Networks and IoT

Blog posts related to general networking and IT infrastructure related updates.

Troubleshooting Wi-Fi with ExtremeCloudIQ #Extreme #Aerohive

This blogpost focuses on using ExtremeCloudIQ from Extreme Networks. The portal is quite a user friendly and has some built-in capabilities which can help troubleshoot day to day problems with Wireless. Let's take a look.

Client Statistics

The good thing about Extreme Cloud IQ is you can see Real-Time & Historical client information of their connections. This does help to find out which AP was/is the client associated with, the SNR and check other stats like roaming, DHCP, DNS. You can navigate to this by clicking on Manage > Clients

ExtremeCIoud IQ 
MANAGE 
Devices 
Reports 
Clients 
users 
Inventory 
Events 
Alarms 
Security 
Applications 
Tools 
Services 
Pilot 
CONNECTION STATUS 
3 Online / O Offline 
Filters 
NO Applied Filters 
TOTAL APPS 
REAL TIME 
35 
HISTORICAL 
CLIENTS 5 
5 Connected Clients. 
USERS O 
Last updated at 2021-04-06 10:47:42 
Q 
OS TYPE 
Tizen OS 
ALARMS 
Defa. 
VLAN 
STATUS 
HEALTH 
O 
O 
O 
O 
O 
CONNECTION 
TYPE 
WIRELESS 
WIRELESS 
WIRELESS 
WIRELESS 
WIRELESS 
HOST NAME 
LGwebOSTV 
nupur 
Chromecast 
Google-Nes„_ 
snifferpc 
CONNECTION 
STATUS 
CONNECTED 
CONNECTED 
CONNECTED 
CONNECTED 
CONNECTED 
IPV4 
19216B_1S2 
MAC 
USER NAME 
My Saved Filters 
SAVE 
NO Saved Filters 
Filter By 
Devices 
Locations 
Search Locations 
-D 
ALL IS WELL 
AUCKLAND 
Device Function 
Access Point 
Clients 
OS Types 
Android 
Apple iOS 
Android 
Android 
Windows...

You can drill down by searching for the client using IP Address / Mac Address / Device Host Name

Client 
LGwebOSTV 
LGwebOSTV

After clicking on the client you can see the current connection status on the right hand side with regards to VLAN/SSID/Radio/Channel. On the Top you can check the current AP associated. The page has lot of details about the client and more information can be drilled by changing the Time Range to Day/Week/Month depending on how far you want to analyse.

ExtremeCloud IQ 
LGwebOSTV 
VLAN: 1 
CURRENT CONNECTION STATUS 
1.6 KB 
0.8 KB 
10:55 
13:25 
15:55 
20:55 
23:25 
01:55 
LGwebOSTV 
192.168.1.92 
Time Range: 
WAR-XTREME-APOI 
Node Type: AP 
IP Address: 192.168.1.163 
Hostname: WAR-XTREME-APOI 
Day 
Hours 
Internet 
24 Hours 
OS TYPE 
Tizen OS 
IP ADDRESS 
192.168.1.92 
MAC ADDRESS 
6 
USER 
N/A 
CONNECTED TO WAR-XTREME- 
APO' 
6 Days 19 Hrs 48 Min... 
CAPTIVE WEB PORTAL 
Unused 
USER PROFILE 
default-profile 
SSI D 
Camper 5GHz 
RADIO 
802.11ac 5G 
CHANNEL 
100 
LOCATION 
Health score: 100 
Client Count: 1 
Native: 1 
Management: 1 
user Profile: 
Usage 
Usage (Click timeline 
Connectivity 
ge time range) 
18:25 
Top Session Vi... 
CLIENT TOOLS 
Noise Floor 
-20 dem 
-60 dem 
-100 dem 
04:25 
06:55 
Average RSSI 
09:25 
From 
04/05/2021 to 04/06/2021 
MOST USAGE TOP SESSION VIEW 
Selected Time 
Most Time Spent 
100% 
Most usage 
AR-XTREME-APO 
AP with most data sent and received 
Session Details > 
Total usage 
Session Start 
Session Duration 
Average RSSI 
Average SNR 
151.59 KB 
04/05/202110:55:56 
24 HRS 
-62 dam 
27 dB 
Compared to devices on this floor. 
Average RSS': -62 dBm 
Not enough data to show RSSI distribution

You can further scroll down to check the roaming patterns/time for the client and also check what apps it is using. I've found the Session Details section quite useful to check WiFi Health, Application Health and Client Radio Info etc.

Session Details v 
CLIENT HEALTH 
CLIENT RADIO INFO 
WiFi Health 
Application Health 
Supported Mode 
11b lla llg ling 
Spatial Streams 
100 
llna 
llac 
llax 
4 
Max Negotiated Data Rate 433.33 Mbps 
TX Speed 
27% 
292.50 Mb/s 
(72% success Rate) 
RX Speed 
20% 
390.00 Mb/s 
(38% success Rate) 
Channel 
Channel Width 
Radio profile 
80 MHz 
radio_ng 
_aco_21 
Average SNR 
Compared to devices on this floor. 
1 (13%) EXQllent.•6 (75%) 
WiFi Health 
Compared to devices on this floor. 
Supported Mode 
Compared to devices on JEETS->21 Lieutenant 
Lane

NETWORK USAGE 
Network Usage: (653.49 MB) Total Rx: 24.93 MB / Total rx: 628.56 MB 
O 
rx: 628.56 MB / Rx: 24.93 MB(default-profi1e) 
Max Negotiated Rate: 433.3 Mb's 
Linear Logarithmic 
User Profile 
SSID 
default-profile 
u 
100 K 
50K 
50K 
6.5 Mb, 
Top 10 Apps 
YOUTUBE: 13.58 MB (2.2%) 
52.0 Mb, 
TX Retries 
878 
23411 Mbs 
Rx Retries

From this screen one can navigate to CLIENT TOOLS which has an option for "Troubleshoot Now" which runs the client monitor and captures the events as they happen.

CLIENT TOOLS 
Troubleshoot Now 
VLAN Probe 
x 
28S6 MB

Device Checks

You can perform device level checks by Navigating to Manage > Devices - page. The list can be filtered based on the Locations/Device Types/Connection state/SSID etc..

You can run command line from this screen targeting to one/multiple devices to show relevant information like below.

Action > Advanced > CLI Access

CLI access to Extreme Networks devices 
Add Oovico 
JEET-XTREME-APOI 
JEET-XTREME-APOI 
show acsp neigh 
JEET-XTREME-AP02 
Show Sta 
Chan:channel number; Pow=Power in dB:n; 
mode; Cipher=Encryption mode; 
time; Auth—Authenti cated; 
UPID=User profile Identifier; 
Ifname=wifiO.I 
Mac Addr 
Ifname=wifil.l 
Mac Addr 
Ifname=wifiO . 2 
Mac Addr 
Ifname=wifiO.3 
Mac Addr 
Ifname=wifil . 2 
Mac Addr 
If index—I g, 
IP Addr 
If index—21, 
IP Addr 
If index—22, 
IP Addr 
If index—23, 
IP Addr 
If index—24, 
IP Addr 
SSID-HRIDHAAN SAE: 
Chan Tx Rafe Rx 
SSID-HRIDHAAN SAE: 
Chan Tx Rafe Rx 
SSI DeHRIDHAAN2 . 4: 
Chan Tx Rate Rx 
SSI 
Chan Tx Rate Rx 
SSI DeHRIDHAAN2 . 4: 
Chan Tx Rate Rx 
mode ; 
Rat e 
Rat e 
Rat e 
Rat e 
Rat e 
Pow (SNR) 
Pow (SNR) 
Pow (SNR) 
Pow (SNR) 
Pow (SNR) 
APPLY 
A—Mode 
A—Mode 
A—Mode 
A—Mode 
A—Mode

Tools

There are lot of tools available on the portal which can help with the Wi-Fi analysis. This section can be navigated via Manage > Tools section

The Client Monitor is a good place to start looking at the network-wide issues for any Association/Authentication or Networking (DHCP/DNS) issues.

