Wireless LAN (WLAN) products have matured greatly, morphing from autonomous fat APs to controller-managed thin APs to hybrid systems that distribute management and control. WLAN automation aims to make those management and security functions simpler, but these applications are not necessarily ready for primetime. Below are five commonly implemented automated Wi-Fi features that aim to work "auto-magically" -- but in practice don't always accomplish what you hope for.
Myth: Rogue AP detection is built into WLAN products.
Reality: Many WLAN products can detect rogue APs but still fall far short of what is necessary. Detection is triggered when beacons from nearby unknown APs are heard, either on channels used by authorized APs or when periodically scanning all channels. However, authorized APs can detect rogue APs only when they are not busy or if rogue APs are active during scheduled scans (e.g., scan nightly). Furthermore, AP-based detectors can't hear rogues on unsupported channels or bands – for example, channels 12 to 14 above the ISM band in the U.S. Most importantly, this automated feature is almost always rogue detection, not location or prevention.
What really works: For full-featured rogue detection, location and prevention, you'll need a wireless IPS that can automate policy-based wireless/wired-side traces and blocking.
Myth: Dynamic frequency selection (DFS) should always be used to eliminate channel planning.
Reality: DFS is necessary in order for APs supporting designated channels in the 5 GHz band to coexist with radar systems. When an AP using DFS detects interference, it broadcasts a channel-switch announcement, disconnects all clients, retunes to a random channel, listens 60 seconds for interference, and then accepts new clients. DFS channels vary but include 52 to 64 and 100 to 140 in the U.S. Many APs do not support DFS channels, however, while others can be configured to auto-select channels in the DFS range.
What really works: Don't confuse DFS with Dynamic or Automated Channel Selection, which are proprietary techniques that pick the "best" channel for each AP and auto-adjust for co-channel interference. Auto-selection can apply to channels outside DFS ranges (including 2.4 GHz) and may have configurable parameters, such as deferring changes when clients are active. WLANs with latency-sensitive applications like VoIP should avoid using DFS channels but can still benefit from usage-aware auto-selection.
Myth: Dual-band APs automatically migrate new clients onto 5 GHz.
Reality: Many WLANs use dual-radio APs to support legacy 802.11b/g clients at 2.4 GHz and newer 802.11a/n clients at 5 GHz. Often, the same SSIDs (WLAN names) are assigned in both bands, so that users don't have to be aware of such techie details. However, this can cause new dual-band 802.11a/g/n clients to connect at 2.4 GHz instead of 5 GHz. In fact, because signal strength drops off faster at 5 GHz, dual-band clients tend to prefer 2.4 GHz, causing 2.4 GHz congestion and 5 GHz under-utilization.
What really works: These unintended adverse consequences of dual-band APs can be avoided by enabling band steering – proprietary techniques used by APs to automatically and transparently nudge dual-band clients onto the 5 GHz band. The net effect can be greater aggregate WLAN capacity, without penalizing dual-band clients.
Myth: Airtime fairness addresses conflict between old and new 802.11 clients.
Reality: Airtime fairness is a term that refers to proprietary techniques used by WLAN vendors to measure and automatically allocate airtime to individual clients, independent of adapter type. The premise: New 802.11n clients transmit/receive N bytes faster thanks to high data rates, while old 802.11a/b/g clients require more airtime to transmit/receive the same N bytes. If everyone contends equally for transmit opportunities, older clients will consume more than their fair share of the air.
What really works: In fact, airtime fairness isn't about old and new clients – it is about fast and slow clients. Two 802.11n clients will experience the same problem when one is far from the AP, operating at a slow data rate. Airtime fairness algorithms measure airtime consumption in real time for all clients using a channel at the same priority. More transmit opportunities are then given to faster clients so that they are not penalized by slower clients. High-use WLANs with a lot of contention can reap tangible benefits from airtime fairness.
Myth: 802.11n APs use beam-forming to auto-adjust to moving clients.
Reality: Beam-forming can be used by sending devices to automatically optimize transmissions for each receiver. There are several kinds of beam-forming, however, and few products currently implement this 802.11n option, so don't expect to reap this benefit without doing your homework. Static beam-forming refers to the traditional approach of using fixed high-gain antennas to focus RF energy in desired directions. Dynamic beam-forming starts with directional antennas but automatically selects and adjusts their radiation pattern based on recent experience with each receiver. Transmit beam-forming (TxBF) is an 802.11n-standard option that uses phase shifting to emulate a directional antenna based on implicit or explicit feedback from each receiver. Both dynamic and transmit beam-forming let APs automatically improve signal-to-noise ratio for each client, but transmit beam-forming (e.g., Cisco) is very different from dynamic beam-forming (e.g., Ruckus).
What really works: Beam-forming is not widely available today and not required in 11n certified APs, but you should start learning about these complex techniques for consideration in future WLAN deployments.
Bottom line: Automation can be helpful, even essential, in wireless networks where conditions change frequently and rapidly. Just be sure that you know what your WLAN gear really does and doesn't do, so that you can get the most from these features without unwelcome surprises.
About the author:
Lisa A. Phifer is vice president of Core Competence Inc. She has been involved in the design, implementation and evaluation of data communications, internetworking, security and network management products for more than 20 years and has advised companies large and small regarding security needs, product assessment and the use of emerging technologies and best practices.