ScaN InstructorPPT Chapter4 Wireless LANs

download ScaN InstructorPPT Chapter4 Wireless LANs

of 75

Transcript of ScaN InstructorPPT Chapter4 Wireless LANs

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    1/75

    2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID

    Cha!ter "#

    $ireless %A&s

    Scaling Networks

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    2/75

    Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Chapter 4

    ".0 Introd'ction

    ". $ireless %A& Conce!ts

    ".2 $ireless %A& (!erations

    ".) $ireless %A& Sec'rity"." $ireless %A& Config'ration

    ".* S'mmary

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    3/75

    Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Chapter 4: Objectives

    Descri+e ireless %A& technology and standards.

    Descri+e the com!onents of a ireless %A& infrastr'ct're.

    Descri+e ireless to!ologies.

    Descri+e the 802. frame str'ct're.

    Descri+e the media contention method 'sed +y ireless technology.

    Descri+e channel management in a $%A&.

    Descri+e threats to ireless %A&s.

    Descri+e ireless %A& sec'rity mechanisms.

    Config're a ireless ro'ter to s'!!ort a remote site.

    Config're ireless clients to connect to a ireless ro'ter.

    -ro'+leshoot common ireless config'ration iss'es.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    4/75

    2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID "

    ". $ireless Conce!ts

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    5/75

    Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    Supporting Mobilit

    Prod'ctivity is no longer restricted to a fied or/ location or adefined time !eriod.

    Peo!le no e!ect to +e connected at any time and !lace, fromthe office to the air!ort or the home.

    sers no e!ect to +e a+le to roam irelessly. 1oaming ena+les a ireless device to maintain Internet access

    itho't losing a connection.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    6/75

    Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    !ene"its o" Wireless

    Increased flei+ility

    Increased !rod'ctivity

    1ed'ced costs

    A+ility to gro and ada!t tochanging re3'irements

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    7/75Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    Wireless #echnologies

    $ireless netor/s can +e classified +roadly as#

    Wireless personal$area network %W&AN'5 (!erates in the rangeof a fe feet 67l'etooth.

    Wireless LAN %WLAN'5 (!erates in the range of a fe h'ndred

    feet. Wireless wi(e$area network %WWAN'5 (!erates in the range of

    miles.

    !luetooth5 An I999 802.* $PA& standard: 'ses a device;

    !airing !rocess to comm'nicate over distances '! to .0* mile

    600m. Wi$)i %wireless "i(elit'5 An I999 802. $%A& standard:

    !rovides netor/ access to home and cor!orate 'sers, to incl'de

    data, voice and video traffic, to distances '! to 0.8 mile 6)00m.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    8/75Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    Wireless #echnologies %cont*'

    Worl(wi(e +nteroperabilit "or Microwave Access %WiMA,'5 AnI999 802. $$A& standard that !rovides ireless +road+and

    access of '! to )0 mi 6*0 /m.

    Cellular broa(ban(5 Consists of vario's cor!orate, national, and

    international organi

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    9/75Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    -a(io )re.uencies

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    10/75Presentation_ID 0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    /01*22 Stan(ar(s

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    11/75Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    Wi$)i Certi"ication

    -he $i;>i Alliance certifies $i;>i and the folloing !rod'ctcom!ati+ility#

    I999 802.a?+?g?n?ac?ad;com!ati+le.

    I999 802.i sec're 'sing $PA2@ and 9tensi+le A'thentication

    Protocol 69AP

    $i;>i Protected Set'! 6$PS to sim!lify device connections.

    $i;>i Direct to share media +eteen devices

    $i;>i Pass!oint to sim!lify sec'rely connecting to $i;>i hots!ot

    netor/s

    $i;>i iracast to seamlessly dis!lay video +eteen devices

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    12/75Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN Components

    Comparing WLANs to LANs

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    13/75Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Wireless N+Cs

    $ireless de!loyment

    re3'ires#

    9nd devices ith

    ireless &ICs

    Infrastr'ct're device,

    s'ch as a ireless

    ro'ter or ireless AP

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    14/75Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Wireless 3ome -outer

    A home 'ser ty!ically

    interconnects ireless

    devices 'sing a small,

    integrated ireless

    ro'ter.

    -hese serve as#

    access !oint

    9thernet sitch

    ro'ter

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    15/75Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    !usiness Wireless Solutions

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    16/75Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Wireless Access &oints

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    17/75Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Small Wireless eploment Solutions

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    18/75Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Small Wireless eploment Solutions %cont*'

    9ach AP is config'red

    and managed

    individ'ally.

