Wireless IP, The Killer Application !?

My website and thesis captures the essential elements in the convergence path of wireless networks and Internet protocols resulting in the new paradigm of "Wireless IP." It covers all the important 1G/2G cellular technologies that I have seen in the past decade, along with 3G and 4G, Wireless Local Area Network (WLAN) technologies,including modifications required in protocols, architectures, and framework in virtually every area such as QoS, security, mobility, and so on.

The thesis can be useful for anyone who is interested in the convergence of the wireless and IP networks and for them who need to understand how packet data services and IP work in the wireless world. Furthermore, the thesis represents my views and opinions , based on my technical understanding and experience in these areas

Because the increase of higher system capacities and data rates provided by latest and proposed wireless network technologies, and their closer integration with the Internet enabled by the IP technologies used in these wireless networks are enabling many new ways for people to communicate.
Also people on moving vehicles (e.g. cars, trains, boats and airplanes) may access the Internet or their enterprise networks the same way as when they are at their offices or homes. They may be able to surf the Internet, access their corporate networks, download games from the network, play games with remote users, obtain tour guidance information, obtain real-time traffic and route conditions information.

Wireless networks are evolving into wireless IP networks to overcome the limitations of traditional circuit-switched wireless networks. Wireless IP networks are more suitable for supporting the rapidly growing mobile data and multimedia applications.
IP technologies (such as Mobile IP) are the most promising solutions available today for supporting data and multimedia applications over wireless networks. IP-based wireless networks will bring the globally successful Internet service into wireless networks. The mobile or wireless Internet will be an extension to the current Internet.

Advanced mobile data and multimedia applications such as; MMS, play games in real time with remote users, Voice over wireless (VoIP calls) and broadcasting of audio and video advertisements to mobile phone users such as: advertiser supported phone calls, Wireless IP-enabled radio and watch TV, will grow very fast. New IP broadcasting techniques such as DVB-H (Digital Video Broadcasting for Handhelds), will make it possible to bring video broadcasting services to handheld receivers.

In particular, the growth of advanced mobile data and multimedia applications such as Voice-over-IP (VoIP) help increase multimedia traffic over the wireless networks significantly. Thus, Wireless IP can also be a killer sometimes. Therefore future Wireless IP networks can only be able to service those mobile data and multimedia applications without congestions in the Wireless network, if those Wireless IP networks are ready for it. In other words, "those networks need to be controlled (e.g. by QoS parameters or other specific protocols) end must have enough bandwidth to support all this types of services. Wireless networks and the IP technologies within those networks have to be reviewed and evolved constantly.

Remark these words:
The traffic on broadband wireless networks will be increasingly IP

Archive for August, 2013

Access Point: SS-300-AT-C-55
AirTight Networks, the premier provider of wireless intrusion prevention (WIPS) and secure Wi-Fi access products and services announced today that Gartner has rated AirTight “Strong Positive” in its 2012 Marketscope for Wireless LAN Intrusion Prevention Systems. A “Strong Positive” is the highest rating possible in a Gartner Marketscope. Vendors were evaluated on five criteria – customer experience, offering (product) strategy, overall viability (business unit, financial strategy, organization), marketing execution, product/service.
About AirTight’s Products 
The AirTight SpectraGuard solution family has achieved industry leadership based on patented technology that blocks wireless threats immediately and automatically, locates wireless devices and events with pinpoint precision and eliminates the false alarms that plague busy network operations and IT professionals.
Both its onsite WIPS product, SpectraGuard® Enterprise and AirTight Cloud ServicesTM are low touch solutions providing easy deployment, automated scanning and reporting and Secure Wi-Fi Access with little human intervention
AirTight’s Patent Portfolio
AirTight invented and delivered the first comprehensive WIPS in the industry and pioneered autoclassification which eliminates the need for manual methods of base-lining wireless security which are expensive, error prone, hard to sustain and not scalable. AirTight received a patent on its WIPS invention in the United States, the 7,002,943 patent.


