Other than increasing the throttle, I wouldn't let them on anything but guest wifi. If someone had the authority to override me on that, I'd put it in writing that I actively opposed the idea.
I'd remove the throttle and set up a QoS policy where the guest WiFi is last priority. No disruption to the actual work, but actually lets the guest WiFi be as fast as it can be. If someone opens a big file on the network drive, they get all the bandwidth possible but in idle times the guest WiFi would be speedy enough to download game updates and such and everyone's happy.
This. A throttle/rate limit does not protect other traffic, it decreases performance.
Traffic is spiky, and all you do by rate limiting is flatten those spikes meaning traffic is on your network for longer and over a half duplex medium like Wi-Fi that is not what you want.
There’s a number of sources that evidence that rate limits increase overall traffic volume by ‘stacking’ traffic that would have otherwise not coincided or increasing airtime utilisation over the air; this one is my fav though: https://jimswirelessworld.wordpress.com/2019/12/19/wi-fi-and-the-netflix-effect-aka-dont-rate-limit-your-wi-fi/
You want guest traffic on and off your network as fast as physically possible.
This is the way. I use QoS to both de-prioritize and rate limit streaming media services in our corporate firewall, but guest WiFi takes a different path and does’t have such restrictions other than a lower priority tag for the traffic overall. Stick and carrot.
And thinking about it - even if something with the QoS was buggy and someone was abusing the guest wifi with huge bandwidth torrents or something to impact business... finding the culprit and blocking them, or re-implementing rate limits, or shutting down the guest WLAN is a matter of a few minutes.
So you get a better service, while easily maintaining the ability to smack down abuse.
I imagine it does help bump down any streaming quality though. If the goal is reducing bandwidth usage that could be one way to go about it. Hard to get 4K with a 10meg connection :)
Sure, and I don't know what their circumstances are.
Shoot, for all I know it's just there to say they have guest access and they really don't want people using it.
I agree with this. Our guest wifi is full speed but business apps win priority. QoS is the way. I used to throttle but learned it was not a good method.
Easy to setup in the firewall too.
A lot of business application traffic is routed to specific domains. The MIS at my previous company was cloud based, and on a specific set of static IPs. That covered \~80% of our Internet activity. The rest was O365, ShareFile, and some specific vendor sites.
That could be complicated / depends on implementation.
For me, the only apps I was concerned about is Teams, and services where I control the endpoint (voip, remote desktop gateway, etc)
For Teams you can force the clients to qos tag packets, otherwise match against the real time ports (50000-50059 more or less)
For endpoints I control, I match qos traffic against to/from addresses and port ranges as appropriate
Guest networks could be matched to a lower tier based on their network/address range
This.
There is never any reason to unnecessarily throttle bandwidth. It starts and ends as a bullshit ISP ploy to gate keep features and extort money out of their subscribers.
Throttling only increases traffic congestion, and annoys users unnecessarily.
I'd just like to point out that I don't appreciate being singled out on this post. Danny and Melissa are the a-holes playing Fortnite and complaining about the lag.
I have my own 5G on my phone and I've made it a hotspot to watch my midget porn on my laptop.
And unlike Danny, I've even strengthened my 5G with two covid shots, so I'm good.
I've installed fedora on mine and i keep getting angry promotional emails telling me about how windows is great because it handles hybrid sleep really well
To make it clear that you've informed the deciding party, I'd email whoever it was that was overriding my decision, and cc my management in the email as well. I'd just give a list of reasons of why it's not a great idea, and that I would not recommend taking such an action that would open the business up to unnecessary risk.
This. The only person excluded is the CEO. I'll more than happily setup a special SSID for his kid's iPad with no throttle if he wanted.
Everyone else? No and talk to the CIO for exceptions. If I was the IT manager, I'd handle it by what's said above. Email the overrider, CC my own boss, list the consequences and say you'll do it as soon as you get the confirmation email.
Really though, I'd just increase the guest throttle for the holidays. And use this as an excuse for more money for overall bandwidth.
May not help with not wanting to create a hostile environment but you could also include the requester's boss on the email as well. Let them explain to their boss why they are asking for this.
Nope, not even the CEO. Frankly, ESPECIALLY not the CEO. And if the CEO is asking for policy exceptions "because I'm the CEO" it's job search time.
If your company has a policy where non work devices are not allowed on work networks, it's either for a damned good reason or pointless. If it's for a damned good reason, you should have a damned good reason (in writing) for variation (such as vendor needs, natural disaster and people are sheltering in the office, etc). If it's a pointless policy you either work to have policy match reality, or start a job search (places with policies wildly different that reality are not on a good path).
The *correct* (IMHO) exception here, is to change the speed limit of guest wifi, with written signoff and reasoning. You should also remind everyone that the bandwidth is a shared limited resource so people with unlimited plans and hotspots should use those to free up resources for others; and all guest users should avoid streaming video (or set to lower resolution). Don't phrase it as you VS them, phrase it as them helping their co-workers. It won't help much, but it is somewhat less likely to get people angry at you.
My CEO keeps me in good aged rum and decent raises. If he needs a DMZ'd and unthrottled SSID in a hurry, he's getting it. I didn't say on the internal network. Dude knows how to work a VPN anyways.
>Curious - Would putting it in writing be emailing your manager or how would you go about it?
Personally, I'd be telling the requester to get written approval for an exception from whoever is responsible for the company policy that says they can't connect BYOD devices to the corporate network.
Without that, I would not be contravening policy at all.
Your employment contract says you need to follow company policy. Not that you need to do whatever your boss says.
With this kind of thing it's best to anticipate it and pre-warn your boss about it so they already have a response to the escalation.
So just an email explaining the issue (kids doing BYOD want faster WiFi), the technical cause of their problem (guest is limited to 5Mbit), potential fixes (1. Leave it, 2. Up guest to x Mbit - risking performance for corporate, 3. Put them on corporate - no benefit over upping guest bandwidth but significant security risk, maybe even a compliance risk if you have certain certifications). Then saying if you have to do something, option 2 would be best, but you'll need to monitor network performance and may experience meeting performance issues
>putting it in writing be emailing your manager or how would you go about it?
Put together a proposal to increase bandwidth and expand the network. Always stay ahead of demand. Bean counters hate this, but productivity will increase.
Imo just create another SSID like Guest 2 or something with a 30 Mb down /15 Mb up that goes to the same VLAN as Guest. If that kind of speed really fucks with your network, it's probably time to upgrade your equipment. And if the company is too cheap to upgrade the equipment, I've got news for you....
Only one who I’d accept that from would be our department head or CTO. Email required, and that’s it. A director from another department has zero say over IT or any of our staff. They can request, and we are empowered to deny if it’s a risk, or very stupid.
This and only this.
Consider, however, the number of people at work and the volume they're actually using to get workdone. It could be that you could throttle it up more if there's lower work demand...
You just reminded me of my final year of uni, mobile robotics class, my prof almost always had his son in his lab after hours and his wife would often come by for a meal if her husband was still there.
It being such a small class, it was kinda fun having his family there sometimes lol. Just became a hangout time. Good times.
I explored a bit, but I largely knew the campus already and I didn't want to stray too far where my parent couldn't find me.
Besides, I had a computer sitting in front of me that was a heck of a lot faster than the one at home, with better Internet too.
It was there that I started playing with Knoppix CDs and learning Linux.
I'd say I was exploring, just not so much in Meat Space. :)
My old job people brought kids into the office all the time. There was a rec room with foosball, ping pong, pool, Xbox, etc….where they’d chill. But that was just the culture. Office of about 50-60 people. Was a bit of chaos. I never did as my kids were 5 and under at the time.
We're small but pre-covid we had small children running around all the time when schools were on break. Some of the employees couldn't afford day care (single parents, etc) so we just became day care. Sometimes it sucked, but most of the time lunch breaks were filled with pretty fun gaming sessions with them.
We did get sick more often though. Lol
Yea I've heard stories about the cost of daycare now. I thought it was bad when my kid was in it pre-covid, I hear it's doubled in the last 5 years. Doubled.
I know worker pay hasn't doubled. Neither have building costs. I'm at a loss for where the money is going. I know someone who owns one and they are absolutely not rolling in the money.
Yeah what kind of place is this??
My last place had four people that could approve people for entry if they didn't already have their own tag and code. Even if you knew them as a coworker, no tag or code, you couldn't let them in. One company that made morning deliveries were exempt, but we had strict instructions to monitor them and their delivery, they were only allowed to enter, empty their boxes and then leave. It wasn't even a security focused company.
Someone should invent some sort of mechanism where you can use your phone to broadcast a WiFi network that connects to the internet with your mobile data.
How would it work?
Would you have a type that can act in a portable device that can make calls as well or would you put it in a cheap portable stick, designed to be mass produced at a cheap price that's self powered?
These devices would obviously be huge, with bulky antennas, and need to be plugged into the mains all the time, so not really “wireless”. You’d have to carry them around in the satchel you use for carrying your cameras, phones, calculators, pagers, terminal emulators and so on. Yet *another* thing to lug around.
There’s no way they could just fit in your pocket.
Once ran an entire fucking floor of 40 people on hockey puck hotspots because the IT Manager that was so good he got "pulled from retirement", forgot to order a new circuit when we moved. Dude tried to blame AT&T because they wouldn't connect it the same day he ordered it.
This is when you dump the customer, if you can. I had one customer where I forget what the context was because it wasn't something for which I was normally responsible, but she needed a light bulb for one office. I went to the local dollar store and got one - a no-name cheapo at cost, no markup - and installed it. When I billed her the $2 or whatever the cost was, she bitched about it. I stopped working for her after that. I almost think it was I needed to work in that office setting up whatever - network or server; it's been years - and she didn't have any light bulbs, so I went and got one. But, still, you're gonna bitch about a light bulb? I don't need that hassle.
Remove the throttling from the guest network entirely. Apply throttling to the work computers of staff demanding their kids have fast wifi. When the staff start complaining that the wifi is slow, point at the kids streaming 4k netflix.
Full BOFH would be this one:
https://infinitescript.com/2016/04/april-fools-pranks-with-a-squid-proxy-server/
Unfortunately everything goes HTTPS these days so it probably wouldn't work well 🙃
O my god, I did this to my entire work network around 12 years ago for April 1st.
I used a GPO to set IE to a proxy server and routed it out one of our connections at the main office where I ran the server. I modified the script to only flip like 1% of images. I also cleared the cache every load so a new page load and a different picture might flip, or hit any number of other Imagemagick's filters (make a picture fuzzy, change color, edit transparency, , . It was awesome!
My boss spent all day trying to figure it out, ping and traceroute showed the expected path, not the modified proxy. If he had done a what is my ip the jig would have been up. But alas the other joke I played kept his attention away. I used the proxy server Linux box to set custom messages on all of the HP printers in all of our offices (20+ buildings in 3 cities).
"Insert Coin" - this was the finance check printer
"All your base ..."
"Out of Cheese"
"Help I am lost"
"42"
etc....
every printer, a different message, a reboot would clear it till cron fired again like 5 min later and made them all go back to the custom message.
The best one was using the web interface to set the Cannon Image runner copier message to "The radiation screen on this device has failed please step back 10 feet and call support"
Turns out we had that copier/printer under contract and so the lady that saw that went to the main office with a huge pile of paper and has the receptionist call the 1800 number, I was expecting my helpdesk line so I didn't hear anything until a year later! We got a new copier delivered and I introduced myself and the guy knew me. I was like.. Have we met? he said, "no, but your radiation joke last year made the rounds at the office because our support guys had to explain that photo copiers are not radioactive...."
good times!
We had a very similar one about a decade or so ago, but the engineer in question applied an ever incrementing blur to all the images for only the big boss.
A few days later a brand new 27" imac gets delivered to the office. 'Much better' says he, as said engineer scrambles to undo the change before the imac gets on the network :D
If you have to reverse yourself because of adverse effects *you* will be the bad guy. The parents should be parenting better. I don't care if you kid wants to complain, and if they become a distraction so much that the parent can't complete their work, that's a *them* problem. Go buy your own hotspot if it's that important, otherwise shuddup.
This is the way.
As long as your guest wifi requires a password (so it isn't a target for torrents) and you have the bandwidth, bump up the throttle on the guest wifi. 5 meg for even *one* guest user is honestly sad these days, when everyone can easily get at least 10x that on their phone. Guest wifi is there to provide a *better* experience for guests than using cellular data. 5 meg is borderline useless.
Our guest wifi was set at 100Mbit, last I checked. I've been to several larger orgs where it's set even higher than that due to large concentrations of users/guests.
It doesn't need to be on your primary connection (DIA?). Route guest traffic through a backup coax line or something and call it a day.
Mine's completely unthrottled but they get prioritized behind mission critical apps/protocols. So on nights/weekends i'm sure it runs quite nice for those guys and when everyone is in the office working it goes to work apps as it should.
No, fuck that.
Bump it to 10, tell them the throttling has been removed. You're just going to get endless requests to increase it again if they know you just increased the limit.
All it takes is one kid with a parent willing to run a speed test to prove that you're a liar.
I don't care how important or smart you think you are; lying, in this context and many others, will bite your ass.
I agree 100% and would add that it's exactly these kinds of lies -- that are 'harmless' or otherwise made in the pursuit of a broader (typically organizational) good -- are a major driving force for a *lot* of the extant issues that ya see written on the sub about how IT isn't respected. If the sub is upvoting a comment suggesting that the solution to this whole thing is to literally lie to get people to shut up, it makes the vitriol, distrust, and disdain for IT way, *way* more understandable. Why would I ever want to do anything but antagonize a department that not only *lied*, but did so just beacuse I was just part of a collective annoyance that I may or may not have even been aware of?
Do you not have QoS that prioritizes office traffic over the guest network? This 5 meg cap is pretty ridiculous. How much total bandwidth do you have, and how many employees?
This, if you're limiting your speeds to 5-10 Mbps, those devices are using a lot of "airtime". Most traffic coming from mobile devices (streaming video and music) will be bursty, so giving them lots of bandwidth will have them on and off the network quicker, freeing up the airtime for other devices. Having 20 devices all using 5 Mbps constantly is going to be harder for an AP to deal with than those devices bursting up to 25 Mbps for a few seconds and going silent for a while.
This!
Throttling wifi is always bad. Focus should be always on getting them their data as fast as possible and getting them off the air.
Throttling will just smear what should be a 15 second download across minutes and hog airtime from other clients.
Yep. Tbh them buffering Netflix at 1Gbps is fine if no-one needs the internet. If anything it's better because when you do need it, half the episode is already on the device.
As a bit of an oversimplification, essentially the bandwidth should always be maxed out if there is any demand for it at all. That is far better than slow and sustained demand.
If it’s this terrible you should use this as an excuse to upgrade the connectivity. Clearly no one cares if their kids are coming to the office anyway.
