back to article Call the Cable Guy: Wireless just won't cut it

Wireless networking is regarded by many as the way to go for corporate networking. No need for expensive structured cabling, no need to re-patch stuff when someone moves desk, and sufficiently secure to make it suitable for corporate use. I am inclined to agree with that last point: rank up the encryption to WPA2-AES and use …

  1. IGnatius T Foobar

    Should be obvious. Wired networks are always superior, and for any equipment that does not move around, wired will always be the way to go. A cable to every desk -- and those laptops have docking stations, so even for laptops you go wired.

    Any self-respecting IT pro will put wired ethernet in his home, for that matter.

    1. usbac

      57 Drops in my home

      Our home builder let me come in on the weekend and wire my house. He just said "don't hurt yourself on my job site". It was very nice of him to do that.

      57 drops might seem excessive, but the walls will only be open once (I hope). At that time Cat-5e was really cheap. It took five 1000 foot boxes, but Cat-5e was only $31 a box then.

      1. dgc03052

        Re: 57 Drops in my home

        I ran coax cable, coax ethernet, and phone drops, but also ran conduit (with string running to make pulling easier), so it is all happy with cat 5e after a simple upgrade.

    2. Allan George Dyer Silver badge
      Windows

      Yes, I'm really glad I put in that 10base2 - oh wait!

      Anyway, the Cat5 replacement is still useful for connecting the APs for good wireless coverage.

      I really do prefer wired, except when the cable from my netbook is trailing over the other occupants of the sofa. And I'm still looking for a smartphone with an RJ45 socket...

      1. Allan George Dyer Silver badge

        I'm curious, why did I get down voted? I really do have 10base2 around my walls at home. How long before the 5 and 5e is obsolete too?

        1. Roland6 Silver badge

          I really do have 10base2 around my walls at home. How long before the 5 and 5e is obsolete too?

          Not seen anything capable of connecting to 10Base2 (or 10Base5) for many years now.

          Which is a shame as a few years back I wanted to be able to cheaply connect some farm buildings together and these with their single segment limits of 185m and 500m and (once) readily available network cards made them good candidates, albeit limited to 10Mbps...

          As for the answer to your answer, I suspect that if you have 10Base2, you already know that 5 and 5e are unlikely to become obsolete anytime soon, particularly given 5e can support 1Gbps upto 100m. However, I anticipate we will increasingly see laptops following tablets and only supporting WiFi (unless you want to play around with USB dongles etc.). So overall we can expect the price of Ethernet over twisted pair to increase and necessary components become less available in the retail/consumer sector.

          1. Vic

            Not seen anything capable of connecting to 10Base2 (or 10Base5) for many years now.

            I've got an assortment of cards that can.

            I picked them up years ago - they're incredibly useful when you're likely to get a phone call that says "network's knackered - can you fix it today?"

            Of course, my site report will inevitably recommend upgrading the cabling...

            Vic.

  2. captain veg

    the answer

    "Wireless networking is a shared-media network. So if you connect more and more machines, it's going to run appallingly – just like Ethernet used to."

    So we need wireless token ring?

    -A.

    1. Charles 9 Silver badge

      Re: the answer

      No good. Token ring only works if the connections are highly directional (thus the "ring" in Token Ring). The big thing with wireless (and this is a physical thing) is that radio is naturally omnidirectional; it tends to braodcast in all directions. It's like a common lightbulb in that sense. Or even a candle. You get the same problem when you happen to stand in a zone of radio crosstalk where two stations from two different areas both use the same frequency and happen to (usually unintentionally) get as far as you.

      And for a mobile device like a tablet or phone, you NEED this omnidirectionality since you cannot rely on the device to have a specific orientation all the time. That's why we use radio instead of infrared. Yes, you can use light and lasers to transmit data, but they can only work in fixed settings where the endpoints are known and aimed carefully.

    2. Roland6 Silver badge

      Re: the answer

      So we need wireless token ring?

      Err no, you need IEEE 802.4 Token Bus ie. logical ring over a shared-media.

      But then that was really intended to be used in 'stable' networks and not dynamic networks such as WiFi hotspots, because establishing and maintaining the logical ring does carry an overhead; plus it requires all nodes to be active in the token passing, so the radio is always active, whereas in 802.11 the node only needs to power it's tx when it wants to send something.

