Upload
irisdc
View
218
Download
0
Embed Size (px)
Citation preview
7/30/2019 Designing Optimizing Securing Wireless Networks
1/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing, optimizing and SecuringWireless Networks
0. Welcome
7/30/2019 Designing Optimizing Securing Wireless Networks
2/257
www.jcacademy.com | Telindus 2012 | slide 1
JOHN CORDIER ACADEMY
Floor Plan
7/30/2019 Designing Optimizing Securing Wireless Networks
3/257
www.jcacademy.com | Telindus 2012 | slide 2
JOHN CORDIER ACADEMY
Schedule with break and lunch times.
09u00 - 10u30 1st course session
10u30 - 10u40 Coffee
10u40 - 11u45 2nd course session
12u00 - 13u00 Lunch
13u15 - 15u00 3rd course session
15u00 - 15u15 Coffee
15u15 17u00 5th course session
Vegetarian plate possible
Coffee, tea, water and juice
soft drink with token
7/30/2019 Designing Optimizing Securing Wireless Networks
4/257
www.jcacademy.com | Telindus 2012 | slide 3
JOHN CORDIER ACADEMY
Information
Messages on the door.
Wireless access.
User and password
Telindus Reception (Floor 0)
7/30/2019 Designing Optimizing Securing Wireless Networks
5/257
www.jcacademy.com | Telindus 2012 | slide 4
JOHN CORDIER ACADEMY
Introduce yourself
Ask and answer questions
Give feedback
Who is your instructor?
7/30/2019 Designing Optimizing Securing Wireless Networks
6/257
www.jcacademy.com | Telindus 2012 | slide 5
JOHN CORDIER ACADEMY
Presentation of the students.
What I like to know from you:
Your name and work location
Your job responsibilities
Your networking experience
Your objectives for this course
7/30/2019 Designing Optimizing Securing Wireless Networks
7/257
www.jcacademy.com | Telindus 2012 | slide 6
Designing, optimizing and Securing Wireless Networks
01. Designing
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
8/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Introducing Wireless Networks and Topologies
7/30/2019 Designing Optimizing Securing Wireless Networks
9/257
www.jcacademy.com | Telindus 2012 | slide 8
Wireless LANs are evolving
JOHN CORDIER ACADEMY
Point Applications
Inventory ManagementBarcode Scanning
Mobile DataEmail
Web browsing
Business Ready Voice, Video, Data
802.112 Mbps
802.11b11 Mbps
802.11ag54 Mbps
802.11n300 Mbps
Next Gen. Wireless Ubiquitous mobile computing
Location Tracking
7/30/2019 Designing Optimizing Securing Wireless Networks
10/257
www.jcacademy.com | Telindus 2012 | slide 9
JOHN CORDIER ACADEMY
WLAN Standards Evolution
IEEE 802.11standard for wireless LAN radio devices was ratified in 1997
Standard included two transmit rates of 1 Mbit/s and 2 Mbit/s
1999: IEEE 802.11b standard for 11 Mb/s WLAN.
Transition from 2.4 GHz to 5 GHz
IEEE 802.11a (2000): 5 GHz offers a chance for higher data rates,
increased capacity, goal is to provide up to 54 Mbps
IEEE 802.11g (2000): 5.5, 11, 54 Mbps
IEEE 802.11n (sept. 2009): up to 600 Mbps?
7/30/2019 Designing Optimizing Securing Wireless Networks
11/257
www.jcacademy.com | Telindus 2012 | slide 10
Wireless Personal Area Network
WPANs provide connectivity in a personal area.
Links are usually peer to peer or small networks.
Applications range from simple (remote control) to complex (voice).
WPANs meet the need for ease of use, low cost, and portability.
Bluetooth is a typical example, running in 2.4 GHz.
< 5 10m
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
12/257
www.jcacademy.com | Telindus 2012 | slide 11
Wireless Local Areal Network
Range larger than WPAN, spectrum 2.4 GHz and 5 GHz
More power required
Multiple users expected
Designed to be flexible
< 100m
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
13/257
www.jcacademy.com | Telindus 2012 | slide 12
Wireless Metropolitan Area Network
Backbone or user coverage applications
Usually in licensed bands
Unlicensed bands possible but interference issues
Typically in city or suberb
> 100m
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
14/257
www.jcacademy.com | Telindus 2012 | slide 13
Wireless Wide Area Network
Large coverage areas
Issues: bandwidth and number of users
Cost based on usage duration or amount of information transmitted
JOHN CORDIER ACADEMY
UMTS HSPDA LTE
7/30/2019 Designing Optimizing Securing Wireless Networks
15/257
www.jcacademy.com | Telindus 2012 | slide 14
JOHN CORDIER ACADEMY
Standard Organizations for Wireless Networks
FCC
Federal Communications Commission
ETSI
European Telecommunications Standards Institute
Hyperlan (instead of 802.11a)
IEEE
Institute of Electrical and Electronics Engineers
802.11a, 802.11b, 802.11g, 802.11i, 802.11e
802.3AF
BIPT
Belgian Institute for Postal services and Telecommunications
7/30/2019 Designing Optimizing Securing Wireless Networks
16/257
www.jcacademy.com | Telindus 2012 | slide 15
JOHN CORDIER ACADEMY
What about WI-FI or Wireless Fidelity?
