Understanding Wi-Fi Speed and How 6 GHz Compares Networking

---

• Understanding Wi-Fi Speed and How 6 GHz Compares
• Cisco 2960s
• Sharing radius keys securely with external entities
• What could cause packet loss one-way
• Way to manage on premise devices? Is my approach decent?
• qq on Algosec and Cisco ASA (ACL's remarks)
• BGP issues on Fortigate
• Cisco SG250 "Drop Events" on uplink port
• Inter-VLAN Routing with multiple sites and L3 devices
• Fiber Question
• More SFP converter in a network
• Port Mirror without losing network access
• FTD with FPR
• Network documentation tool to generate packet headers
• Unifi switch for data center
• How to secure RDP?
• Securing Dedicated Link communication?
• Cisco's VIC, Adapter FEX, and Nexus 9K
• Managed switch with a fibre connection - can i unplug without a restart?
• How can I find out which devices use the Treck TCP/IP stack?
• stable version of controller unifi

Understanding Wi-Fi Speed and How 6 GHz Compares Posted: 01 Jun 2021 06:08 AM PDT TL;DR: Wi-Fi 6E uses the same PHY standard, MIMO, and modulation rates from Wi-Fi 6. The only thing new is the 6 GHz spectrum. 6 GHz can be faster, if you're near an AP using wide channels. - 2.4 Ghz and 5 GHz still have advantages, such as longer range, better wall penetration, and legacy compatibility. Before we talk about the nature of 6 GHz Wi-Fi, it's helpful to understand the components of Wi-Fi connections and how they interact to determine performance. Consumer routers claim numbers like 10,800 Mbps of throughput, but where does that number come from? Why are the numbers what they are, and why don't I get 10,800 Mbps on my speed tests, dang it!? Start with 10,800 Mbps 2.4 GHz: 4x4, up to 1,200 Mbps with 40 MHz Channels 5 GHz: 4x4, up to 4,800 Mbps with 160 MHz Channels 6 GHz: 4x4, up to 4,800 Mbps with 160 MHz Channels 1,200 Mbps + 4,800 Mbps + 4,800 Mbps = 10,800 Mbps. Go Down to One Band Since Wi-Fi connections only happen on a single band, you're only able to access one band at a time. If you use 5 GHz or 6 GHz, you're down to 4,800 Mbps. This is using 160 MHz channels, and 4 spatial streams. Limit MIMO to 2x2 MIMO (Multiple Input, Multiple Output) is a direct capacity multiplier, and it multiplies capacity using the same spectrum. While most high-end Wi-Fi 6 access points support 4x4:4 MIMO, the vast majority of client devices top out at 2 spatial streams. Battery operated Wi-Fi clients like your smartphone or laptop are almost all 2x2:2 devices. Going from 4 streams to 2 streams cuts our maximum link rate from 4,800 Mbps to 2,400 Mbps, if using a 160 MHz channel. If Using 5 GHz, Set Channel Width to 80 MHz Using 160 MHz channels in 5 GHz requires the use of DFS, and not all devices support DFS operation. 80 MHz channels are much more realistic option for 5 GHz, limiting maximum link rates to 1,200 Mbps. With Wi-Fi 6E, you get access to 6 or 7 more 160 MHz channels, and don't need to use AFC or DFS if operating indoors. Range is less though, since 6 GHz attenuates faster, wider channels increase background interference, and 6 GHz indoor low-power AP transmit power is limited. For more details, see the Device Class and EIRP Limit section of Wi-Fi 6E's Current Status. Set Modulation/Coding to 256-QAM or Lower The maximum link rate requires 1024-QAM modulation, and a very high signal-to-noise ratio (SNR). The highest data rates are only possible in the best situations, with an AP nearby and limited interference on the channel. A more realistic modulation is 256-QAM or 64-QAM, resulting in a maximum link rate in the range of 600-900 Mbps for 80 MHz 2x2, or 1,200 to 1,800 Mbps for 160 MHz 2x2. TCP/IP Overhead Even in wired networks, there's around a 5% overhead in TCP/IP connections. That 5% comes from all the data that's required to setup the connection and address the packets and frames being exchanged. Jumbo frames can help a bit here, but come with their own issues. See Wikipedia for more details. Beacons and Management Traffic Beacon frames are how an AP advertises networks to client devices. In order to ensure that all devices in range are able to understand them, access points send out management traffic such as beacon frames at the lowest supported