1 / 29

WLAN Infrastructure Monitoring and Supplicants

WLAN Infrastructure Monitoring and Supplicants. Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila. Agenda. Supplicants in general Windows7 (manual & automatic config ) Network manager and w pa_supplicant Mac WindowsXP Monitoring Fixed part Wireless part.

mauve
Download Presentation

WLAN Infrastructure Monitoring and Supplicants

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WLAN Infrastructure Monitoring and Supplicants Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila

  2. Agenda • Supplicants in general • Windows7 (manual & automatic config) • Network manager and wpa_supplicant • Mac • WindowsXP • Monitoring • Fixed part • Wireless part

  3. supplicants

  4. Why supplicants? • eduroam based on 802.1x • 802.1x requires supplicants • LOTS of different supplicants out there • all OSes have their own • iPhone, Android, Nokia etc. have their own • All differ but basic features are the same • The bright side: Configure only ONCE • In web authentication credentials repeated

  5. Supplicant details • Basic features • Define EAP-method • Supported methods depend on supplicant • Define certificate and server name • If self-signed certificate, no server name required • Define encryption: WPA2-AES , WPA-TKIP • Define user name and password • User name including @organisation.rs • Anonymous identity might be supported

  6. Supplicant best practices • About certificates in PEAP and TTLS • If self-signed certificate • Distribute it securely to your users • If public CA • Ensure that the CA and the server name has been defined in the supplicant • If you use TLS you don’t have to worry about these recommendations • Anonymous identity

  7. Supplicants and supported EAP methods

  8. Windows7 manually 1/3

  9. Windows7 manually 2/3

  10. Windows7 manually 3/3

  11. Windows7 – automatically 1/2 • Installercreates XML file • XML fileused to configuresettings • Useronlyinputscredentials • requiresadminrights • Installercreatedwith NSIS • Win7 and Vista

  12. Windows7 – automatically 2/2

  13. Networkmanager/ wpa_supplicant

  14. Mac supplicant 1/3

  15. Mac supplicant 2/3

  16. Mac supplicant 3/3

  17. WinXP • Configuration video available at http://cbt.geant2.net/repository/eduroam_supplicants/setting_up_eduroam_supplicants.html

  18. monitoring

  19. Monitoring

  20. Monitoring methods for authentication Radius authentication EAP authentication eapol_test included in wpa_supplicant Additional input compared to radtest Supported EAP methods (outer and inner) Certificate Requires a radius server to carry out testing Imitates supplicant auth • radtest • standard command • Input • Credentials • Server name and shared secret • does not require a radius server for monitoring purposes • doesn’t test EAP auth

  21. More on eapol_test • http://deployingradius.com/scripts/eapol_test • eapol_test • c peap-mschapv2.conf • a <radius_server> • s <secret> • M 22:44:66:00:00:00 • A <monitor_server> • check_eapauth • rad_eap_test (http://www.eduroam.cz/rad_eap_test/)

  22. Monitoring authentication at campus • Create username and password for montoring purposes • Monitoring server • radtest • and/or eapol_test • And additionally • ping latency, packet loss and opening of SSH connections

  23. Monitoring at federation level • Monitoring hierarchy • With credentials from each organisation • Results on web • Based on eapol_test • E.g. Checks every 10th minute if OK • If problems every 3rdminute

  24. Monitoring the air interface • Commercial products can be divided into three groups: • Products based on data from access points to the controllers • Products based on site survey • Solutions covering both the fixed LAN network and the air interface

  25. Access point and controller data • Cisco’s WCS • Control and monitorseveral controllers • Air interface data • Signal strength and noise levels • Channel allocation • Transmit power • AirWave’s Wireless Management Suite • multivendor environments

  26. Site survey for monitoring purposes • Lots of alternatives • Motorola’sAirDefense Mobile and SiteScanner • Airmagnet’sWiFi and VoFiAnalyzers • WildPackets’sOmniPeek • Wireshark • Wi-Spy

  27. Both LAN and air interface • Activemeasures • Attach • Authentication • DHCP-server • HTTP and FTP upload and download • VoIP-testwith MOS • Passivemeasures • Signalstrength and SNR 7signal’s Sapphire

  28. Monitoring at campuses in Finland • Access points are monitored • All known APs connected to controller • APs correctly configured • Radios on • Users per AP • Means for AP monitoring • SSH skript • perl • Airwave

  29. References and contact info • Main reference • WLAN infrastructure BPD • http://www.terena.org/campus-bp/bpd.html • Other references • Monitoring and ensuring WLAN performance • http://www.terena.org/campus-bp/reports.html • Wenche.Backman-Kamila@csc.fi

More Related