Subscribe to our RSS Feeds
Hello, this is a sample text to show how you can display a short information about you and or your blog. You can use this space to display text or image introduction or to display 468 x 60 ads and to maximize your earnings.

Wednesday, October 27, 2010

Relieving Overburdened 3G, Ruckus Rolls Out Smart Wi-Fi

Mobile network operators have long had a love-hate relationship with 802.11 wireless. Some feared revenue siphoning by Wi-Fi hotspots; others looked to Wi-Fi for 3G offload but were troubled by lack of control over unlicensed spectrum. But Ruckus Wireless believes that carriers are now starting to think differently about Wi-Fi - and have pounced upon this opportunity with a new suite of carrier-grade 802.11 products.

"All of the operators are getting creamed by over-the-top services," said Steven Glapa, Senior Director of Field Marketing at Ruckus. "Mobile device evolution and growing traffic problems are making it ever more clear to carriers that they need to use the right tool for the right job. LTE is well suited for highly-mobile users, but not small high-density wireless cells. Carriers are realizing that Wi-Fi can be a strategic weapon [to fill this need], not just a band aid."

Not your father's Wi-Fi

The challenge here is that many carriers do not consider 802.11 products designed for residential or even enterprise deployment suitable for commercial wireless service delivery on a grand scale. To meet carrier requirements for high bandwidth, real-time service-level control, and cost-effective scalability in RF-hostile outdoor environments, Ruckus leveraged its experience in the wide-area Wi-Fi service market to expand its portfolio.

  • The ZoneFlex 7731 ($1,199) is a new outdoor point-to-multipoint 5 GHz 802.11n wireless high-speed backhaul bridge. Up to 5 bridges can be deployed with up to 30 degrees apart, with single-hop throughput ranging from 60 Mbps at 12 kilometers to 180 Mbps at 1 kilometer. This bridge is designed for carriers that deploy low density wireless broadband access or for small 3G cell backhaul.
  • The ZoneFlex 7762-S ($1,999) is a new outdoor mesh 802.11n AP with a 120 degree "Smart-Sector" antenna designed to deliver 10 dB signal gain over horizontal coverage areas. For example, a carrier might use the ZF7762-S to deliver first-mile access in venues where Wi-Fi needs to reach rooftop customer premises equipment (CPE) throughout a serving area.
  • The MediaFlex 7200 (from $99) is a new series of inexpensive 2.4 GHz 802.11n CPE designed to pair well with the ZF 7762-S. Available in three models (indoor/outdoor, internal/external antennas), the ZF7200 can be mounted on a pole or wall to be used as a remotely-managed, two-SSID residential bridge or router.
  • Carriers can manage all of these products from a central location using the FlexMaster 9.0 (from $5,000), which Ruckus claims is capable of handling tens of thousands of Smart Wi-Fi network elements and hundreds of thousands of Wi-Fi clients. Features of special interest to carriers include capacity planning, SLA visibility, efficient single-dashboard drill-down trouble-shooting, and compliance reporting.

Carrier-class 802.11

These new products, available immediately, are designed to help carriers use Wi-Fi to tap service delivery opportunities, from triple-play residential services and 3G offload to first/last mile access in developing markets and managed enterprise WLANs. However, according to Glapa, carriers can't tolerate uncertainty and unlicensed spectrum makes them nervous. "They absolutely must have interference management to deliver reliable services in concrete canyons, and our adaptive antennas are ideal for this."

But carriers are not easily convinced, so Ruckus ran competitive tests to produce some compelling evidence. The company created a high-interference live test environment consisting of 191 APs in a 3,000 square meter facility to simulate the density of a metro-area like Manhattan.

When an iPhone 3G using Wi-Fi was faced with this interference, its average throughput dropped from 8.7 to 5.5 Mbps over Ruckus. "That's about 75 percent, which is not perfect, but it's pretty good when you consider that two other industry-leading APs dropped to 0.3 and 0.1 Mbps," said Glapa.

Seeing is believing, so Ruckus also intends to use customer case studies to convince potentially skeptical carriers. For example, Tikona has already deployed over 35,000 Ruckus mesh APs to deliver last-mile wireless broadband services throughout India, and plans to continue installing 1,000 new 802.11g APs on rooftops each week. Live network samples show that 80 percent of those APs are now delivering 5 Mbps or better last-mile service - despite running over a non-engineered, self-organized set of 2.4 GHz channels. Other large carrier case studies include Chilean CLEC STEL (metro-area wireless throughout Santiago) and US 4G ISP Towerstream (3G backhaul throughout Manhattan).

Many high-profile metro-area Wi-Fi projects have failed in the past. But times are changing, and 3G/4G bandwidth is increasingly scarce and expensive. Only time will tell whether carriers really are ready to rethink their relationship with Wi-Fi. But if Ruckus is right, these new carrier-grade Wi-Fi products should fare well - highly scalable, competitively priced, and attractive total cost of ownership relative to average revenue per use (ARPU).





Linux Wi-Fi: Supercharge a Buffalo

The popular DD-WRT project was initially an offshoot of the original Linksys firmware for the WRT54, but has since undergone a complete rewrite, and now uses the OpenWRT kernel. DD-WRT is a fine upgrade for your WRT54 wireless router, or any similar device under other brand names, and there are a lot of them. The current bargain is the Buffalo WHR-G54S, which can be found for under $40. This is a popular upgrade, because it turns your buggy, inflexible, inexpensive wireless router into a rock-solid routin' powerhouse, with all manner of useful services: name services, firewalling, port forwarding, RADIUS authentication, Ethernet bridging, IPv6 support, QoS, SMB/CIFS automount, and Internet access controls.

The Buffalo WHR-G54S has limited storage; only 4 megabytes of NVRAM, and 16 megabytes of system RAM. So it doesn't have room for all of the available DD-WRT options. But you get an amazing amount of functionality into this little box, and for the price it's a steal. It will serve as an Internet router and firewall for 30 or so users, provided they're not online gambling nuts or BitTorrent addicts. You could also use it as LAN router, a LAN bridge, a dedicated wireless access point, part of a wireless mesh network, or a VPN gateway.

Installation

Let's take a walk through installing the DD-WRT firmware on the Buffalo WHR-G54S, because there are some tricky bits. These directions also apply to the Buffalo WHR-HP-G54, WZR-HP-G54, and WZR-RS-G54. With a lot of these little routers you can upload new firmware using their factory Web interfaces. But the Buffalo boxes, which are based on Broadcom hardware, accept only special encrypted firmware over the Web interface. So we have to sneak DD-WRT in through the back door, which is a short interval at bootup where the Broadcom flash ROM enters a special mode that allows new firmware to be uploaded via tftp transfer.

Prerequisites
  • Make sure you have the tftp command installed
  • If any device or computer on your network has the IP address of 192.168.1.1, take it off the network or change the address, because that is the default IP address in the DD-WRT firmware
  • Make sure you have the route and ip commands available; these come with the net-tools and iproute packages

Your Buffalo router will plug into your LAN switch just like any other device. For now you want to stick with old-fashioned wired Ethernet; don't try to do this over a wireless connection. Go ahead and power it up, and point a Web browser at http://192.168.11.1. (For the WZR-RS-G54 it's 192.168.12.1.) The default login is root, with no password.

If this doesn't fit your LAN addressing, there is an easy way to get there. Use the ip command to add an address to the network interface of your PC, then add a host route:

# ip address add dev eth0 192.168.11.2
# route add -host 192.168.11.1 gw 192.168.11.2

If you have a WZR-RS-G54, use the 192.168.12.* addresses. Now you should be able to ping your router:

$ ping 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=0.633 ms

You can also run a ping test from the router; just click the System Info button to find the ping page.

All righty then, you know it works. Unplug the router's power cord, and go to the Downloads page at DD-WRT.com and download the dd-wrt.v23_mini_generic.bin file, or whatever the latest version is. Make sure it's mini_generic.bin. Change to the directory that contains the new firmware. Then run these commands:

carla@xena:~/downloads$ tftp
tftp> binary
tftp> trace
Packet tracing on.
tftp> rexmt 1
tftp> connect 192.168.11.1

Now type in the next command, but don't hit enter:

tftp> put dd-wrt.v23_mini_generic.bin

Hold the Buffalo router so you can see the green Ethernet port LEDS, which are on the back next to the ports. When it's first plugged in, all of them light up. When they all turn off except for your one connected port, hit 'enter' to execute your last tftp command. If it works, you'll see a lot of

sent DATA
received ACK
sent DATA
received ACK

Sent 2555904 bytes in 3.7 seconds
tftp>

When it's finally booted up, you'll see two green LEDs on the front panel; one for power, and a green "g" for wireless G. Now you can point your Web browser to 192.168.1.1 and be greeted by the DD-WRT control panel. If you click on any tabs you'll be asked for a login. The default is root, admin. Just like before, if this address doesn't fall into the same range as your LAN, just add a compatible address and route to your PC. Then you can log in to DD-WRT and change it.

