Wednesday, 1 October 2014

ISE's Evil Default

Whilst working with Cisco ISE recently, I became aware of a setting within the product that could be a major ‘gotcha’ if you aren’t aware of it. We’ll take a very quick look at it in this article.


Background


Tucked away in the depths of the Cisco ISE menu structure is a rather innocent-looking configuration setting under the ‘Anomalous Client Detection’ section of the System Settings. The option I’m referring to can be found in the following location in ISE 1.2:


Administration > System> Settings > Protocols > RADIUS


The screenshot below shows the settings page I am discussing:





The settings on this page have been provided to protect ISE in the face of an onslaught of misbehaving or mis-configured clients that may flood it with authentication traffic (and hence RADIUS traffic). In larger environments, this could become an issue and affect ISE’s performance.


Suppress Anomalous Clients


The tick-box ‘Suppress Anomalous Clients’ provides a very useful function by quieting down the ‘noise’’ that you will start to see in the ISE logs once a reasonable number of clients are using the network. Instead of providing a line of information for each client transaction in the clients logs, only the most recent successful event is shown, providing a more manageable list of transactions to view. This effect is provided by the ‘Suppress Repeated Successful Authentications’ check-box, which is checked by default.


Reject Requests After Detection


One default side-effect of selecting the suppression of anomalous clients is that by default, the ‘Reject Requests After Detection’ check-box is also checked (highlighted in the graphic above). This is the ‘evil default’.


One might expect this option to simply provide another level of event suppression for misbehaving clients. Unfortunately, having this check-box enabled will actually add clients to an internal black-list of misbehaving clients for the period specified in the ‘Request Reject Interval’ - 60 minutes by default. Clients on this black-list will be ignored by ISE and effectively excluded.


Unfortunately, from the information I have been able to uncover so far, the internal black-list of excluded clients is not available to view, so there is no obvious way of knowing which clients have fallen foul of rejection (and hence exclusion) for being an ‘anomalous client’.


Exactly what qualifies a client as being anomalous isn’t too clear - the ‘Detection Interval’ and ‘Reporting Interval’ provide some clues, but they still don’t provide any clues about how many times a client has to be ‘anomalous’ to trip the rejection criteria.


Failure Scenario


Although the feature discussed above may not seem particularly worrisome, there are situations when it can kick-in and potentially take down your whole network for an hour (using the defaults).


If there is an extended period of time where clients are failing authentication, then if the anomalous client settings are enabled and left at default, all clients may become effectively excluded for an hour. A scenario such as the failure of an external authentication source (e.g. AD) or a policy configuration error could create such a situation. And, yes, I am speaking from experience of falling foul of such a scenario.


I’m not sure of Cisco’s official recommendation for this particular area of configuration, but I would think it is at least worth winding down the default ‘Request Rejection Interval’  to a lower value than 60 minutes - that’s a long time to lose your clients.


References

Cisco ISE 1.2 User Guide: http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_ui_reference_administration.html#pgfId-1293445

Converting Images For Survey and Management Tools

Being able to convert electronic floor plans into formats supported by a wireless survey or management tool is a regular part of being a WiFi professional. A customer may often provide floor plans in a format that isn’t accepted by the particular tool that you are using, leaving you with a file-conversion headache. In this article we take a look at a solution (for Windows users) to convert two common file types into a useable format.


Background


When using a professional wireless survey tool, one of the first steps in preparing your survey project is to import an electronic copy of the building floor plans. The plans are used to show areas surveyed and the RF measurements (“heapmaps”) that have been taken.


Similarly, once a WiFi network has been installed, there is often a requirement to import floor plans into a network management system (NMS) to show the areas covered by the new deployment. This may be a cloud-based console or perhaps a dedicated on-site management server. The NMS may show the location of deployed access points, together with their status and heatmaps showing RF coverage.