AirTight now has a total of 24 U.S. and three international patents (UK, Australia and Japan) granted. It has more than 20 U.S. and international patents pending, many of which are undergoing active examination at patent offices of various countries and are expected to be granted this year.

Special thanks to:
Paul Lorilla
Devin Akin
Bill Dohse
Stuart Tatik
Anthony Paladino
…for the live demo/presentation on September 10, 2013

Special Thanks to Tom Haak, Director Sales, Munich, Germany

..for the AirTight WLAN gear (AirTight-C-55 en C-60 Access-Point) and for the (small) T-shirt…you know what I mean 😉


Comments (0)

Wi-Fi always "on"

Posted by: | Comments (0)
Outdoor Wifi 25dB yagi antenne 2.4G with RP-SMA connector.

Main Technical Specifications:
4.Polarization Type:Linear Vertical
5.Rated Power: 100W
6.Input Impedance:50 Ohms nominal
7.Dimensions:16x 16x 440mm
8.Cable lengte 0.5m
9.Connector Type:RP-SMA
Comments (0)

AirTight Networks is the global leader in secure cloud Wi-Fi solutions. The company’s award-winning family of products and cloud services brings together a true carrier-class multitenant cloud architecture, breakthroughs in Wi-Fi analytics, manageability, ease-of-deployment and cost-effectiveness, as well as AirTight’s longtime top-rated WIPS technology. AirTight’s global customer base consists of leading enterprises in the government, financial, technology/telecom, manufacturing, health care, retail and hospitality sectors.

AirTight Networks is uniquely positioned to take advantage of a major confluence of forthcoming Wi-Fi market changes and requirements – >With
1) a scalable, plug-n-play, API-enabled, elastic cloud
2) controller-less technology
3) innovative and industry-leading security offerings
4) cost-effective, high-performance, feature-rich access points,

….no other vendor is as well-positioned to take on managed services, plug-n-play enterprise Wi-Fi, and a wide variety of cloud services. The need for uncompromising, flexible, and robust security (without the complexity that’s normally associated with it) has become a top-of-mind issue, and AirTight is the unmistakable leader in this area.

CWTS® – Certified Wireless Technology Specialist: (Fundamentals)
(former: Wireless#)The CWTS certification validates the knowledge of enterprise WLAN sales and support professionals who must be familiar and confident with the terminology and basic functionality of enterprise 802.11 wireless networks.

CWNA®  – Certified Wireless Network Administrator: (Administration)

The CWNA certification is the foundation level enterprise Wi-Fi certification for the CWNP Program, and CWNA is required for your CWSP and CWNE certifications. Your CWNA certification will get you started in your wireless career by ensuring you have the skills to successfully survey, install, and administer enterprise Wi-Fi networks.

CWSP®  – Certified Wireless Security Professional: (Security)
The CWSP certification is a professional level wireless LAN certification for the CWNP Program. The CWSP certification will advance your career by ensuring you have the skills to successfully secure enterprise Wi-Fi networks from hackers, no matter which brand of Wi-Fi gear your organization deploys.
CWDPTM –  Certified Wireless Design Professional: (Design)
The CWDPTM certification is a professional level wireless LAN certification for the CWNP Program. The CWDP certification will advance your career by ensuring you have the skills to successfully design enterprise Wi-Fi networks for a variety of different applications, deployments, and environments, no matter which brand of Wi-Fi gear your organization deploys.
CWAP® Certified Wireless Analysis Professional: (Analysis)
The CWAP certification is a professional level wireless LAN certification for the CWNP Program. The CWAP certification will advance your career by ensuring you have the skills to successfully analyze, troubleshoot, and optimize any enterprise Wi-Fi network, no matter which brand of Wi-Fi gear your organization deploys.
CWNE® Certified Wireless Network Expert: (Wi-Fi Expert)

The CWNE (Certified Wireless Network Expert®) credential is the final step in the CWNP Program. By successfully completing the CWNE requirements, you will have demonstrated that you have the most advanced skills available in today’s enterprise Wi-Fi market.

The CWNE certification assures that you have mastered all relevant skills to administer, install, configure, troubleshoot, and design wireless network systems. Protocol analysis, intrusion detection and prevention, performance and QoS analysis, spectrum analysis and management, and advanced design are some of the areas of expertise you will need to know.

so in summary:
Comments (0)

WLAN Product footprint:

In 2002 Huawei developed its first generation entreprise-level WLAN products.
Huawei released the second generation WLAN products in 2008 together with providing devices for telecom providers all over the world.
The new generation 11ac AP prototype leads the industry with innovative technology and they provided WLAN devices for enterprise clients in 2012.
Today (2013) they will deliver a series of WLAN solution to their enterprise clients.
For example mobility office, video surveillance backhaul, location services and so on.
Solution and Scenario:

Solution Ia: Mobility Office-Large Enterprise:

Scenario: Employees holding its own mobile terminal into the wifi intranet. Large enterprises rely on WLAN infrastructure and policy server to identify the type of terminal, and then IT administrators will give users appropriate permissions according to roles and terminal type.
Selling points could be:
* Identify terminal by server: The devices fingerprinting is built into policy server, and accurately iidentifies terminal type (iPhone,iPad, notebook)
** On-boarding of new terminals: Employees bring a new device into the wifii network for the first time, then it should be simple and ideally self-service with on self-registration platform.
*** Flexible Context-aware policies: With device fingerprinting, IT can enforce flexible policies like permit iPads on the corporate network or deny Android devices, or even restrict bandwidth for iPhone applications. Policies should include role, device type, time segment.

Solution Ib: Mobility Office-Small Business:

Scenario: The small business would not like to buy the terminal identification and policy management components because of costs limitations. WLAN controller intergrated with terminal identification and built-in portal authentication function, can help to implement basic network access control for small business
Selling points could be:
* Small business Mobility Office Solution: WLAN controller is capable to identify the types of smart phones, tablet Pad and the PC terminal and matched the type from database. On the other hand, due to the built-in portal server and local AAA server, WLAN controller will be issued different authorization according to the different types of terminal and user role.
** High performance and small capacity: Within the Huawei WLAN portfolio controller AC6005 supports the full inspection up to 4G forwarding capability with DTLS encryption, twice forwarding than others similar devices


Solution IIa: Wireless Education:

Electronic classrooms, smart terminal with wifi access
Wired and Wireless unified access to campus network
Selling points could be:
* Radio Resource Managment (RRM):
– Dynamic Channel Assignment (DCA)
– Dynamic Transmit POwer Control (TPA)
** All kinds of AP meet your equipment: Indoor AP for school building or library, indoor DAS of dormitory, outdoor AP for square or stadium. There is Always a AP meets your requirement.
*** Intergrated wired and wireless network: The same security policies wherever you are, the same user experience whether wire or wireless. Wireless and wired networks are seamlessly interconnected, reducing network management and maintenance costs

Solution IIb: Wireless Primary Education:


Multimedia information and interactive information promote teaching methods change, homework on network, E-book package, Airplay applications need more density coverage, more higher bandwidth, more sensative real-time services.
Selling points could be:
* Electric Classroom:
– High Density Coverage
– Wifi Multicast transform Unicast technology
– Video Stream Optimized
** Flexible Authentication:
– Repeatedly permission after once authentication Success
– Centralized authentication archirecture
– Distributed authentication architecture
– MAC and Portal Mixed authentication
*** Seamless Roaming:
– Layer 2 roaming and Layer 3 roaming
– Fast Roaming Technology (key cache)
*** Local WEB management:
Web network management built-in WLAN controller


Solution IIIa: Wireless Video Surveillance backhaul:

-Wireless video surveillance was used to deploy at such as Camous, Square, tourist attractions.
– Including Point-To-Point, Point-To-Multipoint, relay, ring network varied of wireless transmissions.
– Outdoor equipmnet work in storm, rain, high and low temperature (-40 to 60 degrees) varied of   environment.
Selling points could be:
* Plug and Play:
New Mesh AP nodes do not need to be preconfigured, the new MAP access network automatically and downlaod configuration profile as required.
** Flexible networking:
The Huawei wireless video backhaul supports WDS (Wireless Distribution System) and Mesh mode.
The WDS mode provides greater transmission bandwidth; and the Mesh mode provides redundant link protection.
*** Solar-power supply mode
**** Support IP67 standard for a variety of outdoor environment.

Solution IIIb: Video backhaul – Camera Access Solution:

Solution IVa: Video backhaul – Solar power supply:

– Rivers, deserts, no man’s land is not easy to accept manis supply areas
– Monitoring ports locate spread around, lead to can not provide mains supply convenience.
Selling points could be:
* Mixed supply of solar-power and diesel machines:
When it rains the diesel machine start work.

Solution IVb: WLAN reliability – AC 1+1 backup:

Improve the reliability of the wireless business off the medical industry, deploy dual controller made redundant backup. The dual controller work at the same time, not only implement load balance of Wifi traffic, but also reduce risk of single controller failure.
Selling points could be:
* Dual Link Mode:
AP establishes CAPWAP tunnel to two controllers respectively. Backup channel that established between the two controllers synchronous end user’s status information.

When the primary capwap channel failed, the backup controller can be immediately change master controller, user service will not be interrupted.

** VRRP Mode:
A VRRP group consist of master controller and backup controller, the master is active and the backup is standby. Backup channel that established between the two controllers synchronous end user’s status information, AP entries and CAPWAP link information.
When master controller fails, VRRP mechanism to quickly switch the standby controller to be master. While supporting BFD for VRRP, we can support millisecond failure switchover.

Huawei WLAN AP Product Portfolio:

Huawei’s new features:

I Flexible Mesh Networking
II Zero-Touch Configuration of Mesh AP’s
III AC 1+1 Hot Standby (HSB & VRRP)
IV AC 1+1 Hot Standby (HSB & CAPWAP Dual Link)
V WIDS/WIPS: Wireless Attack Detection
VI Rogue Device Identification and Countermeasure
VII Terminal Type Identification
VIII Roaming and Seamless Awareness
IX WLAN RFID Positioning
X Fat AP
AP can be used alone, independent completion of user access authentication, data security, service forwarding, QoS and other functions.

Phase I: IAP (Instant AP) – a controllerless WLAN solution:

To get an Aruba Instant WLAN up and running you need to configure one Aruba Instant AP over the air using a simple wizard-driven process.

To configure additional Aruba Instant APs, simply connect and power them up. The first configured AP automatically becomes a primary Aruba Instant Virtual Controller and configures all the other APs.

Offering over-the-air provisioning, there’s no need to modify an IP address to configure Aruba Instant. Just power up and connect an Aruba Instant AP to the LAN, and open a PC browser to automatically access the Aruba Instant user interface login page.

* Fully distributed architecture:

In the event of a primary Virtual Controller failure, another Aruba Instant AP automatically takes on the role with no disruption. The primary Virtual Controller operates like any other Aruba Instant AP with full WLAN functionality

The Aruba Instant product family consists in this case IAP-135.
The IAP-135 maximize mobile device performance in the most extreme high-density Wi-Fi client environments.

Aruba Instant is the only wireless networking solution to combine high-end enterprise WLAN capabilities with affordability and unmatched configuration simplicity. It requires no ongoing service fees, no additional license fees, no management appliances and no external controller.