Client Monitor: Issue List 
133 
1410 
Unique Clients experiencing issues: 
Association 
20:00 
o 
Authentication 
6 Apr 
Show user Sessions 
Extreme 
user 
Networks 
Profile 
Device 
default- 
profile 
02:00 
Location 
10 
Time Range: 
Networking 
Day 
08:00 
1 Hour 
4 Hours 
1010 
8 Hours 
24 Hours 
4 
Showing All Issues from Tue (Apr 6, 2021) 11:17 to Tue (Apr 6, 2021) 12:19 
TROUBLESHOOT SELECTED 
Status 
o 
o 
TROUBLESHOOT ANY CLIENT 
ISSUE TYPE 
TAKE ACTION 
ISSUE STATUS 
DOWNLOAD 
Client Host Name 
Client MAC 
Issue Type 
Authenticatio 
Authenticatio 
Authenticatio 
Authenticatio 
Summary 
PPSK Rejected 
by Guest 
Access 
PPSK Rejected 
by Guest 
Access 
RADIUS server 
Reject 
PPSK Rejected 
by Guest 
Access 
Detected On 
2021-04-06 12:18:48 
2021-04-06 12:13:11 
From 2021-04-06 - to 
2021-04-06 12:11:47 
From 2021-04-06 - 
to 2021-04-06

Packet Capture - Can easily perform AP radio interface level capture for analysis or requested by TAC for troubleshooting.

Client Monitor 
Diagnosis 
utilities 
Remote Packet Capture 
Packet Capture 
START 
Location 
Access Point 
Interface 
Duration 
(1 - 300) 
Packet Count per 
Interface 
(1 - 10000) 
Download Location 
AUCKLAND 
AHMAR 
1 Liberation Road 
21 Lieutenant Lane 
JEET-XTREME-AP02 
JEET-XTREME-APOI 
WiFi1 
30 
2000 
seconds 
C) CloudShark 
@ Local

The Utilities tab opens up a whole lot of useful features. I've found a few ones to be really helpful.

Client Monitor Diagnosis 
Get Tech Data 
Enter Hostname. MAC Add 
STATUS 
000 
000 
000 
HOST 
WAR- 
'EET 
JEETé 
utilities Packet Capture 
Locked Devices 
Radius Test 
SSH Availability 
Device List 
Neighbor Info 
Locate Device 
Get Tech Data 
VI-AN Probe 
Device Diagnostics 
Device Client Information 
Client Information 
unbind Device

  1. Locked Devices - Can be used to unlock devices that are locked due to failed authentication when using PPSK.
  2. Get Tech Data - instantaneously captures the Tech Data from AP, similar to the "show tech support" command. Useful to avoid sometimes having to scroll annoyingly for mins to capture the information.
  3. VLAN Probe - Useful to check the number of available IP addresses on a VLAN.
  4. Device Diagnostics - The section can open a range of commands which can be executed per/AP level to extract relevant information.

Device Diagnostics 
STATUS 
000 
000 
000 
HOST 
WAR 
'EET 
'EET 
DIAGNOSTICS 
Ping 
Show Log 
Show Version 
Show Running Config 
Show Startup Config 
Show IP Routes 
Show MAC Routes 
Show ARP cache 
Show Roaming Cache 
Show DNXP Neighbors 
Show DNXP cache 
Show AMRP Tunnel 
Show GRE Tunnel 
Show IKE Event 
Show IKE SA 
Show IPsec SA 
Show IPsec Tunnel 
Show cpu 
Show Memory 
ELL 
ELL

The Diagnosis tab show the captures executed on the devices and display their log information.

One of the key things to note from Aerohive/Extreme documentation that they provide good contextual info when navigating in a particular section or screen.

Examples like below

https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/troubleshoot/using-client-monitor.htm
https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/devices/viewing-the-device-list.htm

Read more link text

IoT Basics - MindMap #CWISA #CWSA #IoT

One of the shortest blogpost but lot can go on if you think about IoT.

Read more link text

The need for QoS, configuration on Extreme Aerohive

Introduction

ΝΟΤ 
ENABlt ρος

This blogpost will focus on the configuration of QoS policies on Extreme Cloud IQ (Portal). Aiming to provide a real scenario which led to the implementation of QoS for an organisation. Before diving into this I cannot stress on the point that QoS solution will be successful only if it is implemented end to end. The QoS marking and policing if not honoured by the subsequent hops in the access <> distribution  <> core.

The Need for QoS

The issues arise when packets do not get prioritisation and are either dropped or queued. The network transmission quality is determined by latency, jitter and packet loss.  It becomes even more crucial with Wi-Fi being a shared and half-duplex medium it becomes all the more necessary to mark and prioritise the relevant traffic on the network. One may have 10Gbps internet or more but AP are often the bottlenecks in the network. With the adaptation of VoIP/Skype/Zoom and similar RTP/SIP applications, there is a need to make sure voice/video traffic get priority over other traffic. Moreover, Wireless networks and protocols are mostly designed for data services... so it is normally not possible “ just to drop” Rich Media on top and expect positive results.

Extreme Cloud IQ configuration

Let's start with looking at the Extreme Cloud IQ configuration.

Classifier Maps

QoS Classifier Maps > Classifier map is used to mark traffic with Extreme Network QoS classes by various QoS classification systems (802.1p/DiffServ/802.11e).

Incoming Traffic - AP prioritises and forwards the incoming traffic as determined by the mapped QoS level.

Outgoing Traffic - AP uses marker maps.

If you login and navigate to below for checking the first option of "Classifier Maps".

Configure > Network Policies >  Edit "Policy Name" > Additional Settings > QoS Options

ExtremeCIoud IQ Pilot 
Classifier Maps 
WIRELESS NETWORKS 
O 
O 
Network Policies 
POLICY DETAILS 
MANAGEMENT SERVER 
POLICY SETTINGS 
NETWORK SERVICES 
GOS OPTIONS 
Classifier Maps 
Marker Maps 
QoS Overview 
SECURITY 
DEVICE TEMPLATES 
Classifier Maps 
ROUTER SETTINGS 
ADDITIONAL SETTINGS 
DEPLOY POLICY 
Please note that Classifier Maps are only supported by IQ Engine devices and will not take effect on other devices. 
Classifier Maps 
Maps anonymous incoming traffic into the Extreme Networks 
classification system. Traffic classification can be performed based on 
following criteria. 
Re-use Classifier Maps Settings 
(Pick existing settings) 
Name • 
Description 
SERVICES 
Services 
LYNC 
LYNC AUDIO 
LYNC CONTROL 
SKYPE VOICE 
FACETIME 
MAC ouls 
Classifier-Map 
SSIDs 
802.1p/Diffserv/802.11e 
aos Class 
VOICE 
VOICE 
VOICE 
VOICE 
VIDEO 
Action 
PERMIT 
PERMIT 
PERMIT 
PERMIT 
PERMIT

The incoming traffic is mapped based on the network/application service defined in the classifier map. In the above screenshot you can see LYNC, LYNC AUDIO and others set as VOICE and action being PERMIT.

