Recently I spent a great deal of time recording content for a CCIE Wireless Written Video On Demand series for IPexpert. I took the Cisco CCIE Wireless blueprint v1.0 and fleshed it out into a series of power-points and accompanying audio information to provide the backbone of information for passing the CCIE Wireless written exam. The total running time is just over 11 hours - and in the course of the content, I explain my rules of thumb and best practices for basically everything I do as a wireless engineer. I wanted this content to stand on its own as a reference source for a wireless engineer, and not just a series of videos strictly to help you pass the CCIE Wireless written exam. I feel this is especially important because of the ongoing changes Cisco will always be making to the CCIE Wireless blueprint for both the written and the lab exams.
I hope that the content ends up being deemed useful by the wireless community at large. I put lots of time into it, and tried to make sure it wasn't dreadfully boring or just me reading the text on the power point slides. Samples of the content are available on the IPexpert website if you're interested. I look forward to any and all feedback!
Thursday, July 21, 2011
Friday, July 1, 2011
The History of Wireless Part One
The very first 802.11 wireless networking standard was ratified in 1997. These first wireless networks were very slow, and barely usable. Early 802.11 used FHSS modulation and could only achieve speeds of 1 and 2Mb. It wasn't until 1999 when 802.11b was ratified that wireless networking began to really catch on and speed up. Around the same time, 802.11a access points were available and could support wireless speeds of up to 54Mbps, but 802.11a didn't catch on with enterprise customers or home users since it was more expensive, and there weren't nearly as many client devices that supported the 802.11a (5GHz) frequencies. This pattern of wireless adoption leaning towards 2.4GHz continued on for many years.
In 1999 you could only hope for 2.4GHz wireless speeds of a theoretical 11Mb, but more like 5.5 actual throughput due to the half-duplex nature of wireless technology. The DSSS data rates supported speeds of 1Mb, 2Mb, 5.5Mb and 11Mb. When OFDM for 2.4GHz was released in 2003 the additional data rates of 6, 9, 12, 18, 24, 36, 48, 54 became available in the 2.4GHz frequency. Four years earlier 802.11a had been able to support the same speeds, but there were simply more 802.11b/g client devices available.
With the ratification of 802.11n finally happening in 2009, the 2.4GH frequencies are now capable of the additional speeds when using 20Mhz wide channels of 7.2, 14.4, 21.7, 28.9, 43.3, 57.8, 65 and 72.2. The real speed increases of 802.11n can be realized when two channels are bonded together into a 40Mhz wide channel to double the theoretical throughput to speeds such as 15, 30, 45, 60, 90, 120, 135 and 150. Of course, there are still only three non-overlapping 2.4Ghz channels (1, 6, and 11) so bonding channels together in the 2.4GHz spectrum quickly leaves you with little room for a non-overlapping channel plan. Utilizing the 5GHz spectrum for 40Mhz channel bonding is the obvious choice. The 5GHz spectrum allows for at least 12 non-overlapping channels (depending on the country codes in use).
Early 1 & 2Mb wireless networks usually did not incorporate antenna diversity into the design, but even as early as 1999 access points were designed with antenna diversity capabilities. Antenna diversity is used to increase the odds that you receive a better signal on either of the antennas. This only becomes more important as you can see in 802.11n access points. MIMO (Multiple Input, Multiple Output) antennas are integral to achieving 802.11n wireless speeds.
Higher throughput via 802.11n is possible with mutiple antennas as well as access points that are capapble of sending multiple data streams. The number of spatial streams an access point is capable of supporting is represented by a X b : c. (a) represents the number of transmit antennas (b) is the number of receive antennas, and (c) is the maximum number of spatial streams the access point/radio can support. An access point identified as 3x3:2 has three antennas for transmitting, three for receiving and is capable of sending two concurrent spatial streams. It is possible to achieve data rates up to 600 Mbit/s with four spatial streams using a 40 MHz-wide channel. Of course this also now means you need to use a gigabit switch to connect your access points to the LAN or you're creating a potential network bottleneck at the switch port.
Friday, June 24, 2011
Switching from a Blackberry 9630 to an iPhone 4
I've had a Blackberry since the inception of the 950 Internet Edition. I made the switch to the iPhone 4 mostly because of the problems I've had with the BES server at my current job. Every 15 days or so, I'd stop receiving corporate email. The 'fix' was to delete & re-add my account to the BES server. I got tired of needing someone to do that, and figured now was as good a time as any to learn a new gadget.