      Also designing these networks wasn't for the faint-hearted; says he who built several large 802.4 networks back in the 80's...

    3. Anonymous Coward
      Anonymous Coward

      Re: the answer

      It wasn't your turn to speak - I'm holding the talking stick

  3. Keven E

    Direct wiring

    "...nobody with any sense will go to the expense of having enough LAN ports to patch every floor port, after all..."

    Budgeted, installed, documented, done. "Hey PFY. do a system check and change the cable if needed into 12c, floor 3, building 2" (message sent from Hawaii)... and don't be a wanker about it, he signs your check."

    Totally worth every penny.

    1. Lee D Silver badge

      Re: Direct wiring

      I don't think I have a single port on a wall or in a floor that's not fully patched in or hasn't been every day since it's install.

      What's the point of putting them in if you don't have the switch port the other end, and if you're that full up that you're fully occupying EVERY switch then you're slagging the backbone and backend capacity of your switches anyway, which is far from ideal.

      Honestly, run doubles to everything, and patch them in at purchase. If you want to disable them, do it in the switch management. Because the day you want that port back and you have to cable-chase, you'll have to buy the switch anyway. And that will be an unbudgeted shock dependency on some other project that never realised it would need it.

      Double-wall socket.

      Cable.

      Patch.

      Switch.

      Then you have some wiggle-room when it comes to spares, failovers, new devices (everything is PoE nowadays), bandwidth, etc. and the backend bandwidth to support it all.

      Hell, just PoE phone deployment should teach you this. And if not, then the existence of things like LACP, so you can cable all those spare ports in the IT office to add yet-another-Gb to your server's capacity.

      1. calmeilles

        Re: Direct wiring

        Yup. At last gig it was the PoE IP-phones with pass-through for computer that ensured every desk had at least one live port from the get go. It was the 2nd device people who were the cause of patching.

        1. Anonymous Coward
          Anonymous Coward

          Re: Direct wiring

          Progress. It was only 20 years ago that we had a dozen trading desks all strung together on one Ethernet coax cable with the required 50 ohm terminating resistor on the final T piece.

          What a day it was when the final computer in the chain happened to be a laptop and its owner finished early taking it home complete with the T piece and terminating resistor still attached. No one understood how he got through the door without without hearing the outcries of 11 equities traders who had suddenly lost all network access,

      2. Alan Brown Silver badge

        Re: Direct wiring

        "I don't think I have a single port on a wall or in a floor that's not fully patched in or hasn't been every day since it's install."

        The main building I work in was floodwired with what seemed far too many ports (minimum 2 per desk and a few extra for every room) 20 years ago.

        As time has gone on, single-occupancy rooms became double and what used to hold 2 desks now holds 4 - and everyone now has a desktop, laptop, at least 1 phone/tablet and often more devices too, all competing for ports.

        Installing decent 2/5GHz WAPs (all running at 1-5mW output), WACs, switches, radius and 802.1x has meant that we can mostly cope with the increase. In the rooms that simply can't cope, we've added in-room switches where needed. Networking is also an issue, with a limited number of IPv4s available - so if you switch from wired to wireless you get the same IP assigned (this also provides seamless connectivity)

        802.1x is the key though. Authorised machines can connect. Unauthorised ones don't. Phones go into 1 of 2 guest networks - for staff ones the password is tied to their userid (which is forcibly changed every 90 days and has strength checking built in) and for visitors the password will evaporate in 24 hours, unless renewed by reception staff.

        I can tell you who's connected, where they are/were, when they logged in/out and go back 12 months. Any sign of malware activity (or plugging in prohibited OSes such as WinXP) gets the port slammed into a remediation VLAN within milliseconds.

        Yes, this cost £180k, but the alternative of needing 4 more staff to maintain the network would eat that difference in 2 years anyway. Every port is wired up - because we don't have many spare wallports anyway and at £50/port it doesn't make sense not to - staff time to repatch - and spent waiting for repatching to happen before whoever's at a desk can get back to work - is worth more than that.