data rates. This expands the range of the broadcasts, but also acts as a speed bump, consuming precious airtime. The amount of management traffic increases with additional SSIDs, and features such as beamforming. You can limit the impact of management traffic by restricting minimum data rates. That's usually only necessary in dense multi-AP networks, where small cell sizes and careful channel planning are important. Half-Duplex Wi-Fi is half-duplex, meaning on one device can be transmitting at a time, and only in one direction. To make an analogy, Wi-Fi is a walkie talkie, not a phone call. Ethernet is full-duplex, and allows transmissions in both directions at the same time. Wi-Fi does not. Wi-Fi being half-duplex doesn't mean that throughput is cut in half, but it does mean that Wi-Fi devices can't multi-task. When downloading a large file, a client device has to take many short breaks to transmit TCP acknowledgement frames back to it's AP, or to allow others to transmit. Wi-Fi devices can't download and upload data at the same time, or talk when others are talking. Wi-Fi is a Shared Medium: Collisions and Re-transmissions In addition to being half-duplex, Wi-Fi is a shared medium. When one device is transmitting on a channel, all other devices in range must wait their turn. If multiple devices transmit at the same time a collision can occur, causing the transmissions to be jumbled. When collisions occur, devices need to wait for a random length of time before re-transmitting. This can also cause link rates to be lowered temporarily, resulting in lower effective throughput for everyone. PHY Link Rate is an Estimate, and an Average When you see a link rate of 1200 Mbps, that doesn't mean every single frame gets sent at 1024-QAM modulation. Individual frames may get sent above or below the current link rate values. In Summary A 2x2 device on an 80 MHz channel can achieve a maximum link rate of 1200 Mbps, resulting in throughput around 800-900 Mbps in ideal conditions. A 2x2 device on a 160 MHz channel can achieve a maximum link rate of 2400 Mbps, resulting in throughput around 1400-1600 Mbps in ideal conditions. This isn't even all of the factors. If you're interested in reading more, the CWNP blog has a great list of sources of overhead in Wi-Fi . 6 GHz Wi-Fi Characteristics There's nothing special added in 6 GHz to reduce latency, or increase speeds. Wi-Fi 6E uses the same PHY standard, MIMO, and modulation rates from Wi-Fi 6. The only thing new is the 6 GHz spectrum. An 80 MHz channel in 5 GHz is going to perform essentially the same as an 80 MHz channel in 6 GHz, with a few caveats: Higher frequencies attenuate faster, so 6 GHz signals offer slightly less range than 5 GHz. Indoor, low-power 6E devices like the RAXE500 are limited to a slightly lower EIRP (2) in the 6 GHz band compared to the 2.4 GHz and 5 GHz bands. 6 GHz outdoor operation is more complicated, and regular-power outdoor APs require the use of the new AFC system, which is similar to DFS in 5 GHz. Standard-power APs will need to report their location before being able to operate at their full power. Indoor, low-power devices don't need to worry about AFC or DFS. Combined with a big chunk of new spectrum, this makes 80MHz and 160 MHz channels more practical to use. Maximum allowed transmit power in 6E increases with channel width. You'll get the same 30 dBm maximum EIRP allowed in 5 GHz, but only with a 320 MHz wide channel. 320 MHz channels should be supported in Wi-Fi 7 (802.11be), but for now 6 GHz indoor range will be less than the maximum possible with 5 GHz. - 160 MHz channels reduce maximum allowed EIRP by 3 dB - 80 MHz channels reduce maximum allowed EIRP by 6 dB - 40 MHz channels reduce maximum allowed EIRP by 9 dB - 20 MHz channels reduce maximum allowed EIRP by 12 dB 6 GHz offers more bandwidth and less interference. 6 GHz allows for up to seven 160 MHz channels or fourteen 80 MHz channels, making them much more usable in the real world. Because of this, 6 GHz can be faster, if you're near an AP using wide channels. 2.4 Ghz and 5 GHz still have advantages, such as longer range, better wall penetration, and legacy compatibility. submitted by /u/mccanntech [link] [comments]