In both of these cases, a file containing the floor plan needs to be imported so that AP positions and RF data can be overlaid on the plan within the tool. The challenge that we often face is that the floor plans supplied may be in a format that cannot be directly imported in to the survey or management tool. For instance, a tool may only support import formats of jpg, png and gif. However, the floors plans may only be available in pdf or dwg (AutoCad) format. This means we have to convert the files we have been given in to a useable format.


File Formats


In my experience, customers tend to provide floor plans in one of two formats: PDF or DWG. I’m not sure why this is - I suspect they ask their estates or facilities department for a copy of the floor plan and this is what they have on file. Both formats tend to present a challenge, as they are often not supported formats for importing into many tools.


PDF Plans
PDF is the number one format that I find customers tend to supply when I request building plans. Also, this format isn’t generally supported by the various tools I have used, so we have to find some way of converting it to an image file format.


Although PDF files are easy enough to open and view, using free viewers such as the Adobe Acrobat reader, the viewers do not allow you to save the file in an alternative format. If you are fortunate enough to have a full copy of the (rather expensive) Adobe Acrobat software, then you can extract the image from the PDF and save it as an alternative format. But, for the majority of us (on a tight budget), this isn’t an option.


PDF viewers also provide us with no option to manipulate the floor plan image. Often, it may be desirable to remove various features (e.g. borders and legends) from the original image before importing in to our survey tool. By converting to another image format, we have the opportunity to edit the image as required with a simple graphics editor (such as Paint).


DWG Plans
If customers haven’t supplied PDF-format plans, then I generally find that they will supply them as DWG files. These are the file format used by AutoCad software: a very large, very expensive piece of CAD software used to create drawings such as building plans.


Again, most of us won’t have a copy of AutoCad to enable us to open and manipulate our DWG files, but we can open them using the TrueView viewer package.


Trueview is a very useful package that will allow us to view a DWG file. It also allows us to do useful things such as turning layers on and off. Often, a DWG file will show many additional services that you perhaps don’t want included on your imported plan (such as pipework or electrical distribution). Many of these services are shown as a ‘layer’ of information that may be turned off in TrueView to de-clutter the final imported plan.


TrueView natively provides the ability to export the floor plan into an alternative file format, such as PNG of JPG. Rather confusingly, the feature you need to do this is referred to as ‘plot’ rather than export. By electing to plot a plan, it can be ‘plotted’ out to an PNG or JPG format. However, I have found this method to be quite difficult to get good results with, so I would advise avoiding this and using the method suggested later in this article.


‘Printing’ Required File Formats
Now that we have discussed the challenges that we face with DWG and PDF format files, it’s time to look at how we can consistently convert them into formats that we can use with our survey and management tools.
 
File Resolution and Plan Colour
Before we go ahead and look at how to  convert our files, it’s worth spending a few moments talking about file resolution. There is little point in spending time converting our floor plans into new formats if they end up as pixelated splodges which show no detail when you zoom in to view them. This is noticeable when performing operations such as placing access points on to plans and cannot see enough detail to accurately place them. Therefore, we need to ensure that during our conversion process, we create a reasonably high resolution image.


In addition to image resolution, I believe that image colour is also important. Many building plans may be multi-coloured, with different services and building materials shown in a variety of colours. When importing multi-coloured plans into any tool that will display information overlaid on to the plan, then I’d recommend using grayscale colouration. Grayscale simply means that all colours have been removed and that the plan is shown in varying shade of gray (like a black and white photograph). Trust me on this - it is much better to use a grayscale than colour images for your floor plans.


PDFCreator


Finally! We’re now ready to look at how to convert our floor plan into a high-resolution, grayscale image. Although there are a number of file formats that are supported by most survey and management tools (e.g. JPG, PNG, BMP, GIF etc.), my personal favourite format is PNG - it seems to be supported pretty much everywhere and gives great results in terms of file sizes and quality.


