Finally a CWNE (CWNE#388)

After continuously monitoring for my application status, finally on the blessed day of 14th April 2020, I was able to see my application status as approved, Alhumdulillah. This is exactly a day after my birthday and 4 days short of my baby turning 1 month 🙂
undefined

From the date of my submitting the application, the review process took over 14 days. Application was submitted on 1st of April and was able get the update by 14th April.
undefined

It had been 40 days since I got the chance today to update about my delight on achieving my dream certification. Had been engaged heavily in the Network migrations and newly attained parenthood and finally got the chance to write about the post on my first Eid holiday 🙂

For all those who are planning to take the certification path in CWNE, as a personal experience have found the journey as worthy as would be the achieving the CWNE number.

Its always best to start the journey as soon as possible and not to hurry in completing the certifications in quick sessions. Appear for exams only once you are completely through in the subject as it is only the exam preparation that will serve the ‘PURPOSE’ of a student getting compelled to know the intricacies of the subject. Always try to co-relate every day to day work in office related to wireless networking with the knowledge that you gain from the studies of certification and add more value to the work and refinement of knowledge.

The journey at first may look difficult but when started with sincere intentions and with consistent efforts will surely help one to get through it one day.


Summarizing the on going journey in Wireless Networking as follows:
undefined

Final Step Towards Becoming a CWNE

One of the most wished for certification for me in the networking domain is CWNE. I started my career in Wireless domain back in the year 2010 in Cisco’s Wireless Networking Business Unit in Bangalore. Directly out from college was very enthusiastic about my job and excited to embrace a career in Wireless.


While all other networking domains (Routing & Switching, Security, VOIP….) had enough literature for one to increase the reader’s depth & breadth knowledge, however vendor specific literature during that time was not sufficient enough for one truly qualify as the Wireless Engineer.


Unlike other Networking domains, Wireless is strictly more about standards and protocols and very discrete about propriety technologies. While vendor specific literature available helped me to get the procedural knowledge to operate on a specific vendor’s product line but deep inside I was very disturbed for failing to co-relate the procedures with adequate logic. This is when I started exploring the alternatives and on a blessed day was able to find CWNA book in the shelves of a book store. It was 2011 when I finally started to give proper direction to my studies on Wireless.


Certification was not the real goal for me that time and specifically struggled a lot to grasp the concepts on CWAP. CWNP though remained the primary source of knowledge, I finally made up my mind that to achieve the certifications on same from 2015. Had spent enough time to grasp the concepts from CWNP books and finally gathered all the courage to appear for my first CWNP exam in 2017. I had enough gaps in between my exam to ensure that I had enough from the literature before appearing for the exam.
Finally on 1st April 2020 the day had arrived when I completed all the pre-requisites for CWNE certification and submitted my application.


The beauty of CWNE certification is in the way the programme is developed. Unlike other certifications, which tests a candidate against the parameters defined by certification authority, CWNE programme tests the candidates against their own potential.

Alhumdulillah had been blessed with my first child on 18th March 2020. Getting blessed with the long awaited certification during this time frame will add no limits to my happiness.

With the application currently in queue to be reviewed by CWNE board, eagerly awaiting the results. Will have a separate post shortly after my application status is updated.

Wireless Access Point Hostname Character Limitation and recommendation

Introduction

One amongst the most overlooked configuration in Wireless LAN is the Wireless Access Point hostnames. Few network administrators leave the

Hostnames to their factory shippped defaults, while few will use all the characters that are permissible (for instance 32 characters in Cisco) to make the name self-illustrative.

Both approaches have their own disadvantages and the rather recommended limit is of only 15 characters as will be illustrated in preceding section.

Disadvantages of Leaving the Wireless Access Point Hostnames to their defaults

By default the Wireless Access Points comes with their hostnames as their mac address typically appended by character “AP”. This approach is rather considered a most careless approach since once we see Wireless Access Point(s) going down on the Wireless LAN Controller / Network Management Solution, it would be difficult to determine which specific location of an Access Point has gone down.

On the contrary having a meaningful AP host name which depicts the location of an Access Point makes it lot more easier to determine the area of compromise and also the to take an appropriate action. These actions could include verifying the PoE status on the AP’s switchport, rectify the patch cord related issues or identify similar issues and accordingly address them for the specific AP identified through its descriptive Hostname.

Disadvantages of Using the Wireless Access Point Hostnames with its full permissible limits.

Vendors like Cisco does allow the AP hostnames to be of up to 32 characters. This has a major drawback during troubleshooting when we are require to take Over the Air Packet captures and the information element would be restricted with only 15 characters in length.

The snippets below reflects the configured AP Hostname characters and those reflected in the IE Element of Wireshark Packet capture.

Configured AP Hostname

Reflected AP Hostname

Recommended Wireless Access Point Hostnames

Its thus recommended to use the Wireless Access Point Hostnames which are self descriptive and also at the same time well within the character limit of 15 else any hostname that is beyond 15 character will not get reflected in the OTA packet captures.

In order to meet this requirement, its recommended to develop a naming convention document for your project/ site wherein shorter length codes are used to signify the campus, building & Floor name or number. Based on your site (indoor/ outdoor) you will have to innovate accordingly so as to have it well within 15 characters. Below table is one such example.

Upgrading Cisco WLC Code in HA

Step 1: Evaluate the image that you wish to put on the WLC

Look for the Cisco suggested image

For the deployments which are not particular about availing the most recent features, its always a safer approach to look for Cisco suggest image. This is generally depicted by having a “star” beside the image on CCO page.

https://software.cisco.com/download/home/281189496

  • OR-

Evaluate the release notes to determine the image that has the features you require

https://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-release-notes-list.html

Step 2: Evaluate the WLC code compatibility matrix

The WLAN infrastructure traditionally comprises of Cisco WLC, Prime, CMX and MSE (wIPS). Thus while planning to upgrade the WLC code, it quite essential to evaluate the code compatibility matrix as you may be required to consider upgrading these components as well.

The compatibility matrix could be found at:

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

Step 3: Identity the upgrade path

When ever we are trying to upgrade the WLC image to the latest available code, identifying the upgrade path is quite essential. If the WLC is running a very older code, then it may be required to proceed with step upgrade by moving to the intermediate image and then the image of interest.

The current Cisco WLC code available at the time of writing is 8.8.x and in order to have this code the minimum code, the WLC should be running is 8.5.x

Step 4: Preliminary tasks before the schedule of code upgrade

a.      Make sure no firewall policies are changed.

Evaluate if there has been any changes to the firewall policies. When a network is being deployed, people generally prefer allowing communication between infrastructure devices. Once the network matures, deployments generally prefer introducing stringent firewall rules allowing communication between only specific devices and on specific ports.

The unique part is, these firewall policies would not immediately be seen taking into effect for the already established TCP sessions between the network devices. The moment we reset these TCP sessions (in our case the reload of WLC resulting from code upgrade), the existing TCP session would go down and firewall rules to only allow specific communication kicks in. If the firewall rules misses to have any communication between the networking equipment then they would not be able to communicate.

 Following link from Cisco give an elaborative list of port communication that needs to be taken into consideration: https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344-cuwn-ppm.html#anc8

b.      Download a suitable TFTP / FTP server

c.      Get the configuration back up

d.      Get the cli output of “show run-config”, “show ap summary” & “show client summary”

Helps evaluate the state of AP and client association pre & post WLC code upgrade

(WLC1) >show ap summary

Number of APs……………………………… 341

Global AP User Name………………………… admin

Global AP Dot1x User Name…………………… Not Configured

Global AP Dot1x EAP Method………………….. EAP-FAST

(WLC1) >show client summary

Number of Clients………………………….. 2380

Number of PMIPV6 Clients……………………. 0

Number of EoGRE Clients…………………….. 0

e.      Get the cli output of “show nmsp subscription detail”

Helps identify WLC communication with CMX, MSE and CMX connector before code upgrade

Step 5 : Plan for downtime

The code upgrade procedure will have the WLC and APs to reload and thus the adequately planned time has to be evaluated.

The downtime would be dependent on the number of APs in the network.

Step 6 : WLC and AP pre-image download

WLC image pre-download

Issue the “show boot” on primary WLC to obtain the current status of Active and standby image currently available on the WLC

Active WLC:

(WLC1) >show boot

Primary Boot Image…………………………. 8.8.111.0 (default) (active)

Backup Boot Image………………………….. 8.7.106.0

Standby WLC:

(WLC1-Standby) >show boot

Primary Boot Image…………………………. 8.8.111.0 (default) (active)

Backup Boot Image………………………….. 8.7.106.0

While the WLCs are operating in box to box HA, the code on them cannot be upgraded separately.