Cisco 2960s Posted: 01 Jun 2021 10:44 AM PDT Anyone still got these in prod? Was thinking of grabbing one from ebay as a spare? we don't have vlans so i think it would be a safe spare. Thoughts? submitted by /u/nickcasa [link] [comments]

Sharing radius keys securely with external entities Posted: 01 Jun 2021 01:36 PM PDT I'm curious what mechanism or method you use to communicate a new radius [or other shared key] key with an external vendor. I'm sure some folks have a portal that is meant for this very thing [Cisco etc] but for those who don't have something like that setup how are you securely sending sensitive information like shared secrets with your vendors? submitted by /u/xPenguin72x [link] [comments]

What could cause packet loss one-way Posted: 31 May 2021 11:02 PM PDT I'm relatively new to the field, and don't have much experience with enterprise equipment. I'm a technician that works on RF equipment, so I don't have much experience with any sort of IP data structures, however there is some sort of communication issue between the Modem (which I set up) and our Level 3 switch (which I believe is Cisco, and was set up by the technicians in another department). When we have the switch ping our modem, it reports a 10% packet loss, however when the modem pings the switch, they all go through fine. We've replaced Cat 6, SFP adapter, and plugged into a different SFP port on the switch. I'm sure the other shop has taken more troubleshooting steps, I just don't know what. We haven't tried a different port on the Modem yet, as custom configuration is not particularly easy with it. We don't have any useful documentation on its CLI, it's GUI is confusing. All we know is that it runs some proprietary software in some Unix-like operating system (likely a Linux kernel). No one here knows anything about this equipment, so far I was the only person to get the modem-to-modem RF communication working. If anyone has used iDirect equipment, tips would be appreciated. submitted by /u/knuckledragger242 [link] [comments]

Way to manage on premise devices? Is my approach decent? Posted: 01 Jun 2021 04:15 PM PDT Hello there, Im a software engineer and I'm deploying on-premise Jetson Nano devices for retail shops. I'd like to have a tool that allows me CI/CD and monitor said devices. I have a skim knowledge about way to achieve this. The only thing that comese into my mind is setting up an OpenVPN server that allows me connect to devices via ssh and update them. Is this a good approach? I dont know whether port forwarding will be possible by some clients so I'd like to have a solution that doesnt involve managing networking on client side .I'd like this to be seperated as much as possible. Are there any other ways to achieve this? Can someone guide me if I'm naming my problem correctly? submitted by /u/drzemu [link] [comments]

qq on Algosec and Cisco ASA (ACL's remarks) Posted: 01 Jun 2021 03:44 PM PDT Hi, I have a Cisco ASA configured with multiple ACL's and network-object groups. Algosec is able to extract the remark for the first ACE of the ACL, but no for the rest of the ACE's. As a result, the rest of the ACE's remarks are in blanks.​ ​The idea of manually add thousands of remarks is not feasible additionally it may increase memory utilization in the device. Is there any way to keep the remarks for each ACE in Algosec? Thank you submitted by /u/luckystrike_1900 [link] [comments]

BGP issues on Fortigate Posted: 31 May 2021 08:18 PM PDT Currently I'm trying to advertise my /22 IP Blocks using BGP using Fortigate 600E (OS 6.4.4). I understand a router it best fitted to do BGP but due to current financial situation, we cannot buy a router. I have a X.X.120.0/22 IP Block that I'm advertising to two independent provider. I am advertising X.X.120.0/23 and X.X.120.0/22 via ISP1 and I am advertising X.X.122.0/23 and X.X.120.0/22 via ISP2. Each provider is sending me a default route and their respective IP Blocks. Using Weight, I can chose which default route I want entered in the routing table. I assign a static IP on laptop of X.X.120.2, Gateway .1. If I make the default route from ISP1 to go in the routing table, everything is ok. If make the default route of ISP2 to go in the routing table, I am unable to browse. DIG DNS (UDP), PING (ICMP), and traceroute work ok. I do notice that I can browse some google or youtube sites but this is because its served using UDP. With this, it seems that its affecting TCP traffic only. I even tried adjusting the TCP MSS (1300 - 1430) but that didnt help. If I turn off ISP1 link, everything works using ISP2 only. If I turn off ISP2 link, everything works using ISP1 only. The reason I'm trying to advertise two /23 is for loadbalancing and to maximize the link usage since each link is not cheap. Things I've tried: * enabled asymmetric routing * enabled tcp-session-without-syn in both in to out and out to in firewall rules. * enabled auxiliary-session * route look up matches the default route. * policy look up matches the in to out firewall rule. I have a support case opened with fortinet but even them seem to be lost and puzzled. submitted by /u/taken_velociraptor [link] [comments]

