winc0827 - UBC Radio Science Lab
Download
Report
Transcript winc0827 - UBC Radio Science Lab
Evaluation of WiNc Manager
A Wireless Network Management Software from
Cirond Technologies Inc.
by
Kassim Olawale
Radio Science Laboratory
Department of Electrical and Computer Engineering
The University of British Columbia
August 27, 2003
Outline
WiNc Manager Testing
Features
Further testing of features
Recommendations
Evaluation of WiNc Manager
WiNc Manager Testing
Beta testing started in June
Software downloaded and installed
APs were set up and connected to a wired
network for testing
Assessments based on the software
documentation and tests
Evaluation of WiNc Manager
WiNc Manager Features
Summary of Important features
Basic AP configurations
Network load balancing
Channel Assignment
Security
Mapview
Advantages and disadvantages relative to
campus network
Evaluation of WiNc Manager
Basic Access Point Configurations
read, set or change most variables that
configure an Access Point
Communicates with APs using Simple
Network Management Protocol (SNMP)
If the AP does not support SNMP, Hypertext
Transfer Protocol (HTTP) is used
Evaluation of WiNc Manager
Basic Access Point Configurations
Access Point Name
Subnet Mask
Manufacturer
Gateway
Firmware Version
Wireless Transmit Rate
Regulatory Domain
Wireless Transmit Power
SSID
MAC Address Filter Lists
Description of AP
Channel number to use
MAC Address
IP Address
MAC Address Access
Control Lists (ACLs)
Packet Fragmentation
Threshold
RTS Threshold
Statistics
Evaluation of WiNc Manager
Basic Access Point Configurations
Evaluation of WiNc Manager
Basic Access Point Configurations
Advantages
Enables a single location for changing AP
configurations for entire network.
Changes can be applied to any number of APs at
once (depending on variable being changed).
Disadvantages
Not all variables are available for editing.
WiNc Manager currently does not support Cisco
Aironet AP1200 running IOS. It supports
VxWorks on AP1200 and IOS on AP1100
Evaluation of WiNc Manager
Network Load Balancing
Load balancing using number of clients in
network
Threshold number of clients beyond which
redistribution is triggered can be manually
set
If no threshold specified, the software
attempts to keep number of clients on all
APs equal
Evaluation of WiNc Manager
Network Load Balancing
Evaluation of WiNc Manager
Network Load Balancing
Advantages
Constantly overloaded APs could be easily
relieved
requires that such APs’ coverage areas overlap those of
other AP(s) with smaller number of clients
Disadvantages
Aggregate throughput on an AP could reach a
maximum even with low number of users
Evaluation of WiNc Manager
Channel Assignment
Can assign channels to APs automatically
using four of the eleven channels in the
IEEE 802.11b standard
Evaluation of WiNc Manager
Channel Assignment
Advantages
Manual management of channel allocations to APs, while
still possible, is not necessary
Capacity is increased by one-third over the traditional
three-channel network deployments
Disadvantages
Research suggests that it should be possible to use more
than four of the eleven channels provided in the IEEE
802.11b standard. This depends on the physical distance
between the APs with overlapping coverage area and their
transmit power.
Evaluation of WiNc Manager
Security
Use of Wired Equivalent Privacy (WEP) with
automatically rotated keys
MAC Address filter list
Provisioning of network access for clients
Evaluation of WiNc Manager
Use of Wired Equivalent Privacy
Four keys can be provided at a time
Supports keys of length 64, 128 and 256 bits
Same WEP keys can be provided to multiple APs at
the same time by selecting the APs before making
key changes
WEP will be used for data transmission, but may
also be used for authentication
AutoKey (optional)
Automatic distribution of WEP keys to clients using
Cirond Technologies WiNc or pocketWiNc software
Automatic key rotations (following a specified schedule)
Evaluation of WiNc Manager
WEP : AutoKey
Evaluation of WiNc Manager
Use of Wired Equivalent Privacy
Advantages
Data is protected when transmitted with WEP encryption
AutoKey eliminates the need for network users to
manually enter unfamiliar WEP keys on their user
equipment
AutoKey also allows rotation of keys on schedule
Disadvantages
AutoKey requires that users install Cirond Technologies
software on their user equipment
Without AutoKey,
users have to manually enter WEP keys in their equipment
WEP keys cannot be changed regularly enough to defeat an
intruder’s effort to learn the keys from transmitted packets.
Evaluation of WiNc Manager
MAC Address filter list
Clients may be allowed or disallowed access
to wireless network based on their MAC
addresses
Different MAC Address Access Control Lists
(ACL) for different APs on the network is
possible
Access control lists programmed onto the APs
New lists (external to the APs)
Evaluation of WiNc Manager
MAC Address filter list
Advantages
This may serve as an additional security feature
in the network
Disadvantages
It will be difficult to manage MAC Address lists
for a large network such as that in UBC
MAC addresses can also be copied by potential
intruders
Evaluation of WiNc Manager
Provisioning of Network Access
WiNc Manager creates an encrypted
provisioning data file
The file is used once by the client to
connect to the network and register access
requires that the client be running Cirond
Technologies software
WiNc Manager maintains automatic key
distribution to the client (if WEP keys are
set and AutoKey enabled)
Evaluation of WiNc Manager
Provisioning of Network Access
Evaluation of WiNc Manager
Provisioning of Network Access
Advantages
If provisioning is enabled, only clients that have
been provisioned can access the network
Access to the network can be denied to specific
clients by disabling their access provisioning
Disadvantages
Provisioning of network access requires that
clients run Cirond Technologies software
Evaluation of WiNc Manager
Mapview
Real-time graphical presentation of the wireless network
Background will represent plan of the physical location of the
APs (optional)
APs not configured will be shown as rogue APs
Physical location of APs require an initial setup in WiNc
Manager
Shows APs and clients in the network
This is easy to achieve using the various setup and calibration
tools provided
Links are drawn between each client shown and all the APs it
is associated with
Location of clients are estimated using the location of the APs
they are associated with
Evaluation of WiNc Manager
Mapview
Evaluation of WiNc Manager
Mapview
Advantages
Useful in assessment of network performance and load (in
terms of number of clients)
Easier to explain why some APs are overloaded compared
with others in the same building or environment
APs that are offline and rogue APs are easy to spot
Disadvantages
Relies on clients running Cirond Technologies software to
report rogue APs
Location of clients may not be very reliable, unless they
run Cirond Technologies software
Evaluation of WiNc Manager
Further Testing
Set up clients to APs
use Orinoco RG1000 as clients
Test network load balancing
Evaluation of WiNc Manager
Conclusions
Some features in WiNc Manager are only available
or practical when clients run Cirond Technologies
software (WiNc for clients or pocketWiNc).
Examples of these features include the
use of WEP with AutoKey
reporting rogue APs on Mapview
positioning of clients on Mapview
provisioning of network access to clients
In a network that uses WiNc Manager, use of
Cirond Technologies software in clients is
recommended
Evaluation of WiNc Manager
Conclusions
Software was assessed for use in UBC wireless network
The advantages and disadvantages listed will help in deciding
suitability of the software
Additional considerations on WiNc Manager include
Cirond Technologies should enable support for Cisco Aironet
AP1200 running IOS
No other software is available to provide throughput load
balancing
Research on use of channel assignment algorithms better than a
four-point autochannel is still ongoing
Mapview, included in the software, is valuable for real-time
visual evaluation of the performance of the network
Evaluation of WiNc Manager