 The code has to be first uploaded on the primary which automatically gets pushed on to the standby. Once the active WLC is successfully upgraded, the active WLC executes all the upgrade scripts and transfers the entire image to the Standby WLC using the Redundant Port.

Standby WLC starts executing the upgrade scripts upon receiving the entire image on the active WLC.

Verification of WLC image pre-download

On the WLC is uploaded with the desired image of interest, cross check from the

(WLC1) >show boot

Primary Boot Image…………………………. 8.8.120.0 (default) (active)

Backup Boot Image………………………….. 8.8.111.0

(WLC1-Standby) >show boot

Primary Boot Image…………………………. 8.8.120.0 (default) (active)

Backup Boot Image………………………….. 8.8.111.0

Ap Image pre-download

Verify the status of AP image before initiating AP image pre-download
Initiate AP image pre-download
Verify the AP pre-downloaded image is reflected
Swap the Primary and Backup image on the AP

Issue the command “Config ap image swap all”.

Swapping of image on AP further reduces the downtime because of the following sequence during code upgrade process:

  1. WLC will be rebooted to come up with the new image from flash (marked as primary)
  2. During the course of APs failing to find the WLC for it under reload process, will also undergo a reload and comes up with the preloaded image.
  3. Once the APs send the join request, WLC responds with the image version that the WLC is running.
  4. The APs compares its running image with the image version the WLC has responded with.
  5. If the image is same, the AP reloads and joins the controller.

Step 7 : Once the code is successfully copied on primary and secondary WLC, reload the WLCs

Verify the time taken for WLC and APs to comes up with new code

Time taken by WLC to come up with new code was around 3 Mins 15 seconds

Time taken for all APs to show up on the WLC was around 4 mins 47 seconds

After over 90 seconds of WLC coming up, all the 340 AP were seen up on the WLC.

Time taken for all APs to get reflected with upgraded code was around 7 mins 45 seconds

Conclusion

A properly planned WLC code upgrade activity would take only over 7 mins 45 seconds for 340 APs. The only exceptions to these would be:

  1. Flex connect APs
  2. Local mode APs connected behind the WGBs.

For above two scenarios with the AP pre-image download my take very longer time.

PCI DSS Compliance Overview

1.   PCI DSS Brief

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

2.  PCI Compliance applicability

The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data.

In-scope cards include any debit, credit, and pre-paid cards branded with one of the five card association/brand logos that participate in the PCI SSC – American Express, Discover, JCB, MasterCard, and Visa International.

An organization is required to be PCI compliant in either of the below two situations:

  1. All business that store, process or transmit payment cardholder data
  2. All business that even just process or transmit payment cardholder data

PCI DSS is also applicable to the Business that accepts credit cards over phone since they comes under the above classification. https://www.pcicomplianceguide.org/how-does-taking-credit-cards-by-phone-work-with-pci/

3.  Auditing of PCI Compliance and Vulnerability Scans

PCI DSS compliance is generally audited by PCI SSC Approved Scanning Vendor (ASV).

A vulnerability scan involves an automated tool that checks a merchant or service provider’s systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan identifies vulnerabilities in operating systems, services and devices that could be used by hackers to target the company’s private network. As provided by an Approved Scanning Vendors (ASV’s) such as ControlScan, the scan does not require the merchant or service provider to install any software on their systems, and no denial-of-service attacks will be performed.

3.1 Approved Scanning Vendors (ASVs)

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.

As a company, ControlScan revalidates with the PCI Security Standard Council every year, and our ASV employees requalify annually, too. This means that we’re up to date on the very latest vulnerabilities. We’re also experts in scanning your Internet-facing environment and working with you to resolve any issues and achieve PCI compliance.

3.2 Frequency of validations for PCI Compliance

PCI compliance requires businesses to submit quarterly passing network scans by a PCI SSC Approved Scanning Vendor (ASV) such as ControlScan for each of their location.

4 Significance of SSL Certificate in PCI compliance

4.1 SSL

SSL (Secure Sockets Layer) is the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing eavesdroppers from reading and manipulating any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information). SSL uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. 

4.2 TLS

TLS is more efficient and secure than SSL as it has stronger message authentication, key-material generation and other encryption algorithms. For example, TLS supports pre-shared keys, secure remote passwords, elliptical-curve keys and Kerberos whereas SSL does not.  TLS and SSL are not interoperable, but TLS does offer backward compatibility for older devices still using SSL.

The TLS protocol specification defines two layers. The TLS record protocol provides connection security, and the TLS handshake protocol enables the client and server to authenticate each other and to negotiate security keys before any data is transmitted.

