Troubleshooting WLANs

Similar documents
WLAN Security Preparing For BYOD and IoT

Troubleshooting WLANs (Part 2)

Configuring Layer2 Security

Secure Wireless LAN Design and Deployment

Chapter 24 Wireless Network Security

Chapter 17. Wireless Network Security

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

802.11r or Fast Transition (FT) for fast secure Roaming

Exam Questions CWSP-205

Wireless Network Security

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)

WLAN Roaming and Fast-Secure Roaming on CUWN

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

WPA-GPG: Wireless authentication using GPG Key

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

SharkFest'17 US. Basic workshop of. IEEE packet dissection. Megumi Takeshita

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Securing Wireless LANs

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

Configuring WLANsWireless Device Access

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

Wireless Network Security Spring 2016

ABHELSINKI UNIVERSITY OF TECHNOLOGY

Configuring VLANs CHAPTER

Configuring Management Frame Protection

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

1 FIVE STAGES OF I.

Configuring a VAP on the WAP351, WAP131, and WAP371

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Cisco Exam Implementing Cisco unified Wireless Voice Networks (IUWVN) v2.0 Version: 10.0 [ Total Questions: 188 ]

IEEE i and wireless security

Configuring Authentication Types

Table of Contents X Configuration 1-1

Modeling and Verification of IEEE i Security Protocol for Internet of Things

Wireless Network Security Spring 2015

Internetwork Expert s CCNP Bootcamp. Wireless LANs. WLANs replace Physical (layer 1) and Data Link (layer 2) transports with wireless

Quick Start Guide for Standalone EAP

WPA Passive Dictionary Attack Overview

ENH1750 EXT ENH1750 EXT

Configuring a WLAN for Static WEP

Q&As. Implementing Cisco Unified Wireless Voice Networks (IUWVN) v2.0. Pass Cisco Exam with 100% Guarantee

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Wireless Network Security

Cisco Exactexams Questions & Answers

Cisco Unified Wireless Technology and Architecture

NXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/

Configuring Hybrid REAP

HOW WI-FI WORKS AND WHY IT BREAKS WI-FI MECHANICS

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

A-to-Z Design Guide for the All-Wireless Workplace

Wireless Protocols. Training materials for wireless trainers

HP A-MSR Router Series WLAN. Command Reference. Abstract

Cisco Actualtests Exam Questions & Answers

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

11N Wall Mount Access Point / WDS AP / Universal Repeater. Features. Fully compatible with IEEE b/g/n devices

outline background & overview mac & phy wlan management security

Oct 2007 Version 1.01

The network requirements can vary based on the number of simultaneous users the system will need to support. The most basic requirements are:

ENH900EXT N Dual Radio Concurrent AP. 2.4GHz/5GHz 900Mbps a/b/g/n Flexible Application

WLAN Syslog Message. Ver. 1.0

CertifyMe. CISCO EXAM QUESTIONS & ANSWERS

HP0-Y44. Implementing and Troubleshooting HP Wireless Networks.

CCIE Wireless v3 Lab Video Series 1 Table of Contents

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

ECB N Multi-Function Client Bridge

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Table of Contents 1 WLAN Service Configuration 1-1

Configuring r BSS Fast Transition

Network Encryption 3 4/20/17

TestsDumps. Latest Test Dumps for IT Exam Certification

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

Cisco Questions & Answers

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E

Wireless High power Multi-function AP

ECB N Multi-Function Gigabit Client Bridge

CSCD 433/533 Advanced Networking

Creating Wireless Networks

Physical and Link Layer Attacks

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

HP Unified Wired-WLAN Products

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

accounting (SSID configuration mode) through encryption mode wep

Wireless LAN Controller (WLC) Design and Features FAQ

EOC-2610 Long Range Wireless Access Point / Client Bridge

EOC GHz 54Mbps b/g Multi-Function AP

Section 4 Cracking Encryption and Authentication

INTEROPERABILITY REPORT Ascom Myco Aerohive Networks, AP130, 230, 250, 330, 350,

CCIE Wireless v3 Workbook Volume 1

WISNETWORKS. WisOS 11ac V /3/21. Software version WisOS 11ac

ECB3500 Wireless Long Range Multi-function 7+1 AP 2.4GHz Super G 108Mbps EIRP up to 2000mW

