Transcript Wireless Networking Update University of Denver

Wireless Update –
Lessons Learned?
Chad D. Burnham & Byron D. Early
University Technology Services
January 15-17, 2003 @ WestNet
1
Wireless Advantages:


Convenience & Flexibility
Traditional Wiring too costly, too difficult, or not
allowed:





Outside Areas
Historical buildings
Auditoriums, open common areas, etc.
Building Construction: gypsum “hard deck”, etc.
Buildings not on fiber network


2
Point-to- Point, Point -to-Multi- Point.
DU: Residence Apartments
Political Issues:

Architects:
Some view wireless as an inexpensive replacement for
wired networks, especially for new buildings
 Antenna Aesthetics inside & outside

“Rogue Departments” see themselves as center of
the universe & want wireless done their way

3

Disregard for interoperability

Must be addressed at higher level
Formalizing Wireless Policies:

Acceptable Use Policy (AUP)


Authorized by highest level administration
Wireless Users:
Must be informed & understand rationale for policies
 Must agree to AUP before allowed network access




Personal Wireless Equipment Not Allowed
Enforcing AUP:

4
DU: Agreement @ VPN download
How?: Monitoring, Detecting, Warning, Penalties
Technology Concerns:

Bandwidth limitations:




Shared & Half-Duplex: not a replacement for “wired”
Performance: Not adequate for certain applications
Ethernet Speed/Duplex & RF Signal overlay issues
Privacy & Security


Encryption & Authentication
DU: Network Snooping


Separate L2/L3 VLANs for Wireless networks (not ‘on-top’ of
existing)
“Accidental” DHCP Server: Student Apple Airport device

5
Option 53 on Cisco 3550 & 4K
DU Encryption & Access - VPNs:

DU using Cisco 3030s for VPNs




IPSEC-3DES – 168Bit encryption
No other viable alternatives @ deployment
Emerging alternative: 802.1x & WEP2 (802.11i)
Authentication & Authorization:


VPN Client software leverages DU’s ERP Package:
Banner database for AA functionality
RADIUS: “Radiator” on Solaris 8 fed by Banner
(nightly – soon to be hourly)


6
Handles ACCOUNTING / Audit trail
Working on procedures to deal with “Guest
Accounts”
DU Encryption & Access – VPNs (cont.)

DU “Branded” Cisco-VPN Client Software for:
450 Unique users for Fall 2002 – and growing
 Logo, .pcf file

Have Visio process diagram to share
 “Mode Config”: allows centralized config


Cisco Client Software: Free for the following:
Windows: 2K, XP, also - 98/Me/NT4
 MAC OS 10+,Solaris, Linux


Pocket PC: (User must purchase - beta)
Movian: ~$15
 Funk: ~$15 – not working yet

7
DU Encryption & Access – VPNs (cont.)

MAC Address Registration (on APs)




High management overhead – not scalable
Must re-enter on AP if card is swapped out
DU: Ricks Center (K-8), special instance
DU Not Using: L2 WEP/WEP2 Key encryption


WEP2 (802.11i) not yet ratified
DU using VPN layer 3 solution


8
Encryption & AAA
Windows XP SP-1 introduces a “unsecure” message
when installing network without WEP
ACLs: “Locking Down” Wireless LANs

Router Access Control List Objectives:










9
# Allow IPsec to VPN Concentrators
# Allow MSFCs to see each other for HSRP
# Allow bootp broadcast request from client
# Allow bootp answer from server
# Allow DNS to iVPN DNS server
# Allow download of client VPN software
# Allow MGMT station to ping router and AP's
# Allow systems to be pinged for troubleshooting & monitoring
# Allow snmp from APs (to management station)
# Deny all else
Expanding Wireless @ DU:

Number of Users:



~5000+ student laptops on & off DU network
~350 faculty use laptops via departments, grants
(some self funding)
Student Survey Results:


Faculty/Departmental Requests:

10
Want/Demand more “wireless hotspots”
Classroom Flexibility (indoors & outdoors)
Expanding Wireless @ DU (cont.)

Current Installed Base:


