Mid Market Mania

Mid Market Mania

By CWNP On 04/03/2008 - 9 Comments

How many times have you visited a small business where the owner or manager is trying to play "techie" due to the high costs of hiring consultants?  To make matters worse, this person also thinks he has a solid grasp on network fundamentals.  He calls you to come have a look at a 'seemingly random, but minor' network problem because he met you 10 years ago for 20 seconds at a seminar you don't even remember attending.

You oblige of course, and...

 

...when you're assessing the situation, he is both overbearing (thinking his presence and constant explanations are helpful) and controlling (wanting you to fully explain everything you're thinking and doing) on a second-by-second basis.  After trying to adapt to the situation, you realize that he is using SOHO infrastructure gear, SOHO Wi-Fi gadgets from companies you've never heard of, and he is in a multi-tenant building where there are at least 40 other heavily loaded 2.4 GHz Wi-Fi access points operating at max power.

Like it's a big surprise, the problem he is complaining about is one of his Wi-Fi gadgets.  You know the type of device I'm talking about, right?  I have a new favorite: the Wi-Fi access point & software-controlled VGA presentation converter appliance thingy.  It does NAT (though it doesn't tell you so), it is an AP and has an Ethernet port (that allows only one client to connect at a time), and configuration and documentation is almost non-existant.  After seeing a gadget like that attached to flat-screen TVs everywhere, seeing a hobbled Linksys Router-become-AP with one external antenna (just because it was free) is no surprise.  A WLAN protocol analyzer reveals at least 40 nearby (and LOUD) APs, so what is a poor consultant to do?

Well first, you talk to the "customer" to understand WHAT THE HECK he's trying to accomplish.  "Strong security like I have with my MAC filters now!" he says... Oh brother.  Then of course, he explains how connecting to each Wi-Fi TV gadget individually is somewhat of a pain, even more so when it doesn't work properly.  You can see where I'm leading, so I won't bore you with the rest of the conversational details.

The bottom line is that the customer wants three things: 1) His TVs to work without a hitch, 2) his WLAN to be reliable and not so complicated, and 3) he wants a different level of operational security for his employees and guests.  He asks for a different PSK for each employee (so that he can doink users easily when/if they leave the company) and a guest portal (after I explain what a guest portal is) for his guests - each user group with their own network privileges (server access, VoIP access, internet speed throttling, etc).  Don't lose sight of the fact that this is a 1-2 AP office who has, to date, splurged on SOHO networking gear.

In my mind it's a done deal...sort of.  Step 1: take those TVs off the WLAN and find a different solution that certainly doesn't do NAT for every TV.  

Step 2: Figure out whether his small office needs only a single AP or multiple APs with a controller.  Find an AP or controller that is suitable for his needs/wants and is reasonably simple to configure.  

Step 3: Did he say he wanted every user to have a different PSK?  Normally in a case like that, we do 802.1X/EAP and give each user his/her own password, but for a small office with one AP, that might not be such a great idea from a time/cost standpoint.  WPA2-Personal and WPA2-Enterprise is available on most APs and controllers, so security isn't a big deal at least.  Having a guest portal on the same WLAN infrastructure is tricky at best with most WLAN controller manufacturers, and not available in most autonomous APs.  Even with the best implementation of a captive portal, you have the issue of keeping traffic separated on the LAN using VLANs - never a fun project.  Lastly, role based access control (RBAC) configuration can range from very simple to very difficult depending on the AP or controller.  There's alot of tricky parts to this last piece of the puzzle.

My question is: How do YOU handle step 3? 

Let's just concentrate on infrastructure connectivity, leaving the other pieces of the Wi-Fi puzzle out for now (like WIPS).


9 Responses to Mid Market Mania

Subscribe by Email
perry george Says:
09/17/2018 at 05:39am
hello ,
great post

play game Says:
09/07/2018 at 01:49am
Here are the many feature for save the all audio system connections for batter working by the bluetooth audio device and wireless display in windows so access the best setting forever.

Maitri Shah Says:
07/30/2018 at 07:39am
free gift code

Antonia Cummins Says:
07/18/2018 at 06:14am
Regardless of whether they got you, you could simply say that it was you that composed the remark. On the off chance that the educator asks Can Someone Write My Essay "then why is the title the same as the task I gave you", you confess to being a karma prostitute and that it was you behind everything to get some succulent upvotes.

Edesy Nerra Says:
07/04/2018 at 01:21am
With the title of Mid Market Mania we can present this blog on different websites. All the websioes are not best for the bestessays.com ideas. The way this blog is mentioned here is a good way and readers will easily understand the quality of this blog. This is truly a perfect blog.

Harvey Norton Says:
06/25/2018 at 04:32am
planet voxel is the new amusement which is the world's ideal and great diversion. Nowadays this diversion is begin another business for us and furthermore indicating us numerous new sort of story through which is beneficial for us writemypaper4me.org review and furthermore demonstrating to us the new way which is beneficial for us.

Justin Runyon Says:
05/22/2018 at 03:53am
When I had find do my research paper for me service and buy my research on it I liked it so much that I asked them give me some sourse that they had been used and they had gived me your blog! Now I read you regular and wants to say thank to you for your work!

Says:
03/16/2009 at 20:08pm
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.

Ruth

http://laptopmessengerbag.info

Says:
04/03/2008 at 22:21pm
This is an interesting scenario and all to common in the enterprise. I think /hope we are on the way to solving this somewhat with NAC/NAP but not with a PSK for every user.

We haven't deployed it yet, but in the next couple of months we will.

Having RBAC through an access server/gateway is going to help solve some of the issues by classify devices and keeping the network running securely and efficiently

Then again Ruckus Wireless started something called Dynamic PSK... now what is that ?

http://www.ruckuswireless.com/pdf/fs-dynamic-psk.pdf

<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More