WiFi 101 – Access Points, Wireless Routers, and Switching
How much do you really know about routers, access points and WiFi?
When I arrived at this company, someone had mentioned that there were some wireless problems. Mostly with coverage but also with connectivity and stability. Without really looking into the issue, I suspected I knew what the issue was and I was correct. I’ll reveal that, uh, revelation (for lack of a better word) later. The solution was quick and simple though: get a better piece of equipment and configure it properly. That solution handles most problems with hardware.
What I ended up doing, was bringing a piece of equipment from my house to show the company that this is the right thing to have and convince them to purchase the device. That piece of equipment: A Ubiquity AP AC Pro. The main thing is that this equipment is solely meant for wireless and connectivity to wireless only. It doesn’t do any routing. This may not mean anything to you now, but it will once we get into what I am actually talking about.
What did I Mean?
These days, most people are familiar with a wireless router. It is a piece of equipment that allows you to play head to head Candy Crush on your couch with your 2012 iPad Mini. It works great in most small networks, especially in homes. It connects to the modem, it broadcasts a wireless name that you enter in your device, you may even plug your printer into it and you have a little network going. What most people don’t realize, is that a wireless router is essentially 3+ devices stapled together into one convenient piece of hardware that includes, but is not limited to, a network switch, a router, a wireless access point, and security (firewall).
Lets investigate the different parts and how they work together.
Switch
The word router gets thrown around a lot but when you are plugging computer, printers, etc. into the device that is actually more of the switch component. Years ago, switches replaced hubs and allow for devices on the same subnet to communicate with each other. That is, if you plug multiple devices into a switch (and they have IP addresses), they can communicate with each without the need for a router. So, when a router has 4 or more ports that are listed as ‘LAN’ that is actually the switch component of the device.
There are dedicated switches, for more complex networks, that allow for multiple devices. Many switches are unmanaged, as in they are plug and play and most managed switches are also plug in play. However, switches can bring complexity to them, if required, in terms of security (MAC binding and VLANing, for example) to redundancy (STP related processes). While wireless routers are almost always plug and play, some do offer other functionality out of the box.
Router
Everyone knows this word but not many knows what it actually is/does. Routing helps traverse information across subnetworks. If you take a new, generic wireless router out of a box and plug your computer into it, you will likely get an IP address to the order of 192.168.1.x. Another machine plugged into the same switch would get something to the order of 192.168.1.y /24. Those 2 addresses are in the same network (or subnetwork) and can communicate to each other just with a switch (assuming they are addressed on the same subnetwork) and they really don’t need a router to communicate.
If the first computer wanted to talk to another computer on a different subnet, say with IP address 10.10.10.x /24, then a router would need to be involved. In short, the router determines which interface traffic should go out to reach the other subnet. In most cases, it needs to reach out to another router (often called a gateway) that will deliver the packets.
In terms of relativity, the device with IP address 10.10.10.x /24 would have a gateway that would determine the interface to get back to the 192.168.1.0 /24 subnet. Most commercial routers can handle multiple subnets so those paths may all lead back to the same physical device and can easily be routed from there.
Now, those 2 IP subnets (192.168.1.0 /24 and 10.10.10.0 /24) are reserved for private networks, so, they will not likely traverse the internet when calling to those. But reaching out to, say, google.com (with the help of DNS it just translated for me to 64.233.177.139) would also follow the same logic: let’s find the best “path” to get me into whatever subnet the Google translated address (64.233.177.139) is in. Realistically, traffic (packets) will traverse to a series of switches/routers until it hits its destination. We really don’t care how it gets there and, honestly, it doesn’t always follow the same path to get to the destination just as there are a lot of ways to reach a restaurant when driving. Depending on traffic, construction/repairs and other outages, your path may be altered to reach your destination. We deal with the same kinds of problems from basic routing of information. Along with some other protocols, we expect the router, and really the routers along the way, to get us to our destination in the most effective manner possible.
Honestly, routing is a lot more complicated than that. There are a lot of different ways to do it and myriad protocols, as well as a ton of options and conditions that can be set.
Access Point
Another word that is of recognition is Access Point. In a sense, it is synonymous with WiFi.
The idea of an access point is very similar to a switch. The main difference is the physical hardware/connections that are made such that the network connections are made with wireless signals. An access point itself does not execute any kind of routing. It simply makes the connection to the network and that traffic finds its way to the router if it needs to go to a different subnet.
There are a lot of different components with wireless: security, channel and band type to name a few. On its lowest level, I would say that access point configuration and WiFi is more complicated than operating a network switch (which can be plug and play; unmanaged). Other WiFi spots in the area will affect the channel that is needed (often Auto channel is selected by default to assist in picking the least busy channel).
Security considerations need to include encryption methods and strong passphrases with/without a RADIUS server which is a sort of database.
Other Stuff
Most wireless routers encapsulate the three previous points. Often, there is other stuff that the routers including these days, too. It almost exclusively includes things to help with performance and security.
Things like a Stateful Packet Inspection (SPI) Firewall, VPN configuration, VLANs (Virtual Local Area Network) and DMZ assignment are some examples of security operations that are common within a wireless router.
Alternatively, things like Quality of Service (QoS), bandwidth throttling and capping, and Guest Networks are a few examples of different features widely available in most wireless routers.
Final Thoughts (A La Jerry Springer)
Going back to the opening anecdote, I suspected that some of these wireless issues that the company was having were related to the wrong kind of hardware/configuration. Upon further investigation, the access points that were in place were actually wireless routers and they had the routing portion left on. This can work, and had to some degree, but it adds extra overhead by having both of those wireless access points performing routing, as well.
We have a dedicated router/firewall in this office. Simply put, this device should be handling most (if not all) of the routing that needs to occur. While one of the routers was connected back to our main router, the other is a guest router that should be separate from the internal network. As a temporary fix, I disabled the routing functionality of the first wireless router, so it would continue to act as an access point and added my (Ubiquiti) access point for extra coverage. It certainly helped the coverage and stability. Recently, I moved the Ubiquiti to the location of the wireless router to blanket coverage (as close as I could to the center of the office) and that seems to be the best fix, as I suspected.
There are many kinds of wireless operating modes and wireless gear. Using a wireless router in a network with dedicated network appliances can be problematic if not configured correctly. Simply turning off the routing on the wireless router acting as an access point would have improved the situation but, utilizing hardware that is made for a specific function (wireless with good coverage) is the only way to go and that’s the difference.
Scrutinize those network setups and do it happily! Cheers!
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown