
How we solved our office Wi-Fi problems - Harj
https://triplebyte.com/blog/how-triplebyte-solved-its-office-wifi-problems
======
basch
>Assign static IPs for infrastructure like access points. This makes them easy
to reach when reconfiguration is needed

Am I missing something, or did they buy consumer routers to use as access
points?

Triplebyte, I can save you a ton of management, troubleshooting, and learning
time: switch to Ubiquiti Unifi or an equivelant now, youll have one pane of
glass to reconfigure every device. The devices will talk to each other, to
help hand off clients between them. All channel management will be by the
devices working together, they can throttle down power if they are causing
each other interference. I cant even begin to list all the different benefits
with a single set of settings vs devices that dont work together. Even an asus
aimesh network would likely be better. Youre asking for a troubleshooting
nightmare.

You can either pay a couple hundred a year for the management interface, or
$80 for an on prem tiny little stick that hosts it. (paying for the cloud
hosted one, has its benefits, and is my recommendation.)

Access Point - [https://unifi-hd.ubnt.com/](https://unifi-hd.ubnt.com/)

POE Switch - [https://www.ubnt.com/unifi-switching/unifi-switch-
poe/](https://www.ubnt.com/unifi-switching/unifi-switch-poe/)

Management Interface - [https://www.ubnt.com/unifi/unifi-cloud-
key/](https://www.ubnt.com/unifi/unifi-cloud-key/) OR Cloud Management
[https://unifi.ubnt.com/](https://unifi.ubnt.com/)

Router - [https://www.ubnt.com/unifi-routing/usg/](https://www.ubnt.com/unifi-
routing/usg/)

You should never need to track down or log into individual devices to
configure them.

I dont mean to be a complete ballsack, but isnt it weird for a company thats
mission is matching talent to problems, to fail to find the talent to
adequately address their problem, and to be giving authoritative (mis)advice
on something they are not remotely domain experts in. It doesnt seem like the
best advertisement.

That said, this is the KIND of post companies should be making when their seo
expert says to use keywords. Good job writing about improving the internals of
your company, and not just what your company does. Write a V2 of this post
once you upgrade, and rename the old one, "How we Created (and then mitigated
a Device Management and Troubleshooting Nightmare)

~~~
inferiorhuman
Fine, I'll say it: Ubiquiti is not suitable for a business environment. They
don't have a good track record of pushing out security fixes. They've
blatantly violated the GPL (and introduced security vulns in the process).
Their "enterprise" features don't work well (e.g. hardware acceleration,
WPA+Radius). Depending on what you buy the PoE may be non-standard passive or
it may not.

Unfortunately because they're primarily in the business of slapping a slick
web interface on Vyatta they don't have the skill required to debug the
hardware acceleration. They don't have a single clue how to get RADIUS to work
with their fork of Vyatta. And their support is fine for a home lab situation.

And let's not speak of the chronically overheating stuff.

~~~
petecooper
>And let's not speak of the chronically overheating stuff.

Some-time wireless installer here, I bring a snippet of anecdata.

A recent client had the full Unifi experience for an outdoor network,
including 3x EdgeSwitch XP (formerly known as ToughSwitch) in a single
IP65-rated, largely airtight enclosure.

The network would go offline on summer afternoons. It was overheating, those
models run hot and are not recommended for low ventilation areas, but they
weren't convinced.

I fitted a thermometer, went back three days later and checked the logs. The
temperature peaked at 143 Celsius.

~~~
tnorthcutt
143 _Celsius_??? That's 289.4 Fahrenheit, which I find difficult to believe.
Not impossible... just difficult. That's quite impressive.

~~~
petecooper
For completeness, that was when the summer sun was shining directly on the
enclosure in the hottest part of the day, during a country-wide hot spell.
Still, no airflow, heat generation, etc.

