The Critical Issue of Operational Support

By Jim Geier

October 14, 2002

Don't let issues go unnoticed and degrade the performance and security of wireless LAN operations. Learn the primary components necessary for effective operational support.

On any network, especially a wireless LAN, you should plan effective operational support mechanisms to ensure that the network runs smoothly. Good operational support will improve availability, performance, security, as well as reduce costs of a wireless LAN. However, don't depend on traditional wired-based support tools. Wireless LANs offer challenges that traditional methodologies and tools aren't designed to handle.

Unforeseen Elements

Because of the use of radio waves, various conditions and events change how a wireless LANs operates compared to a wired network. For example, the presence of RF interference may cause excessive retransmissions to occur or parts of the network to become inoperable. Alterations made to the facility, such as new walls or the addition of metal storage racks, can vary the propagation of radio signals due to attenuation and causes lower performance and limited access to the network.

An unexpected increase in utilization (such as a group of wireless users participating in a video teleconference) may cause throughput issues, which can introduce delays to users. Even worse, an access point may become defective and prevent access to the network from certain parts of the facility. Inoperative access points in larger facilities have been known to go un-noticed for days, weeks, even months!

Some unseen events may compromise the security of a wireless LAN. As an example, an employee within the company may deploy a small wireless LAN without coordination from IT , causing conflicts with other operational wireless LANs. These rogue access points introduce an un-secure interface to the corporate network. A hacker may try to access network resources by intentionally installing a rogue access point to intercept sensitive information or fake a connection to a legitimate access point. In addition, somebody wanting to restrict usage of the wireless LAN could try jamming an access point with strong radio signals.

These types of problems, which occur after you deploy the network, will wreak havoc on users and IT staff unless there are tools in place to effectively support the network. You certainly can't install a wireless LAN and expect it to continually run effortlessly on its own. Be sure to consider all possible operational problems, and plan the implementation of a sound operational support system.

Implementing wireless LAN support tools

Traditional support tools are not effective toward supporting WLANs, mainly because of WLAN-related issues. For example, rogue users and access points go undetected by most wired system support tools. These tools also don't do a good job of pinpointing issues related to radio signals, such as RF interference and jamming.

With proper support tools, you can proactively uncover network characteristics before they introduce serious problems. The increase of packet retries on a particular access point, for example, could indicate RF interference in that area of the facility or collisions resulting from hidden nodes. The identification of a rogue access point can pinpoint a possible security threat. Support tools intended for wireless LANs identify and handle these types of troubles.

The primary features found in wireless LAN support tools, from companies such as AirWave, Symbol , and WaveLink, focus on the monitoring and configuration of access points and client devices. The use of these tools certainly shouldn't preclude the use of your existing enterprise management systems. Choose wireless LAN tools that augment existing capabilities and interface with your present support mechanisms.

Monitoring the Network

Monitoring requires periodically examining each access point and user and provides complete visibility of all network devices, including connectivity status, availability, performance attributes, and security settings. For example, AirWave offers an AirMapping module that creates a map of the enterprise network. It indicates possible channel interference and environmental factors that impact performance.

In most cases, you can set polling intervals in support tools to gather just enough information from specific wireless devices. The problem with monitoring, however, is that it introduces overhead on the network, which lowers throughput. Too much monitoring can have negative consequences. So, use monitoring sparingly.

Most operational support tools have user-definable triggers that will automatically alert IT staff via a console, e-mail, or pager if problems are found. For example, support software may poll an access point if no beacons from that particular access point are heard over a specific period of time. If the software polls the access point and finds it to be inoperative, the support software will trigger an alert. The software can generate a similar alert if it finds that an access point's configuration parameters don't match security policies, which likely means it's a rogue access point.

Configuration Management

Most wireless LAN support tools enable IT staff to remotely control multi-vendor access points, providing access to security settings, RF channel settings, service set identifier (SSID ), power-over-Ethernet (PoE) control, and network configurations. IT staff can use a centralized console to perform configuration settings, instead of interfacing with each access point separately. This certainly saves time and money.

Some support tools will configure new access points automatically when they are found and make certain that current access points comply with security policies. This ensures all access points are set the same, which improves security. For example, the support software may discover if a particular access point has been reset (possibly by a hacker). This situation is critical because the access point may be operating with factory default settings, which generally doesn't include any form of security. Soon after discovery of the corrupt access point, the support software will automatically reinstate the proper settings. This ensures that the hacker won't be able to use it as a non-secure entry point to the corporate network.

Periodically the IT staff should update firmware to make sure that each access point and user is taking advantage of the most current performance, interoperability, and security enhancements made available by the vendor. The traditional method for updating firmware is to manually upgrade each client device and access point individually in order to flash in the new firmware changes. Some IT organizations will avoid making upgrades because of the labor involved. Most wireless LAN support tools, however, have centralized firmware update mechanisms that you can schedule to occur automatically. This significantly reduces the time and money necessary to update firmware throughout the wireless LAN.

Don't underestimate the issues that may arise after you install a wireless LAN. As part of your deployment plan, define effective operational support by choosing tools that counter possible contingencies. Don't let unforeseen issues ruin your day.

Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs (SAMs, 2001), and produces computer-based training courses covering wireless LANs topics.

Join Jim for discussions as he answers questions in the 802.11 Planet Forums.

802.11 Planet Conference Wondering how best to monitor your Wireless LAN? Join us at the 802.11 Planet Conference & Expo, Dec. 3-5 in Santa Clara, CA. One of our sessions will cover WLAN Management: Taming the Unwired Beast.

Originally published on .

Comment and Contribute
(Maximum characters: 1200). You have
characters left.