Recently I created two wireless vendor UI walkthroughs and thought they would be worth sharing with the NCI crowd.

The first walkthrough is of the Meraki Systems Manager. This feature is built-in to the Meraki Enterprise Cloud Controller and offers a fairly extensive set of MDM features to Meraki customers at no extra cost.

The second walkthrough is of the Aruba Instant Virtual Controller UI. The Instant architecture does away with hardware controllers, feature licensing, and even simplifies the administrative experience.

I hope you find the videos interesting. As always, if you have any questions, or would like a live demonstration please do not hesitate to contact us.

Daniel

Bonus Marks: Did you spot the hidden surprise in one of the videos?

I was originally going to post this in January, but I just couldn’t wait any longer. From January 25^th to 27^th, I will be a delegate at Wireless Field Day 2 (WFD2) in San Jose, CA.

My day job focuses primarily on Aruba Networks and Meraki, but I have always made an effort to keep up-to-speed with what everyone else is doing in the wireless industry. WFD2 will be a tremendous opportunity to do so. Sponsoring vendors include:

• Aerohive - @Aerohive
• Aruba Networks - @ArubaNetworks
• Ekahau - @Ekahau
• Meraki - @Meraki
• Metageek - @MetaGeek
• Ruckus - @RuckusWireless
• HP - @HP_Networking

If the opportunity to get all these vendors in the same room and have a pointed, no-BS discussion about wireless technology wasn’t enough, there’s more! Along with the vendors, there will also be a list of delegates that is nothing short amazing! So far, delegates include:

• Marcus Burton, CWNP, @MarcusBurton
• Sam Clements, SC-WiFi,  @Samuel_Clements
• Rocky Gregory, Intensified,  @BionicRocky
• Tom Hollingsworth, The Networking Nerd,  @NetworkingNerd
• Jennifer Huber, Wireless CCIE, here I come!,  @JenniferLucille
• Blake Krone, Digital Lifestyle,  @BlakeKrone
• Chris Lyttle, Wifi Kiwi’s Blog,  @WifiKiwi
• Andrew vonNagy, Revolution Wi-Fi,  @RevolutionWiFi
• Daniel Cybulskie, SimplyWifi - NCI, @SimplyWiFi

That’s a lot of wireless knowledge to cram into a single room. Seriously, my Wi-Q will increase just by hanging out with these people for a few days – awesome!

I’ll be tweeting and blogging during the entire event to help make sure that everyone gets to benefit from this amazing event. If you’re interested, you can also check out the official WFD2 channels.

Dan C.

Be sure to check back for more news on WFD2 as we get closer to the event date.

Question: What happens when two vendors work together with the common goal of making your life easier?

Answer: Your life gets easier.

Here is a quick ~5 minute video showing the integration capabilities between Aruba Networks’ Amigopod and Palo Alto Networks’ User-ID Agent. Aruba and PAN have allowed their systems to share user-ID information between each other; the benefit to you is that users can receive the same user-based firewall policy whether they are connected via wire or wirelessly. Watch the video, you’ll see what I mean.

Pretty neat stuff, no? Tight integration between wired and wireless solutions is going to be very important as we move into 2012. It’s good to see that some vendors are not only working on expanding their own offerings, but also taking the time to ensure that they play nicely with others.

Dan C.

We’d love to hear what you think of the video. Please leave a comment or contact us with your thoughts, comments, or questions.

Every day, innocent wireless controllers are framed for crimes they didn’t commit. This is the story of how one WLAN controller was falsely accused of connection murder…

The Crime Scene - WLAN Connection Murder

Testimony: A user is having difficulty connecting his brand new laptop to the lab WLAN using WPA2-PSK. He has been able to connect to the corporate WLAN but all attempts at the connecting to the lab have failed. Also, the user has been able to connect to other WPA2-PSK protected networks in the past. 

Prime Suspect: Bystanders report seeing a WLAN Controller fleeing the scene.

Investigation performed by Detective @SimplyWifi

Are other clients having a similar issue? - No.

Are there comments in the controller’s release notes regarding this issue? – No.

Had client submit to a connectivity test and sent logs to the lab for analysis. Lab results below:

Deauth from sta: 24:77:03:xx:yy:zz: AP xxx.yyy.yyy.zzz-00:24:6c:aa:bb:cc-NameChanged-AP Reason Unspecified Failure

 Offender Profile

Based on the resulting debug lab results, it was determined that the wireless client was successfully connecting. However, it would immediately disconnect itself due to an: ‘Unspecified Failure’. The important take-away was, the controller was not initiating the disconnect; it was the client deciding to disconnect. This information allowed the detective to provide the following offender profile:

Age: Less than 1 month old.

Height: ~1 ft.

Build: Standard corporate image.

Behavioural Patterns: The offender is highly mobile but tends to spend a lot of time resting on a docking station on a desk. When connected to the docking station, the offender will likely be physically connected to the wired network via an Ethernet cable.

The Takedown

The offender was located and, as predicted, it was found connected to a docking station. Upon removal from the docking station, the client was able to successfully connect to all corporate and lab WLANs. Detective @SimplyWifi told reporters: “This is another tragic case of the victim turning out to be our perp. Once we started looking at the evidence, it was clear that the WLAN controller was being falsely accused. After that, it was a simple matter of following the evidence back to the victim.”

Final Comments:

In this case, it turned out that an application on the client was blocking the ability to connect to both a wired and wireless network at the same time. As is usually the case, the issue was a client-side issue and required no controller changes to resolve the issue. It serves as a great reminder of the importance of performing detailed victimology in any wireless investigation.

Dan C.

Do you have a story about spending time troubleshooting the WLAN controller only to eventually determine that the issue was with the client? If so, we’d love to hear it in the comments section. Also, if you are having troubles resolving issues on your own WLAN, please contact us and we’d be happy to assist.

If you’ve read any of my previous blog posts, you have probably noticed that I make an effort to confine my posts to vendor-neutral topics. However, every now and then I come across vendor-specific technology implementations that are so cool that I just have to say something about them. In this case, it is DHCP fingerprinting by Aruba Networks.

Without getting into too much technical detail, this technology watches the DHCP requests of wireless clients and identifies the operating system based on the way each device asks for an address. This feature is really cool because it means you can allow a user to connect to the same ESSID (read: wireless network), using the same username/password, with a variety of different devices, and get different levels of access depending on the specific device type. For example, if the user connects to the WLAN with a company issued laptop then they get access to the internal network. However, if they connect using an iPad they get Internet access only. Didn’t I say this was cool?

Enough typing, I recorded a little demonstration of DHCP fingerprinting for your viewing enjoyment:

As BYOD becomes more prevalent, I think we are going to start seeing technologies like this popping up all over the place. This is a good thing since it gives administrators the ability to allow BYODs onto the network without having to give up on security and control.

Dan C. 

How do you deal with BYODs in your environment? If you have thoughts or comments regarding the proper way of dealing with BYODs please share them in the comments section. Also, as usual, please share this post with others if you found it useful or interesting.