Every day, cut out. When it cooled down, it worked again. This continued for
about two months, then they failed.

~~~
inferiorhuman
Sure that's kind of a worst case scenario there. One of the bigger problems
with the ER-L design, IMO, is that they don't have any sort of temperature
measuring device inside the case itself. They run hot even without extreme
ambient temperatures so you'd think there'd be some baked in way to monitor
the temperatures, but no.

------
linsomniac
Generally pretty solid advice. I say that as someone who is known for solving
tough wireless problems. :-)

On the cable termination part: I've (mostly) stopped crimping cables because
I've had too many go flaky and don't have 4-5 figure testing equipment. One
thing I'll add is that there are ends for solid conductor and stranded, make
_SURE_ you have the right ones for the cable you are using.

These days I always just put on keystone ends and then use commercial patch
cables from there. I've had very good luck. I'd recommend against the advice
to use a screw driver to punch them down, the Leviton ones I prefer you just
put the cap on and they punch down themselves. The random ones I get from Ace
Hardware have a little punch tool included.

One additional recommendation I have is to put 5GHz radios in each space. 5GHz
has more spectrum, and less interference, but it penetrates drywall
significantly worse. But that's a good thing, because it cuts down on
interference from your neighbors.

Beware of microwave ovens, baby monitors, cordless phones (last 2 more in
residential areas). They can be intermittent interference, and won't show up
on the non-commercial spectrum analyzers. Our 2.4GHz used to go out when we'd
run our brand new microwave. But it would also go out at other times, possibly
when a neighbor ran theirs? 2.4GHz penetrates buildings quite well, which kind
of sucks.

My credentials:
[https://www.tummy.com/articles/pycon2012-network/](https://www.tummy.com/articles/pycon2012-network/)

~~~
swingline-747
Been There, Done That, Bought The T-Shirt.

Solid core is generally for premise wiring (PVC jacketed in walls, PTFE-
jacketed through ducts); stranded is typically for patch cables. If you try
like the first place I worked at in the mid-90's trying to put stranded ends
on solid-core wire, breaking of tools and unreliable cables will make.

There's cheapo Chinese cable tester kits on eBay, AliBaba and Amazon that do a
good-enough impedance at GbE spectrum testing to not have to spring for a
Fluke "will-survive-nuclear-winter" "official" tester. Backfilling connectors
with epoxy is another idea to avoid corrosion... as long as it doesn't affect
the impedance or dielectric values much. No-snag boots, axial aligned label
zipties are also a big help. Barcode label and floorplan everything.

Finally, always test every cable with iperf3 (two laptops or one laptop w two
ethernet ports) and reject for reworking/replacment any cable with abnormal
latency or bandwidth figures.

PS: our head-office networking guy was awesome; worked 10% time just to keep
benefits since his wife was GOOG's first admin.

~~~
slantyyz
It might be worth mentioning that CCA (copper clad aluminum) cable which is
sometimes sold with misleading descriptions in places like eBay and Amazon, is
not the same as solid copper and should be avoided for power over ethernet
applications.

------
MBCook
It’s only sort of passively mentioned in the article but I am AMAZED at the
number of people who don’t hardwire everything they can.

Obviously phones are out, but why not hardwire every laptop when it’s at the
desk? If someone’s using a actual desktop computer like an iMac then what’s
the point of Wi-Fi? Clear up the signal space and get a 100% reliable and
ultra fast connection.

~~~
kraftman
You could say the opposite I guess.

I'm AMAZED at the number of people that bother hardwiring everything they can
for no reason when they have no interference issues.

Why go to all the effort of hardwiring every laptop at every desk?

