Transcript Wireless Technology

Wireless
Wireless Infrastructures
Wireless Infrastructures
 Wireless LAN
 Predominantly 802.11
 IEEE 802.11 A, B, G, N
 Wireless MAN
 WiMax
 802.16 and its derivatives
 802.16-2001 Fixed Broadband Wireless Access (10–63 GHz)
 Current : P802.16m Advanced Air Interface with data rates
of 100 Mbit/s mobile & 1 Gbit/s fixed
Bluetooth
 802.15 assortments
 802.15.1 WPAN (Wireless Personal Area Networks)
 IEEE 802.15.2-2003
 coexistence of wireless personal area networks (WPAN) with other wireless
devices operating in unlicensed frequency bands such as wireless local area
networks (WLAN).
 802.15.2,
 802.15.3-2003 is a MAC and PHY standard for high-rate (11 to 55 Mbit/s)
WPANs
 802.14.4 (Low Rate WPAN) ZigBee
 802.15.5
 Mesh networking of WPAN
 802.16.6 (medical purposes)
 Body Area Network Technologies. The goal is a low-power and low-frequency
short-range wireless standard
Similarities Between WLAN and LAN
 A wireless LAN is an IEEE 802 LAN.
 Transmits data using RF carriers vs. data over the wire
 Looks like a wired network to the user
 Defines physical and data link layer
 Uses MAC addresses
 The same protocols/applications run over both WLANs and
LANs.
 IP (network layer)
 IPSec VPNs (IP-based)
 Web, FTP, SNMP (applications)
Current Standards – 802.11a,b,g, n
Speed
860 Kbps
900 MHz
2.4 GHz

1986
1988
1990
1992
54 Mbps
11 Mbps
Standards-based
Proprietary
Network
Radio
1 and
1 and
2 Mbps
2 Mbps
IEEE 802.11Begins
Drafting
1994
5 GHz
2.4 GHz
1996
802.11
Ratified
802.11a,b
Ratified
1998
2000
802.11g
Ratified
2003
 802.11a
 Up to 54 Mbps
 5 GHz
 Not compatible with either 802.11b or 802.11g
 802.11b
 Up to 11 Mbps
 2.4 GHz
 802.11g
 Up to 54 Mbps
 2.4 GHz
802.11g is backwards compatible with 802.11b
802.11n is backward compatible with existing
802.11a/b/g
 802.11n, the newest protocol, utilizes both 2.4-GHz and 5-GHz bands.
 Datarate varying from 15 -150 Mbps)[
Radio Frequency Issues
As signal strength decreases, so will the transmission rate.
 An 802.11b client’s speed may drop from 11 Mbps to 5.5 Mbps, to 2
Mbps, or even 1 Mbps.
 This can all be associated with a combination of factors including:

1.
2.
3.
4.
5.
6.
7.
8.
Distance
Line of Sight
Obstructions
Reflection
Multpath Reflection
Refraction (partially blocked by obstruction)
Diffraction (bending of signal)
Noise and Interference
Wireless Access Points
•An access point (AP) is a WLAN
device that can act as the center
point of a stand-alone wireless
network.
•An AP can also be used as the
connection point between
wireless and wired networks.
•In large installations, the
roaming functionality provided by
multiple APs allows wireless
users to move freely throughout
the facility, while maintaining
seamless, uninterrupted access to
the network.
Wireless Bridges
• The bridges connect hard-to-wire
sites, noncontiguous floors, satellite
offices, school or corporate campus
settings, temporary networks, and
warehouses.
•Example: The Cisco Aironet 1300
Series Wireless Bridge is designed to
connect two or more networks that
are typically located in different
buildings.
•They can be configured for pointto-point or point-to-multipoint
applications.
Service Set Identifier (SSID)
 SSID is used to logically
separate WLANs.
 The SSID must match on
client and access point.
 Access point can broadcast
SSID in beacon.
 Client can be configured
without SSID.
Basic Topologies
Basic Infrastructure
Topology (BSS)
Peer-to-Peer (Ad Hoc)
Topology (IBSS)
Extended
Infrastructure
Topology (ESS)
WiFi (802.11) Media Access Control
•As
all the devices in the network
share the same frequency, to a
common Access Point (AP)
• They
Access Point
cannot all transmit at the
same time as their signals will
interfere.
•Therefore, WiFi
networks
operate in half-duplex, using an
access method similar called
CSMA/CA.
Using Wireless Routers
Local area networks (LAN)
802.11b/g
Channels
802.11a
Channels
 Adding an AP is also a way to add wireless devices and extend
the range of an existing wired system.
 If a single cell does not provide enough coverage, any number
of cells can be added to extend the range.
 It is recommended that adjacent BSS cells have a 10 to 15
percent overlap.
Wireless repeater
50%
overlap
Not covered by 802.11 standards
 A wireless repeater is simply an access point that is not connected to the
wired backbone.
 This setup requires a 50% overlap of the AP on the backbone and the
wireless repeater. (So they can reach each other).
 The user can set up a chain of several repeater access points, however,
the throughput for client devices at the end of the repeater chain will be
quite low, as each repeater must receive and re-transmit each frame.
Wireless VLAN Deployment
Combined deployment of infrastructure
and non-infrastructure devices
Cisco WLAN Implementation
Cisco offers 2 “flavors” of wireless solutions:
 Distributed WLAN solution
 Autonomous AP
 Wireless LAN Solution Engine (WLSE)
 Centralized WLAN solution
 Lightweight AP
 Wireless LAN Controller (WLC)
Comparison of the WLAN Solutions
 Autonomous WLAN:
 Autonomous access point
 Configuration of each access
point
 Independent operation
 Management via CiscoWorks
WLSE and WDS
 Access point redundancy
 Lightweight WLAN:
 Lightweight access point
 Configuration via Cisco
Wireless LAN Controller
 Dependent on Cisco Wireless
LAN Controller
 Management via Cisco
Wireless LAN Controller
 Cisco Wireless LAN
Controller redundancy
Why Lightweight APs?
 A WLAN controller system is used to create and enforce policies
across many different lightweight access points.
 With centralized intelligence, functions essential to WLAN
operations such as security, mobility, and quality of service (QoS),
can be efficiently managed across an entire wireless enterprise.
• Splitting functions
between the access point
and the controller,
simplifies management,
improves performance, and
increases security of large
WLANs.
Cisco Centralized WLAN Model
•The control traffic between
the access point and the
controller is encapsulated by
Lightweight Access Point
Protocol (LWAPP). And
encrypted via the Advanced
Encryption Standard (AES).
•The data traffic between the
access point and controller is
also encapsulated with
LWAPP, but not encrypted.
Layer-2 LWAPP Architecture
 Access Points don’t require IP addressing
 Controllers need to be on EVERY subnet on which APs reside
 L2 LWAPP was the first step in the evolution of the architecture; many
current products do not support this functionality
Layer-3 LWAPP Architecture
 Access Points require IP addressing
 APs can communicate w/ WLC across routed boundaries
 L3 LWAPP is more flexible than L2 LWAPP and all products support this
LWAPP operational ‘flavor’
Wireless Mesh Networking
•Each access point runs the Cisco
AdaptiveWireless Path protocol (AWP).
•AWP allows access points to
communicate with each other to
determine the best path back to the
wired network.
•After the optimal path is
established, AWP continues to run
in the background to establish
alternative routes back to the rooftop access point (RAP) if the
topology changes or conditions
cause the link strength to diminish.
Wireless LAN Security Threats
Wireless Security Protocols
•Today, the standard that should be followed in most
enterprise networks is the 802.11i standard. This is similar
to the Wi-Fi Alliance WPA2 standard.
•For enterprises, WPA2 includes a connection to a Remote
Authentication Dial In User Service (RADIUS) database.
Evolution of Wireless LAN Security
Initial
(1997)
Interim
(2001)
Interim
(2003)
Encryption
(WEP)
802.1x EAP
Wi-Fi Protected
Access (WPA)
No strong
authentication
Dynamic keys
Standardized
Improved
encryption
Improved
encryption
User
authentication
Strong, user
authentication
(e.g., LEAP, PEAP,
EAP-FAST)
Static,
breakable keys
Not scalable
802.1x EAP
(LEAP, PEAP)
RADIUS
Present
Wireless IDS
Identification
and protection
against attacks,
DoS
IEEE 802.11i
WPA2 (2004)
AES strong
encryption
Authentication
Dynamic key
management
WPA and WPA2 Authentication
WPA and WPA2 Encryption
Wi-Fi Protected Access
 What are WPA and WPA2?
 Authentication and encryption
standards for Wi-Fi clients and APs
 802.1x authentication
 WPA uses TKIP encryption
 WPA2 uses AES block cipher
encryption
 Which should I use?
 Gold, for supporting NIC/OSs
 Silver, if you have legacy clients
 Lead, if you absolutely have no
other choice.
Gold
WPA2/802.11i
• EAP-Fast
• AES
Silver
WPA
• EAP-Fast
• TKIP
Lead
Dynamic WEP
• EAP-Fast/LEAP
• VLANs + ACLs
WLAN Security Summary
Basic Security
Open Access
No Encryption,
Basic Authentication
Public “Hotspots”
Remote Access
Enhanced Security
40-bit or 128-bit Static
WEP Encryption, WPA
802.1x, TKIP Encryption,
Mutual Authentication,
Scalable Key Mgmt., Etc.
Home Use
Enterprise
Virtual
Private
Network
(VPN)
Business
Traveler,
Telecommuter