I know, we wouldn't have to go through this silliness if it had a serial port. But it doesn't, so here we are, and be glad Linux is so flexible and capable.

Initial Setup

Naturally you'll want to change the login and password to something the whole world doesn't already know, under the Administration tab. Then you should disable Telnet and enable SSH, Administration -> Services. Don't worry about keys; just make sure the box for "Authorized Keys" is empty, including no spaces. Then configure networking under Setup -> Basic Setup.

DD-WRT includes only an NTP (Network Time Protocol) client, so you'll need a separate local NTP server. Enter the IP address of your local time server on the Administration page. Remember to use the pool.ntp.org addresses for your local time server, like this example for North America:

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

Visit www.pool.ntp.org for information for other zones.

Package Management

With the minimal installation, you'll have a bit less than one megabyte of space to install additional applications. But install them you can with ipkg. First turn on JFFS, the Journaling Flash File System, on the Administration page. Check both "Enable JFFS2" and "Clean JFFS2". Then click the "Save Settings" button, and the router will reboot. Once it's back up, ssh in and see what ipkg can do:

carla@xena:~$ ssh root@192.168.1.1 ~ # df -h Filesystem             
Size Used Available Use% Mounted on /dev/root 1.9M 1.9M
0 100% / /dev/mtdblock/4 1.3M 324.0k 956.0k 25% /jffs

OK, you have a little room to play with. Run ipkg with no options to get a list of commands:

~ # ipkg

Now you can generate and view a package list:

~ # ipkg update
~ # ipkg list

And that's as far we go today. Come back soon to learn some advanced DD-WRT tips and tricks.



Broadcom's On Board With Linux. Who's Next?

Though they might not have admitted it in public at the time, Linux advocates spent a large of the last decade grumbling about poor support for wireless networking devices. A big source of their discontent was Wi-Fi chip maker Broadcom, which produced a lot of the mobile chipsets and never got around to releasing Linux drivers for its wares.

Now, however, Broadcom has begun to release Linux drivers licensed liberally enough for distribution with the Linux kernel. Besides making life easier for Linux laptop users, Enterprise Networking Planet columnist Brian Proffitt suggests that holdout manufacturers might start seeing the sense of broadening their own support of Linux.

Looking forward, the ease-of-use benefits will make it easier for Linux to be shipped as an OEM platform, and installed post-market by technology adopters. More importantly, having a major hardware vendor like Broadcom take a look at Linux and decide to invest the time and effort in creating a Linux driver should mean that other hardware vendors sitting on the fence regarding a Linux driver for their own offerings may come to the conclusion that Linux is something they can no longer ignore.

They may have come to that conclusion already. The success of the Android operating system has pushed a lot of vendors (including Broadcom) to create drivers for Android devices. The BCM4319 and BCM4329 SDIO chipsets were already supported on Android, which is close enough to Linux to get support for those devices into Android's predecessor. As Android shows up on more devices, you can expect to see more Linux-ready hardware drivers appearing in the near future.

Linux will also be collecting drivers on its own merits, I would expect. Whatever the tipping point was for Broadcom to release this driver, I have a hard time believing other vendors won't be following suit quickly, especially given how resistant to Linux Broadcom has been in the past.

It is, after all, just one driver among many, and there are indeed many more drivers needed. But Broadcom may the the leader of a driver rush for Linux, which is something the operating system has needed for a long time



Blade Network Technologies Supporting 40 GbE Switches

The move toward 40 Gigabit Ethernet (GbE) networks is accelerating this week with the release of a new switching platform from Blade Network Technologies.

The new RackSwitch G8264 delivers up to 1.28 terabits of non-blocking throughput, and includes up to four 40 GbE ports and 64 10 GbE ports. The new Blade switch comes as the company is set to be acquired by IBM in a deal that is expected to close by the end of the year. Blade was set up in 2006 as a spinoff of the now-bankrupt Nortel Networks.

"40 GbE has been too pricey to bring into the data center, until now," . "This will enable massive adoption of not only 40 GbE, but also will help adoption of 10 GbE as well."

Tuchler explained that enterprises have been complaining that network uplinks at 10 GbE doesn't work if they are connecting all their servers at 10 GbE, as they need more upstream bandwidth. In response, Blade is incorporating four Quad Small Form-factor Pluggable (QFSP+) ports for 40 GbE uplinks on the RackSwitch G8264. The 40 GbE standard was ratified in June of this year alongside a 100 GbE standard for core network routing traffic.

Tuchler noted that while 40 GbE makes sense for the uplink side of switches, it doesn't yet have a place for server-side connectivity.

"I think that the server-side internal structures including the PCI bus aren't quite fast enough yet," he said. "The mainstream is using 10 GbE for servers now."

Virtualization

With the RackSwitch G8264, Blade is also delivering its VMready virtualization technology for virtual machine mobility across network infrastructure. With VMready, the company is delivering something similar to the IEEE 802.1Qbg Edge Virtual Bridging standard, which is still under development.

"The main intent behind the 802.1Qbg is to allow virtual machine traffic to have the right port profiles follow virtual machines as they move across the network," Tuchler said. "VMready has a structure that is very similar to what is emerging in 802.1Qbg."

Tuchler explained that VMready is complementary to what VMware does today with its vMotion virtual server mobility technology.

"VMready is the network equivalent of vMotion," Tuchler said. "So as vMotion moves virtual machines from one server to another, we do the network equivalent and move all the port policies across, so when the virtual machine comes up on a new server it has all the right security and network settings, so the application keeps working."

Linux-powered OS

Sitting underneath the RackSwitch G8264 is the Blade OS operating system, which has its roots in Linux. Blade is not alone in using Linux as the underlying base for its networking operating system. Alcatel-Lucent, for instance, recently moved its AOS operating system to a Linux base as well.

With IBM's move to acquire Blade set to close by the end of the year, Tuchler was unable to comment about any roadmap changes that might occur, though he stressed that the two companies already share a lot in common.

"IBM's view and Blade's view of the data center are similar and there is a lot of alignment in what we see as the challenges in the data center," he said. "That was probably a driving reason behind the acquisition, anything more than that I can't comment until after the close."

Monday, October 4, 2010

Wireless Transmitters

A transmitter is an electronic device which, usually with the aid of an antenna, propagates an electromagnetic signal such as radio, television, or other telecommunications.

Transmitter types

Generally in communication and information processing, a transmitter is any object (source) which sends information to an observer (receiver). When used in this more general sense, vocal cords may also be considered an example of a transmitter.

In radio electronics and broadcasting, a transmitter usually has a power supply, an oscillator, a modulator, and amplifiers for audio frequency (AF) and radio frequency (RF). The modulator is the device which piggybacks (or modulates) the signal information onto the carrier frequency, which is then broadcast. Sometimes a device (for example, a cell phone) contains both a transmitter and a radio receiver, with the combined unit referred to as a transceiver. In amateur radio, a transmitter can be a separate piece of electronic gear or a subset of a transceiver, and often referred to using an abbreviated form; "XMTR". In most parts of the world, use of transmitters is strictly controlled by laws since the potential for dangerous interference (for example to emergency communications) is considerable. In consumer electronics, a common device is a Personal FM transmitter, a very low power transmitter generally designed to take a simple audio source like an iPod, CD player, etc. and transmit it a few feet to a standard FM radio receiver. Most personal FM transmitters in the United States fall under Part 15 of the Federal Communications Commission (FCC) regulations to avoid any user licensing requirements.

In industrial process control, a "transmitter" is any device which converts measurements from a sensor into a signal, conditions it, to be received, usually sent via wires, by some display or control device located a distance away. Typically in process control applications the "transmitter" will output an analog 4-20 mA current loop or digital protocol to represent a measured variable within a range. For example, a pressure transmitter might use 4 mA as a representation for 50 psig of pressure and 20 mA as 1000 psig of pressure and any value in between proportionately ranged between 50 and 1000 psig. (A 0-4 mA signal indicates a system error.) Older technology transmitters used pneumatic pressure typically ranged between 3 to 15 psig (20 to 100 kPa) to represent a process variable.

Broadcast transmitters

History

In the early days of radio engineering, radio frequency energy was generated using arcs known as Alexanderson alternator or mechanical alternators (of which a rare example survives at the SAQ transmitter in Grimeton, Sweden). In the 1920s electronic transmitters, based on vacuum tubes, began to be used.

Frequency Control

Power output

In broadcasting and telecommunication, the part which contains the oscillator, modulator, and sometimes audio processor, is called the "exciter". Most transmitters use heterodyne principle, so they also have a frequency conversion units. Confusingly, the high-power amplifier which the exciter then feeds into is often called the "transmitter" by broadcast engineers. The final output is given as transmitter power output (TPO), although this is not what most stations are rated by.

