Wireless Assessments

The wireless network can be challenging to assess and troubleshoot. There are many variables in the wireless network that are completely outside of the control of the organization – client device types, neighboring wireless systems, and more – and the environment can change rapidly. Interested in finding a good way to do a health-check of your (or your customer’s) environment? Here’s how I go about it.

This walkthrough is not intended to give you everything you need to know to properly assess and fine-tune a wireless network. If you’re interested in learning how RF ticks, I can’t recommend the CWNA course material highly enough. It’s awesome stuff. Check it out here.

Step One – Set the Stage:

First and foremost, when doing a health check on an existing wireless network, you need to be asking questions. Don’t lecture, just listen. If you don’t know what the network is intended to do you will be flying blind and making poorly thought out suggestions at the end of the engagement. I always ask the following at a minimum:

  • What is the purpose of this wireless network?
  • What applications need to function on this network? (look for voice/video applications in particular, those have stringent requirements)
  • What types of clients need to use this network? Is this under control of the IT department, or do they support BYOD?
    • If IT has full jurisdiction, get the FCC ID and start looking for performance information on the client at www.fcc.io.
    • If you’re dealing with a BYOD network, assume that you have to support the lowest common denominator.

This will help set the stage. Listen closely for pain points. There’s probably a good reason why you’ve been engaged to assess their RF – find out the underlying pain so you can try to address it.

Step Two – Gather your Tools:

This is where things can get expensive. Enterprise level wireless software is not cheap! I’ll list out the tools that I personally use as well as some alternatives if you are self-funding this project.

  • SSID mapping and discovery tool. I personally use Metageek’s Chanalyzer for this. You can also use Metageek’s InSSIDer or Acrylic’s Wifi Analyzer software. This will let you see the channel plan and get an idea of what you’re working with.
  • Wireless frame capture software. If you’re using a Mac, you’re in good shape. I use the free program Airtool with great success. If you’re using a Windows, you’re going to have some difficulty because you need specialized software to listen to wireless traffic in monitor mode, meaning that you can capture management and control frames, promiscuously, not just frames sent to your PC. Professional systems like Omnipeek are ideal, but if you are on a budget you can use Acrylic’s NDIS drivers to convert a supported adapter into a monitor mode capable device. Try to find a way to capture as many spatial streams as possible.
  • Heatmapping software. This will let you build a comprehensive map of wireless coverage AND correlate a lot of other data onto a floorplan, like dropped packets, associated APs, spectrum health, and more. I use Ekahau’s product personally and love it… but it can be tough to self-fund. You can also consider Tamograph or Acrylic’s suite if you’re on a budget.
  • Spectrum analysis software. Sometimes it’s not enough to just see 802.11 traffic – you will need to see non 802.11 activity as well, like interference from point to point links, microwaves, wireless security cameras, A/V equipment, and more. These sources of outside interference can cause a lot of pain on a wireless network. I use Metageek’s Chanalyzer tool for this. 
  • Gear. You will be walking for quite some time during a larger survey and you probably don’t want to be cradling that hot and heavy laptop in your arms the whole way.
    • Laptop trays may not be the “coolest” gear, but they are invaluable. Buying the WLAN Pros laptop tray has made a huge difference for me.
    • Battery packs. Your laptop battery is going to drain quickly with all the attached peripherals. Using a battery that can keep your laptop charging will let you keep moving and not waste time stuck to a power outlet.
    • Wireless adapters. This is critical. Ekahau ships with some very powerful NICs, but those NICs don’t give you a realistic view of the wireless network performance… not everyone has $300 wireless cards strapped to their devices! Get a low end wireless adapter to simulate actual client performance. For example, something like this can be used to track 5GHz roaming behavior.

Step Three – Getting Started:

So you’ve prepared your gear, talked with the customer, and determined what the problem is – let’s get a sneak peek of what we’re dealing with. Pull up your SSID mapping software and take a look. If you know what you’re looking at, this can give you a lot of information about the health of the network.

