1 of 28

WiFi & you.

2 of 28

“Clicker” test

How many of you connect to WiFi @ UNLV with:

  1. 1 device
  2. 2 devices
  3. 3 devices
  4. 4 or more devices
  5. What is this Wi-fi you speak of?

3 of 28

UNLV Wireless usage (October 2013)

  • 53,081 Unique devices
  • 22,395 Devices/day
  • 900Mb of 1.4Gb per second to internet is WiFi
  • 451,521 Authentications/day

  • 70% campus covered
  • Thomas & Mack (possibly).
  • Most classroom spaces coming.
  • Closer to 90% coverage by this time next year
  • Likely increase by 50% ‘devices’

4 of 28

Quick overview - 802.11 Channels*

2.4GHz (802.11B/G/N) - Only 3 ‘usable’ channels

* usa

CCI is better than ACI

5 of 28

5GHz (802.11A/N/AC) - 24 Channels

6 of 28

In the US we have up to 11 non-overlapping channels to choose from, for 802.11b/g/n (2.4ghz)

  1. True

  • False

7 of 28

WiFi is a Shared Medium (like a hub)

  • Half duplex (think 2-way radio)
    • I won’t talk if someone else is talking
    • Channel can only be used by one device at a time.
  • Speed matters...it’s all about “Air Time”

Analogy: *Mike screaming like an idiot (in English)*

    • If I talk really slow, the conversation takes long!
    • If I talk really loud, I’ll disturb the next room
    • this is called: “Data Rate”. This is what you see when looking at “connection properties”.

8 of 28

Why should we encourage adoption of 802.11ac for a low speed device like a smart phone?

A. We don’t care, a smartphone would rarely need gigabit wireless speeds

B. Faster speeds mean less air time which means the channel is free for others to use

C. Youtube videos look better with 802.11ac

9 of 28

Most common problems - in order.

  1. Interference

  1. Drivers

  1. 802.1X Supplicant configuration

10 of 28

Most Common Interference Sources

  • Rogue AP’s:
    • Soho routers/MyFi/Ad-hoc’s/printers/WiFi-direct/ Tethering phones
  • Microwaves
  • Cordless phones
  • Non-wifi wireless Camera’s (ie Baby Monitor)
  • Bluetooth
  • X-Box controllers
  • Radar (5GHz only)
  • Our own WiFi?

11 of 28

802.11 Interference

Rogues/ad-hocs/MyFi’s etc.

12 of 28

Rogues

...and why they suck are such a problem.

13 of 28

RF contention for Air Time

  • Support low ‘data rates’ and 802.11b

  • Operate on overlapping 2.4GHz channels
    • A rogue on channel 3 severely impacts our AP’s on both channels 1 & 6 (ACI worse than CCI)

  • Big security concerns -- extend our wired cable plant to the parking lots.
    • Even if secured with latest standards like WPA2-Personal (ie not WEP), they are vulnerable. google: wps vulnerability

14 of 28

Air Time Example with only 1 client!

Virtually all rogue devices support 1Mb data rate.

This example is a printer (ad-hoc).

“race to the bottom”:

More rogues = more noise = less SNR = higher retransmit rates = more rate-shifting (down) = RF consumed = WiFi Broken.

15 of 28

Rogue’s consume RF air-time, severely impacting UNLV WiFi performance

  1. True

  • False

16 of 28

Rogues can use channel 8, since UNLV WiFi only uses channels 1, 6 & 11.

  1. True

  • False

17 of 28

Non-802.11 Interferers

...and why they also suck are such a problem

18 of 28

They do not care about 802.11

  • They ignore the rules of “is it ok to talk now?”

Analogy: *Mike screaming like an idiot in a make believe language*

  • Like holding down the “talk” button on the 2-way radio...constantly.
  • They consume the RF ‘channel’.
  • This is called “Channel Utilization” or “Duty-cycle”

  • Even if not ‘consuming’ the channel, WiFi devices can not understand the ‘make believe language’
    • This is called “demodulation”.

19 of 28

Cordless phone -- 100% CU

When something like this occurs, WiFi completely breaks.

*Cordless phone pictured here is non-DECT. DECT Phones operate at 1.8/1.9GHz, meaning no WiFi interference.

20 of 28

Drivers

Are they up to date yet?

21 of 28

Mostly affects Linux & Windows

  • Windows update does NOT update your drivers

  • Device Manager-->Get chipset information--> Go to manufacturers website-->Download latest-->Call me in the morning (or don’t).

  • This fixes TONS of problems. Association, 802.1X (WPA2) etc. Please do this prior to escalation!

22 of 28

802.1X

This is what WPA2-Enterprise uses.

23 of 28

The Supplicant

  • Painful: 15 - 30 clicks

  • Helpdesk = first line of defense against this issue.

  • http://wireless.unlv.edu/secure (learn it, love it, live it)

  • Improperly configured means:
    1. No authentication (can’t get to facebook)
    2. Slow authentication (can’t get to facebook fast enough)
    3. Insecure (I’m on facebook, but so is the guy next to me...as me)
    4. A solution exists, but we have not purchased it (yet?)

  • Management frames are un-encrypted (802.11w will solve this)
    • autoconfigured/misconfigured supplicant = clients vulnerable. Google: fakeradius

24 of 28

What we do @ infrastructure level

Dual-band clients often choose 2.4GHz instead of the much less crowded 5GHz

Non-802.11 interference will occur, no matter how hard we try to eliminate it.

With only 3 2.4GHz channels, how do you cover a classroom building requiring 100+ AP’s.

The rogue ap’s are everywhere! How can you locate them?

I need my Burrito!

Band-Select. If AP see’s client is capable of 5GHz, it ignores first 3 association requests on 2.4GHz.

“Clean-Air”. About 50% of our AP’s can detect devices (like video cameras, microwaves etc.) and move away from those channels affected.

Directional antennae. Turn down Tx power of AP’s. Raise minimum mandatory data-rate. This reduces the cell-size.

In many cases we can pinpoint location (~10 meters accuracy) on a floorplan. Fluke air-check when on-site.

Education on the topic of interference goes a long way. Try to set an accurate expectation...”that burrito is destroying your WiFi!”

25 of 28

Tools you can use

Android:

  • WiFi Analyzer
  • IPerf - test2.net.unlv.edu

iPhone:

  • Bars?

OSX:

  • alt-click the wifi icon
  • wifi-diagnostics/utilities
  • /var/log/wifi.log

Linux:

  • /etc/wpa_supplicant/wpasupplicant.conf

Windows:

  • inSSIDer

26 of 28

How you can help

  • aforementioned drivers & supplicant

  • Report improper antenna orientation to Help Desk *show example*

  • Inform your customers about the problems with rogue wireless

  • Make sure UNLV Wireless is avail. in the area you’re troubleshooting (hint: non-OIT wifi exists w/ ‘UNLV’ in the SSID)

  • Disable printer wireless

27 of 28

I found this presentation

  1. Useful - Thanks for the info.

  • Somewhere in the middle.

  • Useless - 1 hour I will never get back

28 of 28

I would like a presentation on

  1. High-density WiFi design

  • 802.1X & the EAP Process

  • Using tools like Fluke Air-Check to diagnose issues.

  • Why 802.11n & 802.11ac are so much faster

  • No more, just let me out of here.