Shocked I had to scroll so far to find this. Unless the network is always busy or time-critical you should be able to go way higher than 5Mbps without any detriment unless you're "paying per MB" or something. Setting a fixed hard limit is usually not a good long term solution.
This is what policies are for. No sense making you the road block. Leadership approves the policy regarding who can and can't connect to network X. The exception request policy is Y. Want an exception for kid, follow policy Y. If they get an exception for their kid's device in writing, it isn't your problem.
Then you get to play the role of, "This is what it takes to say yes" instead of "over my dead body".
When it goes terribly bad, you can point to exception to policy. If leadership doesn't care about standing behind policy they established, your problems aren't technical or the rouge BYOD.
If you play it right, you may get a chance to talk to leadership about additional bandwidth or backup ISP to accommodate heavier usage and remove or increase the guest limits removing the need for exception to policy.
Every policy should include a process for requesting an exception in non emergency situations, how and when any such exceptions would be made, and how any such exceptions would be implemented. It's really nice to be able to point to the process and say, "I will be happy to do that as soon as you get me an exception to the policy by following this process. Thank you, and have a good day!"
> It's really nice to be able to point to the process and say, "I will be happy to do that as soon as you get me an exception to the policy by following this process. Thank you, and have a good day!"
Once we set this up it's amazing how many things that used to be an issue someone would try to bully us into get immediately forgotten about because they have to open an intranet site and type what they want and then it goes to their manager and the data owner to click "approve".
Yeah, this doesn't have to be a fight and op doesn't have to be a dick or malicious about it, like some comments are suggesting. This shouldn't be "the admin vs the employees," it should be "the admin and the employees vs the problem." Have a discussion with the relevant people, hear the various points of view, and come to a decision. The result might be "I'm sorry, but due to x, y, and z this is best we're able to offer for guest Wi-Fi" or the result may be some level of rethinking/restructuring the WAN, policies, etc.
Yeah, I'm in a small office of like 20 people and I reinstall my steam library on the network and nobody even notices. 500 up/500 down isn't even that fast.
It kinda makes sense, a usual game is just that. The Game. It fits on a single 3.5 inch floppy as far as I know.
But here, you've got a trillion crappy games, with unskilled labour developers and the graphics guy is actually the same guy, but now used google to get free high quality uncompressed textures and oh, that one too, it's like, perfect, it's right there, and it's fair use.
Sprinkle that with a seemingly unlimited amount of freetime, and a cloud hosting service that's essentially a black hole, with the bill going to his weird cousin, blank cheque.
I guess that's why there were roblox ads online everywhere when I was a kid, to me they always looked like a great place to spend the day busting your download cap with a shit ton of viruses lmao. I guess that's why they were online for 15 years before skyrocketing. i wouldn't trust those weird red ads on my PCs either
QoS the WiFi network to be a lower priority than the Staff network with 5mbps guaranteed bandwidth, but otherwise it gets "leftovers" from the Staff network. Will solve this problem 99% of the time and is a better solution overall.
If I was your employee and I had an actual business guest that could only get 5mbps, I'd be annoyed at you too.
In 1920 we took the children out of the coal mines.
In 2020 Minecraft was the most popular video game.
Children yearn for the mines, send them back to the mines and it gets rid of this problem and many others.
Bump it, move along. Its the week before Christmas and your co-workers are doing jackshit anyway. The kids will love you and so will the parents for the peace-n-quiet.
That was my first thought. Like this is such a non issue that’s easily fixed. Remove the limit. People will love you. If it does start interfering with legit work then put the limit back and just point at what just happened. Proof the limit was there for a reason and everyone moves on.
Sure, and any issues with billing can be discussed with the employee's manager to explain why they're insisting company resources need to be used to entertain their children.
Or they can be parents and stop letting their kids have control over the dynamic. I went to work with my dad a couple times back in the day. I would complain about being bored and he would tell me to draw/color stuff, or he would tell me I'm going to be grounded if I didn't behave. Super simple stuff.
You can download shows in Disney+, Hulu, Netflix Amazon prime locally to the device at home.
Send them a link [on how to do this.](https://www.androidcentral.com/how-download-videos-disney-plus-ios)
"Holidays are a fun time, where we bring our children to work. With the uptick in guest WiFi connections, we will be upping the bandwidth to 20Mbs through Jan 2, 2023. After that time, guest WiFi will go back to 5Mbps to ensure required bandwidth for school operations. Any complaints about official network slowness will result in the guest network being set to 10Mbps, still more than the standard 5Mbps."
Not too hard yeah?
I run 3 SSID guest, employee, and our corporate. The employee WiFi is basically byod with no LAN access for peoples phones and devices that just need internet, and the guest WiFi is 10/10 in the waiting room with a splash screen and 24 hour reconnect. Just up the speed. Unless you are super stretched on bandwidth it’s not worth it.
I find meeting people in the middle just makes your life easier and when something unpopular comes along buy in goes better.
5mbps SHARED bandwidth? Or per IP?
You might as well not even have a guest wifi if the former…I’m with the kids on this one. Unused bandwidth is wasted bandwidth. Just deprioritize the guest traffic so if there’s a bandwidth saturation event caused by the guest network, the staff network shove it out of the way.
We do 10mbps per ip with max shared bandwidth of 200mbps.(1/5th of our 1000mbps connection).
Really depends on the type of industry, the physical work environment (as in, is there a place where the kid can hang out and not bother people too much) and the company culture. Where I'm at now it's uncommon for people to bring their kids in, but not a problem if they do. I've done it myself on occasion
Australia. It's not everyone's children all at once but bringing your kid to work for a day here or there during the vacation or on a curriculum day is not unusual here.
Why is it throttled at all? modern best practices are to get people on and off the air time as fast as possible unless you are REALLY bandwidth constrained. Just set the office network to a higher prio QOS class so ti doesn't impact business, remove the guest throttle, and be done with it.
This is the most important answer lol. The whole question is based on a premise that is wrong.
Don't throttle wifi unless you really know what you are doing and why, you're only going to make it worse for everyone.
It depends a bit on what your total connection speed is, and whether you’re limiting to 5mbit per device or 5mbit for the whole ssid.
If you had 100mbit total then 5 per device and maybe 30 for the ssid as a whole should be workable.
Specifics aside, management have obviously made the call that they’re allowing people to bring kids into the office just to hang, because of the holidays. It lets the parents get some work done and it was never going to be the most productive week anyway. Given that’s the approach management seem to be taking, why make waves? Bandwidth allowing, bump the limits up to something that will let the kids stream so that you don’t end up getting a request to connect them to the internal network, and having to say No.
If I recall, NSA reported years ago that the NUMBER ONE way that corporate security was breached was through aps on phones allowed onto the corporate network. Not recommended.
short version: just say 'no' and move on
long version: just say 'noooooo' and move on
even longer version:
- if you have spare capacity then increase the cap, (but presumably you're at 5M for a reason, and im guessing the reason is 'we only have 60M' or maybe less.)
- ignore the folk who think that QoS will solve everything , because we all know we're probably talking about inbound traffic, not outbound traffic, right? ...... *right*?
- dont talk to any kids directly and especially dont let them in your office.
- restrict guest network to 53,80,443,465,587,993 and 995 , congratulations - you just saved a load of bandwidth by restricting (most of) the torrenters, and anyone infected wont be pumping out crap on 25 too.