Effective radiated power (ERP) is used when calculating station coverage, even for most non-broadcast stations. It is the TPO, minus any attenuation or radiated loss in the line to the antenna, multiplied by the gain (magnification) which the antenna provides toward the horizon. This antenna gain is important, because achieving a desired signal strength without it would result in an enormous electric utility bill for the transmitter, and a prohibitively expensive transmitter. For most large stations in the VHF- and UHF-range, the transmitter power is no more than 20% of the ERP.

For VLF, LF, MF and HF the ERP is typically not determined separately. In most cases the transmission power found in lists of transmitters is the value for the output of the transmitter. This is only correct for omnidirectional aerials with a length of a quarter wavelength or shorter. For other aerial types there are gain factors, which can reach values until 50 for shortwave directional beams in the direction of maximum beam intensity.

Since some authors take account of gain factors of aerials of transmitters for frequencies below 30 MHz and others not, there are often discrepancies of the values of transmitted powers.

Power supply

Transmitters are sometimes fed from a higher voltage level of the power supply grid than necessary in order to improve security of supply. For example, the Allouis, Konstantynow and Roumoules transmitters are fed from the high-voltage network (110 kV in Alouis and Konstantynow, 150 kV in Roumoules) even though a power supply from the medium-voltage level of the power grid (about 20 kV) would be able to deliver enough power.

Cooling of final stages

Low-power transmitters do not require special cooling equipment. Modern transmitters can be incredibly efficient, with efficiencies exceeding 98 percent. However, a broadcast transmitter with a megawatt power stage transferring 98% of that into the antenna can also be viewed as a 20 kilowatt electric heater.

For medium-power transmitters, up to a few hundred watts, air cooling with fans is used. At power levels over a few kilowatts, the output stage is cooled by a forced liquid cooling system analogous to an automobile cooling system. Since the coolant directly touches the high-voltage anodes of the tubes, only distilled, deionised water or a special dielectric coolant can be used in the cooling circuit. This high-purity coolant is in turn cooled by a heat exchanger, where the second cooling circuit can use water of ordinary quality because it is not in contact with energized parts. Very-high-power tubes of small physical size may use evaporative cooling by water in contact with the anode. The production of steam allows a high heat flow in a small space.

Protection equipment

The high voltages used in high power transmitters (up to 40 kV) require extensive protection equipment. Also, transmitters are exposed to damage from lightning. Transmitters may be damaged if operated without an antenna, so protection circuits must detect the loss of the antenna and switch off the transmitter immediately. Tube-based transmitters must have power applied in the proper sequence, with the filament voltage applied before the anode voltage, otherwise the tubes can be damaged. The output stage must be monitored for standing waves, which indicate that generated power is not being radiated but instead is being reflected back into the transmitter.

Lightning protection is required between the transmitter and antenna. This consists of spark gaps and gas-filled surge arresters to limit the voltage that appears on the transmitter terminals. The control instrument that measures the voltage standing-wave ratio switches the transmitter off briefly if a higher voltage standing-wave ratio is detected after a lightning strike, as the reflections are probably due to lightning damage. If this does not succeed after several attempts, the antenna may be damaged and the transmitter should remain switched off. In some transmitting plants UV detectors are fitted in critical places, to switch off the transmitter if an arc is detected. The operating voltages, modulation factor, frequency and other transmitter parameters are monitored for protection and diagnostic purposes, and may be displayed locally and/or at a remote control room.

Building

A commercial transmitter site will usually have a control building to shelter the transmitter components and control devices. This is usually a purely functional building, which may contain apparatus for both radio and television transmitters. To reduce transmission line loss the transmitter building is usually immediately adjacent to the antenna for VHF and UHF sites, but for lower frequencies it may be desirable to have a distance of a few score or several hundred metres between the building and the antenna. Some transmitting towers have enclosures built into the tower to house radio relay link transmitters or other, relatively low-power transmitters. A few transmitter buildings may include limited broadcasting facilities to allow a station to use the building as a backup studio in case of incapacitation of the main facility.

Legal and regulatory aspects

Since radio waves go over borders, international agreements control radio transmissions. In European countries like Germany often the national Post Office is the regulating authority. In the United States broadcast and industrial transmitters are regulated by the Federal Communications Commission (FCC). In Canada technical aspects of broadcast and radio transmitters are controlled by Industry Canada, but broadcast content is regulated separately by the Canadian Radio-television and Telecommunications Commission (CRTC). In Australia transmitters, spectrum, and content are controlled by the Australian Communications and Media Authority (ACMA). The International Telecommunication Union (ITU) helps managing the radio-frequency spectrum internationally.

Planning

As in any costly project, the planning of a high power transmitter site requires great care. This begins with the location. A minimum distance, which depends on the transmitter frequency, transmitter power, and the design of the transmitting antennas, is required to protect people from the radio frequency energy. Antenna towers are often very tall and therefore flight paths must be evaluated. Sufficient electric power must be available for high power transmitters. Transmitters for long and medium wave require good grounding and soil of high electrical conductivity. Locations at the sea or in river valleys are ideal, but the flood danger must be considered. Transmitters for UHF are best on high mountains to improve the range (see radio propagation). The antenna pattern must be considered because it is costly to change the pattern of a long-wave or medium-wave antenna.

Transmitting antennas for long and medium wave are usually implemented as a mast radiator. Similar antennas with smaller dimensions are used also for short wave transmitters, if these send in the round spray enterprise. For arranging radiation at free standing steel towers fastened planar arrays are used. Radio towers for UHF and TV transmitters can be implemented in principle as grounded constructions. Towers may be steel lattice masts or reinforced concrete towers with antennas mounted at the top. Some transmitting towers for UHF have high-altitude operating rooms and/or facilities such as restaurants and observation platforms, which are accessible by elevator. Such towers are usually called TV tower. For microwaves one frequently uses parabolic antennas. These can be set up for applications of radio relay links on transmitting towers for FM to special platforms. For the program passing on of television satellites and the funkkontakt to space vehicles large parabolic antennas with diameters of 3 to 100 meters are necessary. These plants, which can be used if necessary also as radio telescope, are established on free standing constructions, whereby there are also numerous special designs, like the radio telescope in Arecibo.

Just as important as the planning of the construction and location of the transmitter is how its output fits in with existing transmissions. Two transmitters cannot broadcast on the same frequency in the same area as this would cause co-channel interference. For a good example of how the channel planners have dovetailed different transmitters' outputs see Crystal Palace UHF TV channel allocations. This reference also provides a good example of a grouped transmitter, in this case an A group. That is, all of its output is within the bottom third of the UK UHF television broadcast band. The other two groups (B and C/D) utilise the middle and top third of the band, see graph. By replicating this grouping across the country (using different groups for adjacent transmitters), co-channel interference can be minimised, and in addition, those in marginal reception areas can use more efficient grouped receiving antennas. Unfortunately, in the UK, this carefully planned system has had to be compromised with the advent of digital broadcasting which (during the changeover period at least) requires yet more channel space, and consequently the additional digital broadcast channels cannot always be fitted within the transmitter's existing group. Thus many UK transmitters have become "wideband" with the consequent need for replacement of receiving antennas (see external links). Once the Digital Switch Over (DSO) occurs the plan is that most transmitters will revert to their original groups, source Ofcom July 2007.

Further complication arises when adjacent transmitters have to transmit on the same frequency and under these circumstances the broadcast radiation patterns are attenuated in the relevant direction(s). A good example of this is in the United Kingdom, where the Waltham transmitting station broadcasts at high power on the same frequencies as the Sandy Heath transmitting station's high power transmissions, with the two being only 50 miles apart. Thus Waltham's antenna array does not broadcast these two channels in the direction of Sandy Heath and vice versa.

Where a particular service needs to have wide coverage, this is usually achieved by using multiple transmitters at different locations. Usually, these transmitters will operate at different frequencies to avoid interference where coverage overlaps. Examples include national broadcasting networks and cellular networks. In the latter, frequency switching is automatically done by the receiver as necessary, in the former, manual retuning is more common (though the Radio Data System is an example of automatic frequency switching in broadcast networks). Another system for extending coverage using multiple transmitters is quasi-synchronous transmission, but this is rarely used nowadays.

Main and relay (repeater) transmitters

Transmitting stations are usually either classified as main stations or relay stations (also known as repeaters, translators or sometimes "transposers".)

Main stations are defined as those that generate their own modulated output signal from a baseband (unmodulated) input. Usually main stations operate at high power and cover large areas.

Relay stations (translators) take an already modulated input signal, usually by direct reception of a parent station off the air, and simply rebroadcast it on another frequency. Usually relay stations operate at medium or low power, and are used to fill in pockets of poor reception within, or at the fringe of, the service area of a parent main station.

Note that a main station may also take its input signal directly off-air from another station, however this signal would be fully demodulated to baseband first, processed, and then remodulated for transmission.

Transmitters in culture

Some cities in Europe, like Mühlacker, Ismaning, Langenberg, Kalundborg, Hörby and Allouis became famous as sites of powerful transmitters. For example, Goliath transmitter was a VLF transmitter of the German Navy during World War II located near Kalbe an der Milde in Saxony-Anhalt, Germany. Some transmitting towers like the radio tower Berlin or the TV tower Stuttgart have become landmarks of cities. Many transmitting plants have very high radio towers that are masterpieces of engineering.

Having the tallest building in the world, the nation, the state/province/prefecture, city, etc., has often been considered something to brag about. Often, builders of high-rise buildings have used transmitter antennas to lay claim to having the tallest building. A historic example was the "tallest building" feud between the Chrysler Building and the Empire State Building in New York, New York.

Some towers have an observation deck accessible to tourists. An example is the Ostankino Tower in Moscow, which was completed in 1967 on the 50th anniversary of the October Revolution to demonstrate the technical abilities of the Soviet Union. As very tall radio towers of any construction type are prominent landmarks, requiring careful planning and construction, and high-power transmitters especially in the long- and medium-wave ranges can be received over long distances, such facilities were often mentioned in propaganda. Other examples were the Deutschlandsender Herzberg/Elster and the Warsaw Radio Mast.

KVLY-TV's tower located near Blanchard, North Dakota was the tallest artificial structure in the world when it was completed in 1963. It was surpassed in 1974 by the Warszawa radio mast, but regained its title when the latter collapsed in 1991. It was surpassed by the Burj Khalifa skyscraper in early 2009, but the KVLY-TV mast is still the tallest transmitter.

Records

  • Tallest radio/television mast:
    • 1974–1991: Konstantynow for 2000 kW longwave transmitter, 646.38 m (2120 ft 8 in)
    • 1963–1974 and since 1991: KVLY Tower, 2,063 ft (628.8 m)
  • Highest power:
    • Longwave, Taldom transmitter, 2500 kW
    • Medium wave, Bolshakovo transmitter, 2500 kW
  • Highest transmission sites (Europe):
    • FM Pic du Aigu in Chamonix
    • MW Pic Blanc in Andorra

Wednesday, September 22, 2010

Convert Wireless Routers into Access Points

Don't throw out your old 802.11g gear just yet. Though 802.11n provides faster speeds and longer range, your aged legacy equipment can still serve a purpose.

As we'll discuss in this tutorial, old wireless routers can be turned into access points (APs); they can help increase the Wi-Fi footprint even more. Plus they might even help increase the performance of the 802.11n connections on your network.

Wireless Routers and APs Aren't the Same

Before going further, it's important to understand the difference between a wireless router and an AP. First off, wireless routers contain an AP. In addition to the AP functionality, a wireless router provides the routing between clients and the Internet. This makes it possible for multiple computers to access one big network, the Internet. Secondly, routers have a DHCP server. This server gives each client an IP address, which is required for network connectivity. Without the routing and DHCP features, a wireless router would simply be an AP; if a wireless router didn't have an AP, it would just be a wired router.

On most networks, only one router is needed. Then to extend the wireless coverage, APs can be plugged into the router or switches. These APs aren't as "smart." They only provide Wi-Fi access; the router still does most of the network management.

Get Additional Coverage And/or Separate the 802.11G Clients

After we do the magic, we'll plug the old wireless router into the new one, to serve as another AP. Then if the old router is properly placed (by running an Ethernet cable), it can nearly double the coverage area provided by the new router. Of course, 802.11n clients that connect to the 802.11g router won't run at 11n rates of speed and performance, but the old router is earning its keep by providing "free coverage."

There's a small catch the other way though; it's better that the 802.11g clients only connect to the 802.11g router. When they connect to 11n routers, the performance of the n clients is negatively effected. However, again, the additional coverage is better than nothing, even just for the old clients.

You can still benefit from keeping your old gear if you don't have a long Ethernet cable or you don't want to run it through the building. Even if the old router is placed close to the new one and it doesn't provide additional coverage, it can still serve as the AP for the 802.11g clients. This way the new router can be set to only allow 802.11n connections, so the old clients won't connect and degrade the performance.

Performing the Conversion

In addition to changing general settings, turning a wireless router into an access point consists of disabling its DHCP server and hooking it up to the new router correctly. Start by configuring the general settings. Plug in the old router (but don't connect it to the new router yet) and log into the Web-based configuration utility by typing its IP address into a Web browser. Then at least configure the following settings:

  • IP Address: Change the IP address to be within the subnet of the new router. For example, if the new router's IP is 192.168.0.1, the old router could be set to 192.168.0.2.
  • Channel: Change the channel to one of the three non-overlapping channels, 1, 6, or 11, while making sure any coexisting or overlapping routers or APs aren't set to the same channel.
  • SSID: Typically, all the APs of a network should have the same SSID, so roaming works when clients move around and change APs. However, if roaming isn't crucial, think about setting the old 802.11g router to a different network name. This can help the users distinguish between the g and n access; especially useful if performance is important.
  • Security: Remember to set up encryption, preferably WPA or WPA2, on all the wireless routers and APs.

To turn off the DHCP server, find the DHCP settings, usually on the main or network tab. There should be a check box or something similar to toggle the server on and off; disable it. Then make sure to save the changes.

When the configuration is done, put the old router in place. Then connect an Ethernet cable between them, plugging into the regular Ethernet ports of each. Do not connect it to the old router's Internet/WAN port.

Conversion Complete

We did it; now we should have greater coverage area and/or performance. We disabled the routing features of the old wireless router, turning it into a basic AP. If there are more old routers lying around, consider other projects, too. The DD-WRT replacement firmware, for example, has a repeater feature and CoovaAP includes hotspot features.


Tuesday, September 14, 2010

Top 10 basic wireless security practices

Wireless security is a hot topic these days, and different advice abounds. Here's a short checklist to make sure you have the basics covered:

  1. Use vendor-supplied security -- Since the capabilities of each wireless router/access point/bridge differ from brand to brand, it's best to get the vendor's recommendation on the best security options for their devices


  2. Change the default admin password of your wireless router/access point/bridge -- Once a potential attacker detects a wireless network, this is one of the easiest ways to further compromise it.


  3. Turn down the power -- Some vendor's wireless router/access point/bridge's offer the option of changing the power settings so that your wireless network is not broadcasting its signal farther than you really need it to.


  4. Use Media Access Control (MAC) address filtering and Wired Equivalent Privacy (WEP) -- MAC address filtering will help restrict access to your home wireless network to only those users you authorize. If WEP is the only security option available on your wireless router/access point/bridge, use a key that is hard to guess and change it periodically.


  5. Consult the vendor about antenna positioning -- Different antennas radiate signal in different patterns. Check your vendor's documentation to verify optimal antenna positioning for your wireless network.

And Protection Firewall or Viruses

  1. Change SSID and, if possible, disable SSID broadcast -- Your wireless router/access point/bridge may come with a default SSID already configured. Change it as soon as you set up your wireless network. Also, some vendor's may offer the option of not broadcasting this network identifier.

  2. Keep your wireless router/access point/bridge firmware up to date -- New firmware can help resolve compatibility problems, plug security holes and provide other important fixes. Check the vendor's Web site for these updates.


  3. Use a VPN for working at home -- For enterprise users working at home, always check with your enterprise IT department or help desk for best practices regarding accessing the company network over your wireless home network. Often, virtual private network (VPN) software is required for this purpose.


  4. Keep your antivirus software up to date -- Viruses, worms and Trojans are a continuous threat. Make sure your wireless network is not a haven for these problems.


  5. Use a firewall -- Either a hardware or software firewall can help protect your computer and the rest of your network from attack.

Monday, September 13, 2010

Create a Wireless Home File Sharing Network

Introduction

A DHCP capable wireless router can be used as a wireless media 'server'. Each PC can see each other's sharable folders. Music, video and pictures can be streamed from the main PC via the router to any authorized PC/laptop etc in the house.

Steps

For a full-blown file sharing network with easy access straight from boot up, the following five steps are required:

  1. Workgroups
  2. Sharing Folders
  3. Configuring Firewalls
  4. Mapping Network Drives
  5. Customized O/S's

1. Workgroups

Configure all PC's to belong to the same workgroup. This streamlines access issues.

  • Under {Control Panel / System / Computer Name / Change} set the workgroup to a useful name like HOME_NETWORK.

2. Share Folders

To share folders you need to access the folder properties and do two things.

  • Under the Sharing tab click {SHARE THIS FOLDER}
  • Under the Sharing tab also click {PERMISSIONS} and choose the permissions level. This is only necessary if you want remote admin privileges.

You do not need to edit the properties of sub-folders, the root-folder is sufficient. For security, only share a limited number of folders and definitely no system ones.

3. Configure Firewalls

Each respective firewall must allow the other PC access to the shared folders. There are two ways:

  • Ensure that the Router DHCP setting is {AUTO}. Configure each firewall {TRUSTED NETWORKS}, or equivalent, to the private range issue eg 192.168.1.2 - 192.168.1.254
  • Ensure that the Router DHCP setting is {MANUAL}. AT each PC, under properties for {Wireless Network Connections}, click the properties for {INTERNET PROTOCOL TCP/IP}. Enter a unique IP eg 192.168.1.X where X= 2 to 254

Configure each firewall {TRUSTED NETWORKS}, or equivalent, to allow access inbound/outbound to the other PC unique IP address. This is slightly more secure from casual poking especially if X is midrange.