If someone's using a laptop and moving around the office, why cable every desk
when you can have gigabit wifi wherever you are?

~~~
m_eiman
Wired:

PING 10.0.3.1 (10.0.3.1): 56 data bytes

64 bytes from 10.0.3.1: icmp_seq=0 ttl=64 time=0.737 ms

64 bytes from 10.0.3.1: icmp_seq=1 ttl=64 time=0.636 ms

64 bytes from 10.0.3.1: icmp_seq=2 ttl=64 time=0.701 ms

64 bytes from 10.0.3.1: icmp_seq=3 ttl=64 time=0.633 ms

...

\--- 10.0.3.1 ping statistics ---

8 packets transmitted, 8 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 0.516/0.644/0.737/0.075 ms

Wifi:

PING 10.0.3.1 (10.0.3.1): 56 data bytes

64 bytes from 10.0.3.1: icmp_seq=0 ttl=64 time=6.713 ms

64 bytes from 10.0.3.1: icmp_seq=1 ttl=64 time=3.508 ms

64 bytes from 10.0.3.1: icmp_seq=2 ttl=64 time=2.425 ms

64 bytes from 10.0.3.1: icmp_seq=3 ttl=64 time=2.127 ms

64 bytes from 10.0.3.1: icmp_seq=4 ttl=64 time=4.057 ms

...

\--- 10.0.3.1 ping statistics ---

22 packets transmitted, 22 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 1.429/3.769/16.722/4.054 ms

Depending on what you're doing, this can make a HUGE difference.

~~~
mmt
Although I'm skeptical (though see below), as the sibling comment is, that
this small an increase in best case latency would make a difference in a
typical office environment, I'm curious if it was (as close to) apples-to-
apples as possible. That is, was it comparing 802.11ac to gigabit ethernet (or
54/108 Mb/s Wifi to 100Mb ethernet), and were the interfaces connected the
same way (e.g. both via USB or both via PCIe/Thunderbolt)?

Despite my skepticism, I've seen that, in the typical office setting, wireless
latencies can vary much higher. It stands to reason that, no matter how well-
engineered, it's still a shared medium, which means that congestion or
interference caused by a neighbor can ruin someone's VoiP call during the time
it's happening.

~~~
m_eiman
Both computers are connected the same Unifi network. One was a Macbook Pro
using the builtin wireless (ac; listed as 144 Mbps in the Unifi controller
iirc) and the other a Mac Mini connected via cable (1Gbps). They both pinged
the router, so all traffic was local. There are no other wifi networks nearby
(single family house area, 50+ meters between houses), and basically no other
traffic on the network.

------
akurilin
If you're based in SF and want to have a high quality boutique IT shop work
with you, without hiring IT staff yourself, then I can't recommend
[https://www.boxit.net/](https://www.boxit.net/) enough.

I was managing consumer grade routers for the company since its inception
until we switched to Aruba APs (which are awesome <3) and then eventually to
an office with a real firewall, several APs, and a switch for 100+ cabled
desks. The folks at BoxIT were a real life-saver at that stage, both for the
initial setup and proactive monitoring of your network's health over time.
Having your staff spend brain cycles on this stuff isn't the best ROI IMO.

The one thing to watch out for is VoIP in SF office buildings. Our APs
conflict with about 300 other APs in the area, so getting reliable VoIP for
your sales people over WiFi is not even worth trying. We got lucky and
inherited an office where the previous company learned that the hard way and
wired every nook and cranny with ethernet.

~~~
Serow225
Thank you!!

------
vandot
My startup purchased Meraki, and we don't have to deal with many of these
issues. We also paid an electrician to do wiring and crimping. SDE time is
expensive and we want the team focused on building our product, so we made the
tradeoff to pay more for the network gear and installation. As a result our
entire team, engineering and everyone else, has network access that "just
works". This was true when the 35 person team showed up at our last office for
the first time, and continues to be true.

The configuration is done through a hosted dashboard that also provides
monitoring. We're in a heavily regulated field, and the Meraki dashboard
provides a lot of evidence for compliance audits. It also enables us to
remotely control devices (e.g. lock, wipe, locate) and ivestigate issues when
integrated the Meraki MDM solution.

