Aruba Downloadable User Roles (DUR) uses HTTPS. When the DUR is being issued by Aruba ClearPass the switch must trust the HTTPS certificate that the ClearPass server uses. The Certificate Authority intermediate certificate must be loaded into the switch as a trusted authority certificate. The public HTTPS certificate is automatically downloaded to the switch when a radius-server host, with type ClearPass, is configured on the switch (e.g. radius-server host <ip-address> clearpass).
To enable useful debugging certificate issues the following commands will work on an ArubaOS Switch.
If the switch detects any issues with the HTTPS process during a radius request which results in a DUR a debug message should be logged to the session window. During the SSL session there may be a lot of messages (it is noisy). Use 'no debug security ssl' to disable those messages.
When DUR works successfully the issued User Role will be specified in the Port Access Client Status output. To see information about the user-roles available and issued use the following show commands.
Comments
Ekahau has brought #WiFiDesignDay back to Australia for the second year running... It's great to have a local, low cost event to get Wi-Fi enthusiasts (users, managers, installers, sales people and manufacturers) in to the same room to celebrate and hopefully learn a thing or two about Wi-Fi. I'm writing (and updating) in real-time, so come back and refresh regularly for new content.....
Kicking of the day was Antony Prasad and Amin Kroll (Ekahau) with some and awkward sales jokes but it led things well in to a quick demonstration from Grant Shelley (Ekahau) with iPhone in hand and Sidekick on hip surveying the conference space with the new auto-pilot feature that uses the internal phone gyro and camera-AR capability to automatically plot Grant's survey path on the map. This innovation is a brilliant step forward and well worth a test to see if it fits in your survey methodology! Mark Krischer (Cisco) - quickly handed the microphone to introduce Jonathan B from a local partner (Local Measure) based in Sydney to the stage to present quickly. Jonathan is the CEO and mentioned his company worked on the installation of Wi-Fi at the Sydney Opera House. He promoted his captive portal solution that helps "you extract more value" out of Wi-Fi, driving better user experiences with ability to opt-in to sharing information back to a venue. The portal allows for social login as well as other methods. The value to a venue is the ability to learn as much about a customer as possible while driving some operational efficiency with built in feedback forms. Back with Mark K for his topic of Understanding Wireless Security and WPA3. "A well designed wireless network will be more secure than the wired network that it connects to." Most wired networks do not use 802.1X for authentication. Mark takes us on a history trip on wireless security beginning with Wireless Equivalent Privacy (WEP) and why wireless security is important in the first place (no traditional physical security boundaries - like on a wired network). Mark explains that the Wi-Fi 6 certification is linked to the WPA3 certification - which means that inherently moving forwards we will have more secure networks. TKIP, SHA1 and WEP are now fully deprecated and Mark verbally recommends that instead of using these legacy measures to just leave the wireless network open. Importantly, Mark explains how MSCHAP is kind of broken now (it uses 3DES) which is commonly used with WPA-Enterprise and introduced Secure Fast Roaming which takes advantage of the IEEE standards 802.11k/v/r and Wi-Fi Agile Multiband. Management Frame Protection that "is going to immunise wireless networks from the vast majority of attacks we see today" (amongst the other newly introduced security measures). Opportunistic Wireless Encryption (OWE) will allow us to privatise data on an Open network using a invisible-to-user Diffie-Hellman key exchange. Rogue AP containment is a denial-of-service attack on another AP. Darko Raic (Dicker Data) got up during the speaker transition to give away vouchers for the ESCE Troubleshoot class that is coming to Australia in the first half of 2020. If you're at the event, tweet and post to LinkedIn - this is the way to get a chance to win! I personally had the pleasure of attending a Dicker Data organised ECSE Advanced course this week (prior to #WiFiDesignDay) and Darko was very important to keeping each day run as smoothly as possible - I don't think I've been to a training as well run. Most importantly he had coffee delivery each day that you could have set an atomic clock to. Aaron Scott (Aruba) - Preparation!!! Earlier in 2019 Aaron managed the Wi-Fi for a pretty unique event that has requirements that fly in the opposite direction to some best practices. The lessons he learnt are valuable for us all. The Venue - every venue is different so setups between events will be different. You need to visit the venue in advance. Seeing the space