    -his can +ecome a

    !ro+lem hen several

    APs are re3'ired.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    19/75Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Small Wireless eploment Solutions

    S'!!ort the cl'stering ofAPs itho't the 'se of a

    controller.

    'lti!le APs can +ede!loyed and !'shed to a

    single config'ration to alldevices ithin the cl'ster,managing the irelessnetor/ as a singlesystem itho't orrying

    a+o't interference+eteen APs, and itho'tconfig'ring each AP as ase!arate device.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    20/75Presentation_ID 20 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Large Wireless eploment Solutions

    >or larger organi

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    21/75Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Large Wireless eploment Solutions %cont*'

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    22/75Presentation_ID 22 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Large Wireless eploment Solutions %cont*'

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    23/75Presentation_ID 2) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Components o" WLANs

    Wireless Antennas

    Cisco Aironet APs can 'se# Omni(irectional Wi$)i Antennas5 >actory $i;>i gear often 'ses

    +asic di!ole antennas, also referred to as Br'++er d'c/ design,

    similar to those 'sed on al/ie;tal/ie radios. (mnidirectional

    antennas !rovide )0;degree coverage.

    irectional Wi$)i Antennas5 Directional antennas foc's the

    radio signal in a given direction, hich enhances the signal to and

    from the AP in the direction the antenna is !ointing.

    5agi antennas5 -y!e of directional radio antenna that can +e

    'sed for long;distance $i;>i netor/ing.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    24/75Presentation_ID 2" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 WLAN #opologies

    /01*22 Wireless #opolog Mo(es

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    25/75

    Presentation_ID 2* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 WLAN #opologies

    /01*22 Wireless #opolog Mo(es %cont*'

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    26/75

    Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 WLAN #opologies

    A( 3oc Mo(e

    #ethering6!ersonal hots!ot 5 ariation of the Ad Eoc to!ology

    hen a smart !hone or ta+let ith cell'lar data access is ena+led to

    create a !ersonal hots!ot.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    27/75

    Presentation_ID 24 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 WLAN #opologies

    +n"rastructure Mo(e

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    28/75

    Presentation_ID 28 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 WLAN #opologies

    +n"rastructure Mo(e %cont*'

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    29/75

    2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID 2=

    ".2 $ireless %A& (!erations

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    30/75

    Presentation_ID )0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    Wireless /01*22 )rame

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    31/75

    Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    Wireless /01*22 )rame

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    32/75

    Presentation_ID )2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    )rame Control )iel(

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    33/75

    Presentation_ID )) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    Wireless )rame #pe

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    34/75

    Presentation_ID )" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    Management )rames

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    35/75

    Presentation_ID )* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    /01*22 )rame Structure

    Control )rames

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    36/75

    Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Wireless Operation

    CSMA6CA

    CSA?CA >lochart

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    37/75

    Presentation_ID )4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Wireless Operation

    Wireless Clients an( Access &oint Association

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    38/75

    Presentation_ID )8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Wireless Operation

    Association &arameters

    SS+5ni3'e identifier that ireless clients 'se to disting'ish+eteen m'lti!le ireless netor/s in the same vicinity.

    &asswor(51e3'ired from the ireless client to a'thenticate to theAP. Sometimes called the sec'rity /ey.

    Network mo(e51efers to the 802.a?+?g?n?ac?ad $%A&

    standards. APs and ireless ro'ters can o!erate in a mied mode:i.e., it can sim'ltaneo'sly 'se m'lti!le standards.

    Securit mo(e51efers to the sec'rity !arameter settings, s'ch as$9P, $PA, or $PA2.

    Channel settings51efers to the fre3'ency +ands 'sed to transmitireless data. $ireless ro'ters and AP can choose the channelsetting or it can +e man'ally set.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    39/75

    Presentation_ID )= 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Wireless Operation

    iscovering A&s

    &assive mo(e AP advertises its service +y sending +roadcast +eacon frames

    containing the SSID, s'!!orted standards, and sec'rity settings.

    -he +eaconFs !rimary !'r!ose is to allo ireless clients to learn

    hich netor/s and APs are availa+le in a given area.

    Active mo(e

    $ireless clients m'st /no the name of the SSID.

    $ireless client initiates the !rocess +y +roadcasting a !ro+e re3'est

    frame on m'lti!le channels.

    Pro+e re3'est incl'des the SSID name and standards s'!!orted. ay +e re3'ired if an AP or ireless ro'ter is config'red to not

    +roadcast +eacon frames.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    40/75

    Presentation_ID "0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Wireless Operation

    Authentication

    Open authentication5 A&%% a'thentication herethe ireless client saysBa'thenticate me and the APres!onds ith Byes. sed

    here sec'rity is of noconcern.

    Share( ke authentication5-echni3'e is +ased on a /eythat is !re;shared +eteen

    the client and the AP.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    41/75

    Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    )re.uenc Channel Saturation

    irect$se.uence sprea( spectrum %SSS' ses s!read;s!ectr'm mod'lation techni3'e: designed to s!read

    a signal over a larger fre3'ency +and ma/ing it more resistant to

    interference.

    sed +y 802.+.

    )re.uenc$hopping sprea( spectrum %)3SS'

    1elies on s!read;s!ectr'm methods to comm'nicate.

    -ransmits radio signals +y ra!idly sitching a carrier signal among

    many fre3'ency channels.

    -his channel;ho!!ing !rocess allos for a more efficient 'sage ofthe channels, decreasing channel congestion.

    sed +y the original 802. standard.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    42/75

    Presentation_ID "2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    )re.uenc Channel Saturation %cont*'

    Orthogonal )re.uenc$ivision Multiple7ing %O)M'

    S'+set of fre3'ency division m'lti!leing in hich a single channel

    'tiliD 'ses s'+channels, channel 'sage is very efficient.

    sed +y a n'm+er of comm'nication systems, incl'ding802.a?g?n?ac.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    43/75

    Presentation_ID ") 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    Selecting Channels

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    44/75

    Presentation_ID "" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    Selecting Channels %cont*'

    -he sol'tion to 802.+ interference is to 'se

    nonoverla!!ing channels , , and .

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    45/75

    Presentation_ID "* 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    Selecting Channels %cont*'

    se channels in the larger, less;croded * HE< +and,

    red'cing Baccidental denial of service 6DoS, this +and can

    s'!!ort fo'r non;overla!!ing channels.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    46/75

    Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    Selecting Channels %cont*'

    Channel +onding com+ines to 20;E< channels into one

    "0;E< channel.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    47/75

    Presentation_ID "4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Channel Management

    &lanning a WLAN eploment

    If APs are to 'se eisting

    iring, or if there are

    locations here APs

    cannot +e !laced, note

    these locations on the

    ma!.

    Position APs a+ove

    o+str'ctions.

    Position APs vertically

    near the ceiling in thecenter of each coverage

    area, if !ossi+le.

    Position APs in locations

    here 'sers are e!ected

    to +e.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    48/75

    2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID "8

    ".) $ireless %A& Sec'rity

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    49/75

    Presentation_ID "= 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN #hreats

    Securing Wireless

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    50/75

    Presentation_ID *0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN #hreats

    oS Attack

    $ireless DoS attac/s can +e the res'lt of#

    Im!ro!erly config'red devices.

    Config'ration errors can disa+le the $%A&.

    A malicio's 'ser intentionally interfering ith the ireless

    comm'nication. Disa+le the ireless netor/ here no legitimatedevice can access the medi'm.

    Accidental interference

    $%A&s o!erate in the 'nlicensed fre3'ency +ands and are !rone to

    interference from other ireless devices. ay occ'r from s'ch devices as microave ovens, cordless !hones,

    +a+y monitors, and more.

    2." HE< +and is more !rone to interference than the * HE< +and.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    51/75

    Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN #hreats

    Management )rame oS Attacks

    A spoo"e( (isconnect attack

    (cc'rs hen an attac/er sends a series of Bdisassociate

    commands to all ireless clients.

    Ca'se all clients to disconnect.

    -he ireless clients immediately try to re;associate, hich creates

    a +'rst of traffic.A C#S "loo(

    An attac/er ta/es advantage of the CSA?CA contention method

    to mono!oli

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    52/75

    Presentation_ID *2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN #hreats

    -ogue Access &oints

    A rog'e AP is an AP or ireless ro'ter that has +een# Connected to a cor!orate netor/ itho't e!licit a'thori

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    53/75

    Presentation_ID *) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    WLAN #hreats

    Man$in$the$Mi((le Attack

    B9vil tin AP attac/# A !o!'lar ireless I- attac/ here an attac/er introd'ces a

    rog'e AP and config'res it ith the same SSID as a legitimate AP.

    %ocations offering free $i;>i, s'ch as air!orts, cafes, and

    resta'rants, are hot+eds for this ty!e of attac/ d'e to the o!en

    a'thentication.

    Connecting ireless clients o'ld see to APs offering ireless

    access. -hose near the rog'e AP find the stronger signal and most

    li/ely associate ith the evil tin AP. ser traffic is no sent to the

    rog'e AP, hich in t'rn ca!t'res the data and forards it to the

    legitimate AP.

    1et'rn traffic from the legitimate AP is sent to the rog'e AP,

    ca!t'red, and then forarded to the 'ns's!ecting S-A.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    54/75

    Presentation_ID *" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Securing WLANs

    Wireless Securit Overview

    se a'thentication and encry!tion to sec're a ireless netor/.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    55/75

    Presentation_ID ** 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Securing WLANs

    Share( 8e Authentication Metho(s

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    56/75

    Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Securing WLANs

    9ncrption Metho(sI999 802.i and the $i;>i Alliance $PA and $PA2 standards 'se

    the folloing encry!tion !rotocols#

    #emporal 8e +ntegrit &rotocol %#8+&'

    sed +y $PA.

    a/es 'se of $9P, +'t encry!ts the %ayer 2 !ayload 'sing

    -IP, and carries o't a Cisco essage Integrity Chec/ 6IC. A(vance( 9ncrption Stan(ar( %A9S'

    9ncry!tion method 'sed +y $PA2.

    Preferred method +eca'se it aligns ith the ind'stry standard

    I999 802.iA.

    Stronger method of encry!tion.

    ses the Co'nter Ci!her ode ith 7loc/ Chaining essage

    A'thentication Code Protocol 6CCP.

    Alays choose $PA2 ith A9S hen !ossi+le.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    57/75

    Presentation_ID *4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Securing WLANs

    Authenticating a 3ome ser$PA and $PA2 s'!!ort to ty!es of a'thentication#

    &ersonal

    Intended for home or small office netor/s, or a'thenticated

    'sers ho 'se a !re;shared /ey 6PS.

    &o s!ecial a'thentication server is re3'ired.

    9nterprise

    1e3'ires a 1emote A'thentication Dial;In ser Service

    61ADIS a'thentication server.

    Provides additional sec'rity.

    sers m'st a'thenticate 'sing 802.J standard, hich 'sesthe 9tensi+le A'thentication Protocol 69AP for

    a'thentication.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    58/75

    Presentation_ID *8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Securing WLANs

    Authentication in the 9nterprise

    .9nter!rise sec'rity mode choices re3'ire an A'thentication,

    A'thori

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    59/75

    2008 Cisco Systems, Inc. Al l r ights reserved. Cisco ConfidentialPresentation_ID *=

    8." $ireless %A& Config'ration

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    60/75

    Presentation_ID 0 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Con"iguring a Wireless -outer

    7efore installing a ireless ro'ter, consider the folloing settings#

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    61/75

    Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Con"iguring a Wireless -outer

    An Im!lementation Plan consists of the folloing ste!s#

    Step 2*Start the $%A& im!lementation !rocess ith a single AP and

    a single ireless client, itho't ena+ling ireless sec'rity.

    Step 1*erify that the client has received a DECP IP address and can!ing the local, ired defa'lt ro'ter, and then +rose to the

    eternal Internet.

    Step ;*Config're ireless sec'rity 'sing $PA2?$PA ied Personal.

    &ever 'se $9P 'nless no other o!tions eist.

    Step 4*7ac/ '! the config'ration.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    62/75

    Presentation_ID 2 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Set p an( +nstall the Linkss 9AS

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    63/75

    Presentation_ID ) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Con"iguring a Linkss Smart Wi$)i 3omepage

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    64/75

    Presentation_ID " 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Smart Wi$)i Settings

    Smart $i;>i settings ena+le yo' to# Config're the ro'terFs +asic settings for the local netor/.

    Diagnose and tro'+leshoot connectivity iss'es on the netor/.

    Sec're and !ersonali

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    65/75

    Presentation_ID * 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    Smart Wi$)i #ools

    evice List5 %ists ho is connected to the $%A&. Personaliuest Access5 Creates a se!arate netor/ for '! to *0 g'ests at

    home hile /ee!ing netor/ files safe ith the H'est Access -ool.

    &arental Controls5 Protects /ids and family mem+ers +yrestricting access to !otentially harmf'l e+sites

    Me(ia &rioriti?ation5 Prioriti

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    66/75

    Presentation_ID 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"igure a Wireless -outer

    !acking p a Con"iguration

    -o +ac/ '! the config'ration ith the %in/sys 9A*00 ireless ro'ter,!erform the folloing ste!s#

    Step 2*%og in to the Smart Wi$)i 3ome !age. Clic/

    the #roubleshootingicon to dis!lay the -ro'+leshooting

    Stat's indo.

    Step 1*Clic/ the iagnosticta+ to o!en the Diagnostic-ro'+leshooting indo.

    Step ;*nder the 1o'ter config'ration title, clic/ !ackupand save

    the file to an a!!ro!riate folder.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    67/75

    Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Con"iguring Wireless Clients

    Connecting Wireless Clients

    After the AP or ireless ro'ter has +een config'red, the ireless&IC on the client m'st +e altered to allo it to connect to the

    $%A&.

    -he 'ser sho'ld verify that the client has s'ccessf'lly connected

    to the correct ireless netor/, +eca'se there may +e many

    $%A&s availa+le ith hich to connect.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    68/75

    Presentation_ID 8 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    #roubleshoot WLAN +ssues

    #roubleshooting Approaches

    -hree main tro'+leshooting a!!roaches 'sed to resolve netor/!ro+lems#

    !ottom$up5 Start at %ayer and or/ '!.

    #op$(own5 Start at the to! layer and or/ don.

    ivi(e$an($con.uer5 Ping the destination. If the !ings fail,verify the loer layers. If the !ings are s'ccessf'l, verify the

    '!!er layers.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    69/75

    Presentation_ID = 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    #roubleshoot WLAN +ssues

    Wireless Client Not Connecting

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    70/75

    Presentation_ID 40 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    #roubleshoot WLAN +ssues

    #roubleshooting When the Network +s Slow

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    71/75

    Presentation_ID 4 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    #roubleshoot WLAN +ssues

    p(ating )irmware

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    72/75

    Presentation_ID 42 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Chapter 4: Summar

    $%A&s are often im!lemented in homes, offices, and cam!'s

    environments.

    (nly the 2.", HE

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    73/75

    Presentation_ID 4) 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Chapter 4: Summar %cont*'

    A Cisco Aironet AP can 'se an onmidirectional antenna, a directional

    antenna, or a yagi antenna to direct signals.

    I999 802.n?ac?ad 'se I( technology to im!rove thro'gh!'tand s'!!ort '! to fo'r antennas, sim'ltaneo'sly.

    In ad;hoc mode or I7SS, to ireless devices connect to each other

    in a P2P manner. In infrastr'ct're mode, APs connect to netor/ infrastr'ct're 'sing

    the ired DS.

    9ach AP defines a 7SS and is 'ni3'ely identified +y its 7SSID.

    'lti!le 7SSs can +e Goined into an 9SS.

    sing a !artic'lar SSID in an 9SS !rovides seamless roamingca!a+ilities among the 7SSs in the 9SS.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    74/75

    Presentation_ID 4" 2008 Cisco Systems, Inc. Al l r ights reserved. Cisco Confidential

    Chapter 4: Summar %cont*' Additional SSIDs can +e 'sed to segregate the level of netor/

    access defined +y hich SSID is in 'se.

    An S-A first a'thenticates ith an AP, and then associates ith thatAP.

    -he 802.i?$PA2 a'thentication standard sho'ld +e 'sed. se theA9S encry!tion method ith $PA2.

    $hen !lanning a ireless netor/, nonoverla!!ing channels sho'ld+e 'sed hen de!loying m'lti!le APs to cover a !artic'lar area.-here sho'ld +e a 05* !ercent overla! +eteen 7SAs in an 9SS.

    Cisco APs s'!!ort Po9 to sim!lify installation.

    $ireless netor/s are s!ecifically s'sce!ti+le to threats s'ch asireless intr'ders, rog'e APs, data interce!tion, and DoS attac/s.Cisco has develo!ed a range of sol'tions to mitigate against thesety!es of threats.

  • 7/26/2019 ScaN InstructorPPT Chapter4 Wireless LANs

    75/75