SMS Authentication- A Nice, Easy Way To Do WLAN Guest Auth

For wireless guest access, there are all kinds of ways to skin the cat. In a perfect world, Hotspot 2.0 will take care of authentication and encryption, and all would be sunny to everyone's satisfaction. But, that ain't happening for a while (if ever). It's becoming more popular to tie guest access to social media "credentials" (a bit of a joke to call 'em that), as there's usually some marketing hook behind that, and some networks really don't care WHO you are, like really.

But when you need to have some level of accountability on your guest network for whatever reason, using SMS-based authentication is not a bad option. You can front it with a WPA2 PSK or leave it open (everyone has different use cases, business drivers, and policy), but for answering the challenge of "make it easy on 'em but still let us have some bit of real, verifiable information to tie to a person", SMS-based auth is hard to beat. 

Years ago, I set off on a quest to find a wireless guest solution that was easy to support, easy for users to self-provision through, and that met our organizational requirement that guest sessions not just be tied to some bogus email account (the joey@asscrack.com thing is funny only so many times in a row) but to use 10-digit cell number as the "User ID". Though we were a Cisco WLAN back then, Cisco couldn't come close to fulfilling our simple requirements. Rumor was that Coloubris had a gateway that might work, but this was around when HP bought them and we literally couldn't find a human being walking the earth that could tell us anything meaningful about that gateway. Then there was Bluesocket (now ADTRAN). When I first approached them with my needs, they- like Cisco- couldn't do the self-provision SMS based thing. And like Cisco, they tried telling me that if I was willing to change my requirements, they could provide a solution. But when I pushed back, Bluesocket was willing to do a little bit of development and was able to provide something that really was ahead of it's time (we're talking like 2006 here):

 

Sure, it's not so impressive today given that there are now lots of other guest portals that do SMS, but it still works very well, and is what we continue to use at my University because it does work well. Unfortunately, you have to invest in a full-blown Bluesocket appliance to get the functionality, but even that's not all bad.  The appliance works well as DHCP, firewalling, NAT, rate limiting, quarantine, MAC exception home for odd stuff that fits nowhere else and a handful of other guest-relevant functions, but also has (and is over-priced based on) lots of Bluesocket-specific WLAN stuff you'll never use if you don't have Bluesocket APs. And the appliance hardware is pretty dated. But... on balance, this has been dynamite- and is the only off-the-shelf 3rd party gateway kind of thing  that I'm aware of that you could bolt on to anyone's WLAN and make work if you didn't like what your native solution does for guest access (Sorry Cisco, you still don't get it as far as I can tell).

Then there's Meraki's version. The SMS auth groove is new to Meraki, and they still have some development to do on it before I'll sing it's praises too loudly, but it works well. I'm about to deploy it in a unique situation, and am pretty pleased with it's slick integration to Twilio as the SMS provider, and that I pay nothing extra to Meraki for exactly the SMS auth feature I want:

 

No extra appliance needed, no additional fees, and it works so, so nicely with the rest of the magic in the Meraki cloud-managed wireless solution.  Where it is feature-thin, I can work around until they tighten it up (and I did make my wish last week, so I'm assuming the elves on Mount Meraki are almost done already). It only works with Twilio as the SMS service, but that's OK as Twilio is cheaper than cheap, and each texted password costs you a penny. (We use Message Media for the Bluesocket, is more expensive and less snappy in my experience).

Anyhow- If you've never gone the SMS path for guest access, I can vouch for it's effectiveness. Though I personally have no use for social media logins, I understand the appeal in certain markets (but would never use my own accounts for guest access- I'd rather go without). SMS is just another option to consider. Combine it with Personal PSK, and I think users and admins would both win, at least in my wireless world.

Pssst- If you have a Dashboard, Meraki is easy to try- and you get 25 free Twiio interactions so you can feel what the experience is like for texting the auto-generated password from your own easy-to-customize splash page before signing up for a Twilio account.

(I find Twilio almost as much fun to say as LaserFiche, by the way)

Bummers in WLAN Land

None of the following gripes are the industry's biggest problems. At the same time, they are nuisances and occasionally rise to the level of major headache. Some of these apply to WLANs of all sizes, others are far more applicable to bigger wireless environments. The remainder? They're just goofy. If any one of these were to be corrected or adjusted a bit, the wireless world we live in would be a little sunnier. In time, each and every one of these will "age out" and cease to irritate, but for now they are fair game to call out into the light  of day. I got me a license to bitch, and here it comes, in no specific order:

• Why are those cheap bastards at the laptop factory still putting out 2.4 GHz-only capable computers? It can't cost more than a couple bucks to provide a dual-band adapter in even the cheesiest laptop during manufacturing. Yet you have to look fairly hard, and often get into some serious upgrade dollars, to find a consumer-grade laptop (beyond Macbooks that come with dual-band 11n in all cases) that features both bands. It's almost unheard of in the "Sunday Specials" that feature prominently in the BYOD demographic. We all suffer for the side effects, and it's about time Acer, ASUS, Lenovo, and the other economy-class PC makers stepped up and became better citizens of the WLAN community.


• What's Up With Gartner's Quadrant When It Comes to Wireless Vendors? Gartner has always been a bit polarizing in their analysis of various technology sectors, but they flat out blew it with eliminating the WLAN-specific quadrant in favor of including only "unified" vendors.  It boils down to these:
  
  
  
  • Sure, some vendors make Ethernet switches and wireless APs. But in many environments, switches do little more than provide PoE for APs. Big flippin' deal.
  