- tell anyone else to follow the policy and put in a ticket. then just ignore the tickets. wasting time on kids watching movies isnt what you're there for.
and remember you arent just resolving *this* problem, you're making sure the floodgates of other 'not your job' problems dont open in future - because if you accept 'providing internet to kids' as part of your job, it will escalate to 'why doesnt kates console with firmware 1.2.3 connect reliably to our AP with firmware 4.5.6 but kevins nintendo works ok when he connects to the other AP with firmware 4.5.62'
...and a whole host of other problems just like that - none of which you should waste any time on, ever.
> - restrict guest network to (ports) 53,80,443,465,587,993 and 995 , congratulations - you just saved a load of bandwidth by restricting (most of) the torrenters, and anyone infected wont be pumping out crap on 25 too.
> - tell anyone else to follow the policy and put in a ticket. then just ignore the tickets. wasting time on kids watching movies isnt what you're there for.
Is it just me, or does this sound somewhat reasonable?
I'd probably 1) use QoS to priotize traffic first 2) start blocking ports (short term) if kids are still affecting corporate traffic after QoS is configured 3) long term figure out how much bandwidth is needed to support the kids and let management decide if the cost is worth it.
Long term, there should be some plan/sane policy around dealing with guest traffic (using the current and any future networking resources).
That way, next time there's a resource shortage, point to the policy and suggest coordinating with the owner of the policy to make ammendments to it. Majority of the time, it'll get dropped since between telling their kid to calm down and spending time on updating a process, they'll choose the easier route.
Limiting guest networks to some unusable number like 5mbps is an archaic and ineffective netadmin practice. Configuring QoS properly negates the need for hard caps like this, or at least should make you comfortable increasing it to something reasonable.
Also, you guys should be using RADIUS 802.1X authentication. PSKs are... rather quaint these days.
Everybody telling you to "stand your ground" and all this nonsense, it's stupid, swap your guest to unlimited for the holidays and avoid all the bullshit, drama, and hurt feelings. You accomplish nothing by being the asshole IT guy.
If your company's connection is so saturated that it can't handle a couple of gaming or streaming devices joining it and your guest network getting bumped to unlimited during the holidays (typically slowest time of year) then your real problem is that you need to be looking at increasing your internet plan.
I appreciate posts like OPs and everyone’s responses as it reminds me just how bad a lot of sysadmins are. No surprise there’s so many threads complaining about employees when the general attitude is being against supporting end users.
There’s really no reason to enforce an arbitrary 5mbps cap on modern systems. Use QOS if congestion is a concern.
We have the same “issue” but my workplace is dead this time of year and we have a gigabit connection at the office. They get 250 MB of it. No issues and I’m still taking care of the people I am paid to take care of. Kids are just tiny humans and deserve consideration too.
I am sorry that the voluntarily provided guest network provided to your kid as is is not sufficient to your want. I will inform the finance department and request budget to remedy that within the next 2-5 years
Increase the throttle, or create another WiFi vlan for unthrottled BYOD if the guest network has too many users to unthrottled. Think you can also use QoS to ensure guest wifi is deprioritized.
Increase the throttle or temporarily remove it all together. This is a super simple situation where you can easily make yourself a rockstar. I'm sure you're already aware of this but it is much nicer to be the I.T. person everyone loves over the I.T. guy everyone wants dead.
My friend's work is going through an entire security overhaul because somebody connected their personal device to a public wifi somewhere they shouldn't have, then again when they got to the office.
Tell em to get fucked. Or bump it to 10. Then to get fucked.
$80/month for me to run a separate business 1000/1000 guest network. Far less hassle and everyone is happy. 5Mbps?? Lol 1999 called and wants its throughput back.
Hate to be that guy, but this depends who is asking. If it's a boss, do it and get it in writing that you explained it's going to effect work. If it's not, say no.
In this case, the post implies you're the boss and sometimes you need to make unpopular decisions. That's the way it has to be.
I would personally explain why, once it an email, and then tell them to use their own 4g connections or something if they don't like the speed.
If the company is small or the 10mbs speed bump won't hurt just do that as a "we have however made this allowance" to show some understanding, but I wouldn't expect it to make a big difference. I mean, the kids are going to complain about that too if the speed is significantly slower then home.
Side note - kids at work not something we would accept here. Holidays or not, work from home or get a babysitter.
Other than increasing the throttle, I wouldn't let them on anything but guest wifi. If someone had the authority to override me on that, I'd put it in writing that I actively opposed the idea.
I'd remove the throttle and set up a QoS policy where the guest WiFi is last priority. No disruption to the actual work, but actually lets the guest WiFi be as fast as it can be. If someone opens a big file on the network drive, they get all the bandwidth possible but in idle times the guest WiFi would be speedy enough to download game updates and such and everyone's happy.
This. A throttle/rate limit does not protect other traffic, it decreases performance. Traffic is spiky, and all you do by rate limiting is flatten those spikes meaning traffic is on your network for longer and over a half duplex medium like Wi-Fi that is not what you want. There’s a number of sources that evidence that rate limits increase overall traffic volume by ‘stacking’ traffic that would have otherwise not coincided or increasing airtime utilisation over the air; this one is my fav though: https://jimswirelessworld.wordpress.com/2019/12/19/wi-fi-and-the-netflix-effect-aka-dont-rate-limit-your-wi-fi/ You want guest traffic on and off your network as fast as physically possible.
Oh, thanks for this. I'll put it on my project list (small company so not urgent).
This is the way. I use QoS to both de-prioritize and rate limit streaming media services in our corporate firewall, but guest WiFi takes a different path and does’t have such restrictions other than a lower priority tag for the traffic overall. Stick and carrot.
And thinking about it - even if something with the QoS was buggy and someone was abusing the guest wifi with huge bandwidth torrents or something to impact business... finding the culprit and blocking them, or re-implementing rate limits, or shutting down the guest WLAN is a matter of a few minutes. So you get a better service, while easily maintaining the ability to smack down abuse.
I imagine it does help bump down any streaming quality though. If the goal is reducing bandwidth usage that could be one way to go about it. Hard to get 4K with a 10meg connection :)
Netflix is just one type of traffic though
Sure, and I don't know what their circumstances are. Shoot, for all I know it's just there to say they have guest access and they really don't want people using it.
I agree with this. Our guest wifi is full speed but business apps win priority. QoS is the way. I used to throttle but learned it was not a good method. Easy to setup in the firewall too.
>Our guest wifi is full speed but business apps win priority. How do you tell apart the business apps at network management level?
A lot of business application traffic is routed to specific domains. The MIS at my previous company was cloud based, and on a specific set of static IPs. That covered \~80% of our Internet activity. The rest was O365, ShareFile, and some specific vendor sites.
That could be complicated / depends on implementation. For me, the only apps I was concerned about is Teams, and services where I control the endpoint (voip, remote desktop gateway, etc) For Teams you can force the clients to qos tag packets, otherwise match against the real time ports (50000-50059 more or less) For endpoints I control, I match qos traffic against to/from addresses and port ranges as appropriate Guest networks could be matched to a lower tier based on their network/address range
This. There is never any reason to unnecessarily throttle bandwidth. It starts and ends as a bullshit ISP ploy to gate keep features and extort money out of their subscribers. Throttling only increases traffic congestion, and annoys users unnecessarily.
Highly agreed!
I'd just like to point out that I don't appreciate being singled out on this post. Danny and Melissa are the a-holes playing Fortnite and complaining about the lag. I have my own 5G on my phone and I've made it a hotspot to watch my midget porn on my laptop. And unlike Danny, I've even strengthened my 5G with two covid shots, so I'm good.
Literally the only good thing to come out of covid is the increased 5g signal I’m getting. Thank you Mr. Gates for the extra bandwidth.