Cisco SG250 "Drop Events" on uplink port Posted: 01 Jun 2021 12:46 PM PDT Greetings Sorry in advance if this isn't "enterprisey" enough but it's what we have in this office. If I should ask this somewhere else, let me know and I'll do that. I have a Fortigate 60F (6.0.12) feeding into a Cisco SG250-50 (2.5.0.83), both of which are brand-new in the last 90 days. The Fortigate is plugged directly into an ISP-provided Hitron cable modem, attached to a 1G/50M service. We are seeing inconsistence in our service. Speed tests can range anywhere from 50/5 to 950+/55. Days can go by without performance issues, and then we'll have days where the voip will get choppy/drop-happy/one-sided etc, and/or teams video will be laggy and choppy and freezy. Speedtest issues do not correlate to the other issues. Vendor support has been, so far, hopeless. The only outlier that I can put my finger on, and that only inconsistently, is that when the speedtest results are bad, the switchport connected to the firewall LAN interface will sometimes accumulate RX Discards (called Drop Events in the web GUI) during the speedtest. As in, 10K to 15K packets per test run. These results happen only when the speedtest is run through a web browser, connected to either speedtest.net or "whatever it is google uses when you search for speed test". If I use the win10 Speedtest.net App, it does not accumulate drop events, bad result or good. Also, speedtest results are much less likely to be bad when run through the app. Also, drop events do very slowly accumulate during non-speedtest use, but only in the order of a couple dozen per day. My research suggests that drop events (InDiscards) indicate that the switch received a packet and did not forward the packet on -- due to ACLs (none active), QoS (default setting but the port shouldn't be triggering it) or a lack of resources on the switch -- ie buffer space. I can't rule out the last one, becuse I have been unable to find a guide to debug-mode on this switch (if debug-mode on the switch would even help diagnose something like this). If I move the uplink port, the discards follow the move. So there's something about the way that this firewall talks to this switch. Except, as I mentioned, both these devices are new in the last 90 days. The previous firewall, a FortiWifi 60D (6.0.8) was connected to an HP 1810G-24, and we saw the same kind of performance issues. I can't tell you if the "discard" symptom was showing because those HP switches don't export crap through SNMP. The intermediate combination, the FortiWiFi 60D connected to this Cisco SG250, also exhibited the same performance problems. Every cable I can lay my hands on has been replaced. Both the switch and the firewall have been replaced. I can't see any evidence of ip conflicts or mac stealing. The only pre-existing "neworking" equipment still here are a pair of Aruba Instant Network things, and to simplify things I've turned them off while we work on fixing the wired network issues. And still. Further upstream, the ISP has been in and replaced an open splitter on the input cable with a straight coupler. When they (or we) plug directly into the ISP device, the performance is always good. I'm losing my mind here. At this point I'd welcome someone rolling up and saying the equivalent of "You idiot, have you set the [obvious parameter] from [broken] to [working]?" because it would just get this issue off my back. What should I look at next? Guidance gratefully appreciated. Thank you. submitted by /u/StudlyMuffinManners [link] [comments]

Inter-VLAN Routing with multiple sites and L3 devices Posted: 01 Jun 2021 10:41 AM PDT Hello! This may be too basic but I have run into an issue wherein I may be over-complicating things. ​ TL;DR - User cannot ping/upload/download/access data from their device (D1) in VLAN (a) to another specified device (D2) in a VLAN (b). Our internal DNS lists the sought-after device with. There are two L3 switches (ip routing enabled on both) that connect back to another L3 switch acting as our gateway. Each of the VLANs have /24 subnet to help demarcate traffic. ​ The Specifics: The user's device is connected to a L2 switch -> L3 Switch (Distro) -> L3 (Core) -> L3 Switch 2 (Distro) -> L2 Switch 2 -> ((Sought-After Device)). The L2 SWs are HP and not tagging traffic. L3 Distros are Cisco Catalyst 3750X and L3 Core is Cisco Catalyst 9400. All L3 switches have matching VLANs and IPs assigned to each VLAN for every device. I can't even seem to get a DHCP address when I connect to the switch directly tied into D2. Is it possible that there are 'too many cooks' given the IP routing capabilities of the core and distro switches? ​ If this questions is inappropriate please delete! ​ Thanks for all you have taught me so far! submitted by /u/networknov1c3 [link] [comments]

Fiber Question Posted: 01 Jun 2021 10:22 AM PDT Does fiber connector color matter at all? If I have a multi mode fiber cable, multi mode SFP 10G (both ends), and using LC connector on both end points. I would assume I'm good to go? submitted by /u/dv8_z1d [link] [comments]

More SFP converter in a network Posted: 01 Jun 2021 10:00 AM PDT Hi! I would like to ask a question about a small factory network. I was learning networking 10 years ago, working on a cnc machine, and my boss asked me if this will works. We would like to use 5 TP-Link MC220L. We have 4 switches that does not have a SFP module. If we buy 4 MC220L and we connect them with the switches, will it work? (let me try to explain) Switch1 ethernet to MC220L(1) Ethernet MC220L(1) SFP to MC220L(2) SFP MC220L(2) Ethernet to Switch2 Switch2 ethernet to MC220L(3) ethernet MC220L(3) SFP to MC220L(4) SFP MC220L(4) Ethernet to Switch3 Switch3 ethernet to MC220L(5) ethernet MC220L(5) SFP to MC220L(6) SFP MC220L(6) SFP to Switch4 ​ Or is this totally pointless. We got optical internet some days ago, and the network is not builded yet. My boss wants to build the network cheap AF. ​ Thanks for the helping. A forgetful network specialist submitted by /u/chriskat [link] [comments]

Port Mirror without losing network access Posted: 01 Jun 2021 09:33 AM PDT Up until now, I have been plugging my laptop in and outputting the mirrored port to the interface the laptop is connected to on the switch. Since we have started working remotely, there have been a few times where I need to port mirror from several switches away. So laptop > PC in office > office switch > access switch > core. I need to capture traffic from a port on the core. Is there any way to do this without killing the remote connectivity. Do I need another device to output to? How does that device retain connectivity? submitted by /u/Anima_of_a_Swordfish [link] [comments]

FTD with FPR Posted: 01 Jun 2021 09:25 AM PDT Anyone know of a really good place to get information on the FTD system, specifically using the FPR device line? the Cisco documentation is pretty non-descript on a lot of items. I've fumbled my way through the learning curve so far. I can't seem to figure out how to ping the inside interface of my FPR devices from inside hosts. I can hit the management IP no problem. I can route traffic through the device no problem. I've setup ACP rules to permit ICMP, I've set the platform options to allow ICMP and created a policy there as well. It worked until I put the first ACP on the device. one place I read said ICMP is open by default so since I'm not explicitly blocking it why can't I hit it? submitted by /u/SwiftSloth1892 [link] [comments]

Network documentation tool to generate packet headers Posted: 01 Jun 2021 02:13 AM PDT Hi, Please delete this is deemed inappropriate. A few months ago I stumbled upon a website/tool that could generate images for use in documentation such as IP headers, tcp segments and frames, tcp flows among others. I have searched for days and for the life of me I'm unable to find it. It could generate images that look like this and this from the web browser. I have already found http://www.luismg.com/protocol/ but this is only ascii. submitted by /u/epiecs [link] [comments]

Unifi switch for data center Posted: 01 Jun 2021 07:41 AM PDT Any concerns from anyone about using a unifi (usw-24) as a core switch in our data center? When I say core, I mean it'll connect our firewall to our vsphere esx environment. The controller is hosted on a vm on that esx environment, so my concern is FW upgrades as the esx servers will go offline for a few mins when that occurs. Anyone else doing this? Unifi doesn't make stackable switches like my old Dell stuff was. Thoughts? Comments? submitted by /u/nickcasa [link] [comments]

