Ethernet wiring questions

When asked how his wifi coverage was, Hudson was quoted as saying “There’s some holes in this house. There’s some holes in this house.”

2 Likes

[benshapirofrowningface.jpg]

This exact setup describes a large number of commercial wifi installs, including what we use on our campus at work.

All of the consumer mesh systems I’ve seen have wireless mesh points. By wanting wired mesh points with zero-handoff you’re starting to tread into business or enterprise territory here, which is going to increase cost and/or complexity. So unless you really want to go down that rabbit hole, you’ll need to make some tradeoffs.

Honestly, for a home, the best solution is to connect up some APs, set them all to the same SSID/password on different channels, and be done with it. Unless you’re wandering from AP to AP doing something that requires a constant data stream where buffering isn’t feasible (e.g. online gaming, a Zoom call), you’re not likely to ever notice any issues. Wifi devices aren’t perfect at knowing when to hop APs, but they’ve gotten pretty good at it, and modern data transport technologies will smooth out the vast majority of handoff hiccups that do occur.

If you really want a mesh without a “mesh” system, you can try setting all the APs to the same SSID/password and the same channel, but you run the risk of your APs interfering with each other over RF. YMMV.

1 Like

Thanks. I wish I hadn’t had such a bad experience with mesh. I like the concept, but just couldn’t get it to work.

You will be happy to know…or maybe you don’t really care…I spent the evening running ethernet throughout my house. Pulling the cables wasn’t too bad, and I only have one drywall repair to make. Luckily, it’s in a closet, so if I get it fixed this week, Mrs. Hawk may never even know.

Hopefully this improves some of my connectivity issues with VPN and work. It won’t help speed, as our VPN is agonizingly slow, but hopefully I won’t get dropped regularly in the middle of video calls.

On a side note…terminating cables sucks donkey. Making patch cables isn’t too bad, as I can do that at the table, but keystone jacks near the floor suck. I can’t imagine having to do that all day.

It’s definitely not a silver bullet for every circumstance, especially if your house is too spread out. Works great in my parents’ house though.

Tell your sys admins at work to implement split tunneling on the corporate network. Things like Google Meet, Zoom, WebEx, etc… should never go through your corporate VPN concentrators. Unless your endpoint security on your laptops/cell/tablets is absolute crap.

Don’t know much about it, only that it says “full tunnel” on the VPN connection. We’re a major target for cyberterrorists, so network security is tight, tight, tight. The speed is OK, it’s the dropping of the wifi connection that is the problem. Reliability has been the problem more than speed. Though it’s not particularly fast. I’m getting about 350-400 mbs on my personal laptop, but about 18-20 on the work one. So it’s a significant difference.

I’ll ask the IT guys if there’s a way to speed things up. Thanks for the tip.

So if I set up multiple access points with the same SSID and password, will my devices automatically hop to access point with the strongest signal? What I don’t want is, for example, to be connected to the upstairs point, and it stay connected to that point if I go outside, even if there’s an access point out there. I want it to recognize the stronger signal and hop automatically without me having to disconnect from one and connect to the other. I don’t necessarily mind so much, but Mrs. Hawk…well, let’s just say she’s not as patient as I am.

We’re instructed to log-in to those services directly from our laptops, outside of the VPN Remote Desktop.

Apple’s Airport networking system was pretty good at this, at least when being connected to with an other Apple device. My WinBox work laptop used to desperately try to hang on to the previous AP even though it may have been be three floors away.

Sadly, Tim Apple discontinued this line when he purged the things that were deemed too hard to be bothered with.

If I am a sysadmin that is hyper-vigilant about security and data loss, then I’ve got a router at the office running gateway antivirus, intrusion detection/prevention, content filtering, traffic logging, the whole shebang. I’d also be concerned about the types of wifi my users might be connecting to - Starbucks, airports, hotels, poorly secured home networks - over which I have no control. I’d also be concerned about the types of web sites they’ll be visiting, over which I have little control when they’re off my network.

If I force all of a user’s traffic through their VPN tunnel to the home office then 1) it’s a hell of a lot easier to implement my security standards, 2) I’m protecting the user from unwitting exposure to vulnerabilities (e.g. a man-in-the-middle attack on a compromised network), 3) I’m at least somewhat protecting the company from willfully malicious users, 4) I’m able to enforce my content filter and keep users from wandering off the reservation, and 5) I’m able to tell the higher-ups that I’m doing everything I reasonably can to keep us and our data safe.

I’m not saying this is always the right approach, but it is a valid approach. Endpoint security is necessary but it’s not always sufficient. Online meeting platforms are a bit of a different animal and will obviously perform better with split tunneling, but there’s always the “what if”.

Usually, yes. I don’t know if there’s an exact signal strength threshold that they’ll use, but modern devices are pretty good at hopping APs fairly transparently to the user. The worst case scenario is turning the device’s wifi off/on, at which point it’ll connect to the strongest signal. These days I rarely have to do that on our campus at work.

The trusted internet connection model is certainly a workable model and one that worked well for us here in Gov for a long time. With the explosion of high capacity workloads like collab streaming and data sciences crunching, we’ve had to move to a SASE+ZTN model to maintain visibility/control while also safeguarding usability and making local network security almost meaningless. Practical cyber posture and control has actually increased, costs are flat and users get the experiences they crave. Tools like Cisco Umbrella and zScaler are worth the investment for enterprises.

I wandered into a website all written in some unknown language.

3 Likes

Says the guy whose profession uses Latin terminology in abundance.

1 Like

Don’t worry, I had a talk with the man in the middle and I asked him to change his ways.

Yes, I’m bored today.

Not sure what we have, but we have literally 10’s of thousands of users in a hundred different countries, connected to who knows what. We fend off 3,000-5,000 serious malicious hack attempts per day, on average, some at very high levels of sophistication, not counting the normal virus and malware stuff that happens through sketchy websites and careless employees. We’re not connecting to the company network without going through their security.

We are not allowed to use Zoom because of the “what if”, and we’re told that it’s a security sieve. Don’t know if that’s true, or if they just to force us to Teams because of our love for Microsoft.

Naw, man. That was the old days before my time as a lawyer. In my era, lawyers spoke and wrote plain English. Not Latin.

We have to use WebEx because of the Zoom scares. It’s the poster-child for the glitchy, delayed, low-res video conferencing that people make fun of.