MAC OUIs and SSIDs

I haven't used this in our config but one can choose to map traffic to classes based on either the source/destination MAC OUI in the packet or based on SSID

Add MAC OUI 
MAC OUI 
Gos Class 
Action 
Logging 
Apple-iPhone 
Background 
permit 
Enable

Add SSID 
SSID 
oos Class 
ssidO 
Voice

802.1p/DiffServ/802.11e

802.1p is a layer 2 prioritisation often described as Class of Service can be seen in the TCI field of the Ethernet frame. The 3 bits give 8 different classes as shown below. In my scenario I have used the DiffServ and 802.11e(WMM) for layer 3 QoS.

Name 
Description 
SERVICES 
56-63 
48-55 
40-47 
32-39 
00-07 
MAC OUIs 
Classifier-Map 
SSIDs 
802.1p/DiffServ/802.11e 
OFF 
802.1p 
7 
6 
5 
4 
3 
O 
2 
802.1p 
QoS Class 
Network Control 
Voice 
Video 
Controlled Load 
Excellent Effort 
Best Effort 1 
Best Effort 2 
Background 
ON 
DiffServ 
24-31 
16-23 
08-15 
DiffServ 
QoS Class 
Best Effort 1 
Network Control 
Voice 
Video 
Controlled Load 
Best Effort 1 
Excellent Effort 
Best Effort 2 
ON 
802.11e 
7 
6 
5 
4 
3 
O 
2 
802.11e 
QoS Class 
Network Control 
Voice 
Video 
Controlled Load 
Excellent Effort 
Best Effort 1 
Best Effort 2 
Background

DiffServ is concerned with classifying packets as they enter the local network. This classification then applies to Flow of traffic where a Flow is defined by 5 elements; Source IP address, Destination IP, Source port, Destination port and the transport protocol. The DSCP QoS  is retained end to end and one of the reason it is preferred more than 802.1p.

Before moving to 802.11e, let's get basics correct.

802.11 use collision avoidance mechanisms unlike collision detection for Ethernet. The DCF (Distributed Coordinated Function) algorithm is used for media access. Regardless of any clients on the medium, a 802.11 WLAN device will wait for a DCF interframe space and then begin the transmission. Once the DIFS is counted down to 0, a random backoff timer is generated if the medium is not free.

Wait Until Medium is Free 
Count Down the DIFS & 
keep listening to medium 
Is the Medium Still Free? 
No 
Generate a random 
backoff value between 0 
and CWmin 
The DCF 
Decision Process 
Continually listen to 
medium to ensure it 
is quiet 
Yes 
Transmit the 
Frame 
Done 
Was an ACK 
received? (i.e. 
confirm there was 
no collision) 
Decrement the CW value to zero. 
If another station begins to 
transmit, defer until it is done, then 
wait another DIFS period before 
counting down the CW 
Double the previous 
cw. 
Choose 
a new random number between 
zero and the new CW, up to a 
maximum of CWmax

QoS is not possible with DCF alone and hence 802.11e was ratified. The EDCA (Enhanced Distributed Channel Access) included 4 queues(Background, Best Effort, Video, Voice), AIFS (ACs) and a range of contention windows (CWmin and CWmax). Two additional 802.11e enhancements included TxOP and Call Admission Control (CAC)

EDCA 1 WMM AC 
Legacy DCF 
Voice 
Video 
Best Effort 
Background 
AIFS Number 
DIES > 2 
2 
2 
3 
7 
CWmin 
15 
3 
7 
15 
15 
CWmax 
1023 
7 
15 
1023 
1023