        If we'd done this using Cisco, it would have been over £500k. The difference between vendors in this respect is refreshing - cisco were very much - "this is our kit, this is our pricing, take it or leave it" and pushing FUD about competitors, whilst the others were all very good about getting the right specv for our network _and_ tweaking the firmware if we found issues (It helps that the competing kit, whilst half the price of Cisco, is a _lot_ more capable and powerful and they don't pull stupid games like charging thousands for 10GB/s longreach optics.)

        Yes, we'll do a floodwire refresh, but the fact that upgrading to a large - affordable - adaptive switch network that provides Gb to the desktop (40-100Gb in the core) has already saved us tens of thousands of pounds in staff overheads is good in times of tight budgets.

        802.1x is the key to making things work better (especially wifi) but seems overlooked in 90% of installations.

      3. SImon Hobson Silver badge

        Re: Direct wiring

        Have a downvote for missing the point of structured cabling. It's structured cabling, not network cabling. I'm guessing you must be one of those stupid people who put structured cabling in for the network, and then run separate cabling for the phones, fax, serial terminals, serial printers, ISDN-2, video, ... All things I've run over structured cabling over the years - never used token ring or twinax but I'm sure some here have. OK, I'll admit that most of these are on the decline, but defintely not completely dead yet.

        Fine, if you really rally are never going to use any of those then go ahead and fully patch every port to a network switch, but ... It means you are either spending a lot more than you need on unused network ports, or it means you're one of those that ignored advice and only put in a fraction of the points that would be recommended by people with experience. And of course, with the rise of PoE, every port will need to be PoE enabled - otherwise you are back to having different types of port again, and PoE ports don't come cheap, especially on business class switches.

        I have experience with manglement just absolutely refusing to pay for the points recommended and then finding a shortage (and hence switches under desks) on the day they moved in, but on the flipside having put in what I'd recommended but having points unused when one or more foreseeable layouts didn't get used.

        1. Roland6 Silver badge

          Re: Direct wiring

          And of course, with the rise of PoE, every port will need to be PoE enabled - otherwise you are back to having different types of port again, and PoE ports don't come cheap, especially on business class switches.

          Personally not seen the benefit of, or need for, PoE enabling every end user accessible port, since these are generally right next to a bunch of power sockets. However, I have used them in infrastructure applications such as for (ceiling mounted) WiFi AP's where it simplifies the cable infrastructure.

          This has the effect of limiting the size and number of PoE injector switches needed in each floor's wiring closet, which in turn reduces the need for aircon.

          But then I accept that since the rise of WiFi, I've not had to flood a floor with PoE handsets, relying on the more cost effective use of local (to the handset) PoE injector for the few handsets needed.

        2. Keven E

          Re: Direct wiring

          Point(s) taken, Simon, but the cost really isn't that prohibitive, which I'm quite sure is my (newer) facility specific... having real ease of infrastructure accessibility within/to all the subsystems.

  4. Anonymous Coward
    Anonymous Coward

    Kill that rogue DHCP server!

    In the company I work (posting anon, for obvious reasons), we used to regularly experience issues with roaming engineers parking in the office and starting their laptops with DHCP servers running on them. It would cause chaos, and with our old 1Gb/100Mb switches, it took an age to find them and kick their arse. The Wi-Fi APs are a whole other game of pain!

    With a modest investment in 2nd-hand HP managed switches, we deployed two 5406 switches as a 'core' with 10Gb/s interlinks to a 5406 and 5412 that provides 1Gb/s ports to all of the floor ports - even the un-used ones (a contraction of the company helped reduce the number of connections). With the dhcp-snooping option enabled, the visiting services people can do as they please - and I no longer have to threaten them with a mallet!

    As for 5GHz in the servers ... (putting on my Radio Amateur hat - the one with APRS) ... I can see that working inside metal 19" racks. I think I will stick to 10Gb/s fibre links :D

    1. Alan Brown Silver badge

      Re: Kill that rogue DHCP server!

      " we used to regularly experience issues with roaming engineers parking in the office and starting their laptops with DHCP servers running on them"

      Decently secured networks will see that activity and disconnect the devices instantly.

      I know, as my network does it.

      1. Lee D Silver badge

        Re: Kill that rogue DHCP server!

        I was thinking the same.

        Who the hell doesn't have DHCP server blocking on their managed switches nowadays?

  5. allthecoolshortnamesweretaken Silver badge

    Yeah, try doing this wireless...

    1. A K Stiles
      Joke

      Cat 5 nine-tails?

      Oh wow - does it work as a clue-stick?

    2. Vic

      Yeah, try doing this wireless...

      I made up some test plugs a few years back with pins 1&2 wired to 3&6, 4&5 wired to 7&8. One RJ45, a tiny bit of UTP, and some heatshrink over the top.

      Makes it very easy to test layer 1...

      Vic.

  6. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      I think you are forgetting the intermediate step of 10baseT connected via simple hubs, which is what I thought the author was referring to - rather than 10base2 and those fun T-pieces because I think those would have deserved a proper mention given all the joy they shared with us!

      Especially the "kill one, kill them all" special trip-switch function you refer to.

      1. steamrunner

        I remember that I always used to travel around with at least one spare 10Base2 'terminator' and a 't-piece' in my bag, no matter where I went, just in case of cabling issues... ah, those were the days...

        S.

        1. Jeffrey Nonken Silver badge

          There was the segment that went down because a guy disconnected his computer and, thinking he was helping, plugged the resulting open plug with a F-F coupler and a terminator. Fortunately he had the sense to fess up when he heard us coming and fortunately I had the sense not to blow him off because we were too busy to talk to him just then. (I didn't know it was relevant until I talked to him, understand.)

          Palm over face, I explained that the cabling was not a water pipe and didn't need to be capped off to keep the elections in.

          Ignorance rather than stupidity and he came to us so we let him off without a lynching. He had the grace to be deeply chagrined.

          1. P. Lee Silver badge
            Facepalm

            Obligatory Dilbert

            >I explained that the cabling was not a water pipe and didn't need to be capped off to keep the elections in.

            Are you sure?

        2. Disk0

          Still have two of each of those in the toolcase, along with a whole bunch of other obsolete and wonderfully dysfunctional stuff like AAUI gender changers, an fd power cable adapter, and fax splitters. Anything smaller than a box of matches is allowed to hang around in the bottom corners...

          I have this nagging voice in my head telling me that the day I get rid of any of it, will be the day before I end up needing it at a client's site...

  7. The Dark Side
    Flame

    So So True!!!! Don`t believe the hype

    So So True!!!!!

    But managers/ directors do not listen, they believe the hype. Some younger IT crews know no difference, because they know nothing else.

    At meetings I just sit with a smug grin, and a "I told you so" look. When it gets round to discussions about the Wi-Fi, don`t get me started on the security in some organizations.

  8. chris 17 Bronze badge
    FAIL

    The bottle neck is further up the chain

    utter Tosh,

    they both have a place in the modern world, especially as a backup when the primary and secondary wan links get stuffed by the ISP.

    1) no one sits there and hammers their port at 1Gb/s all day long

    2) the switch uplinks are the contention point for sites with local servers. who has more than a pair of 1 Gb uplinks from their access switches?

    3) if your core servers are plumbed in at 10Gb/s and you have 100 users at 1Gb/s where is the contention now?

    4) your 1Gb/s wired connection is pointless if you've got less than (total users x 1Gb/s) WAN link if all your servers are off site.

    5) the bottle neck is either the switch uplink, server uplink or WAN link, fast wifi with lots of users on does not change this

    1. Jeffrey Nonken Silver badge

      Re: The bottle neck is further up the chain

      Uh... April Fools, right? You have to be joking about where the bottleneck is.

    2. jamesb2147

      Re: The bottle neck is further up the chain

      1) No, but many a crap device with its super crap antenna is trying to stream Netflix over the corporate WiFi. That's generally 5Mbps+ and when you get 10 on an AP, a few with tenuous connections... well, the math doesn't work out so well on an .11n network, at least.

    3. This post has been deleted by its author

    4. Alan Brown Silver badge

      Re: The bottle neck is further up the chain

      "1) no one sits there and hammers their port at 1Gb/s all day long"

      It doesn't matter. If you have network /home and fileservers then you need to cope with all the machines starting up first thing in the morning and after lunch WITHOUT slowing down.

      That means designing the network to cope with worst case scenarios, not the usual 1-2% utilisation.

      "2) the switch uplinks are the contention point for sites with local servers. who has more than a pair of 1 Gb uplinks from their access switches?"