For example, THIS looks pretty standard:

Okay 2.4GHz

And THIS means that you’re in for a world of hurt:

Dicey 2.4GHz

Here you can quickly see the channel plan, rogue access points, hotspots, neighboring systems, and more. You can see if they pulled the gear out of the box and left it to factory defaults (usually identified by 80MHz channels in the 5GHz band which is not necessarily a bad thing, but often can be) or if there has been tinkering with the setup. This sets the stage for the rest of the assessment.

Step Four – Start Walking:

Next, get your survey gear up and running and start walking the floor. You will absolutely 100% need some kind of accurate floor plan for best results here. Push hard on the customer for those plans… I don’t do full assessments unless floor plans are provided in advance, as you don’t want to waste several hours onsite waiting for someone to dig up the documents.

I recommend hooking up several adapters and at least one spectrum analyzer while walking the floor. All the information that each adapter catches will be fed into the wireless map and it will give you a lot of information to dig through after the assessment.

I have two Ekahau NIC-300-USB that I set to passively scan all channels – one set to 2.4GHz and one set to 5.0GHz. You have the option to remove channels from the scan and only scan selected channels more rapidly, but I prefer to leave all channels selected so I can pick up on neighbors and rogues that are outside of the standard channel plan. Now, the NIC-300-USB is a very expensive and high end wireless NIC so it can paint a rosier picture of the wireless environment than you might like… so don’t take the bright green raw data and think “everything is fine!” You can get around this by asking Ekahau to simulate the measurements with various weaker clients when reviewing the data. To do this, go to the “Options” drop down menu and select the Adapter type from list at the bottom of the menu.

Adapter Simulation

In addition to the two NIC-300-USBs, I always set up a third NIC to act as an associated active client and have it constantly ping the default gateway (or, in some cases, perform a throughput test). Having an active client is critical in my opinion. If you only measure passively you won’t have any idea where roaming breaks down, areas of packet loss, how long your client sticks to an AP, and so on. Having at least one active client is a must.

Finally, set up a spectrum analyzer and have it capture the RF health from the 2.4GHz band. If you have two, that’s great – you can capture dual band information. But if you only have one, prioritize scanning the 2.4GHz band as it is more prone to disruption.

Be sure to load up your entire rig and test it for AT LEAST 15 minutes before doing this “live” with a client. Nothing is worse than getting onsite and having the NICs constantly fail due to driver or power issues.

Also, remember to disable all unnecessary wireless activity on your laptop or tablet before starting the survey. If you’re downloading system updates while walking the floor you’re going to get some weird measurements. In addition, avoid using USB 3.0 devices as they can cause interference in the 2.4GHz band.

Try to get an escort for the walk around if you can. For one, walking around an office with a bunch of antennas and battery packs unaccompanied can raise eyebrows. I’ve been accused of trying to “hack the network” several times now. Two, having an employee with you gives you a chance to ask more questions and get their personal take on the system as you walk. The more info the better! Three, it’s much better to have a company escort when walking into various offices to take measurements, especially when you wander into executive offices. Yes, you will have to interact with a great deal of people and walk into every room if possible. A survey that only has hallway information is not worth much.

When walking, you have two options to capture the data within Ekahau… “Continuous,” where data is constantly being fed into the system as you move through the environment in a steady and controlled manner, and “Stop-and-Go,” where you take spot measurements one location at a time. I personally prefer to use “Stop-and-Go,” as it is less prone to human error and allows you to engage with users as needed.

Step Five – Spot Check:

Your work isn’t finished yet! Hopefully during your assessment you were able to identify specific problem areas, either from your escort or from the curious users. Go back to each of these locations and take some frame captures and some spectrum analysis measurements. Be sure to let each capture run for at least five minutes at each location. The more data, the better.

When reviewing the spectrum analysis measurements, I always look at the utilization information to see if the RF is being maxed out:

2.4GHz Utilization

And I also do a quick sweep to see if I find any interference from non 802.11 sources:

Non 802.11 Interference

The frame capture will give you a lot of information on their configuration… beacon frames in particular are very useful.To filter by beacon frames in Wireshark, type in wlan.fc.type_subtype == 0x8. From the beacon frames you can check the data rates, HT and VHT capabilities, security framework, and more. For example, to check the data rates present on the SSID:

IEEE 802.11 wireless LAN > Tagged parameters -> Tag: Supported Rates:

Beacon Data Rates

You can also check for retry rates using wlan.fc.retry == 1, check for authentication frames using wlan.fc.type_subtype == 0xb, and more. Frames don’t lie.

