1 Wireless Update Byron Early & Marcelo Lew University Technology Services January 12, Westnet Meeting

2 Overview of Topics General Overview of Current Wireless Deployment at DU Point-to-Multipoint Backbone Links Interference Problems Network Adapter Bridging Problem Performance & Analysis Tools

3 Upgrading APs from b to DU

4

5 Web VPN Client Limited application capability MUST stay within browser window (No streaming, IM, etc.) SSL VPN Client (VPN 3000 Rev: 4.7.2) Same functionality as VPN client!! Windows 2000/XP support only IE, Netscape, Mozilla, and Firefox Active X Controls or Java Required Wireless Client Support

6  Wireless Backbone DU:  Provide Network Access for subset of buildings not linked by fiber optic backbone (located outside of contiguous campus) Several University Residence Buildings Numerous Fraternity & Sorority Houses English Language Center Upgrading Point-to-Multi-Point “Backbone Links”

7 Wireless Point to Multi-Point Backbone Links (cont.) Reason for Upgrading: Replace Legacy Equipment (Orinoco OR1100s) Originally installed to support only a few users per house – NOW 99% of residents have laptops Performance Increase: Interference: Move backbone links to “less crowded” air space (802.11a, 5 GHz UNII Band) Increase Throughput

8 Proxim MP-11a MP-11a: Lowest Cost Uplink Option Others: Milliwave, Laser, etc. - $$!! MP-11a Architecture Star Network Design (vs. Mesh)

9 Proxim MP-11a (cont.) Benefits (point-to-multi-point links) Uses a “polling protocol” (WORP) to share its medium (“deterministic”) vs ’s CDMA/CA Up to 24 Mbps of “usable, sustainable throughput” DDRS (Dynamic Data Rate Selection): Data rate adjusts dynamically based on signal strength value Helps compensate for temporary link degradation (heavy snow/rain) maintaining connectivity, BUT at lower data rates. Separate Data Rates supported for each link: One “slow link” does NOT reduce the data rates of others

10 Proxim MP-11a (cont.)  MP11a Versions:  MP11 Base Unit (BU)  Supports up to 250 SUs  MP11 Subscriber Unit (SU)  MP11 Residential Subscriber Unit (RSU)  Up to 7 Mac-Addresses (clients)  No PoE  Rugged and Non-Rugged Versions

11 MP-11a NON-RUGGED

12 MP-11a RUGGED BU w/ external antenna SU w/ built-in antenna

13  Security:  “Mutual Authentication” between BU & SUs prevents man-in-the middle attacks and rogue SUs  Encryption: 128-bit AES between BU and SU  802.1Q VLAN Support (256 Vlans/BU)  Storm Thresholds (packets per second)  Protects against network overloading Proxim MP-11a (cont.)

14 MP-11a Warranty & Reliability  Warranty: 1 year (hardware & software)  Replacement unit turn-around:  3-4 weeks turn-around on w/o service contract  Only 30 days free technical support  Reliability:  Deployed: 10 total units (5 BU, 5 SU)  2 failures (of of “ruggedized” model in 8 months)

15 Interference & Performance Problems (ISM 2.4 GHz Band) Cell-Overlap Interference: Cell size determined by transmit power & propagation characteristics of location Cell-Overlap (to enable “roaming”) should not exceed 20-30% ISM Band (2.4 GHz): only 3 “non-overlapping” Channels (1, 6, 11) Most DU installations require using all three

16 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) “Desired” Performance DU: Uniform, small cell sizes users maximum per AP (not always possible) Excellent signal-to-noise ratio (SNR): 30 dB or greater Win-XP Wireless Network Tool not accurate (Tray Icon) XP tool will not show “excellent” unless in close proximity to AP

17 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Higher Transmit Power in newer AP Radios: Upgrading existing networks with new APs increased cell- sizes Old: 30 mW transmit power Proxim AP-500, AP-1000 & AP-2000s New: 100 mW transmit power Proxim AP-700, 4000s Remedial Options: Reduce AP power 50% (50 mW, via Web Interface / AirWave) Re-positioning APs: costly, may not be possible

18 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Fluctuating Cell Size Problem: Received Power varies by location in building RF propagation in 3 dimensions unpredictable: Thickness & Composition: Walls, floors, etc. Metal railings, HVAC ducts, etc. Filing cabinets, books, etc. People SNR typically fluctuates ~8-10 dB at static location “Over-Lapping” AP signal can become strongest

19 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Observed Client Effects (fluctuating cell size) : Constant jumping between strongest signals APs web-interface, AirWave software Large drop in “throughput” “Timeouts” (pings, etc.) Dropped connections Re-association Delays: Delays vary by type of client radio card DU: layer 3 (dropping, re-authentication)

