|J. Scott Haugdahl|
With "big iron" vendors like Cisco and Nortel setting the trend of fully integrating WLANs into the enterprise LAN, IT engineers are feeling the need for analysis tools that also span both realms with appropriate feature sets. This need is being driven by the evolving complexity of WLANs as well as the heightened security exposure in today's LANs.
Users who have invested in stand-alone WLAN tools for site surveys, intrusion detection, and network analysis, can only cover the wireless side of the network and must switch to a different tool set when troubleshooting LAN traffic. In contrast, LAN/WLAN analyzers minimize duplication of effort and training requirements. However, analyzers that work on both types of networks must incorporate several key features such as comprehensive seven-layer decodes, a robust expert system for both the LAN and WLAN, and the ability to decrypt WEP and WPA when necessary. In addition, WAN/LAN analyzers should provide remote engines with embedded expert systems,
The best candidates for WAN/LAN analyzers are those that have a long-term and proven track record for Ethernet. By starting with a well-known LAN tool, users need not learn a new GUI nor expert system when crossing from LAN to WLAN. The common interface also unifies and integrates the troubleshooting, much like Cisco's Structured Wireless-Aware Network (SWAN) integrates LAN and WLAN configuration and security.
To further boost productivity, console-based analysis systems can extend the reach of the distributed expert system probes without having to transfer any captured packets across the network in order to observe expert events on any given LAN or WLAN segment. This provides a very scalable analysis solution because data is crunched in parallel on a distributed basis rather than at a central console, and massive amounts of packets can be continuously captured and saved at the probes, providing fault-tolerant distributed storage. Such systems also provide the ability to transfer traces for off-site analysis should the need arise.
A unified analysis console should also have the ability to capture packets locally. This way, the analyst has the ability to move around and capture on demand in wiring closets, at end user desktops (for VoIP users, Cisco SIP phones provide a very handy hub tap in every phone), and so forth, while still maintaining a view into a probe at the other end, such as one connected to a SPAN port in the data center for simultaneous monitoring on the server side.
To facilitate such mobility, users should avoid probes that must be preconfigured to communicate with only one particular console IP address. Instead, they should choose a "mobile console" architecture that allows any console to attach to any probe, given the proper encrypted authentication credentials, along with profiles to control probe permissions. Any data that does leave the probe (such as statistics or packet captures) should be both encrypted and compressed to help alleviate some of the load when transferring capture buffers and traces, while at the same time protecting their content.
Unified LAN/WLAN systems are rapidly evolving, and it's clear such systems will be essential for large WLAN deployments. Analysis systems that provide a reliable, scalable, and distributed architecture along with proven wired and wireless expert system technology are the right tools for maximizing productivity and troubleshooting response times in such environments.
Scott Haugdahl is the chief technology officer at WildPackets where he developed the expert system for the AiroPeek NX 802.11 wireless analyzer. He has more then 20 years of experience in the networking industry, is author of the book "Network Analysis and Troubleshooting," has taught numerous workshops, founded Net3 Group to develop expert system technology and tools subsequently acquired by WildPackets, and wrote numerous columns chronicling his troubleshooting experiences. Mr. Haugdahl holds a bachelors degree in computer science from the University of Minnesota Institute of Technology.
This was first published in July 2004