The tool we’re going to use for the conversion process is PDFCreator. It’s a free, Open Source project over at SourceForge.  Don’t be fooled by the name - although it can be used to create PDF files, it can also be used to create files in a wide variety of other formats (including many image file formats). Once it has been installed, it adds a new ‘virtual’ printer to your list of available printers within Windows. By simply printing the files you are displaying within your PDF or DWG viewer, it is ‘printed’ to a new file in the desired file format. Before printing, a number of options are available to control the resolution and colouration of the file that will be created.


Now that we’ve described how PDFCreator operates, we’ll run through an example of how to convert both a PDF and DWG file to a high resolution, grayscale PNG image file.


Creating A PNG Grayscale File


In both instances (DWG & PDF), the conversion is actually very simple. To convert our floor plan, we’ll perform the following steps:


  1. Open the image in the PDF or DWG viewer
  2. Select the ‘print’ (or plot) option
  3. Select the virtual PDFCreator printer
  4. Set options for resolution and colouration
  5. ‘Print’ the file to the virtual printer (this actually saves the image in the selected format)


Converting a PDF File


First let’s look at converting a PDF file. Here’s a step-by-step guide:


  1. Open our floor plan image using our selected PDF viewer (e.g. Adobe Acrobat Reader, Foxit PDF Reader) and hit the ‘Print’ button (highlighted in the image below) and view the print dialog box:


  1. Select the ‘PDFCreator’ printer and hit the ‘Properties’ button.





  1. In the Properties pop-up, hit the ‘Advanced’ button so that we can set our paper size (to ensure we get good resolution):




  1. In the ‘Advanced’ pop-up select a large paper size - this will ensure a high resolution to provide a clear, detailed image, instead of a pixelated mess.

    The size depends on the detail on your floor plan - the more details, the larger the paper size you need to get a good resolution. In this example I’ve gone for an ‘A2’ paper size (bear in mind that many DWG diagrams are ‘A0’ in their original format):





  1. Hit OK on the 2 pop-ups you have open and hit the ‘Print’ button on the original ‘Print’ pop-up  window.The initial PDFCreator pop-up will appear. Select the 'Options' button:



  1. You’ll now be presented with the PDFCreator options where you can select the screen resolution and  colouration on the final image. Use 300 dpi and Grayscale:





  1. Finally, ensure you select the ‘PNG’ file type when saving the image file that is created:





  1. If all goes well, you should end up with a nice, high resolution graphic that will be exactly what you need for your survey project or management software (Note: this was trimmed with Paint to remove extra white-space that wasn't required):




Converting a DWG  File


Now we’ll take a look at converting a DWG file. Here’s a step-by-step guide:


  1. Open the DWG file using the TrueView  viewer. Before we create our image file, you might like to experiment with turning of some layers that are  perhaps showing extraneous information on the floor plan






  1. Once you have made any required updates to layer visibility, hit the ‘Plot’ icon at the top of the panel (‘Plot’ is the equivalent to ‘Print’ in this software):





  1. In the ‘Plot’ pop-up that appears, select ‘PDFCreator’ as the printer, select a large paper size for good resolution of your final image. As with the PDF conversion, you may need to experiment with the paper size, which will vary depending on the detail in the plan that you are converting. The more detailed the plan, the larger the paper size you should select to obtain the detail you will require for your survey project or management software.

    Ensure that you select the Fit to Paper’ option:




  1. Hit the ‘OK’ button and then view the PDFCreator pop-up. Simply select the  ‘Options’ button in this window:





  1. In the PDFCreator options pop-up, select the PNG file type and set the resolution to 300dpi and colouration to grayscale:



  1. Finally, ensure you select the ‘PNG’ file type when saving the image file that is created:





Conclusion


In this article we have looked at why we might need to convert image file formats when we need to import floor plans into a wireless survey tool or network management tool.


We looked at two of the most common file types that are often supplied when electronic floor plans have been requested: DWG or PDF files. Both file types may be viewed with freely available software packages, but they may have limitations when exporting floor plan images into usable formats for survey and management tools.

