ScaN InstructorPPT Chapter4 Wireless LANs
-
Upload
akhmal-haziq -
Category
Documents
-
view
218 -
download
0
Transcript of ScaN InstructorPPT Chapter4 Wireless LANs
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
1/75
2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID
Cha!ter "#
$ireless %A&s
Scaling Networks
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
2/75
Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Chapter 4
".0 Introd'ction
". $ireless %A& Conce!ts
".2 $ireless %A& (!erations
".) $ireless %A& Sec'rity"." $ireless %A& Config'ration
".* S'mmary
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
3/75
Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Chapter 4: Objectives
Descri+e ireless %A& technology and standards.
Descri+e the com!onents of a ireless %A& infrastr'ct're.
Descri+e ireless to!ologies.
Descri+e the 802. frame str'ct're.
Descri+e the media contention method 'sed +y ireless technology.
Descri+e channel management in a $%A&.
Descri+e threats to ireless %A&s.
Descri+e ireless %A& sec'rity mechanisms.
Config're a ireless ro'ter to s'!!ort a remote site.
Config're ireless clients to connect to a ireless ro'ter.
-ro'+leshoot common ireless config'ration iss'es.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
4/75
2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID "
". $ireless Conce!ts
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
5/75
Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
Supporting Mobilit
Prod'ctivity is no longer restricted to a fied or/ location or adefined time !eriod.
Peo!le no e!ect to +e connected at any time and !lace, fromthe office to the air!ort or the home.
sers no e!ect to +e a+le to roam irelessly. 1oaming ena+les a ireless device to maintain Internet access
itho't losing a connection.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
6/75
Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
!ene"its o" Wireless
Increased flei+ility
Increased !rod'ctivity
1ed'ced costs
A+ility to gro and ada!t tochanging re3'irements
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
7/75Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
Wireless #echnologies
$ireless netor/s can +e classified +roadly as#
Wireless personal$area network %W&AN'5 (!erates in the rangeof a fe feet 67l'etooth.
Wireless LAN %WLAN'5 (!erates in the range of a fe h'ndred
feet. Wireless wi(e$area network %WWAN'5 (!erates in the range of
miles.
!luetooth5 An I999 802.* $PA& standard: 'ses a device;
!airing !rocess to comm'nicate over distances '! to .0* mile
600m. Wi$)i %wireless "i(elit'5 An I999 802. $%A& standard:
!rovides netor/ access to home and cor!orate 'sers, to incl'de
data, voice and video traffic, to distances '! to 0.8 mile 6)00m.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
8/75Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
Wireless #echnologies %cont*'
Worl(wi(e +nteroperabilit "or Microwave Access %WiMA,'5 AnI999 802. $$A& standard that !rovides ireless +road+and
access of '! to )0 mi 6*0 /m.
Cellular broa(ban(5 Consists of vario's cor!orate, national, and
international organi
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
9/75Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
-a(io )re.uencies
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
10/75Presentation_ID 0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
/01*22 Stan(ar(s
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
11/75Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
Wi$)i Certi"ication
-he $i;>i Alliance certifies $i;>i and the folloing !rod'ctcom!ati+ility#
I999 802.a?+?g?n?ac?ad;com!ati+le.
I999 802.i sec're 'sing $PA2@ and 9tensi+le A'thentication
Protocol 69AP
$i;>i Protected Set'! 6$PS to sim!lify device connections.
$i;>i Direct to share media +eteen devices
$i;>i Pass!oint to sim!lify sec'rely connecting to $i;>i hots!ot
netor/s
$i;>i iracast to seamlessly dis!lay video +eteen devices
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
12/75Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN Components
Comparing WLANs to LANs
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
13/75Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Wireless N+Cs
$ireless de!loyment
re3'ires#
9nd devices ith
ireless &ICs
Infrastr'ct're device,
s'ch as a ireless
ro'ter or ireless AP
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
14/75Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Wireless 3ome -outer
A home 'ser ty!ically
interconnects ireless
devices 'sing a small,
integrated ireless
ro'ter.
