packet6

CTS 063: Wi-Fi Security – Securing Access

François Vergès discusses Wi-Fi security and securing the access to the Wi-Fi network.

On episode 56, we have talked about the legacy Wi-Fi security mechanisms and we explained why they are not considered safe and secure anymore and why we should not be using them in our modern Wi-Fi networks deployments.

In this follow up episode, we want to start going over the stronger and safer way to secure a Wi-Fi network. We are focusing on how the client devices can securely connect and exchange data over a Wi-Fi network.

This episode will answer the following questions:

  • How does a client station securely connect to a Wi-Fi network?
  • What is WPA?
  • What is the difference between WPA and WPA2?
  • How does the Personal and Enterprise mode of operation work?
  • What is 802.1X and how is it related to Wi-Fi security?
  • What is required in order to authenticate client devices using 802.1X?
  • What is the 4-way handshake?
  • What are the secured EAP methods?
  • What do we need to do in order to securely use WPA/PA2-Personal?
  • What is considered a strong password?
  • How does a client station securely exchange data over the Wi-Fi network?

Resources

Here are the links to the videos we talked about during this episode:

Here are a couple of diagrams related to the Wi-Fi security topic:

 

 

If we want to dive deeper into the topic of Wi-Fi security, you can read the following book:

Other resources we talked about:

Password generation website: xkpasswd.net

CTS 048: Cisco Mobility Express

Cisco Mobility Express

Cisco Mobility Express is a small to medium sized Wi-Fi solution which can be deployed in just under 20 minutes. In this episode, I talk about my what Cisco Mobility Express entails and how I configured a couple of Cisco 1800 series access points.

Other access points that can be controllers with Cisco Mobility Express include the 2800 and 3800 series access points. This is a special image and not the lightweight images we typically use with the larger controller based models. What’s so special with Cisco Mobility Express is there is a built-in controller. This AP can serve wireless clients and function as a controller to manage up to 25 access points and 500 clients.

Installation

Deploying a Cisco Mobility Express controller can be completed in under 20 minutes. After completing the boot up process, a new SSID, CiscoAirProvision, will be enabled. It can be joined using your desktop/laptop computer or with an app, CiscoWireless.

For testing purposes I used the app on my iPhone which was surprisingly simple.

It’s only 5 steps:

  1. Configure an admin account
  2. Setup the controller – System name, management IP address, etc.
  3. Configure wireless networks
  4. Set up RF Parameter Optimization
  5. Confirm and Reboot

Reminder: Configure your switch port properly! If you’re tagging multiple VLANs for your wireless networks, be sure to configure trunk ports to the access point.

A controller can function as one single controller but for redundancy, each Cisco Mobility Express AP (1800,2800,3800 series) can be redundant to each other. But if you want to statically configure a primary and secondary controller, you can do so using the CLI.

The election of a controller happens in one of three ways:

  • User defined
  • Least client load
  • Lowest MAC address

All of your advanced troubleshooting will be done using the CLI as well.

Within the web interface, to manage the controller, you have the ability to modify the configuration such as radio policies for your SSID, VLAN tags for an SSID and advanced settings such as channels, channel widths, and transmit power.

Monitoring will yield statistics on access points and individual wireless clients.

You can view access point statistics such as:

  • Channel utilization
  • Interference
  • Configured data rates
  • Throughput
  • Noise
  • Current transmit power

Client statistics collected include:

  • MAC address
  • Uptime
  • Current SSID connected to
  • Signal strength
  • Basic client capabilities

In addition to the statistics above, you can view the top applications used by each client and on the network.

Useful Commands

To get to ap level from controller:

apciscoshell

To get back to controller cli from ap cisco shell:

AP>logout

Troubleshooting AP join issues from controller:

debug capwap events enable

More detail:

debug capwap detail enable

View errors:

debug capwap errors enable

What you can configure via the AP:

Set static IP address:

capwap ap ip <ip-address> <subnet mask> <default-gateway>

Configure static controller IP:

capwap ap primary-base <controller-name> <ip-address>

Setup a primary and secondary AP for controller:

config ap priority 4 <ap>

config ap priority 3 <ap>

Links and Resources

15 Wi-Fi Blogs To Read via Network Computing

Are there any other blogs missing from this list? One I can think of is http://www.mikealbano.com/

Interference sources on the Wi-Fi Network via Netscout

Cisco to dismiss up to 5500 employees or 7% of their workforce via Arstechnica

How To Deploy Cisco Mobility Express via Packet6

Troubleshoot AP Joining Issues via Packet6

Cisco Mobility Express Deployment Guide via Cisco

CTS 003: WTF Is Electromagnetic Hypersensitivity Syndrome

We’ve made it to episode 3 baby! I just got back from doing personal travel to Washington DC and San Diego. In between airplanes and during flights I managed to plan this podcast to be recorded the night I return back to San Jose!

In this episode there are now segments. Specifically, there is News, a Quick Tip, and the Featured Segment.

In This Episode

  • iTunes
  • Ekahau 8.1 Update
  • Painting RF
  • Visualizing RF
  • EHS
  • Gathering Wireless Requirements

Links and Resources Mentioned

Thanks For Listening!

Wow episode 3 is done! Thank you for listening. Subscribe to the show on iTunes and remember to leave a rating and a review. I greatly appreciate it if you do.

If you leave a review I will give you a shoutout on a future episode!

CTS 000: Welcome To A New Wifi Podcast

And a new podcast was born. Get ready and take a listen. It’s a short episode as I go through introductions to the podcast and an introduction to me, Rowell.

I’m excited to start the Clear To Send podcast. The core topic will be about wifi. With no prior experience in podcasting this is sure to be an interesting adventure but I am confident you’ll stick with me.

In this episode:

  • What is Clear To Send podcast
  • Who is the host

Links and resources mentioned in this episode:

Thanks for listening!

Thank you for joining me on this first episode of Clear To Send. If you have any feedback or suggestions, please leave it in the comment section below!

If you enjoyed this episode, please share it on Twitter, Facebook, Email, or any other platform you use.

To help the podcast grow, please leave your most truthful review for the Clear To Send Podcast on iTunes. Don’t forget to leave a rating as they are really help and always appreciated.

Introducing Clear To Send

My name is Rowell and I am the author of Packet6, which is a blog about network & wireless engineering. Today, I am introducing a new self-published podcast called Clear To Send.

The podcast will start off as audio only with the blog to support the podcast by providing show notes from each episode. The topics that will be covered are:

  • Technical education
  • News
  • Opinion
  • Reviews
  • Interviews

Length is still up in the air but I am planning to keep it at 30-60 minutes per episode.

Clear To Send (or CTS for short) is for those who would like:

  • To get started in wireless
  • To get news on the wireless industry
  • Hear opinions on wireless
  • To get educated on wireless topics
  • Listen to interviews
  • Get career tips

Just the beginning

The Clear To Send podcast will be funded by me, Rowell, affiliate marketing links, and advertising on the podcast. As of this writing I have not reached out for any advertisers because I am still experimenting with the podcast.

I do not have any previous podcasting experience. My passion and experience will drive the early beginning stages of the podcast but I am open to feedback from the listeners.

If you have any questions or concerns, feel free to email me at rowell@cleartosend.net.

The journey to this stage took a lot of thought. I’ve always been interested in doing a podcast. Instead of just thinking about it I have decided to just do it. I hope to get the support from my industry peers to help share the podcast and to provide feedback on the published episodes.

So here’s the start of a new journey into podcasting. The blog, Packet6, will still be there. Clear To Send will just be an extension of the blog in audio format.

I hope you enjoy the episodes to come.