Vendor Neutral Hands-On Labs Using Open-Source Products for Wireless

Session S3F Vendor Neutral Hands-on Labs using Open-Source

Products for Wireless Networks Courses

Hetal Jasani Northern Kentucky University, [email protected]

Abstract - In this paper, an undergraduate computer Technology (IT) programs emphasize the hands-on based information technology special topic course in mobile active learning, the previous approaches taken by other and wireless networks is presented which is developed programs (computer science/engineering programs) are not based on many hands-on lab activities. In learning the suitable for IT programs. It is also universally accepted that concepts of wireless networks via hands-on labs, students hands-on experiments are the best way to enhance the get ample opportunities to understand the underlying students’ learning which facilitates collaborative based principles and concepts of wireless networks. These active learning [2]. hands-on labs are chosen to provide sufficient challenges The goal of mobile and wireless networks course is to to the students that prepare the engineers and familiarize students with several different wireless technologists for the next generation solutions. The level networking technologies through a series of laboratory of difficulty for this course requires the prerequisites of experiments using small-scale test beds. The protocols and networking course. The course requires the students to standards include IEEE 802.11 (a, b, g or simply WiFi) [3]- collaborate among them and participate in active [4], Bluetooth (IEEE 802.15) [5], WiMAX (802.16) [6], etc. learning based modules. This paper elaborates The Computer Information Technology (CIT) program [7] in innovative projects that are suitable for laboratory work the Department of Computer Science [8] at Northern in computer information technology curriculum. It Kentucky University [9] offers several courses in explores both hardware and software components that networking and system administration. In general, students are now being used for practical exercises in wireless learn about many networking systems, but have rare networks courses. This paper discusses the hands-on labs opportunity to learn wireless networking technologies. A for wireless networks such as Medium Access Control newly designed special topic course of Mobile and Wireless layer settings, upgrading the firmware of wireless Networks with hands-on laboratory experiments has devices, etc. In addition, this paper also illustrates the demonstrated effectiveness in teaching the concepts of wireless security labs which discuss how to set up Wi-Fi different wireless network technologies. This course has Protected Access on Cisco and Linksys wireless access been offered to provide a practical view of mobile and points (AP). wireless networks. The course assumes that students have basic knowledge of networking (i.e., students have taken Index Terms - Mobile and wireless networks, Hands-on labs, first course of network administration). Course development, Collaborative/active learning In the rest of the paper, we focus on specific approaches taken at our CIT program. The general course development INTRODUCTION approach is discussed. Some hands-on labs are illustrated. The field of wireless networks is dynamically changing due The assessment from the mobile and wireless course in CIT to the advances in the technologies. It becomes more and Program is elaborated. The Conclusions on developing more vital as people spend more and more time connected to mobile and wireless network course is presented. the network from anywhere anytime. Many areas of wireless RELATED WORK networks demand highly trained personnel to solve the new challenges such as site survey, wireless security, etc. There Wireless networks course training is often integrated into is a great demand of technicians and engineers who can existing courses or as a separate course using various tools maintain and secure the wireless networked environment. in projects. Many universities have used different While electrical and computer engineering and computer networking protocols and devices for hands-on labs in science curriculums offer students few wireless networking networking courses. Hands-on based training in these courses; this may not enough to train network professionals wireless networks technologies is not common at the college with the proper background on the newer wireless level for undergrad curriculums due to the cost and technologies. Although many courses on computer and complexity of devices/configurations. wireless networks have been developed in these programs, The course is proposed using OPNET modeler to model they are primarily focused on in-depth mathematics, the HAIPE (High-Assurance Internet Protocol Encryption) algorithms, and theory. Many of these courses don’t use technology [10]. The problem of using OPNET is that hands-on labs that are the preferred learning style of students may not be engaged as much as they do in doing information technology students [1]. Since Information hands-on labs. They have used OPNET because HAIPE is a 978-1-4244-6262-9/10/$26.00 ©2010 IEEE October 27 - 30, 2010, Washington, DC 40th ASEE/IEEE Frontiers in Education Conference S3F-1 Session S3F fairly new encryption technology similar to Internet Protocol Control and Network Layer Standards, Planning and Security (IPSec), and it is not easy to teach different Building a Wireless LAN, Conducting a Site Survey, components of it with hands-on labs. They also mentioned in Wireless LAN Security and Vulnerabilities, Implementing their conclusion that some students learn faster and have a Wireless LAN Security, Managing a Wireless LAN, better understanding of the concept when using a hands-on Network Settings and Wireless LAN Troubleshooting, approach [10]. However, they did not present any wireless Personal, Metropolitan, and Wide Area Wireless Networks networking. Author has created a wireless course mainly using OPNET modeler software [11]. However, success of HANDS-ON EXERCISES this course was mixed and many students wish to have more For the wireless networking hands-on labs, students use hands-on lab activities. Reference [12] emphasizes QoS and several networking devices such as routers, computers, less wireless in his paper with various hands-on experiments. cables, Linksys wireless router, Cisco access points (AP), Some other researchers have presented the reconfigurable etc. Some sample labs/exercises are discussed below to networking labs for their networking courses [13]. However, demonstrate the major areas of this course. Initially, students they haven’t discussed the wireless networks component at perform hands-on experiments using command line interface all. Reference [14] discusses the development of networking (CLI) to configure the Cisco AP (e.g., set up IP address, lab for teaching and research. They have used various tools SSID, etc.). Students also carry out more experiments to such as OPNET, Network Simulator (NS-2), Virtual PC, and increase the security of wireless networks by using MAC CPLEX, which enable students to conduct various network filter, WEP (Wired Equivalent Privacy)/TKIP (Temporal modeling, and simulation. However, this is not the best way Key Integrity Protocol), WPA (Wi-Fi Protected Access), to enhance the students’ learning as they mentioned that WPA2, etc. At last, few more hands-on experiments are building a hands-on experimental lab environment is a performed by upgrading the firmware of Linksys router with challenging for many institutions due to space constraints, open-source DD-WRT. Few hands-on labs are described as budget limitations, maintenance difficulty. Other people also sample in this paper. As semester gets ahead, more in-depth worked on networking courses which do not have focus on and advanced labs are introduced to enhance the advance wireless networking [15]-[18]. There is a need to create topic of wireless networking. The sequence has been chosen more comprehensive, dedicated course to teach wireless according to lecture topics. However, many of the labs are networks technologies that could give students a practical independent of each other and anyone can replicate some of experience. Authors have done similar attempt earlier [19]. the labs in their curriculum. This paper discusses how this course is offered to satisfy this demand and provide college graduates a practical hands-on Equipment Used in Various Hands-on Labs training. • Cisco Aironet 1131 LEARNING OUTCOMES • Linksys WRT54GL • Dell Mini Laptops The learning outcomes of mobile and wireless network • CAT5 Cables special topic course in CIT program at NKU are that, by end • Console (Rollover) Cables this course, students should be able to: • Understand the various wireless LAN standards • Configure the IEEE 802.11 physical, medium access Basic Configuration of Wireless Networks control and network layer standards • Conduct the site survey before installing/implementing This experiment aims to introduce the command line WLAN interface of Cisco Internetwork Operating System (IOS) to • Understand the wireless LAN security and configure the Cisco wireless access point i.e., Aironet 1131. vulnerabilities Using various commands, students find the name of • Configure and troubleshoot the wireless network Ethernet, radio and BVI interfaces, SSID, MAC address, appliances using the IOS (Internetwork Operating BIA (burned-in address), bandwidth (BW), default IP System) commands address of Ethernet, radio and BVI interfaces. Students setup password to access control the AP for enhanced security. • Upgrade the firmware of Linksys wireless router to Students also setup IP address, SSID, and authentication carry out more advanced wireless networks scenarios. method using command line interface. In addition, students COURSE TOPICS setup http secure server using various Cisco commands on Cisco AP to access it via browser securely. Figure 1 and The hands-on labs are scheduled during semester with Figure 2 show the general network diagram for this lab setup various activities in wireless networks. Hands-on labs are and some of the later discussed labs. selected such a way that students learn all following topics. In this lab activity, students get to know the basic The topics covered are [20]-[21]: commands of Cisco IOS that students are expected to know Wireless LAN Devices and Standards, IEEE 802.11 from their first network administration course (i.e., prereq). Physical Layer Standards, IEEE 802.11 Medium Access

978-1-4244-6262-9/10/$26.00 ©2010 IEEE October 27 - 30, 2010, Washington, DC 40th ASEE/IEEE Frontiers in Education Conference S3F-2 Session S3F If students forget those commands, this lab serves as loss in their wireless environment. Students, on a laptop refresher lab for them. computer, look for signal strength measurement (status of WLAN). Students move away from AP, and keep measuring the strength with noting the distance. They continue roaming until students no longer can receive the signal. They note the location and distance. They move back towards the AP and stop whenever there is a significant increase in signal strength. They note and record the obstacles that are between laptop and AP. Students go in opposite direction and do the same experiment. In submission, students create a map that will illustrate the signal strength in building. This lab activity can also serves as site survey. However, many additional tools could be used for site survey. AP Transmit Power and Antenna Diversity

FIGURE 1 In this lab, students change the transmit power on Cisco AP GENERAL NETWORK DIAGRAM FOR LAB SETUP via web browser using one of the laptops given. Another Shared Key Authentication laptop will be used to measure the effect of power change while moving away from Cisco AP. They continue roaming In this lab, students use the command-line interface to until students no longer can receive the signal. They note the remove open authentication and configure shared key location and distance. They move back towards the AP and authentication. Shared key authentication is more secure stop whenever there is a significant increase in signal than open system authentications. Students setup encryption strength. In submission, students create a map that will cipher and key size for securing AP using Cisco IOS illustrate the signal strength due to transmit power change. commands. Students test/verify this activity/setup on their Students repeat this exercise for various power settings. In laptops to connect using this authentication type and shared addition, students change the antenna diversity and repeat key. same exercise while changing antenna diversity. Students create another map that will illustrate the signal strength due to the change in antenna diversity. Co-Channel Interference Students connect their laptops to Linksys as per diagram in Figure 2. They browse the Linksys (192.168.1.1) from one laptop using username and password provided or created by them. They find the current channel which has been used by Linksys. Each team will change the channel as mentioned shown in Table 1 below and save settings (in order to avoid interference):

TABLE 1 FIGURE 2 CHANNEL SETTING FOR EACH TEAM GENERAL NETWORK DIAGRAM FOR LAB SETUP (LINKSYS ROUTER) Team Channel MAC Settings Team1 1 Team2 6 In this lab activity, students observe various MAC layer Team3 11 setting of Linksys wireless routers such as authentication type, CTS (Clear-to-Send) protection mode, beacon interval, In each team, one team member browses to www.cnet.com DTIM (Delivery Traffic Indication Message) interval, and search for Bandwidth Meter on the site. He or she tests fragmentation threshold, and RTS (Request-to-Send) connection speed. Students enter the required information on threshold. Students get knowledge about each of these the Bandwidth Meter speed test web page. They choose parameters and how they affect the performance of wireless wireless as connection type. Each team performs the test networks. Students write lab report including their speed in Mbps. All 3 students’ teams will do this activity on understanding about these key terms. the same time. Now, all 3 student team change channel to 6 Evaluating Radio Frequency (RF) Loss at the same time to create interference to each other. The run the test again and note the difference in speed in Mbps due The two factors that have the greatest impact on WLAN RF to the interference. Each student write his/her own report loss are distance from the AP and objects between the AP and submit the analysis of the results. and the client. In this lab activity, students evaluate the RF 978-1-4244-6262-9/10/$26.00 ©2010 IEEE October 27 - 30, 2010, Washington, DC 40th ASEE/IEEE Frontiers in Education Conference S3F-3 Session S3F Ad Hoc Mode Throughput wireless gateway. In this lab, students transfer the same file through a Linksys wireless router instead of Cisco 1100 It is important to know for students that a wireless access series access point. The throughput measured is compared to point, although primarily a data link layer device, operates the infrastructure mode throughput measured previously. like a hub. The bandwidth is shared and the actual Students write lab report summarizing their learning throughput is much less than students might expect. 