Finally, we looked at a step-by-step guide of how to convert both DWG and PDF files into a commonly supported graphic file format: PNG. We also converted the image into a grayscale image to facilitate ease of use when overlaying information on the plan (e.g. network components such as APs, and RF heatmaps).

Saturday, 27 September 2014

Calibrating a Wireless LAN Survey Plan

One of the most important steps in completing a WiFi network survey using  a professional survey tool is to ensure that you have a correctly calibrated the floor plans used to conduct the survey. Without this step, your survey may be inaccurate or, at worst, worthless. In this article we look at why this is important, together with the right (and wrong) way to do it.


Background


When performing any type of  WiFi network survey using a tool such as Ekahau’s Site Survey or Fluke’s AirMagnet, one of the first tasks performed is the creation of a survey project. During the creation of the survey project, a number of configuration tasks must be performed. One of mandatory tasks is to import an electronic copy of the floor plan of the area to be surveyed.
The floor plan is generally an image file (jpg, png, bmp etc.format) that has been created from an architect’s blueprint of each floor of a building. Professional survey tools also often allow the import of AutoCad (DWG) files directly, though I personally have had mixed results with this method.

The purpose of importing a floor-plan is to allow radio frequency measurements to be plotted by a surveyor as he/she moves around a survey area. The usual methodology involves walking around a facility, clicking on the imported floor-plan to indicate the surveyor's current position. At each point, radio frequency measurements are taken, recording signal and noise levels for various frequencies.

Predictions and Assumptions
When performing a survey, each time a point is clicked on the floor plan, the survey software will take a measurement at that discrete point, However, this measurement only applies to the precise spot that the surveyor is standing on at the time the measurement is taken. To take readings at every point on the floor plan would take a colossal amount of time, and would involve a surveyor shifting a few inches each time he/she took a measurement, in order to obtain measurements across the whole coverage area.

To avoid this issue and make the whole surveying process more practical, the survey software makes a prediction about the signal coverage around the point where each measurement has been taken. It will make an educated “guess” about how the radio frequency signal will look in the immediate vicinity of the point where the measurement is taken.  It uses some clever maths to predict how the signal will look in a guess “zone” around the measurement point, based on how an RF signal reduces in a predictable manner over a known distance (Free Space Loss). The "guess" distance is generally around a 2 - 5 metre radius around the measurement point (which is user-configurable). 

The example below shows a very simple walk-path, with the RF signal level shown with a 2 metre radius around each sample point:

Fig. 1 - Survey path in Ekahau
Even walking short distances to “click” and take another signal measurement can become impractical (or at least annoying), particularly for larger surveys. Therefore, wireless survey software also provides the option of allowing a single click at the start of a walk-path, together with a single click at the end of the walk-path. As long as the path walked is a straight line, and a constant walking pace has been maintained, then the software can take continuous signal measurements. When the start and end points of the path are known, it can make assumptions about where (on the floor plan)  interim signal measurements were taken between the two points walked.

Predictive (Desktop) Surveys
So far, we've only discussed “physical” surveys that involve a surveyor being present on site, assessing the RF environment by taking regular measurements as they move through a survey area. Another survey technique that may be used is a predictive (also often known as a “desktop” or “off-plan”) survey.

This survey again requires a plan to be imported in to the survey software, but also requires information about obstructions in the area to be provided. Obstructions are mapped on to the floor plan, with each obstruction classified by the material that it is made from (e.g. brick, concrete, wood door). The position and characteristics (i.e. the RF loss) of the obstructions are used to calculate/predict the effect on radio frequency signals for access points placed around the floor area. A key input to the calculations performed is the rate at which an RF signal reduces (in a predictable manner) over a known distance (Free Space Loss).

To create  the survey report, “Virtual” APs are placed on to the imported floor plan and the antenna type and transmit power of each AP are configured. The survey software then creates a predictive model of the RF environment and the coverage that the APs will likely provide when real APs are deployed in those same positions. 
  
