Blog posts related to general networking and IT infrastructure related updates.
This blogpost focuses on using ExtremeCloudIQ from Extreme Networks. The portal is quite a user friendly and has some built-in capabilities which can help troubleshoot day to day problems with Wireless. Let's take a look.
The good thing about Extreme Cloud IQ is you can see Real-Time & Historical client information of their connections. This does help to find out which AP was/is the client associated with, the SNR and check other stats like roaming, DHCP, DNS. You can navigate to this by clicking on Manage > Clients
You can drill down by searching for the client using IP Address / Mac Address / Device Host Name
After clicking on the client you can see the current connection status on the right hand side with regards to VLAN/SSID/Radio/Channel. On the Top you can check the current AP associated. The page has lot of details about the client and more information can be drilled by changing the Time Range to Day/Week/Month depending on how far you want to analyse.
You can further scroll down to check the roaming patterns/time for the client and also check what apps it is using. I've found the Session Details section quite useful to check WiFi Health, Application Health and Client Radio Info etc.
From this screen one can navigate to CLIENT TOOLS which has an option for "Troubleshoot Now" which runs the client monitor and captures the events as they happen.
You can perform device level checks by Navigating to Manage > Devices - page. The list can be filtered based on the Locations/Device Types/Connection state/SSID etc..
You can run command line from this screen targeting to one/multiple devices to show relevant information like below.
Action > Advanced > CLI Access
There are lot of tools available on the portal which can help with the Wi-Fi analysis. This section can be navigated via Manage > Tools section
The Client Monitor is a good place to start looking at the network-wide issues for any Association/Authentication or Networking (DHCP/DNS) issues.
Packet Capture - Can easily perform AP radio interface level capture for analysis or requested by TAC for troubleshooting.
The Utilities tab opens up a whole lot of useful features. I've found a few ones to be really helpful.
- Locked Devices - Can be used to unlock devices that are locked due to failed authentication when using PPSK.
- Get Tech Data - instantaneously captures the Tech Data from AP, similar to the "show tech support" command. Useful to avoid sometimes having to scroll annoyingly for mins to capture the information.
- VLAN Probe - Useful to check the number of available IP addresses on a VLAN.
- Device Diagnostics - The section can open a range of commands which can be executed per/AP level to extract relevant information.
The Diagnosis tab show the captures executed on the devices and display their log information.
One of the key things to note from Aerohive/Extreme documentation that they provide good contextual info when navigating in a particular section or screen.
Examples like below
One of the shortest blogpost but lot can go on if you think about IoT.
This blogpost will focus on the configuration of QoS policies on Extreme Cloud IQ (Portal). Aiming to provide a real scenario which led to the implementation of QoS for an organisation. Before diving into this I cannot stress on the point that QoS solution will be successful only if it is implemented end to end. The QoS marking and policing if not honoured by the subsequent hops in the access <> distribution <> core.
The Need for QoS
The issues arise when packets do not get prioritisation and are either dropped or queued. The network transmission quality is determined by latency, jitter and packet loss. It becomes even more crucial with Wi-Fi being a shared and half-duplex medium it becomes all the more necessary to mark and prioritise the relevant traffic on the network. One may have 10Gbps internet or more but AP are often the bottlenecks in the network. With the adaptation of VoIP/Skype/Zoom and similar RTP/SIP applications, there is a need to make sure voice/video traffic get priority over other traffic. Moreover, Wireless networks and protocols are mostly designed for data services... so it is normally not possible “ just to drop” Rich Media on top and expect positive results.
Extreme Cloud IQ configuration
Let's start with looking at the Extreme Cloud IQ configuration.
QoS Classifier Maps > Classifier map is used to mark traffic with Extreme Network QoS classes by various QoS classification systems (802.1p/DiffServ/802.11e).
Incoming Traffic - AP prioritises and forwards the incoming traffic as determined by the mapped QoS level.
Outgoing Traffic - AP uses marker maps.
If you login and navigate to below for checking the first option of "Classifier Maps".
Configure > Network Policies > Edit "Policy Name" > Additional Settings > QoS Options
The incoming traffic is mapped based on the network/application service defined in the classifier map. In the above screenshot you can see LYNC, LYNC AUDIO and others set as VOICE and action being PERMIT.
