If you've spent sleepless nights designing and implementing your wired network, you'll definitely find designing a wireless network a cakewalk. Building a wireless network is fun because in most cases, it's built on top of a wired network. So the headache of creating the drawings and mapping network cables across the building(s) is already taken care of. And in effect, you just have to reuse those blueprints to layout your wireless network plan and figure out where to place the wireless (APs) Access Points. In case you've been simply placing wireless APs around the building randomly, then working with the blueprints and building layouts might come as a surprise to you. But the fact is that you need to at least have a drawing of the physical layout of your building or campus as well as the layout of your wired network available to build a wireless network. This will help you understand where you need wireless connectivity and where you don't.
Once you have answered these questions, it becomes easier to put the rest of the pieces together.
Having worked out the needs, you need to start gathering data about your network. Find out the number and density of users who are going to access the wireless network.
The number of wireless access points you use depends upon the user density. Higher number of users would mean more wireless access points. This, of course, has to be done in conjunction with two other things-bandwidth and coverage. That is, how much bandwidth is required by each user? The answer to this largely comes from the application usage.
|
Distances are very important when designing a wireless network. That's because unlike a wired network, here you're dealing with sending signals in the air. So you must ensure is that your wireless signals don't leak out of the building. Secondly, you have to keep in mind that throughput on a wireless network reduces with distance.
So a wireless AP will provide maximum throughput within say 'X' feet, and it will drop as the distance increases. Another key aspect to keep in mind here is that throughput can also vary with which brands of wireless products you use. If you test your wireless network with a wireless network card from one vendor while the users will be using a network card from another vendor, their experience might be different.
This is largely due to the build quality of the antenna and RF losses that result from it. Speaking of RF, get your basics about RF clear before proceeding. Understand how radio frequency works, which frequency band is used, what are the losses and the types of antennae available in wireless. For instance, a high-gain antenna will give better throughput over longer distance, etc.
Besides planning, you also need to understand which tools to use to design your wireless network. We've used some of them in this story. We've also given them available on this month's CD for you to try out. So in this story, we'll walk you through the process of implementing a wireless network using some of these tools. We'll also be covering the monitoring, troubleshooting, and security aspects of a wireless networks. As they say, experience is the best teacher, and we'd like you to experience a wireless implementation using the actual tools.
Planning the network
The most important step to building a good wireless network is proper planning. That's probably the most common statement made for doing anything, and yet we still find that people don't follow this general rule of the thumb. The first step in building a wireless network is doing a site survey, and no, it's not just about walking around with a wireless client or a spectrum analyzer and hunting for signals. It's much more than that. Let's take a deeper look.
Physical site map
As we just said, the first thing to do is to collect some basic information about the site where you're going to deploy the wireless network-in terms of the location, users, density of users and so on. This exercise helps determine how many wireless APs you'll need to achieve the best performance. The general rule of thumb is that one wireless Access Point using the 802.11g (54Mbps shared) standard can take up to 20 to 30 users if being used primarily for sharing files and Internet access over the network. Apart from the number, the placement of the APs is also very important. Before you start installing them, please have a map of the location ready, along with a blueprint of your existing wired network (if in place). For instance, not all will need it, and never in places like stairways or elevators. The wired network blueprint is necessary to determine where all you have network points to connect the wireless APs to, unless you're implementing a pure WiFi network. Once you have these two documents, start laying out the APs in all the places. Here, you need to ensure that no adjacent channels have any frequency overlaps, else it will degrade performance. Typically, there are three non-overlapping channels that can be used-1, 6 and 11. You have to ensure that no two channels fall adjacent to each other in case they're close by.
|
The other important thing to keep in mind is the distance. A standard 802.11g AP can easily provide connectivity to clients sitting within a radius of 150—200 feet beyond which the performance gets affected.
This doesn't however, mean that the throughput will be the same across the entire radius. It drops with distance, so you'll need to use a wireless notebook and some software to determine how the throughput drops at various distances. A good approach is to do a trial run of the wireless network by placing a wireless AP in every location you've defined and observe its characteristics.
Logical site map
We have just talked about how to calculate how many APs you might require in a given setup. But that is not the only thing you might want to know while deploying a wifi network. You also need to take into account user behavior, interference from other devices on the network, and of course security. Let's look at each of these in more detail.
User behavior
This is one of the most important things you have to decide while setting up the network. So before discussing how to monitor user behavior lets first understand what is user behavior and why you should be bothered about it. To understand it lets take a small example. Lets assume that in your enterprise there are two divisions.
|
In one division all your marketing executives (around 20 of them) sit who just need to check their e-mail and surf the Net occasionally. So an average bandwidth requirement for that kind of a user will be around 1 Mbps per person, so the total load on the AP will be around 20 Mbps at any point of time. This means a single 802.11g AP can take the load. There is another room that houses all graphics designers (say, five of them) who continuously need to access a central file server and copy and retrieve huge graphic files sized more than 30 MB each. So here the requirement will be completely different and you will need multiple APs to work in a cluster mode to provide required throughputs.
In the above example you can see that the number of users is not always the only factor to decide the numbers of APs you might require for a setup. So now the question is how you can monitor the usage of a group of users on your network? We'll give you an overview of how to manage wireless networks later in this story.
Identifying interference and black spots
This is another challenging part of planning a WiFi network. There are lots of products, devices and elements that act as WiFi killers. So while building your WiFi network you have to be very cautious and see whether these devices are out of the RF path of your network or not. The interference can come from electric wiring, Bluetooth devices or other devices that work on the same frequency spectrum such as cordless cameras, phones, etc.
|
You have to ensure that you don't place your WiFi AP near these devices, which can also be considered as black spots. Searching for them is easy only if you have a proper tool. We tried a number of tools, and the one we found suitable for this purpose was called 'Wavemon'. This tool is a simple and small set of curses-based scripts. When run, you get the signal strength, the noise level and the signal to noise ratio. So when you walk around your wireless site with a notebook running Wavemon, you can see which place is getting how much signal strength and what is the noise level there. While putting the APs in place, you can use this to record all data about them such as their signal strengths at various distances.
Installing Wavemon is very easy. You can get its tar ball from this month's PCQEssential CD. You just have to make sure that you already have curses installed in your Linux machine. If you're using PCQLinux 2005, then you don't have to do anything. Just unpack and install the Wavemon tar ball as follows.
#tar —zxvf wavemon-version.tar.gz
#cd wavemon
#configure
#make
#make install
To run it, just type wavemon at the command prompt and a nice command line based interface will start up. Here, if you just want to see real-time values of signal strength and noise level, see the first console by pressing 'F1'. If you want to see the graph representation of the value then press 'F2'.
|
You can configure the refresh rate of the variables by pressing 'F7'. You can set this up to 10 milliseconds, which really gives you a real-time data when you walk around with this software. The only problem we faced with this software was that it didn't provide even a single line of help. When we did go to the Help page, we were presented with a sarcastic 'Don't Panic' note.
There's another good product for signal monitoring called AirMagnet, which has a very nice interface and is quite feature rich. It's used for site surveys and troubleshooting. AirMagnet comes in two flavors-one for notebooks and the other for PDAs. The only problem is that it runs only with a few cards, namely AirMagnet's own cards, Netgear, Cisco, Proxim, etc.
Unfortunately, it doesn't work with Centrino and D-Link cards. It's a commercial software, which can be purchased from http://airmagnet.com/products/laptop.htm. A demo version is available for download, which let's you capture WiFi data for 7 minutes and also expires in 7 days.
WiFi security
Now comes the weakest and most sensitive part of wireless networks-the security. While security had been a major issue in the past, it's not as much a problem today. This is because today, there are lots of security mechanisms available to make your WiFi network as secure as a normal wired network.
