By now you’ve probably heard quite a bit about the newest generation of Wi-Fi, 802.11ac. I’ll save you the gory details, just know it’s about 3x faster than 802.11n and will help to improve the capacity of your network. Jameson Blandford and I were recently guests on the No Strings Attached Show podcast with Blake Krone and Samuel Clements (Click to listen to the podcast).
I wanted to follow up the podcast with a blog to go over considerations for deploying, testing, and tuning 802.11ac.
Considerations for deploying 802.11ac
The first question you’ll want to ask yourself, is, if your switching infrastructure can handle 11ac? The answer probably is, yes. The things to consider are the port speed and power-over-Ethernet (PoE) capabilities. You’ll want the access point to have a gigabit uplink to the switch. Each 11ac access point could potentially dump several hundred megabits per second of traffic onto your wired network. It’s also not a bad idea to have 10 Gig uplinks on your access switches to distribution or your core. If you have even just a couple access points on a single access switch, you may quickly find yourself wishing you had 10 Gig uplinks.
Next you’ll need to consider how you will power the access points. If you are like the majority of our customers, you will use PoE from your switches. While 11ac access points require 802.3at (PoE+) for full functionality, the Aironet 3700 will run happily on standard 802.3af PoE. In fact, it remains 3 spatial-streams on both radios, so performance does not suffer because you have a PoE infrastructure.
Will you deploy 80 MHz channels? Read More »
Tags: 11ac, 11n, 802.11, 802.11ac, 802.11n, access point, Aironet, chanalyzer, cleanair, deploying, Enterprise, gigabit, infrastructure, macbook, metageek, mobility, network, network engineer, networking, omnipeek, performance test, performance testing, podcast, PoE+, Prime Infrastructure, spatial stream, Testing, tuning, wi-fi, wifi, wild packets, wireless, wireshark
It was about a year ago that Dr. Yannis Viniotis, Professor of the Electrical & Computer Engineering (ECE) department at North Carolina State University (NCSU), met with senior Cisco Engineers and agreed to collaborate on several small, hands-on projects with Cisco Engineers and NCSU students.
The NCSU ECE department partners with the industry as part of their Senior Design Project Program, where various vendors serve as sponsors and offer several projects for NCSU students to complete. That is also how the Cisco-NCSU collaboration started. Students get to work on real networking industry problems guided by engineers that already work in the industry. The students gain experience that can be later used in their professional lives. The Cisco engineers get to work with future engineers, mentoring and preparing them for their professional lives and solving some real world technical challenges. It is fun and educational for both sides.
Read More »
Tags: packet capture, security, TCP, wireshark
When news of Conficker surfaced I obtained a traffic sample from our botnet honeynet. I wanted to see what relevant aggregate information I could extract and see if there was any specific indication of Conficker activity. Using some lightweight tools I was able to quickly analyze my traffic sample and focus further research. I find that these high level analysis techniques lead me to ask the more interesting questions and, more importantly, come to my rescue when I’m pressed for time. Below, I share a little about how I deconstructed the traffic sample, briefly discuss visualization and turn to IPS and Global Correlation to get a bigger perspective on what was happening. Some of my colleagues here in Cisco Security Intelligence Operations (SIO) find these techniques useful so I thought I would pass them on in the hopes that others will as well. I’d like to hear from some of you on your favorite tools and tricks for this sort of sleuth work.
There are some things I should point out before delving into my traffic sample:
- I sanitized all IP addresses because the hosts in this traffic sample are Internet facing. That is, I replaced all IP addresses with a fictitious FQDN. Hosts with the domain honeynet.eg are on the honeynet and all other hosts use the network.eg domain. The hostnames are randomly selected three-letter words from CrackLib’s dictionary. My fictitious FQDNs are consistent across this post.
- Some of the xterm windows below may have a scroll bar. It’s easy to miss. Scroll down for more info.
- The honeynet has several hosts which each have multiple IP addresses. We use this to increase attack surface. Because this isn’t relevant, I normalized the traffic such that each host on my network has one and only one IP address.
Read More »
Tags: conficker, emerging threats, security, security research, tshark, wireshark