Important: For security reasons, ensure that you are using maximum WPA encryption on your router.

4. Mapping Network Drives

It is always handy to map a drive letter to the shared folder on another PC.

  • Open Windows Explorer
  • Under {MY NETWORK PLACES / ENTIRE NETWORK / MICROSOFT WINDOWS NETWORK} click the workgroup eg HOME_NETWORK and select the PC of interest and click the shared folder required.
  • Map that folder to a drive letter via TOOLS / MAP NETWORK DRIVE
  • If you wish you may tick the choice for {Reconnect on Logon}

5. Customized O/S's

If you have {FILE & PRINTER SERVICES} and {CLIENT FOR MICROSOFT NETWORKS} installed, then ignore the following:

Rarely, the advanced user may have deliberately installed a custom streamlined version of windows, without some services that would have merely bloated the OS.

  • Under {MY NETWORK PLACES} click the properties for {Wireless Network Connections}.
  • Select {FILE AND PRINTER SHARING FOR MICROSOFT NETWORKS} and click {INSTALL}.
  • Under {MY NETWORK PLACES} click the properties for {Wireless Network Connections}.
  • Tick the box for {FILE AND PRINTER SHARING FOR MICROSOFT NETWORKS} and click {INSTALL}.

Do similarly with {CLIENT FOR MICROSOFT NETWORKS}

When Qos are usefull

QoS is useless if you don't have programs that use it. 99.9% of the usual software doesn't use it. Practically - if you don't know you have to install it you don't need it.

Cisco Ipsec VPN

I have seen some discussion regarding IPSEC VPN's on Cisco devices. Below is a quick tutorial on Cisco IPSEC VPN's. This tutorial is written for 12.4 versions of the IOS.

When creating these connections, you must consider:

  • Crypto settings
  • ACL's
  • Outside interfaces

You can have many SA (security associations) for a crypto map, and inside of a specific SA you can have multiple peers in the list. The VPN engine will process the peers in the order they are listed. This is useful when you are using tracking objects for failover and therefore may have the remote peer coming from multiple IP addresses.

ACL's will be used to control which traffic will be forwarded through the IPSec connection. This will read as "allow all traffic on my local side to send to any local ip address at the remote side". This can be adjusted as you see fit. Assume that I am connection two class C networks via an IPSec VPN. My access list may read as:

  • 10 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

I am sure there is a way to connect when both subnets are the same using NAT; however I feel that this is bad form. In those cases where I have found that both ranges are the same, I will change one of the ranges. This can be a pain in the ass, but in the long run is a best practice.

As you can see from the sample configurations, this is a peer relationship. Regardless of speed or hardware, there is not Master or Secondary. Cisco calls these configurations Mirrors. The configurations are the same with certain variables reversed.

I cannot recommend enough; DO NOT use the SDM for this. Unless you enjoy 400 line ACL's, you will have a much more pleasurable experience creating these manually. The process is simple and very quick once you get used to it.

I hope this helps you. Please let me know if you spot any typos or mistakes that I made during the creation of this.

LEGEND

  • our_key = a key which will be used on both sides. This can be any string of characters.
  • Side_A_IP = the public IP address of Side A. This will be the ip address for the interface which has the crypto map attached to it.
  • Side_B_IP = the public IP address of Side B. This will be the ip address for the interface which has the crypto map attached to it.
  • Crypto_map_name = this is the name of the crypto map. It can be any string of characters.
  • Crypto_integer = this is an integer which attaches an ipsec connection to the crypto map.
  • ACL_To_Site_B = this is an ACL which will exist at site A to connect to site B.
  • ACL_Tp_Site_A = this is an ACL which will exist at site B to connect to site A.
  • Public_Interface = this is the public interface which the VPN will be connecting through.
  • Site_A_Internal_IP_Range = this is the internal ip range at site A. In the config i am assuming a class C.
  • Site_B_Internal_IP_Range = this is the internal ip range at site B. In the config i am assuming a class C.
EXAMPLE Side A 
Crypto isakmp policy 1 encr 3des authentication pre-share
group 2 Crypto isakmp key our_key address Side_B_IP no-xauth
crypto ipsec transform-set trans esp-3des esp-sha-hmac
Crypto map crypto_map_name crypto_integer ipsec-isakmp
set peer Side_B_IP
set transform set trans match address ACL_To_Site_B
Interface Public_Interface
crypto map crypto_map_name
ip access-list extended ACL_To_Site_B
10 permit ip Site_A_Internal_
IP_Range 0.0.0.255 Site_B_Internal_IP_Range 0.0.0.255
EXAMPLE Side B Crypto isakmp policy 1 encr 3des
authentication pre-share group 2
Crypto isakmp key our_key address Side_A_IP no-xauth
crypto ipsec transform-set trans esp-3des esp-sha-hmac
Crypto map crypto_map_name crypto_integer ipsec-isakmp
set peer Side_A_IP set transform set trans
match address ACL_To_Site_A
Interface Public_Interface crypto map crypto_map_name
ip access-list extended ACL_To_Site_A
10 permit ip Site_B_Internal_IP_Range 0.0.0.255
Site_A_Internal_IP_Range 0.0.0.255

Internet Root Nameserver

An Internet Root Nameserver (also known as a Root Name Server) is a domain name service server which redirects requests for Top Level Domains to that specific domain, be it .com, .org, .net, .co, .tv or any other domain.

In a typical domain service request, where a computer wants to resolve a domain name to an IP address, it works from right to left. Let's suppose we want to resolve the domain in www.somewhere.com. First, there is an implied dot just to the right of the "last" word, .com. This implied dot is never needed, because the domain name service automatically fills this in for the address. So, our address is really www.somewhere.com.[blank space]. The blank space is the root domain and contained in the root domain (although a private company may have their own private root servers) are the well-known top level domain names, like: .com, .org, or .net. Other top level domain names have been added in recent years, but these three are the most common.

So, we are resolving a domain, www.somewhere.com.[blank space]. We are already in the root ([blank space]) because we are on the Internet. Working from right to left, the next thing we come to is the .com. The Internet knows how to direct to the .com servers from the information it has stored. The .com servers contain information about the "somewhere" domain and lastly, the "somewhere" servers answer queries for the subordinate addresses such as "www" translating the information into an IP Address.

There are thirteen Internet Root Nameservers, six of which are located in the USA and others which are physically anywhere in the globe. Seven of these are distributed using Anycast software. DNS lookups to the root nameservers are relatively rare, since the information is all cached. The Internet Root Nameservers have names with just one letter, from "a" to "m" and all have an IPV4 address. Nine of these servers have an IPV6 address too.

Design Structured Cabling Systems and IT wireless Network Infrastructures

Introduction

Designing a Structured Cabling System - a ten step HOWTO guide

Steps

Below we have provided a ten step introductory guide for the Design of Structured Cabling Systems and IT Network Infrastructures. (see structured cabling schematic)

Step 1: Which group of standards will you conform to?

European Union CENELEC EN standards America ANSI/TIA/EIA standards Canada CSA standards Australia/New Zealand AS/NZ standards Rest of the World ISO/IEC standards

The three principle design standards give the details of how to design and specify a structured cabling standard, they are;

ISO 11801
EN 50173
TIA/EIA 568-A or 568-B

BICSI


These standards in turn however refer to hundreds of other standards relating to component specifications, fire performance, testing methods, containment systems etc.

Step 2: Horizontal cabling - Basic rules

Four-pair cables are run from user positions to a patch panel. At the patch panel, patchcords link into the active LAN equipment or into backbone cabling. The user position has a wall outlet or floor outlet, and this links into the PC on your desk via another patchcord. The outlet is a called a TO (Telecommunications Outlet) and contains an eight way plug meeting IEC 60603-7, more commonly referred to as an RJ-45.

  • Two outlets per work area
  • Two outlets per 10 square metres of useable floor space
  • Outlets to be within 3 metres of the user station
  • Both outlets to be RJ 45
  • Max cable run to be 90 m
  • Max total length of patchcords at both ends of the link to be 10 m
  • Cable and RJ45 to be Cat5e grade

Options

Cat 3 or optical fibre can be used

If optical fibre, select 50/125 or 62.5/125 multimode

If using fibre select SC or ST connectors

Cat 6/Class E can be specified

Cat 5e Cable can be unscreened, UTP, Foil screened, FTP, or Foil and Braid screened S-FTP.

Cable fire performance can be:

  1. IEC 332-1
  2. IEC 332-1, IEC 754, IEC 1034
  3. IEC 332-3-c. IEC 754, IEC 1034
  4. UL 910 plenum

Each grade, in ascending order, has a better performance in fire situations but at a correspondingly higher price.

