Wi-Fi at Greenspring

Updated January 15, 2015

Preface

Before Erickson became our Internet Service Provider our service was wired and provided via a cable modem. Some residents added a Wi-Fi router and have had Wi-Fi in their apartments for many years; for them there are very few advantages to the Erickson Service except perhaps, for some, Internet speed. The potential Internet speed of the new Erickson Wi-Fi is very fast. It is no longer limited by the source as it was previously. Internet speed is now limited by disadvantages of Wi-Fi technology and science. Because of these limitations reliable high speed is not available to all residents. Download speed inside an apartment vary from very high for the fortunate and very slow and unreliable for others. The community is being fed with a Gigabit, (1000 Mbps), a huge capacity by comparison to what it was previously. If the Gigabit Internet service were wired into the apartment all residents would have equal access to it and then the new service would be improved for all.

The purpose of this paper is to help Residents understand the technical nature of the Greenspring Wi-Fi system so that they can take advantage of its features, understand its weaknesses and better communicate with the IT technicians. It may be helpful to refer to the Glossary of Wi-Fi terms as you read. The figures you encounter may also help understanding by providing graphic profiles of an Access Point and the Network.

In Summary:

• Some Residents who only use email, surf the Web, buy a few things on the Web, or do some financial transactions on the Web may be content. Those Residents who have had there own home network in the past and are more avid computer users may not be content.

• Internet speed will vary widely dependent on your apartment structure, its location and the capability of your computing devices. For some, it can be slow for others very fast.

• Some users will find wireless file transfer, backup and other local network functioning adequate. Others those who previously had home networks may find networking functions slower, cumbersome and dubious.

• Low signal strength may cause poor performance of streaming video and cause your devices to loose Internet connection interrupting the video.

• At this point the sure way to print with the Erickson Wi-Fi is to wire your printer to your computer with USB or Ethernet. Some residents have gotten wireless printers to work well for them.

• The speed advantages of 5 GHz Wi-Fi protocol may not be accessible to some residents because of low signal levels. Although the System eventually will support 802.11ac protocol most residents do not have devices that can take advantage of it. There are recently marketed devices that residents who want to take advantage of the new technology can consider. All of the new Apple computers support 802.11ac.

A Home Network vs the Erickson Connect System

Glossary of Wi-Fi Terms for Greenspring

Signal Characteristics

The potential Internet speed of the new Erickson Wi-Fi is very fast. It is no longer limited by the source as it was with AEITV. We are now limited by Wi-Fi technology and the science that make it work. The Access Points in the hallways are capable of well over 100 Mbps speed and the community is being fed with a Gigabit, (1000 Mbps), from Cox, a huge capacity by comparison to what AEITV provided. To clarify, Erickson is our Internet Service Provider and Cox is the Network Service Provider to Erickson.

When the new Wi-Fi was first set up in late 2013, I ran some tests with my laptop computer. It was 2 years old and equipped to process 802.11n protocol and two spatial streams. It measured 150 Mbps download speed when directly under the hallway Access Point using the 5 GHz channel. HOWEVER, the same laptop when moved into my apartment dropped off the 5 GHz channel to the lower frequency and lower speed 2.4 GHz channel. The signal strength of the 5 GHz dropped dramatically bringing the SNR (signal to noise ratio) from 47 dB to 14 dB as a result of increased distance and attenuation by walls. SNR over 40 is characterized as excellent, over 25 as good, 17 and lower is poor to very poor. Speeds in my apartment on my laptop on the 2.4 GHz band varied from 10 to 60 Mbps depending on location.

It is likely that in other apartments computers and devices auto connect to the 2.4 GHz band as my laptop did and may be getting low Internet speed.

Older devices with only 802.11g capabilities will at the very best get 15 to 20 Mbps. My iPad got 20 to 30 Mbps in one of the more favorable rooms and is capable of 45. Considering only Internet speed, the promise of “Better than” may have been met for many residents although some Residents were experiencing speed of 3 Mbps and slower because of low signal levels. Low signal level results from too much distance and too many walls between the device and the AP. Low signal is the major factor limiting Internet, network speed and reliability. Internet speed can be good to excellent if you are near enough to the AP with no obstructions and very slow if not.