Wireshark is a very powerful and complex tool… and it’s free! If you want to become an expert with Wireshark, this book has been a great resource for me. But if you can swing it, Metageek’s Eye P.A. software is a great tool to give you a visual analysis of airtime and L2 wireless health that make for a great presentation.

Step Six – Making the Report:

Now for the fun part. Spend a few days reviewing your data and going through the heatmap and the measurements with a fine-tooth comb, looking for any oddities. When building the report, less is more. Make it easy to read and only include relevant information that addresses the pain points that you discovered. I personally like to put a summary of any issues found and potential first steps to resolve them on the cover page for easy digestion. I also like to set up a webinar to discuss the findings and answer all questions before handing off the document to be sure that everything is understood and wrapped up nicely.

Common issues that I immediately look for in my data include:

  • Presence of low data rates
  • Areas with poor coverage
  • Non 802.11 interference
  • Inefficient channel useage
  • Issues with roaming and/or dropped packets
  • 802.11b networks
  • Rogue or unauthorized APs

There are two things to keep in mind when giving the presentation:

First, unless you are dealing with a high density installation, RF optimization is not always the magic cure-all for network problems. It’s easy to point the finger at the 1Mbps data rate and the 80MHz channel as being the culprit, but if you only have 10 stationary clients associated on average and they are constantly disconnecting from the AP… it’s unlikely that the RF is the root cause. Optimize the wireless as much as you like, but be prepared to start diving into the wired side of the network as you look for problem resolution. It’s critical to know both the wired and the wireless sides of things to be an effective resource.

Second, don’t make ultimatums. If you are a hired gun, you’ve only spent the last several days battling what the customer’s IT department has been battling for some time now. Don’t speak in absolutes or immediately assume design flaws. Instead, diplomatically make recommendations and try to understand why things are configured the way they are.

That covers the highlights. If you’re interested in getting started and have questions, feel free to send me a message – I’d be happy to help.

Packet Wrangling Podcast – Episode 2

So, remember when I said that I would be doing these once a week?

Yeah, that was before life came along and decided that it had a different plan in mind!!

Apologies for the long silence. I actually started this recording well over a month ago, but tonight is the first night in a very long time that I’ve had time to actually sit down and put the finishing touches on the recording. We won a large services contract for a very large company (Fortune 10) to roll out new network segments at their datacenters across the US. So I’ve been on the road constantly, dealing with 11 PM to 6 AM change windows, change management meetings, status reports, project managers, and all kinds of “fun” stuff on top of actual network engineering… and then on top of that we’re buying a house and moving to a different state. A huge shout out to my wife for being a rockstar during this trying time.

Without further ado and rambling from me, here’s Episode 2 of the Packet Wrangling podcast. This one covers common wireless architectures and the pros and cons of each. Enjoy!

 

cropped-blocklogo

Make OFDM Great Again

So 802.11ax promises to “reinvent” our dear OFDM technology and bring us to a new promised land of OFDMA. Fly your wireless networking expert flag with pride with this t-shirt!

https://www.zazzle.com/make_ofdm_great_again_t_shirt-235065886507498299

Capture

No, that ain’t me wearing the shirt sadly.

Building your own Battery Pack

Snapshot

So, you’ve built your predictive design and now it’s time for the rubber to meet the road – the infamous AP-on-a-Stick survey. To perform this piece of your wireless design you’ll need a lot of “unique” gear… tripods, laptop shelves, tons of wireless adapters, APs, and enough battery power to get you through the day.

When I was building out my survey kit, I noticed one flaw with the “professional” battery packs built for wireless surveys. Beyond being very bulky and expensive, the majority of them only support 802.3af. The newer and larger APs often prefer 802.3at (also called PoE+) these days. In some cases, they can use 802.3af, but they turn off several spatial streams in the 2.4GHz radio to adjust for the lack of power.

That’s less than ideal, isn’t it?