is critical but you also need to check out cabling access/locations (IDFs and MDFs). An often overlooked part is the available Internet speed/bandwidth. Of course being able to get your eyes over the possible AP mounting/locations is super important - because you may be using "cable ties and duct tape" to get things in place. Taking measurements of wall attenuation and floor scale is smart. Meeting the venue team up front is also useful as you need them during the event and will most likely have to call in a lot of favours. Requirements - Least capable most important devices (LCMI) is what your network needs to be designed to support. This might be barcode scanners at an entry point or mobile devices, possible. But in the case of the event that Aaron had to support earlier in 2019 the most important devices were robots that were to play competitive soccer against each other. The Wi-Fi capabilities of these robots was wildly variant - some with antennas encased in a metal box, others with consumer grade wireless routers. For a robot playing soccer, having a low network latency is critical. RF requirements - stationary (keynote, breakout and meals). High roaming (walkways). Mixed (show floor). SSIDs for events typically are Open or Pre-shared Key (PSK) based. Most events don't use 802.1X authentication and these robots certainly didn't support 802.1X. At robo-cup there were approximately 46 SSIDs (not all broadcast out of all APs). Each field had it's own unique SSID and so there was no additional overhead introduced as each AP had a minimal number of broadcast networks. It is typically not a good idea to let devices talk to each other on the event wireless. Wireless to Wired communication was important so that robots could communicate with equipment on the side of the field. Pre-event negotiation on channel usage is a good idea. Often an event venue will want to broadcast there own public space SSIDs no matter what event is taking place. Coordinating channel plans with the venue is possible as long as it's well planned and the importance communicated up front. There are always unforeseen changes - map and venue layout changes all the way up to the day of the event. Being agile is important. Having extra APs ready for these changes is useful but also being prepared for some rapid re-planning. Dom Fitzgibbon (Plexnet) - Design, Deploy, Test, Survey, Monitor, Troubleshoot Wireless Life-Cycle Dom takes us through the Plan, Design, Verify, Test and Monitor cycle of Wi-Fi from his vast experience throughout his day to day. What to test: * AP authentication (WPA/WPA2/WPA3/802.1X * Average and maximum client capcity loading * AP stability * AP interoperability with legacy 802.11 mode * Benchmark L2-L7 throughput, Rate vs Range * Features : Roaming, Band Steering, Multi-AP mesh * 802.11ax (Wi-Fi 6) network readiness * Wi-Fi Offload (AP/Hotspots to LTE/5G) There is a lot to testing Wi-Fi (it's not as easy or simple as what we often model). Is iPerf a useful tool? Dom states it's great for quick testing but not always reliable past the 350-500 Mbps mark. iPerf should not be relied on as a definitive test result. Don't forget that security testing is very important. Ensure that Guest users can't hope into the corporate side of the network through firewalls or hopping the DMZ. Monitoring - it's a good idea to have monitoring in place even if it's as simple as SNMP. There are loads of third party tools so that you can employ and vendors have their tools too. Make sure the data you get is relevant to your business / dev ops needs. Packet data is critical (packets don't lie) and will tell you when you have application issues or if there are TCP problems. Wireless LAN Controller / AP telemetry must be understood but this takes some practice. The "wireless medium is a black hole" and often you know there is a problem in the network but don't understand why. Narrowing the issue to a floor or a single AP is helpful in narrowing your realm of troubleshooting. Benchmarking is critical so you know what it was like before a change or migration. When you're troubleshooting it's super helpful to know what things were performing before you were alerted to an issue. Finally - understand the ecosystem. DNS, DHCP, Authentication and Backhaul. It's very common that issues attributed to bad Wi-Fi are not actually Wi-Fi issues at all. Knowing how the whole solution ties together and the processes of how a client gets on the network will help you identify what is the root cause of a problem. Dom doesn't like buzz words and suggests we be aware of marketing hype! AI, Root Cause, Single Pane of Glass* AI = we aren't there yet... its machine learning and it's historical data analysis Root Cause = The system will help point you in the direction but it won't show you the answer, there is no magic bullet otherwise "someone would have come out with it" Single Pane of Glass = If you got everything in one view the screen would need to be massive and it would be painful to actually use. Useful