Before customers really started to complain about compatibility problems
six major players in WLAN field decided to start their own actions toensure compatibility
3Com, Aironet, Intersil, Lucent Technologies, Nokia and Symbol
Technologies formed an industry alliance called WECA in August 1999
http://www.wi-fizone.org/
http://www.wi-fi.org/
7/30/2019 Designing Optimizing Securing Wireless Networks
17/257
www.jcacademy.com | Telindus 2012 | slide 16
Wireless LAN deployment
Residential
Enterprise
Access for employees
Guest access
Wifi phones
Public access - Hotspots
Airports, Hotels, Restaurants, Public transportation, ....
Environment specific
Healthcare
Education
Retail
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
18/257
www.jcacademy.com | Telindus 2012 | slide 17
Ad-hoc networks
Independent Basic Service Set (IBSS)
Exists as soon as two wireless devices communicate
Limited in number of devices due to collision and organization
issues
JOHN CORDIER ACADEMY
Ad-hoc architecture
7/30/2019 Designing Optimizing Securing Wireless Networks
19/257
www.jcacademy.com | Telindus 2012 | slide 18
Infrastructure mode
Infrastructure Basic Service Set (BSS)
The AP functions as a translational bridge
between 802.3 wired media and 802.11 wireless media.
Wireless is a half-duplex environment.
JOHN CORDIER ACADEMY
Wireless cell
DS
7/30/2019 Designing Optimizing Securing Wireless Networks
20/257
www.jcacademy.com
| Telindus 2012 | slide 19
Infrastructure mode (ESS)
JOHN CORDIER ACADEMY
Channel 6
DS
Channel 1
7/30/2019 Designing Optimizing Securing Wireless Networks
21/257
www.jcacademy.com
| Telindus 2012 | slide 20
Wireless Outdoor Bridge
Extend the LAN by linking LANs
Point to point or hub and spoke
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
22/257
www.jcacademy.com
| Telindus 2012 | slide 21
Mesh
Devices are connected with redundant connection between nodes; nosingle point of failure
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
23/257
www.jcacademy.com
| Telindus 2012 | slide 22
JOHN CORDIER ACADEMY
Service Set Identifier (SSID)
Network name
32 octets long
Used to tell a wireless station what network to join
One network (ESS or IBSS) has one SSID
May be broadcasted or not
An Access point can have more then one ssid
7/30/2019 Designing Optimizing Securing Wireless Networks
24/257
www.jcacademy.com
| Telindus 2012 | slide 23
Designing, optimizing and Securing Wireless Networks
01. Designing
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
25/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Radio basics
WI-FI basics
Interference
7/30/2019 Designing Optimizing Securing Wireless Networks
26/257
www.jcacademy.com | Telindus 2012 | slide 25JOHN CORDIER ACADEMY
Wireless spectrum
Wireless networks use RF signals.
Radio frequencies are electromagnetic waves.
Spectrum defines wave sizes, grouped by categories.
Wireless network radio range is in the microwave segment.
Wireless Data902-928 MHz 26 MHz
2.4-2.4835 GHz 85 MHz
5.725-5850 GHz 125 MHz
7/30/2019 Designing Optimizing Securing Wireless Networks
27/257
www.jcacademy.com | Telindus 2012 | slide 26JOHN CORDIER ACADEMY
They made history
1837
Morse invents the telegraph
1876
James Clerck Maxwell develops the theory that predicts the existence
of electro-magnetic waves
1886
Heinrich Hertz demonstrates the existence of electro-magnetic waves
1901
Marconi transmits the letter S across the Atlantic Ocean
Wi l N t k Si l G Th h
http://images.google.com/imgres?imgurl=http://www.newgenevacenter.org/portrait/marconi.jpg&imgrefurl=http://www.newgenevacenter.org/reference/20th-1st2.htm&h=218&w=154&sz=6&tbnid=QHySVg80g8Vd2M:&tbnh=102&tbnw=72&hl=en&ei=LHQFRNacD6rWwgGoq-j7Dg&sig2=7vMjeMrH7YPzFE72pYT5LA&start=9&prev=/images?q=marconi&svnum=10&hl=en&lr=&rls=GGLG,GGLG:2005-23,GGLG:en&sa=Nhttp://images.google.com/imgres?imgurl=http://www.mk.tu-berlin.de/HHertz.jpg&imgrefurl=http://www.mk.tu-berlin.de/&h=256&w=172&sz=5&tbnid=MyUHN7P0vTI51M:&tbnh=107&tbnw=71&hl=en&ei=-XMFRI-cMMXIwQGXhOzjDg&sig2=71MTdnS91K1juUNPhusDkw&start=9&prev=/images?q=heinrich+hertz&svnum=10&hl=en&lr=http://images.google.com/imgres?imgurl=http://www.physik.tu-muenchen.de/~kressier/Bilder/Bios/Maxwell.jpg&imgrefurl=http://www.physik.tu-muenchen.de/~kressier/Bios/Maxwell.html&h=200&w=154&sz=6&tbnid=fs54DwIPQJlHVM:&tbnh=99&tbnw=76&hl=en&ei=wXMFRIayM7_mwQGbvpjsDg&sig2=CvtrAc76X5m-Ms6d1P3v0w&start=8&prev=/images?q=james+maxwell&svnum=10&hl=en&lr=http://images.google.com/imgres?imgurl=http://www.historyplace.com/specials/calendar/docs-pix/sam-morse.jpg&imgrefurl=http://www.historyplace.com/specials/calendar/april.htm&h=472&w=410&sz=52&tbnid=bfOkGwtqsFFx0M:&tbnh=125&tbnw=108&hl=en&ei=mnMFRJvJCLK2wgGs3NjyDg&sig2=MWTgo1xCzdHOxXNvjZrvnA&start=8&prev=/images?q=morse&svnum=10&hl=en&lr=7/30/2019 Designing Optimizing Securing Wireless Networks
28/257
www.jcacademy.com | Telindus 2012 | slide 27JOHN CORDIER ACADEMY
Wireless Network, Signals Go Through a process Amplitude indicates the strength of the RF signal
The frequency is the number of cycles occurring each second
The phase corresponds to how far the signal is offset from a reference
point
Modulator
Amplifier
Modulator
Amplifier
cf
AC and subsequent frequency changes are described as a Sine WaveRadio waves move at a speed of about 299,792 km per second
7/30/2019 Designing Optimizing Securing Wireless Networks
29/257
www.jcacademy.com | Telindus 2012 | slide 28JOHN CORDIER ACADEMY
The frequency determines how often a signal is seen.
