Aruba WiFi software deals with interference, rogue access points
ArubaOS adds voice and video prioritisation
By John Cox | Network World US | Published: 11:35, 15 October 2010
The new version of Aruba Networks' WiFi network software includes code to improve voice and video performance, automatically identify non-Wi-Fi radio interference and trap rogue wireless devices. ArubaOS 6.0, which powers the vendor's controllers, is part of a trend by wireless LAN vendors to add features intended to improve WiFi signal quality, reduce interference, and strengthen manageability and security.
The new version of ArubaOS now adds:
- Support for the encrypted signal protocols used in BlackBerry Mobile Voice System for VoIP calls over WiFi.
- An embedded spectrum analyser, built into the Atheros WiFi chipset with controller-based reporting and analysis, can find and identify non-Wi-Fi radio sources.
- Code that can run more precise RF scans to identify threats from rogue WiFi devices, and then trap them by luring them to connect to fake access point.
The company added support for BlackBerry MVS in April 2010, and now becomes part of ArubaOS 6.0. Aruba's embedded firewall can now recognise the encrypted MVS traffic and give it priority over WiFi connections, an important step in minimising latency problems for voice and video traffic.
Related Articles on Techworld
The new spectrum analyser incorporated on the WiFi chip in Aruba 802.11n access points lets the controller extract a wider array of spectrum data and analyse it. The change lets IT monitor for non-WiFi radios that could affect wireless performance or pose a threat to the corporate WLAN.
The access points have to be set to what Aruba calls "monitor mode" to generate his data. In the future, they will be able to act as either dedicated RF monitors or as standard data access points that can also pass RF information on to the controller, according to Ozer Dandurmacioglu, Aruba's manager of product marketing.
The Aruba wireless intrusion prevention system now incorporates software from Aruba's Network Chemistry acquisition. Dubbed "TotalWatch," this code sifts the RF spectrum in 5 MHz channels. That's important because without this granularity, an attacking WiFi device only shows up "white noise" in a standard 20 MHz WiFi channel: the more precise TotalWatch can identify the specific threat, according to Dandurmacioglu.
TotalWatch also now monitors the 4.9GHz frequency, which is set aside for dedicated public safety WiFi applications.
A related technology more efficiently blocks the rogue devices once they've been detected. Traditionally, intrusion prevention systems have sent out continuously deauthentication frames to the attacker, forcing it to disconnect from the access point. But this consumes a lot of both bandwidth and airtime, according to Aruba. The new version of ArubaOS now can create a fake access point to which the attacker connects.
But then the network simply doesn't respond to the requests being made by the attacker's WiFi adapter. While the human behind the attacks intervenes to puzzle out what's wrong, the controller is alerting the IT department and tracking down the attacker's location.
ArubaOS 6.0 will ship on all future controller models and is available now for free download by current customers from the Aruba website. Controller and access point pricing is unchanged.
Aruba is also releasing three documents, drawn from working with its enterprise customers, on WiFi best practices in three areas: a reference design for creating high-density networks in spaces like auditoriums, a white paper on deploying Apple iPad tablets on enterprise WiFi networks, and a third party test report on the performance of Aruba's RF management features in high density WiFi networks.