tools * Wi-Fi Explorer Pro and Wi-Fi Signal by Adrian Granados https://www.adriangranados.com * WinFi Lite (Windows) https://www.helge-keck.com/download.html * WLAN Pi - does iPerf, Kismet & Speedtests. Great for ekahau throughput tests. https://www.wlanpi.com Keith Parsons (WLAN Pros) - Tips, Techniques and Tools for Troubleshooting Wireless LANs Check out his slides here: https://wlanpros.com/troubleshooting Occam's Razor "More things should not be used than necessary" - we actually have to take a complex route in Wi-Fi when troubleshooting. This is because Wi-Fi is easy to do wrong/badly... There are many examples Keith can give of complex systems (Fighter plans and historical airforce bombers, surgery etc.) and he suggests to overcome the problems caused by complexity we need a checklist. For an end-user "what are the things that could go wrong". Keith shows a snippet of the 400 items they documented when figuring out what happens on wireless, LAN or WAN that might cause "Wi-Fi" problems. After installing Cat6 cabling you verify and test it... you will get 1 Gigabit Ethernet every time on a successfully tested cable run. On Wi-Fi we need to test and verify that the Wi-Fi works to the requirements. One critical difficulty is that the requirements vary on every deployment and the customer often finds it hard to articulate those requirements. Knowing the requirements helps you fix issues - primary RSSI, secondary RSSI, acceptable level of Co-channel interference, when clients roam. You can only design for one client requirement so picking the right one is very important. By surveying Keith knows that the PHY layer requirements are met or not (signal, interference, noise floors etc). Some people might start troubleshooting with a packet capture and make a decision from there. Keith suggests there is no one correct flow for beginning troubleshooting... The tool you start with may not give you the answers you need so you need to be well versed in all the tools so you can jump between them as required. Wi-Fi is an inefficient use of spectrum (vs LTE and other cellular based network technologies). Wi-Fi clients know nothing about the other devices ("all I know is about myself") and therefore the trigger for a client to know it is allowed to start transmitting is detecting "NOTHING" - Keith describes the 802.11 Contention Process. Density of Wi-Fi has nothing to do with number of APs - more so, density is reliant on clients talking fast. Talking fast means clients will have high signal, with good SNR which means a good data rate = fast transmittion of data. Fast transmission of data means that there is more airtime available for other clients to transmit = higher density. If you get the captive portal page, or if you got an IP address, or if your client can resolve a DNS address then Wi-Fi is not broken... These all require that data must travel across the Wi-Fi network to operate correctly. Keith skipped over the Captive Portal segment of his slides but the slides will be available soon so you can check out his views on that. Channels - use as wide a channels as you can until you cannot. Don't use wide channels when it is going to cause co-channel interference. 20 MHz wide channels is OK, but if you can get away with using wider channels then do. Don't be afraid of using DFS channels. DFS is only a problem when it is and the Wi-Fi network will alert you to this via logs. Keith breaks down the single frame transmission process. There is a lot of overhead and it's described well by a great / complex visual. I highly recommend CWNA and CWAP study to get to understand this process well. The spreadsheet for the single frame transmission is available in the Aruba Airheads community (most likely part of the Very High Density Validated Reference Design Guide by Chuck). Then Keith returns to Captive Portals, declaring them as evil. Disney World and the Apple Store don't have them so the excuse that it's a legal requirement is a bad excuse. To improve the performance of Wi-Fi (like on a wired connection) you must lower interference. This is how CAT Ethernet cabling has improved throughout the years - by twisting pairs or shielding and other techniques. The most prevalent cause of wireless slowness is other wireless. Lowering interference is a critical part of the deployment and troubleshooting process. Wired or Wireless Problem? * Ping is not a good troubleshooting tool - it's a layer 3 tool when you might have a layer 2 problem. * Does the client have an IP * Check the MCS of a Wi-Fi Client - * Is the issue isolated to Wi-Fi devices only? * Compare throughputs on Wi-Fi or wired connections * Check RSSI and SNR - the basic variable metrics for successful Wi-Fi PHY Keith shows an example of a great Wi-Fi client metric for a connection he had at a hotel in Dubai. The client had 867 Mbps data rate and -49 dBm with a -90 dBm noise floor (41 SNR) but the speedtest showed a 1Mbps download. This indicates either a rate shape somewhere other than the Wi-Fi or a