QoS Classification and Marking: Mapping External Systems to Aerohive Classes 
56-63 
56 - 63 
48-55 
48 - 55 
40 - 47 
40 - 47 
32-39 
32 - 39 
24 • 31 
24-31 
16 - 23 
16 - 23 
8-15 
8-15 
For traffc traversing its wifi interfaces, the HiveAP 
maps Aerohive classes to IEEE 802. Ile tramc classes 
(defined in the wireless frame header) or to DSCP 
values (defined in the layer-3 packet header). 
For traffc traversing its Ethernet interface, the HiveAP 
maps Aerohive classes to 802.1 p traffic classes 
(defined in the layer-2 frame header) or to DSCP 
values (defined in the layer-3 packet header). 
Wireless 
Network 
802.11e Traffic Class 
7 
6 
5 
4 
3 
wifiO. 1 
DSCP Value 
Inbound Outbound 
56 
48 
32 
24 
16 
8 
ethO 
802.1p Traffic Class 
7 
6 
5 
4 
3 
2 
1 
Ethernet 
Network 
DSCP Value 
Inbound Outbound 
HiveAP 
erohive Clas 
7 
6 
5 
4 
3 
2 
2 
1 
802.11e 
Wire L2 
Header 
DSCP 
L3 
Header 
Default mappings of the Aerohive 
class system to standard OOS 
classification systems 
Data 
802.1p 
Wired L2 
Header 
DSCP 
Header 
56 
48 
40 
32 
24 
16 
8 
Data

Marker Maps

For outgoing traffic, one can define marker maps to map classes to priority numbers in standard classification systems (802.11e, 802.1p, and DiffServ). After defining classifier and marker maps, you then define classifier and marker profiles that enable one or more of the methods defined in the maps. Finally, you associate those profiles with SSIDs or interfaces to apply the mappings to traffic arriving at or exiting those interfaces.

Name * 
Description 
802.1p 
DiffServ 
QoS Class 
7 - Network Control 
6 - Voice 
5 - Video 
4 - Controlled Load 
3 - Excellent Effort 
2 - Best Effort 1 
1 - Best Effort 2 
O - Background 
DiffServ 
ON 
Marker-Map 
note: If both 802.1p and DiffServ are selected only DiffServ will take effect 
WMM Queue 
Voice 
Voice 
Video 
Video 
Best Effort 
Best Effort 
Background 
Background 
DiffServ Code Points 
48 
46 
34 
26 
18 
O 
10 
8

Verifying if WMM QoS is working

The QoS Data Frame includes the QoS Control field which provides the information in the Priority field.

Frame check sequence: øx412667cb [unverified] 
(FCS Status: Unverified] 
Qos control: øxeoø6 
0110 = TID: 6 
. .110 = Priority: Voice (Voice) 
. — QoS bit 4: Bits 8—15 of QoS Control field are TXOP Duration Requested 
. = Ack Policy: Normat Ack (øxø) 
. = Payload Type: MSDU 
= TXOP Duration Requested: e (no TXOP requested) 
CCMP pa rameters 
ccmp Ext. Initialization vector: øxøeeøøøee315F 
Key Index: ø 
Data (64 bytes) 
Data: 1968135a7bec2dfd1ø24aee916d562ac3d3ccd3f2d359f914978d8b2cf6872ed8ø6e39c8„. 
[Length: 64] 
IEEE 8ø2.11 Qos Data, Flags: .p.....TC 
Type/Subtype: Qos Data (øxoø28) 
Frame Control Field: ex8841 
. .øø = Version: 0 
eøøø eøøø 
løøø 
Flags: 
= Type: Data frame (2) 
= Subtype: 8 
øx41 
. ..øl = DS status: Frame from STA to DS via an AP (To DS: 
= More Fragments: This is the last fragment 
Retry: Frame is not being retransmitted 
= PWR MGT: STA witt stay up 
. = More Data: No data buffered 
. = Protected flag: Data is protected 
. = Order flag: Not strictly ordered 
1 From DS: e) 
(øxl) 
.øøø eøøø eø11 eeøø = Duration: 48 microseconds 
Receiver address: ExtremeN_3b: 81:54 3b:81: 54) 
Transmitter address: HuiZhouG_b7:2c:a3 (d4:ab: cd:b7:2c:a3) 
Destination address: WistronN_d3:3c:57 (44:e4:ee:d3:3c:57) 
Source address: HuiZhouG_b7:2c:a3 (d4:ab: 
BSS Id: 
STA address: HuiZhouG_b7:2c:a3 (d4:ab: :a3) 
Fragment number: ø 
. eeøø = 
1110 0110 eøll 
= Sequence number: 3683