Client Roaming. Assisted Roaming. Restrictions for Assisted Roaming. Information About Assisted Roaming

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

Welcome! SharkFest 16 Europe. Troubleshooting WLANs (Part 2) Rolf Leutert

Configuring VLANs CHAPTER

802.11r Fast Transition Roaming

Network Guide for Listen Everywhere

802.11ac 3x3 Dual Band High-Powered Wireless Access Point/Client Bridge

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

Transcription:

Troubleshooting WLANs Tips and tricks with practical examples!! by Gregor Vucajnk, Knowledge Services at Aerohive Networks email: gvucajnk(at)aerohive.com, twitter: @GregorVucajnk

Get a free Aerohive AP/management General International/Freeval AP webinar page:! http://www.aerohive.com/news-events/international-webinars! Registration page of the event held in Dutch language:! http://info.aerohive.com/june-simplified-wireless-registration-landing- Page-NL.html

Troubleshooting is more of an art form than exact science. The Internet

AGENDA Troubleshooting strategy. Basic troubleshooting methodology. Practical examples with commentary.

1. TROUBLESHOOTING STRATEGY

Dilbert 40 years of age IT generalist Babysits the rest of the IT team (usually junior members) Source: www.dilbert.com

3. Basic Troubleshooting methodology

Identifying the issue Recreate problem Locate and isolate the cause RINSE Formulate a plan of solving the problem Implement the plan Test to very the problem is resolved AND REPEAT Document the problem and the solution Provide feedback to user

3. Practical examples

802.11 passive discovery Client devices can learn about the networks from listening to the beacon frames. Beacon frames are sent from the AP, advertising it services. It contains the information about the SSID and capabilities but also serves other purposes (like time sync between all STA in SS, What to look for: Beacon frames carry several important information. When indication of buffered data for devices in sleep mode, etc). troubleshooting Capabilities information (0x0511) and essentially By default the AP will send the beacon frame every* 100 TU (102.4ms), subject to network congestion. all the Tags under Tag parameters. But remember, the capture is an interpretation of the capturing device. Can be deceiving. 802.11 beacon frames (wlan.fc.type_subtype eq 8)

Client devices can learn about the networks by actively sending probe requests (broadcast if SSID is unknown or directed if searching for specific SSID). APs that hear the probe request will answer with unicast probe response. The information in probe response is very similar to content of a beacon frame minus TIM field, QoS capability IE. Probe response can however include other information if explicitly requested with RIEs (request information element) in probe request. Timing of the probe request sent is dependent on the client device and OS implementation. 802.11 active discovery What to look for:! Probe request is usually a broadcast frame. It contains the capabilities of the device and also may contain additional info about the device (device mode, manufacturer, etc). Probe request also says a lot on end client device roaming behaviour as the device hops channels all the time looking for other connections. 802.11 probe request (wlan.fc.type_subtype eq 4) 802.11 probe response (wlan.fc.type_subtype eq 5)! Probe response is very similar to beacon frame in structure. It is unicast and sent at the lowest common rate. There is no TIM field in probe response but it may contain RIE element that a station requested via the probe request

802.11 authentication 802.11 authentication should not be confused with network authentication. It is a simple two frame exchange in between the end client device and the AP. In simple terms, it is the end client device saying to the AP "I can see you" and the AP is replying "I can see you too. Where it brakes:! 802.11 authentication should always work. However the exchange can be broken if MAC filtering is implemented at a SSID configuration level. 802.11 authentication request (wlan.fc.type_subtype eq 11) 802.11 authentication response (wlan.fc.type_subtype eq 11)