MAC OUIs and SSIDs
I haven't used this in our config but one can choose to map traffic to classes based on either the source/destination MAC OUI in the packet or based on SSID
802.1p is a layer 2 prioritisation often described as Class of Service can be seen in the TCI field of the Ethernet frame. The 3 bits give 8 different classes as shown below. In my scenario I have used the DiffServ and 802.11e(WMM) for layer 3 QoS.
DiffServ is concerned with classifying packets as they enter the local network. This classification then applies to Flow of traffic where a Flow is defined by 5 elements; Source IP address, Destination IP, Source port, Destination port and the transport protocol. The DSCP QoS is retained end to end and one of the reason it is preferred more than 802.1p.
Before moving to 802.11e, let's get basics correct.
802.11 use collision avoidance mechanisms unlike collision detection for Ethernet. The DCF (Distributed Coordinated Function) algorithm is used for media access. Regardless of any clients on the medium, a 802.11 WLAN device will wait for a DCF interframe space and then begin the transmission. Once the DIFS is counted down to 0, a random backoff timer is generated if the medium is not free.
QoS is not possible with DCF alone and hence 802.11e was ratified. The EDCA (Enhanced Distributed Channel Access) included 4 queues(Background, Best Effort, Video, Voice), AIFS (ACs) and a range of contention windows (CWmin and CWmax). Two additional 802.11e enhancements included TxOP and Call Admission Control (CAC)
For outgoing traffic, one can define marker maps to map classes to priority numbers in standard classification systems (802.11e, 802.1p, and DiffServ). After defining classifier and marker maps, you then define classifier and marker profiles that enable one or more of the methods defined in the maps. Finally, you associate those profiles with SSIDs or interfaces to apply the mappings to traffic arriving at or exiting those interfaces.
Verifying if WMM QoS is working
The QoS Data Frame includes the QoS Control field which provides the information in the Priority field.
Adding Custom Application for QoS Categorisation
Navigated to > Configure > Application > Add Custom
Helpful links for more readingRead more link text
Planning Wireless Solution cover 30% of the exam syllabus.
This blog focusses on Cellular Networks (Overview and Understanding) - chapter 6.
CWISA exam does not require one to know in and out of cellular wireless networking. It only aims at making one able to make decisions required to select appropriate cellular network when designing and maintaining wireless networks. So this chapter will focus on the same and relevant only to the CWISA exam requirements.
First Mobile Phone: Motorola DynaTAC 8000x - 1983, Huge and power intensive.
According to research in 2019 more than 5 billion people have mobile phone and over 65% of them own a smart phone. I think the trend will only go up and only come down after it is replaced by the next-gen technology.
As discussed earlier, CWISA exam does not aim at intending us to help us deploy cell tower radios or configuring core cellular networks. Cell-based coverage plan is used by the cellular networks. Communications across the network function through base station transceivers communicating with local base station controller at the cell site. The base station controller connect back to a mobile switching center via wired/wireless connection
Each cell site can service multiple carriers. It can provide range of services ranging from Voice, SMS, Locationing (GPS based locationing) and Data (internet access). The Data service plays a crucial role in enablement of IoT cellular deployments.
LTE / 4G
Long Term Evolution is a next step before 5G and also known as 4G. The original 4G was established in Release 10 from the 3GPP organisation. Between 4G and 5G are Release 11, 12, 13 and 14 which provide enhancement to 4G networks. Careful planning must be done in selection of devices based on their compatibility with the technology, usually mobile devices which use LTE (4G) have fallback capability to use 3G. In years to come when 3G is phased out, the fallback option will be gone too. Same is applicable in case of 5G enabled devices. Narrowband IoT (NB-IoT) is used in Release 13 for the 4G standards.
Frequency Bands - More than 50 different frequency bands (in MHz) are used in LTE/4G deployments. The exam does not require one to memorise all the bands but should know which bands are available in their regulatory domain.
Modulation Methods - ODFM is used in general LTE/4G technology. OFDMA is used in downlink communication, and single carrier FDMA (SC-FDMA) is used in uplink communication. Each subcarrier in LTE uses QPSK/16-QAM or 64-QAM.