terrible backhaul - in this case he spoke with the hotel and identified they were proud of their E1 connection to the Internet. Health Analogy: * Blood Pressures - Channel Utilisation * Pulse - Retry Rates * Temperature - MCS Rates Because clients back off and lower the MCS rates due to poor retry rates Keith focuses most on the MCS Rates rather than retry rates. This is great piece of advice for packet analaysis. Take the WLAN Pros Compensation Survey if you haven't already: https://www.surveymonkey.com/r/WLAN_Comp_2020 Devaiah Nellamakada - Designing Wi-Fi in Multi-floor Buildings with Atriums Down the middle of the large building Devaiah designed for is a large Atrium with many floors of void space. Because of this there is plenty of RF bleed between floors, high SNR and CCI that must be managed as best as possible. It can make or break your user experience in those areas. Architecture is outside of the control of an RF Engineer. Open and high ceilings creates RF Reflection, multipath and unreliable signal quality. Multi-tenancy buildings have many challenges. AP channel planning is difficult and RF coordination may be impossible. Differing materials means large variance in attenuation. Factors than effect user experience * Lower throughput and disconnections * Unreliable Signal coverage and low SNR * Client devices and its NIC * Co-channel interference | ACI | low data rate * Non Wi-Fi Interference * Upstream Infrastructure Layer (L3-L7) * Multi-path fading, re-transmissions and reflection Discovery Approach
Monitoring is important for the team managing Wi-Fi long term. RF is invisible and the right tools will give you visibility in to what is happening. Key Design Factors
Not all clients are connected in an office at the same time, Consider over-subscription ratio 60-65% so that you don't end up with too many APs in the design. Design with client offset in mind - weakest client. , After Lunch Haydn Andrews (NTT) comes to the stage for Warehouse Wireless Design. Haydn kicks of with a hilariously painful video you may have seen online where a forklift driver taps a rack and the entire warehouse falls down around him. There are different types of warehouses you may come across... Safety:
RF Challenges
Warehouses are like snowflakes, each one is unique in it's own way. Never design a Warehouse without going on site at least once. Client Devices
Overhead omnidirectional antennas are easy to install and have large coverage areas so may mean less APs are required overall... but they are very susceptible to problems when stock levels change. They have issues with poor signal penetration and generally have a very large coverage area. Channel planning and co-channel interference can be a major problem when designing and configuring omnidirectional antenna APs. Directional antennas can potentially become obstructions to moving plant around the warehouse such as forklifts or trucks. They will generally have a good line of sight down a rack row and will ultimately provide higher signal to the clients. Typically directional antenna designs have more APs. SNR will improve and there is less chance of obstruction with well placed directional antennas. Warehouses are like snowflakes... Other considerations for APs: AP Enclosures are required particularly in places where AP is exposed to high dust, water or the outdoor elements. Low operating temperatures can be an issue in cold storage facilities - ensure that the AP model is capable of operating in the conditions of where you are mounting. Sometimes you can mount an AP outside the cold storage room and install antennas inside the harsh environment. Predictive Survey
AP on a Stick
Different Areas of a Warehouse to consider
Some devices do not support DFS channels so be sure to design to the capabilities of the devices specific to the areas they are used. Knowing how the clients roam also helps the RF design. New types of client devices seen in this industry: IoT, Robots, Drones, Automatic Guided Vehicles Troubleshooting examples in a warehouse environment Common issues are coverage holes from old legacy designs. Often the layout of a warehouse has changed or where stock is stored has adapted which means the attentuation of stock has achanged the RF propagation. Roaming issues arise where large cells exist. Physical AP or antenna issues can arise and be difficult to diagnose. Rodents chew cables and of course upstream non Wi-Fi infrastructure related issues that get correlated to Wi-Fi problems by un-knowing users. The final presentation of the day is commencing with a tag team effort from Stephen Cooper (Mist) and François Vergès (Semfio Networks) who will talk about Design Considerations in Wi-Fi 6. 