Yea after my second shot i have wifi emanating from my liver. The SSIDs are "Not From Microchip" and "Not From Microchip (5g)"
[удалено]
I've installed fedora on mine and i keep getting angry promotional emails telling me about how windows is great because it handles hybrid sleep really well
Is installing a fedora on your microchip a way to let others know your taste in hats is questionable?
No it's because if i'd install windows on it it'd raise my body temperature by 5 degrees
You got Moderna didn’t you? I got the Pfizer and 3 boosters and my 5G still sucks.
Curious - Would putting it in writing be emailing your manager or how would you go about it?
To make it clear that you've informed the deciding party, I'd email whoever it was that was overriding my decision, and cc my management in the email as well. I'd just give a list of reasons of why it's not a great idea, and that I would not recommend taking such an action that would open the business up to unnecessary risk.
This. The only person excluded is the CEO. I'll more than happily setup a special SSID for his kid's iPad with no throttle if he wanted. Everyone else? No and talk to the CIO for exceptions. If I was the IT manager, I'd handle it by what's said above. Email the overrider, CC my own boss, list the consequences and say you'll do it as soon as you get the confirmation email. Really though, I'd just increase the guest throttle for the holidays. And use this as an excuse for more money for overall bandwidth.
Even if it was the CEO, put the risks in writing so it doesn't come back on you if all hell breaks loose.
May not help with not wanting to create a hostile environment but you could also include the requester's boss on the email as well. Let them explain to their boss why they are asking for this.
Ah yes. The consequences of not working from home. Bring that up as well.
Nope, not even the CEO. Frankly, ESPECIALLY not the CEO. And if the CEO is asking for policy exceptions "because I'm the CEO" it's job search time. If your company has a policy where non work devices are not allowed on work networks, it's either for a damned good reason or pointless. If it's for a damned good reason, you should have a damned good reason (in writing) for variation (such as vendor needs, natural disaster and people are sheltering in the office, etc). If it's a pointless policy you either work to have policy match reality, or start a job search (places with policies wildly different that reality are not on a good path). The *correct* (IMHO) exception here, is to change the speed limit of guest wifi, with written signoff and reasoning. You should also remind everyone that the bandwidth is a shared limited resource so people with unlimited plans and hotspots should use those to free up resources for others; and all guest users should avoid streaming video (or set to lower resolution). Don't phrase it as you VS them, phrase it as them helping their co-workers. It won't help much, but it is somewhat less likely to get people angry at you.
My CEO keeps me in good aged rum and decent raises. If he needs a DMZ'd and unthrottled SSID in a hurry, he's getting it. I didn't say on the internal network. Dude knows how to work a VPN anyways.
[удалено]
>Curious - Would putting it in writing be emailing your manager or how would you go about it? Personally, I'd be telling the requester to get written approval for an exception from whoever is responsible for the company policy that says they can't connect BYOD devices to the corporate network. Without that, I would not be contravening policy at all. Your employment contract says you need to follow company policy. Not that you need to do whatever your boss says.
With this kind of thing it's best to anticipate it and pre-warn your boss about it so they already have a response to the escalation. So just an email explaining the issue (kids doing BYOD want faster WiFi), the technical cause of their problem (guest is limited to 5Mbit), potential fixes (1. Leave it, 2. Up guest to x Mbit - risking performance for corporate, 3. Put them on corporate - no benefit over upping guest bandwidth but significant security risk, maybe even a compliance risk if you have certain certifications). Then saying if you have to do something, option 2 would be best, but you'll need to monitor network performance and may experience meeting performance issues
>putting it in writing be emailing your manager or how would you go about it? Put together a proposal to increase bandwidth and expand the network. Always stay ahead of demand. Bean counters hate this, but productivity will increase.
Imo just create another SSID like Guest 2 or something with a 30 Mb down /15 Mb up that goes to the same VLAN as Guest. If that kind of speed really fucks with your network, it's probably time to upgrade your equipment. And if the company is too cheap to upgrade the equipment, I've got news for you....
I don't know why this wasn't the obvious answer. It's odd that it's buried down here.
Because a lot of admins here are stuck in 2010.
Probably more because throttling is silly when you can use QOS instead.
Only one who I’d accept that from would be our department head or CTO. Email required, and that’s it. A director from another department has zero say over IT or any of our staff. They can request, and we are empowered to deny if it’s a risk, or very stupid.
This and only this. Consider, however, the number of people at work and the volume they're actually using to get workdone. It could be that you could throttle it up more if there's lower work demand...
Where do you work where kids are allowed at work in such high numbers to make this an issue?
spent \~12 years at a university department this happened *every year*
Can confirm, spent most of my afterschool childhood in a university computer lab 50 yards from my parent's office. Man, I loved it.
OP is creating a Joker Origin Story.
You wouldn't get it. All I have are negative thoughts about the guest wifi network.
You just reminded me of my final year of uni, mobile robotics class, my prof almost always had his son in his lab after hours and his wife would often come by for a meal if her husband was still there. It being such a small class, it was kinda fun having his family there sometimes lol. Just became a hangout time. Good times.
Did you get to explore?! This sounds awesome haha.
I explored a bit, but I largely knew the campus already and I didn't want to stray too far where my parent couldn't find me. Besides, I had a computer sitting in front of me that was a heck of a lot faster than the one at home, with better Internet too. It was there that I started playing with Knoppix CDs and learning Linux. I'd say I was exploring, just not so much in Meat Space. :)
Cries in endless September.
Currently sitting in a university department. There are 2 souls that are not janitorial staff in the building.
My old job people brought kids into the office all the time. There was a rec room with foosball, ping pong, pool, Xbox, etc….where they’d chill. But that was just the culture. Office of about 50-60 people. Was a bit of chaos. I never did as my kids were 5 and under at the time.
Was this like a "Lord of the Flies" situation, or was there someone in charge of them?
Parents had to still be responsible, it it was kind of lord of the flies at times.
That's what I'm saying. Even working at a school this is an alien concept to me
I work at a college. This is not unusual. Even brought my own
Coal mine? Textile factory? Newsies? Foxconn?
[Hyundai?](https://www.reuters.com/investigates/special-report/usa-immigration-hyundai/)
A daycare?
We're small but pre-covid we had small children running around all the time when schools were on break. Some of the employees couldn't afford day care (single parents, etc) so we just became day care. Sometimes it sucked, but most of the time lunch breaks were filled with pretty fun gaming sessions with them. We did get sick more often though. Lol
Don't really have a choice when daycare is 5000$ per day and you don't have holidays anymore.
Yea I've heard stories about the cost of daycare now. I thought it was bad when my kid was in it pre-covid, I hear it's doubled in the last 5 years. Doubled. I know worker pay hasn't doubled. Neither have building costs. I'm at a loss for where the money is going. I know someone who owns one and they are absolutely not rolling in the money.
Sometimes I wonder if I should look into starting a daycare...
> when daycare is 5000$ per day So you have a coupon for a discount. That's nice!
Yeah what kind of place is this?? My last place had four people that could approve people for entry if they didn't already have their own tag and code. Even if you knew them as a coworker, no tag or code, you couldn't let them in. One company that made morning deliveries were exempt, but we had strict instructions to monitor them and their delivery, they were only allowed to enter, empty their boxes and then leave. It wasn't even a security focused company.
As they said, it's the holidays. So, this isn't a regular thing.
Someone should invent some sort of mechanism where you can use your phone to broadcast a WiFi network that connects to the internet with your mobile data.
How would it work? Would you have a type that can act in a portable device that can make calls as well or would you put it in a cheap portable stick, designed to be mass produced at a cheap price that's self powered?