-hese serve as#
access !oint
9thernet sitch
ro'ter
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
15/75Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
!usiness Wireless Solutions
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
16/75Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Wireless Access &oints
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
17/75Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Small Wireless eploment Solutions
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
18/75Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Small Wireless eploment Solutions %cont*'
9ach AP is config'red
and managed
individ'ally.
-his can +ecome a
!ro+lem hen several
APs are re3'ired.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
19/75Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Small Wireless eploment Solutions
S'!!ort the cl'stering ofAPs itho't the 'se of a
controller.
'lti!le APs can +ede!loyed and !'shed to a
single config'ration to alldevices ithin the cl'ster,managing the irelessnetor/ as a singlesystem itho't orrying
a+o't interference+eteen APs, and itho'tconfig'ring each AP as ase!arate device.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
20/75Presentation_ID 20 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Large Wireless eploment Solutions
>or larger organi
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
21/75Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Large Wireless eploment Solutions %cont*'
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
22/75Presentation_ID 22 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Large Wireless eploment Solutions %cont*'
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
23/75Presentation_ID 2) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Components o" WLANs
Wireless Antennas
Cisco Aironet APs can 'se# Omni(irectional Wi$)i Antennas5 >actory $i;>i gear often 'ses
+asic di!ole antennas, also referred to as Br'++er d'c/ design,
similar to those 'sed on al/ie;tal/ie radios. (mnidirectional
antennas !rovide )0;degree coverage.
irectional Wi$)i Antennas5 Directional antennas foc's the
radio signal in a given direction, hich enhances the signal to and
from the AP in the direction the antenna is !ointing.
5agi antennas5 -y!e of directional radio antenna that can +e
'sed for long;distance $i;>i netor/ing.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
24/75Presentation_ID 2" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 WLAN #opologies
/01*22 Wireless #opolog Mo(es
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
25/75
Presentation_ID 2* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 WLAN #opologies
/01*22 Wireless #opolog Mo(es %cont*'
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
26/75
Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 WLAN #opologies
A( 3oc Mo(e
#ethering6!ersonal hots!ot 5 ariation of the Ad Eoc to!ology
hen a smart !hone or ta+let ith cell'lar data access is ena+led to
create a !ersonal hots!ot.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
27/75
Presentation_ID 24 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 WLAN #opologies
+n"rastructure Mo(e
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
28/75
Presentation_ID 28 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 WLAN #opologies
+n"rastructure Mo(e %cont*'
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
29/75
2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID 2=
".2 $ireless %A& (!erations
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
30/75
Presentation_ID )0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
Wireless /01*22 )rame
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
31/75
Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
Wireless /01*22 )rame
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
32/75
Presentation_ID )2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
)rame Control )iel(
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
33/75
Presentation_ID )) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
Wireless )rame #pe
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
34/75
Presentation_ID )" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
Management )rames
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
35/75
Presentation_ID )* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
/01*22 )rame Structure
Control )rames
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
36/75
Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Wireless Operation
CSMA6CA
CSA?CA >lochart
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
37/75
Presentation_ID )4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Wireless Operation
Wireless Clients an( Access &oint Association
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
38/75
Presentation_ID )8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Wireless Operation
Association &arameters
SS+5ni3'e identifier that ireless clients 'se to disting'ish+eteen m'lti!le ireless netor/s in the same vicinity.
&asswor(51e3'ired from the ireless client to a'thenticate to theAP. Sometimes called the sec'rity /ey.
Network mo(e51efers to the 802.a?+?g?n?ac?ad $%A&
standards. APs and ireless ro'ters can o!erate in a mied mode:i.e., it can sim'ltaneo'sly 'se m'lti!le standards.
Securit mo(e51efers to the sec'rity !arameter settings, s'ch as$9P, $PA, or $PA2.
Channel settings51efers to the fre3'ency +ands 'sed to transmitireless data. $ireless ro'ters and AP can choose the channelsetting or it can +e man'ally set.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
39/75
Presentation_ID )= 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Wireless Operation
iscovering A&s
&assive mo(e AP advertises its service +y sending +roadcast +eacon frames
containing the SSID, s'!!orted standards, and sec'rity settings.
-he +eaconFs !rimary !'r!ose is to allo ireless clients to learn
hich netor/s and APs are availa+le in a given area.
Active mo(e
$ireless clients m'st /no the name of the SSID.
$ireless client initiates the !rocess +y +roadcasting a !ro+e re3'est
frame on m'lti!le channels.
Pro+e re3'est incl'des the SSID name and standards s'!!orted. ay +e re3'ired if an AP or ireless ro'ter is config'red to not
+roadcast +eacon frames.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
40/75
Presentation_ID "0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Wireless Operation
Authentication
Open authentication5 A&%% a'thentication herethe ireless client saysBa'thenticate me and the APres!onds ith Byes. sed
here sec'rity is of noconcern.
Share( ke authentication5-echni3'e is +ased on a /eythat is !re;shared +eteen
the client and the AP.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
41/75
Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
)re.uenc Channel Saturation
irect$se.uence sprea( spectrum %SSS' ses s!read;s!ectr'm mod'lation techni3'e: designed to s!read
a signal over a larger fre3'ency +and ma/ing it more resistant to
interference.
sed +y 802.+.
)re.uenc$hopping sprea( spectrum %)3SS'
1elies on s!read;s!ectr'm methods to comm'nicate.
-ransmits radio signals +y ra!idly sitching a carrier signal among
many fre3'ency channels.
-his channel;ho!!ing !rocess allos for a more efficient 'sage ofthe channels, decreasing channel congestion.
sed +y the original 802. standard.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
42/75
Presentation_ID "2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
)re.uenc Channel Saturation %cont*'
Orthogonal )re.uenc$ivision Multiple7ing %O)M'
S'+set of fre3'ency division m'lti!leing in hich a single channel
'tiliD 'ses s'+channels, channel 'sage is very efficient.
sed +y a n'm+er of comm'nication systems, incl'ding802.a?g?n?ac.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
43/75
Presentation_ID ") 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
Selecting Channels
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
44/75
Presentation_ID "" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
Selecting Channels %cont*'
-he sol'tion to 802.+ interference is to 'se
nonoverla!!ing channels , , and .
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
45/75
Presentation_ID "* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
Selecting Channels %cont*'
se channels in the larger, less;croded * HE< +and,
red'cing Baccidental denial of service 6DoS, this +and can
s'!!ort fo'r non;overla!!ing channels.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
46/75
Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
Selecting Channels %cont*'
Channel +onding com+ines to 20;E< channels into one
"0;E< channel.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
47/75
Presentation_ID "4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Channel Management
&lanning a WLAN eploment
If APs are to 'se eisting
iring, or if there are
locations here APs
cannot +e !laced, note
these locations on the
ma!.
Position APs a+ove
o+str'ctions.
Position APs vertically
near the ceiling in thecenter of each coverage
area, if !ossi+le.
Position APs in locations
here 'sers are e!ected
to +e.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
48/75
2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID "8
".) $ireless %A& Sec'rity
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
49/75
Presentation_ID "= 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN #hreats
Securing Wireless
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
50/75
Presentation_ID *0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN #hreats
oS Attack
$ireless DoS attac/s can +e the res'lt of#
Im!ro!erly config'red devices.
Config'ration errors can disa+le the $%A&.
A malicio's 'ser intentionally interfering ith the ireless
comm'nication. Disa+le the ireless netor/ here no legitimatedevice can access the medi'm.
Accidental interference
$%A&s o!erate in the 'nlicensed fre3'ency +ands and are !rone to
interference from other ireless devices. ay occ'r from s'ch devices as microave ovens, cordless !hones,
+a+y monitors, and more.
2." HE< +and is more !rone to interference than the * HE< +and.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
51/75
Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN #hreats
Management )rame oS Attacks
A spoo"e( (isconnect attack
(cc'rs hen an attac/er sends a series of Bdisassociate
commands to all ireless clients.
Ca'se all clients to disconnect.
-he ireless clients immediately try to re;associate, hich creates
a +'rst of traffic.A C#S "loo(
An attac/er ta/es advantage of the CSA?CA contention method
to mono!oli
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
52/75
Presentation_ID *2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN #hreats
-ogue Access &oints
A rog'e AP is an AP or ireless ro'ter that has +een# Connected to a cor!orate netor/ itho't e!licit a'thori
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
53/75
Presentation_ID *) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
WLAN #hreats
Man$in$the$Mi((le Attack
B9vil tin AP attac/# A !o!'lar ireless I- attac/ here an attac/er introd'ces a
rog'e AP and config'res it ith the same SSID as a legitimate AP.
%ocations offering free $i;>i, s'ch as air!orts, cafes, and
resta'rants, are hot+eds for this ty!e of attac/ d'e to the o!en
a'thentication.
Connecting ireless clients o'ld see to APs offering ireless
access. -hose near the rog'e AP find the stronger signal and most
li/ely associate ith the evil tin AP. ser traffic is no sent to the
rog'e AP, hich in t'rn ca!t'res the data and forards it to the
legitimate AP.
1et'rn traffic from the legitimate AP is sent to the rog'e AP,
ca!t'red, and then forarded to the 'ns's!ecting S-A.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
54/75
Presentation_ID *" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Securing WLANs
Wireless Securit Overview
se a'thentication and encry!tion to sec're a ireless netor/.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
55/75
Presentation_ID ** 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Securing WLANs
Share( 8e Authentication Metho(s
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
56/75
Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Securing WLANs
9ncrption Metho(sI999 802.i and the $i;>i Alliance $PA and $PA2 standards 'se
the folloing encry!tion !rotocols#
#emporal 8e +ntegrit &rotocol %#8+&'
sed +y $PA.
a/es 'se of $9P, +'t encry!ts the %ayer 2 !ayload 'sing
-IP, and carries o't a Cisco essage Integrity Chec/ 6IC. A(vance( 9ncrption Stan(ar( %A9S'
9ncry!tion method 'sed +y $PA2.
Preferred method +eca'se it aligns ith the ind'stry standard
I999 802.iA.
Stronger method of encry!tion.
ses the Co'nter Ci!her ode ith 7loc/ Chaining essage
A'thentication Code Protocol 6CCP.
Alays choose $PA2 ith A9S hen !ossi+le.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
57/75
Presentation_ID *4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Securing WLANs
Authenticating a 3ome ser$PA and $PA2 s'!!ort to ty!es of a'thentication#
&ersonal
Intended for home or small office netor/s, or a'thenticated
'sers ho 'se a !re;shared /ey 6PS.
&o s!ecial a'thentication server is re3'ired.
9nterprise
1e3'ires a 1emote A'thentication Dial;In ser Service
61ADIS a'thentication server.
Provides additional sec'rity.
sers m'st a'thenticate 'sing 802.J standard, hich 'sesthe 9tensi+le A'thentication Protocol 69AP for
a'thentication.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
58/75
Presentation_ID *8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Securing WLANs
Authentication in the 9nterprise
.9nter!rise sec'rity mode choices re3'ire an A'thentication,
A'thori
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
59/75
2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID *=
8." $ireless %A& Config'ration
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
60/75
Presentation_ID 0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Con"iguring a Wireless -outer
7efore installing a ireless ro'ter, consider the folloing settings#
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
61/75
Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Con"iguring a Wireless -outer
An Im!lementation Plan consists of the folloing ste!s#
Step 2*Start the $%A& im!lementation !rocess ith a single AP and
a single ireless client, itho't ena+ling ireless sec'rity.
Step 1*erify that the client has received a DECP IP address and can!ing the local, ired defa'lt ro'ter, and then +rose to the
eternal Internet.
Step ;*Config're ireless sec'rity 'sing $PA2?$PA ied Personal.
&ever 'se $9P 'nless no other o!tions eist.
Step 4*7ac/ '! the config'ration.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
62/75
Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Set p an( +nstall the Linkss 9AS
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
63/75
Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Con"iguring a Linkss Smart Wi$)i 3omepage
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
64/75
Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Smart Wi$)i Settings
Smart $i;>i settings ena+le yo' to# Config're the ro'terFs +asic settings for the local netor/.
Diagnose and tro'+leshoot connectivity iss'es on the netor/.
Sec're and !ersonali
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
65/75
Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
Smart Wi$)i #ools
evice List5 %ists ho is connected to the $%A&. Personaliuest Access5 Creates a se!arate netor/ for '! to *0 g'ests at
home hile /ee!ing netor/ files safe ith the H'est Access -ool.
&arental Controls5 Protects /ids and family mem+ers +yrestricting access to !otentially harmf'l e+sites
Me(ia &rioriti?ation5 Prioriti
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
66/75
Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"igure a Wireless -outer
!acking p a Con"iguration
-o +ac/ '! the config'ration ith the %in/sys 9A*00 ireless ro'ter,!erform the folloing ste!s#
Step 2*%og in to the Smart Wi$)i 3ome !age. Clic/
the #roubleshootingicon to dis!lay the -ro'+leshooting
Stat's indo.
Step 1*Clic/ the iagnosticta+ to o!en the Diagnostic-ro'+leshooting indo.
Step ;*nder the 1o'ter config'ration title, clic/ !ackupand save
the file to an a!!ro!riate folder.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
67/75
Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Con"iguring Wireless Clients
Connecting Wireless Clients
After the AP or ireless ro'ter has +een config'red, the ireless&IC on the client m'st +e altered to allo it to connect to the
$%A&.
-he 'ser sho'ld verify that the client has s'ccessf'lly connected
to the correct ireless netor/, +eca'se there may +e many
$%A&s availa+le ith hich to connect.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
68/75
Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
#roubleshoot WLAN +ssues
#roubleshooting Approaches
-hree main tro'+leshooting a!!roaches 'sed to resolve netor/!ro+lems#
!ottom$up5 Start at %ayer and or/ '!.
#op$(own5 Start at the to! layer and or/ don.
ivi(e$an($con.uer5 Ping the destination. If the !ings fail,verify the loer layers. If the !ings are s'ccessf'l, verify the
'!!er layers.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
69/75
Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
#roubleshoot WLAN +ssues
Wireless Client Not Connecting
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
70/75
Presentation_ID 40 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
#roubleshoot WLAN +ssues
#roubleshooting When the Network +s Slow
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
71/75
Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
#roubleshoot WLAN +ssues
p(ating )irmware
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
72/75
Presentation_ID 42 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Chapter 4: Summar
$%A&s are often im!lemented in homes, offices, and cam!'s
environments.
(nly the 2.", HE
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
73/75
Presentation_ID 4) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Chapter 4: Summar %cont*'
A Cisco Aironet AP can 'se an onmidirectional antenna, a directional
antenna, or a yagi antenna to direct signals.
I999 802.n?ac?ad 'se I( technology to im!rove thro'gh!'tand s'!!ort '! to fo'r antennas, sim'ltaneo'sly.
In ad;hoc mode or I7SS, to ireless devices connect to each other
in a P2P manner. In infrastr'ct're mode, APs connect to netor/ infrastr'ct're 'sing
the ired DS.
9ach AP defines a 7SS and is 'ni3'ely identified +y its 7SSID.
'lti!le 7SSs can +e Goined into an 9SS.
sing a !artic'lar SSID in an 9SS !rovides seamless roamingca!a+ilities among the 7SSs in the 9SS.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
74/75
Presentation_ID 4" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential
Chapter 4: Summar %cont*' Additional SSIDs can +e 'sed to segregate the level of netor/
access defined +y hich SSID is in 'se.
An S-A first a'thenticates ith an AP, and then associates ith thatAP.
-he 802.i?$PA2 a'thentication standard sho'ld +e 'sed. se theA9S encry!tion method ith $PA2.
$hen !lanning a ireless netor/, nonoverla!!ing channels sho'ld+e 'sed hen de!loying m'lti!le APs to cover a !artic'lar area.-here sho'ld +e a 05* !ercent overla! +eteen 7SAs in an 9SS.
Cisco APs s'!!ort Po9 to sim!lify installation.
$ireless netor/s are s!ecifically s'sce!ti+le to threats s'ch asireless intr'ders, rog'e APs, data interce!tion, and DoS attac/s.Cisco has develo!ed a range of sol'tions to mitigate against thesety!es of threats.
-
7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs
75/75