As you may or may not know, I am not a Mac fanboy by any means. There are a few simple things I want from a phone/handheld computer and I'm finding that the iPhone is lacking in a few important areas IMO.
I'll make it simple & make a list.
(This list assumes that you're not jailbreaking your iPhone)
As you may or may not know, I am not a Mac fanboy by any means. There are a few simple things I want from a phone/handheld computer and I'm finding that the iPhone is lacking in a few important areas IMO.
I'll make it simple & make a list.
(This list assumes that you're not jailbreaking your iPhone)
- Customizing notifications between different email accounts is not currently possible. I'm told with the new OS release in the fall it will be possible. In the mean time, your only option to customize alert sounds is Boxcar.
- There is no way to change photo naming format without resorting to changing the phone region format to United Kingdom or some other such nonsense. Of course changing the phone region to United Kingdom also makes the phone numbers you dial look mighty strange if you're not used to international phone number formats.
- Single click dialing of conference call phone numbers is not supported natively. Of course there is a $5 app for that, but if you put the conference call number in the 'Notes' section of the conference call, you can do a single-click-to dial.
- For the iPhone format the number to dial like this (leave off the last 'pound' sign)
- tel://+ 1-123-456-7890ppp123456
- For the Blackberry format the number to dial like this:
- (123)456-7890!12345# (this string can be anywhere in the conference call info)
- Gmail push notifications didn't work smoothly out of the box until I followed these instructions to setup my Gmail account as an Exchange account.
- There isn't a red led indicator letting you know you've received a message if you weren't glued to your phone when the message came through. (no workaround)
- Battery life is pretty abysmal, but since this is a phone that is more like a personal computer, I expected that. Have your charger cables handy at all times!
- Name touch typing a contact's name to dial a contact - I miss this feature of the Blackberry. In the Blackberry phone you could type the name of the person you wanted to call instead of their number and the Blackberry would show the different phone numbers you had stored for them. It was really easy to choose a phone number and dial. Seems the only way to achieve this functionality is to - you guessed it - jailbreak the phone
Perhaps some of my gripes will indeed disappear with the new iOS 5 release in the fall. One can only hope.
Thursday, June 9, 2011
Performing Passive Site Surveys with AirMagnet Survey Pro and Ekahau Site Survey
I've had the good fortune to receive a fully functioning (albeit limited to 90 days) license for the Ekahau Site Survey application. This is thanks to @Etherealmind meeting up with Jussi Kiviniemi from Ekahau at Interop. Jussi was in the Metageek booth at Interop to help showcase the Ekahau software suite and how it has been integrated to work with Metageek software/hardware.
Thanks also to @SFoskett for recording the great video demonstration on the partnering between Ekahau & Metageek.
Starting off with what I know (because it is easier to explain what you already understand) I made a little video showing how I setup a map and perform a passive site survey of an existing wireless deployment. Naturally I'm expecting a similar functionality from the Ekahau Site Survey application. The only experience I have with the Ekahau application dates back to 2005 when I saw it used to do a passive survey of the hospital where I worked. I was not too impressed with the color charts used to represent the 'heatmap' of RF coverage. I thought that the color maps Ekahau used to show different areas of RF signal strength were not easy to understand, and showed the coverage with strange trapezoidal coverage boundaries.
I had to load a different driver for the Orinoco Proxim 8494 USB wireless card, but the Ekahau application had the drive it required as part of the installer. The installation was quick and painless, and then I had to set about figuring out an new site survey application. Starting a survey was pretty straight forward, but I did see that the survey data was collected quicker once I upped the 'wait time on channel' setting to scan quicker. There was a broadcasted SSID, so I was able to decrease the scan time and get survey data quicker as a result.
The things I don't know how to do with the Ekahau Site Survey application:
Show the SSIDs detected on the floor plan one SSID at a time
Show just the 802.11a or 802.11b/g coverage on the floor for each separate access point detected
Show only one data collection sample at a time. When I used the select/deselect options, the coverage map still showed on the floor plan. This might be because I still had the dropdown set to show the signal strength, but I can't be sure.
I did find the images from the site survey data from back in 2005. You can see what I was referring to regarding the coverage areas showing as large trapezoids. I think this must have been due to the team surveying not setting the granularity of their displayed data. Also I noticed that they didn't enter many of the patient rooms in order to gather RF data. When I'm doing a passive survey in a hospital, the only rooms I don't enter are the ones with the Isolation signage on the door.
Thanks also to @SFoskett for recording the great video demonstration on the partnering between Ekahau & Metageek.
I had to load a different driver for the Orinoco Proxim 8494 USB wireless card, but the Ekahau application had the drive it required as part of the installer. The installation was quick and painless, and then I had to set about figuring out an new site survey application. Starting a survey was pretty straight forward, but I did see that the survey data was collected quicker once I upped the 'wait time on channel' setting to scan quicker. There was a broadcasted SSID, so I was able to decrease the scan time and get survey data quicker as a result.
The things I don't know how to do with the Ekahau Site Survey application:
Show the SSIDs detected on the floor plan one SSID at a time
Show just the 802.11a or 802.11b/g coverage on the floor for each separate access point detected
Show only one data collection sample at a time. When I used the select/deselect options, the coverage map still showed on the floor plan. This might be because I still had the dropdown set to show the signal strength, but I can't be sure.
I did find the images from the site survey data from back in 2005. You can see what I was referring to regarding the coverage areas showing as large trapezoids. I think this must have been due to the team surveying not setting the granularity of their displayed data. Also I noticed that they didn't enter many of the patient rooms in order to gather RF data. When I'm doing a passive survey in a hospital, the only rooms I don't enter are the ones with the Isolation signage on the door.
Monday, April 18, 2011
Cisco WCS calibrating location tracking for wireless clients
I haven't had much luck using the linear calibration model, so I use the point calibration model instead. I configure my wireless card to operate as an 802.11a client for one set of point calibrations throughout the facility, then I configure it to operate as an 802.11b/g client (only) for the second pass at the calibration process.
I don't stop calibrating the floor area until I have covered the floor area with data points from one corner of the floor to the other. I don't know if this is necessary given the paragraph above, but the data collected across the floor area appears as "complete" to a customer reviewing the RF calibration.
Recently I did a full calibration of a 34,000 square foot facility. The deployment consisted of 11 3500i series CleanAir access points. The time to calibrate from beginning to end was approximately 4 hours. Two hours to calibrate for the 5GHz frequency, and two hours to make a second pass to calibrate for the 2.4GHz frequency. Each point calibration location sampling took at least two minutes to complete.
Neither of the design/configuration guides tells you exactly what you're supposed to do with the laptop when you're using the point collection model, unless you're really supposed to pirouette while holding the laptop. I tried to follow this example for the first calibration I did - it just ended up making me dizzy. Now I stand in one place and change the laptop orientation while changing the direction I'm facing. I've found that if I hold the laptop in the same orientation the data point collection fails quite often.
I made a video showing all the stages of the calibration process to help explain how the process is done, and the method I've used for collecting data points.
There are several important bits of information spread throughout the WCS 7.0 Configuration Guide and the Wi-Fi Location-Based Services 4.1 Design Guide. I will list them below.
The Wi-Fi Location-Based Services 4.1 Design Guide states:
"Due to an open caveat1 concerning the use of dual-band calibration clients and performing a location calibration data collection on both bands simultaneously, it is recommended that calibration data collection be performed for each band individually at this time. When using a dual-band client, use either of the following alternatives:
1.Perform the calibration data collection using a single laptop equipped with a Cisco Aironet 802.11a/b/g Wireless CardBus Adapter (AIR-CB21AG) on each band individually. For example, proceed to disable the 5 GHz band and complete the data collection using the 2.4 GHz band only. Then, disable the 2.4 GHz band and enable the 5 GHz band, and proceed to repeat the data collection using the 5 GHz band only.
2.Perform the calibration using two people and two laptops. Each laptop should have a Cisco AIR-CB21AG and be associated to the infrastructure using a different band. The two calibration operators may operate independently; there is no need for them to visit each data point together. In this way, a complete calibration data collection can be performed across both bands in half the amount of time as option #1 above."
and
"Temporarily disable Dynamic Transmit Power Control (DTPC) prior to conducting calibration data collection. DTPC must be disabled separately for each band using either the controller GUI, the controller CLI or WCS for each controller whose registered access points are expected to participate in calibration data collection. After calibration data collection has been performed, DTPC should be re-enabled for normal production operation.
Ensure that the WLAN to which your calibration client will associate is configured to support Aironet Information Elements (Aironet IE). Doing so will enable the use of unicast radio resource measurement requests during calibration data collection for more efficient operation."
According to the WCS Configuration guide: "Only Intel and Cisco adapters have been tested. Make sure the Enable Cisco Compatible Extensions and Enable Radio Management Support are enabled in the Cisco Compatible Extension Options."
Also of note from the WCS Configuration guide: "The calibration status bar indicates data collection for the calibration as done, after roughly 50 distinct locations and 150 measurements have been gathered. For every location point saved in the calibration process, more than one data point is gathered. The progress of the calibration process is indicated by two status bars above the legend, one for 802.11b/g/n and one for 802.11a/n."
Saturday, April 2, 2011
The Impossible Project -new- PX 680 Film
The Impossible Project just celebrated their first year in business, and with that - a recent beta testing is under way of their new PX 680 color film. This color film is rated ASA 600 for all the 600 series Polaroid cameras languishing in closets all across the globe.
I've had a Polaroid One Step Flash since the early '90s and I've been eagerly anticipating a replacement to the Polaroid 600 film. Old stock of Polaroid 600 film can still be found on eBay, but I've been buying old stock Softtone Spectra film from The Impossible Project to help fund their quest to reverse engineer all types of Polaroid film.
I purchased a couple of packs of the PX 70 Color Shade First Flush film and got shooting with my trusty 600 camera. I have to be honest, I was disappointed in the results. I was hoping for the same rich colors I'd gotten with old Polaroid film, and the film from TIP wasn't quite there yet. The colors were washed out, and regardless of which camera I used (SX-70 or the 600 camera) I just didn't see the saturation of color I remembered.
The old stock Polaroid film was very contrasty and the colors were very rich and vivid. Of course when the film was freely available on store shelves, it was usually out of my price range. I only have a few shots from all the years it was being made - I couldn't afford to buy it nearly as often as I'd like. The best series of pictures came from a trip to Mardi Gras back in 1992.
Well, all that changed today. My shipment of the PX 680 film arrived on March 31st, but I waited to crack it open until today. I took my 600 camera to the local Central Market grocery store. They have a great produce section full of all kinds of vibrant colors just waiting to be used for test shots.
Perhaps Saturday wasn't the best idea for this, but in any case I was able to use up the whole pack of film. I will say that the pictures develop very slowly. I'd guess that they take at least 2 minutes to completely develop. I used the 600 camera on the middle exposure setting, and all these pictures were taken indoors under grocery store lighting with the camera's flash. I shielded them from the store lighting after shooting the picture, then put them in my purse to develop while I moved on to the next subject.
The PX 680 film worked well for saturated oranges and reds. The yellows were a bit washed out, and the dark purples of the potatoes turned out a lot darker than they actually were.
The carrots looked great all lined up and tightly bound in purple rubber bands. The picture turned out a bit dark. For the next pack of film I shoot indoors, I might try moving the exposure bar over to the "light" setting so the pictures come out a bit brighter.
Overall, I think my favorite picture is of the rhubarb and radishes. The difference in the reds and purples in the bunch of radishes is noticeable, and the rhubarb is a bit out of focus. I like it.
I wanted to take a picture of the roses in the the floral section, but the lady working there told me that Central Market doesn't allow photography in the floral section, or any other section of the store for that matter. I can't imagine why. What do they care if someone snaps a picture of their plums? So as I was leaving the store I used my last shot in the garden section. Pink flowers.
I'm looking forward to the next release of PX 680 film - it is much, much closer to the Polaroid 600 film I remember. This is a remarkable accomplishment from the crew at The Impossible Project. In only a year they've been able to reverse engineer color instant film for one of the most common instant cameras ever made.
Friday, April 1, 2011
Cisco IOS Bridge link with EAP-FAST and WPAv2 security
I've setup many a bridge link in a lab environment just to test the functionality of a bridge link config. Often I need to refer to a working configuration to determine what is wrong with a non working bridge link. Here is a working bridge link configuration for both the ROOT and NON-ROOT bridges.
This config was used on a pair of Cisco 1242 access points where I was using the dot11 radio 0 (2.4GHz) interface for the bridge link. The same configuration can be used on the dot11radio 1 (5GHz) interface as well, just substitute the interface name of your choosing into the following template.
The configuration commands below are all that is necessary to establish a working bridge link secured with EAP-FAST authentication and WPAv2 security.
The configuration is also sorted into the order in which the commands can be configured via the CLI over a console connection. The commands will show up in their proper place when you execute the show run command after you've applied the configuration. Don't forget to wr when you're done!
hostname ROOT_AP
aaa new-model
!
radius-server host [ROOT AP IP ADDRESS] auth-port 1812 acct-port 1813 key 0 [RADIUSKEY]
!
aaa group server radius [SERVER GROUP NAME]
server [ROOT AP IP ADDRESS] auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group [SERVER GROUP NAME]
!
radius-server local
nas [ROOT AP IP ADDRSS] key 0 [RADIUSKEY]
user [USERNAME] password 0 [PASSWORD]
!
access-list 700 permit [NONROOT DOT11 0 INTERFACE MAC ADDRESS] 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
!
dot11 association mac-list 700
!
dot11 ssid [BRIDGE LINK SSID]
vlan [VLAN NUMBER]
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
infrastructure-ssid
!
interface Dot11Radio0
!
encryption vlan [VLAN NUMBER] mode ciphers aes-ccm
!
station-role root bridge
l2-filter bridge-group-acl
!
interface Dot11Radio0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 spanning-disabled
!
interface FastEthernet0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address [IP ADDRESS] [SUBNET MASK]
!
ip default-gateway [DEFAULT GATEWAY IP ADDRESS]
!
eap profile [PROFILE NAME]
method fast
dot1x credentials [PROFILE NAME]
username [USERNAME]
password 0 [PASSWORD]
!
access-list 700 permit [ROOT DOT11 0 INTERFACE MAC ADDRESS] 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
!
dot11 association mac-list 700
!
dot11 ssid [BRIDGE LINK SSID]
vlan [VLAN NUMBER]
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
dot1x credentials [PROFILE NAME]
dot1x eap profile [PROFILE NAME]
infrastructure-ssid
!
interface Dot11Radio0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 spanning-disabled
!
interface FastEthernet0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address [IP ADDRESS] [SUBNET MAKS]
!
ip default-gateway [DEFAULT GATEWAY IP ADDRESS]
This config was used on a pair of Cisco 1242 access points where I was using the dot11 radio 0 (2.4GHz) interface for the bridge link. The same configuration can be used on the dot11radio 1 (5GHz) interface as well, just substitute the interface name of your choosing into the following template.
The configuration commands below are all that is necessary to establish a working bridge link secured with EAP-FAST authentication and WPAv2 security.
The configuration is also sorted into the order in which the commands can be configured via the CLI over a console connection. The commands will show up in their proper place when you execute the show run command after you've applied the configuration. Don't forget to wr when you're done!
hostname ROOT_AP
aaa new-model
!
radius-server host [ROOT AP IP ADDRESS] auth-port 1812 acct-port 1813 key 0 [RADIUSKEY]
!
aaa group server radius [SERVER GROUP NAME]
server [ROOT AP IP ADDRESS] auth-port 1812 acct-port 1813
!
aaa authentication login eap_methods group [SERVER GROUP NAME]
!
radius-server local
nas [ROOT AP IP ADDRSS] key 0 [RADIUSKEY]
user [USERNAME] password 0 [PASSWORD]
!
access-list 700 permit [NONROOT DOT11 0 INTERFACE MAC ADDRESS] 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
!
dot11 association mac-list 700
!
dot11 ssid [BRIDGE LINK SSID]
vlan [VLAN NUMBER]
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
infrastructure-ssid
!
interface Dot11Radio0
!
encryption vlan [VLAN NUMBER] mode ciphers aes-ccm
!
station-role root bridge
l2-filter bridge-group-acl
!
interface Dot11Radio0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 spanning-disabled
!
interface FastEthernet0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address [IP ADDRESS] [SUBNET MASK]
!
ip default-gateway [DEFAULT GATEWAY IP ADDRESS]
---------
hostname NONROOT_AP!
eap profile [PROFILE NAME]
method fast
dot1x credentials [PROFILE NAME]
username [USERNAME]
password 0 [PASSWORD]
!
access-list 700 permit [ROOT DOT11 0 INTERFACE MAC ADDRESS] 0000.0000.0000
access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
!
dot11 association mac-list 700
!
dot11 ssid [BRIDGE LINK SSID]
vlan [VLAN NUMBER]
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
dot1x credentials [PROFILE NAME]
dot1x eap profile [PROFILE NAME]
infrastructure-ssid
!
interface Dot11Radio0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 spanning-disabled
!
interface FastEthernet0.[VLAN NUMBER]
encapsulation dot1Q [VLAN NUMBER] native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address [IP ADDRESS] [SUBNET MAKS]
!
ip default-gateway [DEFAULT GATEWAY IP ADDRESS]
Subscribe to:
Posts (Atom)