Recently I created two wireless vendor UI walkthroughs and thought they would be worth sharing with the NCI crowd.

The first walkthrough is of the Meraki Systems Manager. This feature is built-in to the Meraki Enterprise Cloud Controller and offers a fairly extensive set of MDM features to Meraki customers at no extra cost.

The second walkthrough is of the Aruba Instant Virtual Controller UI. The Instant architecture does away with hardware controllers, feature licensing, and even simplifies the administrative experience.

I hope you find the videos interesting. As always, if you have any questions, or would like a live demonstration please do not hesitate to contact us.

Daniel

Bonus Marks: Did you spot the hidden surprise in one of the videos?

Permalink | Leave a comment  »

The time has come. Today, one of NCI's own will head to San Jose to attend the Wi-Fi Mobility Symposium and then be a delegate at Wireless Field Day 2!

This promises to be an amazing event and we are thrilled to have one of our own attending. Just look at the schedule:

Wednesday, January 25 - Wi-Fi Mobility Symposium

This event will cover important topics such as: Mobile Devices & BYOD, Gigabit Wi-Fi, and Hotspot 2.0.

Thursday, January 26 to Friday, January 27 - Wireless Field Day 2

Two days of in-depth, technical presentations and discussions with many of the wireless industries most exciting vendors (in order of presentations): Aerohive, MetaGeek, Ekahua, Meraki, Aruba Networks, HP, and Ruckus Wireless.

This even will also be streamed live (see display below):

NCI looks forward to sharing all that we learn from this event with our current and future clients. Wireless networking is set to really explode in 2012 and we are proud to be right in the middle of it!

The NCI Blogging Robot

Permalink | Leave a comment  »

I was originally going to post this in January, but I just couldn’t wait any longer. From January 25^th to 27^th, I will be a delegate at Wireless Field Day 2 (WFD2) in San Jose, CA.

My day job focuses primarily on Aruba Networks and Meraki, but I have always made an effort to keep up-to-speed with what everyone else is doing in the wireless industry. WFD2 will be a tremendous opportunity to do so. Sponsoring vendors include:

• Aerohive - @Aerohive
• Aruba Networks - @ArubaNetworks
• Ekahau - @Ekahau
• Meraki - @Meraki
• Metageek - @MetaGeek
• Ruckus - @RuckusWireless
• HP - @HP_Networking

If the opportunity to get all these vendors in the same room and have a pointed, no-BS discussion about wireless technology wasn’t enough, there’s more! Along with the vendors, there will also be a list of delegates that is nothing short amazing! So far, delegates include:

• Marcus Burton, CWNP, @MarcusBurton
• Sam Clements, SC-WiFi,  @Samuel_Clements
• Rocky Gregory, Intensified,  @BionicRocky
• Tom Hollingsworth, The Networking Nerd,  @NetworkingNerd
• Jennifer Huber, Wireless CCIE, here I come!,  @JenniferLucille
• Blake Krone, Digital Lifestyle,  @BlakeKrone
• Chris Lyttle, Wifi Kiwi’s Blog,  @WifiKiwi
• Andrew vonNagy, Revolution Wi-Fi,  @RevolutionWiFi
• Daniel Cybulskie, SimplyWifi - NCI, @SimplyWiFi

That’s a lot of wireless knowledge to cram into a single room. Seriously, my Wi-Q will increase just by hanging out with these people for a few days – awesome!

I’ll be tweeting and blogging during the entire event to help make sure that everyone gets to benefit from this amazing event. If you’re interested, you can also check out the official WFD2 channels.

Dan C.

Be sure to check back for more news on WFD2 as we get closer to the event date.

Permalink | Leave a comment  »

Question: What happens when two vendors work together with the common goal of making your life easier?

Answer: Your life gets easier.

Here is a quick ~5 minute video showing the integration capabilities between Aruba Networks’ Amigopod and Palo Alto Networks’ User-ID Agent. Aruba and PAN have allowed their systems to share user-ID information between each other; the benefit to you is that users can receive the same user-based firewall policy whether they are connected via wire or wirelessly. Watch the video, you’ll see what I mean.

Pretty neat stuff, no? Tight integration between wired and wireless solutions is going to be very important as we move into 2012. It’s good to see that some vendors are not only working on expanding their own offerings, but also taking the time to ensure that they play nicely with others.

Dan C.

We’d love to hear what you think of the video. Please leave a comment or contact us with your thoughts, comments, or questions.

Permalink | Leave a comment  »

Every day, innocent wireless controllers are framed for crimes they didn’t commit. This is the story of how one WLAN controller was falsely accused of connection murder…

The Crime Scene - WLAN Connection Murder

Testimony: A user is having difficulty connecting his brand new laptop to the lab WLAN using WPA2-PSK. He has been able to connect to the corporate WLAN but all attempts at the connecting to the lab have failed. Also, the user has been able to connect to other WPA2-PSK protected networks in the past. 