One cycle per second equals 1 Hz.
Low frequencies travel farther in the air than high frequencies.
Frequency
7/30/2019 Designing Optimizing Securing Wireless Networks
30/257
www.jcacademy.com | Telindus 2012 | slide 29
Wavelength
JOHN CORDIER ACADEMY
The signal generated in the transmitter is sent to the antenna.
The movement of the electrons generates an electric field, which is the
electromagnetic wave.
The size of the cycle pattern is called the wavelength.
7/30/2019 Designing Optimizing Securing Wireless Networks
31/257
www.jcacademy.com | Telindus 2012 | slide 30
Amplitude
JOHN CORDIER ACADEMY
Amplitude is the vertical distance, or height, between crests.
For the same wavelength and frequency, different amplitudes can exist.
Amplitude represents the quantity of energy injected in the signal.
7/30/2019 Designing Optimizing Securing Wireless Networks
32/257
www.jcacademy.com | Telindus 2012 | slide 31JOHN CORDIER ACADEMY
Attenuation
the shorter the wavelength of a wireless signal, the more it is attenuated
M lti th
7/30/2019 Designing Optimizing Securing Wireless Networks
33/257
www.jcacademy.com | Telindus 2012 | slide 32JOHN CORDIER ACADEMY
Multipath
Obstacles cause the signal to bounce in different directions
1. A part of the signal might go directly to the destination
2. Another portion of the signal might bounce of a desk, ceiling,
1
2
Typical Reflectors
7/30/2019 Designing Optimizing Securing Wireless Networks
34/257
www.jcacademy.com | Telindus 2012 | slide 33JOHN CORDIER ACADEMY
Typical Reflectors
7/30/2019 Designing Optimizing Securing Wireless Networks
35/257
www.jcacademy.com | Telindus 2012 | slide 34
Line of Sight
JOHN CORDIER ACADEMY
Line of sight is necessary for good signal transmission.
Earth curvature plays a role in the quality of outdoor links, even with a
distance of a few miles (depending on the elevation of the transmitter and
receiver).
Visual obstacles may or may not prevent radio line of sight.
7/30/2019 Designing Optimizing Securing Wireless Networks
36/257
www.jcacademy.com | Telindus 2012 | slide 35JOHN CORDIER ACADEMY
Fresnel zone
Outdoor point to point connection needs radio line of sight
Fresnel zone
Is an elliptical area immediately surrounding the visual path
Parameters depend on the frequency and length of direct line
Fresnel Zone
7/30/2019 Designing Optimizing Securing Wireless Networks
37/257
www.jcacademy.com | Telindus 2012 | slide 36
RSSI and SNR
RSSI is the signal strength indicator.
The dBm value is obtained from a signal grading coefficient, whichis determined by the vendor.
RSSI usually a negative value, the closer to 0 the better.
SNR is signal strength relative to noise level.
The higher the SNR, the better.
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
38/257
www.jcacademy.com | Telindus 2012 | slide 37
Decibels
Compares powers,originally sounds
0 dB = same power
3 dB = twice the power
-3 dB = half the power
10 dB = 10 x the power
-10 dB = 1 tenth of the
power
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
39/257
www.jcacademy.com | Telindus 2012 | slide 38
dBm
Used for APtransmitters
Same scale as the
other dB
0 dBm = 1 mW
30 dBm = 1 W
- 20 dBm = 0.01 mW
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
40/257
www.jcacademy.com | Telindus 2012 | slide 39JOHN CORDIER ACADEMY
Signal strengths vary logarithmically, not linearly
dBm: Decibel milliWatt
This measurement is used to represent power
0 dBm defined as 1 milliWatt: 0 dBm = 10 log10(1 mW)
Access Points (APs) have a power output of +17dBm (50mW)
7/30/2019 Designing Optimizing Securing Wireless Networks
41/257
www.jcacademy.com | Telindus 2012 | slide 40
Decibel Referenced to Isotropic Antenna
dBi refers to an isotropic antenna.
This antenna is theoretical and does not exist in reality
dBi is used as a reference point to
compare antennae.
The same logarithm progression
applies to dBi as to the other
decibel scales.
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
42/257
www.jcacademy.com | Telindus 2012 | slide 41
Antenna Principles
The radiation pattern
describes coverage
shape.
RF radiation pattern is
described by E-plane
(elevation chart) and H-
plane (azimuth chart).
Expressed in dB.
Each antenna design
produces different RF
radiation patterns.
