Packet6

San Francisco Bay Area Wi-Fi Professional Services

Cisco Live US 2018 Is Around The Corner

by Leave a Comment

Summer time brings out the party animal inside of us. While we imaging spending time at the beach and sizzling under the sun, the IT industry plans on attending the Cisco Live 2018 conference.

In 2017, Cisco Live was held in Las Vegas. I showed my excitement last year leading up to the event. We even did a live podcast recording in the World of Solutions with experts from Cisco Advanced Services.

One of the most memorable moments for me at the event was meeting the Customer Appreciation Event performer, Bruno Mars, in person! For about 10 seconds!

Cisco Live 2018

A year later, I am very excited to be attending Cisco Live 2018 in Orlando, FL. This year the theme is Imagine Intuitive. In the previous year they announced The Network. Intuitive. Now we must imagine? I’d like to see where they are going with this.

It’s not too late to register for Cisco Live 2018: Register today for early bird pricing!

Why Imagine? What should we be imagining? Is there going to be a special release to allows the network to do more than intent? We’ll just have to wait and see.

What To Look Forward To

Sessions at Cisco Live 2018 are meant to educate and inspire. This year I am looking forward to learning more about location services. Is there still a need out there? What improvements have been made and how can we better utilize location based services? I’d like to see if it’s extending beyond retail.

Of course, Wi-Fi is what I’m passionate about. There are many sessions I’d like to attend. How does Cisco plan to extend the intuitive IT to Wi-Fi? How can we use programmability, automation, and AI with the wireless network?

With that said, here are some sessions I’m looking forward to:

  • Anatomy of real-time wireless analytics and troubleshooting using DNA Assurance/AIRsense
  • Beginning your journey to Network Automation
  • Cisco Next-Gen Enterprise Wireless Architecture
  • How to Be a Network Engineer in a Programmable Age
  • Wireless Network Automation with DNA Center
  • Securely Designing Your Wireless LAN for Threat Mitigation, Policy and BYOD

The Fun Side of Cisco Live 2018

Leading up to Cisco live will be pre-event contests. Cisco has always done a fabulous job interacting with the community before the event. There are going to be many ways to participate which you can find more info at the Social Media Hub https://www.ciscolive.com/us/activities/social-media-hub-contests.

The contests don’t end when Cisco Live starts. There are contests during the event as well such as the #CLUS Super Photo, Tweetup Retweet, Cape Contest, Best Remote Attendee, and the social Leaderboard.

Customer Appreciation Event at Universal Studios

Education and inspiration is great, no doubt about it. But what I am most excited for is the Customer Appreciation Event. This is the biggest party Cisco Live has ever thrown. For 2018, Cisco will be reserving the entire Universal Studios theme park! On Wednesday, June 13, 2018 from 7:30pm to 11:30pm is when Cisco Live lets loose.

There will be food, drinks, rides, and a multi-artist music lineup. Yep, that’s right, there’s more than one performer!

While at Universal Studios, attendees will have unlimited access to rides such as Transformers, Harry Potter and the Escape from Gringotts, Revenge of the Mummy, and Despicable Me Minion Mayhem. There is also access to Universal’s Islands of Adventure starting at 6pm (non-exclusive).

Who wouldn’t be excited about this?

Guest Speakers

The closing keynote will have guest speakers Dr. Michio Kaku and Amy Webb. The discussion appears to be centered around the future and is meant to inspire and provoke our imagination and exchange of ideas. The closing keynote has always meant to leave us inspired with ideas brewing.

Be Part of a Good Cause

Cisco is donating 500 laptops to NetAcad schools in Florida. But they need your help! Be part of something bigger and help build a Pi-Top onsite. It’s a laptop powered by a Raspberry Pi.

There will be 500 laptops available for assembly. Help out the future workforce and inspire them to do great things with technology!

Conclusion

Cisco Live 2018 is shaping up to be a spectacular event, as always. I look forward to learning more this year how I can use automation with wireless technologies. Getting together with friends, old and new, is always a wonderful experience. I hope to see you there!