Prime Suspect: Bystanders report seeing a WLAN Controller fleeing the scene.

Investigation performed by Detective @SimplyWifi

Are other clients having a similar issue? - No.

Are there comments in the controller’s release notes regarding this issue? – No.

Had client submit to a connectivity test and sent logs to the lab for analysis. Lab results below:

Deauth from sta: 24:77:03:xx:yy:zz: AP xxx.yyy.yyy.zzz-00:24:6c:aa:bb:cc-NameChanged-AP Reason Unspecified Failure

 Offender Profile

Based on the resulting debug lab results, it was determined that the wireless client was successfully connecting. However, it would immediately disconnect itself due to an: ‘Unspecified Failure’. The important take-away was, the controller was not initiating the disconnect; it was the client deciding to disconnect. This information allowed the detective to provide the following offender profile:

Age: Less than 1 month old.

Height: ~1 ft.

Build: Standard corporate image.

Behavioural Patterns: The offender is highly mobile but tends to spend a lot of time resting on a docking station on a desk. When connected to the docking station, the offender will likely be physically connected to the wired network via an Ethernet cable.

The Takedown

The offender was located and, as predicted, it was found connected to a docking station. Upon removal from the docking station, the client was able to successfully connect to all corporate and lab WLANs. Detective @SimplyWifi told reporters: “This is another tragic case of the victim turning out to be our perp. Once we started looking at the evidence, it was clear that the WLAN controller was being falsely accused. After that, it was a simple matter of following the evidence back to the victim.”

Final Comments:

In this case, it turned out that an application on the client was blocking the ability to connect to both a wired and wireless network at the same time. As is usually the case, the issue was a client-side issue and required no controller changes to resolve the issue. It serves as a great reminder of the importance of performing detailed victimology in any wireless investigation.

Dan C.

Do you have a story about spending time troubleshooting the WLAN controller only to eventually determine that the issue was with the client? If so, we’d love to hear it in the comments section. Also, if you are having troubles resolving issues on your own WLAN, please contact us and we’d be happy to assist.

Permalink | Leave a comment  »

If you’ve read any of my previous blog posts, you have probably noticed that I make an effort to confine my posts to vendor-neutral topics. However, every now and then I come across vendor-specific technology implementations that are so cool that I just have to say something about them. In this case, it is DHCP fingerprinting by Aruba Networks.

Without getting into too much technical detail, this technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address. This feature is really cool because it means you can allow a user to connect to the same ESSID (read: wireless network), using the same username/password, with a variety of different devices, and get different levels of access depending on the specific device type. For example, if the user connects to the WLAN with a company issued laptop then they get access to the internal network. However, if they connect using an iPad they get Internet access only. Didn’t I say this was cool?

Enough typing, I recorded a little demonstration of DHCP fingerprinting for your viewing enjoyment:

As BYOD becomes more prevalent, I think we are going to start seeing technologies like this popping up all over the place. This is a good thing since it gives administrators the ability to allow BYODs onto the network without having to give up on security and control.

Dan C. 

How do you deal with BYODs in your environment? If you have thoughts or comments regarding the proper way of dealing with BYODs please share them in the comments section. Also, as usual, please share this post with others if you found it useful or interesting.

Permalink | Leave a comment  »

Back in August I posted my thoughts on some different ways to measure the success of a WLAN deployment. My main argument was that we needed to start finding ways to measure the overall user experience (UX) in addition to all the speeds and feeds. To my delight, my thoughts were generally well received in the wireless industry and the overall consensus was that UX should be one of the primary concerns when designing a WLAN. With that in mind, I think it is time to take this to the next level and try to come up with a standard way of measuring and communicating the UX of a WLAN; I call it the Universal Wireless User Experience Index (UWUX).

To highlight the potential value of this type of index, begin by asking yourself the following two questions. If you answer yes to either of them, then having a UWUX could have helped you.

1. Consultants: Have you ever tried to talk a client out of certain WLAN UX design choices but failed because you couldn’t find a way to communicate just how user-unfriendly their WLAN was going to turn out?
2. Administrators: Have you ever been forced to go back and redesign the way your end users register, sign-in, authenticate, and gain authorization to your WLAN after it has already been deployed? Was it, by chance, because the users complained that the WLAN was just too hard or complicated to use?

As I stated above, having a standard way of scoring the UX of WLAN and showing how it compares to other networks could be a very valuable tool when it comes to design and deploying an end product that will live or die by the opinions and comments of the end users. Imagine being able to demonstrate how requiring proxy settings changes on an uncontrolled guest WLAN will lower the UWUX score below a certain threshold; resulting in a dramatic increase in helpdesk requests. The results could be shown in a numerical format and a graphical scale formatso that anyone could understand regardless of technical knowledge.