      When access switches with 20GB/s uplinks are between £300 (basic) and £1200 (fully managed), with the core switches at around £5-8k, why would you NOT run 10GB/s uplinks? (Hint: my stacked access switches run 20GB/uplink per 48-port shelf in the stack - this also copes with $IDIOT unplugging cables in the switchroom - it takes a lot of disconnections to knock out any given access switch AND with TRILL+distributed L3 in the core it takes a lot of disconnections to knock out the core network. TRILL isn't just for data centres and was never intended as a datacentre protocol)

      "3) if your core servers are plumbed in at 10Gb/s and you have 100 users at 1Gb/s where is the contention now?"

      Why are you only running a single 10Gb/s connection on a critical server?

      For that matter: Why do you only have a single critical server? Where's your failover and redundancy?

      "4) your 1Gb/s wired connection is pointless if you've got less than (total users x 1Gb/s) WAN link if all your servers are off site."

      This is where you explain to the PHB that running a local server room costs £N and running 10GB/s uplinks costs 5*£N - with installation of the redundant physical 10Gb/s path having a 20*£n installation charge - and don't try to shortcut this as it costs £30k/hour in staff salaries _alone_ when the systems are unreachable.

      "5) the bottle neck is either the switch uplink, server uplink or WAN link, fast wifi with lots of users on does not change this"

      100 dual-radio 802.11ac WAPs (one per office - effectively one per 3-8 wifi devices) and a pair of suitable WACs will cost you between £50 and 80k depending who you buy from. That factors in 20 outdoor, reception area and meeting room units to handle the more complex cases.

      The trick is to design _properly_ and make sure that bottlenecks are eliminated in the first instance or accounted for in such a way that you can slot in upgrades to cope. That cheap installation isn't so cheap when you have to toss the whole bloody thing to install something which works properly (and can be incrementally upgraded)

  9. WolfFan Silver badge

    Wired vs wireless

    I set my home system up my way: put the comms stuff on a nice little demarc, all comms go there. The ISP wanted me to use wireless for just about everything. Not happening. I ran Cat 6 twisted pair from the demarc to a central switch and from the switch to the various rooms. The set top boxes for the tvs had both coax and RJ-45 connections; I ran Cat 6 to them. No, thanks, I'll live without the nice wireless set top boxes which the ISP wanted to charge a 'nominal fee' for. All desktop computers and all printers connected with Cat 6. I'd have run Cat 6 to the landline phones, too, except that they were already wired. Some of the 'smart' devices, tvs, BR players, that kind of thing, had RJ-45 ports; they got Cat 6 connections. And I had a few spare Cat 6 connections for laptops. And a dedicated wireless access point located centrally, next to the main switch, connected by Cat 6. I turned off the wireless on the ISP's device (which was a pain, for some reason they really wanted me to use their system. No thanks.) and set up two separate networks, a 2.4 GHz and a 5 GHz system. I put those 'smart' devices which didn't have RJ-45 and older laptops onto the 2.4 GHz net, and reserved the 5GHz net for newer laptops, cellphones, tablets, etc. I have also turned off DNS and DHCP on the ISP's device, and have a dedicated DHCP/DNS/authentication server doing things my way, next to the wireless access point and the main switch. And I put my NAS there, too. Yes, it took a lot of Cat 6, and couple of gigabit switches, but I have a fast network. And a laptop connected to Cat 6 is noticeably faster than when connected to the wireless access port, even if the WAP allegedly runs at speeds of up to 1500 Mb/s, precisely because wireless is a shared resource while Cat 6 from a switch is a dedicated resource.

    I may get a second WAP and use that for 2.4 GHz exclusively while using the first for 5 GHz exclusively to try to improve the wireless speeds, but there's not much that can be done, mostly due to congestion. A check shows that no less than six wireless systems, mostly from (ugh) Comcast, are broadcasting close enough to me to have three or four bars, and several more have one or two bars.

    1. Jeffrey Nonken Silver badge

      Re: Wired vs wireless

      I rent, so wiring options are limited. But the two main desktops and the entertainment system are wired. Also the printer.

      5GHz for those who can use it, 2.4GHz for the older gadgets.