JOHN CORDIER ACADEMY
Everyday objects as antenna pattern illustrations
7/30/2019 Designing Optimizing Securing Wireless Networks
43/257
www.jcacademy.com | Telindus 2012 | slide 42JOHN CORDIER ACADEMY
Everyday objects as antenna pattern illustrations
Antenna radiation pattern
7/30/2019 Designing Optimizing Securing Wireless Networks
44/257
www.jcacademy.com | Telindus 2012 | slide 43JOHN CORDIER ACADEMY
Antenna radiation pattern Regions where the capability of the antenna is focused
3D patterns are indicated with an
azimuth pattern (horizontal plane)
elevation pattern (vertical plane)
0
90
180
2700 -3 -6 -10
-15-20-30
dB
TA-2304-120-T0Elevation Pattern
0
90
180
2700 -3 -6 -10
-15-20-30
dB
TA-2304-120-T0Azimuth Pattern
Antenna Beamwidth
7/30/2019 Designing Optimizing Securing Wireless Networks
45/257
www.jcacademy.com | Telindus 2012 | slide 44JOHN CORDIER ACADEMY
Antenna Beamwidth
Horizontal Beam width Vertical Beam width
7/30/2019 Designing Optimizing Securing Wireless Networks
46/257
www.jcacademy.com | Telindus 2012 | slide 45JOHN CORDIER ACADEMY
Antenna Polarization
Diversity
7/30/2019 Designing Optimizing Securing Wireless Networks
47/257
www.jcacademy.com | Telindus 2012 | slide 46JOHN CORDIER ACADEMY
Diversity
Dual antennas each receive a different signal
One may receive a bad signal while the other may receive a good
signal
Some wireless technologies use diversity to choose, on a per-client
basis, which antenna to use to receive and which to answer.
2 4 GHz Omni-Directional Antennas
7/30/2019 Designing Optimizing Securing Wireless Networks
48/257
www.jcacademy.com | Telindus 2012 | slide 47JOHN CORDIER ACADEMY
2.4 GHz Omni Directional Antennas
2 dBi Dipole "Standard Rubber Duck" 5.2 dBi Ceiling Mount 5.2 dBi Pillar Mount Diversity
2.4 GHz Directional Antennas
7/30/2019 Designing Optimizing Securing Wireless Networks
49/257
www.jcacademy.com | Telindus 2012 | slide 48JOHN CORDIER ACADEMY
2.4 GHz Directional Antennas
13.5 dBi Yagi Antenna 25 degree 21 dBi Parabolic Dish Antenna 12 degree
8.5 dBi Patch Antenna 60 degree
Eff ti I t i ll R di t d P
http://wireless.ictp.trieste.it/school_2004/lectures/rob/cantenna/04inside.htmlhttp://wireless.ictp.trieste.it/school_2004/lectures/rob/cantenna/03detail.htmlhttp://wireless.ictp.trieste.it/school_2004/lectures/rob/cantenna/03detail.html7/30/2019 Designing Optimizing Securing Wireless Networks
50/257
www.jcacademy.com | Telindus 2012 | slide 49JOHN CORDIER ACADEMY
Effective Isotropically Radiated Power
Plasterboard (gyproc) wall 3dB
Glass wall with metal frame 6dB
Office window 3dB
Metal door 6dB
Metal door in brick wall 12.4dB
Remember!3 dB = 12 the power in mW
+3 dB = 2 times the power in mW10 dB = 110 the power in mW+10 dB = 10 times the power in mW
7/30/2019 Designing Optimizing Securing Wireless Networks
51/257
www.jcacademy.com | Telindus 2012 | slide 50JOHN CORDIER ACADEMY
EIRP limits are country based
As are the channel sets
FCC
IC ETSI
Telec
2.4 GHz EIRP rules (ETSI)
7/30/2019 Designing Optimizing Securing Wireless Networks
52/257
www.jcacademy.com | Telindus 2012 | slide 51JOHN CORDIER ACADEMY
2.4 GHz EIRP rules (ETSI)
20 dBm is the maximum allowed EIRP
17 dBm maximum transmit power
Power can be reduced below 17 dBm in a 1:1 rule
Transmit power Transmitter dBm Maximum gain EIRP
Maximum 50 mW 17 dBm 3 dBi 20 dBm
Reduced Tx
power
30 mW 15 dBM 5 dBi 20 dBm
20 mW 13 dBm 7 dBi 20 dBm
5 mW 7 dBm 13 dBi 20 dBm
1 mW 0 dBm 20 dBi 20 dBm
7/30/2019 Designing Optimizing Securing Wireless Networks
53/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Radio basics
WI-FI basics
Interference
The Physical Components
7/30/2019 Designing Optimizing Securing Wireless Networks
54/257
www.jcacademy.com | Telindus 2012 | slide 53JOHN CORDIER ACADEMY
L1
L2DATA LINK
PHYSICALPhysical Medium Dependent (PMD)
The Physical Layer Convergence Procedure (PLCP)
Media Access Control sublayer (MAC)
Logical Link Control sublayer (LLC)
L3
L4
L5
L6
L7 APPLICATION
PRESENTATION
SESSION
TRANSPORT
NETWORK
This is WI-FI
WLAN technologies overview
7/30/2019 Designing Optimizing Securing Wireless Networks
55/257
www.jcacademy.com | Telindus 2012 | slide 54JOHN CORDIER ACADEMY
Wireless LAN Technologies
InfraredSpread
SpectrumNarrow Band
DirectSequence
FrequencyHopping
g
OFDM
Hedy Lamarr, 1913-2000
Secret Communication System Patented in1940
7/30/2019 Designing Optimizing Securing Wireless Networks
56/257
www.jcacademy.com | Telindus 2012 | slide 55
FHSS versus DSSS
JOHN CORDIER ACADEMY
FHSS is a time-based narrowband hopping of
frequencies.