The benefits of the UWUX Index increase dramatically as more people adopt it. It’s a lot like IQ scoring since no single score has any real meaning. Only when we compare a score to the rest of the scores in the index are we able to start deriving meaning. It's because of this that I’ve decided to share my plans with the community in the hopes that there will be others who want to help design a universal index that can be used by all WLAN professionals and administrators regardless of company affiliation. 

Will it be a challenge to come up with repeatable measurements? Yes.

Will it be hard to create an index that serves everyone’s needs? Yes, but the goal is to have an index that serves most common needs instead of all needs.

Will the end result be incredibly useful? Time will tell but I think the answer is yes. In my opinion, if the end result is that we all focus more on designing for user and business needs, then it is well worth it.

More to come…

Dan C. (@SimplyWifi)

If you would like to contribute ideas on what the UWUX Index should include please feel free to leave a comment below, DM me, or contact me through our website. I already have some ideas but am in the very early brainstorming stages so all ideas will be considered. Also, if you think this could fly, please retweet or share the post with WLAN, UX designers, or end-users so that we can gather ideas from as many different viewpoints as possible.

Permalink | Leave a comment  »

I’ve said it before and I’ll say it again, the worst thing that can happen to the wireless industry is commoditization. Specifically, when I say commoditization, I am referring to the thinking that all WLANs are the same so we should just put out an RFQ and go with the lowest offer. Or, even worse, the quality of the WLAN can be determined by the price tag so we should just buy the most expensive solution we can afford. I’ve seen this happening more and more in the information security industry and I refuse to let it happen to the wireless industry without a fight. After all, look at all the good that commoditization has done for the state of security today.

Take a look at any industry and you will see examples of good products and bad products, feature-rich solutions and feature-poor solutions, feature-focused and unfocused solutions. There will always be a broad spectrum of craftsmanship to choose from but that doesn’t mean you can predict how well the solution will perform just by looking at the price tag. For example, give me a brand new Steinway & Sons Concert Grand Model D and I will play you a horrible rendition of Three Blind Mice. Take that same piano and give it to someone like Nora Jones and she’d play something that is much more worthy of such a fine instrument. When it comes to music, you can’t buy talent. Either you can play the piano well or you can’t and no amount of money is going to fix that.

The same holds true for WLANs. Either you, or your consultant, can design a WLAN properly or not. Give a skilled WLAN professional a low-cost WLAN solution and he/she will still be able to give you a functional and somewhat efficient WLAN. Conversely, give the top-line WLAN solution to an unskilled person and they will give you the type of WLAN disaster that will be used as a cautionary tale to others for years to come. How is this possible? The answer is quite simple, really. I’ve broken it down into three parts below:

1. A skilled WLAN professional has a deep understand of the underlying technology. Instead of just learning which checkboxes to select, a WLAN professional makes a point of knowing what happens under-the-hood when any given checkbox is selected.
2. A skilled WLAN professional probably has more experience deploying WLAN solutions. Remember the old saying: Practice makes perfect.
3. Lastly, and this is probably the most important reason, a skilled WLAN professional designs a WLAN with the intention of fulfilling specific business needs instead of just to implement the latest and greatest technology. Start a WLAN deployment by focusing on why it is being deployed instead of on what is being deployed and your chances of a successful deployment will increase dramatically.

We owe it to ourselves not to let commoditization get the best of our wireless networks. Maybe you have the budget for the Concert Grand Model D of WLANs and maybe you don’t. Focus on your business needs and you may find that a regular run-of-the-mill up-right piano is all you really needed to make beautiful music.

Dan C. @simplywifi

Are you currently stuck in the piano store staring, wide-eyed at all of the choices? You’re not alone. Leave a comment or send us a message and we would be happy to discuss your business needs and get you started down the road to wireless success.

Permalink | Leave a comment  »

A while back I delivered a short wireless security presentation, at a Toastmasters meeting, designed to explain a technical subject to a non-technical audience. The presentation went well enough that I’ve decided to record a modified version to place here.

This video is a very high-level explanation of how wireless networks operate. This is by design as I want to keep the information accessible to everyone and not just to those individuals who already have a deep technical understanding of wireless networking and information security.

Dan C.

Do you have additional tips for protecting yourself from this type of wireless attack? Leave your tip in the comments section and, as always, please be sure to share this post with anybody you think would benefit from viewing it.

Permalink | Leave a comment  »

A while back I wrote a blog post explaining how an antenna works when it is connected to a wireless access point. Today I’m going to add to that lesson by explaining The Rule of 10s and 3s. Essentially, you can use this rule to figure out what your transmit power is going to be when you add various connectors, cables, and external antennas to your access points. Without further ado:

Please remember that using The Rule of 10s and 3s does not give you exact figures. It should only be used to perform rough calculations. Also, this video is not intended to be a technical deep-dive into the field of RF mathematics. Instead, my goal is to explain the basics of a complex topic so that almost anyone can understand it. (I’ve assumed knowledge of milliwatts and decibels though).