The TLS handshake is a multi-step process.  A basic TLS handshake involves the client and server sending “hello” messages, and the exchange of keys, cipher message and a finish message. The multi-step process is what makes TLS flexible enough to use in different applications because the format and order of exchange can be modified.

4.3 SSL Certificate

To create this secure connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:

  • It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
  • It encrypts the data that’s being transmitted
  • SSL certificates are issued by Certificate Authorities (CAs), organizations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.
  • The CA’s role is to accept certificate applications, authenticate applications, issue certificates, and maintain status information on certificates issued.

Even though a SSL Certificate facilitates for TLS but still while buying SSL you will notice that it is referred to as an SSL certificate. This is primarily for the reason that the SSL is the most commonly term used.

4.4 HTTPS

HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.

4.5 Compliance to PCI while using the SSL certificate

A system cannot be considered as PCI compliant for using SSL certificates as mere usage of SSL certificate alone won’t guarantee for securing a web server from malicious attacks or intrusions.

SSL and early TLS should not be used as a security control to meet the PCI requirement.

High assurance SSL certificates provide the first tier of customer security and reassurance such as the below, but there are other steps to achieve PCI compliance. 

  • A secure connection between the customer’s browser and the web server
  • Validation that the website operators are a legitimate, legally accountable organization

Sources, References and Important Links

https://www.pcicomplianceguide.org
https://www.websecurity.symantec.com
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/b_cisco_pci_dss_3_2_wireless_security_compliance_supplemental_document.html
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Compliance/Compliance_DIG/Compliance_DIG.pdf

Converting Cisco Lightweight Access Point to Mobility Express

Cisco Mobility Express Introduction

Mobility Express Capability is exhibited only by Wave 2 Access points from Cisco. These are primarily called as COS APs.

The predecessor of COS APs were the IOS APs which can support only the Autonomous AP capability. Though both Autonomous and ME APs do not require an AP license and the controller, however ME APs are more advantagous in a sense that the ME AP attains the role of a controller (referred as master AP) and can terminate upto 100 APs (referred to as sub-ordinate APs) while the autonomous AP just act as a single independent AP with no posibility of co-ordination with other APs in the network.

(Similar concept exists in Aruba for the APs exhibiting controller capability and they refer it as IAP. Every model of Aruba AP comes in two forms, either Aruba AP or Aruba Instant AP. When ordered as Aruba Instant AP, it can be converted back to normal AP but when ordered as Aruba AP, it cannot be converted back to Aruba Instant AP. Thus care should be taken while placing the order )

Pre-requisites

Cisco Wave 2 Access Point

Laptop / PC with ethernet interface

Configuring the Windows Network Adaptor to connect on to the ME AP

  • Go to Network & Internet Settings
  • Click on “Change adapter options”
  • Click on “Ethernet adaptor” which is connected to the Access Point’s Ethernet port

(In my case it is the 5G Port of 4800 Access Point)

  • Assign an IPV4 address on your PC / Laptop

Determining the Com Port In use by Console Cable

  • Connect the console to the AP and determine the corresponding COM port

Devmgmt.msc Ă  Ports (COM & LPT) will list the USB serial port in use

Configuring the AP for Conversion to Mobility Express

  • (Optional) If AP has previously existing configuration delete it (capwap ap erase all)
  • Login into the AP and assign a static IP address

Syntax: capwap ap ip <ap ip> <mask> <gateway>

capwap ap ip 192.168.1.11 255.255.255.0 192.168.1.10

In this example we are assigning the AP an IP of 192.168.1.11

  • Verify the AP’s wired 0 interface has taken up the configured IP addresses

Since the AP has two Ethernet interfaces, two wired interfaces could be found listed viz: wired0 & wired1

  • Open the TFTP application and give the ME image path
  • Supply in the command in AP cli to download the ME image

Syntax: ap-type mobility-express tftp://<tftp IP address>/<ME AP image>.tar

 ap-type mobility-express tftp://192.168.1.10/AIR-AP4800-K9-ME-8-8-120-0.tar

  • Once the image is copied, reload the AP
  • Once the AP comes up after manual reload, wait for couple of minutes
  •  After couple of minutes, it will again go a second subsequent reload on its own and comes up as ME Controller
  • Configure the AP via the installation wizard
  • ME Controller comes up after reloading with initial configuration

Configuring the internal DHCP for the ME express

  1. The internal AP inside the ME will not come up until:
  2. The ME is connected to a switch and it obtains the DHCP IP from it
  3. Or an internal DHCP server is configured.

