How can I make my wifi more reliable?

Discussion in 'Cisco/Linksys Wireless Routers' started by phadobas, Aug 19, 2006.

  1. phadobas

    phadobas LI Guru Member

    I'm an IT person at a hotel, with several different buildings. As demand arose in recent years, I introduced and expanded wireless Internet access. I currently have some 10 Linksys Wifi access points and/or routers.

    Guests come and go and they bring different makes of laptops (including Apple Mac-s) and I do a lot of configuration help out for them.

    One thing that doesn't want to go away is this: every once in a while these Linksys Wireless devices need reset. They simply disappear from the wireless network, and I can't even ping them from the wired end. Sometimes they are still visible in the list of "avalibale wireless networks" from a computer, but while the bars show full signal strength (which I think is a bogus data at that point), the computers can't connect to them. I just have to get up from my desk, go over to the other building, pull the power plug, put it back in, and we are back in business. BUT WHY????? Why do I have to do this?

    Sometimes they run for days, some for even weeks, sometimes the same device have to be reset every day for a period of 2 weeks or so (whenever a particular guest wants to use it, it crashes every day. Then the guest leaves, and it's back to normal: reset once every 1-2 weeks...)

    On all of them, I use the basic security feature of 128bit WEP encryption. For a while I also used MAC filtering or switched over to WPA security, but these didn't make any difference.

    So basically, any general suggestions as to what makes these things run more reliably? I have WRT54G, WRT54GXv2, WAP11, etc.

    One more data: In one building, the deiveces don't overlap in coverage, but in another building, they do. In this case, I still have the same SSID, but on not overlapping channels, so guest computers can find the one with the stronger signal and associate with that one.

    Also, when I list up the available wireless networks, there are other ones from surrounding buildings, so in some cases I see 3-4-6 available networks, and that may also be a reason for all these. But then again, maybe not...

    All suggestions are welcome.
  2. Advis

    Advis Network Guru Member

    I have this problem with a WAG354G. You could try 3rd party firmwares, check out DDR-WRT and Hyper WRT secrtions found in this forum.

    As your in the hotel industry have you had a look at the commercial Wi-Fi solutions available to you?
  3. sNNooPY

    sNNooPY LI Guru Member

    I agree with Advis. You should try dome 3rd party firmware. they open up a lot of additional features which can help you.
  4. cgondo

    cgondo Network Guru Member

    One of which is automatic reset

    Interference should alyways be looked at. Find out the frequencies of the surrounding network and use a different frequency
  5. Esquire

    Esquire Mesquire Staff Member Member

    Do you know what your guests are downloading when they are connected? One of the many complaints I have seen in other forums is the AP crashing after a heavy bout of BitTorrent, stemmed from the fact that the BitTorrent clients had been configured incorrectly (majority of users misconfigured theirs) and overwhelmed the AP with an excess of connections to peers. Many brands exhibit this issue, and not just Linksys.

    One thing you could try after switching to custom firmware is to increase the number of connections.
  6. sNNooPY

    sNNooPY LI Guru Member

    or try blocking those "hungry" apps like torrent & other file sharing. AFAIK, that's a normal thing in wi-fi hotspots, hotels, etc.
    It would add to the stability of the whole network, for sure...
  7. phadobas

    phadobas LI Guru Member

    Blocking hungry apps


    Can you list out some of those hungry apps?

    Also, how do you actually block them? Never experimented with this are of setup...

    Unfortunately, I don't know what kind of apps the guests use. Mostly it's outlook, Int. Expl., and remote desktop to their home computers, but other than that, I don't know.

  8. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    @phadobas: You should take some snapshots of the traffic going through your network. Capture some traffic during peak times 1 hour segments and run it through ethereal. You'll be able to see all kinds of stuff including what "apps" your guests are running. From there you can use Hyperwrt or ddwrt, both of which have QoS for traffic shaping including blocking.
  9. bertlego

    bertlego LI Guru Member

    i've been figuring out for some time how to see what "apps" my 'guests' are using. can you please elaborate on how to do this? how do i take snapshots? and what is ethereal? i'm using a linksys WAG54GX2 and my 'guests' are connected to via switches to the port of WAG54GX2. i have no servers installed.
    tks. for any help.

  10. sNNooPY

    sNNooPY LI Guru Member

    it all comes down to file-sharing apps (dc++, torrents, etc.)
    I think you should (if you can) forbid those apps. they open to many connections and jam the traffic, especially in a public place such as hotels, airports, etc.

    I don't know about the actual blocking. for example, on my college network people can't use dc++ & torrent. It's not working at all... I don't know how they did it. sorry. :(

    I know, but there will always be some "bandwidth hungry" teenager just aching for a piece of your network just to get the newest porn movie...
  11. phadobas

    phadobas LI Guru Member

    This 3rd party firmware was a GREAT idea. I already set up two of my units (one WAP and one WRT), and now they reboot at 4:00am every day. Hopefully that will lessen the amount of times I have to walk over and do it manually.

    Thanks for the advice.