DSSS is a broadband use of frequencies.
DSSS: Idea
7/30/2019 Designing Optimizing Securing Wireless Networks
57/257
www.jcacademy.com | Telindus 2012 | slide 56JOHN CORDIER ACADEMY
DSSS: Idea
7/30/2019 Designing Optimizing Securing Wireless Networks
58/257
www.jcacademy.com | Telindus 2012 | slide 57
DSSS: Encoding
JOHN CORDIER ACADEMY
Each bit is transformed into a sequence, called chip or symbol.
In this example, the chipping code is called Barker 11.
Up to 9 bits can be lost.
2 Mhz 22 Mhz
DSSS M d l ti DBPSK / DQPSK
7/30/2019 Designing Optimizing Securing Wireless Networks
59/257
www.jcacademy.com | Telindus 2012 | slide 58JOHN CORDIER ACADEMY
DSSS Modulation: DBPSK / DQPSK
DBPSK
RF Carrier
Data
DQPSKRF Carrier
I Channel
Q Channel
RF Carrier Symbols
A: 0o Phase ShiftB: 180o Phase Shift
0 1 0 0 1 0 1 1
BA AB BA
010
01 1
CD RF Carrier SymbolsA: 0o Phase ShiftB: 90o Phase ShiftC: 180o Phase ShiftD: 270o Phase Shift
B
1
0
A
B
DBPSK
Spread Spectrum Technologies PMD
7/30/2019 Designing Optimizing Securing Wireless Networks
60/257
www.jcacademy.com | Telindus 2012 | slide 59JOHN CORDIER ACADEMY
Spreading: Information signal (I.e. a symbol) is multiplied by a unique, high rate digital
code which stretches (spreads) its bandwidth before transmission.
Code bits are called Chips.
Sequence is called Barker Code
PLCP
CodeGenerator
X
Spreader
Code Bits (Chips)
Digital Signal (Bits)
FrequencySpectrum
f
Spread FrequencySpectrum
f
p p gDirect Sequence transmitter
Modulator
Amplifier
PMD
Spread Spectrum Technologies PMD
7/30/2019 Designing Optimizing Securing Wireless Networks
61/257
www.jcacademy.com | Telindus 2012 | slide 60JOHN CORDIER ACADEMY
At the receiver, the spread signal is multiplied again by a synchronized replica of the same
code, and is de-spread and recovered
The outcome of the process is the original symbol
Correlator
De-SpreadSignal
f
Spread FrequencySpectrum
f
Digital Signal (Bits)
Direct Sequence receiver
Modulator
Amplifier
Code
Generator
Code Bits (Chips)
XPLCP
Descrambler
PMD
Orthogonal Frequency-Division Multiplexing
7/30/2019 Designing Optimizing Securing Wireless Networks
62/257
www.jcacademy.com | Telindus 2012 | slide 61JOHN CORDIER ACADEMY
Of 64 subcarriers:
12 zero subcarriers (in black) on
sides and in center
Sides function as frequency
guard band, leaving 16.5-MHz
occupied bandwidth
Center subcarrier zero for DCoffset/carrier leak rejection
48 data subcarriers (in green) per
symbol
4 pilot subcarriers (in red) persymbol for synchronization and
tracking
7/30/2019 Designing Optimizing Securing Wireless Networks
63/257
www.jcacademy.com | Telindus 2012 | slide 62
OFDM Modulations: BPSK and QPSK
JOHN CORDIER ACADEMY
Uses the same principles as
DBPSK and DQPSK: BPSKshifts 180; QPSK shifts 90.
Speed depends on density ofsignal per tone.
Modulation Data Rate per
Subchannel (kb/s)
Total Data Rate
(Mb/s)
BPSK 125 6
BPSK 187.5 9QPSK 250 12
QPSK 375 18
OFDM Mudulation: QAM
7/30/2019 Designing Optimizing Securing Wireless Networks
64/257
www.jcacademy.com | Telindus 2012 | slide 63JOHN CORDIER ACADEMY
OFDM Mudulation: QAM
S15S9S6 S4
Conceptual
Illustration
With QAM, 90 shifts are
associated with
amplitude modulation.
With four amplitude
positions, 16 values are
possible.
OFDM for wireless uses16-QAM and 64-QAM,
with speeds up to 54
Mbps.
Channels and Overlap Issues
7/30/2019 Designing Optimizing Securing Wireless Networks
65/257
www.jcacademy.com | Telindus 2012 | slide 64JOHN CORDIER ACADEMY
Channels and Overlap Issues
ISM Band
12412
2401 2423
22417
2406 2428
32422
2411 2433
42427
2416 2438
52432
2421 2443
62437
2426 2448
72442
2431 2453
82447
2436 2458
92452
2441 2463
102457
2446 2468
112462
2451 2473
122467
2456 2478
132472
2461 2483
2400 MHz 2484 MHz
Channel
number
Top of channel
Center
frequency
Bottom of
channel
With channels built for 5-MHz interchannel space, each DSSS channel uses more
than one channel.
Only three or four nonoverlapping channels are available in the 2.4-GHz ISMband.