      Since for RF coverage testing scenarios (AP on a stick), we won’t be having the AP connected on to the switch, lets first connect the ME on a switch to let it obtain a DHCP and have its internal AP up and running.

  • Login into the ME

`

  • Configure the DHCP Server
  • Configure the internal DHCP server

Wireless Sniffing / Over the air Packet captures using Kali Linux and WiFi Adaptor

Introduction:

Often we would be require to get the Over the Air captures in order to understand and troubleshoot the Wi-Fi behavior. The generally assumed easiest choices for getting the wireless sniffer trace / OTA is either a Mac Laptop or a Wireless Access Point in sniffer mode. These options have a limitation that they won’t be able to obtain OTA over all the channels, specifically the UNII-3 Channels.

For instances as these, the Kali linux tool along with Proxim wireless adaptor would come in handy. The reason for me specifically pointing to the Proxim adaptor is its ease of availability with Wireless Network Engineers. Most of the wireless network engineers will be running the Airmagnet / Ekahau application license mapped against the Proxim adaptor. A proxim adaptor though may not be able to simulate an AP on all the channels but when it comes to sniffing it would be able to sniff on all the channels. For instance, in my case the proxim adaptor is not able to simulate as an AP on UNII-3 Channels, however it still can be set in monitor mode on UNII-3 Channels.

Prerequisites:

  1. Wifi Adaptor which supports monitor mode. ( I am using Proxim 8494-WD)
  2. Kali Linux

Steps:

  1. Connect the Wifi-Adaptor and Open the Kali Linux application.
  2. Obtain the name of the Wireless Interface.

Issuing “iwconfig” will fetch us the wireless interface name. In our case, it is found to be “wlan0”

  • Verify whether the WiFi adaptor is capable of supporting the “monitor” mode.

Issuing “iw list” will list all wireless devices and their capabilities.

Under the “Supported Interface Mode”, you should be able to see monitor

  • Stop network managers then kill interfering processes left

Issue the command “airmon-ng check kill”

It is very important to kill the network managers before putting a card in monitor mode!

  • Create a monitoring mode wifi-interface by issuing the command “airmon-ng start wlan0”
  • Verify that the interface is being set to “Monitor” mode and its operating channel

Note that the frequency would be in GHz, you will have to determine its corresponding channel number.

  • Configure the monitoring on the appropriate channel of choice
  • Start the wireshark by issuing the command “wireshark”

Select interface “wlan0mon”

Project Planning in Wireless Deployments

The Project planning in Wireless Deployments is often broken down into following phases and the same in illustrated in sections below:

Identifying the customer requirement

Identifying the customer requirement either by directly obtaining the information from the customer or by self-assessment is the most important part in any successful Wi-Fi deployment. The requirement of two different business types may not necessarily be the same. Even the requirement of same business type could be unique across the projects.

Following are the compressive list of generally found Business types and are the ones that I had personally dealt with:

  1. Schools
  2. Universities
  3. Shopping Malls
  4. Airports
  5. Sea Ports
  6. Bus Stations / Metro Stations
  7. Casinos
  8. Hotels
  9. Service Apartments
  10. Stadiums
  11. Exhibitions

Determining the deployment model that suits the customer requirement

  1. High-Density Specific Wi-Fi Deployment Model:
    High-Density Wi-Fi deployments are generally warranted when we anticipate large number of WiFi devices operate in a relatively smaller area. High-Density specific Wi-Fi Deployment model would require us to take into consideration the following:
  2. Maximum expected user density in any given area.
  3. Identifying the devices and applications that will be used.
  4. Delay sensitivity the applications can withstand while using the WLAN services.
  5. Expected bandwidth per device / application.

Useful Link: https://www.cisco.com/c/dam/en_us/solutions/industries/docs/education/cisco_wlan_design_guide.pdf

  • Location Specific Wi-Fi Deployment Model:

Location specific Wi-Fi deployments are generally warranted when the customer is more interested in tracking the movement of visitors in their venue. This is also required to facilitate people in indoor navigations wherein the Wi-Fi deployments are integrated with SDKs for Indoor Navigation.

Though the indoor navigation would have an additional requirement of app installation on visitor devices, but it comes at an unique advantage of indoor navigation wherein GPS fails miserably.

