august 27, 2003 evaluation of winc manager a wireless network management software from cirond...
TRANSCRIPT
August 27, August 27, 20032003
Evaluation of WiNc ManagerEvaluation of WiNc Manager
A Wireless Network Management Software from A Wireless Network Management Software from Cirond Technologies Inc.Cirond Technologies Inc.
by
Kassim Olawale
Radio Science LaboratoryRadio Science LaboratoryDepartment of Electrical and Computer EngineeringDepartment of Electrical and Computer Engineering
The University of British ColumbiaThe University of British Columbia
Evaluation of WiNc Manager
OutlineOutline
WiNc Manager TestingWiNc Manager Testing
FeaturesFeatures
Further testing of featuresFurther testing of features
RecommendationsRecommendations
Evaluation of WiNc Manager
WiNc Manager TestingWiNc Manager Testing
Beta testing started in June Beta testing started in June
Software downloaded and installed Software downloaded and installed
APs were set up and connected to a wired APs were set up and connected to a wired network for testing network for testing
Assessments based on the software Assessments based on the software documentation and testsdocumentation and tests
Evaluation of WiNc Manager
WiNc Manager FeaturesWiNc Manager Features
Summary of Important features Summary of Important features Basic AP configurations Network load balancing Channel Assignment Security Mapview
Advantages and disadvantages relative to Advantages and disadvantages relative to campus networkcampus network
Evaluation of WiNc Manager
Basic Access Point ConfigurationsBasic Access Point Configurations
read, set or change most variables that read, set or change most variables that configure an Access Pointconfigure an Access Point
Communicates with APs using Simple Communicates with APs using Simple Network Management Protocol (SNMP) Network Management Protocol (SNMP)
If the AP does not support SNMP, If the AP does not support SNMP, Hypertext Transfer Protocol (HTTP) is usedHypertext Transfer Protocol (HTTP) is used
Evaluation of WiNc Manager
Basic Access Point ConfigurationsBasic Access Point Configurations
Access Point NameAccess Point Name ManufacturerManufacturer Firmware VersionFirmware Version Regulatory DomainRegulatory Domain SSIDSSID Description of APDescription of AP Channel number to useChannel number to use MAC AddressMAC Address IP AddressIP Address
Subnet MaskSubnet Mask GatewayGateway Wireless Transmit RateWireless Transmit Rate Wireless Transmit PowerWireless Transmit Power MAC Address Filter ListsMAC Address Filter Lists MAC Address Access MAC Address Access
Control Lists (ACLs)Control Lists (ACLs) Packet Fragmentation Packet Fragmentation
ThresholdThreshold RTS ThresholdRTS Threshold StatisticsStatistics
Evaluation of WiNc Manager
Basic Access Point Basic Access Point ConfigurationsConfigurations
Evaluation of WiNc Manager
Basic Access Point ConfigurationsBasic Access Point Configurations
AdvantagesAdvantages Enables a single location for changing AP
configurations for entire network. Changes can be applied to any number of APs at
once (depending on variable being changed).
Disadvantages Disadvantages Not all variables are available for editing. WiNc Manager currently does not support Cisco
Aironet AP1200 running IOS. It supports VxWorks on AP1200 and IOS on AP1100
Evaluation of WiNc Manager
Network Load BalancingNetwork Load Balancing
Load balancing using number of clients in Load balancing using number of clients in network network
Threshold number of clients beyond which Threshold number of clients beyond which redistribution is triggered can be manually redistribution is triggered can be manually setset
If no threshold specified, the software If no threshold specified, the software attempts to keep number of clients on all attempts to keep number of clients on all APs equalAPs equal
Evaluation of WiNc Manager
Network Load Network Load BalancingBalancing
Evaluation of WiNc Manager
Network Load BalancingNetwork Load Balancing
AdvantagesAdvantages Constantly overloaded APs could be easily
relieved requires that such APs’ coverage areas overlap those
of other AP(s) with smaller number of clients
DisadvantagesDisadvantages Aggregate throughput on an AP could reach a
maximum even with low number of users
Evaluation of WiNc Manager
Channel AssignmentChannel Assignment
Can assign channels to APs automatically Can assign channels to APs automatically using four of the eleven channels in the using four of the eleven channels in the IEEE 802.11b standardIEEE 802.11b standard
Evaluation of WiNc Manager
Channel AssignmentChannel Assignment
AdvantagesAdvantages Manual management of channel allocations to APs, while
still possible, is not necessary Capacity is increased by one-third over the traditional
three-channel network deployments
DisadvantagesDisadvantages Research suggests that it should be possible to use
more than four of the eleven channels provided in the IEEE 802.11b standard. This depends on the physical distance between the APs with overlapping coverage area and their transmit power.
Evaluation of WiNc Manager
SecuritySecurity
Use of Wired Equivalent Privacy (WEP) Use of Wired Equivalent Privacy (WEP) with automatically rotated keyswith automatically rotated keys
MAC Address filter listMAC Address filter list
Provisioning of network access for clientsProvisioning of network access for clients
Evaluation of WiNc Manager
Use of Wired Equivalent Use of Wired Equivalent PrivacyPrivacy
Four keys can be provided at a timeFour keys can be provided at a time Supports keys of length 64, 128 and 256 bits Supports keys of length 64, 128 and 256 bits Same WEP keys can be provided to multiple APs Same WEP keys can be provided to multiple APs
at the same time by selecting the APs before at the same time by selecting the APs before making key changesmaking key changes
WEP will be used for data transmission, but may WEP will be used for data transmission, but may also be used for authentication also be used for authentication
AutoKey (optional)AutoKey (optional) Automatic distribution of WEP keys to clients using
Cirond Technologies WiNc or pocketWiNc software Automatic key rotations (following a specified schedule)
Evaluation of WiNc Manager
WEP : WEP : AutoKeyAutoKey
Evaluation of WiNc Manager
Use of Wired Equivalent Use of Wired Equivalent PrivacyPrivacy
AdvantagesAdvantages Data is protected when transmitted with WEP encryption AutoKey eliminates the need for network users to
manually enter unfamiliar WEP keys on their user equipment
AutoKey also allows rotation of keys on schedule
DisadvantagesDisadvantages AutoKey requires that users install Cirond Technologies
software on their user equipment Without AutoKey,
users have to manually enter WEP keys in their equipment WEP keys cannot be changed regularly enough to defeat an
intruder’s effort to learn the keys from transmitted packets.
Evaluation of WiNc Manager
MAC Address filter MAC Address filter listlist
Clients may be allowed or disallowed Clients may be allowed or disallowed access to wireless network based on their access to wireless network based on their MAC addressesMAC addresses
Different MAC Address Access Control Lists Different MAC Address Access Control Lists (ACL) for different APs on the network is (ACL) for different APs on the network is possible possible Access control lists programmed onto the APs New lists (external to the APs)
Evaluation of WiNc Manager
MAC Address filter MAC Address filter listlist
AdvantagesAdvantages This may serve as an additional security
feature in the network
DisadvantagesDisadvantages It will be difficult to manage MAC Address lists
for a large network such as that in UBC MAC addresses can also be copied by potential
intruders
Evaluation of WiNc Manager
Provisioning of Network Provisioning of Network AccessAccess
WiNc Manager creates an encrypted WiNc Manager creates an encrypted provisioning data fileprovisioning data file
The file is used once by the client to The file is used once by the client to connect to the network and register accessconnect to the network and register access requires that the client be running Cirond
Technologies software
WiNc Manager maintains automatic key WiNc Manager maintains automatic key distribution to the client (if WEP keys are distribution to the client (if WEP keys are set and AutoKey enabled)set and AutoKey enabled)
Evaluation of WiNc Manager
Provisioning of Network Provisioning of Network AccessAccess
Evaluation of WiNc Manager
Provisioning of Network Provisioning of Network AccessAccess
AdvantagesAdvantages If provisioning is enabled, only clients that
have been provisioned can access the network Access to the network can be denied to specific
clients by disabling their access provisioning
DisadvantagesDisadvantages Provisioning of network access requires that
clients run Cirond Technologies software
Evaluation of WiNc Manager
MapvieMapvieww
Real-time graphical presentation of the wireless networkReal-time graphical presentation of the wireless network Shows APs and clients in the network
Background will represent plan of the physical location of Background will represent plan of the physical location of the APs (optional)the APs (optional)
APs not configured will be shown as rogue APsAPs not configured will be shown as rogue APs Physical location of APs require an initial setup in WiNc Physical location of APs require an initial setup in WiNc
ManagerManager This is easy to achieve using the various setup and calibration
tools provided
Links are drawn between each client shown and all the APs Links are drawn between each client shown and all the APs it is associated withit is associated with
Location of clients are estimated using the location of the Location of clients are estimated using the location of the APs they are associated withAPs they are associated with
Evaluation of WiNc Manager
MapvieMapvieww
Evaluation of WiNc Manager
MapvieMapvieww
AdvantagesAdvantages Useful in assessment of network performance and load (in
terms of number of clients) Easier to explain why some APs are overloaded compared
with others in the same building or environment APs that are offline and rogue APs are easy to spot
DisadvantagesDisadvantages Relies on clients running Cirond Technologies software to
report rogue APs Location of clients may not be very reliable, unless they
run Cirond Technologies software
Evaluation of WiNc Manager
Further Further TestingTesting
Set up clients to APsSet up clients to APs use Orinoco RG1000 as clients
Test network load balancingTest network load balancing
Evaluation of WiNc Manager
ConclusionsConclusions
Some features in WiNc Manager are only available Some features in WiNc Manager are only available or practical when clients run Cirond Technologies or practical when clients run Cirond Technologies software (WiNc for clients or pocketWiNc).software (WiNc for clients or pocketWiNc).
Examples of these features include the Examples of these features include the use of WEP with AutoKey reporting rogue APs on Mapview positioning of clients on Mapview provisioning of network access to clients
In a network that uses WiNc Manager, use of Cirond In a network that uses WiNc Manager, use of Cirond Technologies software in clients is recommendedTechnologies software in clients is recommended
Evaluation of WiNc Manager
ConclusionsConclusions
Software was assessed for use in UBC wireless networkSoftware was assessed for use in UBC wireless network The advantages and disadvantages listed will help in The advantages and disadvantages listed will help in
deciding suitability of the software deciding suitability of the software Additional considerations on WiNc Manager includeAdditional considerations on WiNc Manager include
Cirond Technologies should enable support for Cisco Aironet AP1200 running IOS
No other software is available to provide throughput load balancing
Research on use of channel assignment algorithms better than a four-point autochannel is still ongoing
Mapview, included in the software, is valuable for real-time visual evaluation of the performance of the network