The exact density of cables, number of outlets and their position is up to the end user, or else at the proposal of the installer/designer

Step 3: Backbone Cabling

All of the horizontal cables are star-wired back to Telecommunications Closets or Floor Distributors where they are terminated in patch panels. These patch panels are connected together via the building backbone cabling which can be up to 500 metres long. It can be copper cable but is more likely to be optical fibre, either multimode or singlemode. The kind of cables and the number of cores needs to be decided.If fibre is chosen, a loss budget should help you make your decision

Step 4: Campus Cabling

The campus cabling links different buildings together. It can be up to 1500 m long. It can be copper cable but is more likely to be optical fibre, either multimode or singlemode. The kind of cables and the number of cores needs to be decided.

Step 5: Positioning and design of Telecommunications Closets to link horizontal and backbone cabling.

Positioning and design of the equipment room as a central focus for the main computing, LAN and PABX equipment.

Positioning and design of the Service Entrance facility whereby outdoor cables are terminated and the point of demarcation between customer owned equipment and the PTT cables is defined.

Step 6: Cable containment system

How will the cables be protected? Within buildings the choices are:

  • Cable trays
  • wire basket/raceway
  • cable ladders
  • J hooks
  • conduit
  • dado rails
  • PVC trunking
  • built-in underfloor duct
  • raised floors
  • suspended ceilings

The following must be taken into account:

  • the density and volume of cables to be organised
  • the aesthetic appearance of the cabling within offices and other visible areas
  • economics of different schemes
  • proximity to power cables and other potential sources of interference
  • firestopping

Useful standards are:

  • TIA/EIA 569 Commercial building standard for telecommunications pathways and spaces
  • EN 50174 Information technology – cabling installation

For external applications the choices are:

  • underground cable ducts
  • direct buried cable trench
  • concrete cable trough
  • self supporting aerial cable
  • supported aerial cable, i.e. catenary or messenger wire
  • fixed to building exteriors

In all cases the designer must ensure that all civils work has been carried out, rights of way established and availability of cable ducts and manholes established. Aerial cable routes must keep a minimum distance away from power cables and all external cables must be selected for the environment and temperature ranges in which they are expected to survive. External copper cables usually need to be protected by overvoltage and fault current devices where they enter a building.

Step 7: Cable Administration system

The cabling and its containment system need to be clearly identified and their locations, routes and capabilities recorded in a cable administration system. This usually involves a logical numbering scheme that can be applied to all cables, outlets, patch panels and even containment systems. Various colour schemes are also available.

These schemes can be paper based but for the larger installations then a computer based system is advisable. There are several proprietary solutions on the market which offer various database and graphical methods for keeping track of cabling assets. Some systems are also active in that they can detect moves and changes and automatically update the database.

Useful standards are:

  • TIA/EIA-606 Administration standard for the telecommunications infrastructure of commercial buildings
  • EN 50174 Information technology – cabling installation

Step 8: Earthing Scheme

All exposed metallic elements of the cable system and cable containment system need to be earthed (grounded) for safety and also electromagnetic compatibility requirements. If screened cables are used then special attention must be given to effective bonding of the screening elements. Poorly earthed screened cabling may behave worse than unscreened cabling.

An electrically ‘clean’ earth must be available at all points where the cabling is terminated, but especially within telecommunication closets, equipment rooms and service entrances. A clean earth is usually defined as a conductive element with not more than 1 volt rms potential difference between it and the real earth down below. Copper cabling linking two different buildings can suffer from earth loops if the ground potential is different. Non-metallic optical cabling is usually picked for problem areas such as these.

Some useful standards are:

  • PrEN50303 Application of equipotential bonding and earthing at premises with information technology equipment
  • PrEN50174-2 Information Technology, Cabling installation, part 2, Installation, planning and practices inside buildings
  • TIA/EIA-607 Commercial Building Grounding and Bonding Requirements for Telecommunications

Step 9: Testing regime

All cables must be tested to demonstrate compliance with the standards and specification to which they were bought. Testing can be split into copper cable testing and optical fibre testing. Ideally all cables should be 100% tested.

Copper cables.

There are five manufacturers of hand held copper cable testers that will automatically test the installed cable plant for all the expected parameters. By the use of a remote injector, the cabling is tested from both ends, which is a condition of the standards. The cabling has to pass all of the suite of tests to be awarded and overall pass. Points to remember are;

What is being tested? the channel (i.e. end-to-end including all the patchcords) or the basic link (i.e. the permanently installed cable from outlet to patchpanel). The test figures are different for each setting. It is usually more practical to test the basic link (also referred to as the permanent link).

What level is being tested? The tester should normally be set to Cat5e link or Class E link if Category 6 cable is being used.

The results are stored electronically and must be in a format recognisable by the cable management software that comes with the tester. There are now numerous test standards and draft standards. The most influential is likely to be;

IEC 61935 Generic specification for the testing of balanced generic cabling in accordance with ISO/IEC 11801

The tests required are; IEC 61935 Wire Map X Attenuation X; NEXT pair to pair X; NEXT Powersum X; ELFEXT air to pair X; ELFEXT Powersum X; Return Loss X; Propagation Delay X; Delay Skew X;DC Loop Resistance X. Cable length and ACR are also useful additions to this set of tests.

Optical cables

All that needs to be tested with short distance multimode optical cables is attenuation. This can be achieved by a device called a light source and power meter. This device will simply measure the absolute loss across the optical link. This then has to be compared with the design value of attenuation. If the tested value is less than the design value then the link can be seen to be acceptable.

Optical Time Domain Reflectometers can give a great deal of information about optical fibres, but for short haul multimode fibre they are an expensive overkill that gives results that need expert interpretation. An OTDR remains an essential tool for fault finding.

Step 10: Final thoughts

Is the design of the cabling system in-step with the LAN aspirations of the end user? For example, Cat5e is the minimum performance grade suitable for gigabit Ethernet. Standard Cat5 cable may not have sufficient delay skew performance for RGB video systems however. Cat 6 cabling will give a longer service life due to its higher performance, but at an initial higher cost.

Some optical fibre LANs, e.g. gigabit Ethernet cannot transmit over the full distance allowed in standards based optical structured cabling. These LAN limitations have to be taken into account. The next generation of 10 gigabit Ethernet will need a new generation of optical fibre to make it work.

The best way to ensure success in a structured cabling installation is to use properly trained people to design, implement and test the system. The RCDD qualification from BICSI is the only qualification which covers all aspects of structured cabling design and implementation.

The above information is offered as a summary of ISO 11801 and related standards. It is not a definitive design guide and does not replace study and implementation of the Standards themselves. The publisher accepts no responsibility for inaccuracies or omissions. To purchase the full Standards go to your national standards body, e.g. British Standards Institution, Nederlands Normalisatie Instituut etc. or ISO.



Wireless Network Management

Wireless Network Management refers to use of software tools designed to enhance performance, reliability and security of wireless networks particularly by diagnosing, detecting and reducing sources of radio frequency interference. Unlike in case of wired networks, where the redundancy of the equipment can be applied to mitigate the impact of performance problems and network failures to some extent, the wireless networking have a very limited options owing to availability of very limited wireless spectrum and the effects of wireless interference.

The factors that can have impact on the wireless network performance include traffic flows, working of the network topologies and network protocols, hardware, software and also, the environmental conditions. Therefore, often the Wireless users can be subjected to problems such as lack of coverage, intermittent discontinuity and difficult to monitor security aspects.

Wireless Network Management systems help to ensure network availability, as well as to provide other maintenance tasks, such as performance monitoring, testing, and fault management.

Some of the tools for Wireless Network management are Colubris MultiService Access Points (Maps), Airwave Management Platform (AMP) and Wireless Management Suite, wireless network management spectrum analysis software from Cognio Inc., Radio IP MTG, Cisco’s suite of Wireless Network management products etc.

Friday, September 10, 2010

Wireless Network and Router Security Tips

Reminded by the latest Cisco security alert, many network managers do not realize that their routers can be the jump point to attack. Router operating systems are just as vulnerable to hacker mischief as network operating systems. Most medium to small sized companies do not employ router engineers, or outsource this function on a need to do basic. And because of this, network administrators, and managers, either do not know enough to secure the router or do not have time. Listed below are the 10 basic router security tips.

1. Update your router's OS. Just like network operating systems, router operating systems need to be updated to correct programming oversights, flaws, and buffer overflow issues. Always check with your router manufacture for current updates and OS versions.

2. Change the default password. As much as 80 % of security incidents are caused by weak or default passwords, (This is according to CERT at Carnegie Mellon University) Avoid using common passwords and use mixed case letters as a stronger password policy .

3. Disable HTTP configuration and SNMP. The HTTP configuration part of your router may be easier to configure for a busy network admin, but it is also a security problem for routers. If your router has a command line configuration, disable the HTTP config mode and use it. If you are not using SNMP on your router, then there is no need to have it enabled. Cisco has a SNMP vulnerability with GRE tunnel attacks.

4. Block ICMP ping requests. Ping and other ICMP functions are useful tools for both the network admin and the hacker. ICMP enabled on your router can be used by hacker to identify information to target your network for attack.

5. Disable Telnet use from the Internet. In most cases you do not need an active telnet session from an Internet interface. Access to your router's configuration is more secure if accessed internally.

6. Disable IP directed broadcast. IP directed broadcast can allow Denial of Service (DOS) attacks on your equipment. A router's memory and CPU can be maxed out from too many requests, which can result in a buffer overflow entry.

7. Disable IP source routing and IP redirects. Redirects allow packets to come in from one interface and leave by another. You don't want engineered packets to redirect to a private internal network.

8. Packet filtering. Packet filtering routes only the types of packet you want to enter your network. Many companies only allow 80 (http) and 110/25 (email). Additionally you can block and allow IP Addresses and Ranges.

9. Review Security Logs. By simply taking the time to review your log files you will see obvious patterns of attack, and or even vulnerabilities. You will be surprised to how much activity your router is subject to.

10. Unnecessary Services. Unnecessary services should always be disable, whether they are on a router, server, or workstation. By default, Cisco devices up through IOS version 11.3 offer the "small services": echo, chargen, and discard. These services, especially their UDP versions, are infrequently used for legitimate purposes, but can be used to launch denial of service and other attacks that would otherwise be prevented by packet filtering.

Troubleshooting Wireless Network Connections

In this article we will look at how to tackle some common wireless network problems that people come across. This document will outline the steps you should take if you encounter one of the mentioned issues.

Check the wires and wireless network adapter

Checking that all your wires are plugged in at the router and from the plug is one of the first things you should do – provided of course that you have access to them. Verify that the power cord is connected and that all the lights of the router and cable/DSL modem are on. This may seem like a ridiculous suggestion but you should never disregard the obvious. You’d be surprised at how your configuration can be perfect, and after a while of playing around with settings you realize that the network cable leading from the router to the cable modem has come undone slightly.

You will also want to check that your wireless network adapter is switched on. Some laptops come with a small blue or red button on the side while others require you to enable it from the operating system. In Windows, go to device manager and check that your wireless network adapter is enabled. If you have a PCMCIA or USB wireless adapter try removing it and then re-inserting it while Windows is running so it will re-detect it. The lights on the adapter give an indication of whether there is a problem. On mine, I have two lights; one is orange to signify that the PCMCIA card has power and the other is green to show if a connection has been established. A blinking green light means that I am not in range of a wireless access point or there is a problem with connectivity, whereas a stable light means a connection has been established successfully. Take a look at your device documentation as these sorts of details will vary with each product.

Driver Compatibility

It is important to make sure that you have installed the correct device driver for your wireless network adapter. This can cause all sorts of problems or your adapter not to function at all. A friend of mine recently set up his own wireless network at home but complained to me that his wireless network connection was going “crazy”. Upon inspection I realized that he had configured his router properly but installed the 5v instead of the 3v driver on his laptop PCMCIA network card. Once the correct driver was installed, everything began to run smoothly. It just goes to show how even the smallest detail can make all the difference so make sure you have the correct driver installed!

Low Signal Strength

There are a number of factors that can cause the signal of your access point to deteriorate and the performance of your network to fall under par. Practically any appliance that operates on the same frequency level (2.4 GHz) as 802.11b or 802.11g can cause interference with your wireless network. Be sure to keep cordless phones, microwaves and other electrical equipment at least 1m away from the access point. Try changing channels on the access point and test it out on one of the clients. To change the radio channel on the access point login to the configuration (usually a web based interface) and go to the Wireless Settings (will vary depending on vendor) section, select a different channel and save settings. On the client, go to Device Manager, right click your wireless network adapter and go to Properties. In the advanced tab select the Channel Property and change the Value to the same number as the one you chose on the Access Point. Disable and then re-enable the wireless connection.


Access Point Location

You may also want to try changing the position of your access point antenna to improve performance. Play around with its position and see if you notice a difference. I find that if I point the antenna sideways or downwards I have better reception on the floor below. The following images demonstrate what I mean.


Antenna pointing upwards (default)


Antenna pointing sideways

The location of your access point is vital. Try and place it in a central location, as much as possible avoiding physical obstructions and reflective surfaces. Remember that wireless signals bounce of windows and mirrors, thus decreasing the range. Experiment with different locations until you find one that is practical and promising. Most people, including myself, like placing it near the ceiling since most obstructions are nearer to the floor.

It’s always a good idea to monitor the performance of your signal by using a diagnostic utility. This will help you to identify how strong your signal is in different locations and whether other electrical equipment is interfering. Run the utility when the microwave or cordless phone is in use and see if you notice a difference. Usually your access point will come with its own monitoring utility.

Installing a repeater for a performance boost

If you’re looking for a boost you can always choose to install a repeater. The job of a repeater is to receive the signal, regenerate it and rebroadcast it therefore extending the range of your wireless network. This would sit somewhere between your Access Point and your wireless client. Some repeaters, like the Range Expander series from LinkSys, don’t require it to be directly connected to the network via a cable. However, if security is an issue for you then be careful as some of these ignore certain security methods such as MAC address filtering. Also, some repeaters will only repeat wireless signals coming from its own product family, i.e.: if you have a D-Link Wireless Router you will have to get a D-Link repeater. The image below demonstrates the job of a repeater.


The Access Point transmits the signal. As it travels it decreases, until it hits the repeater and gets boosted. The newly transmitted signal is then received by an in-range wireless client.

Changing the Antenna

Changing the antenna of your access point can increase signal range and overall performance. Typical access points come with a 2dB or 4dB gain antenna but there are one’s available with 8, 14 and even 24dB. Antenna gain is measured in dBi (decibels-isotropic) which basically means how powerful the antenna is and how far it can provide a signal. Directional antennas are suitable for environments where you have a direct line of site from one access point to another and from access point to client; the signal travels in a straight line. Omni-Directional antennas distribute their signal in a circular 360 degrees motion over a horizontal pane, which is ideal for square areas.

Install Windows XP SP2

If you are using Windows XP on your wireless client - as I’m sure most of you are – installing Service Pack 2 would be a good idea. Check the Microsoft Website for download details. Windows XP Service Pack 2 comes with enhanced wireless support such as a new network setup wizard, built in support for WPA (Wi-Fi Protected Access), an updated Wireless Network Connection dialog box and amongst others, a rather nifty repair feature.

To utilize the repair feature all you have to do is right click the connection and select Repair or click the button on the support tab of the status dialog box. This will disable and then re-enable the connection (which clears many of the error conditions on wireless network adapters), clear the NetBT cache and flush the DNS cache. I often find that if my connection signal becomes low after a long period of activity, pressing the Repair button will boost it up to “Good” or “Very Good” depending on my location.

Network Settings

DHCP Addresses

DHCP configuration errors may also cause problems when connecting to a wireless network. Some of the newer access points on the market come with their own DHCP server which usually assigns addresses in the 192.168.0.x range. If your wired network uses a different range then you will probably find that wireless network clients are able to obtain an IP address and ping the access point but communication with other clients will not work. Your access point configuration interface should allow you to set which address scope to use. Set this to be the same as that of your other clients. You can also just disable the DHCP server on the access point and allow clients to obtain an address from the normal DHCP Server on your network.

Encryption Keys

Double check and re-enter your WEP/WPA encryption keys. Wireless Encryption will vary depending on which type of network you are connecting to. In Windows XP, on the Association tab of your wireless network properties dialog box, verify that your network key has been entered correctly and is valid for the network you are attempting to connect to.

MAC Address Filters

A great form of security to allow restricted access to your network. As I had explained in An Introduction to Wireless Networking Part 1, MAC Address Filters are a list of MAC addresses belonging to the clients that are allowed access to the network. This will only permit clients with the specified MAC Addresses to communicate with the network. Having said this, it may be the reason to your problem. Verify that the problematic client’s MAC is in the address list. If the network card had to be changed or a new device purchased recently, be sure to add it to the list.

Conclusion

After having read this article you should be familiar with common wireless network connections problems and what you can do to fix them. I hope that you will now be able to follow these steps when a wireless problem occurs and take the necessary action in solving such issues. Look out for Part 3 of my Introduction to wireless networking series in which I will take a closer look at security, give you some wireless network tips and tricks and also update you on the latest wireless networking news.