Physical Dimensions
In both of the survey scenarios we have summarized, the physical size of the survey area is a key component of the recording or calculation of signal measurements, and hence the final report that will be created.

In the case of a physical survey, the coverage provided by each survey point is predicted by the survey software around the immediate area that each measurement is taken. Correct scaling of the survey plan is critical to ensure that the expected signal propagation data is correct across the survey area.

Predictive surveys rely on no measured data at all, so are reliant purely on calculations to show expected RF performance. If the scale of the floor plan used for the survey does not accurately reflect the dimensions of the area surveyed, then the mathematics used to create the predicted coverage data will simply be wrong (and hence, useless).


Floor Plan Scaling

We’ve hopefully presented the case for why floor plans must be accurately scaled to ensure that accurate survey data will be created by a WiFI survey tool. Now we’ll take a look at how we actually achieve this. In theory, it’s a simple operation, which is pretty much the same in all tools: simply highlight a physical object on the floor plan that is a known length (e.g. a building wall) and enter its actual physical measurement. Sounds simple...right?

Once a floor plan has been accurately scaled, we can be confident that the data presented in our survey report is going to be as accurate as possible and will actually reflect the real world. Skipping or short-cutting this step can lead to a whole heap of pain when your final network deployment simply does not work, as your original survey report did not reflect the actual physical area to be covered.

Don’t Use a Door
If there is one piece of advice that you take from this article it’s this: DO NOT use a door on a floor plan to scale your survey project. As tempting as it is, for ease and speed, do not rely on the "known" measurement of what you perceive to be a “standard” door. Unfortunately, I see this approach used by far too many wireless survey engineers, which is simple asking for trouble.

Speaking with various engineers, I have heard that a “standard” door is : 90cm, 1 metre, 3 feet, 3 feet 6 inches, 4 feet….<add your own estimate here>. In short, you cannot assume the “standard” size of any door - particularly if you have never even visited the site in the case of a predictive survey. 

Even if you are on site and can measure a door, looking at the size of the door on the plans of most typical floor plans, can you really accurately highlight such a small area on such a large plan? Even when zooming in to the door on a plan, you tend to end up with an indistinct, pixelated feature (see below).

Fig. 2 - Could you really scale these doors accurately !?
Use Large Features
The door example highlighted above introduces a valuable concept. Smaller features tend to be much more difficult to highlight and measure on a floor plan and are likely to introduce greater margins of error.

For example, we might take a doorway that is perhaps 1 metre (100cm) wide and try to use this to scale our plan. Due to inaccuracies of plotting such a small feature or due to plan pixelation, we may be a few centimetres adrift in our attempted measurement. In terms of a percentage difference between our measurement and the real world, this may easily become a significant proportion. For instance, if our door measurement is incorrect by 5cm, this translates to a 5% error. 10cm would translate to a 10% error. If we then scale this up to the effect on (for instance) a warehouse, you can start to imagine how a 10% error across an area of many thousands of square metres is not a desirable situation. You could easily end up under or over-provisioning, depending on which way your margin of error fell.

The best practice approach is to use as large a feature as you can accurately measure. A small error on a larger measurement is generally going to introduce a much smaller margin of error. For instance, if measuring a 100 foot wall, if your measurement is one or two feet short, you are only looking at a 1 or 2% error: far less damaging than when we tried to use the smaller dimensions of a door.

Measuring Options

Although we’ve established that using the longest measurement you can accurately measure is going to yield best results, you may be wondering exactly how to measure the dimensions of your chosen feature. We have quite a number of choices, but all will yield accurate results if used carefully.

Tape Measure
The most obvious choice for measuring the size of your chosen feature is probably a traditional tape measure. It’s worth choosing one that is longer than the general purpose DIY-type measures which are generally only around 25 feet in length. 100 or even 200 foot tape reels are available which are very inexpensive and will allow measurements of much larger features.