  
  • When a company as radio and antenna savvy as Ruckus can't make it into The Quadrant because they don't have switches, there's something seriously wrong.
  
  
  • A Unified Quadrant isn't bad, but it's incomplete and therefor a disservice to the industry. It's time to bring back a WLAN only Quadrant, and a switching-only view IN ADDITION TO the unified Quadrant.
  
  
  
  


• Apple really missed the boat by not including 11ac in their very expensive new iPhones. The Big A should be a better steward of the client device space's future. If Samsung can do it, so can the Gods of Cupertino's Mountain of Cash. Instead of breathing life and craze into early 11ac adoption, Apple cheaped out and disappointed the fans (and wireless admins) that were hoping for more out of Apple's phone, especially for the money.


• Apple's Bonjour. Enough already. Fix it, and do your part to provide some pain relief to the wireless shepherds of the BYOD fields where your gadgets roam free.


• Cisco's Wireless Management System. It's WCS! It's NCS! It's NCS Prime! It's Prime Infrastructure! Whatever it's called this week, it's still buggy, slow, frustrating, and demanding of it's own FTE staff just to keep it breathing at times. To think about putting switches into this same management framework as wireless on very large networks as "unified" gets deeper into the management paradigm is the stuff of horror- unless we see a major overhaul soon. Too much of the WLAN market relies on this sometime-train wreck to not improve it.


• The Fallacy of Interoperability and Standards in the WLAN Space. Sure, we check our wireless devices for the famous Wi-Fi Alliance seal of approval that should mean all is well when devices need to talk with other devices, but there's a lot more to the equation. Consumer-grade stuff often doesn't play well in the Enterprise but nothing on the packaging explains the delineation. And... I can't mix and match enterprise WLAN hardware or features like I can Ethernet switches. This is arguably the way it has to be, but its also a royal pain in the butt at times. Vendor lock is real, for better or worse.

We've all got things that steam our clams when it comes to wireless networking. These are on my short list this week. The world certainly doesn't have to change on my say so, but at the same time time I can squawk about it, by golly.

Look A Bit Beyond WLAN RF

The RF part of wireless networking is often what keeps good IT folks from really getting proficient with WLAN, and many good WLAN types never look beyond the frequency ranges used in 802.11 technologies to see the bigger RF world that we live in. It's understandable, especially for those without some sort of professional or hobbyist background with signals. The world of WLAN spectrum can be hard enough to wrap your head around, but every now and then there is value in seeing the bigger "comms" picture. The more you understand about the way different frequencies behave in the most basic sense (and what services use those frequencies) the more comfortable you'll become with really understanding the more mysterious parts of both access-type WLAN and point-to-point bridging.

There are masters'-level classes on RF and radio technologies, tech training courses, and infinite online tutorials and calculators covering all the variety that falls under the broad heading of "learning about RF and RF systems". This is one of those areas that you never, ever stop learning about. And once the bug bites, it's not uncommon to become a radio-technology junkie who's interested in far more than just the goings on in the 2.4 and 5 GHz slices of the electromagnetic spectrum.

Let's look at just a bit of information on "commonly used" frequencies:

• How long are their wavelengths


• What are their natural "free space path loss" characteristics (how they "fade")


• At a common power and antenna config, how do they behave compared to each other?

Sounds like heady stuff, yes? It's really not that bad- so stay with me here.

The following frequencies have meaning to me, and certainly to many of you as well. I'll give you the wavelength of each, and tell you how much the signal fades after 1 km based on these values applied to each frequency:

• 100 mW (or 20 dBm) of power


• Simple 3 dB antenna at the transmitter and receiver

Whether the signal would be usable (any signal left after path loss)



(Table created by me, there is some minor rounding done)

Again, we see that with same power and antenna gain/sensitivity, the frequency in play makes a dramatic difference to what's available (or not) at the receiving end.

The frequency is a product of wavelength;  the lower the frequency gets, the longer the wavelength is. Lower frequencies also tend to require bigger antennas.

But this little exercise is of limited practical value, beyond helping to understand basic aspects of RF behavior at each of the frequencies I chose to show. High gain antennas, increased power levels (some technologies like Wi-Fi are limited to miniscule power levels while other technologies measure their outputs in Kilowatts), and environmental factors all influence the basic RF goings on at each frequency. Modulation types, quality of engineering, CPU and other silicon behind each given technology all also define performance of whatever technology is in play for a given spectrum. As I mentioned before, it does get complicated.

One of my favorite communications-oriented RF tutorial sites is at National Instruments. Although the American Radio Relay League (ARRL) is often thought of as a ham radio organization, they have a wealth of resources on all sorts of RF-related technologies and industry happenings.

If you've never built an antenna of some sort or another, you should. Whether it be a simple project for Over the Air TV or something weird for wireless penetration testing, its worth doing at least once. Research it, build it, improve upon it, and see how altering it changes the performance of whatever your application is (could be using a scanner to hear the local police comms or doing your own point to point wireless bridging), it's fascinating to design and build something RF-related, at least once. You'll find that seemingly unrelated wireless disciplines really do enhance the understanding of the actual wireless part of wireless networking.