Do You Know What’s On Your Network?

by Leave a Comment

Remote networks rarely get the attention as they should. Most network administrators do not know what’s happening on those remote networks. Whether they are operating efficiently, if there are issues, and whether security posture is where it should be. It’s important to get this visibility and insight easily without needing to spend extra resources gathering this information. This is where the Savvius Insight plays a big role.

Network Visibility

Do you know what happens on the networks of your remote sites? Being disconnected leads vulnerabilities left open. The Savvius Insight provides a simple way to monitor remote networks and gain insight into what’s happening. The Insight collects data as it is traversing the network and creates a baseline of activity.

Dashboards are automatically created for the network administrator. Things such as data flows, network protocols, and Expert Trends, are easily available.

With the ability to select a timeframe, the network administrator can get a general overview of how the network is performing. With data such as average utilization, max utilization, and average response time, a network administrator can make a decision based on this information. An example would be monitoring bandwidth utilization, depending on where the Savvius Insight is installed on the network.

Viewing the network overview from Savvius Insight dashboards
Network Overview

Remote networks are often troubled with bandwidth constraints which makes the Insight appliance a good fit for the job. Utilization is already graphed and while correlated by time, the issue can be determined quickly.

Savvius Insight uses graphs to display collected data
Event graphs

Troubleshooting

While bandwidth utilization is often a common troubleshooting task, how about other issues? Another type issue tracked by Savvius Insight is VoIP calls. Call metrics such as MOS scores are tracked and documented over time. Call duration is also trended just in case there are suspecting high usage bills.

The type of codec used during the calls are also graphed over time and how often they are used. There may be a call quality issue that needs troubleshooting and determining the type of codec being used can be helpful.

Savvius Insight monitors all VoIP call experience
Monitoring VoIP calls with Savvius Insight

Security is at the top of every businesses mind. The Insight appliance can be used to track abnormal network activity. A network administrator should know what type of traffic is on the network. With the appliance installed in-line with your ISP, application categories can be tracked in a table.

The name of the application and their category is tracked with a productivity score and risk. If the majority of network bandwidth is being utilized is not a business application, then it has been determined there is a productivity issue in the remote office.

Or maybe there’s an infected host transferring malware, or a host that has been compromised to host malicious activity. The Insight appliance can help trend this type of traffic and display it in an easy to read table.

A list of top applications on the network
Top applications on the network

 

It’s important to keep an eye on the type of protocols running in remote offices to ensure security is not compromised. The most common protocol is HTTPS. Any other protocol, unused in the business environment, should raise a red flag.

If there is a large amount of unknown protocols being utilized during off-business hours then there needs to be further investigation. There is a default graph and table to help bring this visualization to attention without needing to read into large, unreadable, capture files.

Savvius Insight lists the top protocols on the network
Top protocols on the network
Who are the top talkers on the network
Top nodes on the network

Keeping an eye on destination networks is another way of identifying questionable traffic and potential security risks. If countries show up on the list of utilization tables as a destination that the business does not get involved with then there may be a security breach or investigation needs to be looked into why.

Security experts have warned about attacks coming from state-sponsored organizations. Those countries can be tracked with the default Utilization Map. Keep an eye out for countries where no work or connectivity should be occurring. Things to look out for are large amounts of login attempts coming from an unknown country or large amount of traffic being sent or received.

Where is your traffic going?
Geographic utilization map

There is a table providing a sorted list of countries by the amount of Bytes and Packets sent and received.

A table of where your traffic is going to and coming from
Top countries by bytes sent/received

Platform

The Savvius Insight is a small form factor appliance designed for remote networks. Installed on the appliance is the ELK stack. It takes advantage of open source projects, Kibana, Elasticsearch, and Logstash.

The appliance is easy to deploy and just takes a matter of minutes to set up. There is low systems administration with this appliance as it is used to ingest data from multiple sources simultaneously.

The dashboards built-in provide you dynamic visualization data with charts and graphs.

It’s a powerful application with flexible visualization tools allowing you to create custom visualizations and tables with the existing data being collected.

Conclusion

For thin IT teams managing multiple remote networks, the Savvius Insight is a perfect solution with minimal overhead. It provides a network administrator with visibility into a network where it hasn’t had previously. The ELK stack is used for long term network visibility to provide as much insight from collected events.

Success Story: SFAI Deploys 802.11ac Wi-Fi To New Campus

by 1 Comment

Located in the historic Herbst Pavilion in prime San Francisco Bay waterfront, the San Francisco Art Institute (SFAI) opened a new campus at Fort Mason Center. The Fort Mason campus is home to over 160 art students and faculty in a large 67,000 square foot space. There is 4,300 square feet of exhibition galleries which is open to the public, 160+ artist studios, performance spaces, a student lounge, multipurpose teaching spaces and staff offices.

Performing a wireless validation site survey.
Validating the Wi-Fi installation.

SFAI transformed the Fort Mason building on Pier 2. Previously it housed pieces of crates and trash. At one point it used to house military supplies. $50 million later it is beautifully remodeled for SFAI graduate students. A building like this comes with its own set of technology challenges which is SFAI looked to Packet6 to deliver a modern Wi-Fi network with new network infrastructure.

The school’s wireless network was finally due for a network upgrade and the Fort Mason campus was going to get it. Many parts of the campus were still using Cisco 1231Gs, providing 802.11a/b/g to students, faculty, and staff. To make matters more challenging, the access points were autonomous. Each one would have to be managed individually without a central network management system. Keeping up with the demand of Wi-Fi connectivity was a challenge solved with the new Wi-fi access points being deployed at Fort Mason. The students, staff, and faculty can benefit from using 802.11ac with modern devices and SFAI IT can centrally manage their Wi-Fi network.​

quote-left

"The San Francisco Art Institute worked with Packet6 to configure and deploy a Wi-Fi network in our new 67,000-square-foot graduate campus. They helped accomplish this goal quickly and professionally." - Patrick

With SFAI bringing in new technology generations ahead of what they had on campus, they looked to Packet6 for the knowledge and expertise in Wi-Fi design, configuration, and deployment. Packet6 helped to augment the existing IT team to provide a reliable network within weeks of the grand opening of the Fort Mason campus.

SFAI’s goal was to provide a fast frictionless Wi-Fi network to the students, staff, faculty, and visitors. Coverage throughout the campus was a must and more importantly, capacity. SFAI decided to go with the Cisco 3802 access points. The 3802 access point upgraded their network to 802.11ac. A significant upgrade from their 802.11a/b/g Wi-Fi network.

Analyzing the RF environment.
Analyzing the RF environment.

A total of 31 Cisco 3802 802.11ac dual band access points were purchased, mounted, and wired throughout the campus. Powered by a stack of Catalyst 3850 switches and protected by a Cisco ASA firewall, Packet6 configured the switches, firewalls, configured the Mobility Express controllers, and created secure tunnels back to SFAI’s main campus. Initially, the Cisco Converged Wireless was a selected solution. Packet6 made the recommendation to migrate away from Converged Wireless and into an updated and supported platform, Cisco Mobility Express. A pair of the Cisco 3802 access points were converted to primary and standby virtual controllers to manage the other access points.

The location of each access point were predetermined and wired by the building architect. Packet6 utilized these locations and produced a predictive site survey to help visualize what the Wi-Fi network could look like with the Cisco 3802 access points. After the access points were mounted and powered on, Packet6 configured the access points via the virtual controllers according to the RF plan Packet6 designed. A validation site survey was performed to produce a report confirming proper operation and consequently successfully closing out the project.

As a result of the new 802.11ac capable network, students and staff have had pleasant experiences on the Wi-Fi network. From what SFAI IT has heared, “People are very happy with the speed.”