How to secure RDP? Posted: 01 Jun 2021 03:07 AM PDT Hi Looking for a solution to secure a remote connection to my small office. I randomly need an outside person to connect to it remotely, and I have a dedicated pc on the network for this purpose, with Remote Desktop from MS. Running windows server and a small number of clients. I see in the logs of our router a lot of brute force attacks on RDP. So would like to secure it better. I am looking for an easy way to improve security. Maybe something like the following? A new firewall with a inbound VPN connection? Software installed on the PC that use Google Authenticator? Suggestions? I can't afford costly equipment or big expenses on software… but surly a safe and easy solution is worth the money. Thank you. submitted by /u/AcceptablePaint2178 [link] [comments]

Securing Dedicated Link communication? Posted: 01 Jun 2021 12:25 AM PDT Hello, i have problem figuring out proper and cheap solution to secure communication on Dedicated Link between two offices. Infrastructure: Main Router running pfSense. Eth0: WAN, eth 1-2 and local LANs (including intranet services that both offices need to access), eth3 goes directly do ethernet port on my ISP device configured as an Transparent Dedicated Link to my other office. In the other office I have ethernet port on ISP device that acts like it would be directly connected to my Eth3 port on my main router, so we have it connected to UniFi switch and there it branches down on workstations. All of their traffic (including internet) goes through Dedicated Link and my main router. Link speed is not an issue. https://i.postimg.cc/L6xsN0ZC/2021-06-01-08-56-29-app-diagrams-net-4b743ac90764.png Right now it acts as LAN network and is easy to manage, but if my ISP makes mistake, security of my Dedicated Line can be compromised. ​ I'm searching for a way to encrypt this communication without sacraficing the ease of management of the second office and i need to make it cheap :( Do you guys have any ideas? submitted by /u/bigfootpl [link] [comments]

Cisco's VIC, Adapter FEX, and Nexus 9K Posted: 01 Jun 2021 05:21 AM PDT Many years ago, I deployed Cisco C-Series servers in standalone mode to Nexus 5Ks via VICs, and I enabled Adapter-FEX (switchport mode vntag) in order to allow for deploying many vNICs to each server. However, these days it seems that the Nexus 9K has no support for Adapter-FEX, or at least I can't find documentation for it. Does this mean we can no longer configure multiple vNICs on standalone servers with VICs? Or is there a more modern methodology for enabling vNICs this way? Any insights would be appreciated! submitted by /u/Nexus5672 [link] [comments]

Managed switch with a fibre connection - can i unplug without a restart? Posted: 01 Jun 2021 04:04 AM PDT Do managed switches such as the netgear gs110tp with a 1000base fibre module (SX/LC) need restarting or any config changes when you unplug the fibre cable (OM3 50-125) then replug it back in later? Probably overthinking and it just works like normal Cat5e switches but wanted to check? I need to borrow a fibre cable from a working switch to test on a potentially faulty setup elsewhere in the building. I have experience within networking just not much on the fibre side of it and the person who deals with this is out for next couple of days. submitted by /u/crypadm [link] [comments]

How can I find out which devices use the Treck TCP/IP stack? Posted: 31 May 2021 09:54 PM PDT Hi there, I have recently come across a vulnerability in older versions of the treck tcp/ip stack (CVE-2020-11896) and wanted to test it out on my devices. I wanted to ask: is there a way I can find out which devices use the treck tcp/ip stack so I can try the exploit on them? I have an HP printer, and a few other IoT devices. Thanks for any help! submitted by /u/huzaifakhan771 [link] [comments]

stable version of controller unifi Posted: 31 May 2021 09:46 PM PDT Hi guys.I am very happy to join you... I want to use radius and hotspot service of unifi controller. now when i enable hotspot service,it doesn't redirect web auth for authenticate Voucher based. version controller:6.0.40 firmware access point:4.3.20.11298 AP AC LR I just want to ask from someone who use unifi controller and radius and hotspot, which version of controller and firmware access point they use ? Thank you. submitted by /u/Head_Development_550 [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States