2003 Planned Additions (“short list”)






11
85 total Access Points in 27 L2/L3 VLANs
Business School (entire building)
Ritchie Wellness Center (“Magness Arena”)
New Law Building (entire building)
University Hall (U. Coll. Classrooms)
Boettcher Auditorium
Chamberlain Observatory
Expanding Wireless @ DU (cont.)
Coverage
Areas: Where & Whose Budget
Confined
DU:
Inside Campus Boundaries:
No support for off-campus “leakage”
Issue:
Edge-of-Network Interference from non-institutional
wireless networks (Ricochet, Starbucks, etc.)
Common
Areas: (DU Network Services funding)
Auditoriums,
Outside
“hot spots”
Departmental
Offices,
Areas: (DU Dept./Division/Central Funding)
conference areas
Classrooms
12
lounges, eating areas
13
Support & Budget Concerns:
Technical
Radio
Support / People:
Card Installs: its all about the “DRIVERS”
VPN
Software: Installation/configuration
User
password issues - AD / LDAP / Kerberos / Radius?
RF-expert
Upgrade
on staff?
& Maintenance Costs
Evolving/changing
Incompatibilities
Policing
14
wireless technologies & PC operating systems:
with installed base
Supporting Clients:

Client Devices Supported:

Laptops, Desktops, (PDAs future, beta today)

Minimal Hardware Requirements:


15
DU Laptops: Pentium II, 233 MHz, 128 MB RAM

VPN Software impacts performance

Recommendations often ignored
Wireless Radio Cards Supported:

DU Proxim (Lucent to Avaya to Agere to Proxim)

Minimal problems with other radio cards
Ricochet:
 Commercial WAN Wireless Provider

2nd Round of financing
Approached DU to place antenna on Campus & Market
service.




Frequencies used:

Uses 900 MHz between AP & Client PC Card

Uses 2.4 GHz for network backhaul
Backhaul Interference with Campus WLAN?


16
No Financial incentive to DU
DU awaiting test results from company – they say no….stay tuned
Proprietary Frequency hopping technology
Supporting Clients (cont.)
Operating
DU:
Win2K, XP, Mac OS 10+
Beta:
Help
Systems:
PocketPC (Movian VPN Client)
Desk Support:
OS,
Drivers, 3rd Party Software Problems
Walk-in
& Telephone Support
Troubleshooting
17
Flow Chart
Escalating
help procedures to “tier one”
Web-Page
Guidelines
Wireless Troubleshooting for HelpCenter
SYMBOL
LEGEND
User calls helpdesk
or
User walks into
helpdesk area
Yes
Install by OS Type
from default page
(follow installation
instructions on handout)
No
Currently have
Signal?
Yes
s
Ye
Have latest drivers
and flash upgrade to
card?
Predefined
Process
No
Manual Input
Card Installed?
Yes
Yes
VPN Software
Installed?
Yes
Manual
Operation
Yes
Can person connect
w/ BannerID/Pin?
No
Stored Data
No
Able to reach iVPN
page in browser after
IPCONFIG
Renew?
Yes
Are SSID Settings
Correct?
Yes
Check Radius Database.
<link>
Is ID. & Pin entered
correctly?
No
IPSec Tunnel has
130.253.X.Y Address?
Manual
Operation
Yes
Adapter/Card
TCP/IP set for
DHCP?
No
Yes
Decision
Come to Help Desk
in Penrose for
assistance
Get to
www.du.edu?
Can Ping iVPN Page on
another machine?
vpnweb.cair.du.edu
Yes
*Students must call
Registrar x 12285,
Yes
Get to:
www.cisco.com
www.9news.com
(Other Sites?)
*Staff call HR
(@1XXYY) for reset
Yes
No
VPN Helpdesk
Is the current access point working?
1. Check with HelpDesk laptop
2. Check Access Point Web-Page (Link)
18
No
Start RT Ticket
http://
rt.du.edu:8080/
Edit Date: 09/15/02
Rev: 1.2
Filename: VPN_Process.vsd
Creators: cburnham &
svalerio
Company: DU = UTS/NS
Hardware Infrastructure:
Access
Points:
Single
vs. Multiple vendors
Interoperability:
“Rogue”
“roaming” issues, etc.
Access Points
Labor:
time consuming, task grows as wireless costs drop &
devices proliferate (whose group is responsible?)
Tools
for detecting:
Spectrum
Analyzers
Specialized
Laptops
19
Appliances
& 3rd Party Software (NetStumbler, MiniStumbler, etc.)
Site Survey Recommendations:

Outside Firm vs. In-House



Dictates # of APs and placement of APs


Gives initial grasp of hardware needs  installation
costs
Cannot do “valid” site-surveys from blue-prints

20
Outside Costs: ~$100 per/hr per/person
DU tried 2 different firms – now done “in-house”
New buildings: radio waves propagate much
differently with furniture and people present
Site Survey
Recommendations:

Use 3 people to do the surveys:

1 person @ proposed base area with AP & various
antenna types



2 people on wireless laptops (w/802.11x radio) &
handheld walkie-talkies


Documenting SNR (in software) – to be overlaid on to
maps/floor plans.
Inconsistent RF Results:

21
Changing Antennas type/position/location
Documenting results

Varied SNR values (10-18 dbi!!) depending on NIC,
OS & Laptop Configuration (internal/external, etc..)
Build network for poorest performing radio cards
Site Survey Recommendations:
(Cont.)

Assemble “Site Survey Tool Kit”






22
Detailed layout/blueprints of building(s) on hand
Portable battery pack for AP
AP & Radio Cards: use same brand as equipment to
be “Enterprise-supported”
Net Stumbler w/ GPS
Variety of Antenna types!
Misc: digital camera, tie wraps & tape, flashlight, etc.
RF Site Survey Analyzers
(Hardware & Software)

OSI Layer 1/2:


Grasshopper & Yellowjacket Plus
Mapping Software:


OSI Layer 2/3:




23
http://www.bvsystems.com/Products/Software/Birdseye/birds
eye.htm
Air Magnet–Handheld–iPAQ /Laptop - ~$3,600
Fluke:Handheld-iPAQ(Linux)–WaveRunner ~$4K
Fluke:Tablet Add-on – OptiView Integrated Network
Analyzer - $30k
Sniffer Wireless for PDA – 1 Year Software Licence
Wireless-COAX 

Cabling from Antenna to Access Point



COAX Properties:




24
Keep coax to minimum length
Move the data cable & AP before making coax longer
50-Ohm Impedance
Low signal loss properties: rated in dB/100 ft.
Not Recommended: Balun (75 <-> 50 Ohm) & Amplifier
combo units available to deliver over cheaper RG-6
Coax (adding a point of failure)
3 Major Manufacturers: Times Microwave “LMR”
(becoming generic term), Andrew’s Heliax Cable,
Belden’s RF-Series
Coax (Cont.)

“Leaky Feeder Coax”




Used as “base-station” antenna
“Leakage Slots” in outer foil conductor
Applications: tunnels, corridors, etc.
Sized as “LMR” 600
Expensive
 Performance: Did well in single test, reception
good up to 30 ft. from cable

25
FCC Part 15 Power Limitations:

Intentional Radiator: 1 watt maximum

Amplifiers:



Antennas:


Point-to-Point: 4 watts max. EIRP (Equivalent
Isotropically Radiated Power) from antenna
Point-to-Multi-Point: Sliding Scale Power Rule

26
Used to increase distance
Access points typically 15-100 milliWatts
Allows power levels above 4 watts (reduce intentional
radiator 1 dB for each 3dB antenna gain)
Antenna Variables to look for:

Manufacturer Antenna Data Sheets:

Read, understand, be skeptical
Specifications listed are for “ideal” conditions
(assume ½ coverage to be safe)

Frequency Band: match to technology

 ISM
 UNII

27
bands (802.11b/g, ~2.4 GHz)
bands (802.11a, ~5 GHz)
Size & Shape (aesthetics, indoors/outdoors)
Antenna Variables (cont.)


Beamwidth:

Width of RF-signal (in degrees)

Horizontal & Vertical
Antenna gain:

Ratings in dBi (dB “isotropic”)
Geometry of antenna re-shapes horizontal &
vertical radiation patterns (shortens or lengthens
distance waves are propagated)


28

6 dB Rule: each 6-dB gain doubles range
Cost (varies widely)
Antenna &
Cable Tips :

Think 3-Dimensionally



Free Space Path Loss:


29
“Outside In” Approach (contain signals in
desired area)
Coverage varies by antenna type
Broadening/weakening of RF-signal over
distance
Calculating: Path Loss=20Log10(4 pi d/lamda)
Antenna & Cable Tips
RF
Line-of-Sight (LOS):
Effected
Fresnel
by reflection, refraction, diffraction
Zone:
Ellipsoid-shaped
Trees,
More
areas around LOS path
hilltops, buildings, fog, etc.
than 20-40% blockage can create
performance problems.
30
Antenna & Cable Tips

Polarization:

Vertical: electric field perpendicular to ground

Horizontal: electric field parallel to ground

Access Points: most use vertical polarization

PCMCIA Cards: most are horizontally
polarized

Point-to-Point & Point-to-Multipoint Links:

31
Match polarization for best performance!
Antenna & Cable Tips

Voltage Standing Wave Ration (VSWR):

Mismatched Impedances reflect RF-signal (“return loss”)



Effects of high VSWR:




Unstable output power (i.e. RF-signal strength)
Lower than expected output power
Transmitter Failures (unless equip. protects against return loss)
Minimizing VSWR:



32
Wireless LMR cable is 50 Ohms
Cable TV cable (RG-6) is 75 Ohms
Impedance-match all componets
Insure all connectors are tight!
Outdoors: weatherproof all connections
Antenna & Cable Tips
Multi-path
Signal Degradation (from reflections):
Effects:
Down-fade, Up-fade, corruption, nulling
Avoid Reflective Surfaces:
Metal
objects: (filing cabinets, railings, I-Beams, lath, pipes,
ceilings, re-bar in concrete, etc.)
Bodies of Water, flat stretches of ground, etc.
Antenna
Diversity: multiple built-in antennas separated
by partial wavelength to solve multi-path problems
33
RF: Its all in the Antenna….
A.
B.
C.
D.
E.
F.
G.
34
Parabolic Grid Antennas
Radome-Enclosed Yagi Antennas
Omni Directional Antennas
Patch Antennas (Bow-Tie)
Planar Array Panel Antennas
Heavy-Duty Panel Antennas
Indoor Ceiling-Mount Antennas
A. Parabolic Grid Antennas


Reflector grid antenna designed for longrange operation (line of sight & <7 mile)
and can be configured for either vertical or
horizontal polarization. UCONN Story.
Know your “Beam Pattern” or “Coverage”


35
Horizontal/Vertical discussion
Resistant to “wind loading”
B. Radome-Enclosed
Yagi Antennas



36
Radome-enclosed yagi antennas combine high
gain and wide beamwidth in a compact package.
Solid aluminum boom and elements enclosed
within a white UV-inhibited radome for all-weather
operation
“Pringles-Can” / War Driver article…
C. Omni-Directional
10db / 14 db Antennas
37
D. Patch/Panel Antennas:


Patch antennas are suitable for indoor and
outdoor use. They are designed to be
compact and aesthetic.
Narrow and wide beam avail.



38
Point to Point vs. AP
“Bow-tie” beam pattern
Low Price, Large selection & excellent
performance!
E. & F. Planar Array Panel
Antennas:



39
Some models offer an
attractive solution
(aesthetics) for fixed
subscriber and base
station applications,
High performance
alternative to Yagistyle antennas
Indoor/Outdoor
G. Indoor Ceiling-Mount Antennas


40
Ceiling-mount
antennas are high
performance,
aesthetic and nearly
invisible against a
suspended ceiling
(Holocom Panel)
~3db gain
Antenna Placement:
Place antennas in accessible locations to
facilitate maintenance & replacement.


Rooftop Antennas:

Conform to local codes & facilities standards

Safety: grounding & “wind-loading”

Multiple antennas mounted on same tripod:

1 meter minimum separation
DU has not tested 802.11a & 802.11b antenna
proximity

41
Roof-top
Antenna
Practices cont:
42
In-Ceiling
Antenna
Practices
43
University of Denver
Wireless LANs
Outdoor Antenna Grounding Diagram
Antenna
(typ.)
Tri-pod/Mast
DU
Rooftop
Antenna
Practices
Legend
LMR
Grounding Kit
GK-S400
6 AWG Bare
Copper
LMR 400
COAX
Antenna_Ground
1"
Copper
Water
Pipe
Clamp
Edit Date: 5/28/02
Rev: 1.2
Filename:Wireless Install.vsd
Creator: cburnham
Company: DU = UTS/NS
Plywood Backboard
Power Strip
Pigtail
Wireless
AP
Surge
Arrestor
Copper Bus-Bar
Copper Bus-Bar
LMR-400
(In Flex-Tubing)
44
Surface J-Box
(use Caulking)
Power over Ethernet (PoE)



Cost Savings & Flexibility
Delivers power to AP over Cat5/5e/6
Few vendors producing 802.3af switch
or APs



Must use 3rd party products today
Power Injector: 1, 4, 6, 12-port models
Picker/Tap
Standalone or built-in to AP
 Match to equipment (non-standard – pins,
voltages, etc.)

