AirPort Extreme Base Station 802.11n (2nd gen.): Slower speeds with WPA2 encryption enabled
On numerous occasions, and in our wireless troubleshooting tutorial, we've noted that turning off wireless security (encryption) or switching security protocols (from WPA2 to WEP or vice versa, etc.) can eliminate a number of connectivity issues with AirPort Base stations and third-party wireless routers; these include slowness in throughput, problems establishing connections and more.
This scenario manifested in MacFixIt's testing of Apple's new 802.11n-capable AirPort Extreme Base station, conducted by Ted Landau and published in a column yesterday. Ted found that Internet download speeds were relatively dismal when WPA2 encryption was enabled on an 802.11n connection. Interestingly, the same performance hit did not occur when an 802.11g connection was established on similar hardware. In other words, 802.11n connections with WPA2 encryption appear (at least in some cases) to deliver slower throughput than 802.11g connections with WPA2 encryption.
Note that this finding does not imply faster Internet throughput from 802.11n connections -- the Internet connection tested was not fast enough to saturate either 802.11g or 802.11n connections. Instead, there appears to be some sort of bottleneck introduced by the combination of 802.11n connections and WPA2 security.
Unfortunately, as pointed out by Ted, there is no option to use the alternative WEP security protocol on the new AirPort Extreme 802.11n (WEP is not supported by the 802.11n spec), meaning users seeking to eliminate the bottleneck may need to turn off wireless security altogether, or seek alternative solutions as listed in our wireless tutorial.
Toggling or turning off wireless security can be accomplished using the AirPort Admin Utility (located in Applications/Utilities) for older Base stations, or the AirPort Utility (also located in Applications/Utilities) for the newer AirPort Extreme 802.11n Base Station. For the latter, with the AirPort Utility open, click on the AirPort button at the top of the window, then select the "Wireless" tab and pick your desired option from the "Wireless Security:" drop-down menu.
Feedback? Late-breakers@macfixit.com.
Resources
:%20Slower%20speeds%20with%20WPA2%20encryption%20enabled%20%7C%20MacFixIt%20-%20CNET%20Reviews&srcUrl=http://reviews.cnet.com/8301-13727_7-10328120-263.html){kind=small}
The Airport was configured to use n-only at 5GHz, with WPA2 and in bridge mode (no NAT).
Seriously, please strongly consider all the implications before you eliminate security to achieve better throughput. Switching to WEP is not much better than running without security at all (thank goodness it is not supported in 802.11n).
Also, Using WEP is equivalent to using no security whatsoever. So the 802.11n spec is just making it easier for you by clearing up the ambiguity.
Seriously, breaking WEP encryption is incredibly easy and can be done in under minute in some cases and in under 10 minutes in all cases.
As to whether or not a particular user will see a big slowdown with WPA2 enabled (which in my case was indeed slower than a G connection), that appears to vary. However, if you browse through Apple's Discussion Boards, you'll find that others are reporting situations similar to mine. So I am certainly not alone here. Currently, I am investigating exactly what is going on and what a user can do about it (other than give up password protection). I'll report back when I know more.
Finally, although I would never recommend disabling all security protection on a network, realistically, if you live in a population-light area (such as many suburbs and rural areas), the odds that someone with the intent and skill to do harm will find and join your n-only network and actually do harm, is really very low.
Ted
I completely agree with Ted. Besides the troubleshooting advantages of isolating a problem as Ted has done, there are many situations where dropping security to improve throughput is reasonable (streaming video to your TV where the only data on the network is last night's David Letterman show, for example).
I just worry about the proverbial "grandmom" user who sees a trusted source like Macfixit say "turn this off to make it faster" and doesn't see a warning about the implications. Granted, grandmom probably doesn't read this site.
Of course, now I am going to get lots of bad karma as millions of grandmothers who are way smarter than me are going to think evil of me.
Here is the "report back" that I promised. The news is mixed:
? My password-related problems with joining my "n-only" appear to have been solved. The short version of what was happening is this: The network name for the AirPort Express Base Stations had been (mistakenly) assigned the same name as the "n-only" network. I did not notice this at first because, oddly, it did not seem to interfere with their WDS link to the old Extreme Base Station. It did however cause problems related to the new one: When selecting the "n-only" network from my MacBook Pro, it would sometimes correctly attach to the new Extreme Base Station. At other times, it would attempt (even though it should not have done so) to connect directly to one of the Express Base Stations. When this happened, the errors occurred.
Assigning the Express Base Stations back to the same network name as the old Extreme appears to have solved the problem (although I still have some unanswered questions about exactly what happened here). I also did a hard reset of the new Base Station, just in case.
? Unfortunately, there was no improvement in the throughput situation. That is, when I disable WPA2 encryption on the n-only network, I still get twice the download speed that I do when the encryption is enabled. I can see a similar difference when doing something as basic as opening a Base Station's configuration in AirPort Utility: the settings window finishes opening more than twice as quickly when WPA encryption is disabled (or if I am connected via the older b/g network) than if I try the same thing via the n-only network when WPA is enabled.
I called Apple Tech Support about this and they are currently researching it. I did learn one interesting tidbit while working with them thus far:
After accessing a Base Station in AirPort Utility, select the "Advanced" icon in the toolbar. Then select "Logging and SNMP" from the tab bar. Next, click the "Logs and Statistics" button at the bottom of the window. Finally, from the screen that appears, click the "Wireless Clients" tab. This gets new a new screen which shows a list of all the wireless clients currently connected to the selected Base Station. Of particular interest, the "Rate" column shows the current throughput to the client.
My old Extreme Base Station, with its b/g network, maxes out at 54 (when connecting to my Power Mac G5). The rate drops down to as low as 11 when going to the more distantly located Express Base Stations . In contrast, the n network connection rate between the new Extreme Base Station and my MacBook Pro is typically between 270 and 300!!
Based on these numbers, the new Base Station is clearly living up to its promised speed. However, the "real world" performance, as described above, shows something different. I am still not certain why that is. Hopefully, Apple can provide an answer when they call back next week.
- by jamiewiseman February 14, 2007 10:22 AM PST
- I did have problems with a mixed mode WPA2 enabled new Extreme base station.. On a brand new out of the box 'n' enabled macbook we got 0.1Mbps throughput, when both a powerbook and an early intel Macbook Pro (both 'g' cards) were geting 7.8 Mbps. On another wireless network the new macbook worked fine, so it came down to the router being the fault. Changing to WPA improved the problem considerably but it still seemed unreliable. Now we are unsecure.
- Like this Reply to this comment
-
(8 Comments)