In the past, we've already talked about most of the security mechanisms and how to implement them. These were WEP, WPA, RADIUS, etc. So we'll not talk about them again. You can access all these articles from our PCQEssential CD. Here, we'll focus on a very renowned tool called kismet, which is an Intrusion Detection System for WiFi networks.
Before starting lets make one thing very clear. We are not at all saying that Kismet alone can change the 'kismat' (fortune) of your WiFi network and make it secure. It's just an additional bit of security to make your WiFi network more secure. So obviously you have to have all the standard security mechanisms in place beforehand. In this article we will talk about some more IDS and monitoring tools and some plug-ins for Kismet.
Kismet the Auditor's way
If you have read the last article we did on kismet, you must have noticed that installing and configuring it is quite difficult and more difficult if you want to run it graphically. But, what if you could run kismet at just the click of a button or two? And that too graphically without any installation or configuration? Yes this is possible.
Remember the multi-boot DVD we gave with our July 2005 issue? That DVD has a Live Linux distribution called Auditor which has all these tools pre-configured. So all you have to do is to boot a notebook or PC (preferably notebook because you have to roam around a bit with it) with a WiFi card which can run easily on Linux.
Even a standard D-link or Netgear card will also do. To run Kismet, boot your machine with Auditor. When the machine boots, right click on the screen and select the 'Auditor' menu and then select the 'Wireless' submenu. From here you will see another sub-menu called Scanner/Analyzer and then select the 'Kismet tools' menu and finally click on the GKismet
option.
This will open up a nice graphical interface of Kismet and if your WiFi card as been detected properly, then it will also start working instantly. Here you will be able to see all the access points on your network. If the Access point is in red then it means that the AP has some error or intrusion attempt on it.
You can see the immediate intrusion attempt at the status bar of the window. You can also do passive monitoring of packets in the network. For this you just have to click on the 'Packet Dump' button on the tool bar of the window. If you have your APs GPS enabled and you have a GPS device to connect to your lapto through the COM port then you can also use kismet to locate any AP in you organization. For this all you have to do is to select the AP you want to locate and then press the Locate the button.
This feature is very useful when you have a network, which has huge number of APs in vast premises. Mind that enabling these features in a normal Kismet installation is very tricky and you have to be a Linux guru to do that. And here it is just a matter of a push of a button. There is another IDS tool you will find for WiFi network in Auditor. It is called Wllenreiter. You can find it in the same 'Wireless' menu. This is more of packet capturing tool. You can run it and leave it for some time and then save the captured packets, and then import and analyze them in either ethereal or ntop.
Managing and monitoring the WiFi network
Once you have planned and deployed the WiFi network, the next difficult part starts for a network administrator, which is managing, monitoring and troubleshooting the entire WiFi-network from one single place. It sounds difficult, but not impossible. These days you have WiFi-management software that allows you to manage and monitor the WiFi-networks from a single console. Otherwise, you have to remember each WiFi-Access Points IP address and need to manage and configure them from their individual Web-based interface. We will discuss some of the best practices for managing and monitoring a WiFi-network in an enterprise.
Choosing a WiFi management software
WiFi-management software is the key element for diagnosing your entire WiFi-network, so it becomes extremely important to choose the right software. We used a software called WiFi-Manager from a AdventNet. It supports most of the popular WiFi Access points, and automatically searches the entire network for them. It identifies the connected network devices and organizes them according to their type (Switches, Router and Access Points). The software is very easy to setup on any Windows or Linux machine and doesn't need a WiFi connection. All you need is a decent machine with atleast 256 MB RAM and 40 GB hard disk. It has a built-in Web server and runs on a Tomcat application server, which executes at the backend. In addition, you can access its web-interface from any where on your LAN. Once the setup is ready, give some time to the system, so that it can scan deeply into your network and identify the devices correctly. We have given this software (30-days trial, Windows edition) on this month's PCQEssential CD.
Identifying the WiFi-devices
|
After scanning the entire network, the software automatically arranges the devices according to their types. All WiFi APs that it doesn't recognize are placed under the 'unknown' category. You need to identify the IPs of these devices and put them into the right category.
Alarms and fault mgmt
Whatever happens on the network, it gets logged in as a network event. If the event symbolizes a fault or failure in the WiFi-device, an alarm is raised. For example, if “new access point discovered” in a network, an alert event is raised. In case the access point is found to be using default SSID, then an alarm with message “access point uses default SSID” will be generated. At times multiple network events are logged in for the same network breakdown. In such cases instead of generating multiple alarms, WiFi-Manager smartly associates the alarms based on the root cause and shoots one meaningful alarm to the IT administrator. Moreover the occurrence of a network fault/failure can be notified to the IT administrator through an auto-generated e-mail or sound.
And if any critical alarm is found unattended for a considerable period of time it can be escalated to other IT-support engineer through an email. In order to set alarms for faults and failure in WiFi-Manager, select Fault tab and choose the 'Alarm Settings' option available under the 'Fault Settings' category. Here enable or disable alarms from the list available in the right hand side panel. Then finally click on Finish to save your settings.
|
Inventory
This is a key element for any kind network management. Inventory helps IT team to visualize the network assets in an easy manner. The software organizes all network assets into various categories. And, it helps them browse through the various categories of devices available in the LAN.
|
Moreover it also shows their current status. In this section the WiFi-Manager shows you all the wireless networks, access point details, mobile unit details, sensor details, AAA server, router details, switch details and action performed on the devices such as Ping, Update Status, Refresh, Mark as rogue, Mark as friendly and Mark as trusted.
To use it, open Web browsers on a machine connected to your LAN and type in the IP-address with port 6080 of the WiFi-Manager machine. Now from the Web page, select Inventory tab and choose Wireless Networks from the left hand side links. It will display the graphical representation of your wireless networks. Here click on any wireless network and see the details of connected access points in your organization. Moreover you can also see their radio frequency and range.
Configuration mgmt
Earlier IT-administrators needed to remember each access point's IP address in order to configure or upgrading its firmware. But now, forget all these configuration related problems. Wifi-Manager will take this headache for you. Now, access points can be configured for various parameters including network settings, radio settings, security settings, user settings, and service settings. Plus this can even let you upgrade the firmware residing on these access points using this software. Firmware is the tiny piece of software that resides on each access providing the intelligence behind its working. Access point vendors release newer versions of their firmware periodically so that users can upgrade their access points to avail the latest feature or a fix in the access points.
|
To configure an access points remotely, select Configuration tab and by default, an 'Express Setup' page comes-up. Fill the configuration values in the template and save the configuration on the physical access point then click on Apply or 'Apply and Reboot' to apply the configuration values.
Reporting and monitoring
At the end of the day, reports help you to know the total health of your wireless network. IT administrator should make it a habit of analyzing reports periodically. WiFi-Manager generates various kinds of report with different graphs and tables. It gives you reports on who are the mobile clients connected to which access point and whether the access point is secure enough. It shows the client density vs time.
|
At a glance you can get to know how many clients are connected to your Wireless LAN. Moreover, you get detailed
reports on the wireless devices utilization. It provides graphical view of radio interface utilization of selected access points. Plus overall view of in out traffic and utilization values for all access points in tabular format. Like this you have reports for security, availability, detail traffic report and errors.
To ease printing WiFi-Manager reports are also available in PDF format. Just click on the small PDF icon available on the report screen to convert the report of your choice to a PDF, instantly and you can access it from C:/ProgramFiles/AdventNet/ME/WiFiManager/html/pdfgeneration/pdf/directory.
Once you get a proper report, you can diagnose the wireless network very easily and can take precautionary measures to overcome the problems.
Anil Chopra, Anindya Roy and Sanjay Majumder