What’s New In Cisco WLC 8.5.105.0?

by Leave a Comment

Cisco 1542i Outdoor Access PointOver the weekend of October 21st 2017, Cisco released wireless LAN controller (WLC) and lightweight access points version 8.5.105.0. We take a look at what is new with Cisco WLC and why we should consider upgrading.

One thing to note is that this release is a repost of 8.5.103.0. Most notably it resolves the AP / Infrastructure vulnerability to the KRACK attack. Cisco had some challenges getting this release out after the vulnerability was published. Over the weekend they had posted an update and then pulled it back.

I have upgraded a few controllers to 8.5.105.0 without any issue.

Here are a few features that stuck out to me in the release notes:

New AP support for Aironet 1540 series, 1815m and 1815t

Of course with newer access points you must be running the latest version of code. I’ve been able to see the Aironet 1540 in person and it’s a small outdoor AP that fits even our aesthetic requirements. The other two I haven’t had experience with it.

Place Aironet 1540, 1560, and 18xx APs into monitor mode

This is a welcomed feature. Monitor mode is used to collect RF channel info that is used with rogue detection, wIPS, and CleanAir. The following Aironet APs that will be capable of going into monitor mode:

  • 1540 series
  • 1560 series
  • 1810 OfficeExtend
  • 1810W
  • 1815
  • 1850
  • 1830

Cisco Spectrum Expert-Remote Sensor on Wave 2 APs

Another great feature. Check out our previous blog post on using Chanalyzer CleanAir accessory. While placing APs into Spectrum Expert mode doesn’t allow it to service clients, it does become a tremendous troubleshooting tool when needed.

New AP Commands

  • show controllers dot11radio 1 antenna – displays last seen power (per antenna RSSI) with the radio port as input.
  • show controllers dot11radio 1 client mac-address – Displays info on what the client is doing (rate selection and streams). Also displays non-zero RX, TX, or TX-Retries (cumulative) for each rate, stream, or width combination

Support for Client-Aware Flexible Radio Assignment

Client-Aware FRA will be supported on Aironet 2800 and 3800 APs. What this allows you to do is set a utilization threshold to turn a monitor mode radio to a client serving 5 GHz radio and vice versa.

The two features are called Client select and Client reset. The default percentage value is 50% and 5% respectively.

  • View FRA assignment settings using the show advanced fra command

Software-Defined Access Wireless

This is for those wanting to enable SD-Access for wireless. We have yet to try SD-Access.

  • Enterprise Fabric

Identity PSK

Identity PSK allows you to configure a unique pre-shared key for devices to join a PSK network. Think about devices that are unable to join 802.1X networks but you don’t want to share one key across all devices. This is useful for IoT devices.

  • Provide devices with unique pre-shared keys to join a WPA-PSK network.

Conclusion

Look out for future updates on the features we’ve listed above. We will be testing the features out and sharing our experiences. Version 8.5.105.0 is the TAC recommended AireOS build for those needing 8.5 features.

Vulnerabilities in WPA2 Wi-Fi with KRACK Attack

by Leave a Comment

The KRACK Attack targets a weakness in the WPA2 key management making secure Wi-Fi networks weak.

KRACK attack logoStatistics gathered by Wigle, show that 60% of Wi-Fi networks are secured by WPA2.  WPA2 is the most widely used method to encrypt Wi-Fi traffic. It’s used in homes and in enterprise networks.  WPA2 is implemented using a pre-shared key or by using 802.1X authentication with an EAP protocol. The KRACK Attack vulnerability is widespread as it affects a flaw within WPA2 key management.

On October 16th, 2017 the KRACK Attack vulnerability was discovered by a security researcher at KU Leuven, Mathy Vanhoef. He is a PhD in computer science and has published many research papers and presentations on the topic of security. Take a read here: http://www.mathyvanhoef.com/p/publications.html. Check out the details of KRACK Attack written by Mathy Vanhoef at http://krackattacks.com.

What Is The KRACK Attack?

