Tag Archives: 802.11r

Thoughts After Passing the CWSP PW0-204 Exam

After putting it off until the very last moment, I finally wrote and passed the Certified Wireless Security Professional (CWSP) PW0-204 exam. This was important since it had been almost 3 years since I passed the CWSP (PW0-200) exam and my credentials were set to expire on the 25th of June. Crisis averted! With the exam out of the way, I thought it would be worthwhile to share some thoughts on my experiences while preparing for it.

In no specific order, here are a few things I found very interesting about my time studying for PW0-204: 

  1. Wireless security was much less complicated 3 years ago. When I took the PW0-200 exam, I didn’t have to know anything about 802.11n, 802.11k, 802.11w, or 802.11r. All of these, now ratified, IEEE standard amendments come with their own set of additional security settings and concerns that must be taken into consideration when securing a WLAN. Continuing to educate yourself and staying on top of the latest industry developments is the easiest way to ensure that a certification’s body of knowledge doesn’t leave you behind.
  2. Experience in the field helps immensely with this exam. When I first wrote the PW0-200 exam, 3 years ago, I had a great interest in the subject but very little real-world WLAN experience. This time around, after living and breathing WLANs for 3 years, I found I was able to quickly skim or review a lot of the CWSP Study Guide since I deal with 802.1X/EAP, PKI, and WIDS/WIPS solutions quite frequently in my role as a security consultant. In my opinion, the CWSP certification is a great example of an exam that goes beyond ‘textbook studying’ and really tries to incorporate lessons that can only truly be learned through hands-on experience. Certifications like that rock because they signify practical/useful knowledge instead of just the ability to memorize answers for a test.
Next Step

Keeping my existing CWNA and CWSP credentials was just stop number one on this journey. With that out of the way, I’m now beginning my assault on the Certified Wireless Network Expert (CWNE) designation. Last time I check there were less than 100 CWNEs globally so it’s definitely going to be a challenge. I have to pass both the CWDP and CWAP exams first. Wish me luck and I look forward to posting my thoughts and insights on my next exam this summer.

Dan C.

 

Customers May Always Be Right but Clients Are Often Wrong

That’s right, you read the title correctly. This blog post is all about how many of the clients I have dealt with in the past few years have been the source of countless headaches and hours of frustration. Of course, in this case, I am referring to wireless clients such as laptops, smartphones, and handheld scanners. You didn’t think I was actually referring to people did you?

Designing, implementing, and securing wireless networks can be both rewarding and frustrating at the same time. On one hand, each engagement gives me the opportunity to help an organization experience the awesomeness that is mobility. On the other hand, there is a moment in almost every deployment where I end up scratching my head and saying: “Well that doesn’t make any sense”. The latter of the two situations usually results in large amounts of research, troubleshooting, tweaking, and testing to determine the cause of the issue and resolve it. More often than not, the source of the issue is the wireless client’s supplicant or drivers and not the configuration of the WLAN itself.

Wireless client vendors and software designers have a lot of latitude in the way they design their products to interact with a WLAN. It’s because of this design latitude that we end up with some pretty interesting WLAN connectivity and performance issues. In no specific order, here a few issues for which you might want to start your investigations at the client level instead of jumping right into tweaking your WLAN configuration:

Loss of connectivity when roaming between access points

Your first impulse might be to conclude that you don’t have a strong enough signal and start dropping in additional access points. While this could actually be the case, it is just as likely that the issue lies with the capabilities, or lack thereof, on your wireless client. It’s up to the client to decide when it is time to roam to another access point. Some will roam more aggressively than others and some tend to ‘stick’ to an access point for much longer than they should. To make matters worse, there are latency issues introduced during roaming depending on if the client is using PSK or 802.1X/EAP. You should spend some time researching and testing your client capabilities to ensure that you take latency and roaming requirements into consideration when designing your WLAN. Additional research subjects: Opportunistic Key Caching (OKC), 802.11r-2008, 802.11k-2008

Random loss of connectivity

This is a tough one. When your clients are randomly dropping their connections, you could have any number of issues at play. Some questions you might ask are: Is it happening to just a single client or all clients? If it is happening to a few clients, are they the same hardware and software versions? I’ve been involved in quite a few engagements where the final solution to this particular issue was simply to upgrade the wireless drivers and/or supplicant being used on the client. For some reason, wireless drivers never seem to be included in any kind of regular update cycle. Maybe it is time to start thinking about changing that?

“I feel the need for speed”

You’ve got your new whiz-bang, 802.11n, faster-than-light WLAN deployed but your wireless clients just don’t seem to achieve the speeds you thought they would. You’ve inspected the specs and your card is definitely an 802.11n-capable card. So what is the problem? First, ask yourself: Are all clients under-performing or just some of them? If all clients are under-performing then you might actually have some issues on the WLAN/LAN side to work out. However, if it is only some clients that leave you completely underwhelmed then you might need to dig a little deeper to see what your clients are actually capable of. Not all 802.11n clients are built equally. Some can only do a single spatial stream, some can do two, and newer clients can do three. Some might have issues with packet aggregation, block ACKs or channel bonding. All of these factors will have an impact on the connection rate and actual throughput you experience. Your client might actually be performing incredibly well and you are just pushing it too hard like an overbearing parent at a little league game. A good place to find out what your client is actually capable of is the Wi-Fi Alliance’s Certified Product Database.

There are many more examples that could be given but I think you get the point. WLAN connectivity and performance issues are quite commonly caused at the client end of the connection and not on the infrastructure side. We spend so much time planning and configuring the WLAN infrastructure that we sometimes forget that clients are a big piece of the WLAN puzzle. It’s as true for WLANs as it is in business: spending the time to fully understand your client is never a waste of time.

Dan C.

Have a question, comment, or something to add? Please feel welcome to leave a note in the comments section below.