Planning WLAN Operational Support, Part II

By Jim Geier

In the previous instalment
of this series, we explored what you should think about regarding configuration
management of wireless LANs. Now, let’s take a look at what you should consider
when implementing network monitoring.

Network monitoring continuously measures attributes of the wireless LAN. This
plays a key role in proactively managing the network in a way that enables smooth
upsizing to support a growth of users and ability to solve issues before they
hamper performance and security. Until recently, there have not been very many
companies selling network monitoring tools for wireless LANs. There is a plethora
of vendors now, such as AirDefense, AirMagnet, Airwave, Roving Planet, WildPackets, and many others, offering
network monitoring tools that operate across multiple vendor access points.

When planning operational support for a wireless LAN, consider monitoring the
following elements:

  • Performance. Continually measure the usage of access points to provide
    valuable information necessary to properly scale the wireless LAN as user
    traffic changes. The utilization of access points acts as a gauge to
    indicate when additional access points, access controllers, and Internet bandwidth
    are necessary. In addition, network monitoring should also keep an eye on
    sources of RF interference
    and raise flags when the interference is high enough to cause significant
    degradation in throughput.
  • Coverage. Alterations made to a facility, such as addition of new
    office partitions and influx of additional employees, cause attenuation
    and make radio waves propagate differently. This causes coverage of the wireless
    LAN to change, often limiting wireless user access to the network. In extreme
    situations, an access point may become inoperative due to a broken antenna
    or firmware fault, which requires maintenance or rebooting before users are
    able to associate with the access point.

    Because most companies deploy wireless LANs having access point range
    boundaries
    that radically overlap, however, total loss of connectivity
    may not occur. Instead, users experience lower performance in certain parts
    of the facility. In this case, users tend to not complain to strongly to
    the IT group about the problem, making it tricky for network administrators
    to determine whether an access point is down. Network monitoring is certainly
    a remedy to this problem.

  • Configuration settings. When installing access points, several configuration
    parameters, such as SSID,
    RF channel, and transmit power, are set. It’s important to monitor these configuration
    settings over time. Network managers should be aware of the configuration
    of all access points in order to facilitate effective updates to the network.
    Documentation of the access point configurations can be easily lost. Monitoring
    of the configurations enables accurate, centralized records of the setting
    values.

    In addition, a hacker may attempt to reconfigure an access point to a default
    configuration that is insecure and comprises the security of the network.
    Tools should continuously monitor all of the access points in the network
    and alert the IT staff if anything strange is going on. The IT staff can
    set the performance and security thresholds at any value they wish and change
    them at any time. Some software packages also have auto-repair features,
    which automatically return the access points to their proper settings if
    someone tampers with the settings or a maintenance person reboots the access
    point due to a malfunction.

  • Rogue access points. Network monitoring should identify the presence
    of rogue access
    points
    to ensure there are no open, unprotected entry points into the
    corporate information system. This can be done by placing monitoring pods
    through out the facility to detect unauthorized access points, or monitoring
    can (ideally) be done over the Ethernet side of the network. Most vendors
    making wireless LAN management tools, such as AirDefense, AirMagnet, Airwave, and OptimumPath, include rogue access point detection.
    Vivato, a maker of a wireless LAN switch,
    takes advantage of independent beams to identify and give the approximate
    location of rogues.

If possible, a company should integrate the
network monitoring function into tools in use for monitoring the existing Ethernet
corporate network. Most access points offer simple network management protocol
(SNMP) that provides an interface to existing wired network monitoring tools.

In part III of this series next week, we’ll take a closer look at planning
the security of a wireless LAN.

Jim Geier provides independent consulting
services
to companies developing and deploying wireless network solutions.
He is the author of the book, Wireless
LANs
and offers training
focusing on wireless LANs.

News Around the Web