The KRACK Attack targets a weakness in WPA2 key management using key reinstallation attacks. An attacker, within range of a victim, can read information which is thought to be encrypted and secure. The ramifications include sensitive information that can be stolen if not transported in a secure method and the possibility of injecting/manipulating data into websites as the attacker performs a Man-In-The-Middle attack.

The KRACK Attack does not affect specific devices but targets the 802.11i amendment which defines the use and operation of WPA2 and key management. Any device utilizing WPA2 is affected.

KRACK Attack specifically targets the 4-Way Handshake process by manipulating and replaying cryptographic messages.

How Does The KRACK Attack Work?

An attacker needs to be in proximity to its victim. While Wi-Fi signals travel quite a distance, the attacker would need to be able to be fairly close in order to perform a Man-In-The-Middle Attack (MiTM). A Man-In-The-Middle attack is required to successfully pull of the KRACK Attack by the attacker. A MiTM attack is when an attacker makes the victim’s traffic go through the attacker before getting to its final destination.

The attacker will spoof a real access point and trick a client into joining the rogue access point but allows Wi-Fi authentication to complete. To pull off the KRACK attack, the attacker will replay a message within the 4-Way Handshake. The flaw here is that the victim’s device will accept the replay of one of these messages when it should not. Thus allowing the attacker to use a previously used key. A key should only be used once and this is the flaw KRACK attack targets.

Is There A Fix?

Yes there is a fix! First of all, there are 10 total vulnerabilities. 9 of the vulnerabilities target the client side. What this means is any client device using WPA2, which is any modern device, will need to be updated. Whether that is iOS, Android, IoT devices, laptops, etc. They all need to be updated by the vendor. Some vendors have already issued updates to fix this issue.

1 vulnerability targets the Wi-Fi infrastructure and major vendors have already begun releasing updates to patch this security issue.

The technical fix to KRACK Attack is to prevent the reuse nonce values. Devices must not accept previously used keys. A workaround on the infrastructure side, such as controller-based wireless LAN controllers or cloud-managed controllers is to disable 802.11r.

Vendors who have released updates (not a full list):

Security

Patch management of devices and infrastructure is critical. Occasional patching keeps you on top of security updates. Vendors keep release notes with their patches which IT can review and implement in a timely fashion.

The key to a successful security plan is to take a layered approach. A firewall is not the only thing you need to secure your network.

Should I abandon WPA2?

No. There are updates being applied to devices and infrastructure hardware to address KRACK Attack.

Should I change my WPA2 password?

Changing your WPA2 password does not resolve the issue as KRACK Attack focuses on key management within WPA2.

Keep your devices updated regularly to stay on top of security patches. This will help protect your network against malicious hackers who try to use these attacks as soon as they are released.

Questions?

Do you have any questions or concerns about the security of your Wi-Fi network? If so, reach out to us using the contact form below.

Cisco Live 2017 – Don’t Believe And Just Watch

by 2 Comments

Cisco Live is the one place where the collective minds of networking gather for knowledge, camaraderie, and shenanigans.

Listen to the Clear To Send podcast episode about Cisco Live 2017.

The Cisco Live Sign at Mandalay Bay

It’s only fitting that Bruno Mars is headlining at the T-Mobile Arena for the Customer Appreciation Event. He’s one of my favorite performers. It’s more fitting that you “Don’t Believe and Just Watch” because Cisco Live is the must-attend event of the year.

The superheroes of networking will unite and you must attend and watch to get the full effect of Cisco Live. It’s also a line of Uptown Funk by Bruno Mars which was filmed in Las Vegas. It’s going to be a fun event for sure.

Cisco Live 2017 is set to be at the Mandalay Bay in Las Vegas from June 25th – 29th. This is the second year in a row in Vegas and the second year in a row for me attending.

If you’re attending for the first time, I hope you got a hotel close to the venue. It’s going to be a long hot walk to the Mandalay Bay but fortunately there will be a constant stream of shuttles from the major hotels. In 2016, I stayed at the Cosmopolitan hotel. It’s a very good hotel but I had to use the shuttle to get to Mandalay Bay.