    Now, what's the point of increasing the power output? I understand that computers will be able to see my AP-s from a greater distance, but will they be able to talk back to it?
  12. eric_stewart

    eric_stewart Super Moderator Staff Member Member

    I did some research a little while back (and some testing) and found out that BitTorrent uses TCP ports 6881 through 6999.

    Tactic 1
    Block these ports on your box...even with the standard firmware...and the stateful firewall won't even build a connection for the torrents.

    Tactic 2
    That said, if your goal is to limit the connection slots consumed by the Torrents (Linksys firmware defaults to only 512) then 3rd party firmware is the way to go.

    Tactic 3
    Another tactic is to limit the amount of bandwidth consumed by BitTorrent by using a TCP/UDP port-based QoS solution. Depending on your model of WRT, some of the standard Linksys firmwares have this amount of granularity. Certainly the 3rd party firmwares do.

    You could also combine all three methods of controlling / massaging your QoS and bandwidth utilization with 3rd party firmware. I really like DD-WRT v23 SP1 and Sveasoft but I have heard that HyperWRT is very stable too. I've tried the 1st two.

    Just some thoughts. Really interesting thread! Maybe the mod can put some of the recommendations into a sticky?

    P.S. BTW, the Gnutella Peer-to-Peer network (eg: Limewire) uses TCP port 6346 and sometimes 6347.
  13. bertlego

    bertlego LI Guru Member

    bittorent and peer to peer programs uses port range from 6000 to 60000. i use 50000 for my bittorrent and 26000 for my lime wire. so if you want to block or minimize them use that port range.
  14. Toxic

    Toxic Administrator Staff Member

    best way is only allow the main ports that your client need. web ftp pop3 smtp dns etc etc everything else can be blocked.

    you could not try blocking ports for file sharing as you wouldn't know where to start just use the ones you need to web browsing and email. etc etc and block everything else.
  15. GhaladReam

    GhaladReam Network Guru Member

    That is definately the best solution. Block EVERY SINGLE PORT except the ones users actually need.

    Possible list of open ports:

    80, for HTTP
    8080, for HTTP alternate
    443, for HTTPS
    21, for FTP
    23, for telnet (maybe close this one too)
    3389, for Remote Desktop Connection

    Everyting else should be CLOSED in an environment like yours. Simply open ports as your customers need/request them, or if a certina program won't work for them.
  16. n3tfury

    n3tfury LI Guru Member

    sorry for the bump, but i'm curious how your routers are behaving since you've upgraded your firmware.

    also, did i miss which firmware you went with?
  17. Ormen

    Ormen LI Guru Member

    I would be a little careful with blocking too many portranges. A few examples:

    If this is a hotel then you'll find a lot of users using VPN to connect to their Intranets, many of them not using the "official" ports for the various VPN solutions out there.

    Myself I travel some in my job. I like to relax in the evenings with room service and some WoW. I wouldn't be very impressed if I found myself missing my connection to any gameservers. (And Blizzard actually uses the BitTorrent range to upload their updates).

    I think you're on to something when you say that massive use and multiple connections on some portranges is the problem, but I think you might have missed the reason for this to cause problems (and freezes). I found that in many cases the problem is due to the Nat/Pat solutions usually being used out there. I've seen this problem a lot and it ususally has nothing to do with wireless problems. It happens just as often in strictly wired networks (My first ADSL router was an old Cisco 677 that only lasted about 20-30 minutes with eMule traffic :rolleyes: )

    At a guess, phadobas, do you use "real" IP addresses or internal ones (1o.x.x.x, 172.16.x.x, 192.168.x.x)?
    If you have internal ones and only one ar a few IPs to share around I believe quite a few of your problems might be solved easily. Get yourself a range of IP's you can distribute to your clients (any client will have their full use of any port without shareing) . Also try getting only one high performance router (not wi-fi) and use all your wireless devices as APs only.

    Good Luck!
  18. n3tfury

    n3tfury LI Guru Member

    to be honest, if i was setting up a wifi for a business like phabados does/did, i wouldn't too concerned about the few customers that couldn't play WoW or any fairly obscure vpn's flavors that use weird ports. you have to draw a line somewhere.
  19. Ormen

    Ormen LI Guru Member

    Hehe, one could always wish things were that easy :thumbup: . "No, sorry, our network don't support your needed VPN ports" would not be well received. I don't think too many would complain about loosing ther gaming access, but if they loose the connection to their workplace you'll find you'd be losing customers fairly fast in the hotel business.

    As for "few" customers who'd loose connection due to obscure VPN flavors; It's rather useful to change the default ports, it gives you a greater chance of not getting a port conflict on a visited NAT'ed network. And for that reason quite a few companies choose to do that.

    And obscure VPN solutions? :confused: Name a large company that has chosen to use completely standard "off-the-shelf" VPN solutions. I work for one of the larger outsourcing companies and do support for five different enterprises in the 10.000+ employees category. Only one of them uses standard "off-the-shelf" VPN solutions. (not that I had any say in what they choose, I'm just a lowly field support/system admin trying my best to help the users make their PCs work :) ).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice