Académique Documents
Professionnel Documents
Culture Documents
Introduction. . . . . . . . . . . . . . . . . . . . . . . . 1
Portable systems . . . . . . . . . . . . . . . . . . . . 5
Centralized systems. . . . . . . . . . . . . . . . . . 5
Especially useful are portable, integrated wireless/wired analyzers. Having a single device for troubleshooting both
network segments allows technicians to quickly determine whether the sources of problems are wireless or wired
issues – or non-network issues altogether – so they can maximize network availability for users, who are growing
increasingly mobile.
Network architectures
Ad-hoc networks consist of client devices communicating directly with one another in a peer-to-peer workgroup
fashion. Ad-hoc networks can pose a threat if an unauthorized client(s) should automatically associate with a legit-
imate client that contains sensitive data or if they piggyback onto that client’s connection to gain access to wired
network resources.
Wireless infrastructures are comprised of access points (APs) which are either connected directly to the wired network,
or to wireless switches. They provide the RF environment for client devices, and can be configured to create point-
to-point networks for bridging networks between buildings, such as across a parking lot.
Yet another infrastructure type is mesh networking. A mesh network consists of APs that communicate with one
another using wireless routing protocols. Mesh networks enable communications with the wired network through a
minimal number of access points that are connected to the wired network. Mesh networks are often considered in
order to provide flexibility in access point placement and to reduce the costs and complexity of running cable from
wiring closets to each AP.
Even if an organization is using just one 802.11 mode, having a wireless analyzer that can scan all the channels in
the 802.11b, a, and g bands is recommended as a best practice. Otherwise, your organization risks security threats
from ad-hoc and rogue APs operating in the other bands.
A multimode analyzer scans the 802.11 channels in the 2.4GHz and 5GHz freqencies in a given geography to check
for proper configuration, signal-to-noise ratio (SNR), bandwidth utilization levels, and other issues. If utilization on
an AP is topping out, for example, it could be because there are temporarily too many wireless clients associated
with it. On the other hand, perhaps a particular user or protocol is “hogging” bandwidth. Technicians equipped
with wireless analyzers can discover those “top talkers,” enabling the company to decide whether MP3 downloads or
other greedy traffic should be banned from the wireless environment.
O piV
t w
ie
Inetgartde eN t o
w rk
Possible RF problems
Unlike the wired network, the performance of the wireless LAN and users’ ability to access the network are prone
to change as the environment surrounding APs and clients changes. Because users connecting to wireless APs are
often mobile, it can be challenging to predict how many will be using a given AP at one time. In addition, inter-
mittent coverage holes, or dead zones, may materialize when an AP becomes temporarily overloaded or when clients
roam to areas where the RF signal strength is too weak to maintain association.
Dead zones in out-of-the-way areas where APs have not been installed can become a problem when new wireless
applications, such as wireless voice over IP, are deployed. Also, changes to the physical environment made after
the initial wireless site survey can impede the ability of clients and APs to communicate. Such changes might
include the addition or movement of furniture, particularly metal file cabinets, and the installation of microwave
ovens and other wireless consumer-grade devices.
Nonetheless, it is still the network technician’s job to identify whatever is causing perceived network problems.
In many organizations, application support teams require that network issues be eliminated as possible culprits
before they will troubleshoot their applications.
If a wireless user is having trouble logging in, the first thing the technician will want to determine is exactly
where the problem is occurring. Using a portable test and measurement device that tests both the wireless and
wired network is generally the quickest means to this end.
If the technician can use the wireless analyzer in client mode to successfully authenticate and associate from the
problem location, then the problem may lie in the user’s client device configuration or in that client’s access rights.
If the analyzer cannot reach the authentication server, the problem could lie in either wireless or wired physical
layer. Not enough bandwidth, falling out of range, or interference, for example, could be at the root of the
problem.
The technician can use a wireless analyzer to scan the wireless environment to measure signal strength and AP
capacity from the problem location. Scanning in this manner is often referred to as passive mode, as the analyzer is
not actually associated with an access point while performing these tests. In passive mode, the analyzer’s wireless
NIC is only receiving wireless data and is not transmitting. If RF quality is satisfactory, then the technician will use
the analyzer to link to the wireless network, in client mode, to conduct other tests such as authentication tests,
ping, and throughput tests.
Often, technicians must verify that the client configuration conforms to the business’s security policies for packet
encryption and authentication method (such as Extensible Authentication Protocol, or EAP, type). A mismatched
security parameter would prevent successful authentication and authorization.
A well-designed portable wireless/wired analyzer should be able to monitor and troubleshoot every step of the authen-
tication process to see if and where it breaks down. If the authentication server is denying the user access, for exam-
ple, the issue might lie in the authentication server itself, the user’s security configuration, or the user’s access rights.
Supervising the EAP authentication process from a wireless analyzer will eliminate a number of possibilities.
Periodically, after the initial wireless site survey, network technicians can use their portable analyzers to analyze
the RF environment and look for changes that might cause performance degradation. They can also watch for user
trends – such as finding where wireless users congregate – which may indicate areas where additional APs should
be installed.
* Gartner Inc. Research Note, November 21, 2006, Introduction to Wi-Fi Security Best Practices, John Girard, John Pescatore
Portable systems
Ruggedized, integrated network analyzers have several
advantages over laptop computers and handheld, per-
sonal digital assistant (PDA)-style devices, as well as
centralized systems (see subsection below). Laptops,
for example, are limited in performance by the Windows
Network Driver Interface Specification (NDIS) drivers,
which specify how communications protocols, such as
TCP/IP, communicate with the laptop NIC. NDIS limita-
tions often cut performance in half. From a usability
perspective, laptops are also less desirable as technicians
hesitate to loan their laptops to others to conduct tests,
and they may not want to leave their laptop somewhere Figure 3: Portable wired and wireless analyzer
to conduct long-term test and analysis.
For their part, PDAs lack onboard cardbus support, which is necessary in order to enable (802.11a/b/g) Wi-Fi
channel scanning. As noted earlier, this is a critical capability required for doing a thorough job of troubleshooting
the wireless enviornement.
Centralized systems
Systems that support some RF management capabilities in a wiring closet or data center switch or controller are
useful; however, they have visibility only into what the distributed infrastructure APs can “see” and are able to
report back to the centralized system. If there is a dead zone, for example, due to a change in the physical environ-
ment, a centralized RF management system may not be able to discover it.
Similarly, a centralized system may be able to indicate the general location of a rogue AP, but to the technician
dispatched to disable it, nearby APs visually look the same. Portable analyzers, on the other hand, serve as a com-
plement to the centralized systems by providing audible and visual signal strength indicators that lead technicians
directly to the rogue AP.
Finally, many enterprises today support legacy Wi-Fi infrastructures with traditional APs. They simply have not
had the budget or justification to upgrade to centralized infrastructures or install proprietary Intrusion Detection
Systems (IDS). In these environments, frequent audits with a portable wireless network analyzer offers an efficient
management and maintainance solution.
Summary
As wireless LAN technology continues to proliferate, wireless LAN users will increasingly call upon help desk
resources to report wireless network issues. Fortunately, technicians no longer need to carry several tools in order
to test and troubleshoot their networks. Integrated wireless/wired portable analyzers can quickly isolate problems
to the wireless or wired network, client device, or application, enabling technicians to accelerate problem resolution.
Wireless analyzers discover network-connected devices and provide information regarding their associated health,
signal strength, and security configurations. They also have the ability to operate as a wireless client which helps
technicians to immediately determine whether the issue is specific to the given user’s device. Portable, integrated
network analyzers have performance advantages over laptops, multimode scanning advantages over handhelds, and
cost and granularity advantages over centralized systems.
The EtherScope and OptiView portable analyzers automatically scan all a/b/g channels to gather and report statis-
tics on the health of the RF network and to discover the active networks, mobile clients and access points. You can
drill down into any device to view its wireless configuration. Use the built-in maintenance utilities to edit the con-
figuration if necessary.
When testing wireless security, these analyzers will identify and flag security vulnerabilities including unauthorized
(rogue) devices and unprotected access points. Use the locate feature to track down the offending device.
You can use these portable analyzers to troubleshoot connectivity and login issues by monitoring the connection
and authentication processes. In addition, both tools feature extensive reporting capabilities for documenting
your WLAN.
Learn more about Fluke Networks portable network analyzers by visiting www.flukenetworks.com/wireless.
N E T W O R K S U P E R V I S I O N
Fluke Networks
P.O. Box 777, Everett, WA USA 98206-0777