Adding Custom Application for QoS Categorisation

Navigated to > Configure > Application > Add Custom

Helpful links for more reading

http://www.rhyshaden.com/qos.htm

https://techhub.hpe.com/eginfolib/networking/docs/switches/RA/15-18/5998-8155_ra-2620_atmg/content/ch04s04.html

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/vowlan/41dg/vowlan41dg-book/vowlan_ch2.html

https://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-classifier-maps.htm

https://docs.microsoft.com/en-us/microsoftteams/qos-in-teams

Read more link text

CWISA - Cellular Networks #CWSA #IoT #LTE #CWNP

Planning Wireless Solution cover 30% of the exam syllabus.

This blog focusses on Cellular Networks (Overview and Understanding) - chapter 6.

CWISA exam does not require one to know in and out of cellular wireless networking. It only aims at making one able to make decisions required to select appropriate cellular network when designing and maintaining wireless networks. So this chapter will focus on the same and relevant only to the CWISA exam requirements.

First Mobile Phone: Motorola DynaTAC 8000x - 1983, Huge and power intensive.

According to research in 2019 more than 5 billion people have mobile phone and over 65% of them own a smart phone. I think the trend will only go up and only come down after it is replaced by the next-gen technology.

4 Cell Phone Generations Compared 
SMS Switching Switching 
3G 
GSM, CDUA. EDGE, GPRS 
UTMS, CDhA2000, HSPDA. EVDO 
LTE Advanced, IEEE 802.16 (WiMax) 
Analog 
Digital 
Digital 
No 
Circuit 
Data Rates 
236.8 kbps 
384 kbps 
Gbps

As discussed earlier, CWISA exam does not aim at intending us to help us deploy cell tower radios or configuring core cellular networks. Cell-based coverage plan is used by the cellular networks. Communications across the network function through base station transceivers communicating with local base station controller at the cell site. The base station controller connect back to a mobile switching center via wired/wireless connection

Each cell site can service multiple carriers. It can provide range of services ranging from Voice, SMS, Locationing (GPS based locationing) and Data (internet access).  The Data service plays a crucial role in enablement of IoT cellular deployments.

LTE / 4G

Long Term Evolution is a next step before 5G and also known as 4G. The original 4G was established in Release 10 from the 3GPP organisation. Between 4G and 5G are Release 11, 12, 13 and 14 which provide enhancement to 4G networks. Careful planning must be done in selection of devices based on their compatibility with the technology, usually mobile devices which use LTE (4G) have fallback capability to use 3G. In years to come when 3G is phased out, the fallback option will be gone too. Same is applicable in case of 5G enabled devices. Narrowband IoT (NB-IoT) is used in Release 13 for the 4G standards.

Frequency Bands - More than 50 different frequency bands (in MHz) are used in LTE/4G deployments. The exam does not require one to memorise all the bands but should know which bands are available in their regulatory domain.

Modulation Methods - ODFM is used in general LTE/4G technology. OFDMA is used in downlink communication, and single carrier FDMA (SC-FDMA) is used in uplink communication. Each subcarrier in LTE uses QPSK/16-QAM or 64-QAM.

QPSK - 2 bits per symbol, 28000 bits per/sec
16-QAM - 4 bits per symbol, 56000 bits per/sec
64-QAM - 6 bits per symbol, 84000 bits per/sec

Devices - Primary consideration for mobile devices, backup links for uplink devices like Routers/Firewall etc. Many WBAN (Wireless Body Area Network) connect via Bluetooth to gain access to the cellular network. 5G evolution which means not 5G yet but LTE-A (advanced) offer 1Gpbs/500Mbps uplink and download speeds respectively.