Fig. 3 - Tape measure
 
For even larger distances (generally up to around 1,000 feet), a measuring wheel also provides a good option.

Fig. 4 - Measuring wheel

Laser Measure
Although tape measures and reels provide a very cost effective method of measuring distances, they can be a little cumbersome to use. It may often not be convenient to measure between 2 points due to a variety of obstructions or even staff and machinery moving in the area where measurements are being taken. Also, extended distances may require two people to take a measurement accurately.

A laser measuring device makes taking measurements very fast, accurate and easy. Laser measures generally only require placement on a wall, aiming the targeting laser dot at a remote wall/feature and then clicking a button. In a second or two, one person can quickly and accurately measure between two points, saving the challenges of trying to suspend or place a tape measure between two points.

Laser measures are now relatively inexpensive, with a device capable of measuring up to 100 feet being very affordable (under $90). Measures capable of distances of over 300 feet are also available, but start to become more expensive as the range of measurement extends.

Fig. 5 - Laser measure
Although the cost of a laser measuring tool may appear to be a significant cost, the cost of simply getting measurements wrong should also be borne in mind. Inaccurate measurements can create significant issues when providing a solution which is over or under-provisioned simply due to measuring errors. The potential cost of simply getting a solution wrong justifies the investment in a laser measure (in my opinion) as it provides the most accurate and convenient measurement method.

Google Earth
We have already discussed the merits of taking the largest possible measurement for an area to be surveyed to reduce errors. Occasionally, we may be surveying an outdoor area, or perhaps a large warehouse (or other large building). For these very large areas, it is worth consulting Google Earth.

Providing Google Earth has some relatively recent images of the area of building to be surveyed, it can be valuable in measuring a feature to be used for scaling using its ruler feature. By simply placing the ruler at the start and end of a feature, Google Earth will provide a measurement (in feet, metres, yards, miles etc.).

The caveat to using Google Earth is that you need to beware of buildings that perhaps have over-hanging roof structures which may give you a false size for the dimensions of a building.

The example below highlights the measurement tool within Google Earth, the the yellow line indicating the building length being measured in the upper-centre of the image:

Fig. 6 - Google Earth measuring a building
Drawing Plans
Another very accurate source of building dimensions are architect's drawing plans.

Floor plans may often be supplied in ‘DWG’ (AutoCad) format. Although Autocad itself may be beyond the budget of many of us, the free viewer from Autodesk : Trueview may be used to open the DWG files. The viewer has the capability to measure features (such as walls) directly from the plan to give an accurate measurement of the feature.

The screenshot below shows the Trueview measurement feature:

1. Select the ‘Distance’ option from the ‘Measure’’ button:
Fig. 7 - Measure button in Trueview

2. Drag the cross-hairs along the length of a feature on the plan (in this case, the upper wall of the large building). The length of the feature is shown (millimetres in this case):


Fig. 8 - Measuring a feature in Trueview

Calibrating the Floorplan

After all of our efforts to obtain an accurate measurement of a good-sized floor plan feature, all that remain is to apply the measurement to accurately scale our survey plan.

My survey tool of choice tends to be Ekahau’s SIte Survey tool (ESS). To calibrate a floor plan, we simply import our floor plan image file and then use the calibration tool as shown below:
Fig. 9 - Scaling a plan in Ekahau
Conclusion

In summary, we’ve taken a look at the importance of correctly scaling a floor plan before performing any type of WiFi survey. If you incorrectly scale the floor plans in your WiFi survey project, it literally may not be worth the paper its printed on.

We also looked at the value of using the largest measurement that you can accurately obtain, and discussed the pitfalls of using ("known") small features on a floor plan (such as doors).

Finally we looked a number of methods of obtaining accurate measurements for the area that you plan to survey including physical measuring tools and  software solutions.



(Note: This article contains some affiliate links to a number of products)