Dan C.

Bonus marks if you can explain why having this knowledge is important for anyone working with WLANs. Leave your answer in the comments section and share this video with anyone you think might benefit from knowing this rule.

Permalink | Leave a comment  »

Dear Potential Friend,

I really want to be your friend. In fact, I want to be the kind of friend you can count on to tell you the truth no matter what the consequences. It's with this thought in mind that I am forced to tell you that, and this may sting a little, you have completely lost your mind by deciding to deploy fifty home wireless routers in an attempt to become a wireless enterprise. There, I said it. For a few moments I thought about allowing you to experience this life lesson for yourself, but then I remembered what my grampa always used to say: "There's two things friends should never do. First, friends don't let friends use home wireless gear to perform enterprise deployments. The other thing friends never do is talk while I'm trying to watch TV. Won't you be my friend?".

It's the first thing that grampa mentioned that forced me to write you this letter. I couldn't, in good conscience, let you go through with this terrible mistake. Here's why (I've enclosed a picture of grampa. If it helps soften the blow you can pretend he's the one talking):

1. Hardware Quality - Home wireless routers are made to be affordable for personal use under average personal circumstances. The hardware used is not as well tested as enterprise gear, is generally not as sensitive, and is not as rugged. Also, home gear is usually designed to sit on a desk and not to be mounted on walls or ceilings. As such, home gear is probably not plenum rated like a lot of enterprise gear.

2. Management Interface - Home gear usually has a nice web interface you can use to configure your network. This works great for a single access point, but you are going to waste an entire day logging in to all fifty access points just to make a single configuration change. Enterprise gear is designed to allow easy configuration from a single console for all access points. Log in once, make the change once, and log out. Simple.

3. Channel and Power Management - Wireless networks operate over a shared-medium. Your access point's signal is transmitting through the same physical space as your neighbours signal. This means there is bound to be some signal interference. Home routers have very poor capabilities for handling interference. Usually the only control you have is channel selection and maybe, if you're lucky, transmit power. Do you really want to log in to every access point and manually adjust these settings on an hourly basis as your environment experiences different levels of interference? Enterprise wireless gear does this stuff for you. It's designed to tune itself so that you only need to get involved in the really tricky situations.

4. Power - Enterprise access points can be powered via the ethernet cable (PoE). You can do this by using PoE-capable switches or mid-span PoE injectors. Either way, you don't need to worry about how you're going to run an extension cable from the access point's location in the middle of the ceiling to the wall outlet behind a desk.

5. Features - Home access points are great for getting home users on the Internet because home users usually have very basic requirements: get me on the Internet, and keep me on the Internet. My friend (can I call you that yet?), I could tell you wonderous stories of the features I have seen on enterprise-grade solutions. These solutions can give you different levels of access based on who you are, where you are, which device you are using, and what time it is. These solutions can drop your traffic directly onto the local network or even send it through an encrypted tunnel to a completely different location without you even noticing. Deploying a wireless network in an enterprise is not the same as deploying one for your home. Considerations must be made for each different user, device, and circumstance and I just don't think you'll be able to keep up with your home access points. There are so many more feature I could write about but I think you get the point.

6. Security - How long does it take you to change the WPA2 pre-shared key (PSK) on your home access point? Now take that time and multiply it by the number of access points you have. That is the level of pain you are going to experience each time a contractor, guest, or employee leaves your company. Not to mention routine PSK changes as a matter of policy. (If you're doing the math, that's a lot of passphrase changes). So, you can either hire a co-op student to constantly change the PSK and notify every employee, or you can use an enterprise-grade solution that allows you to do away with pre-shared keys. That's right, imagine having users connect to the network using the same usernames and passwords they use to log into their computers. Imagine being able to provision individual logon credentials for guests, contractors, and employees who bring in personal devices and want to get online. Again, I don't think you'll be able to keep up with those home access points.

I know home wireless gear is the 'right price'. I get it, but good wireless networks are not commodity items that can just be picked up off the shelf and plugged in. Every wireless network is different and you are going to need to invest in a proper solution that meets and adapts to your specific needs. Sure you can save a few upfront dollars by sourcing home access points, but I think you'll find the additional cost, in dollars and time, of tearing down that deployment because it doesn't work and is too hard to manage, is not going to make you too happy. My potential friend, I urge you to heed my advice by not trying to design by dollars. Leave home (commodity) gear in the home and use the enterpise gear for your business. 