Thanks for the Internet, I was able to cobble together a pretty affordable battery pack that supports both 802.3af and 802.3at and lasts an incredibly long time. Here’s the pieces and parts that have worked for me:

Intocircuit 26000mAh High Capacity Battery Pack

Tycon Systems TP-DCDC-2448GD-HP DC Converter

Power Jack Adapter Plug

The total will run you about ~$140.00 and it lasts for an extremely long time. Just power up the Intocircuit, hook it up to the Tycon converter using the adapter, and connect your AP. I’ve used it for several gigs now and despite looking a little “homemade,” it does the trick.

Aruba UAP Boot Process

aruba_question

There’s been many exciting announcements at the Atmosphere 2017 conference and it’s been really great to meet a bunch of the fellow wireless twittersphere. All in all, definitely worth the time to attend.

Many other wireless minds have been covering a lot of the “cool” stuff – new ArubaOS8, new machine learning analytics with RASA and Niara, new monitoring tech with Airwave Glass and Clarity Synthetic, crazy new ways of wireless with 802.11ax, and more.

But one thing that really stood out to me personally is the new Univeral AP code that’s being rolled out to their new APs. Those of you familiar with Aruba know that there used to be two primary “versions” of hardware – Instant and Campus. Campus APs were meant to be used with a controller and they were sold without region locks, assuming that the controller would handle the regulatory compliance. The advantage was that they locked in real quick to a controller with auto discovery. The disadvantage was that there wasn’t a supported way to flash them into an Instant system, so hope you like those controllers you got there. The Instant APs had more intelligence at the edge and had region locks baked in at order, and they could move back and forth between Instant and Controller architectures – but to have them discover a controller required manual intervention, meaning that converting a large scale Instant roll-out into Campus methodology was a pain in the ass. Both were sold at the exact same price point.

The new “Universal” code means that an AP can become either a Campus or Instant AP from birth without any funky conversions. The self discovery process has become much longer though, so to spare you from any hand wringing as the APs slowly toddle towards configuration, here’s the new boot process that was shared at Atmosphere 2017:

  • Static master assignment preconfigured
  • DHCP based discovery using DHCP options assigned by DHCP server
    • NOTE – This uses option 43 to give the controller IP address to the AP
    • NOTE – make sure that option 60 on the server is set to listen for the string “ArubaAP” – without option 60 configured, the option 43 response won’t fire.
    • NOTE – The AP has to have basic DHCP and DNS discovery for any automated discovery to tick. If it doesn’t, it will reboot constantly. Yes, you will need to edit the CLI config to allow APoaS site surveys
  • Aruba Discovery Protocol based discovery
    • NOTE – this only works if either the controller is in the same broadcast domain as the AP or if multicast forwarding is configured (multicast address used is 239.0.82.11)
  • DNS based discovery (this is what Aruba recommends as best practice)
    • NOTE – the AP will look for aruba-master
  • Instant Virtual Controller Discovery
    • NOTE – this means that the AP will reach out in its own broadcast domain with the PAPI protocol to find a local Instant AP that is elected as VC
  • Airwave Discovery
  • Activate Match Airwave
    • NOTE – Activate is Aruba’s cloud based provisioning service. The AP must be able to communicate on the Internet for this step or the following two to work.
  • Activate Match Central
  • Activate Match CAP/RAP
  • Broadcast Instant Provisioning SSID
    • NOTE – And here’s where you are off to the races with the Instant platform!

Quite a journey, isn’t it? Nice that we’ll be able to purchase as single SKU now though.

 

 

 

Atmosphere 2017

atmosphere2017

No podcast/blogpost this week, as I’m out living it up in Nashville with some of the best and brightest minds in the wireless networking industry! They’ve revealed a lot of exciting new features in just the first day, ranging from the ambitious machine learning based security on the internal network to the practical new wired tunneling techniques and multi-zoned APs. And yes, the presentations are more than just marketing fluff. I’ve already attended several great sessions, including a technical deep dive on 802.11ax, with many more scheduled for the next several days. More to come.

Also, the ongoing Amazon S3 outage just proves that the cloud really is just someone else’s computer.

 

 

PacketWrangling Podcast – Spectrum Analysis

cropped-blocklogo

Welcome to the first Packet Wrangling podcast! In this episode, we take a quick look at spectrum analysis technology and discuss why it’s important both for new deployments and to troubleshoot existing installations.