The speed will also depend on how many of your neighbors are using the same Access Point at the same time. My building is L shaped and I live in the corner of the L opposite the elevator and the AP is right outside my door. I have neighbors on both sides but not opposite because of the elevator. In this case the AP would serve 3 apartments however my next-door neighbors do not have computing devices so I have an AP all to myself. This doesn’t help much because of the size and wall structure of my apartment.

In some cases one AP can serve 4 apartments midway in the hallway, 2 on each side of the hallway. There can be situations where the AP serves only half the apartment on each side with a different AP serving the other half’s. In NH1 there are 9 AP's on each floor for 24 apartments. So you can say the average is 2.67 apartments per AP

The 5 GHz signal in my apartment was too low for my devices to reliably connect so they defaulted to the 2.4 GHz band and even the 2.4 Signal was marginal in some spots of my apartment. Other residents had the same problem or worse depending on the geometry of their apartment relative to the Access Point. The marginal signal level often messed up streaming video on our iPads.

Be aware of the inherent slow speed of computer to computer file transfer and wireless backup. It was 9 times slower than on my previous home network. I copied a 1.92 GB movie file from my desktop to my laptop using my home Wi-Fi network. It took 1 min 10 sec, a transfer speed equal to 219 Mbps. I repeated the test using GSV-Resident. It took 10 min 41 sec, a transfer speed equal to 24 Mbps. My Home network was over 9 times faster.

The difference was: 1) My Home network using a 5 GHz channel connected my computers directly to each other in one hop and the GSV-Resident network needs many hops getting to the Controller to verify identity and back. 2) The Hallway AP was much farther away and behind walls making it even slower. Those of us who used our local networks to share files with other devices will lose out. Those with a single computer and no network may be ahead of the game.

Erickson Connect has made improvements.

Currently the Erickson team is working at other Communities setting up Wi-Fi and telephone service. We expect that the team will continue tweaking the system at Greenspring as more is learned.

Configuration

The Erickson Wi-Fi system has four Wireless LANs (WLANs). The Network Names, (SSID’s), are Guest, GSV-Portal, GSV-Resident and Erickson. (Refer to figures) These are the names visible for you to select on your computer or device. The Erickson WLAN is for staff use; the Guest WLAN for guests: the GSV-Portal is a support WLAN for “Headless” peripherals like printers and for other devices that may not support Enterprise Security such as Apple TV, TiVo and Roku. The WLAN for Resident login is GSV-Resident and uses WPA2 Enterprise security requiring both an ID and Password for log on. Each Resident has been provided a unique ID and unique password that allows them to connect to the network. This is not the same as a unique VLAN for each resident. Having a single network like GSV-Resident allows you or anyone who knows your ID and password to connect to your account anywhere in the community.

Each Access Point, (AP), broadcasts the four LANS, Erickson, GSV-Portal, GSV-Resident and Guest on both 2.4 GHz and 5 GHz. Each SSID has three unique BSSID’s, one for the 2.4 GHz band and two for the 5 GHz band. The second 5 GHz transmitter is in a module added to the AP to provide 802.11ac, the very latest in Wi-Fi technology. (The 802.11ac has been disabled. See Note at end of document)

The WPA2 Enterprise security protocol (802.1x) presents a problem. Devices like wireless printers and Internet TV devices will not connect to it. The wireless printers and such must be connected to the GSV-Portal network, which has no security protocol. The computers are in the GSV-Resident network. Normally in order for them to work together they need to be in the same network. The catch 22 is that the printers will not connect to GSV-Resident because they can’t handle the Enterprise security and you don’t want your computer in the Portal network because it is not encrypted.

The original configuration made each resident to appear to be on a different LAN from each other and from the SSID (e.g. GSV-Resident). This prevented file sharing and Bonjour services from working properly. On September 16 2014 a system configuration change was completed. The physical layout did not change. The major difference in the new configuration is that it uses Security Group Tags (SGT) to separate residence to residence traffic, but allows everyone to be on the same LAN as the one assigned to the SSID.!