We did have to tune the bitrate for wireless.

We also cannot setup redundant VPN tunnels to AWS (Meraki only supports one
tunnel for non Meraki VPNs), so we have to do manual faiilover. This is my
biggest gripe with Meraki. We are investigating adding a Cisco ASA to handle
site-to-site VPN to AWS with redundant tunnel support.

------
teeray
> Use fast DNS servers

I use GRC's DNS Benchmark tool[1] for this whenever I set up DHCP somewhere,
and the results are sometimes surprising. If you're on a *nix or macOS, it
runs well under Wine.

[1]
[https://www.grc.com/dns/benchmark.htm](https://www.grc.com/dns/benchmark.htm)

~~~
PascLeRasc
This is great if you're at home or there's no IT team like in the article (a
dream come true!) but if you're in a more corporate network these kinds of
tools will usually ping NSFW servers.

I also prefer namebench
([https://github.com/google/namebench](https://github.com/google/namebench))
since it runs at the command line.

~~~
scolby33
What sort of DNS server is NSFW? I can't imagine that any DNS benchmark would
need to reach out to anything other than a DNS server. If I recall correctly,
the GRC DNS benchmark uses a set of domains set up expressly for the benchmark
itself.

~~~
bscphil
Disclaimer, I haven't looked at GRC explicitly, but often tools like this will

* check whether a range of domains are censored by the DNS

* lookup a bunch of domains and ping them to check whether the DNS server is returning properly localized addresses using EDNS - Cloudflare DNS is a good example of one that was not (at least a few months ago)

------
exabrial
Pro tip: Keep your router/managed switch configurations in source control as
text files.

------
tradertef
Biggest issue I have with the solution proposed is the recommendation to avoid
DFS channels. These channels are much more "cleaner" as adoption is less due
to added cost caused by extra design and certification.

Radars are pretty static and does not come and go (especially weather radars),
so the router does not need to move from channel pretty much. False alarm can
be an issue but if one has a decent quality router, it should not be very
often. Furthermore, after a radar detection (false alarm or actual), routers
can switch to non-DFS channels and and start operating immediately.

~~~
zamadatix
With the caveat that some clients really have trouble with DFS channels.
Generally not a problem if you're refreshing your office with new wireless
though.

------
matthew-wegner
UniFi is already mentioned elsewhere in the comments already, so this whole
post is likely redundant. If you're at the level of cobbling together consumer
routers, even flashed to DD-WRT/Tomato/whatever, change. If someone your team
is Cisco certified from a previous life as a network engineer, and insists you
use Meraki kit and pay the fees, well, you're in SF and paying SF salaries
anyway, so probably just go for it.

If you run a full UniFi stack, you can view your entire topology in the
dashboard--it'll tell you which switch port or access point/SSID a client is
connected to. Here's my home topology:

[https://imgur.com/MnJwHiB](https://imgur.com/MnJwHiB)

Note that most switches are double-uplinked for 2000Mbps throughput, and
there's a 10-gigabit core router. 10gbe isn't nearly as expensive as you might
think, especially for very small teams. It is possible to get access points to
deliver 500-700Mbps speeds, too--that's going to depend a lot more on your
device's radios than anything. See speed benches for UniFi kit at:
[https://goo.gl/RL4kkW](https://goo.gl/RL4kkW)

This guide doesn't cover VLANs, but it probably should mention they exist. Any
IOT or networked camera type devices that don't need Internet access shouldn't
be allowed egress, and VLANs are an easy way to implement network segregation.
You almost certainly want a guest network too, both wired and wireless.