This year I am staying at the Luxor hotel, right next door to Mandalay Bay. While it’s a much shorter walk, in the heat that can seem like forever. It has to be at least about 2 miles walking from the Luxor to the conference area.

This way to the keynote

With all that walking mentioned, make sure to bring comfortable shoes. There’s going to be a lot of walking. The World of Solutions is a large room full of activities. There are over 300 partners there ready to speak with you. Pick wisely 🙂 In addition, there’s going to be a lot of swag handed out. If swag is your thing at Cisco Live be sure to bring an extra luggage bag just to hold it all. Trust me.

Cisco Live doesn’t stop after the last session of the day. That’s just the beginning. Look out for emails and check out social media for the evening events. There will be various parties and happy hours. After a long day of being fed information, this is a great way to relax and unwind while networking with others in your field of expertise.

Speaking of the sessions, as a wireless expert, my choice will heavily side with wireless and mobility. My favorite presenters are Jerome Henry, Matt Swartz, and Jim Florick. Attend a session from these smart individuals and you’ll leave with many ideas flowing through your mind.

Here are just a handful of interesting Wi-Fi sessions I recommend checking out:

  • CCNA Wireless, master the 802.11 protocols! By Jerome Henry (Tue 27th 8am 2h)
  • Improve Enterprise WLAN Spectrum Quality with Cisco’s advanced RF capacities (RRM, CleanAir, ClientLink, etc) by Jim Florick (Wed 28th 8am 2h)
  • Apple and Cisco: Fast-Tracking the Mobile Enterprise (Monday 26th 8am 1h)
  • Be my guest! – Design and Deploy Wireless Guest Access that Works by Federico Ziliotto (Monday 26th 4pm 1.5h)
  • High Density Wi-Fi Design, Deployment, and Optimization by Josh Suhr and Matt Swartz (Wed 8am 2h)
  • Advanced Enterprise WLAN Deployment (full day seminar)
  • Design and Deployment of Outdoor Wireless Networks by Kshitij Mahant (Thurs 29th 1pm 1.5h)
  • 7 Ways to Fail as a Wireless Expert by Steven Heinsius (Ekahau Webinar)
  • CCIE Wireless Techtorial by Carlos Alcantara and Santiago Lopez (Wed 28th 1pm to 5pm)
  • CCNP Wireless – Candidate’s Choice (Mon 26th 8am 2h)
  • Connected Mobile Experience (CMX) by Darryl Sladden (Thur 29th 8:30am 1.5h)

Other non-Wi-Fi related interesting topics:

  • 5G Radio Access Network Transformation (Cellular Networks)
  • 5G Technology Updates (Cellular Network)
  • Cisco IOT in a 5G World
  • Deploying 4G/LTE for Enterprise and IoT Solutions

Aside from the sessions during Cisco Live, I highly recommend scheduling a Meet The Engineer. This is your chance to bring your ideas/issues/challenges to a Cisco engineer. Last year, Robert Boardman and I were fortunate to sit with Matt Swartz and Jim Florick where we discussed RRM. We left that session with so much more information than we would have gathered on our own. Be sure to schedule the Meet The Engineer session early as they get full quickly.

Another benefit with your Cisco Live registration is a free Cisco exam. This should also be scheduled as early as possible. Schedule it before your sessions. For example, my exam is scheduled on Sunday. It’s going to be difficult to focus during your exam if your head is full of information from previous sessions.

To keep up with what’s happening during Cisco Live I recommend getting on Twitter (get on Tom Hollingsworth’s Twitter list) and following the hashtag #clus.

Getting social at Cisco Live

I will be scheduling a live recording of the Clear To Send podcast so look out for that information as we get closer to Cisco Live. Look out for me at Cisco Live as I’ll be carrying some Clear To Send stickers to give away 🙂

To get updates as soon as they are released sign up for my email list below.

So in short, enjoy yourself at Cisco Live, get comfortable, and “Don’t Believe and Just Watch”