QPSK - 2 bits per symbol, 28000 bits per/sec
16-QAM - 4 bits per symbol, 56000 bits per/sec
64-QAM - 6 bits per symbol, 84000 bits per/sec
Devices - Primary consideration for mobile devices, backup links for uplink devices like Routers/Firewall etc. Many WBAN (Wireless Body Area Network) connect via Bluetooth to gain access to the cellular network. 5G evolution which means not 5G yet but LTE-A (advanced) offer 1Gpbs/500Mbps uplink and download speeds respectively.
Still based on 4G/LTE model with OFDM as the primary modulation scheme. 5G can also support frequency bands above 6GHz, Ultra low latency at under 1 ms, Higher data rates are some of the enhancements.
Frequency bands - These vary by the regulatory domain one is in. https://www.cablefree.net/wirelesstechnology/4glte/5g-frequency-bands-lte/ - Phase one of 5G rollouts focuses on the uses of existing bands of 4G/LTE. Phase two will begin to explore the mmWave bands.
Modulation methods - Similar to LTE/4G, however it adds support for BPSK and 256-QAM as well.
BPSK - 1 bit per symbol
256-QAM - 8 bits per symbol
The ultimate goal of 5G is a max downlink of 20 Gbps and uplink speed of 10 Gbps with 100Mbps/Downlink, 50Mbps uplink at the cell edges.
Cellular - Service Provider Network - General user case scenario where service provider network used. Some areas tend to have better cellular coverage than other.
Cellular - Private Network - A private LTE/5G cells can latch on to service provider network for backhaul or connect them to your own network. Private LTE uses unlicenced frequency bands (1.9GHz, 2.4GHz, 3.5GHz and 5GHz). The 2.4GHz and 5GHz are well known for their use in Wi-Fi networks. The 1.9GHz and 3.5GHz band are lesser known bands but may be used as well.
The CBRS Alliance is focused on promoting the use of LTE and 5G in the 3.5GHz Citizens Broadband Radio Service band. Band 48 is used by CBRS as defined by 3GPPP.Read more link text
I'd like to provide some tips and tricks to help one achieve the CWNP certification. The CWSP-206 Exam was revised in November 2019 from CWSP-205 with added topics on OWE/WPA3 and SAE and removing some older security concepts around pre-RSNA technologies like WEP.
The exam in itself is not as hard compared to CWAP. I'd still suggest guys to take CWAP exam before CWSP and CWDP. CWAP exam does provide a good base/foundation for the security concepts. Some concepts for 802.11 Discovery/ Secure Roaming are covered in CWAP. Some design concepts around security are covered in CWDP as well.
CWSP-206 tests on below area with %age allocation.
|Vulnerabilities, Threats, and Attacks||30%|
|WLAN Security Design and Architecture||45%|
|Security Lifecycle Management||15%|
If one focusses on the bulk areas of WLAN Security Design and Vulnerabilities/Threats and Attacks it will be able to cover 75% of the exam topics and thereby easily covering the passing marks 70% required for the exam. The Security Policy and Lifecycle Management mostly rely on your work experience or experience dealing with security in the real world/office environments. If one is up to date with how new security attacks like social engineering etc. are carried out and extensive use of smartphone/email in hacking the way into the network it can help achieve few easy wins in this exam.
With regards to WLAN Security Design familiarise yourself with below concepts to make sure you understand them in depth.
- 4 Way Handshake
- 802.11 EAP types
- Encryption types
- 802.11r Fast BSS Transition.
- Guest Access/Captive Portal/MDM
- Concepts of containerisation and segmentations.
- CVE/NVD concepts
- WLAN attacks
If you read my previous post about Chunk of CWSP-206, I've focussed on the areas which you should be focussing on for 45% of the exam requirements and some concepts in depth which can help with the exam.
When it comes to exam resources, work experience in network security will really benefit. Apart from that CWNP practice exam will be of great help. I have real the CWSP-205 and Exam PW0-204 CWSP book. Both of these books are not the recent ones but still cover up to 80%+ topics of this exam. You can buy CWSP-206 exam guide from CWNP.com for more exam-specific help. There are some video courses offered by INE but I haven't really used them to provide any feedback but should be helpful. All the best with your certification.Read more link text