WifiNigel

Plans for new spectrum allocation for WiFi networks in North America are regular fodder for many blog and news articles that I  see scrolling past in the many RSS feeds that I monitor for WiFi related news. However, information about plans for additional spectrum allocation within the UK isn't quite so widely covered (in fact, I'd go so far as to say that it is largely ignored). But, here in the UK we still face the same issues as many other areas of the world: an explosion in mobile devices, massive deployment of WiFi networks in homes and businesses, and an ongoing increase in bandwidth demands. WiFi in the UK operates on both the 2.4GHz and 5GHz bands. We have 13 channels allocated for WiFi on 2.4GHz, but for practical purposes, only 3 may be used across a wireless LAN. On the 5GHz band, we have 19 channels allocated to WiFi, but are generally limited to using only 16 of those channels due to restrictions in supporting 3 channels that may interfere with weather rada

The Microsoft Network Policy Server (NPS) is often used as a  RADIUS server for WiFi networks. It can provide authentication and authorization services for devices and users on a wireless network in a Windows Active Directory environment. In this article we look at how we can use NPS to provide authentication for WiFi users across a number of SSIDs. We have previously discussed how to authenticate groups of users using the same SSID and then assign them to a VLAN that is appropriate to their security authorization. However, there may still be instances where two or more SSIDs are in-use on a wireless network and we would like to base policy decisions on the SSID that the authentication request is being generated from. As an example, if we consider a school, perhaps we would like students to only be able to authenticate if they connected to the SSID: "Student_Net". Similarly,  staff should only be able to connect using the SSID: "Staff_Net". This would

The Microsoft Network Policy Server (NPS) is often used as a  RADIUS server for WiFi networks. It can provide authentication and authorization services for users on a wireless network. In this article we take a look at how users can be dynamically assigned to a VLAN that suits their account privileges, using RADIUS attributes passed back from NPS to the RADIUS client (usually a wireless LAN controller or access point). This method of assigning a user to a particular VLAN based on their login credentials is also known as Role Based Access Control (RBAC).  As wireless networks have grown to provide more and more services to organisations, the practice of creating a new SSID for each new service required has fallen out of favour, as each SSID adds more overhead to the RF medium, reducing the available bandwidth for all wireless services.  Best practice in terms of the number of SSIDs you should have available from your wireless network is generally accepted to be around 4

Just thought I'd post up a gotcha I hit today around Cisco N+1 redundancy. In summary I had a primary Cisco 5008 WLC (AIR-CT5508-50-K9) with a 5508 HA WLC (AIR-CT5508-HA-K9). I set it up for N+1 redundancy as per the Cisco guidelines (note HA, not SSO): http://www.cisco.com/c/en/us/td/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide/N1_HA_Overview.html Both WLCs were running 7.4.121.0 code. The APs joined the primary controller as expected with no problems. However, when I failed the primary WLC, the APs would not join the secondary. A debug of CAPWAP events on the HA controller revealed the following messages: *spamApTask2: Mar 17 12:34:43.679: 1c:1d:86:xx:xx:xx Discovery Request from 192.168.1.1:53528 *spamApTask2: Mar 17 12:34:43.679: 1c:1d:86:xx:xx:xx Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0 *spamApTask2: Mar 17 12:34:43.680: 1c:1d:86:xx:xx:xx Discovery Response sent to 192.168.1.1:53528

The Microsoft Network Policy Server (NPS) is often used as a RADIUS server for WiFi networks. It can provide authentication and authorization services for users on a wireless network. Generally, NPS is used with various EAP methods (e.g. PEAP, EAP-TLS) that require a certificate to be presented by the NPS server to the client as part of the authentication exchange. The certificate proves the identity of NPS (the RADIUS authentication server)  to the client and is used to derive keys to build a TLS tunnel for the secure exchange of credential information. Most of the time, a Microsoft PKI infrastructure is used to issue a certificate to the NPS server, which is a relatively straightfoward process that is well documented in official Microsoft documentation. However, there may be times when you want to fire up a version of NPS (perhap s in a lab or POC environment) and just put on your own self-signed certificate, instead of having the additional overhead of getting CA serve