5G

Still based on 4G/LTE model with OFDM as the primary modulation scheme. 5G can also support frequency bands above 6GHz, Ultra low latency at under 1 ms, Higher data rates are some of the enhancements.

Frequency bands - These vary by the regulatory domain one is in. https://www.cablefree.net/wirelesstechnology/4glte/5g-frequency-bands-lte/ -  Phase one of 5G rollouts focuses on the uses of existing bands of 4G/LTE. Phase two will begin to explore the mmWave bands.

Modulation methods - Similar to LTE/4G, however it adds support for BPSK and 256-QAM as well.

BPSK - 1 bit per symbol
256-QAM - 8 bits per symbol

The ultimate goal of 5G is a max downlink of 20 Gbps and uplink speed of 10 Gbps with 100Mbps/Downlink, 50Mbps uplink at the cell edges.

Cellular - Service Provider Network - General user case scenario where service provider network used. Some areas tend to have better cellular coverage than other.

Cellular - Private Network - A private LTE/5G cells can latch on to service provider network for backhaul or connect them to your own network. Private LTE uses unlicenced frequency bands (1.9GHz, 2.4GHz, 3.5GHz and 5GHz). The 2.4GHz and 5GHz are well known for their use in Wi-Fi networks. The 1.9GHz and 3.5GHz band are lesser known bands but may be used as well.

The CBRS Alliance is focused on promoting the use of LTE and 5G in the 3.5GHz Citizens Broadband Radio Service band. Band 48 is used by CBRS as defined by 3GPPP.

Read more link text

CWSP-206 Exam Feedback

I'd like to provide some tips and tricks to help one achieve the CWNP certification. The CWSP-206 Exam was revised in November 2019 from CWSP-205 with added topics on OWE/WPA3 and SAE and removing some older security concepts around pre-RSNA technologies like WEP.

The exam in itself is not as hard compared to CWAP. I'd still suggest guys to take CWAP exam before CWSP and CWDP. CWAP exam does provide a good base/foundation for the security concepts. Some concepts for 802.11 Discovery/ Secure Roaming are covered in CWAP. Some design concepts around security are covered in CWDP as well.

CWSP-206 tests on below area with %age allocation.

 Knowledge Domain  Percentage 
Security Policy  10% 
Vulnerabilities, Threats, and Attacks  30% 
WLAN Security Design and Architecture  45% 
Security Lifecycle Management  15% 

If one focusses on the bulk areas of WLAN Security Design and Vulnerabilities/Threats and Attacks it will be able to cover 75% of the exam topics and thereby easily covering the passing marks 70% required for the exam. The Security Policy and Lifecycle Management mostly rely on your work experience or experience dealing with security in the real world/office environments. If one is up to date with how new security attacks like social engineering etc. are carried out and extensive use of smartphone/email in hacking the way into the network it can help achieve few easy wins in this exam.

With regards to WLAN Security Design familiarise yourself with below concepts to make sure you understand them in depth.

  • 4 Way Handshake
  • 802.11 EAP types
  • Encryption types
  • 802.11r Fast BSS Transition.
  • Guest Access/Captive Portal/MDM
  • Concepts of containerisation and segmentations.
  • CVE/NVD concepts
  • WLAN attacks

If you read my previous post about Chunk of CWSP-206, I've focussed on the areas which you should be focussing on for 45% of the exam requirements and some concepts in depth which can help with the exam.

When it comes to exam resources, work experience in network security will really benefit. Apart from that CWNP practice exam will be of great help. I have real the CWSP-205 and Exam PW0-204 CWSP book. Both of these books are not the recent ones but still cover up to 80%+ topics of this exam. You can buy CWSP-206 exam guide from CWNP.com for more exam-specific help. There are some video courses offered by INE but I haven't really used them to provide any feedback but should be helpful. All the best with your certification.

Read more link text

Design by ThemesDNA.com