As we return from lockdown it is a good time to look at your guest Wi-Fi network. In the past, the networks have been generally open, and the amount of traffic has been segmented off from your corporate traffic and often given a limited amount of throughput. While this sounds good on the surface, if it is set up wrong may harm the network.
The issue with some manufacturers’ equipment is that it allows you to limit the bit rate at which the Wi-Fi clients can communicate. On the surface, this doesn’t seem like a bad thing, but when you do this it affects all APs and clients on the network.
Let’s look at a general view of how clients communicate with an AP. Since clients are scattered throughout the environment, they will each have a different signal strength from both the AP’s perspective and the Client’s perspective. This is important because of the signal strength, along with the noise floor effects at which rate the clients can communicate. I won’t get into this here, but a reference of bits per second for each rate can be found here MCSIndex.com
After looking at these graphics the clients that are further away from the AP will communicate at a lower rate than those closer to the AP, as they have a smaller SNR (Signal to noise ratio). Let’s just assume for this illustration, that the size of the Wi-Fi frame and the clients are identical in this environment. The clients closest to the AP have the best signal strength and can transmit and get off the network quickly. While the clients that are further away will have to take longer to transmit the same data. The often-overlooked piece with Wi-Fi is that the medium is half-duplex. What that means is the clients and AP can either be transmitting or receiving at any point, not both. So, when one client is transmitting all other devices need to remain idle waiting for their turn to transmit. Even with QoS enabled, where certain frames have a higher priority over others; clients still must wait for another transmit opportunity if another device is already transmitting. QoS is a whole topic unto itself, for another article. For this article, we will assume all clients have the same traffic priority.
This brings me to my main point of the article; if you impose a rate limit for your guest traffic, it can slow the entire network. How might you ask? It comes down to the previous illustration if a guest client is limited to let’s say 2 Mbps. Even if the client is close to the AP and can get 800 Mbps throughput (arbitrary number), if you configure your AP to limit the bit rate- of the guest traffic, the client will only transmit at 2 MBPS. Take a look at the graphic above, imagine now if Client C, that is close to the AP was associated as a guest. Instead of being able to transmit quickly and then clear the air. It will take longer to transmit as if it were far away from the AP.
How do we fix this? The solution is a fairly easy one. Instead of limiting the rate on the AP client level. Put a limit on the firewall, limiting the throughput to the outside world at that point, instead of on the more congested and sensitive Wi-Fi point.
Above is a screenshot from my Meraki dashboard limiting clients on a particular SSID at layer 7. The same goal is accomplished, however, limiting at the firewall level is more efficient and will create a better Wi-Fi experience for your users.