20 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Solutions (fluctuating cell size): Client Laptop: install external “directional” antenna Decrease AP transmit power Not always possible – can introduce other coverage problems IBM Built-in Laptop Tool: restricts connecting to AP by MAC address Other tools available: dependent on wireless adapter Need multiple profiles (“roaming” in other locations)

21 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) “b/g” Channel Interference from Rogue APs: Clients in Ad Hoc (IBSS) mode (20-40 mW) Students with personal APs Bleed-Over Signals at perimeter of campus (nearby homes and businesses) Rogue AP may not be “connected” into wired campus network port Cannot use tools to identify down to wired port

22 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Solutions ( Channel Interference from Rogue APs): Locate rogue equipment (YellowJacket – layer 1) AUP violation if connected to network Legality of interfering wireless not connected to network? Interference from Homes/Businesses Negotiate channel / transmit settings Increase transmit power Install directional antennas

23 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Immunity to Interference: High Interference Locations with “b/g” APs: 10-20% Packet Loss “Timeouts” (pings, etc.) Users complain of poor performance Modulation: b (QPSK) vs g (OFDM) QPSK – less affected by interference than OFDM OFDM-Modulated-Signal (Graph): Signal fills more of channel than QPSK (more channel over-lap) More evident modulation throughout entire channel than QPSK

b (QPSK) Channel 5

g (OFDM) Channel 5

26 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Solution of Last Resort (b/g locations): Set AP to “b” only mode Mitigates Interference problems No more packet loss Lower data rates, but improved throughput

27 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Device Proliferation in 2.4 GHz ISM Band: b/g Devices: Laptops, PDAs, Phones, Video, etc. Bluetooth Devices: Phones, PDAs, handhelds, audio/visual, mice, headsets, etc. etc.

28 Interference & Performance Problems ISM 2.4 GHz Band (Cont.) Bluetooth Interference: FHSS: 1600 hops/second across entire ISM band Affects all 11 (14) b/g channels Power levels vary: 1mW, 10mW, 100mW Received signal of -30 dBm considered “strong” Effects Increase with Power & Proximity to other wireless devices Distance of Bluetooth device from AP Laptop with Bluetooth-mouse & b/g wireless radio

GHz FHSS Cordless Phone (15 ft. Away) Ch. 5 (shaded) Phone signal FHSS > -30dBm

GHz Wireless Video Transmitter (15 ft. from AP) Ch. 6 Both Signals Video (darker) ~Equal!

31 Bluetooth-Mouse (15 ft. Away) Ch. 5 FHSS 15 ft. Max. -50 dBm

32 Bluetooth-Mouse (1 ft. Away) Ch. 5 FHSS 1 ft. > -30 dBm!!!

33 Windows XP: Network Adapter Bridging Problem Computer #1: Running Windows XP; Wired & Wireless adapters Typically a laptop Ethernet NIC plugged in to “wired network port” “Bridge” created between “wired” & “wireless” adapters Manually (by user) or Automatically (Win-XP bug, patch available) DHCP: IP addresses offered to both network adapters (normal) DU: DHCP Server is Cisco Network Registrar (CNR) DU: “Wireless” Adapters get 10.n.n.n address (“non-routable”) Client is using the “wired Ethernet port” and is unaware the wireless adapter has “associated” with an AP

34 Windows XP: Network Adapter Bridging Problem Computer #2: On same wired subnet as computer #1 Also running Windows XP & NIC plugged into “wired port” Often a desktop computer without a Wireless radio adapter Computer #2 Issues DHCP request through “wired adapter” DHCP request gets picked up by Computer #1 and “bridged” out its Wireless Adapter DHCP Servers answers the request “bridged” through Computer #1 and receives an incorrect “wireless address” (10.n.n.n) and cannot connect to network (wired-VLAN, ACL-blocked) User calls Help Desk to complain about a network problem! Computer #2 sometimes receives the correct address to really confuse the Help Desk

35 Windows XP Network Adapter Bridging Problem (Explanation) “CHADDR” Field in DHCP Requests: CHADDR Field gets populated with the MAC address from the network adapter of the computer actually issuing the DHCP request (not the computer “bridging the request”) In a proper DHCP request the CHADDR MAC Address should be the same as the MAC Address of the Ethernet Frame carrying the request In the problem case, the CHADDR MAC address comes from Computer #2, while the Ethernet Frame carrying the request comes from Computer #1

36 Windows XP Network Adapter Bridging Problem (Solution?) Possible Solution: (from Cisco TAC) Create a “Filter Expression” for CNR: Filter: CHADDR Field MAC address must match MAC address of frame carrying DHCP request payload DHCP Server (CNR) will Ignore requests not meeting the condition of the filter (but will respond to the correct request from Computer #2 that didn’t get picked up & bridged by Computer #1) DU testing the solution now... Stay tuned!