** Adaptive Radio Management:

Aruba’s signature Adaptive Radio Management (ARM) technology automatically manages the WLAN’s 2.4-GHz and 5-GHz radio bands to optimize Wi-Fi client performance and mitigate RF interference. It also ensures that each Aruba Instant AP uses the optimal channel- and transmit-power for its RF environment.

ARM™ additionally offers priority traffic handling, channel load-balancing, band steering, airtime fairness and other quality-of-service (QoS) controls to ensure that the available Wi-Fi bandwidth is fairly distributed to all mobile devices on the WLAN.

*** Virtual Controller Technology

The Aruba Instant Virtual Controller technology provides security, consistently high performance, scalability, and other enterprise-class network access services without requiring a dedicated controller.

Utilizing an adaptive, self-organizing wireless grouping, the Virtual Controller technology supports multiple Aruba Instant APs across wired LANs and over the air through the mesh, enabling the WLAN to scale effortlessly.

Aruba Virtual Controller technology centralizes the functionality needed to configure and manage the Aruba Instant network. Aruba Virtual Controller technology delivers a wide range of enterprise-class WLAN capabilities required by enterprises that have multiple remote locations:

a. Reliability
b. Mobility
c. Guest Access
d. Scalibility
e. Cloud-based firmware server
f. Built-in migration path

**** Instant Security:

1.Authentication & Encryption:

Aruba Instant supports over-the-air authentication using pre-shared keys or 802.1X, which uses WPA2 for strong security and an internal or external RADIUS server.

Each Aruba Instant AP has an instance of a free RADIUS server that maintains a distributed database of up to 256 users. When using internal RADIUS for 802.1X authentication, customers can load certificates and terminate EAP-PEAP, EAP-TTLS and LEAP.

2.Integrated Firewall:

The Aruba Instant integrated firewall inspects traffic from each user session and allows or denies that traffic before it traverses the wired and wireless network. The firewall monitors all data entering or leaving the network, blocks data that does not satisfy specified security policies, and prevents unauthorized users from accessing the enterprise network.

3.Traffic Separation:

Aruba Instant supports up to six SSIDs per Virtual Controller, which gives enterprise organizations the flexibility to separate WLAN traffic based on user role and traffic type. For example, school district employees can be assigned to one SSID, students to another, and guests to a third.

4.WIPS (Wireless Intrusion Prevention):

Aruba Instant includes a wireless intrusion protection system that safeguards the network from unauthorized or rogue APs and clients, and other devices that can potentially harm network operations.

The wireless intrusion protection capability also logs information about unauthorized APs and clients, and generates reports, making Aruba Instant fully PCI compliant. To prevent malicious APs from associating with network, administrators can turn on rogue AP prevention and disable the auto-join function, which ensures that only authorized Aruba Instant APs are allowed to connect.

5.Content filtering:

With an OpenDNS service subscription, Aruba Instant delivers integrated web filtering, malware and botnet protection to every device connected to the WLAN.

With content filtering, administrators can create Internet access policies that allow or deny user access to web sites based on categories and security ratings. Content filtering also prevents known malware hosts from accessing the WLAN, reduces bandwidth consumption and improves employee productivity by limiting access to certain web sites.
6.Operation System Fringerprinting:

The OS fingerprinting feature gathers information about each client connected to an Aruba Instant WLAN to determine what OS the client is running. This information enables IT to identify rogue clients, including clients running an OS not allowed on the company network, as well as clients with an outdated OS.
Phase II:  – a controller managed WLAN solution:

Details will follow.


My Special Thanks for providing the Aruba WLAN kit go to:

Keerti Melkote
Chief Technology Officer of Aruba Networks

Paul van der Wilk
Country Manager Belgium Netherlands and Luxemburg at Aruba Networks

Herman Robers
‎Systems Engineer Benelux at Aruba Networks

Gert de Wever
Senior Systems Engineer at Aruba Networks

Comments (0)
Details will follow.
Categories : Events
Comments (0)