------
jpm_sd
> There’s no IT team at startups

Uh, what? Are you nuts? Hire somebody.

~~~
jmuguy
I work for an MSP servicing small businesses, Triplebyte sounds like one of
our clients. I guess since they're developers they think IT is optional and
they can save on costs (and/or their time is worth less than ours, which I
doubt). And then later those decisions come home to roost and it costs more to
pay some company like ours to come in and do things properly. I mean hell with
modern wifi like Ubiquiti or Meraki you shouldn't even have to think about
half the stuff in this article.

------
dhess
I've tried all kinds of WiFi gear over the past 5 years -- Apple, UniFi, Aruba
Instant -- and all of them have been unsatisfactory in one way or another:

* Most of my client devices are from Apple, and I easily got the best WiFi performance overall with 802.11ac-capable Airport Extremes, which is impressive given how relatively cheap they are. However, I'd like multiple SSIDs, and Apple gear can't do that (the guest network support doesn't count). Regardless, Apple is out of the game, so this isn't a long-term solution.

* The UniFi gear had _terrible_ 802.11ac performance, even when my devices were in the same room as the WAP. At the time, I was using first-gen 802.11ac hardware from UniFi, so it's somewhat understandable, but the poor performance combined with 2 of the units failing within the first 6 months didn't leave a good impression.

* The Aruba Instant WAPs were reliable and got good performance (though not as good as the Apple WAPs), but I'm not a fan of their licensing. Without a support contract, it was possible to hunt down the latest firmware updates, but they didn't make it easy.

I recently bought a PC Engines APU3C4 with a mini-PCIe WiFi card and a couple
of Chaohang antennas [1], and I'm contemplating build my own WAP. This would
give me all of the configurability and tweaking that I want, and I could
deploy it as just another piece of my personal little devops pipeline.

However, I don't know much about the RF side of things. I'm aware there's a
lot of black magic involved, but it's not clear to me how much performance
and/or range I'm going to lose by piecing together COTS stuff versus a
professionally-engineered solution from Ubiquiti et al. If anyone who's
reading has built their own WAPs, I'd love to hear from you.

[1]
[https://www.amazon.com/gp/product/B01E29566W](https://www.amazon.com/gp/product/B01E29566W)

~~~
kccqzy
I've heard multiple people saying Apple wireless APs perform so much better
than others. I really wish someone could do a technical deep-dive and explain
how Apple did it.

------
slantyyz
While it doesn't really matter whether you use EIA-586-B or EIA-586-A so long
as you're consistent, I've been told that EIA-586-A is the standard in Canada.

addendum:

Re crimping RJ45 - the better way to do terminations is to use the EZ-RJ45
pass-through plugs like the ones made by Platinum Tools. You need a special
crimper, but it's night and day easier. If you're using AWG23 Cat 6, you also
need to make sure your plugs can handle those wires (not an issue with the
Platinum Tools plugs).

~~~
jahabrewer
Only thing I've found annoying about passthrough plugs is it's easy to not
quite cut the wires flush with the end of the plug. This can make the plug not
seat fully.

At least, this is true for me. Maybe I did it wrong.

~~~
slantyyz
I think this depends on which crimper you use. I used a cheapo crimper from
China I bought off Amazon (I wasn't doing enough terminations to justify
Platinum Tools' top of the line crimper which cost more than 2x what I paid)
and it was leaving maybe a mm or less of wire hanging off, because of the
crappy tolerances.

On the other hand, I saw some videos on Youtube of people using other cheap
crimpers, and they were getting clean flush cuts. Luck of the draw is a big
thing when you get the cheaper tools.

Originally I thought that 1mm or less was preventing my plugs from seating
fully but on further inspection I found that the locking lever on my plugs
weren't consistently locking. I made the mistake of not using the matching
Platinum Tools strain relief boots for my plugs, which actually have a piece
of plastic that pushes the locking lever up a little more to ensure a more
secure mating between the plug and port.

------
keeperofdakeys
When you're deploying multiple APs you also want to turn down the broadcast
power on them. If the signal of multiple APs overlap too much, clients won't
roam onto the next AP in time.