      1. jamesb2147

        Re: Wired vs wireless

        Have an upvote, but I rent as well, and my landlord was A-OK with me paying for improvements to his property. In fact, he sent maintenance up to drill the holes in the wall for me as I didn't have the tools for it. I think it cost $80, mostly for the in-wall cabling.

        As for devices, near everything is Cat5E or Cat6, but a few older/crappier devices (read: cheap Android phones, game consoles, etc.) are 2.4GHz only. 5GHz is decent enough everywhere in the apt that I have a broadcast 5GHz network that I tell everyone how to use, and a non-broadcast 2.4GHz network for the peons (read: the aforementioned crap equipment). I'd rate-limit them, but they're suffering enough already.

        What do you guys use at home? I've got a Dell 6224 switch, Ubiquiti ERL router, and am looking to upgrade my Ubiquiti AP to something AC-capable (considering Ubiquiti and IgniteNet for that).

        FWIW, I do use my laptop wirelessly unless I'm specifically going to be transferring large amounts of data. I mostly avoid even that, though, by running most such apps on servers anyway, which are naturally all hard-wired.

        1. romanempire
          Happy

          Re: Wired vs wireless

          I rent as well but I still installed Cat 5e. Here in the UK most houses since the 70's have stud & plasterboard internal walls and dot & dabbed plasterboard fixed to the external walls. So its fairly easy to run cable where you want it with the right tools and a bit of know-how (and make it look like it was always built-in).

        2. Charles 9 Silver badge

          Re: Wired vs wireless

          I have both. I wired myself back during the early days of cable modem, so it's a touch old with normal CAT5, but you'd be surprised how well it still carries things even now. And before that I had linked a few computer to a Linux-powered dialup box over 10-Base2 (yup,BNC cables run along the floor, at the time it was easier plus one of the devices could ONLY use coax, as it was a parallel-port adapter).

          I have a wireless setup for those devices that must use it (laptops, phones, tablets, etc.), but to be on the safe side, my password's at the length limit and uses as broad a character base as I could use. I usually have to use WPS-PBC to add a device (WPS-PIN is turned off) because I can't remember it, it's so long.

  10. Anonymous Coward
    Anonymous Coward

    Somewhere I used to work the wired network was set up to block anything with a non-whitelisted MAC address and the firewall to the outside wall required your payroll number as the user name. From time to time we'd have external people come in, unplug somebody's desktop to plug their laptop in and complain "the network's down"

    = How do I get a connection?

    # Plug in a $CORP-owned computer into the $CORP network and log on with your $CORP payroll number and password.

    = Oh, but this is my laptop, can I use your desktop?

    # Yes ok here, log on with your payroll number and password.

    = But I don't work for you, can you log on for me?

    # Please leave my office.

    1. John Brown (no body) Silver badge

      "Somewhere I used to work the wired network was set up to block anything with a non-whitelisted MAC address"

      One my clients, a university, used to do that too. But they had the switches set to block the port if an unauthorised MAC was detected. The PC team had to request the networks team to unblock the port, which always seemed to take a day or two. It was a pain when a motherboard (or a network card in some other kit) had to be replaced with it's change in MAC address and the person doing the repair didn't know about it. I heard they changed that policy one year after some students, on "discovering" this, DOSed an entire floor of CompSci by plugging their laptops into every port available.

      Other sites weren't so restrictive and MAC changes just had to be notified by phone with PC name and new MAC address and it was usually up and running in minutes.

      1. Alan Brown Silver badge

        " But they had the switches set to block the port if an unauthorised MAC was detected."

        I have this.

        The choice in our switches is "block until disconnected" or "latch" - for an academic or highly mobile environment you only want to block unauthorised systems. The fact that the link has to physically go down in our configuration prevents spinning the mac until it hits one that works. (But the 802.1x means you'd still have to provide valid credentials anyway)

  11. John Tserkezis

    "you then have the faff of re-patching stuff when people change desks (nobody with any sense will go to the expense of having enough LAN ports to patch every floor port, after all)."

    We did. We had to. The department managers kept moving their people every two bloody weeks. Sometimes just shuffling four guys in a four spot booth.

    We weren't to ask why, but just to do our bloody job.

    Incedently, WiFi was entirely out of the question due to security reasons, we had millions of dollars sunk in IP apparently, and they were uneasy with it floating around the building, secured or not.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019