I like wireless networks, I really do.
They have grown well beyond tiny “pockets” that were giving you ad-hoc attachment to the wired network. Modern wireless clouds have centralized management, can simultaneously serve different groups of customers of devices and can perform amazing things when it comes to troubleshooting or planning.
Just few highlights.
Next to serving wireless users, Assess Points continuously scan their own and neighboring frequencies to determine the state of environment. So, well-configured wireless network always knows what is happening where. It does not mean though that we engineers know that too,- on the contrary, most of the time monitoring and reporting is sadly neglected. We don’t care to ask properly for information, but that’s everything we need to do. Radio Resource Management (RRM) is responsible for auto-adjustments of wireless cloud to provide the best possible service.
Newest Access Points from Cisco have ClearAir support, and are able to perform advanced analysis of RF environment. They can literally tell you, for example, that there are too many bluetooth discoveries happening in a particular room, suggesting some strange gathering of mobile phones. You go there to check and indeed, see yet another management meeting taking place. Actually, well-tuned network can be turned into one giant “field engineer” with ability to self-discover problem areas, take decisions to migrate to another channel, increase or reduce transmit power, and withstand the attack of a hacker.
If some smart employee brings his WiFi router from home and attaches to corporate network, in many cases it goes unnoticed, especially if SSID is not broadcasted. Until… until our wireless network is taught to take action upon discovery of such WiFi host and to verify if it is actually attached to our network. And if yes,- the system will call 112 and order you two beers raise the alarm. We can even force the clients of hostile (rogue) Access Points disconnect from it. Not very nice thing to do, but if we are sure are dealing with hacker?..
If one Access Point is doing a software upgrade or just dies, neighbouring AP’s can detect the coverage hole and increase signal level to cover it until the situation repairs.
The security of the wireless cloud requires sharp change in the direction of your thoughts. In traditional wired networks, we most of the time rely on ring-fenced perimeter, protecting it with firewalls and security guards at the building entrance. But in most organizations, a hacker on internal network can ruin your whole party. And now imagine that in wireless network a hacker will be able to probe your skills from the other side of the street. He can configure the same SSID pretending he is part of your network. He can introduce interference. He can force your clients to de-associate from wireless network. He can do number of other things without even approaching your premises. That’s why many more things in wireless security must be done proactively.
An excerpt from Cisco docs:
“The Cisco Unified Wireless Network is composed of five interconnected elements that work together to deliver an enterprise-class wireless solution.
- Client devices: Cisco Compatible Extensions client devices, Cisco Aironet client devices and Cisco Secure Services Client.
- Access points: Cisco Aironet 802.11a/b/g and 802.11n lightweight access points and Cisco wireless LAN bridges.
- Network unification: Cisco 4400 and 2100 Series wireless LAN controllers, Cisco Catalyst 6500 Series Wireless Services Module (WiSM), the Cisco Wireless LAN Controller Module (WLCM) for Integrated Services Routers and the Cisco Catalyst 3750 Series Integrated Wireless LAN Controller.
- Network management: Cisco Wireless Control System (WCS) and Cisco WCS Navigator.
- Mobility services: Cisco Wireless Location Appliance, Cisco Self-Defending Network, Network Admission Control, and single and dual mode Wi-Fi phones such as Cisco 7900 Series Unified IP Phones.”
Alex Mavrin, CCIE #7846
Visit http://www.apteriks.com and use FREE ONLINE tools for network professionals.
Images are (c) Cisco