Also don't be afraid to hire someone to do a wireless survey - or do it
yourself. Someone will walk around with a laptop, and try to find wifi
blackspots/hotspots, and can recommend adjustments to AP power and/or
placement.

~~~
zamadatix
Yep, and disable the lowest data rates, particularly if you have decent
coverage. The AP is forced to send certain types of traffic at the lowest
available data rate so everyone can hear it so you save a lot of airtime on
that traffic but also clients will be more likely to roam because they can't
"stick" to a far away AP at a really low data rate even if they wanted to.

------
Tharkun
Shame that security wasn't really addressed, other than the brief mention of
WPA2-PSK. I feel like PSK in general is a horrible idea in an office
environment. Lots of people + lots of devices ≈ shitty password which never
gets changed.

But then I still haven't had any luck setting up a WPA2 Enterprise config that
works on all devices.

~~~
geek_at
wondered too how they didn't even mention WPA2 Enterprise

I thought that was the defacto-standard in office environments. It certainly
is for EDU

------
Jaruzel
> _Multiple access points should share the same SSID. They must have exactly
> the same security settings (same password, exact same mode, i.e. WPA2-PSK
> Personal) for clients to be able to automatically roam between APs._

I will also add to this, consider having all the APs on the same channel. My
experience is that some OSs (I'm looking at you, Windows) don't roam properly
if the following three things are not the same:

1\. SSID

2\. Authentication/Encryption

3\. Channel

It does sound like the author has deployed consumer access points. For a
proper office scenario centrally managed is the way to go. Finally, never use
WPA2-PSK Personal in a work environment. Use proper back-end authentication
such as Radius or MAC filtering, or a 'Register me via a captive portal'
system with a central LDAP type user directory.

~~~
Blaiz0r
I had to change my SSID's on my 5Ghz and 2.8Ghz WiFi because Macs used to
confuse themselves and constantly disconnect.

Using the same name for both didn't work

~~~
Jaruzel
Your problem is using the same SSID for both frequencies. Have a single SSID
for all your 5Ghz APs and another for the 2.4Ghz ones.

~~~
justusthane
That's the opposite of what this article says to do, which I think is why the
above commenter mentioned it.

------
compumike
We had internal debates about different SSIDs for 2.4 vs 5 GHz, but in the
end, this is the optimal configuration we landed on.

I was also surprised by how slow S3 was with a single download connection, but
really fast when using aria2 to parallelize the download.

~~~
brian-armstrong
Putting 2.4 and 5 onthe same SSID is a recipe for sadness. OSX does very
poorly at deciding which band it should be on, and 2.4 is largely useless in
most of SF. OSX also tends to be pretty sticky. The worst is that it uses RSSI
as its metric rather than SNR.

~~~
sbradford26
I know that at least with my Ubiquiti access points I simply set them to
prefer 5G and they will move clients over to that. I have had limited issues
with roaming and such with that enabled.

~~~
basch
The recommended setting for Band Steering is Balanced I believe. Probably
depends on how many clients are connecting.

------
nodesocket
I have gigabit internet at my house and a single WiFi access point. I am
running dual SSID's one for 2.4GHz (don't use it), and one for 5Ghz (use it).
The 2.4Ghz is set to auto-channel, but the 5Ghz I statically set to channel
161 (5Ghz, 80Mhz). It shows a Tx rate of 866Mbps, and on SpeedTest.net I get
around 400ish Mbps up and down. Sometimes going further back into my apartment
I have to connect and disconnect from WiFi in macOS.

Should I try using a lower 5Ghz channel such as 36 or 40? Won't that decrease
overall throughput? My understanding was the higher the channel number on
5Ghz, the theoretically higher the throughput.

------
intsunny
I really wish MacOS would allow you to choose which band or BSSID to connect
to.

Every so often I have to physically drag my laptop to the superior AP and
restart wifi to get my laptop to stop connecting to the bad AP.

~~~
zlynx
I believe Ubiquity has an option to force clients off of individual APs when
their signal falls too low.

Bad for WiFi at distance but good for roaming within an office.