802.11ax or Wi-Fi 6 can be used interchangeably. Wi-Fi 6 is the Wi-Fi Alliances certfiication name based on IEEE 802.11ax technology. Wi-Fi 6 is going to be much more efficient than Wi-Fi 5 (802.11ac) or the standards before it. It will use both the 2.4 and 5 GHz frequency bands which brings new benefits to the 2.4 GHz space. MU-MIMO is no longer optional as it was in 802.11ac. To boil it down the advancements in Wi-Fi before Wi-Fi 6 were about making things faster but now we are improving the efficiency of clients on the area. There should be a lot less contention on the air thanks to Wi-Fi 6. Medium contention is improved with OFDMA. Most traffic over the air is about 300 bytes or less. So a lot of airtime was reserved for wasteful traffic. OFDMA provides much more efficient airtime/medium use by cramming what would have been multiple transmissions in to a single airtime use opportunity. Stephen is getting pretty deep in to the OFDMA Operations... his slides will be shared post-event so they will be better than a ton of bullet-points here. He is showing Trigger frame and RU allocation information within a wireless frame capture from Wireshark. We have finally reached full Wi-Fi Nerd level at #WiFiDesignDay. Stephen is using very clever analogies for the explanation of OFDMA and MU-MIMO - I can see a video camera in the back of the room so hopefully you can watch a video of his presentation at some point. With OFDMA there is a lot of negotatiation between clients and APs and it is fully dynamic. Devices can out-out of MU with resource units that are allocated for single device up-link transmissions. 1024QAM (modulation scheme) was introduced in Wi-Fi 6 which brings new data-rates. Not just fast data rates but slower data rates are now possible than before. Longer guard intervals are provided for more resiliency to provide a better chance of actually achieving 1024QAM. BSS Colouring provides greater spatial re-use which benefits times when there is channel overlap. Clients will maintain a 2nd NAV timer and there will be thresholds for the different BSS's. This is about improving channel re-use in highly contested environments. BSS = Basic Service Set OBSS = Overlapping BSS Target Wake Time (TWT) was first introduced in 802.11ah. Radio wake-up is no longer tied to the beacon/DTIM interval. It will make clients much more power efficient. It is feasible that a client may power it's radio down for very long periods (days maybe). Wi-Fi 6 can be detected by Wi-Fi Explorer Pro, Ekahau Sidekick, Packet captures, your device if it supports Wi-Fi 6. Handing over to François... who made a cheeky comment on the number of new acronyms introduced by Wi-Fi 6. François is on his first trip to Australia and has been taking the ESCE Advanced course in Melbourne this week prior to #WiFiDesignDay. The design requirements for a Wi-Fi 6 design may have some changes around the models of clients and APs. AP models that support Wi-Fi 6 may have higher power requirements. François showed some examples of power requirements from Cisco, Ruckus, Mist and Aruba. We need more power because we might support up to 8 spatial streams - 8x8:x APs are coming in the near future. They will most likely require 802.3bt (51-71W) or dual 8023at (2x 25.5W). The new higher power PoE standards will require new switches. Wi-Fi 6 Clients on the market are Samsung Galaxy S10, iPhone 11 and the Intel AX200/201 chips for laptop devices. The spatial stream capabilities on these devices are similar to what we are seeing in todays 802.11ac devices (such as 2x2). We may see a new subset of client device types with the introduction of Wi-Fi 6 - IoT will change the network requirements because of the need for Target Wake Time, MU-OFDMA and specifically to support the 2.4 GHz 802.11ax implementation. The same amount of spectrum is available to date. So channel planning will be much the same as with 802.11ac. Not much should change here. We will use the spectrum we have in a more efficient way - which may effect capacity planning. Most likely we will still use 20 and 40 MHz wide channels. Wi-Fi Agile Multiband is a pre-requisite for Wi-Fi 6. Neighbour reports, BSS Transition features and Over-the-air Fast Transition are new capabilities enforced. The clients will be smarter and we should see better roaming. We currently try to calculate the amount available airtime on a serial transmission basis based on the number and types of clients on the network. This will change because of new dimensions of Wi-Fi 6. The capacity is effected by MU-OFDMA, MU-MIMO, TWT, BSS colouring and 1024 QAM. It's unknown at this time how the vendors will allocate things like Resource Units so it will be difficult to do maths on capacity until more is known about the implementations. If the information is not available we may have to make some educated guesses. Some Wi-Fi 6 features might not be supported or enabled all of the time. There are likely to be a lot of moving pieces which adds to the complexity of how a wireless network is operating. Design Tools!!! We need new capabilities