Emerging Industry Standards
7/30/2019 Designing Optimizing Securing Wireless Networks
66/257
www.jcacademy.com | Telindus 2012 | slide 65JOHN CORDIER ACADEMY
2.4GHz
WLAN
Market
5GHz WLAN
Market
Understanding the 5GHz spectrum
7/30/2019 Designing Optimizing Securing Wireless Networks
67/257
www.jcacademy.com | Telindus 2012 | slide 66JOHN CORDIER ACADEMY
In Europe 8 + 11 non-overlapping channels, each 20 MHz wide
11 Ch 4 Ch4 Ch 4 Ch
UNII-1 UNII-2 UNII-3
Unlicensed National Information Infrastructure
DFS & TPC
7/30/2019 Designing Optimizing Securing Wireless Networks
68/257
www.jcacademy.com | Telindus 2012 | slide 67JOHN CORDIER ACADEMY
Transmit Power Control (TPC):
Ensures that the minimum amount of radio power is used by the client
to communicate to the Access Point
Dynamic Frequency Selection (DFS):
Keep selected frequency, until interference is detected, and then
switch to new frequency. (Radar detection)
Types of radars covered by DFS
Civilian weather radars
Military naval navigation radars
Military air defense and missile systems radars
5 GHz WLAN standardisation issues Different high throughput standards
7/30/2019 Designing Optimizing Securing Wireless Networks
69/257
www.jcacademy.com | Telindus 2012 | slide 68JOHN CORDIER ACADEMY
g g p
US: 802.11a
Europe: 802.11h (IEEE) and Hiperlan 2 (ETSI)
802.11h 802.11a + TPC + DFS
TPC (Transmit Power Control)
Provides minimum required transmitter power for EACH user
Provides minimal interference to any other users or system
DFS (Dynamic Frequency Selection) lets the device listen to what is
happening in the airspace before picking a channel
802.11h is backward-compatible with 802.11a, but it is likely that 802.11a
products bought in the U.S. won't work with European 802.11h access
points.
HiperLAN2 and 802.11a/h have nearly identical physical layers
Very different at the MAC (Media Access Control) level
Products are not interoperable
7/30/2019 Designing Optimizing Securing Wireless Networks
70/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Radio basics
WI-FI basics
Interference
7/30/2019 Designing Optimizing Securing Wireless Networks
71/257
www.jcacademy.com | Telindus 2012 | slide 70JOHN CORDIER ACADEMY
Choosing a Channel
7/30/2019 Designing Optimizing Securing Wireless Networks
72/257
www.jcacademy.com | Telindus 2012 | slide 71JOHN CORDIER ACADEMY
Choosing a Channel
??
??
RF O t t
7/30/2019 Designing Optimizing Securing Wireless Networks
73/257
www.jcacademy.com | Telindus 2012 | slide 72JOHN CORDIER ACADEMY
RF Output power
dBm is measure of absolute power output
Formula:
dbM = 10 log (Power in milliwatts)
An increase in 10 dBm means 10x the output
power
Exs.
0 dBm = 1 mW (Bluetooth)
10 dBm = 10 mW
20 dBm = 100 mW (802.11, Phones)
30 dBm = 1 Watt (FCC Limit)
RF P ti L
7/30/2019 Designing Optimizing Securing Wireless Networks
74/257
www.jcacademy.com | Telindus 2012 | slide 73JOHN CORDIER ACADEMY
RF Propagation Loss
dB is a relative power measurement
Near field: 1 Meter distance results in a 40 dB loss
Every 2x increase in distance = 10 dB loss indoor (6 dB loss outdoor)
Exs. (indoor)
2 Meters = 50 dB loss
4 meters = 60 dB loss
8 meters = 70 dB loss
7/30/2019 Designing Optimizing Securing Wireless Networks
75/257
www.jcacademy.com | Telindus 2012 | slide 74JOHN CORDIER ACADEMY
Netstumbler
I SSID
7/30/2019 Designing Optimizing Securing Wireless Networks
76/257
www.jcacademy.com | Telindus 2012 | slide 75
InSSIDer
JOHN CORDIER ACADEMY
Wi Fi I t
7/30/2019 Designing Optimizing Securing Wireless Networks
77/257
www.jcacademy.com | Telindus 2012 | slide 76
Wi-Fi Inspector
JOHN CORDIER ACADEMY
Site survey: what constitutes an acceptable signal?
7/30/2019 Designing Optimizing Securing Wireless Networks
78/257
www.jcacademy.com | Telindus 2012 | slide 77JOHN CORDIER ACADEMY
Signal level
Noise floor
Packet completion rate
A low RF signal does NOT mean poor communication
A low signal quality DOES mean poor communication
Recognizing (and Assessing) Problems
7/30/2019 Designing Optimizing Securing Wireless Networks
79/257
www.jcacademy.com | Telindus 2012 | slide 78JOHN CORDIER ACADEMY
802.11 stats are good secondary indicators that interference is having an impact
Retries > 10%
Data Rate lower than normal
Time
Power
levelAverage
power
Noise
floor
Fading
depth
Target
SNRError
> 40dB SNR = Excellent signal (5 bars);
7/30/2019 Designing Optimizing Securing Wireless Networks
80/257
www.jcacademy.com | Telindus 2012 | slide 79JOHN CORDIER ACADEMY
g ( );
always associated; lightening fast.
25dB to 40dB SNR = Very good signal (3 - 4 bars);
always associated; very fast.
15dB to 25dB SNR = Low signal (2 bars);
always associated; usually fast.
10dB - 15dB SNR = very low signal (1 bar);
mostly associated; mostly slow.
5dB to 10dB SNR = no signal;
not associated; no go.
Non-WiFi Interference Sources
7/30/2019 Designing Optimizing Securing Wireless Networks
81/257
www.jcacademy.com | Telindus 2012 | slide 80JOHN CORDIER ACADEMY
Non-WiFi Interference Sources
wireless video
cameras
fluorescent lights
BluetoothMicrowave ovens
2.4/5 GHz
cordless phones
radar
Wireless
headphones
Wireless
Game Controller Motion detectors
http://www.1000bulbs.com/category.php?category=127/30/2019 Designing Optimizing Securing Wireless Networks
82/257
www.jcacademy.com | Telindus 2012 | slide 81JOHN CORDIER ACADEMY
802.11b Signature
Arch
~22 MHz wide
Centered on 802.11 channel
7/30/2019 Designing Optimizing Securing Wireless Networks
83/257
www.jcacademy.com | Telindus 2012 | slide 82JOHN CORDIER ACADEMY
802.11g Signature
Flat
Sloping shoulders
~18 MHz wide
Centered on 802.11 channel
7/30/2019 Designing Optimizing Securing Wireless Networks
84/257
www.jcacademy.com | Telindus 2012 | slide 83
Planning Tools Cisco Spectrum Expert
Example: Microwave
7/30/2019 Designing Optimizing Securing Wireless Networks
85/257
www.jcacademy.com | Telindus 2012 | slide 84
Planning Tools Cisco Spectrum Expert
Example: Microwave
How to Mitigate Problems
7/30/2019 Designing Optimizing Securing Wireless Networks
86/257
www.jcacademy.com | Telindus 2012 | slide 85JOHN CORDIER ACADEMY
How to Mitigate Problems
Find and Remove Interference Device!
Shield Interference Device
Grounded shield
Change channels of AP
Ex. Microwave affecting some frequencies worse than others
Increase Tx Power of AP
Possibly use directional antenna to direct more power in desired areas.
Tx Data Rate controls
Dont allow the lowest data rates, to avoid false back-off
Trade-off because lower data rates are more noise immune
Designing, optimizing and Securing Wireless Networks
7/30/2019 Designing Optimizing Securing Wireless Networks
87/257
www.jcacademy.com | Telindus 2012 | slide 86
01. Designing
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
88/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
802.11n
What does 802.11n deliver?
7/30/2019 Designing Optimizing Securing Wireless Networks
89/257
www.jcacademy.com | Telindus 2012 | slide 88JOHN CORDIER ACADEMY
Ways to increase data rate: Conventional
7/30/2019 Designing Optimizing Securing Wireless Networks
90/257
www.jcacademy.com | Telindus 2012 | slide 89JOHN CORDIER ACADEMY
Conventional single tx and rx radio systems
Increase transmit power
Subject to power amplifier and regulatory limits
Increases interference to other devices
Reduces battery life
Use high gain directional antennas
Fixed direction(s) limit coverage to given sector(s)
Ways to increase data rate: The 802 11 n way
7/30/2019 Designing Optimizing Securing Wireless Networks
91/257
www.jcacademy.com | Telindus 2012 | slide 90JOHN CORDIER ACADEMY
Ways to increase data rate: The 802.11 n-way
Single Input Single Output
7/30/2019 Designing Optimizing Securing Wireless Networks
92/257
www.jcacademy.com | Telindus 2012 | slide 91JOHN CORDIER ACADEMY
Single Input Single Output
Single TransmitSingle Spatial StreamSingle Receive
Multiple Input Multiple Output
7/30/2019 Designing Optimizing Securing Wireless Networks
93/257
www.jcacademy.com | Telindus 2012 | slide 92JOHN CORDIER ACADEMY
Multiple Input Multiple Output
MULTIPATH =
MIMO Overview
7/30/2019 Designing Optimizing Securing Wireless Networks
94/257
www.jcacademy.com | Telindus 2012 | slide 93JOHN CORDIER ACADEMY
Maximal Ratio Combining
7/30/2019 Designing Optimizing Securing Wireless Networks
95/257
www.jcacademy.com | Telindus 2012 | slide 94
Maximal Ratio Combining
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
96/257
www.jcacademy.com | Telindus 2012 | slide 95
Transmit Beam Forming
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
97/257
MIMO increases physical data rates for all clients
7/30/2019 Designing Optimizing Securing Wireless Networks
98/257
www.jcacademy.com | Telindus 2012 | slide 97JOHN CORDIER ACADEMY
MIMO increases physical data rates for all clients
Today before MIMO
Tomorrow: MIMO on AP
Future: MIMO on AP & client
More Reliable, Predictable Connectivity for All
Clients
7/30/2019 Designing Optimizing Securing Wireless Networks
99/257
www.jcacademy.com | Telindus 2012 | slide 98JOHN CORDIER ACADEMY
Clients
Channel Bonding
7/30/2019 Designing Optimizing Securing Wireless Networks
100/257
www.jcacademy.com | Telindus 2012 | slide 99JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
101/257
Guard Interval
7/30/2019 Designing Optimizing Securing Wireless Networks
102/257
www.jcacademy.com| Telindus 2012 | slide 101JOHN CORDIER ACADEMY
Expected data rates
7/30/2019 Designing Optimizing Securing Wireless Networks
103/257
www.jcacademy.com| Telindus 2012 | slide 102JOHN CORDIER ACADEMY
Existing 802.11 WLAN Standards
7/30/2019 Designing Optimizing Securing Wireless Networks
104/257
www.jcacademy.com| Telindus 2012 | slide 103JOHN CORDIER ACADEMY