802.11 experience. systems use CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) for media access rather than Upgrade the Linksys firmware using DD-WRT CSMA/CD (Carrier Sense Multiple Access/Collision Linksys WRT54GL routers have the ability to be flashed Detect), which is used for Ethernet. Collision avoidance is with open source firmware from the likes of DD-WRT and used because wireless devices have no way to detect a have lots of non-standard features. This lab introduces collision. One of the reasons for the lower than expected students to flash Linksys WRT54GL with open source DD- throughput is the way CSMA/CA operates. It is important WRT firmware. After completing this lab, students get to for students to know that there is much more overhead know how to upgrade firmware on a router. associated with CSMA/CA than with CSMA/ CD. In DD-WRT is a third party developed firmware released addition, this overhead increases as the number of users under the terms of the GPL for many IEEE802.11a/b/g/n accessing the network simultaneously increases - just like it wireless routers based on a Broadcom or Atheros chip does when using a hub. In general, the more devices a reference design. DD-WRT offers many advanced features wireless frame must pass through, the lower the throughput. not found in the original factory firmware on these devices. So, it is expected that transferring a file using ad hoc mode Among other features not found in the original Linksys would be more efficient than transferring the same file using firmware, DD-WRT adds the Kai Daemon for the Kai one or more access points in infrastructure or repeater mode. Console Gaming network, WDS (Wireless Distribution The purpose of this lab is to measure the throughput realized System) wireless bridging/repeating protocol, RADIUS when transferring a file from one peer to another using ad authentication for more secure wireless communication, hoc mode. In this lab students team uses ad hoc mode to advanced Quality of Service controls for bandwidth transfer a file using FTP. Dell Mini laptops are provided to allocation, and software support for the SD-Card hardware configure the FTP server and FTP client on separate laptop. modification. Students create ad hoc network between them, transfer large Students connect laptop using CAT5 cable to one of the file (i.e., 75 MB) and measure the throughput for ad hoc switch Ethernet ports on the back of the Linksys router. mode. Students download the DD-WRT firmware and upgrade the Infrastructure Mode Throughput with a Cisco AP Linksys router using Cat5 cable connection. Students also learn that they should not use wireless connection to upgrade In previous lab, students transfer a very large file from one firmware as connection will be broken during the process of laptop to another directly as laptops are connected in ad hoc firmware upgrade. mode. In this lab, students transfer the same file using infrastructure mode. So, there is a Cisco 1131 access point in Virtual Private Network (VPN) between two laptops. It may increase the overhead and delay This lab activity gives students the knowledge how to setup in communication. Consequently, it may reduce aggregate a Remote Access VPN to students own personal network throughput. Students measure the throughput in this lab and using DD-WRT based Linksys router. After completing this use to compare with next lab activity in which they use lab, students get to know how to setup and connect to a Linksys router instead of Cisco AP. VPN. In this lab, each team of students configures a PPTP Infrastructure Mode Throughput with a Linksys (point to point tunneling protocol) server on their wireless DD-WRT router. Then, they configure the users that Many people are using Linksys wireless routers or similar students want to allow remote access to and then students residential wireless gateway devices in their homes or small setup a connection to that VPN from a foreign host as shown businesses. These relatively low-cost devices do more in Figure 3. networking functions than a basic access point like the Cisco A remote access VPN connection over the Internet Aironet 1131. In addition to accepting wireless clients, many enables a remote access client to initiate a dial-up connection residential wireless gateways also accept wired clients. They to a local ISP instead of connecting to a corporate or also perform network address translation (NAT) and act as outsourced network access server (NAS). By using the routers. While residential wireless gateways are able to established physical connection to the local ISP, the remote handle the wireless traffic of very few users, these devices access client initiates a VPN connection across the Internet do not have the configuration options or the power of a to the organization’s VPN server. When the VPN connection device such as the Cisco 1130 series access point. is created, the remote access client can access the resources In previous lab, students transfer a very large file from of the private intranet. The Figure 3 shows remote access one laptop to another through the Cisco 1131 access point. VPN over the Internet. The Point-to-Point Tunneling The purpose of this lab is to compare that file transfer throughput to the throughput realized using a residential 978-1-4244-6262-9/10/$26.00 ©2010 IEEE October 27 - 30, 2010, Washington, DC 40th ASEE/IEEE Frontiers in Education Conference S3F-4 Session S3F Protocol (PPTP) is a method for implementing virtual • Set dynamic WEP keys on wireless AP private networks in this case. • Setting Cisco Migration Mode on wireless AP • Setting Up WPA (Wi-Fi Protected Access) • Setting up WPA2 on wireless AP

MAC address is the basic security method of controlling the access to wireless networks. However, it is not secure method as MAC address could be spoofed easily with many free available tools. WPA Migration Mode is an access point setting defined by Cisco that enables both WPA and non- WPA clients to associate to an access point using the same SSID. It will enable a "diverse" group of devices to use the same access point whereas normally they could not. By performing the above activities, students could understand the weakness of WEP, and dynamic WEP. Students also understand the WEP could be cracked easily FIGURE 3 with tools available for free. WPA, with its dynamically NETWORK DIAGRAM FOR VPN SETUP changing key, is a far better security method. Students set up DD-WRT Router in Repeater Mode AP to use WPA. Students also configure the WPA2 which is the most secure ways of providing the wireless access to the One of the major drawbacks to wireless LANs is the users. Students learn that the corporation should use WPA2 limitation of range due to many factors such as interferences in order to provide confidentiality and privacy of data and radio wave limitations. DD-WRT routers have added communication over the wireless link. capabilities to WRT54GL router. Students configure it to be a universal wireless repeater, meaning it receives any EVALUATIONS wireless signal SSID and rebroadcast it back out. In this lab, Various methods were used to formally assess the each team of student configures two wireless APs. One of effectiveness of this course, including tests, the evaluation of them is setup as repeater to repeat the signal for increasing student work, and the instructor's assessment. At the end of the range of wireless networks. Students test/verify that they the semester, an anonymous survey was conducted to are able to connect Internet via both access points although evaluate the content and effectiveness of the course. The laptop is only connected to repeater as shown in Figure 4. overall response from students regarding whether the course

met their expectations was very positive. Here is a summary of results of the survey: • This course helps students to learn various wireless technologies. • Students have a better understanding of wireless networks issues. • The hands-on labs were very useful to get students engaged in learning. • Although some of the labs are complex, it is rewarding to see the outcomes of them.

The future improvement for this course is to add advanced hands-on labs involving wireless networks technologies and tools. FIGURE 4 NETWORK DIAGRAM FOR REPEATER MODE CONCLUSIONS Wireless LAN Security Wireless networks courses become increasingly popular in Without including the wireless network security, course colleges (including community colleges) and universities. In objectives could not be fully fulfilled as wireless network learning the concepts of wireless networks via hands-on security is very important topic. Students are asked to labs, students get ample opportunities to understand the perform lab to setup the various security on Cisco and underlying security technologies that prepare the engineers Linksys wireless access points. Students perform the and technologists of the next generation. The objective of following lab activities: this paper was to describe the mobile and wireless network • Set a MAC address filter on wireless AP course using laboratory and project assignments. Students • Configure WEP (Wired Equivalent Privacy) carry out experiments using Cisco and Linksys networking 978-1-4244-6262-9/10/$26.00 ©2010 IEEE October 27 - 30, 2010, Washington, DC 40th ASEE/IEEE Frontiers in Education Conference S3F-5 Session S3F devices such as switches, routers and APs, submit lab reports [7] CIT Program at NKU, and completed evaluation forms to give a feedback in order http://informatics.nku.edu/csc/undergraduate/cit/index.php, last accessed March 22, 2010. to improve and update the assignments for upcoming semesters. Students found this