How to Improve Your Home Wi-Fi Network

05.02.08

Guarantee your wireless home network is up to snuff.

by Eric Griffith

There's one almighty reason to have a Wi-Fi network: freedom to roam where you want, laptop or handheld in hand. Everything else—not having to punch holes in your walls for Ethernet cables or hide the cables, for example—is icing. Wi-Fi is not perfect out of the box, however. We'll reveal how to maximize the network range from your access point, troubleshoot problems, and prevent strangers from usurping your bandwidth—or share it with all comers while keeping your data and computers safe.

Improve Signal Strength and Range
Ground zero for any home network is the router, which manages your Internet traffic. These days, most routers have an integrated access point (AP) for the wireless side. The first step to a solid wireless connection is placing that router where the signal can best reach your wireless devices. That means up high in a central area of the home; there's a reason some APs have brackets for wall mounting. Just make sure the antennas are pointed the way the manual indicates; don't assume that horizontal when wall-mounted is the same as vertical when the unit is sitting on a desk. A router in the basement will work—just don't stick it under a desk or too close to a filing cabinet.

Wi-Fi signal strength depends on several factors. Some (but not all) routers can be set to increase the transmit power of the signal. Upgrading a router with free, third-party firmware like DD-WRT (www.dd-wrt.com) can add this feature, but such firmware doesn't work on all routers, and installing it voids any warranty.

What's more, though you may think you have little to lose with an older router now out of warranty, installing firmware incorrectly could "brick" the router, converting it into an inert piece of plastic. DD-WRT's wiki has some tips for recovery. One note: If you use DD-WRT, don't set the transmit power (called Xmit Power in the Web-based interface) much above 70mW. Set it too high and the router can double as a hot plate; it won't survive that kind of heat for long.

Unsurprisingly, there are those who aren't brave (or foolhardy) enough to muck with firmware. In their case, getting a stronger signal requires spending some money. Purchasing a router from the latest generation of 802.11n Wi-Fi products to get better range and speed is always an option, but even that's not foolproof. Your other options include:

Buying new antennas. Check first for a removable antenna or a jack for a new antenna on the current router. It's smart to buy antennas from your router's manufacturer, unless you're very sure of the connector type. Antennas can be omnidirectional, but directional units, which serve just a certain section of your property, can provide a stronger signal.

Adding a second AP. Put it in a different area of the house, then connect it to the main router via Ethernet. When moving from the main router/AP to the second AP, a PC will take some time to reassociate to the network. This may take only seconds, but to avoid noticeable interruption, don't do it in the middle of a download or a Skype call. If you secure your wireless network with WPA (Wi-Fi Protected Access) encryption, the re-association may take a little longer. Set each AP for different channels, especially if their signals overlap.

Repeating the signal. Repeaters have gone out of fashion in the past few years as new technology such as 802.11n's MIMO (multiple input multiple output) has increased signal range and throughput. You can still find them, though. For example, the $99 Apple Airport Express (go.pcmag.com/airport_express) is a Wi-Fi router in and of itself, but it can also serve as a range extender when connected back to the main router, using a technology called wireless distribution system. DD-WRT can also convert an old router into a repeater.

Diagnose Problems

Setting up a Wi-Fi network should, by this stage, be brain-dead simple. You'll feel like the brain-dead one, though, when things just don't work, whether out of the box or with an existing network. You can retype your passkey only so many times, after all. Knowing how to identify problems on a network is half the battle.

If there's a specific PC that can't connect, make sure to turn off any software firewalls (such as Comodo or ZoneAlarm) first—a firewall is a big thorn when you're trying to set up sharing between PCs or printers, and this goes for wired and wireless networks. Temporarily deactivate the wireless encryption (WEP or WPA) at the router for a while, as well. If everything syncs after these steps, then your problem is a bad security setting. With encryption, for example, some routers might let you create stronger keys than an older device (like an 802.11b Wi-Fi card) can support. And software firewalls sometimes need specific IP addresses listed to allow communication.

Every device on a home network—the router, the PCs and handhelds, even the game consoles—gets an IP address. The router typically uses 192.168.1.1. Other devices generally get an address from the router, which has a built-in DHCP server just for doling them out. Addressing might range from 192.168.1.101 to .110, for example.