Ekahau will still be a major part in the design and management life-cycle of wireless networks. Stephen and François are game enough to try a live packet capture with Wi-Fi 6 capable devices connecting to a Mist AP. They attempted to show how OFDMA will slice up the channel for multiple simultaneous client transmission. We could see some hints of it on the screen which was pretty cool. Next was a packet capture to identify the presence of OFDMA. It was easy to follow along with the stream in Wireshark because of the clear frame colouring that François had installed in his Wireshark. That's a Wrap! What a wonderful day... another #WiFiDesignDay done in Australia. Apple releases a new version of it’s mobile operating system annually. It is as anticipated by the developer community as much as the release of the new model iPhone is anticipated by the consumers. In June 2019, during the Worldwide Developer Conference, Apple announced iOS 13. Apple are considered an important device manufacturer in the Wi-Fi Professionals community as a marker for the uptake of new 802.11 standards. This is largely because the mobile device market from Apple's perspective is the least fragmented. Apple design and manufacture the hardware as well as the operating system of their mobile phones and tablet devices. This means that when they release a new feature as long as it can be supported within the hardware it is installed on it is generally available. There are two big announcements this year from Apple in terms of Wi-Fi capabilities. Arguably the most exciting one for Wi-Fi is the inclusion of 802.11ax (aka Wi-Fi 6) in all of the iPhone 11 models. This is less of a software thing and more a hardware reliant capability - the Wi-Fi chipset in the device must be sufficiently new enough and include the specifications to connect using Wi-Fi 6 features. The iPhone 11 is released with iOS13 pre-installed so it is probably a pre-requisite as well. The other impressive inclusion is support for WPA3. This is a software capability as it is bringing features to older model mobile devices without the requirement of new chipsets or hardware. WPA3, which is the successor to the Wi-Fi Alliance WPA2 certifications, brings major improvements in security and privacy of Wireless Local Area Networks (WLANs). In 2017 researchers published a vulnerability report which highlighted issues with WPA2. Wi-Fi Protected Access (WPA, more commonly WPA2) handshake traffic can be manipulated to induce nonce and session key reuse... It is important to assess the viability of using WPA3 for WLANs being deployed presently or in the future. WPA3 is highly recommended when device compatibility can be verified. Otherwise this should be reviewed frequently so WPA3 can be implemented as soon as possible.
If you follow a bunch of CWNP-associated Wi-Fi professionals on Twitter you would be familiar with the frequent, casual analysis of hotel Wi-Fi. Maybe you like to do a little bit of looking beyond the SSID when you're away from home? The shared findings help remind us all what to avoid when we setup Wi-Fi. Screenshots from inSSIDer (by Metageek) were commonly featured in these tweets to help visualise the frequency - especially when channel use was less than good. Historically the common culprit would be poor planning of the 2.4 GHz frequency space. I've seen examples of hotels using contiguous channels 1 through 11 (including the overlappers 2, 3... 8 etc.). It's common to have wide 40 MHz configuration - which is a terrible idea in 2.4 GHz anywhere there is more than a single radio (in a desert with a population of one). We see bad setups in the 5 GHz channels as well. Channel re-use is over-represented - sometimes hotel radios have no channel planning whatsoever. Having every access point using the same channel in 2.4 or 5 GHz is a bad idea. Contention for air-time can lead to a performance downgrade if too many people are using the Wi-Fi at the same time on the same frequency. It may cope to a certain amount but if the contention domain extends across a highly populated hotel it's likely to be bad. But outside of simple channel design issues there are other things that are worth investigating if you want to be thorough. Keith Parsons found an example of a hotel where he was able to connect to a Wi-Fi network with good 802.11 metrics - high MCS rate, 2 spatial streams and an outstanding signal to noise ratio - yet speed tests were terrible. Something beyond the Wi-Fi shaped his connection to 350 Kbps (possibly the Internet back-haul). The Internet bandwidth must be sufficient on any network to cater to the users requirements. Having a shiny Wi-Fi 5 or 6 (802.11ac or 802.11ax) capable infrastructure won't help anyone if the pipe out is smaller than a soda straw. If you're familiar with 802.11 protocol analysis you might try capturing Wi-Fi frames in a tool like Wireshark or Omnipeek. With the right filters you can visualise relative re-transmission rates on a channel in your location. When you study for Certified Wireless Analysis Professional you learn about many of the Information Elements in the 802.11 standard. Information Elements (IEs) hold key information about the capabilities or configuration of a particular BSSID. Sometimes it's a bit too much