Location Specific Wi-Fi Deployment Model would require us to take into consideration the following:
a. Area of interest wherein we expect greater location accuracy to be obtained. This area should be having the wireless access points deployed in a convex hull fashion.

b. Wireless Access Points that supports Hyperlocation. There are certain Cisco Access Points having integrated antennas to support Hyperlocation for example the 4800 series Access Point. Also the modular access points with the option of Hyperlocation module could be considered.

c. Mounting height of the Wireless Access Points. Generally it is recommended that for location specific deployments the wireless access points are mounted not higher than 4.5 meters.

Useful Link: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/WiFiLBS-DG/wifich5.html

  • Application Specific/ Wireless VoIP Wi-Fi deployment model.

While taking into consideration the Application specific deployment model, the Wireless VoIP deployment model can be most thought of as a solution, since wireless VoIP deployment model will warrant strict design considerations. This includes:

  1. Preference to 5 GHz only SSID.
  2. Lesser number of SSIDs in the venue to enhance the airtime fairness.
  3. Design to guarantee atleast -65 dBm signal strength and a SNR better than 20 dBm
  4. Disabling of Lower data rates.
  5. Sufficient channel overlap to facilitate smooth roaming
  6. Enabling of call admission control on the SSIDs
  7. Quality of Service chosen as platinum
https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/rf-solutions/net_implementation_white_paper0900aecd804f1a46.pdf

Understanding the application and services the customer is intending to use is lot more vital in successful deployment of WiFi.

While few of the customers will be technically competent to understand their requirement in entirely and develop a “Specification Document” thus mandating it for the integrators to full fill all their project requirements.

However there are as well few customers who may not be in a position to completely understand their current requirement and / or forecast their future requirement. For such customers, it should be the moral responsibility for the integrators to help them understand in full their current and future requirement and develop a “Specification Document”.

Developing the Specification Document

Specification document generally helps us capture the customer requirement covering their current and future needs and the obligation of the integrator in meeting those requirements.

In most of the cases, the Specification Document is developed by the customer or the customer appointed consultant. However in scenarios wherein the specification document is not available from customer, integrator should go ahead and prepare one for the customer. This shall help to agree and set right expectations that needs to be validated during project closure.

Specification Document should at-least include the following:

  1. Scope of Work
  2. Minimum Qualification of Managers, Engineer & Technicians working on the project.
  3. Submittals that has to developed and shared with customer during the course of project execution. This includes:
  4. List of Design Documents and Drawings.
  5. Material Approval Requests
  6. Material Samples
  7. Datasheets of products.
  8. Supplier and Manufacturer Details
  9. Method Statements detailing the installation process of each individual component
  • Design documents and drawings at different stages of the project for customer’s review and approval.

Generally no design could get completed in one go and it is always advisable for large projects that their design is broken into different phases as follows:

  1. Stage 1: 30 % Design Documents and Drawings.
  2. Stage 2: 60 % Design Documents and Drawings.
  3. Stage 3: 90 % Design Documents and Drawings.
  4. Stage 4: 100 % Design Document and Drawings

Once the Design reaches Stage 4 and is completely reviewed by customer or the customer appointed consultant, the physical installation of the equipment could begin.

  • Predictive Site Survey Design Documents.

Predictive site survey shall be performed that is modeling the facilities and RF environment in order to predict the WLAN requirements (access point types, location, channel utilization, signal to noise ratios, channel interference, etc.)

  • On-Site Site Survey Design Documents

The predictive site surveys being simulator based would aid only for the purposes of developing the initial BOQ. However this in no way are the substitute for actual onsite site survey with actual model of Wireless Access Points. On-Site site survey are all about mounting the specific models of Wireless Access Points with specific antennas on typical locations and then studying the resultant coverage pattern by tweaking in the Tx Power to develop the optimal AP placement with right model of Access Point / Antenna.

  • Post deployment site survey documents and drawings

Final site survey shall be performed after the WLAN system is online to compare the design and specification requirements with the actual performance values. This shall held the integrator’s responsibility to rectify any issues of non-compliance with the requirements.

  • Interface Control Documents

In large scale deployments, wireless will not be operational as a standalone system and needs to get integrated with different systems and subsystems. ICDs in such cases shall help us determine the validating parameters to conclude the integration is successful.

  • Installation, Operation and Maintenance manuals.

Operation and Maintenance Manuals shall help the customer once the project is handed over to maintain the deployment.

Developing the compliance matrix document

Compliance matrix summarizes compliance or non-compliance with each specification component.