Cisco Cisco Aironet 3500p Access Point Libro blanco
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 11
In addition to the threat of rogue devices, there is always the threat that someone malicious will try to disable your
Wi-Fi network with an RF denial-of-service (DoS) attack.
Although IDS/IPS systems monitor for many “protocol
layer” DoS attacks, they do not detect RF layer DoS attacks that can be implemented through jammer devices or
Wi-Fi devices that have been set in a diagnostic jamming mode.
In addition to purposeful attacks, some simple devices like wireless video cameras or analog cordless phones can
accidentally cause a total jamming of your network. Integrated spectrum intelligence and spectrum management is
very effective for identifying these types of RF-level DoS security threats.
How Is Integrated Spectrum Management Implemented?
Limitations in Standard Wi-Fi Hardware
At a fundamental level, a standard Wi-Fi chipset has limited ability to implement SI. The reason is that Wi-Fi
chipsets are specifically designed to receive Wi-Fi signals only - they do not recognize other types of signals
(with the exception of Dynamic Frequency Selection [DFS] radar). Standard chipsets are not even designed to
pass up enough information for SI to occur at higher levels of software.
To be specific, when a standard Wi-Fi chipset sees a transmission burst that cannot be understood, it is typically
able to report only a few things: 1) that an incomprehensible burst has occurred; 2) the power level of the burst;
and 3) the start and stop time of the burst. Note that the burst may actually have been from a Wi-Fi device on
another channel or on the same channel, but too far away to be properly received. Or the burst may have been
from a non-Wi-Fi device. Detailed information about the modulation type of the burst, where it occurred within the
channel, and so on, is typically not available. And there is no ability for software to access the actual data received
from the burst for further analysis.
Despite these limitations, it is possible using a Wi-Fi chip to add up the unidentified bursts, and to calculate a total
amount of interference, as well as the average strength of interference.
Unfortunately, this approach doesn’t
provide the necessary information to actually solve a problem.
For example, the “total interference” approach can’t
tell you the specific type of the interference (for example, is it just co-channel Wi-Fi interference or something
else?), whether the interference is coming from one source or many, where the interference is located, and so on.
As this list suggests, the level of SI that can be gathered with a standard Wi-Fi chipset is quite limited.
Cisco CleanAir Technology: A Custom Hardware/Software Solution
To overcome the visibility limitations inherent to standard Wi-Fi chipsets, Cisco has created an integrated solution
with patented chips and software that has been specifically designed to analyze and classify all RF activity.
(More than 25 patents have been issued for this technology to date). Essentially, Cisco has taken the technology
behind the Cisco
®
Spectrum Expert analysis tool, and integrated it directly into the infrastructure, including deep
integration within the Wi-Fi chipset. This is a significant development, and demonstrates that as wireless has
transitioned from nice-to-have to business-critical in the enterprise. Consumer-grade Wi-Fi silicon is no longer good
enough.
The custom solution starts with the Cisco Spectrum Analysis Engine (SAgE) hardware core, which has been
integrated directly into the Wi-Fi chipset of the 1600/2600/3600/3700 Series of 802.11n/802.11ac capable Cisco
Aironet
®
Access Points. The SAgE core handles very compute-intensive operations, such as high-resolution Fast
Fourier Transform (FFT) and pulse detection operations. (A pulse is a burst of RF energy in frequency and time.)
The SAgE core has a highly granular spectral resolution of 78.125 kHz (4x better than the nearest competitive
solution and 64x better than most chipsets) which helps enable a broad interference detection and analysis.
Essentially, the SAgE core handles a base level of spectrum analysis operations that are so processing-intensive
they can be prohibitive to handle in real-time software.