to get right into the weeds of wireless frame capture and analysis. But there is another way to inspect the IEs if you have an Apple Mac. Wi-Fi Explorer is a brilliant application brought to us by Adrian Granados. In the simple view it lists the nearby Wi-Fi networks that your Mac can detect. Within the Advanced Details tab the IEs are brought to you in a expandable tree of wonder. In my screenshot example above I have expanded the QBSS Load details of the BSSID to which I was associated. I am able to see there are currently 2 stations (including myself) connected. The Access Point even provides details about the channel utilisation which is useful if high contention is suspected. By looking at the IEs with Wi-Fi Explorer you could check what data-rates a BSSID was configured to support. I remember seeing a tweet where someone detected the hotel was rate-shaping clients by restricting association data-rates to 1 and 2 Mbps. This would most certainly result in counter-productive results as this is not the intended use of data-rate configuration. Low data-rates equal poor performance for modern Internet access. I definitely recommend Wi-Fi Explorer (I have the Pro version) as a day to day Wi-Fi professional tool - there is a lot more to it than mentioned here. Fast, Free and Frictionless... (@KeithRParsons) Here is a blog post about the Rules for Successful Hotel Wi-Fi from Keith Parsons. He wrote it way back in 2014 but it still holds true today!
As demonstrated it is not just about good channel design. There is more to inspect and always plenty to learn from each other. If you have any stories to share about bad hotel Wi-Fi please comment, and keep sharing your findings on Twitter. Airtime and contention domains can be a difficult concepts to grasp when studying Wi-Fi. We often think of Wi-Fi in cells or strict zones surrounding an access point and fail to think about the transmit radius of each client associated to that access point. Because of the way the 802.11 medium is accessed by a station (Access Point or client) we must consider the entire area of influence surrounding each station which transmits. It's not just simple circular patterns surrounding each AP. CSMA/CA is a very importants starting point for any learner of Wi-Fi, it is covered well in the Certified Wireless Network Administrator (CWNA) course. But there is much much more to learn... The best source I have found that expands on these concepts in detail is the Very High Density 802.11ac Networks Validate Reference Design Guide, written by Chuck Lukaszewski (CWNE #112) from Aruba Networks. The Theory Guide is a fantastic read but may take a few goes to understand if you are just starting out. When ever I present on Wi-Fi design I use some of the concepts out of this guide. Especially fitting is the reference to the Matrix in this guide. You really are jumping in to a whole new dimension of understanding by working through it. You're here because you know something. What you know you can't explain, but you feel it. You've felt it your entire life, that there's something wrong with the world. You don't know what it is, but it's there, like a splinter in your mind. The Theory Guide explains that the contention domain extends as far as a frame can be detected by another station. The range is a physical distance from a transmitter where the the legacy preamble can still be decoded. That happens to be a very long way. This graphic of two distinct Collision Domains is a very rare occurance. Unless these two Access Points operate on sufficiently seperate channels they would likely be very far apart. In most environments, especially high density environments collision domains of the same frequency overlap somewhat. It's more likely that the collision domain of two APs on the same frenquecy in essence extend the collision domain to cover the detectable distance of both of the APs. The guide delves further to show that even this is rudimentary. Clients must be considered also! Futhermore the time domain which is shown as the x-axis is also vital. This is your last chance. After this, there is no turning back. You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes. Once you are at this point of the document you begin to realise how simplistic some of the planning tools we use in the Wi-Fi industry are and some of their shortcomings. I suspect the shotcomings will take a very long time to solve. In your Wi-Fi learning journey I highly recommend you take a wander down this path. Even if you don't work with Aruba products the Theory Guide profiles fantastic lessons for us all. The images in this blog are borrowed from here: https://www.arubanetworks.com/vrd/VHD_VRD_Collection/wwhelp/wwhimpl/js/html/wwhelp.htm#href=ChapT2.html#1045569 they are used for basic primers for the topics that are extensively covered in the Aruba Validated Reference Design Guide from where they originate. |
WifiHaxWe build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here... Archives
May 2024
Categories
All
|