Yours Truly,

Dan C. (My friends call me @SimplyWifi)

P.S. If, after reading this letter you feel that we can still be friends, I'd love to hear back from you. Please send me a letter, or leave a note in the comments section below with any thoughts or questions. Also, please subscribe / follow us and share this with others so you can save them from making the same terrible mistake. 

Permalink | Leave a comment  »

I've recently come to the sad realization that most technical experts are using the wrong measurements to determine the success of a WLAN deployment. Don't get me wrong; measuring things like throughput, SNR, retry rate, and authentication/re-authentication times is very important. What I'm saying is: these are all measurements used to determine if the hardware and software components are playing nicely together. Am I the only one who finds it disturbing that we claim to design networks for people to use but we don't have a good set of measurements to determine if the 'people component' plays well with the hardware and software components?

It would seem to me that the success, or potential for success, of a WLAN deployment is largely determined by the end-users. If the people components don't jive with the infrastructure components, then your WLAN deployment will fail. After all, what is the use of having a fancy WLAN if nobody uses it? Let's look at a few of the current measurements available to us:

1. Throughput - Using an application like iPerf, we can get some very accurate figures on just how much data we can cram through our wireless pipe. Higher Mbps values mean faster uploads and download speeds.

2. Retry Percentages - This measurement is important because a high percentage of retry frames means something is not right. There could be a major source of interference, hidden nodes, LAN-side cabling issues or any number of problems forcing your wireless clients to have to constantly have to repeat themselves. The goal is to have a very low retry percentage.

3. Latency - Just how long does it take your data frames to get from point A to point B? If latency is too high you'll notice some applications start to act a bit flakey. A good example of this is VoIP: high latency leads to jitter and dropped calls. When it comes to latency you don't want to shoot for the stars because they are far too high. Instead, shoot for the floor since it is nice and low.

I could go on, but giving a summary of all performance measurements is not really the purpose of this post. All I am trying to show is that the current measurements are only designed to give us very technical details about the infrastructure and not about the end-users. If we truly want to determine how successful our WLAN deployment is going to be, I propose a few more measurements:

1. User Awareness Level - Are the users even aware that your WLAN exists? Are they aware of where it exists? Who to contact if they have issues or questions? Add 1 point each time you answer no and aim for a score of zero.

2. Barriers to Entry - How difficult is it to get started? Which credentials are required and how do users go about obtaining and configuring them? Does the WLAN work with native wireless supplicants or will users need to install additional software? If your sign-up process requires a lot of technical knowledge or technical staff intervention, then you've got a very high score. Hint: High scores are evil.

3. Number of User Interactions - From the moment the user decides to connect, to the moment they open their first website, how many user inputs were required? Lowering the number of items that users have to click or enter each time they connect will dramatically improve user satisfaction and adoption.

While infrastructure-focused measurments are very important, we should not allow ourselves to believe that they provide any real insights into the success of a WLAN initiative. The majority of WLANs being deployed are supposed to be making it easier for people to live a mobile lifestyle. Taking some time to think of the users, before and after the technical work begins, should be a mandatory step in any WLAN initiative. Applications and infrastructure care about Mbps, retries, EAP types, and other technical mumbo-jumbo. Users care about the experience. Get it right by measuring both and I predict a successful WLAN deployment in your future.

Dan C.

Do you have any thoughts on what should be measured regarding a WLANs performance, effectiveness, and success? I really like to hear what you have to say on this topic. Leave a note in the comments section or share this post with your colleagues if you feel this is worth further discussion.

Permalink | Leave a comment  »

A quick look at the June and July usage statistics from the Milton Public Library guest wireless network reveals some interesting statistics regarding device usage versus data usage. Based on the past two months, iDevices (iPhones, iPods, and iPads) tend to have a much smaller data usage footprint than standard laptops.

First let’s look at the number of unique devices that connected to the guest WLAN in the month of July. Not surprisingly, iDevices accounted for 45% of all devices using the guest network. This can be attributed to the portability of these devices compared to standard laptops.

When we look at the total data usage by device type we see that iDevices only accounted for 19% of the total while laptops accounted for a disproportionate 80% of all data usage in July. This indicates that, while more popular and abundant, iDevices are not putting as much load on the guest WLAN infrastructure and data pipe as standard laptops.

Why the discrepancy?

There are several reasons why iDevices currently use far less data than their laptop counterparts:

1. Mobile versions of videos and other web-content are generally smaller than the full-sized, HD versions being consumed by laptops.
2. Application updates on laptops are generally much larger than on iDevices.
3. OS updates can occur wirelessly on laptops and not on iDevices (this will be changing very shortly in iOS 5).
4. People tend to use laptops and desktops as their primary file-sharing platforms rather than iDevices due to functionality and storage limitations. That being said, peer-to-peer networking did not make the top 10 list of apps used on the MPL guest WLAN thanks to some well-defined traffic shaping rules.

What’s Next?

