, WPA, and WPA2. Never use WEP; it can be cracked very easily. You should use WPA2 for the best security and performance. And if any old devices or Wi-Fi adapters don’t support WPA2, replace them with newer ones.

Also keep in mind, both WPA and WPA2 security versions can be used in two very different modes: Personal (PSK) mode and Enterprise (802.1X authentication) mode.

The Personal mode is the easiest to set up. You create a password on the router or APs and then enter it on Wi-Fi computers and devices when connecting. However, this mode isn’t suitable for businesses as you’d want to change the password every time an employee leaves the company or a Wi-Fi computer or device becomes lost or stolen. And changing the password means changing it on all wireless routers or APs and then re-entering the new password on all Wi-Fi computers and devices.

The Enterprise mode, however, is secure for businesses as you can create a username and password for each user and individually revoke/change access at any time. This Enterprise mode requires you to set up a RADIUS server, but there are cheaper options out there like hosted and cloud-based services.

Wireless Channel

There are up to 11 channels (in the US) that Wi-Fi devices can use. However, keep in mind there is overlap between them. So, when setting the channel on your router or APs stick with 1, 6, or 11 as they are only ones that don’t overlap. And if you have multiple APs, make sure they don’t interfere with each other. You want the signal of each AP to overlap so there are no gaps in coverage, but try to make those that overlap in signal on a different non-overlapping channel. And before setting channels you should first check the channels used by any neighboring wireless networks (such as with InSSIDer or Vistumbler) to avoid inference with them as well.

Wireless Mode

The wireless standards 802.11g, 802.11n, and 802.11ac all support backward compatibility. By default, most wireless routers and APs come out of the box set to support all older standards. However, when there are wireless devices connected via older standards to an 802.11n router or AP, for example, it can reduce speeds and performance. So if all your Wi-Fi computers and devices support 802.11n, consider changing the wireless mode to 802.11n only, or if using a newer 802.11ac router or AP change it to 802.11n/ac only.

Channel Width

To get the real high speeds offered by the 802.11n and 802.11ac standards you must change the wireless channel width of your router or APs. The wireless standards 802.11b and 802.11g both used only 20 MHz wide channels, but 802.11n also supports 40 MHz wide channels to achieve the higher speeds. So if your Wi-Fi devices all support at least 802.11n, consider changing the channel width to 40 MHz.

SSID Broadcasting

Wireless routers and APs by default broadcast your network name (SSID) so that Wi-Fi computers and devices can discover the signal. But you can optionally disable SSID broadcasting, hiding it from most computers and devices. And when you want to connect to the hidden network you’d have to manually add a network profile so that it knows the SSID to connect to. This all may seem like it increases security, but there are ways to discover a hidden SSID; it doesn’t stop a determined hacker. Additionally, disabling SSID broadcasting can also have a negative impact on the network’s performance.

Guest Network

Some wireless routers have a guest feature that lets you enable a second Wi-Fi signal with its own network name (SSID) and security settings. This is a quick and secure way to offer guests and visitors Wi-Fi access, or possibly to offer a separate network for some group of users like management so they aren’t on the same network as regular employees. Just make sure you enable the option (if any) to separate or block access to your main private network. And to prevent anyone nearby from connecting and using your wireless Internet, consider setting WPA2 security on the guest signal as well.

QoS

Most routers and APs have some type of Quality-of-Service (QoS) functionality, so you can prioritize wireless traffic based upon traffic type. This can be useful, for instance, to give high-bandwidth computers or devices using applications like video conferencing or voice calling higher priority over regular network traffic like web browsing and downloading.

VLANs and Multiple SSIDs

Some business-class wireless routers and APs support virtual LANs (VLANs) and multiple SSIDs so that you can create and use separate virtual networks. For example, you might want company management on one VLAN/SSID sharing sensitive files, another VLAN/SSID for regular employees that can’t access the management VLAN/SSID, and another VLAN/SSID for guests that can only access the Internet.

Generally, you create the VLANs on your router, each with a unique ID number. Then you set your Ethernet ports on your switches with the desired VLAN IDs and set the multiple SSIDs on your APs with the desired VLAN IDs. Or if you use 802.1X authentication, you can assign each user to a VLAN ID (specified on the RADIUS server) and when they connect to the network it automatically assigns them to that VLAN ID no matter where they connect from.

Summary

Remember, before disabling SSID broadcasting, consider that it doesn’t provide much security against hackers, while also reducing performance and complicating the connection process. But you should invest in setting up a RADIUS server or subscribing to a hosted service so you can use the Enterprise (802.1X authentication) mode of WPA2 security. And if your router has a guest network feature or if your router and/or APs support VLANs and multiple SSIDs, you can offer separate Wi-Fi access for different types of users and guests.

To reduce Wi-Fi interference, make sure you set your APs to non-overlapping channels and check channel usage of neighboring networks as well. Depending upon what Wi-Fi standards your wireless clients are using, consider changing the default wireless mode and channel width to increase performance. And to make sure high-bandwidth devices receive enough bandwidth, consider using QoS settings to prioritize traffic.

Advertisement

Featured Links