45
Power over Ethernet (PoE) – Cont.

IEEE 802.3af “Future Standard”

“Adopted”, but not yet “ratified”


Expected Spring 2003
Standardizes pinout, voltages, current. etc.
48V DC / 15W power onto the Ethernet cable on
unused pins (4,5,7 & 8)
 Pre-standard products promise compliance (get in
writing from manufacturer!)
 Fault protection: If current reaches 400-450mA for
300-400 milliseconds, then the port shuts down

46
Enterprise Wireless Management



Monitoring, Upgrading, Reporting
Many features promised…vaporware
Orinoco (Proxim)




Cisco


47
WNA – Version 1.1
Lacks support for all devices – STILL!
DU: Still using “What’s Up Gold” for monitoring and alerts
CiscoWorks 2000 (LMS 2.0) supporting 350, 1200 and 1100
models.
Wireless LAN Solution Engine – “Appliance” for Cisco APs only
if don’t have CiscoWorks.
Wireless Network Documentation




48
Start with Proposal network diagrams
Build it out
Document all “as-builts
Facilitates maintenance & troubleshooting
49
50
DU: Future Wireless Networks

802.11g (2.4 GHz, up to 54 Mbps)


Orinoco AP-2000 supports a, b & g
Antenna Placement Remains the same for g

51
802.11a (5 GHz): Higher frequencies require more
antennas for same coverage
Standards Watch:

52
DU: Standards-based solutions only!
IEEE - 802.11a:


Uses 5 GHz Carrier Frequency (UNII Band)
6M–54M Bit /sec rates-up to 108 proprietary


Different Radio A.P. Design Criteria (4x rule):






53
Standard steps: 6,9,12,18,24,36,48,54
802.11b = ~250-300 Feet
802.11a = ~90 Feet
Harder to get through walls, furniture, etc..
PC Cards will use more power – (Laptops)
Products available today
Total Cost of Ownership increases!
IEEE - 802.11g:





54
Doubles bandwidth with same RF characteristics
– uses OFDM
Extends 802.11b (2.4 GHz ISM Band) to 54
Mbit/sec.
Intended to be backwards compatible w/
802.11b
Products expected Q1/Q2 2003
Intercil Chipset: several product announcements
today – no products shipping
IEEE 802.11i

Also known as Enhanced WEP




Applies to 802.11a / b / g
Temporal Key Integrity Protocol (TKIP)
AES (an iterated block cipher) and TKIP
backwards compatibility - replaces RC4.


55
(a.k.a. WEP2)
Ratification expected Q1 2003
Critical to Layer 2 Encryption standards
IEEE 802.11d:





56
“Regulatory domain update”
Defines what frequencies are legal and @
what power
AP would tell client
Not important in North America
Ratification expected in 2003
IEEE - 802.11e:

AKA Whitecap2 – Cirrus Logic


New standard proposal will add:





57
Earliest incarnation of IEEE 802.11e
QoS Features (multi-media, voice, etc.)
Applies to 802.11a, 802.11b, 802.11g
Major improvements in overall “channel
robustness”
Deals with adjacent subnets operating on
the same channel
Ratification expected Q1/Q2 2003
IEEE – 802.11f:

New standard proposal will add:


a "recommended practice" document
“Roaming” Interoperability between vendors:


58
Defines registration of access points within a
network and interchange of information
between access points when a user is handed
over from one access point to another.
Ratification expected Q1 2003
IEEE – 802.11h:
 New


59
standard proposal will add:
Supplementary standard to MAC layer
in order to comply with European
regulations for 5GHz WLANs.
Ratification expected Q2 2003?
IEEE – 802.15 (Bluetooth) PAN

802.15.1 - Shipping today!
 Bluetooth Spec written by equipment vendors endorsed by IEEE

802.15.2 - Shipping today!
 Avoids frequencies used by 802.11b & g
 Shares common MAC layer
802.15.3 – “Bluetooth on steroids”
 May utilize Ultra Wideband (UWB) technology - 400 Mbits/sec
 Backward Compatibility
 No specific details yet
802.15.4






60
Low Cost, Low Power Consumption
Low Data Rate (25kbps & 250 kbps)
64 Bit hardware address
Competes with RFID (Smartcards use today)
DU Training Recommendation

CWNP – Certified Wireless Network
Administrator – www.planet3.com




IEEE 802.11 compliant wireless networks
Vendor neutral
Approved by WLAN Association
4 Levels: Administrator, Security, Integrator
and Engineer

61
ISBN:0-9716057-2-6 (Admin Study)
Web Links:

APs / Antenna / COAX/ Analyzers, etc:


This Presentation:





62
http://netserv.du.edu/data/wireless_vendors.asp
WestNet Web site or
http://netserv.du.edu/data/presentations.asp
http://standards.ieee.org/
http://www.wi-fi.com/
http://www.wireless-integration.com
http://www.80211-planet.com