course along with lab [8] Department of Computer Science at NKU, http://informatics.nku.edu/csc/index.php/, last accessed March 22, assignments useful in understanding the theory of mobile 2010. and wireless networks, and gaining practical experience. Consequently, students have shown great enthusiasm in this [9] Northern Kentucky University (NKU), http://www.nku.edu/, last accessed March 22, 2010. course, and student interest is expected to grow as we offer this course again. [10] Oh, T., Mishra, S., Pan, Y., Teaching High-Assurance Internet A course in wireless networks has been developed for Protocol Encryption (HAIPE) Using OPNET Modeler Simulation Tool, Proceedings of the 10th ACM SIGITE conference on computer information technology students. Due to the Information technology education, 2009, pp161-165. shortage of similar courses, this is the first of its kind [11] Jasani, H., Developing an Innovative Mobile and Wireless Networks providing the students solid practical skills at the Course, NMW Section of ASEE, Houghton, MI, 2007. undergraduate level. The primary objective of this paper was to present hands-on laboratory assignments in wireless [12] Hartpence, B. H., QoS Content and Experiences for IT, Networking and Security Programs, Proceedings of the 10th ACM SIGITE networking. Few newly developed significant hands-on conference on Information technology education, 2009, pp.60-64. examples are presented. based wireless security labs are [13] Abbott-McCune. S., Newtson, A. J., Girard , J., Goda, B. S., carried out by the students. These labs help graduating Developing a Reconfigurable Network Lab, Proceedings of the 9th students to improve their skills that enhance the job hunting ACM SIGITE conference on Information technology education, 2008, skills and marketability of them. In the future, more pp. 255-258 advanced labs would be developed to cover advanced topics [14] Cao, X., Wang , Y., Caciula, A., Wang, Y., Developing a in wireless network such as network management, etc. Multifunctional Network Laboratory for Teaching and Research, Tomato open source firmware upgrade could be used to Proceedings of the 10th ACM SIGITE conference on Information perform various lab activities instead of DD-WRT open technology education, 2009, pp.155-160. source firmware such as RADIUS server, QoS, etc. [15] Hill, J. M. D., Carver, C. A. Jr., Humphries, J. W., Pooch, U. W., Moreover, this course will also benefit industry by offering Using an isolated network laboratory to teach advanced networks and skills which are practical and valuable. security, ACM SIGCSE Bulletin archive, 33(1), 2001, pp.36-40. This paper will help others to reuse, redesign and [16] Meiselwitz, G., Information Security across Disciplines, Proceedings redevelop hands-on modules for mobile and wireless of the 9th ACM SIGITE conference on Information technology networking courses in both electrical engineering and education, 2008, pp99-104. computer science programs. Some these hands-on labs could [17] Rosenberg C., Koo, S. G. M., Innovative and easy-to-deploy be used as either introducing laboratory modules in existing communication networking laboratory experiments for electrical and computer engineering students, Proceedings of 32nd Annual computer network courses or to aid in the creation of new conference on Frontiers in Education, Como, Italy, 2002. stand-alone mobile and wireless networking course. [18] Yuan, D., Zhong, J., An Instructional Design of Open Source REFERENCES Networking Lab and Curriculum, Proceedings of the 10th ACM SIGITE conference on Information technology education, 2009, pp37- [1] Helps, C. R. G., Ekstrom, J. J., Evaluation of a Computer Networking 42. Class in Information Technology, Proceedings of the 9th ACM [19] Jasani, H., Mobile and Wireless Networks Course Development with SIGITE conference on Information technology education, 2008, Hands-On Labs, 2010 ASEE Annual Conference and Exposition, pp259-268. Louisville, KY, 2010. [2] Hernandez-Leo, D., Asensio-Perez, J. I., and Dimitriadis, Y. [20] Cannon, K., Lab Manual for CWNA Guide to Wireless LANs, Second Collaborative learning strategies and scenario-based activities for Edition, Thomson Course Technology, 2006. understanding network protocols. In Proc. Frontiers in Education Annual Conference, 2006. [21] Ciampa, M., CWNA Guide to Wireless LANs, Second Edition, Course Technology Incorporated, 2006. [3] Cisco Systems Inc., A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite, Retrieved March 22, 2010, from Cisco website: http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswp f_wp.pdf [4] IEEE, Wireless LAN Media Access Control (MAC) and Physical Layer (PHY) Specification, IEEE 802.11 Draft Version 4.0, May 1996. [5] IEEE 802.15 WPAN High Rate Alternative PHY Task Group 3a (TG3a), Dec. 2002 http://www.ieee802.org/15/pub/TG3a.html, last accessed March 22, 2010. [6] IEEE 802.16-2004, IEEE Standard for Local and Metropolitan Area networks-Part 16: Air Interface for Fixed Broadband Wireless Access. 2004.