Apple’s iCloud service might take iDevices from ‘low data consumption’ status to ‘high data consumption’ status in the next few months to come. There is potential for a huge increase in data usage for these devices as more and more people take advantage of iCloud’s music syncing service. The month of June saw iTunes related traffic account for 3.3% of all guest WLAN usage. This grew to 8.2% in the month of July. It will be interesting to see just how much higher this percentage will climb in the near future. If the climb does occur, iDevices may be shifted from the ‘best friend’ category to the ‘worst enemy’ category rather quickly.

Dan C.

I would like to thank the Milton Public Library for allowing me to reference their WLAN statistics. Without their assistance, this post would not have been possible. If you have any questions or thoughts on this post please leave a comment.

 

Permalink | Leave a comment  »

For some people, learning the RF antenna connector names can sometimes be the most complicated thing about deploying a wireless network. If you are doing an indoor WLAN deployment and your access points have integrated antennas then you have spared yourself the joy of learning connector naming conventions. For those organizations requiring external antennas, the task of keeping all the connector types and names straight can be a somewhat confusing task to say the least.

With this post, I hope to provide a bit of clarification for anyone who is struggling to determine the connector types needed in their WLAN deployment. Here are a few connector types/names accompanied by some tips on how to identify them. (My apologies for the relatively limited selection of connector types but I'm writing this from a hotel room and using my phone to take pictures of the gear I have with me.) :

See the full gallery on Posterous

1. RP-SMA Plug (RP = Reverse Polarity and SMA = Sub-Miniature Type A). You'll note that it has a female inner-receptacle and inner-threading. 

2. RP-SMA Jack. This connector has a male inner-pin and outer-threading. Another name you might see associated with this connector is: RP-SMA Socket.

3. Type N Plug. This connector has a male inner-pin and inner-threading. Another name you might find associated with this connector is: N-Type Plug.

4. Type N Jack. It has a female inner-receptacle and outer-threading. Other names you might find associated with this connector are: Type N Socket, N-Type Socket, N-Type Jack.

5. RP-TNC Plug (RP = Reverse Polarity and TNC = Threaded Neill-Concelman). This connector has a female inner-receptacle and inner-threading.

6. RP-TNC Jack. It has a male inner-pin and outer-threading. Another name you might see associated with this connector is: RP-TNC Socket.

Properly deploying a healthy and secure WLAN can sometimes be a confusing task for the uninitiated. Hopefully, this post can clear away a bit of that confusion by helping to put a name to a few of the different connectors you might encounter.

Dan C.

If anyone has any images of SMA, or TNC connectors, and is willing to share them, please let me know and I will be happy to update this post.

Permalink | Leave a comment  »

That's right, you read the title correctly. This blog post is all about how many of the clients I have dealt with in the past few years have been the source of countless headaches and hours of frustration. Of course, in this case, I am referring to wireless clients such as laptops, smartphones, and handheld scanners. You didn't think I was actually referring to people did you?

Designing, implementing, and securing wireless networks can be both rewarding and frustrating at the same time. On one hand, each engagement gives me the opportunity to help an organization experience the awesomeness that is mobility. On the other hand, there is a moment in almost every deployment where I end up scratching my head and saying: "Well that doesn't make any sense". The latter of the two situations usually results in large amounts of research, troubleshooting, tweaking, and testing to determine the cause of the issue and resolve it. More often than not, the source of the issue is the wireless client's supplicant or drivers and not the configuration of the WLAN itself.

Wireless client vendors and software designers have a lot of latitude in the way they design their products to interact with a WLAN. It's because of this design latitude that we end up with some pretty interesting WLAN connectivity and performance issues. In no specific order, here a few issues for which you might want to start your investigations at the client level instead of jumping right into tweaking your WLAN configuration:

Loss of connectivity when roaming between access points

Your first impulse might be to conclude that you don't have a strong enough signal and start dropping in additional access points. While this could actually be the case, it is just as likely that the issue lies with the capabilities, or lack thereof, on your wireless client. It's up to the client to decide when it is time to roam to another access point. Some will roam more aggressively than others and some tend to 'stick' to an access point for much longer than they should. To make matters worse, there are latency issues introduced during roaming depending on if the client is using PSK or 802.1X/EAP. You should spend some time researching and testing your client capabilities to ensure that you take latency and roaming requirements into consideration when designing your WLAN. Additional research subjects: Opportunistic Key Caching (OKC), 802.11r-2008, 802.11k-2008. 

Random loss of connectivity

This is a tough one. When your clients are randomly dropping their connections, you could have any number of issues at play. Some questions you might ask are: Is it happening to just a single client or all clients? If it is happening to a few clients, are they the same hardware and software versions? I've been involved in quite a few engagements where the final solution to this particular issue was simply to upgrade the wireless drivers and/or supplicant being used on the client. For some reason, wireless drivers never seem to be included in any kind of regular update cycle. Maybe it is time to start thinking about changing that?