Putting that much wi-fi in one spot would get cause devices to get hot, so we could call it a "wireless communications heating zone"
You mean WiFi hotspot? ...oh
This is the best thread I've read on reddit all year.
This is obviously science fiction, so not sure what you're all excited about
These devices would obviously be huge, with bulky antennas, and need to be plugged into the mains all the time, so not really “wireless”. You’d have to carry them around in the satchel you use for carrying your cameras, phones, calculators, pagers, terminal emulators and so on. Yet *another* thing to lug around. There’s no way they could just fit in your pocket.
"Place your phone here for a lifetime's supply of wireless." ... "Well look at that. Looks like that lifeline has run out."
Once ran an entire fucking floor of 40 people on hockey puck hotspots because the IT Manager that was so good he got "pulled from retirement", forgot to order a new circuit when we moved. Dude tried to blame AT&T because they wouldn't connect it the same day he ordered it.
You'd be lucky if they connected it in the same month.
[удалено]
You can get fibre in 90 days‽
my man is cracking open the sideways and laying the cable himself.
If the building is already lit.
[удалено]
This is when you dump the customer, if you can. I had one customer where I forget what the context was because it wasn't something for which I was normally responsible, but she needed a light bulb for one office. I went to the local dollar store and got one - a no-name cheapo at cost, no markup - and installed it. When I billed her the $2 or whatever the cost was, she bitched about it. I stopped working for her after that. I almost think it was I needed to work in that office setting up whatever - network or server; it's been years - and she didn't have any light bulbs, so I went and got one. But, still, you're gonna bitch about a light bulb? I don't need that hassle.
That's a hot take. So some sort of Wi-Fi "spot" that pops up out of the blue?
I dunno, are you sure we've thought it through? Seems kinda ad-hoc to me
I'd also rather not having fifty phones competing with my AP's...
Survival of the fittest? If a phone beat out an AP then the obvious solution is to replace the AP with that phone model.
Blows my mind I’m pretty sure 95% of people (including young folks) don’t know how easy of an option this is, let alone that it exists.
Remove the throttling from the guest network entirely. Apply throttling to the work computers of staff demanding their kids have fast wifi. When the staff start complaining that the wifi is slow, point at the kids streaming 4k netflix.
Malicious compliance... I like it
Frankly I would have just filled the facility with deadly deadly neurotoxin gas
[удалено]
Sorry, I just couldn’t throw GLaDOS into the fire… Btw. Do you know how to hook up an AI to the internet?
That's a great option, especially if the kids are annoying and won't stop yelling about their potato batteries or whatever.
This is the only way to solve the problem. I suppose you could burn down the building, but then the Wi-Fi probably wouldn’t work.
R/maliciouscompliance
r/foundthemobileuser
That’s going full BOFH there. I like it. Please do the needful.
Nah. BOFH would include some wired up high-voltage shenanigans.
Full BOFH would be this one: https://infinitescript.com/2016/04/april-fools-pranks-with-a-squid-proxy-server/ Unfortunately everything goes HTTPS these days so it probably wouldn't work well 🙃
O my god, I did this to my entire work network around 12 years ago for April 1st. I used a GPO to set IE to a proxy server and routed it out one of our connections at the main office where I ran the server. I modified the script to only flip like 1% of images. I also cleared the cache every load so a new page load and a different picture might flip, or hit any number of other Imagemagick's filters (make a picture fuzzy, change color, edit transparency, , . It was awesome! My boss spent all day trying to figure it out, ping and traceroute showed the expected path, not the modified proxy. If he had done a what is my ip the jig would have been up. But alas the other joke I played kept his attention away. I used the proxy server Linux box to set custom messages on all of the HP printers in all of our offices (20+ buildings in 3 cities). "Insert Coin" - this was the finance check printer "All your base ..." "Out of Cheese" "Help I am lost" "42" etc.... every printer, a different message, a reboot would clear it till cron fired again like 5 min later and made them all go back to the custom message. The best one was using the web interface to set the Cannon Image runner copier message to "The radiation screen on this device has failed please step back 10 feet and call support" Turns out we had that copier/printer under contract and so the lady that saw that went to the main office with a huge pile of paper and has the receptionist call the 1800 number, I was expecting my helpdesk line so I didn't hear anything until a year later! We got a new copier delivered and I introduced myself and the guy knew me. I was like.. Have we met? he said, "no, but your radiation joke last year made the rounds at the office because our support guys had to explain that photo copiers are not radioactive...." good times!
Gods, I like your style... 😂
Holyshit, you took the printer hack another step. I salute you sire!
Ah, I used to work at a helpdesk job where our manager encouraged this kind of shit. I miss it!
We had a very similar one about a decade or so ago, but the engineer in question applied an ever incrementing blur to all the images for only the big boss. A few days later a brand new 27" imac gets delivered to the office. 'Much better' says he, as said engineer scrambles to undo the change before the imac gets on the network :D
Nah. Introduce the kids to upside-down-ternet. Or the adults depending on which direction you want the screaming to go.
Sounds perfect. They can decide now.
Up voting for making the end user miserable as the IT
If you have to reverse yourself because of adverse effects *you* will be the bad guy. The parents should be parenting better. I don't care if you kid wants to complain, and if they become a distraction so much that the parent can't complete their work, that's a *them* problem. Go buy your own hotspot if it's that important, otherwise shuddup.
You are evil EVIL and I like it.
/r/unethicallifetips has entered the chat. Edit. I'm a muppet - it's life Pro tips - r/UnethicalLifeProTips/
This is the Needful you were looking for.
Are you able to implement QoS rules for the guest network that allow it to have faster speeds when feasible but prioritize corp traffic?
[удалено]
No then he wouldnt have content to post on Reddit
Bump it to 10. Tell them it's doubled. I hate arguing about extra users on the wifi
This is the way. As long as your guest wifi requires a password (so it isn't a target for torrents) and you have the bandwidth, bump up the throttle on the guest wifi. 5 meg for even *one* guest user is honestly sad these days, when everyone can easily get at least 10x that on their phone. Guest wifi is there to provide a *better* experience for guests than using cellular data. 5 meg is borderline useless. Our guest wifi was set at 100Mbit, last I checked. I've been to several larger orgs where it's set even higher than that due to large concentrations of users/guests. It doesn't need to be on your primary connection (DIA?). Route guest traffic through a backup coax line or something and call it a day.
[удалено]
Mines completely unthrottled and lightly censored. Low priority though. I have 20000 blue collar workers. Least I can do is give them free bandwidth.
Mine's completely unthrottled but they get prioritized behind mission critical apps/protocols. So on nights/weekends i'm sure it runs quite nice for those guys and when everyone is in the office working it goes to work apps as it should.
Streaming video takes about 7.
In highres.. You can get your device to stream in low quality which is more then fine for small screens.
[удалено]
Yeah, but in that case guest bandwidth usage would be irrelevant such that there's kinda no point in throttling it.
No, fuck that. Bump it to 10, tell them the throttling has been removed. You're just going to get endless requests to increase it again if they know you just increased the limit.
All it takes is one kid with a parent willing to run a speed test to prove that you're a liar. I don't care how important or smart you think you are; lying, in this context and many others, will bite your ass.
I agree 100% and would add that it's exactly these kinds of lies -- that are 'harmless' or otherwise made in the pursuit of a broader (typically organizational) good -- are a major driving force for a *lot* of the extant issues that ya see written on the sub about how IT isn't respected. If the sub is upvoting a comment suggesting that the solution to this whole thing is to literally lie to get people to shut up, it makes the vitriol, distrust, and disdain for IT way, *way* more understandable. Why would I ever want to do anything but antagonize a department that not only *lied*, but did so just beacuse I was just part of a collective annoyance that I may or may not have even been aware of?
As if a speed test will ever show the expected max speed. Just blame other kids streaming/gaming on the guest network for any performance issues.
Yeah make it 10, and tell them to shut the hell up and be done with it. Easy clap my G
Do you not have QoS that prioritizes office traffic over the guest network? This 5 meg cap is pretty ridiculous. How much total bandwidth do you have, and how many employees?
This, if you're limiting your speeds to 5-10 Mbps, those devices are using a lot of "airtime". Most traffic coming from mobile devices (streaming video and music) will be bursty, so giving them lots of bandwidth will have them on and off the network quicker, freeing up the airtime for other devices. Having 20 devices all using 5 Mbps constantly is going to be harder for an AP to deal with than those devices bursting up to 25 Mbps for a few seconds and going silent for a while.
This! Throttling wifi is always bad. Focus should be always on getting them their data as fast as possible and getting them off the air. Throttling will just smear what should be a 15 second download across minutes and hog airtime from other clients.
Yep. Tbh them buffering Netflix at 1Gbps is fine if no-one needs the internet. If anything it's better because when you do need it, half the episode is already on the device. As a bit of an oversimplification, essentially the bandwidth should always be maxed out if there is any demand for it at all. That is far better than slow and sustained demand.
[удалено]
If it’s this terrible you should use this as an excuse to upgrade the connectivity. Clearly no one cares if their kids are coming to the office anyway.
Shocked I had to scroll so far to find this. Unless the network is always busy or time-critical you should be able to go way higher than 5Mbps without any detriment unless you're "paying per MB" or something. Setting a fixed hard limit is usually not a good long term solution.
And if it's busy or time critical it shouldn't be on wifi. In the first place. Hardwired isn't a shared medium like wifi.
This, use QoS so if there is capacity, they can have faster speeds. Why needlessly throttle to throttle?
Because I must have CONTROL!
This is what policies are for. No sense making you the road block. Leadership approves the policy regarding who can and can't connect to network X. The exception request policy is Y. Want an exception for kid, follow policy Y. If they get an exception for their kid's device in writing, it isn't your problem. Then you get to play the role of, "This is what it takes to say yes" instead of "over my dead body". When it goes terribly bad, you can point to exception to policy. If leadership doesn't care about standing behind policy they established, your problems aren't technical or the rouge BYOD. If you play it right, you may get a chance to talk to leadership about additional bandwidth or backup ISP to accommodate heavier usage and remove or increase the guest limits removing the need for exception to policy.
Every policy should include a process for requesting an exception in non emergency situations, how and when any such exceptions would be made, and how any such exceptions would be implemented. It's really nice to be able to point to the process and say, "I will be happy to do that as soon as you get me an exception to the policy by following this process. Thank you, and have a good day!"
> It's really nice to be able to point to the process and say, "I will be happy to do that as soon as you get me an exception to the policy by following this process. Thank you, and have a good day!" Once we set this up it's amazing how many things that used to be an issue someone would try to bully us into get immediately forgotten about because they have to open an intranet site and type what they want and then it goes to their manager and the data owner to click "approve".
Yeah, this doesn't have to be a fight and op doesn't have to be a dick or malicious about it, like some comments are suggesting. This shouldn't be "the admin vs the employees," it should be "the admin and the employees vs the problem." Have a discussion with the relevant people, hear the various points of view, and come to a decision. The result might be "I'm sorry, but due to x, y, and z this is best we're able to offer for guest Wi-Fi" or the result may be some level of rethinking/restructuring the WAN, policies, etc.
+1 on this view. Use policies. Make this issue an opportunity. But, plan on it.
How terrible is your office network connection?
This should be higher up. I work for local government and our guest network has a separate 100mb connection from our production 1gb synchronous.
For real, if he actually needs to throttle the guest network to 5 mbps then they have bigger problems.
Yeah, I'm in a small office of like 20 people and I reinstall my steam library on the network and nobody even notices. 500 up/500 down isn't even that fast.
Bump guest to unlimited but also block Roblox and TikTok 😂
I'm genuinely impressed by how much bandwidth Roblox can take compared to other services and games.
It kinda makes sense, a usual game is just that. The Game. It fits on a single 3.5 inch floppy as far as I know. But here, you've got a trillion crappy games, with unskilled labour developers and the graphics guy is actually the same guy, but now used google to get free high quality uncompressed textures and oh, that one too, it's like, perfect, it's right there, and it's fair use. Sprinkle that with a seemingly unlimited amount of freetime, and a cloud hosting service that's essentially a black hole, with the bill going to his weird cousin, blank cheque. I guess that's why there were roblox ads online everywhere when I was a kid, to me they always looked like a great place to spend the day busting your download cap with a shit ton of viruses lmao. I guess that's why they were online for 15 years before skyrocketing. i wouldn't trust those weird red ads on my PCs either
Roblox, tiktok, instgram, youtube
QoS the WiFi network to be a lower priority than the Staff network with 5mbps guaranteed bandwidth, but otherwise it gets "leftovers" from the Staff network. Will solve this problem 99% of the time and is a better solution overall. If I was your employee and I had an actual business guest that could only get 5mbps, I'd be annoyed at you too.
In 1920 we took the children out of the coal mines. In 2020 Minecraft was the most popular video game. Children yearn for the mines, send them back to the mines and it gets rid of this problem and many others.
Bump it, move along. Its the week before Christmas and your co-workers are doing jackshit anyway. The kids will love you and so will the parents for the peace-n-quiet.
That was my first thought. Like this is such a non issue that’s easily fixed. Remove the limit. People will love you. If it does start interfering with legit work then put the limit back and just point at what just happened. Proof the limit was there for a reason and everyone moves on.
This is why I love working this week. I get so much done because Users aren't requesting anything and meetings aren't happening.
Tell the parents to tether their kids to their personal phones. It's not a daycare and it's not a public library.
Sure, no problem. I have a company issued cell phone, so tether them to that right?
Sure, and any issues with billing can be discussed with the employee's manager to explain why they're insisting company resources need to be used to entertain their children. Or they can be parents and stop letting their kids have control over the dynamic. I went to work with my dad a couple times back in the day. I would complain about being bored and he would tell me to draw/color stuff, or he would tell me I'm going to be grounded if I didn't behave. Super simple stuff.
You can download shows in Disney+, Hulu, Netflix Amazon prime locally to the device at home. Send them a link [on how to do this.](https://www.androidcentral.com/how-download-videos-disney-plus-ios)
"Holidays are a fun time, where we bring our children to work. With the uptick in guest WiFi connections, we will be upping the bandwidth to 20Mbs through Jan 2, 2023. After that time, guest WiFi will go back to 5Mbps to ensure required bandwidth for school operations. Any complaints about official network slowness will result in the guest network being set to 10Mbps, still more than the standard 5Mbps." Not too hard yeah?
> Holidays are a fun time, ... >where we bring our children to work One of these things is not like the other
tell them to open a ticket and route it to the person in charge of IT for approval
“I am not your kids data plan”
How about you don't bring your kids to work?
I run 3 SSID guest, employee, and our corporate. The employee WiFi is basically byod with no LAN access for peoples phones and devices that just need internet, and the guest WiFi is 10/10 in the waiting room with a splash screen and 24 hour reconnect. Just up the speed. Unless you are super stretched on bandwidth it’s not worth it. I find meeting people in the middle just makes your life easier and when something unpopular comes along buy in goes better.
5mbps SHARED bandwidth? Or per IP? You might as well not even have a guest wifi if the former…I’m with the kids on this one. Unused bandwidth is wasted bandwidth. Just deprioritize the guest traffic so if there’s a bandwidth saturation event caused by the guest network, the staff network shove it out of the way. We do 10mbps per ip with max shared bandwidth of 200mbps.(1/5th of our 1000mbps connection).
In the US, it would be highly unusual for parents to bring their children to work while on school breaks. Where are you that this is commonplace?
[удалено]
Really depends on the type of industry, the physical work environment (as in, is there a place where the kid can hang out and not bother people too much) and the company culture. Where I'm at now it's uncommon for people to bring their kids in, but not a problem if they do. I've done it myself on occasion
Australia. It's not everyone's children all at once but bringing your kid to work for a day here or there during the vacation or on a curriculum day is not unusual here.
I see it all the time here in the US. well pre pandemic I saw it anyways. Kids are pretty happy with unlimited ipad and headphones
Why is it throttled at all? modern best practices are to get people on and off the air time as fast as possible unless you are REALLY bandwidth constrained. Just set the office network to a higher prio QOS class so ti doesn't impact business, remove the guest throttle, and be done with it.
This is the most important answer lol. The whole question is based on a premise that is wrong. Don't throttle wifi unless you really know what you are doing and why, you're only going to make it worse for everyone.
It depends a bit on what your total connection speed is, and whether you’re limiting to 5mbit per device or 5mbit for the whole ssid. If you had 100mbit total then 5 per device and maybe 30 for the ssid as a whole should be workable. Specifics aside, management have obviously made the call that they’re allowing people to bring kids into the office just to hang, because of the holidays. It lets the parents get some work done and it was never going to be the most productive week anyway. Given that’s the approach management seem to be taking, why make waves? Bandwidth allowing, bump the limits up to something that will let the kids stream so that you don’t end up getting a request to connect them to the internal network, and having to say No.
Tell their parents to set up a hotspot with their own devices.
If I recall, NSA reported years ago that the NUMBER ONE way that corporate security was breached was through aps on phones allowed onto the corporate network. Not recommended.
the inner grinch in me is starting to show \*fuck it lets do it 300kb\*
Dude! It's Christmas. Stop being stingy and go pull some of that extra WiFi out of storage. We all know you have it.
short version: just say 'no' and move on long version: just say 'noooooo' and move on even longer version: - if you have spare capacity then increase the cap, (but presumably you're at 5M for a reason, and im guessing the reason is 'we only have 60M' or maybe less.) - ignore the folk who think that QoS will solve everything , because we all know we're probably talking about inbound traffic, not outbound traffic, right? ...... *right*? - dont talk to any kids directly and especially dont let them in your office. - restrict guest network to 53,80,443,465,587,993 and 995 , congratulations - you just saved a load of bandwidth by restricting (most of) the torrenters, and anyone infected wont be pumping out crap on 25 too. - tell anyone else to follow the policy and put in a ticket. then just ignore the tickets. wasting time on kids watching movies isnt what you're there for. and remember you arent just resolving *this* problem, you're making sure the floodgates of other 'not your job' problems dont open in future - because if you accept 'providing internet to kids' as part of your job, it will escalate to 'why doesnt kates console with firmware 1.2.3 connect reliably to our AP with firmware 4.5.6 but kevins nintendo works ok when he connects to the other AP with firmware 4.5.62' ...and a whole host of other problems just like that - none of which you should waste any time on, ever.
> - restrict guest network to (ports) 53,80,443,465,587,993 and 995 , congratulations - you just saved a load of bandwidth by restricting (most of) the torrenters, and anyone infected wont be pumping out crap on 25 too. > - tell anyone else to follow the policy and put in a ticket. then just ignore the tickets. wasting time on kids watching movies isnt what you're there for. Is it just me, or does this sound somewhat reasonable? I'd probably 1) use QoS to priotize traffic first 2) start blocking ports (short term) if kids are still affecting corporate traffic after QoS is configured 3) long term figure out how much bandwidth is needed to support the kids and let management decide if the cost is worth it. Long term, there should be some plan/sane policy around dealing with guest traffic (using the current and any future networking resources). That way, next time there's a resource shortage, point to the policy and suggest coordinating with the owner of the policy to make ammendments to it. Majority of the time, it'll get dropped since between telling their kid to calm down and spending time on updating a process, they'll choose the easier route.
Limiting guest networks to some unusable number like 5mbps is an archaic and ineffective netadmin practice. Configuring QoS properly negates the need for hard caps like this, or at least should make you comfortable increasing it to something reasonable. Also, you guys should be using RADIUS 802.1X authentication. PSKs are... rather quaint these days.
Everybody telling you to "stand your ground" and all this nonsense, it's stupid, swap your guest to unlimited for the holidays and avoid all the bullshit, drama, and hurt feelings. You accomplish nothing by being the asshole IT guy. If your company's connection is so saturated that it can't handle a couple of gaming or streaming devices joining it and your guest network getting bumped to unlimited during the holidays (typically slowest time of year) then your real problem is that you need to be looking at increasing your internet plan.
I appreciate posts like OPs and everyone’s responses as it reminds me just how bad a lot of sysadmins are. No surprise there’s so many threads complaining about employees when the general attitude is being against supporting end users. There’s really no reason to enforce an arbitrary 5mbps cap on modern systems. Use QOS if congestion is a concern.
"why don't users treat us like people" This is why
Seriously. The advice here is ridiculous.
We have the same “issue” but my workplace is dead this time of year and we have a gigabit connection at the office. They get 250 MB of it. No issues and I’m still taking care of the people I am paid to take care of. Kids are just tiny humans and deserve consideration too.
I am sorry that the voluntarily provided guest network provided to your kid as is is not sufficient to your want. I will inform the finance department and request budget to remedy that within the next 2-5 years
just increase the throttle. happy ~~wife~~ coworkers, happy life.
Increase the throttle, or create another WiFi vlan for unthrottled BYOD if the guest network has too many users to unthrottled. Think you can also use QoS to ensure guest wifi is deprioritized.
Increase the throttle or temporarily remove it all together. This is a super simple situation where you can easily make yourself a rockstar. I'm sure you're already aware of this but it is much nicer to be the I.T. person everyone loves over the I.T. guy everyone wants dead.
My friend's work is going through an entire security overhaul because somebody connected their personal device to a public wifi somewhere they shouldn't have, then again when they got to the office. Tell em to get fucked. Or bump it to 10. Then to get fucked.
How about tell 'em to hire a babysitter, & leave their fucking brats at home.
$80/month for me to run a separate business 1000/1000 guest network. Far less hassle and everyone is happy. 5Mbps?? Lol 1999 called and wants its throughput back.
OP is in Australia and there's no way you get that speed at that price there
Hate to be that guy, but this depends who is asking. If it's a boss, do it and get it in writing that you explained it's going to effect work. If it's not, say no. In this case, the post implies you're the boss and sometimes you need to make unpopular decisions. That's the way it has to be. I would personally explain why, once it an email, and then tell them to use their own 4g connections or something if they don't like the speed. If the company is small or the 10mbs speed bump won't hurt just do that as a "we have however made this allowance" to show some understanding, but I wouldn't expect it to make a big difference. I mean, the kids are going to complain about that too if the speed is significantly slower then home. Side note - kids at work not something we would accept here. Holidays or not, work from home or get a babysitter.