WiFoo..The.Secrets.of.Wireless.Hacking [Electronic resources] نسخه متنی

Key Features of a WLAN

Users believe that many features are critical to selecting the architecture and components that comprise a WLAN. In the past, range and throughput were the primary factors used to evaluate WLANs. Although these can be two important items, they are, by far, not the only or the most important in many systems. With the wide range of applications and devices used in conjunction with a WLAN, it is vital to evaluate the various features and architectures used in WLANs today.

Note

Although every design and application will vary as to what the most important features of the WLAN are, several features are usually critical to WLAN systems for growth, performance, and versatility. Some of today's WLAN architectures include many or all of these items, and many do not. It is critical to verify what is appropriate for your system.

Aside from the features discussed earlier in the book, such as virtual local-area networks (VLANs), quality of service (QoS), roaming, and security, consider several other features when selecting a WLAN infrastructure. Many of these features are not in just the access point (AP), but actually reside either in the management station or as a combination of operation between the AP and the management station. Be certain to analyze the systems you are considering to see which system can meet your needs. The following sections discuss some of the additional features to look for in an AP.

Software Upgrade Capabilities

Although many of us do not like to think about upgrading software in our systems, it is a way of life in networking. New features, patches, and performance improvements are continually being made in firmware. Therefore, you must have a method of upgrading your systems. In the case of a single, or even a few APs on the system, upgrading can be done on a "one-at-a-time" basis. As the number of APs on your network increases, however, upgrading becomes much more of a resource (and time) issue. A good system should have multiple methods for upgrading firmware.

Some of the more common upgrade methods include uploading from a web browser, SNMP, FTP, and TFTP, or custom applications. In some cases, you can even distribute from one AP to all others on your system. Regardless which system you choose, consider the length of time it takes and ease of which upgrades can be accommodated, because upgrades will be required if you have a WLAN system installed for more than a few months.

Most APs on the market today permit upgrading of the firmware, but it is important to select a product that can be upgraded with not only firmware, but radio hardware as well. Many APs contain a radio that is embedded into the device and cannot be changed. This means if a new technology comes to market (as happened when 802.11g technology superceded 802.11b technology) there may be a need for a complete AP replacement. Being able to replace just the RF section provides a much lower cost of upgrading. As you will learn in the section "Various WLAN Architectures" later in this chapter, some APs have removed much of the intelligence and hardware from the AP and placed it in a centrally located device. However, the AP must still contain the actual RF transceiver. The ability to upgrade the RF section of the AP can be extremely cost effective when upgrading is required.

Rogue AP Detection

Far too often, managers and IT folks, who have not yet installed a WLAN, believe they do not have a WLAN on their network. Or that with an IT-installed WLAN, that these corporate APs are the only ones on the network. It is very common to find rogue APs (APs that have been placed on the networks without the permission of the network administrator) on networks, both in locations that already have IT-installed WLANs, but particularly in those that do not. The WLAN installed should include APs that are part of a system that can assist in detecting and locating rogue APs. Many WLAN products just detect interfering APs and market this as something important, but there should be some features that assist in locating where the device is in your facility.

Flexible and Secure Mobility

Enabling users to roam between different APs, subnets, buildings, and WLAN systems is vital to WLANs. A WLAN should be able to marry each user's security profile with the required mobility. A good WLAN system enables you to define per-user security policies that follow the user. In wireless environments, enterprises may choose to use encryption mechanisms that operate at Layer 2, Layer 3, or both. Such security should be applicable to different users or communities, simultaneously. Remember, existing VPN technology cannot scale to WLAN performance levels, so the WLAN system must provide this capability. Perhaps most important, for encryption to be robust and flexible, it requires more than a single point of processing (such as a core security processor). If encryption is done at the radio device itself, it usually results in faster processing and improved throughput performance. In addition, you typically have a more secure system if authentication is handled at the AP, preventing unauthenticated packets from ever entering any portion of the wired network. For more on security, refer to one of the many books that have been written dedicated to WLAN security, such as the Cisco Press title Cisco Wireless LAN Security, by Krishna Sankar and Sri Sundaralingam (October 2004), as well as the Wi-Fi Alliance website (www.wi-fi.com).

Assisted Survey and Installation Tools

Many systems rely on experienced personnel to do the site survey, installation, and configuration of a WLAN. This is one side of the measuring stick. On the opposite end of that stick, some products claim there is no need for a site survey at all. The vendors claim their products have software that can automatically adjust and configure all necessary parameters on the AP, so no survey is necessary. But reality resides somewhere in the middle of that stick.

Warning

Be aware of automatic site survey claims from vendors. In almost every case, there will be a need for some site survey work, including some range, throughput, and interference testing of a manual type.

Self-Healing Systems

Some APs require configurations that must be set and tuned manually. In the case of a small system, this is fine. As the number of APs on your system grows, however, manual configuration becomes a challenge. Many systems out there permit automatic adjustment of certain RF parameters. The most common of these are power levels, and channel or frequency selection. Some features can also be used to automatically maintain coverage in the event of AP failure (by power-level adjustments); other features enable you to adjust frequency selection to compensate for interference. WLAN systems should not only have the capability to measure the RF characteristics of a facility on a continuous basis, they should also be capable of recalibrating RF settings on APs to accommodate for these type of changes, thereby reducing the possibility for repetitive site surveys, unless there is a major change in the physical environment.

Remote Debugging

Some very useful features for your WLAN fall under what is commonly known as radio management. These are features that enable you to manage the RF portion of the WLAN and to perform tasks such as remotely capture wireless traffic, identify and display interference signal levels, and gather WLAN client information, all from a central point of management. Although most IT troubleshooters are familiar with wired tools for performing these troubleshooting tasks, radio management is a new world, and the point of capture changes. You cannot troubleshoot what you cannot see. Other tools are also available, and you will learn about them in Chapter 10, "Using Site Surveying Tools."