If a PC on your network has intermittent connection problems, the first thing to try is ping. You can send a ping command to another PC using its IP address. If the ping goes through, the computers can communicate. You can also ping your router and even Web sites to see if the computer is able to communicate with the Internet. To ping with Windows, open a command line window and type ping 192.168.1.1 (or whatever IP address you want to check). A reply means it worked; a "Request time out" means the devices can't see each other. Sending a ping to 4.2.2.2, a valid (and easy to type) external IP address, will tell you if you're on the Internet at all. Some devices, however, including Xbox 360, won't reply to pings.

Each computer or device can be set to use the IP address from the DHCP server—a dynamic IP address—or use one of its own that will never change, called a static IP. The address will still have to match the format used by the router—a router at 192.168.1.1 can't talk to a computer using 192.168.2.101. Only the last set of numbers (called the fourth octet) can vary. When the first three octets match, all the devices are on the same "subnet" for the network. If you use a static IP anywhere, be sure to type it correctly.

If you think there's a speed problem on your network—or just want to determine how much throughput you can get at different distances—use the free Qcheck tool from Ixia (www.ixiacom.com/products/display?skey=qcheck). Install it on more than one Windows computer to run various data tests over the network—it's like ping on steroids.

Prevent Poachers

When it comes to sharing your broadband connection with strangers, there are two schools of thought: If you don't mind sharing, the people you share with are piggybackers. If you do mind, they're poachers.

The cheap way to find poachers is to check the DHCP table in your router settings. This table indicates the devices on the network that have received an IP address. If there's one listed that you don't recognize, you could have a problem. It could also be a device you've forgotten, like a Wi-Fi phone or game device.

A more advanced method is to use software such as Network Magic. Install this on your Windows and Mac PCs ($64.99 covers a mix of eight computers) to facilitate easier sharing. It will also alert you to wireless newcomers the instant they arrive.

Keeping poachers away boils down to the basics of Wi-Fi security:

• 1. Change the default router password.
• 2. Change the default SSID.
• 3. Turn off SSID broadcasting.
• 4. Limit the number of users who can get an IP address via DHCP.
• 5. Use static IP addresses instead of using DHCP at all.
• 6. Filter by MAC address, the unique identifier on every network node.
• 7. Turn on encryption, preferably using automatic Wi-Fi Protected Setup (WPS) or at least manual Wi-Fi Protected Access 2 (WPA2).

For specifics and more, see all our Network Solutions.

There isn't any one step above that's completely foolproof, but combined they provide strong security—anyone poaching your connection when you're using WPA2 and a strong password is probably some kind of futuristic super-cyborg. Or else you've got something really worth hacking.

For total assurance, though, you will need to pay for extra security, such as hosted RADIUS service. RADIUS (Remote Authentication Dial-In User Service) allows access only to those with an account. Big businesses usually have their own RADIUS servers, but anyone willing to pay, and with the right router hardware, can get RADIUS via WiTopia.net's SecureMyWiFi service. It's fully administered through the Web site and costs $99 a year (plus a $99 activation fee).

Encourage Piggybackers

What if you do want to open up your Wi-Fi to all? That's easy enough. Just leave the network unsecured and broadcasting its name (the SSID) and they will come. Users who connect that way also get an open pipe to your computers, especially if you've got file and printer sharing activated.

The preferred setup is a public subnet for your piggybackers and a private subnet for your PCs. Both subnets will use the same Internet connection, but the traffic won't cross over. The private subnet stays safe, but you look like a saint for sharing your Wi-Fi.

Dividing your network, public and private, is next to impossible without ponying up cash. Hooking up a second AP to your router but with a different subnet won't work; the two won't communicate. Even if one AP is encrypted and the other isn't, they're on the same subnet, potentially accessible to a stranger.

A deluge of Wi-Fi sharing services have appeared in the last couple of years. Fon (www.fon.com) is probably the best known. Its $36 La Fonera router supports multiple SSIDs so you can start sharing immediately. Meraki (meraki.com) sells mesh network hardware—it could blanket your house or a whole neighborhood with Wi-Fi. Both are controlled through a Web interface to offer public and private access, and both give you the choice of charging people for access or not.

Software-based WeFi (www.wefi.com) lets you use your own hardware. Just register your location with WeFi and anyone with the software, which includes maps, can find your "hot spot." In return, you can find new locations to log on to as well.

Finally, you could pay through the nose for a new access point that supports multiple SSIDs. D-Link has a couple: The AirPremier DWL-2200AP is $199.99 direct, and the more advanced DWL-2700AP for businesses is $1,059.99.