Close

HPE Aruba Networking Blogs

The Wi-Fi Client Conundrum

By Jonathan Davis, Contributor

The best way to ruin a perfectly designed Wi-Fi network is to add clients. But without clients, what good is the wireless network? The stations provide purpose for the wireless network. Wi-Fi without clients is a wasted budget item.

Well-trained wireless engineers know that Wi-Fi design starts with the least capable, most significant device. Design decisions for a WLAN are all based on the clients it will serve. After the design phase, the network gets built, clients join, and Wi-Fi serves its purpose.

Clients, however, are messy. Client performance can vary widely based on drivers or firmware. The same wireless chipset may perform exceptionally well in a mobile device, but marginally in an IoT device all due to decisions made on the part of the manufacturer.

Additionally, Wi-Fi networks take on a life of their own; they change constantly. More requirements are placed on a well-built Wi-Fi network as it gains confidence from the business. New devices and applications become mission critical. The individual devices themselves change too; drivers, firmware, and use cases. Yesterday's least capable, most significant device might not exist on the network tomorrow. How do network owners quickly identify and separate client issues from network issues?

Aruba, a Hewlett-Packard Enterprise company, spent a lot of time at Atmosphere 2019 discussing ways to better support clients. That focus revolved around two very different, but complementary products.

Aruba User Experience Insight (formerly Cape Networks) provides a consistent and extensive health check of the network from the perspective of a client. It verifies much more than "Can I see the SSID Beacon?" and within seconds it answers:

• Are RADIUS, DHCP, and DNS servers available and responding within reasonable windows?
• Are critical internal services available to clients via Wi-Fi or Ethernet?
• Are vital external services (i.e., SaaS apps) available to clients via Wi-Fi or Ethernet?
• Does client throughput match expectations?

User Experience Insight amplifies the root cause of many issues above the noise floor caused by inconsistent user complaints. Problems are documented, packet captures saved, and alerts are presented visually and emailed without making a demand on the network owner. Aruba also released ClearPass Device Insight. Rather than profile the network like User Experience Insight, ClearPass Device Insight profiles the ever-expanding set of clients on that network.

As expected from a product with the ClearPass name on it, the client identification provided by Device Insight is intentionally a security product. Through integration with ClearPass Policy Manager, network access can be granularly managed for devices ensuring they can reach needed systems and resources without providing access that could be misused by bad actors.

There are plenty of solutions which 'identify' devices based solely on MAC OUI. ClearPass Device Insight goes further. It uses local deep packet inspection (DPI) and a cloud-based analyzer to identify clients by hardware type, OS version, accessed applications, and ports. Taken a step further, when clients cannot be auto-identified by the intelligence in the cloud, Aruba utilizes advanced machine learning to help network operators self-identify unknown devices, and once verified, other customers reap the benefits. Cloud sourcing device identification quickly builds an extensive list of known systems, even from those in very specialized verticals like healthcare.

Additionally, Device Insight is always updating its fingerprint for attached network devices. As clients evolve through firmware and software updates, their baselines update appropriately. That key functionality reduces false positives and highlights out-of-character behavior when it does take place. Further, security is enhanced as devices with known exploits are easily found and unsupported devices added by Shadow IT, end-users, and intentional bad actors are easily identified.

Device Insight can also help us when supporting Wi-Fi clients. As the requirements placed on Wi-Fi networks continue to evolve, network tuning that best assures availability and performance becomes paramount.

Beyond security, ClearPass Device Insight offers beneficial visibility to network operators who need to make performance tuning decisions. Decisions made regarding minimum basic rate, roaming features (802.11r,k,v), channel widths, and band selection all require knowledge of which clients access the network. The least capable, most significant client, while still relevant, is only part of the consideration for these decisions. All Wi-Fi clients are significant to the network owner.

As clients are identified, stations which could be causing performance issues, while meeting all security requirements are also identified. For example, a heavily used 802.11b wireless printer that is still connected and serving clients may be entirely secure and meet all of the requirements to be on the network. However, the performance impact on network airtime cannot be understated.

Together, Aruba User Experience Insight and ClearPass Device Insight work hand-in-hand to ensure network operators have clear visibility into network performance and critical details about the clients accessing their networks. That information facilitates troubleshooting issues and clear security and network tuning decisions based on hard data rather than best-effort-guessing.