"I feel the need for speed"

You've got your new whiz-bang, 802.11n, faster-than-light WLAN deployed but your wireless clients just don't seem to achieve the speeds you thought they would. You've inspected the specs and your card is definitely an 802.11n-capable card. So what is the problem? First, ask yourself: Are all clients under-performing or just some of them? If all clients are under-performing then you might actually have some issues on the WLAN/LAN side to work out. However, if it is only some clients that leave you completely underwhelmed then you might need to dig a little deeper to see what your clients are actually capable of. Not all 802.11n clients are built equally. Some can only do a single spatial stream, some can do two, and newer clients can do three. Some might have issues with packet aggregation, block ACKs or channel bonding. All of these factors will have an impact on the connection rate and actual throughput you experience. Your client might actually be performing incredibly well and you are just pushing it too hard like an overbearing parent at a little league game. A good place to find out what your client is actually capable of is the Wi-Fi Alliance's Certified Product Database.

There are many more examples that could be given but I think you get the point. WLAN connectivity and performance issues are quite commonly caused at the client end of the connection and not on the infrastructure side. We spend so much time planning and configuring the WLAN infrastructure that we sometimes forget that clients are a big piece of the WLAN puzzle. It's as true for WLANs as it is in business: spending the time to fully understand your client is never a waste of time.

Dan C.

Have a question, comment, or something to add? Please feel welcome to leave a note in the comments section below.

Permalink | Leave a comment  »

A few days ago I was given the opportunity to sit down with the CEO of Aruba Networks, Dominic Orr, and a few members of his Canadian team. While the swordfish was great, I thought the conversation was even better. Listening to and discussing thoughts on the future of mobility with a team of like-minded individuals is an amazing way to spend an evening.

Here are some quick points and discussion summaries from the evening:

1. Wireless networking and mobility is growing at an incredible rate (no surprise there). With the ever growing number of devices that are ‘wireless only’ it is more important than ever to start planning your mobility strategy. That means immediately. Not tomorrow, not next week, immediately. You don’t want to be caught in a reactive stance when your environment gets hit by the tidal wave of BYODs.
2. It’s great to see that one of the top players in the wireless/mobility space is making a conscious effort not to leave smaller clients behind during this period of enormous market growth. Solutions like Aruba Instant allow SMBs to take advantage of enterprise-level features without going over budget. Mobility is primed to be a game-changer for everyone; not just the richest companies.
3. Starting now, or in the very near future, context will be king. It is no longer good enough to only plan for coverage, capacity, or even secure access. To take full advantage of mobility, you will need to start providing coverage, capacity, and security based on the context of the individual users and devices connecting to your network. Using identity, device type, time, location, and application usage as the context in which you create your policies will allow for optimal, secure, and efficient use of wireless networks and mobility in the workplace.

Overall, I left that dinner feeling energized and excited about the future of mobility. Am I ready to cut all of my cables right now? No. However, as more and more device manufacturers take the option of a wired connection away, it is comforting to know that networks are set to adapt and offer a far more customized level of service than ever before.

Dan C.

What are your thoughts on the future of mobility? Do you need help developing your strategy? Leave a comment or contact us directly and let's start the discussion.

Full Disclosure: NCI is a partner/reseller of Aruba Networks.

Permalink | Leave a comment  »

1. Wireless security was much less complicated 3 years ago. When I took the PW0-200 exam, I didn't have to know anything about 802.11n, 802.11k, 802.11w, or 802.11r. All of these, now ratified, IEEE standard amendments come with their own set of additional security settings and concerns that must be taken into consideration when securing a WLAN. Continuing to educate yourself and staying on top of the latest industry developments is the easiest way to ensure that a certification's body of knowledge doesn't leave you behind.
2. Experience in the field helps immensely with this exam. When I first wrote the PW0-200 exam, 3 years ago, I had a great interest in the subject but very little real-world WLAN experience. This time around, after living and breathing WLANs for 3 years, I found I was able to quickly skim or review a lot of the CWSP Study Guide since I deal with 802.1X/EAP, PKI, and WIDS/WIPS solutions quite frequently in my role as a security consultant. In my opinion, the CWSP certification is a great example of an exam that goes beyond 'textbook studying' and really tries to incorporate lessons that can only truly be learned through hands-on experience. Certifications like that rock because they signify practical/useful knowledge instead of just the ability to memorize answers for a test.

Permalink | Leave a comment  »

Sometimes words are just not enough, but seeing is believing.

The picture, above, shows the results of a little lab test I did to see just how much of the available wireless spectrum streaming video would consume. For this test, I recorded three seperate video sources:

1. YouTube 1080p.
2. Netflix using the Good Quality setting - upto 0.3 GB/hour.
3. Netflix using the Best Quality setting - upto 1 GB/hour.

A proper explanation of everything shown in the picture is a bit beyond the purpose of this blog post, but I will try to highlight the important bits:

• There is a noticable increase in wireless activity during each video. In fact, the duty cycle during the YouTube video was up to 73 percent! Put another way, anyone else trying to access the network via that access point would have been very annoyed.
• Even at the Best Quality setting, Netflix was not as 'spectrum-unfriendly' as YouTube.

As we allow more and more bring your own device (BYOD) access in the enterprise, we need to make sure we have a plan or policy for dealing with this type of traffic. The spectrum available to WLANs is not limitless. Left unchecked, a few streaming videos at the office could have a major impact on the proper functioning of wireless applications and VOIP capabilities. What's your strategy for dealing with the type of traffic? Do you block it entirely? Do you block it on the WLAN and allow it on the LAN? Rate limit? Whatever you decide, you want to make sure it is you making the decision and not the BYOD devices.

Dan C.

If you have any questions, comments, or feedback, we'd love to hear from you in our comments sections.

Bonus Question: Based on the picture, can you determine which 802.11 standard was being used and what my theoretical maximum bandwidth was at the time?

Permalink | Leave a comment  »

Course complete!. All the gear is factory reset, packed away, and the test has been written and passed. It was a fun three days of configuring, tweaking, and experimenting with wireless controllers, access points, and AirWave, but all fun things must come to an end.

The last day of the 3-day Implementing Aruba WLANs course was a bit like a catch-all day for the topics that didn't fit nicely into the other sections. We covered captive portals, remote APs, Adaptive Radio Management, and Spectrum Analysis. Given the wide choice of topics, it was actually a little difficult to come up with just a few thoughts based on the days activities, but here goes:

1. As wireless vendors roll out amazing features like remote APs, which allows the office to follow the users regardless of where they are physically located, we will see WLANs positioned nicely to start displacing wires in a more permanent way at head offices and branch offices alike. The ability to control authentication, access, and encryption for wired and wireless users regardless of where they are is very empowering for organizations and I can't see how this won't be a standard offering by all wireless vendors in the very near future. I can already think of a few WLAN vendors who have rolled out remote AP offerings so, as far as I'm concerned, the flood gates have been opened.
2. Spectrum analysis is a cool feature which can be quite handy when it comes to keeping your WLAN running optimally. However, I can't over-stress the importance of not relying too heavily on having your tools do all the troubleshooting and interpretion for you. Some decisions can be made fairly accurately by tools while others still require human interpretation. The introduction of spectrum analysis by a few large WLAN vendors is definitely a good thing but, like all things in IT, you need to take the time to learn what the tools output actually means so that you can make educated desicions regarding the behaviour and configuration of your WLAN deployment. Spectrum analysis is meant to provide more information which should help us make more informed decisions; the decisions still need to come from a trained WLAN professional though.

I would definitely recommend the Implementing Aruba WLANs course for anyone involved in deploying or administering a small to medium-sized Aruba deployment. For larger deployments involving multiple sites and controllers I suggest taking your training beyond ACMA certification and checking out the Scalable WLAN Design & Implementation course which will prepare you for the Aruba Certified Mobility Professional (ACMP) certification.

Dan C.

If you have any questions about wireless training or are planning a wireless deployment and would like to have a discussion about it, please feel free to contact us or post a comment.

Permalink | Leave a comment  »

Day 2 of the Implementing Aruba WLANs course has come to a close and we have managed to make a nice mess of the room. It's amazing how quickly 6 people can fill a room with controllers, access points, cables, laptops, and courseware!

Much like the first day of the course, the second day was very educational. Focusing mainly on authentication, access control, and roles, I'd say this day represented the meat of the course. Here are my thoughts after day 2:

1. To securely deploy a wireless network you had better brush up on your 802.1X, RADIUS, and PKI knowledge. Home WLANs are not the same thing as Enterprise WLANs; pre-shared keys (PSK) are not a scalable or manageable solution in most enterprise deployments. All SMB, or enterprise WLAN vendors support robust authentication when it comes to wireless networks so take advantage of these features.
2. Role derivation is awesome! Having the ability to assign specific access policies and VLAN assignments to clients based on device type or group membership is a great way to avoid excessive SSID creation and provide granular control that matches the capabilities and requirements of each user/device. Regardless of the WLAN vendor you are using, I would highly recommned looking into this feature the next time you are thinking about creating a new SSID for a new business requirement. You just might save your self some configuration effort and eliminate needless wireless beacons at the same time.

Overall I'd say day 2 was a success. WLAN security is incredibly important so I was very happy to see that we spent the entire day exploring the various options available to us.

Dan C.

If you have thoughts, comments, or questions about WLAN security, please leave a note in the comments section.

Permalink | Leave a comment  »