~~~
basch
The setting is a mbps setting. If the negotiated rate falls below X,
disconnect.

~~~
rconti
Nah it's RSSI-based.

~~~
basch
thats not how they visually expose the setting in the gui. you choose a
transmission rate floor, not a power amplitude minimum.

[https://i.imgur.com/imKDQ14.png](https://i.imgur.com/imKDQ14.png)

there is also a minimum RSSI, but its a per device setting, not a per site
setting. [https://i.imgur.com/Z6Jsxjl.png](https://i.imgur.com/Z6Jsxjl.png)

Fast Roaming and 802.11 Data Rate Control are the way I would set this
setting, vs trying to pick a manual dBm.

------
knorker
I disagree on the channel width. Yes, a packet uses double the bandwidth, thus
double the chance of collision. But also half the time so half the chance of
collision.

And you can get more channels than 3, if you use 20Mhz channels, not the 22MHz
channels by simply not using 802.11b. only use g&n and you get four channels.

And _do_ use the DFS channels, exactly because people like this author are not
there to congest the channel. Just make sure you have non-DFS too while the
DFS AP is in listen mode.

So this article is very much not written by an expert.

------
maerF0x0
Anyone have a recommendation of a company in the Bay area that solves this
issue for startups? Someone I can just call, have onsite and get my people
back to work in <5 business days?

~~~
basch
do you mean strategy/planning/design/bestpractice or troubleshooting and
implementation? the former can get complicated if you dont scope right, which
is why business analysts and enterprise architects exist. just because youre a
startup, doesnt mean you dont want to explore where components can be reused,
how many places you need to log in to manage your company, how things
compliment and overlap each other, and which vendor you should use for which
service. good foresight and some lucky guesses can make your life easier
later. when you buy three kitchen sinks, and they all offer payroll services,
you have to pick which is authoritative. same with file services, corporate
planning, financial forcasting.

where do you want to put your portfolio management, in something dedicated
like clarizen, smartsheet, or wrike; somewhere simplistic like or asana or
trello, with finance like anaplan. now that anaplan is on the table, it might
change how you feel about adaptive insight. now you might need to replace your
gl. losing adaptive insight for anaplan might push you away from workday and
towards ultimate, because of the ownership structure (not at all a technical
decision.) ten cascades later, you are asking yourself
aryaka+hyperv+qumulo+simplivity+ruckus+salesforce+gsuite+adaptiveinsight+workday
or velocloud+esxi+nasuni+nutanix+ubiquiti+anaplan+dynamics+office365teams.
your either or's become complex and intertwined. you might think some of these
decisions are just "IT/technical" but at the the end of the day every decision
cascades into another, changing the scope of the next decision.

if my somewhat silly rant didnt make my point: too often companies want to
outsource decision making that belongs in the c suite, that can give them a
competitive edge, if done right, in house by magicians. you lose your magic
and secret sauce by going with what everybody else does. its akin to whatsapp
being erlang based vs going with metoo ruby. or how newspaper publishers have
an edge when they also develop the hosting platform and license to others (vox
chorus, gizmodo kinja, wapo arc, say tempest, bi viking, vs wordpress.)

[https://www.wsj.com/articles/why-do-the-biggest-companies-
ke...](https://www.wsj.com/articles/why-do-the-biggest-companies-keep-getting-
bigger-its-how-they-spend-on-tech-1532610001)

[http://www.niemanlab.org/2018/09/newsonomics-the-
washington-...](http://www.niemanlab.org/2018/09/newsonomics-the-washington-
posts-ambitions-for-arc-have-grown-to-a-bezosian-scale/)

------
ufo
> Multiple access points should share the same SSID. [...]. If you use
> separate SSIDs [...] it will often lead to laptop users remaining marginally
> connected to an AP they’re barely within range of.

I constantly run into this issue in my home network. Is solving it really just
a matter of reconfiguring the routers to share she same SSID or is there more
to it?