802.11 association 802.11 association is for the client device to joining the SS and What to look for:! Association phase sets up the requirements for network obtain the AID (Association ID). Association exchange sets and synchronizes dependencies and requirements for joining the SS. authentication (PSK, PPSK, 802.1X). If AP is overloaded (or the Association frames are unicast. The Association request frame configuration is set to limit the amount of associations), the AP may contains the capabilities of the device and the association response reject client associations. There is also an impact from band-steering and load balancing that can affect the call flow. frame provides with requirements to join the SS 802.11 association request (wlan.fc.type_subtype eq 0) 802.11 association response (wlan.fc.type_subtype eq 1)! Based on the association phase, the basic (mandatory) rates are negotiated. This has a direct impact on the overall network capacity. If tweaked to aggressively, the end client device may not support the basic rates and fails associating to the SS.

Client devices can learn about the networks by actively sending probe requests (broadcast if SSID is unknown or directed if searching for specific SSID). APs that hear the probe request will answer with unicast probe response. The information in probe response is very similar to content of a beacon frame minus TIM field, QoS capability IE. Probe response can however include other information if explicitly requested with RIEs (request information element) in probe request. Timing of the probe request sent is dependent on the client device and OS implementation. 802.11 active discovery What to look for:! Probe request is usually a broadcast frame. It contains the capabilities of the device and also may contain additional info about the device (device mode, manufacturer, etc). Probe request also says a lot on end client device roaming behaviour as the device hops channels all the time looking for other connections. 802.11 probe request (wlan.fc.type_subtype eq 4) 802.11 probe response (wlan.fc.type_subtype eq 5)! Probe response is very similar to beacon frame in structure. It is unicast and sent at the lowest common rate. There is no TIM field in probe response but it may contain RIE element that a station requested via the probe request

Additional management frames Reassociation request (wlan.fc.type_subtype eq 2) already a part of ESS and roaming to new AP Reassociation reponse (wlan.fc.type_subtype eq 3) similar to association but when roaming within ESS Diassociation (wlan.fc.type_subtype eq 10) (used in roaming to terminate connection) Deauthentication (wlan.fc.type_subtype eq 12) sent when all communication is terminated, ie, when the AP is rebooting).

4-way handshake Process by the source key material is turned in encryption material to encrypt our communication. It is done for EVERY* WPA(2) association and reasocciation (there is a slight difference when using 802.11r). Directly follows association phase for WPA(2)-Personal. Follows full EAP authentication for WPA(2)-Enterprise. Consists of four unicast frames. Only upon successfully completing the 4-way handshake is the traffic from the client device allowed to the network past the AP.

PMK is known Generate SNonce PMK is known Generate ANonce Message 1: EAPOL-Key (ANonce) Derive PTK Message 2: EAPOL-Key (Snonce, MIC) Message 3: EAPOL-Key (Install PTK, MIC, Encrypted GTK) Message 4: EAPOL-Key (MIC) Derive PTK Generate GTK Install PTK and GTK Install PTK and GTK

4-way handshake After Message1 (1/4 is sent) -> Driver issue. Reboot, update driver. After Message2 (2/4 is sent) -> Wrong PSK, wrong time with PPSK. Hint: bad RF connectivity can exuberate any higher level communication issues. Make sure L1 connectivity is at acceptable levels. After Message 3 (3/4 is sent) -> Driver issue. Reboot, update driver. After Message 4 (4/4 is sent) -> It becomes a network issue. Check DHCP, DNS, FW, VLANs, etc.

Supplicant SW on client dev Authenticator Access Point Authentication Server (RADIUS) 802.11 association EAPoL-start EAP-request/identity EAP-response/identity EAP-request (challenge) EAP-response (hashed response) RADIUS-access-request RADIUS-access-challenge RADIUS-access-request RADIUS-access-accept (PMK) Access Granted

Closing thoughts Time is money! Be conservative. Create a lab and break everything.

www.aerohive.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback