Categories
CWNP

NAV and foreign STAs

The Sybex CWAP 2011 study guide contains a gem regarding how different BSSs interact:

[with the exception of transmitter and receiver,] Any other client or AP stations within hearing range on the same channel will reset their NAV, even if they are nont members of the BSS.

Chapter 3 review questions, q.10, answer p.120

It is the first time I find it clearly stated that STAs contending through HCF or EDCA will abide to any information they can decode from received frames, regardless if they are from the same BSS or not.

This makes sense, because:

  • APs know the AID of the members of it’s BSS, but client STA don’t;
  • any STA (AP or client) does physical carrier sense SD when it decodes a preamble, and it is likely to also decode the header which contains a length field which is the time it will take to transmit the frame (in microsecs);
  • Therefore it’s logical to use a NAV if it can decode it.

Perhaps this should be put in the CWNA study guide explicitly.

Categories
CWNP

Passed CWSP certification!

Today I took the CWSP exam and passed it with 90%. It’s exactly one year after I passed CWNA and the satisfaction and sense of accomplishment is great. The original plan was to study during winter and spring 2020 in order to take the exam in April. Then the COVID19 pandemic hit and changed all our priorities.

The current exam was CWSP-206, which has an official study guide from Certitrek (authored by Badman, Bartz, Carpenter, Hill, Morgan) and an almost updated (CWSP-205) study guide from Sybex (authored by Coleman, Westcott, Harkins).

A great guide by David Coleman, David Westcott and Bryan Harkins

It’s good to study both books as the Sybex is a high quality reference guide to understand our work, and the Certitrek a more exam-oriented tool with great content, but somewhat poor editorial depth (e.g. no chapter/section navigation, no index).

How to pass an exam and have fun with Kali Linux

I did not practice or setup a lab specifically for this exam, as most of my day to day work already touched most of the topics. Keeping up to date with blogs, Twitter and webinars was very useful, see my Twitter profile @MonorailHandles for my followed profiles which are almost all wifi related.

The CWNP practice tests were very useful to gauge my level of readiness and study the finishing touch. As with CWNA, the pass threshold is 70% and having scored 90% in the exam means I overstudied and delayed: chalk it up to an astonishing year with a pandemic, african locusts swooped over Milano by high altitude winds, and an earthquake near home.

Pearson Vue’s online proctored exam worked smoothly, I sat in an empty room at my office and the absolutely bare space may have helped the experience. It’s a good alternative to the physical exam center, in both convenience and comfort.

Now to the next thing: the original plan was CWDP, but my interests and professional curiosity drive me towards CWAP. Let’s see in the next weeks.

Categories
field notes

bikewifi device cooling

Early Aygust I was surveying one of the university buildings in Milano with my colleague. A heatwave was underway with outside temperatures of 35°C and in-building 30°C. We moved by bike, carrying survey kit and spare APs in my bike bags.

The building itself is interesting: a former cinema belonging to the nearby church, later rented by our university, the cinema transformed into a 200 seats lecture hall, the above floors offices. The view on the nearby XVI century church and art nouveau buildings is wonderful.

We spent the morning surveying the building. Most of the time was used picking keys from a huge keyring and opening offices – then closing them again. After a couple of hours the tethered survey device was really hot and I didn’t want to stuff it back in the bag, even if it was turned off. So I found a creative solution:

Categories
field notes

How I learned to stop worrying and love all 5Ghz channels

Using all 5 Ghz channels available in your regulatory domain is not a choice, it’s a matter of fact. Here’s my experience.

I did a validation survey at one of our remote sites. The survey data showed severe co-channel interference almost everywhere. The site lies in open countryside and has no detectable neighboring APs: all of the APs are our own and they all transmit in the same 4 non-DFS channels as shown in the reading taken at location A on site:

The original situation at location A
Categories
tools

My Ekahau license expired during a survey

…and it took 9 days to restore it.

Two weeks ago I was doing a survey with the iPad, when my Ekahau license was suddenly suspended. I was logged out of the Survey for iPad app and lost access to all my cloud files. After 9 days the license was restored, and all has been well since. Here is my experience and lessons learned.

Categories
tools

Firts steps with Ekahau Survey for iPad

A couple of weeks ago I upgraded to Ekahau Connect and an iPad Pro for my RF surveys. I’ll write my first-hand experiences learning to use it and doing actual work.

Bottom line: get Connect and an ARK-enabled Apple device if you need to speed-up survey operations and if you (or your employer) can afford the price.

Categories
operations

Lessons from legacy 802.11n access points

Some Enterasys AP3600 ready for retirement

My colleague and I are finally completing the retirement of a legacy 802.11n deployment based on Enterasys AP3600s.

It was our university first modern wi-fi network back in 2010, based on modern hardware and latest technology (802.11n was released in 2009). In the following years a few hundred AP3600s were installed on the campus and provided the bulk of our WLAN access.

Categories
field notes

Hardware store warehouse

Some wifi spotting (or wifi watching) at a hardware and home improvement store in Milano, Italy. I went there to buy a set of TORX tamper-resistant drivers to unscrew an old AP at the office and found myself looking at the ceiling all the time.

It’s a huge warehouse about 10m high with industrial metal shelves packed full of metal hardware, tools, building materials, piping, electric gear and wood sheets. It’s open to the public and there is a perpetual flow of customers, forklifts and elevating platforms.

The company opened 4 years ago, there is a good ethernet infrastructure at every cashier desk and aisle station, but the wireless gear was hard to spot.

Many PDAs and inventory scanners, forklifts. I did not take pictures of the handheld devices because the employees might have objected. Price tags on the shelves are low-tech.

I could not identify the devices that were hanging from the ceiling, some in a structured fashion, but pointed slantly across the aisles and not along it. Perhaps because the AP mount is not stable and the devices rotate freely.

This device is oriented across the aisle, not along it
Another orientation that does not make sense, probably it’s freely rotating due to air currents, thermal movements, machinery bumping it.
Definitely perpendicular to the aisles and shelves.

Some devices were just hanging from the ceiling or the fire extinguisher piping, like jungle vine.

Here you are!
welcome to the jungle
Looks like they want to cover the whole area above the shelving
Another view of the same.

I recorded 97 BSSID with Airport Utility standing still near the cashiers. 92 BSSID were from a locally administered MAC OUI, 5 from universal OUIs. Here’s a list of the manufacturers:

00:A0:57 LANCOM LANCOM Systems GmbH
38:08:FD Silca Silca Spa
50:D4:F7 Tp-LinkT Tp-Link Technologies Co.,Ltd.
8C:34:FD HuaweiTe Huawei Technologies Co.,Ltd
02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
E2:55:7D Locally administered MAC address

The BSSIDs where evenly spread on 2.4 Ghz and 5 Ghz. The SSID list, redacted for privacy:

(hidden SSID)
CLIENT
GUEST
PDA
SESWifi
Silca-Futura_XXXX
SMARTPHONE
TP-Link_XXXX
WebPocket-XXX 

SES is a proprietary WPS solution from Cisco Linksys:

SecureEasySetup, or SES is a proprietary technology developed by Broadcom to easily set up wireless LANs with Wi-Fi Protected Access. A user presses a button on the wireless access point, then a button on the device to be set up (printer, etc.) and the wireless network is automatically set up. This technology has been succeeded by the industry-standard Wi-Fi Protected Setup.

https://en.wikipedia.org/wiki/SecureEasySetup

Silca Futura is a key cutting machinery manufacturer, so the SSID comes from the locks and safes area.

WebPocket is a 4G mobile wifi hostspot device made by Huawei.

Do you know what kind of devices/solution is behind the 92 local mac addresses? The comments are there for you.

Categories
field notes

Spotted some healthcare location services

Went to the hospital for a health check and spent the waiting time looking up to the ceiling. I spotted some RTLS devices from Centrak:

as usual, antennas are tilted randomly
What’s this? Aruba?

I did a quick scan with Airport Utility and found about 90 APs with hidden SSID and a Local mac address, plus other assorted OUIS. Here’s the OUI list:

02:18:4A Locally administered MAC address
02:18:5A Locally administered MAC address
00:A0:57 LANCOM Systems GmbH
38:08:FD Silca Spa
50:D4:F7 Tp-Link Technologies Co.,Ltd.
8C:34:FD Huawei Technologies Co.,Ltd

The locally administered Macs were broadcasting a hidden SSID, plus CLIENT, GUEST,PDA,SMARTPHONE.

The Silca OUI does not make sense here, unless it’s an access control system with intelligent door locks, the kind you operate with a keycard or a FOB.

Lancom Systems Gmbh is a network equipment manufacturer and solutions provider.

Channels in 2.4 Ghz are 1,6,11 as expected, and some 7 (what the heck?) and 9.

Channels in 5 Ghz: 36,44,64,104,112,140. Don’t know about channel width from the Airport Utility.

Categories
CWNP

CWNA study guide review

David D. Coleman, David A. Westcott
CWNA Study Guide Fifth edition, Exam CWNA-107
Sybex, 2018

This book has been my companion since I started working in my employer’s entrerprise wireless LAN in late 2018. It’s a foundation guide that gave me the right approach to wifi networking and architecture. It’s also a technical reference guide for the many situations facing a WLAN administrator during the day to day operations of designing, deploying, validating and troubleshooting an enterprise WLAN.