Top 10 things to know about network administration

If you're just getting started in the networking field, you've got a lot to learn, and with the rate of changes in networking technology, you can expect to always have a lot to learn, but here are ten essential topics that you should concentrate on (and if you are not just getting started, here are some things to review):

  1. The OSI model: Memorize it. It's almost a cliché, but understanding it is critical.
  2. TCP/IP concepts: Learn to think in binary and get a firm grasp on bitmasks, subnetting, gateways (like the "default gateway") and how addresses are constructed (the network portion, the host portion, etc).
  3. Stacks: Read about how the network stack is implemented on hosts. Get a good feel for what each component (the NIC, firmware, device drivers, the OS, etc) is responsible for. Once you understand this, troubleshooting is easy.
  4. Layer 2: Learn how switches operate and how they're different from hubs and routers. Understand bridging, and get a general idea of what Spanning Tree Protocol does. Learn the difference between a collision domain and a broadcast domain, and then study VLANs.
  5. Routing: Learn a routing protocol. Start with RIP, because it's easy. You don't need to be a guru, just get a general idea about how routers can exchange information about the network.
  6. Services: Understand the role of DNS and DHCP and WINS and know their alternatives, like the host and lmhost files and static addressing.
  7. Find yourself some good networking reference material. Whatis.com is a great for deciphering arcane acronyms.
  8. Security: Read a little about how firewalls operate and other security technologies like VPNs. Understand the difference between authentication, authorization and accounting.
  9. Output: Learn how to get status and information out of your networking devices. A good place to start is with the "show" commands (which will be featured in next week's tip).
  10. Finally, do a walkthrough: follow data as it goes from one application to another. How does it get from the application, to being segmented, packetized, framed, and routed? How does your computer know what IP address to send the packet to? (DNS) How does it know what MAC address to send it to? (ARP) How does it know how big to make the frame? (MTU) How does a switch know which port to forward your packet out on? (FDB) How does a router know which interface to use? (routing table) If you can answer these questions, you're well on your way to being competent and productive.

wireless application service provider

A wireless application service provider (WASP) is part of a growing industry sector resulting from the convergence of two trends: wireless communications and the outsourcing of services. A WASP performs the same service for wireless clients as a regular application service provider (ASP) does for wired clients: it provides Web-based access to applications and services that would otherwise have to be stored locally. The main difference with WASP is that it enables customers to access the service from a variety of wireless devices, such as a smartphone or personal digital assistant (PDA).

Although the business world is increasingly mobile, many corporations are resisting the idea of wireless communication, because of concerns about set-up and maintenance costs and the need for in-house expertise. WASPs offer businesses the advantages of wireless service with less expense and fewer risks. Because mobile applications are subscribed to, rather than purchased, up-front costs are lower; because the WASP provides support, staffing and training costs are lower.

WASP services may include:

  • Constant system monitoring
  • Diagnostics and resolution
  • User support
  • Text formatting for various devices
  • Problem detection and reporting

There are still issues to be resolved. Coverage areas remain limited, for example, and data synchronization among devices can be problematic. Nevertheless, WASPs provide an easier, safer, and cheaper way for organizations to add mobile components, and a number of major companies are opting for them. UPS, Sprint, and eBay are among the early subscribers to WASP services. Interestingly, some ASPs have begun to offer WASP services, while others are purchasing them.



Wireless Security Filtering

Filtering

Managing access to a WLAN through WEP keys or authentication is one viable security measure. You can also configure access to be restricted according to device; to do this, you use the Media Access Control (MAC) address or Internet Protocol (IP) address. For example, you can employ filtering on your APs to keep out clients who do not have an authorized client adapter. Without an explicitly approved MAC address on the network adapter, it doesn't matter if the correct username and password are presented because the AP does not allow access.

Simply put, filtering checks a wireless client's MAC or IP address against a list of authorized MAC or IP addresses maintained on the AP. When a client tries to connect to the AP, it must be on the list. If it is not, the client cannot connect.

Filtering should not be the only security measure, however. Both MAC and IP addresses can be spoofed, thus circumventing this layer of security.

MAC Filtering

You can set up a MAC filter two ways:

  • To pass traffic to and from all MAC addresses except those you specify.

  • To block traffic to and from all MAC addresses except those you specify.

Furthermore, you can apply these filters to either or both the Ethernet and radio ports and to incoming or outgoing traffic.

Note

Be careful when setting MAC filters. If you incorrectly apply the setting, you can easily lock yourself out of the AP. If this does occur, use the command-line interface (CLI) to disable filters, and then go in and correct your mistake.

MAC filters are managed on the MAC Address Filters page ; simply follow these steps:

Step 1. On the AP's web page, click Services on the menu to the left of the page.

Step 2. Click Filters in the list of services.

Step 3. Click the Mac Address Filters tab on the Apply Filters page.

After you reach the Apply Filters page, you can enable MAC address filters.

Note

Be aware that software often changes. The version of the AP firmware you use might differ from what is shown here, but the steps are similar.

Setting MAC Filters

To configure a MAC filter, follow these steps:

Step 1. To create a new MAC address filter, click Create > Edit Filter Index > . To edit a filter, select the filter number from the menu.

Step 2. In the Filter Index field, identify the filter with a number between 700 and 799. This number is used to assign an access control list (ACL) for the filter.

Step 3. Enter a MAC address in the Add MAC Address field. The address is entered as three groups of four characters, separated by periods (for example, 0125.4275.7879).

Step 4. Use of the Mask entry field enables the filter to check against certain bits, but not others. For example, if you have several clients whose MAC addresses all end in the same four bits, you can use the mask to allow any clients whose MAC address matches those four bits. If you want to force an exact match of the MAC address, in the Mask entry field, enter FFFF.FFFF.FFFF. If you just want to check the last four bits, enter FFFF.FFFF.0000.

Step 5. Choose Action > Forward or choose Action > Block.

Step 6. Click Add. The MAC address you entered has been added to the Filters Classes field. You can remove this address by selecting it and clicking Delete Class.

Step 7. Choose Default Action > Forward All or Default Action > Block All. You must establish the default action for this filter, and it must be the opposite of the action for at least one of the MAC addresses in the filter. For example, if you chose Forward for several MAC addresses, you should select Block All as the filter's default action.

Step 8. Click Apply.

Step 9. Click the Apply Filters tab.

Step 10.Select the filter number from one of the MAC drop-down menus. The filter can be applied to either the Ethernet port, the radio ports, or both. You can also apply the filter to incoming traffic, outgoing traffic, or both.

Step 11. Click Apply.

Note

You need to restart the system, so that all clients are appropriately filtered.

IP Filtering

You can also limit access to your AP with IP filters. IP filtering can be applied based on IP address, IP protocol, and IP port. This allows or prevents the use of specific protocols through the AP's Ethernet and radio ports. Like MAC filtering, you can also set up the filter to allow or deny sending or receiving traffic from the AP based on IP address.You can set up IP filters to allow combinations of all three IP filtering components (address, protocol, and port).

IP filters are managed on the IP Filters page.

To reach the IP Filters page, follow these steps:
Step 1. On the AP's web page, click Services on the menu to the left of the page.

Step 2. Click Filters in the list of services.

Step 3. Click the IP Filters tab.

After you reach this page, you can enable IP filters.
Setting IP Filters

To configure an IP address filter, follow these steps:

Step 1. To create a new IP address filter, select Create > Edit Filter Index > . To edit a filter, select the filter number from the menu.

Step 2. In the Filter Name field, identify the filter with a name.

Step 3. Select Default Action > Forward All or Default Action > Block All from the Default Action. You must establish the default action for this filter and it must be the opposite of the action for at least one of the IP filters. For example, if you chose Forward for several IP addresses, you should select Block All as the filter's default action.

Step 4. To filter a specific IP address, enter that address under the IP Address section. The Destination Address field is used to filter traffic going to an address; the Source Address filters filter traffic coming from a given IP address.

Note

If you intend to block traffic to all IP addresses except those specified, make sure you include the IP address of your own computer in the list of specified exceptions; otherwise, your computer is shut out from the AP.

Step 5. The Mask entry field allows the filter to check against certain bits, but not others. Type the subnet mask in this field. The mask is used if you are filtering everything to or from a subnet.

Step 6. Select Action > Forward or select Action > Block.

Step 7. Click Add. The IP address you entered has been added to the Filters Classes field. This address can be removed if you select it and click Delete Class.

Step 8. To filter an IP protocol, select one of the protocols from the IP protocol drop-down menu, or select the Custom radio button and enter the number of an existing ACL in the Custom field. Enter an ACL number from 0 to 255.

Step 9. Select Action > Forward or select Action > Block.

Step 10. Click Add. The protocol appears in the Filters Classes field. This field is at the bottom of the page and is shown in Figure 8-4. This filter can be removed if you click Delete Class.

Step 11. To filter a TCP or UDP port protocol, select one of the common port protocols from the TCP Port or UDP Port drop-down menus, or you can select the Custom radio button and enter the number of an existing protocol in one of the Custom fields. Enter a protocol number from 0 to 65535.

Step 12. Select Action > Forward or select Action > Block.

Step 13. Click Add. The protocol appears in the Filters Classes field. This filter can be removed if you click Delete Class.

Step 14. Click Apply.

Step 15. Click the Apply Filters tab.

Step 16. Select the filter names from one of the IP drop-down menus. The filter can be applied to the Ethernet port, the radio ports, or both. You can also apply the filter to incoming traffic, outgoing traffic, or both.

Step 17. Click Apply.