10 - Wireless LANs
-
Upload
muhammad-asghar-khan -
Category
Documents
-
view
223 -
download
0
Transcript of 10 - Wireless LANs
-
7/30/2019 10 - Wireless LANs
1/37
10 - Wireless LANs
By Muhammad Asghar Khan
Reference: CCENT/CCNA ICND1 Official Exam Certification Guide By Wendell Odom
-
7/30/2019 10 - Wireless LANs
2/37
Agenda
Differences B/W Ethernet LANs & Wireless LANs Radio Frequency Transmission
Organizations that Standardize WLANs
WLAN Standards Comparison
WLANs Topology Building Blocks
Ad hoc Mode
Infrastructure Mode
WLANs Layer 1
Frequency Bands
Frequency Encoding
2 www.asghars.blogspot.com
1/2
-
7/30/2019 10 - Wireless LANs
3/37
Agenda
www.asghars.blogspot.com3
Interference Coverage
WLANs Layer 2
CSMA/CA Algorithm
Implementing a WLAN
Wireless LAN Security
WLAN Security Standards
2/2
-
7/30/2019 10 - Wireless LANs
4/37
Differences B/W Ethernet LANs & Wireless LANs
www.asghars.blogspot.com4
The big difference b/w the two is that WLANs usesradio waves to transmit data while the Ethernet LANs
uses electrical signals or light
WLANs must meet country-specific RF regulations
Ethernet LANs uses the CSMA/CD while WLANs use the
CSMA/CA (Collision Avoidance) algorithm
Collision detection is not possible in WLANs, because a
sending station cannot receive at the same time that ittransmits and, therefore, cannot detect a collision.
Instead, WLANs use the Ready To Send (RTS) and Clear
To Send (CTS) protocols to avoid collisions
1/2
-
7/30/2019 10 - Wireless LANs
5/37
Differences B/W Ethernet LANs & Wireless LANs
www.asghars.blogspot.com5
Ethernet LANs can support full-duplex (FDX)communications if switch is used while with WLANs
, if more than one device at a time sends radio
waves in the same space and at same frequency,
nether signal is clear so the half-duplex (HDX)mechanism must be used
2/2
-
7/30/2019 10 - Wireless LANs
6/37
Radio Frequency Transmission
www.asghars.blogspot.com6
Radio frequencies range from the AM radio band tofrequencies used by cell phones
Radio frequencies are radiated into the air by
antennas that create radio waves
When radio waves are propagated through objects,
they might be:
Absorbed e.g. by walls
Scattered e.g. by striking with uneven surfaces
Reflected e.g. by metal or glass surfaces
1/1
-
7/30/2019 10 - Wireless LANs
7/37
Organizations that Standardize WLANs
www.asghars.blogspot.com7
Regulatory agencies control the use of the RF bands Regulatory agencies include the Federal
Communications Commission (FCC) for the UnitedStates and the European Telecommunications
Standards Institute (ETSI) for Europe The Institute of Electrical and Electronic Engineers
(IEEE) defines standards for specific types of WLANi.e. 802.11
The Wi-Fi Alliance offers certification forinteroperability between vendors of 802.11products
1/1
-
7/30/2019 10 - Wireless LANs
8/37
WLAN Standards Comparison
www.asghars.blogspot.com8
The IEEE introduced WLAN standards with the creation of the 1997
ratification of the 802.11 standard
The original 802.11 standard has been replaced by more-advanced
standards
Table compares the different WLAN standards
Standard 802.11(1997)
802.11a(1999)
802.11b(1999)
802.11g(2003)
802.11n(2009)
802.11ac(Draft;Nov-11)
Frequency Band 2.4GHz
5 GHz 2.4
GHz
2.4 GHz 2.4/5
GHz
5 GHz
No of Channels 20 23 11 11 20 5
Modulation DSSS,FHSS
OFDM DSSS OFDM,
DSSS
OFDM OFDM
Data Rates inMbps
1, 2 6, 9, 12,
18, 24,
36,48, 54
1, 2,
5.5, 11
6, 9, 12,
18, 24,
36, 48,54
7.2,
14.4,
21.7,28.9,
-
1/2
-
7/30/2019 10 - Wireless LANs
9/37
WLAN Standards Comparison
www.asghars.blogspot.com9
Table below shows the maximum range limits fordifferent WLANs standards
Range (feet) 802.11(1997)
802.11a(1999)
802.11b
(1999)
802.11g(2003)
802.11n
(2009)
802.11ac(Draft;
Nov-11)
Indoor 66 115 115 125 230 -
Outdoor 330 390 460 460 820 820
2/2
-
7/30/2019 10 - Wireless LANs
10/37
WLANs Topology Building Blocks
www.asghars.blogspot.com10
The standard 802.11 defines the followingtopologies:
Ad hoc Mode
Ado hoc is the Independent Basic Service Set (IBSS)
topology i.e mobile clients connect directly without anintermediate access point
Ad hoc mode acts as workgroup, therefore, a drawback
of peer-to-peer networks is that they are difficult to
secure
1/3
-
7/30/2019 10 - Wireless LANs
11/37
WLANs Topology Building Blocks
www.asghars.blogspot.com11
Infrastructure Mode In infrastructure mode, clients connect through an
access point
There are two infrastructure modes:
Basic Service Set (BSS) The communication devices that create a BSS are mobile
clients using a single access point to connect to each other or
to wired network resources
The Basic Service Set Identifier (BSSID) is the Layer 2 MAC
address of the BSS access points radio card
AP
2/3
-
7/30/2019 10 - Wireless LANs
12/37
WLANs Topology Building Blocks
www.asghars.blogspot.com12
Extended Services Set (ESS)
The wireless topology is extended with two or more BSSs
connected by a distribution system (DS) or a wired
infrastructure
An ESS generally includes a common SSID to allow roaming
from access point to access point without requiring clientconfiguration
AP 1AP 2
3/3
-
7/30/2019 10 - Wireless LANs
13/37
WLANs Layer 1
www.asghars.blogspot.com13
WLANs transmit data at L1 by sending & receivingradio waves
WLAN radio waves have a repeating signal that canbe graphed over time
The radio wave has the following attributes: Frequency
The number of times the waveform repeats per second,measured in hertz (Hz)
Amplitude
Amplitude is the height of the waveform, representingsignal strength
1/10
-
7/30/2019 10 - Wireless LANs
14/37
WLANs Layer 1
www.asghars.blogspot.com14
Phase
Phase is the particular point in the repeating waveform
Graph below shows the graph of an 8KHz signal
The FCC or other national regulatory agencies specify
some ranges of frequencies called frequency bands
Frequency band is the range of consecutive frequencies
Amplitude Phase
2/10
-
7/30/2019 10 - Wireless LANs
15/37
WLANs Layer 1
www.asghars.blogspot.com15
Wider the range of frequencies in a frequencyband, the greater the amount of information thatcan be sent in that frequency band
Frequency Bands
Frequency bands can be categorized in: Licensed Bands The FCC or equivalent agencies in other countries, license some
frequency bands like AM, FM radio & mobile phones
Un-Licensed Bands Un-licensed frequencies can be used without any permission
from the regulatory agency, however; devices that use thesefrequencies must still conform to the rules set up by theregulatory agency
3/10
-
7/30/2019 10 - Wireless LANs
16/37
WLANs Layer 1
www.asghars.blogspot.com16
FCC defines three un-licensed frequency bands, table below
shows these frequency bands
When WLAN NIC or AP sends data, it can modulate
the radio signals frequency, amplitude & phase toencode 0 or 1
4/10
-
7/30/2019 10 - Wireless LANs
17/37
WLANs Layer 1
www.asghars.blogspot.com17
Frequency Encoding There are three general classes of encoding:
Frequency Hopping Spread Spectrum (FHSS)
It uses all the frequencies in the band, hopping to different ones
The original 802.11 WLAN standard used FHSS
Direct Sequence Spread Spectrum (DSSS)
It uses one of several separate channels or frequencies
Designed for 2.4 GHz un-licensed band and used with 802.11b
This band has bandwidth of 82 MHz with a range from 2.40 GHzto 2.483 GHz
FCC divides the band into 11 different overlapping DSSS
channels as shown on next slide
5/10
-
7/30/2019 10 - Wireless LANs
18/37
WLANs Layer 1
www.asghars.blogspot.com18
The three shaded channels do not overlap enough, therefore;
these channels (1,6, and 11) can be used in the same space for
WLAN and they wont interfere with each other
The significance of the non-overlapping channels is that when
you design WLAN with more than one AP (ESS), APs with
overlapping coverage areas should be set to use different non-
overlapping channels; as shown on next slide
6/10
-
7/30/2019 10 - Wireless LANs
19/37
WLANs Layer 1
www.asghars.blogspot.com19
In the above design all the three BSS can send at the same time
without interference with each other
Each cell is running at a maximum data rate of 11 Mbps, while
at a cumulative bandwidth of 33 Mbps which is called WANs
capacity
BSS 1 BSS 2 BSS 3
7/10
-
7/30/2019 10 - Wireless LANs
20/37
WLANs Layer 1
www.asghars.blogspot.com20
Orthogonal Frequency Division Multiplexing (OFDM) Like DSSS, WLANs that uses OFDM can use multiple non-overlapping
channels
Its is used by 802.11a, 802.11g & 802.11n
Interference
WLANs can suffer from interference from many sourceslike walls, floors or even from other radio waves in thesame frequency range
The Signal-to-Noise Ration (SNR) calculation measure theWLAN signal as compared to other undesired signal(noise) in the same space
The higher the SNR, the better the WLAN devices cansend data
8/10
-
7/30/2019 10 - Wireless LANs
21/37
WLANs Layer 1
www.asghars.blogspot.com21
Coverage WLAN coverage area is the space in which two WLAN
devices can successfully send data
Coverage area depends:
Frequency band used by WLAN standard
Obstruction b/w & near WLAN devices
Interference from other RF energy
Encoding technique like DSSS and OFDM Figure on next slide shows the concept of coverage
area with varying speed for 802.11b BSS
9/10
-
7/30/2019 10 - Wireless LANs
22/37
WLANs Layer 1
www.asghars.blogspot.com22
WLAN standards supports the idea of multiple speeds
A device near the APmay have strong signal,
so it can transmit &
receive data with the AP
at higher rates; while a
device at the edge of the
coverage area , where the
signals are weak, may still
be able to send & receive
data but at a slower speed
10/10
-
7/30/2019 10 - Wireless LANs
23/37
WLANs Layer 2
www.asghars.blogspot.com23
The following problems occurs with WLAN mediaaccess at L2
If two or more WLAN devices send at the same time,using overlapping frequency ranges, a collision occurs
Also the device that is transmitting data cannotconcurrently listen for received data
To avoid this problems the WLAN is to use theCarrier Sense Multiple Access with Collision
Avoidance (CSMA/CA) algorithm The following list summarizes the key points about
CSMA/CA algorithm:
1/2
-
7/30/2019 10 - Wireless LANs
24/37
WLANs Layer 2
www.asghars.blogspot.com24
1. Listen to ensure that the medium is not busy i.e no
radio waves currently are being received at the
frequencies to be used
2. Set a random wait timer before sending a frame
3. When random timer passed, listen again to ensurethat the medium is not busy, If isnt, send the frame
4. After the entire frame is sent, wait for an
acknowledgment
5. If no acknowledgment is received, resent the frame,
using the CSMA/CA logic to wait for an appropriate
time to send again
2/2
-
7/30/2019 10 - Wireless LANs
25/37
Implementing a WLAN
www.asghars.blogspot.com25
The following steps guide the installation of a new
BSS/ESS WLAN Step 1: Verify the existing wired network
Connect a laptop Ethernet NIC to the same Ethernet cablethat will be used for the AP, if the laptop can acquire an IP,mask & other info using DHCP, and can communicate withother hosts, it is ready to accept the AP
Step 2: Install & Configure the APs Wired & Details AP uses the straight-through Ethernet cable to connect to
the LAN switch
APs operate at L2 and dont need an IP address to performtheir main functions, but for management as we used inEthernet switch, APs should also have an IP address
AP needs an IP address, subnet mask, default gateway IPaddress & possibly the IP address of a DNS server
1/5
-
7/30/2019 10 - Wireless LANs
26/37
Implementing a WLAN
www.asghars.blogspot.com26
The Ethernet switch ports to which the APs to be
attached should be in the same VLAN
The following figure shows the ESS WLAN with all APs in
Ethernet VLAN2
2/5
-
7/30/2019 10 - Wireless LANs
27/37
Implementing a WLAN
www.asghars.blogspot.com27
Step 3: Configure APs Details
APs can be configured with variety of parameters like:
IEEE Standard; e.g. a, b, g or multiple
Wireless Channels; e.g. 1, 6, and 11
Transmit Power
Service Set Identifier (SSID); 32-bit character for WLAN which
allows for roaming b/w APs, but inside the same WLAN
Step 4: Install & Configure One Wireless Client
The clients WLAN NIC tries to discover all APs bylistening on all frequency channels for the WLAN
standard it supports and select the AP from which the
client receives the strongest signal
3/5
-
7/30/2019 10 - Wireless LANs
28/37
Implementing a WLAN
www.asghars.blogspot.com28
With Microsoft OS, the WLAN NIC the Zero Configuration
Utility (ZCF) allows PCs to automatically discover the SSIDs of
all WLANs
Also some WLAN NIC manufactures provide software that
can control WLAN NIC instead of OS
Step 5: verify WLAN Works from the Client
If it does not work, perform the site survey as:
Is the AP at the center of the area?
Is the AP or client right next to a lot of metal?
Is the AP or client area source of interference e.g. oven etc
It can be done with laptop, using WLAN NICs tools (most
WLAN NIC software shows signal strength & quality), walk
around while looking at signal quality measurement
4/5
-
7/30/2019 10 - Wireless LANs
29/37
Implementing a WLAN
www.asghars.blogspot.com29
Beside site survey you may also want to check the
following:
Check to make sure that the NIC & APs radio waves are enabled
Check the AP to make sure that it has latest firmware
Check AP configuration, particularly the channel configuration
to ensure that it does not use a overlapping channel
5/5
-
7/30/2019 10 - Wireless LANs
30/37
Wireless LAN Security
www.asghars.blogspot.com30
WLANs introduce a number of vulnerabilities that donnot exist for wired Ethernet LANs
Following are the several categories of threats:
War Drivers
This type of attacker often just wants to gain Internet accessfor free
The attacker drives around, trying to find APs that have nosecurity or weak security
Hackers
The motivation for hackers is to either find information ordeny services
The end goal of hacker is to enter the wired network usingthe wireless network without having to go through Internetconnections that have firewalls
1/3
-
7/30/2019 10 - Wireless LANs
31/37
Wireless LAN Security
www.asghars.blogspot.com31
Employees
Employees can help hackers gain access to the
Enterprise network
Rogue AP
The attacker captures the packets in WLAN, finding SSID& cracking security keys (if they are used)
Then the attacker can set up her own AP, with the same
setting and get the Enterprises clients to use it
To reduce the risk off such attacks, three main typesof tools can be used:
Manual Authentication b/w the Client & AP
2/3
-
7/30/2019 10 - Wireless LANs
32/37
Wireless LAN Security
www.asghars.blogspot.com32
Encryption; uses a secret key & a mathematical
formula to scramble the contents of the WLAN frame
Intrusion Detection Systems (IDS), Intrusion
Prevention Systems (IPS), and WLAN-specific tools
like Ciscos Structured Wireless-Aware Network(SWAN)
Table lists key vulnerabilities along with the solution
3/3
-
7/30/2019 10 - Wireless LANs
33/37
WLAN Security Standards
www.asghars.blogspot.com33
Table lists the four major WLAN security standards
Wired Equivalent Privacy (WEP)
WEP provided weak authentication & encryption
The main problems with WEP were as: Static Pre-Shared Keys (PSK)
64-Bits keys that can be easily cracked
WEP should not be used today
1/5
-
7/30/2019 10 - Wireless LANs
34/37
WLAN Security Standards
www.asghars.blogspot.com34
Due to these problems, many vendors included acouple of features that are not part of WEP
SSID Cloaking An AP feature that tells the AP to stop sending periodic Beacon
frames
Beacon frames lists the APs SSID & other configurationinformation
MAC Filtering AP can be configured with a list of allowed WLAN MAC addresses
Cisco Interim Solution b/w WEP & 802.11i
Because of the problems with WEP, vendors such asCisco, and the Wi-Fi Alliance industry association,looked to solve the problem with their own standards
2/5
3/5
-
7/30/2019 10 - Wireless LANs
35/37
WLAN Security Standards
www.asghars.blogspot.com35
The main features of Cisco enhancements includedthe following:
Dynamic key exchange (instead of static pre-sharedkeys)
User authentication using 802.1x; instead of
authenticating the device by checking to see if thedevice knows a correct key, the user must supply ausername and password
A new encryption key for each packet
Wi-Fi Protected Access (WPA) After Cisco integrated its proprietary WLAN security
standards into Cisco APs, the Wi-Fi Alliance created amultivendor WLAN security standard WPA
3/5
4/5
-
7/30/2019 10 - Wireless LANs
36/37
WLAN Security Standards
www.asghars.blogspot.com36
WPA essentially performed the same functions as the
Cisco proprietary interim solution, but with differentdetails:
Use dynamic key exchange, using the Temporal Key IntegrityProtocol (TKIP)
Use of either IEEE 802.1X user authentication or simpledevice authentication using pre-shared keys
IEEE 802.11i (WPA-2)
IEEE ratified the 802.11i standard in 2005
Like Cisco-proprietary solution & the Wi-Fi Alliances WPA802.11i uses:
Dynamic key exchange
Stronger encryption
User Authentication
4/5
5/5
-
7/30/2019 10 - Wireless LANs
37/37
WLAN Security Standards
www asghars blogspot com37
However; the details are different and 802.11i is not
backwardcompatible
It uses the Advance Encryption Standard (AES)
Wi-Fi Alliance calls 802.11i WPA2, meaning second
version of WPA Table summarizes the key features of various WLAN
security standards
5/5