~~~
azernik
One more thing is required - the different APs must all be on the same layer 2
network. 802.11 (WiFi) clients, by design, assume that all APs broadcasting
the same SSID provide access to the same 802 (Ethernet & friends) network, and
so assume their DHCP leases and TCP connections etc. will carry over. If you
break that assumption then roaming will cause issues.

------
mciancia
> connection requires only 8 of the 16 physical connections to be made
> successfully. A working 1000BASE-T (gigabit) connection requires all 16 of
> 16!

Small error here, should be 4 of 8 and 8 of 8, respectively ;)

~~~
sokoloff
The sentence you copied started with an important qualifier: "Counting both
ends of a cable,"

> If you’re new to making cables

However, IMO if you're making your own _patch cables_ , you're so far on the
wrong side of what's reasonable that I don't know what else to say. Punching
down horizontal cabling to jacks makes sense; there's no other choice. Making
patch cables is an enormous waste of resources.

------
nodesocket
Never seen parallel s3 chunked downloading using `aria2c -x 16 -s 16 -k 4M -o
${OUTPUT_FILENAME} ${DOWNLOAD_S3_URL}`. Any drawbacks of this? Corruption?

------
qwerty456127
Cool! Building big-office/building-size WiFi networks had always been such a
huge pain... Thank you for sharing your experience!

------
TabTwo
On moving day ..? They rented office space and did not check the
infrastructure? Glad you guys got power and running water.

------
jonny_eh
> Don’t put 5 GHz on its own band.

Uhh, do they mean "don't put 5 GHz on its own SSID"?

~~~
MBCook
I thought it was considered and GOOD idea to put the 5 GHz and 2.4 GHz APs on
different SSID is because some clients won’t connect to the faster one
automatically. Or maybe it was because all traffic slow down to the lowest
level.

Is that no longer an issue? Or maybe these aren’t problems as long as the 2.4
and 5 access points are physically separate.

~~~
jrockway
Software has been written that will forcibly disconnect a 5GHz capable client
that is found using 2.4GHz. How widely deployed this is, I don't know.

Avery did a talk about it (and other things) a couple years ago:
[https://apenwarr.ca/diary/wifi-data-
apenwarr-201602.pdf](https://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf)

~~~
Dylan16807
What's the point of using one SSID for both frequencies if you make roaming
between them impossible?

~~~
jrockway
The AP can make the decision as to whether or not it's possible. It has data
about how well the packets are getting through on both bands (as long as the
device probes both bands). If it sees that 5GHz is working, but the device is
using 2.4GHz, then it can disconnect it from 2.4GHz. But if 5GHz doesn't work,
then it can allow the client to stay on 2.4GHz.

Clients do pretty stupid things, which is why the AP is the right place to
control this sort of thing. (If you have more than 1 AP, then you have signal
strength data from the other APs, and AP A can disconnect the client and force
it to use AP B. This seems to work better than letting the client decide on
its own.)

~~~
Dylan16807
Sure, as long as it's using real signal data to make the decision then things
are good.

~~~
jrockway
Yup. I can certainly understand the hesitation because it's basically two
computer programs both saying "I'm smarter than you! No _I 'm_ smarter than
_you_!" which rarely ends well.

But I think since WiFi clients are so varied in their intelligence, the ideal
thing is to build the roaming functionality into the AP... because at least
you have the ability to fix it once and for all for everyone. Whether or not
currently commercially-available hardware does that, I don't know.

------
GuyPostington
I run a pfsense + unifi network for the home and it's fantastic.

------
majidazimi
Don't you need a central controller for seamless roaming?

------
djmips
This is so boring it feels like a placed ad on hacker news.

~~~
system2
Agreed. Can't understand the votes for this. This is literally IT 101.