The SSIDs and the security used to log in remained the same. The change from a client perspective, (computers, iPads, and other devices connected to the network) is the IP address scheme in that each resident account has a value assigned for the security tag.

When connected to GSV-Resident or GSV-Portal, the wireless controller looks at your account, and inserts a tag in to the data packet based on a unique value assigned to the account. That packet then goes to the core switch that looks at the tag, and checks it against other traffic passing through the switch. If it sees another device with the same tag, it lets them talk to each other. If the tags do not match, the devices never see each other.

It is a much cleaner system than dividing residents in to 1700 little networks to separate them from each other. Now we have 1 big network that is secured by the tags. Instead of each resident getting their own small IP range, each neighborhood now gets one large range to share. For example, Neighborhood 1 gets the IP range of 10.104.176.1 to 10.104.191.254.

Most residents did not need to do anything as a result of this change. The IP addresses changed automatically on most devices.

The system makes the computers and the devices that connect to the Portal, like a printer, appear in the same network. The 12 digit MAC number of devices that connect to the Portal must be entered into the Portal MAC address filter database in order to be recognized. Some devices have more than one MAC ID and they can be difficult to find.

The Resident/Portal “tunnel” system is working. Bonjour, also known as zero-configuration networking, enables automatic discovery of devices and services on a local network. Bonjour is intended to make it easy to discover, publish, and resolve network services. It finds devices on your network like a printer when you need it. As implemented on the Erickson network, Bonjour appears to be working except the Bonjour Announcements of devices of other residents still appear. The Security System functionality prevents users from connecting to the other residents’ devices, but does not appear to prevent them from seeing them. It is an open issue albeit not considered a serious problem.

Low signal levels in the 5 GHz band also means some cannot take advantage of the higher speed of 802.11n technology. The Cisco AP’s have some of the features of the new 802.11ac technology built-in. However there are only a few devices on the market that can take advantage of it such as Apple’s newest computers. I quote from a Cisco white Paper “802.11ac, the emerging standard from the IEEE, is like the movie The Godfather Part II. It takes something great and makes it even better. 802.11ac is a faster and more scalable version of 802.11n. 802.11ac couples the freedom of wireless with the capabilities of Gigabit Ethernet.” The newer Mac computers have ac capability and because of multiple antennas and beam steering they can lock onto the 5 GHz signal and provide a significant speed boost even with the low signal levels.

I hope you find this paper interesting and informative. Perhaps it will help you understand the strengths and limitations of the new Erickson Wi-Fi service.

Notes:

The technical issues at the root of difficulties and dissatisfaction with the Erickson Wi-Fi system are summarized as follows:

➡ Low signal level: In many apartments particularly the large ones, the 5 GHz band signal levels can still be too low to be useful. In some cases even the 2.4 band signal levels are low resulting in very slow speeds. The inability to utilize the 5 GHz band exclude many from the advantages in network speed available only with 5 GHz. The system is capable of delivering well over 100 Mbps and some Residents are stuck with slow speed and connection dropouts. The 5 GHz signals need a boost of 10 to 15 dB or more to make them viable to 802.11n and 802.11ac clients and that may prove to be impossible from AP’s located in the hallways. The most practical solution is to have an AP inside the apartment by allowing the Resident to set up his own home network. All that is needed is a reliable Internet connection to a router or to just to their computer if they choose not to have a network.

➡ Networking Incompatibly: The GSV-Resident/GSV-Portal networking combined with the Enterprise security has proven to be complex and troublesome. Enterprise security protocol is intended for business and institutions such as hospitals not for a home network. Wireless printers, streaming media players like Roku and Apple TV and many other network dependent devices will not connect to the Enterprise security protocol of the GSV-Resident network and must be connected to the GSV-Portal, which has no protected access. It is difficult to set up some devices in the Portal and some networking functions did not work at all such as Air Play to an Apple TV. Bonjour, (zero configuration networking), did not working effectively to bridge between the Resident and Portal networks. The Security Group Tags (SGT) system appears to have resolved these problems. Setup is still cumbersome.

Should you want to measure the Internet speed, www.speedtest.net is easy to use and relatively accurate. The application Wi-Fi Analyzer is only available for Macintosh computers but likely there are similar apps for Windows.