37 Software Tools (Bluetooth Analysis) “BlueWatch” (from AirDefense, cost unknown) OS: Windows & XP Identifies type of interfering device Displays key attributes, services supported, and with whom it connects

38 Software Tools (Bluetooth Analysis) “BlueScanner” (from Network Chemistry, freeware) OS: Windows XP Identifies type of interfering device Displays key attributes, services supported, and with whom it connects Provides Location information

39 Software Tools (Bluetooth Analysis) “BlueSweep” (from AirMagnet, Freeware) OS: Windows XP SP2 Capabilities: ?

40 Network Troubleshooting Tools (for laptops & PDAs) Wireless Protocol Analyzers “Sniffer Portable LAN Suite 4.8 SP1”: (from Network General, ~$4500) SW that runs on a Laptop “AiroPeek NX 3.0”: (from WildPackets, ~$3000) SW for Laptop

41 Network Troubleshooting Tools (for laptops & PDAs) Site Survey Analyzers: “AirMagnet Surveyor Pro 2.6” (Laptop; ~$3200) “Software Suite - Berkeley Varitronics” “Hive”, “Site Initiator”, “Site Investigator” ~$2500 for 3 software suite YellowJacket hardware is ~$3200 Plots results on AutoCad “floorplan”

42 Network Troubleshooting Tools (for laptops & PDAs) Site Survey Analyzers: “Ekahau Site Survey Pro 2.1”: ~$3700 SW runs on laptop Allows predictions of RF coverage Requires entry of construction data

43 Network Troubleshooting Tools (for laptops & PDAs) Wireless Performance & Security Analyzers: “AirMagnet Laptop 6.0” (~$3500): Runs on Windows laptop Allows connecting to AP as a client Channel Selectable Information: # of Packets, # APs, power levels, etc. Packet-capture & decoding Rogue AP detection

44 Network Troubleshooting Tools (for laptops & PDAs) Wireless Performance & Security Analyzers: “YellowJacket” (from Berk0Var 2.3 ~$3200): Harware-Analyzer / IPaq tandem (HX2415 or HX4700) Connects to PDA via FlashCard Performs spectrum analysis Cannot connect as “client” (monitor mode only) Layer 1: Rogue AP detection & directional locator Layer 2 “b/g” analysis: (beacons, probes, multi-path, etc.) Channel Selectable Information: how busy, # APs, power levels, etc.

45 Network Troubleshooting Tools (for laptops & PDAs) Wireless Performance & Security Analyzers: “EtherScope Pro Network Assistant 2.0” (from Fluke Networks, ~$8000) HW device, build on Linux platform Rogue AP detection Channel Selectable Information: how busy, # APs, power levels, etc. Authentication & Association analysis

46 Network Troubleshooting Tools (for laptops & PDAs) Spectrum Analyzers: “Bumblebee” Spectrum Analyzer: (from Berkeley Varitronics; ~$2500) Advanced handheld spectrum analyzer HW & SW (“Pocket PC”) Connects to PDA via FlashCard

47 Network Troubleshooting Tools (for laptops & PDAs) Wi-Fi Power-Output Analyzers: “Caterpillar” (from Berkeley Varitronics ~$750) Hardware device Detects power output in 2.4 & 5 GHz Connects to “intentional radiator”

48 Network Troubleshooting Tools (for laptops & PDAs) Freeware: “NetStumbler” & “MiniStumbler” Windows & XP: NetStumbler Window Mobile: MiniStumbler Both are Freeware AP detection (SSID, channel, SNR) Infrastructure or Ad Hoc mode information

49 Network Troubleshooting Tools (for laptops & PDAs) Freeware: “Kismet”: OS: Runs on Linux Freeware AP detection (SSID, channel, SNR) Infrastructure or Ad Hoc info Packet decoding (beacons, probes, payloads) Intrusion Detection

50 Network Troubleshooting Tools (for laptops & PDAs) Freeware: “Ethereal”: OS: Runs on Windows & Linux Freeware Decode & Analysis of header Chipset must be in monitor/”promiscuous” mode MS-Windows drivers do not allow monitor/”promiscuous” mode Open Source drivers needed to enable monitor mode

51 Network Troubleshooting Tools (for laptops & PDAs) Freeware: “Auditor Security Collection” Freeware – Open Source Tools Windows: Run-time version of Linux Debian Linux environment in RAM-Disk AP detection (SSID, channel, SNR) Infrastructure or Ad Hoc info Packet decoding (beacons, probes, payloads) Decode & Analysis of header

52 QUESTIONS ????