802.11b 802.11a 802.11g 802.11n
Standard Approved Sept. 1999 Sept. 1999June
20032009
Available Bandwidth 83.5 MHz 580 MHz 83.5 MHz83.5/580
MHz
Frequency Band of Operation 2.4 GHz 5 GHz 2.4 GHz 2.4/5 GHz
# Non-Overlapping Channels
(US)3 24 3 3/24
Data Rate per Channel 1 11 Mbps 6 54 Mbps 1 54 Mbps 1 600 Mbps
Modulation Type DSSS, CCK OFDMDSSS, CCK,
OFDM
DSSS, CCK,
OFDM,
MIMO
Designing, optimizing and Securing Wireless Networks
7/30/2019 Designing Optimizing Securing Wireless Networks
105/257
www.jcacademy.com| Telindus 2012 | slide 104
01. Designing
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
106/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Architecture
WLAN architectures overview
7/30/2019 Designing Optimizing Securing Wireless Networks
107/257
www.jcacademy.com| Telindus 2012 | slide 106JOHN CORDIER ACADEMY
Ad-hoc architecture
Bridged architecture
Infrastructure
architecture
Infrastructure evolution: wireless switches
Responsibilities (e g QoS encryption ) are moving from AP to
7/30/2019 Designing Optimizing Securing Wireless Networks
108/257
www.jcacademy.com| Telindus 2012 | slide 107JOHN CORDIER ACADEMY
Responsibilities (e.g. QoS, encryption, ) are moving from AP to
Wireless switch (e.g. Trapeze, Extreme, )
Appliance (Bluesocket, )
Another access point (WDS in Cisco)
Some call this thin APs
Different protocols possible:GRE, LWAPP, WLCCP
Independent (Fat) Access Points
7/30/2019 Designing Optimizing Securing Wireless Networks
109/257
www.jcacademy.com| Telindus 2012 | slide 108JOHN CORDIER ACADEMY
Independent (Fat) Access Points
Cisco Aironet
Dependent (Thin) Access Points + Controller
7/30/2019 Designing Optimizing Securing Wireless Networks
110/257
www.jcacademy.com| Telindus 2012 | slide 109JOHN CORDIER ACADEMY
Dependent (Thin) Access Points + Controller
Cisco Airespace
WI FI Array
7/30/2019 Designing Optimizing Securing Wireless Networks
111/257
www.jcacademy.com| Telindus 2012 | slide 110JOHN CORDIER ACADEMY
WI-FI Array
Mesh
7/30/2019 Designing Optimizing Securing Wireless Networks
112/257
www.jcacademy.com| Telindus 2012 | slide 111JOHN CORDIER ACADEMY
Mesh
Basic wireless network
7/30/2019 Designing Optimizing Securing Wireless Networks
113/257
www.jcacademy.com| Telindus 2012 | slide 112
Basic wireless network
BUT a wireless network is more complex
7/30/2019 Designing Optimizing Securing Wireless Networks
114/257
www.jcacademy.com| Telindus 2012 | slide 113
BUT, a wireless network is more complex
What happens with more then one wireless device?
Shared channel and CSMA/CA
How can you receive more capacity?
More then one channel possible:
Limitation of channels
Evolution of SISO to MIMO
How can you make a larger network?
Multiple access points with the same name = SSID.
How can you have different separated networks?
Different SSIDs:
Wireless VLANs.
JOHN CORDIER ACADEMY
802.11a/b/g Review
7/30/2019 Designing Optimizing Securing Wireless Networks
115/257
www.jcacademy.com| Telindus 2012 | slide 114JOHN CORDIER ACADEMY
802.11b
Ratified in 1999
Operates in 2.4GHz spectrum
Data Rates: 1, 2, 5.5, 11Mbps
Available Channels: 11 (3 used)
802.11a
Ratified in 2000
Operates in 5GHz spectrum
Data Rates: 6, 9, 12, 18, 24, 36, 48, 54Mbps
Available Channels: 24 (19 used in EU)
802.11g
Ratified in 2000
Operates in 2.4GHz spectrum
Data Rates: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54Mbps
Available Channels: 11 (3 used)
Backward compatible with 802.11b
Limitation of channels 2 4GHz
7/30/2019 Designing Optimizing Securing Wireless Networks
116/257
www.jcacademy.com| Telindus 2012 | slide 115
Limitation of channels 2,4GHz
20 MHz bandwidth.
Modulation needed.
Non overlapped channels (1 6 11).
JOHN CORDIER ACADEMY
802 11a/b/g: Cell Planning
7/30/2019 Designing Optimizing Securing Wireless Networks
117/257
www.jcacademy.com| Telindus 2012 | slide 116
802.11a/b/g: Cell Planning
802.11b/g Channels = 3
Distance to cell with same channel is less than a single cell
Sensitive to co-channel interference
(from other cells on the same channel)
-------------------------------------------------------------------------------------
802.11a Channels = 19
High Performance: 8 times the capacity
Far less interference from cells on same channel
More channels to avoid interference
JOHN CORDIER ACADEMY
How can you make a larger network?
7/30/2019 Designing Optimizing Securing Wireless Networks
118/257
www.jcacademy.com| Telindus 2012 | slide 117
Connecting different access points with different channels to one network.
Work with the same name (SSID).
SSID: data
How can you have different separated networks?
7/30/2019 Designing Optimizing Securing Wireless Networks
119/257
www.jcacademy.com| Telindus 2012 | slide 118
Network name = SSID
32 octets long
Case sensitive
Used to tell a wireless station what network to join
One network has one SSID, can be installed over different access points
An Access point can have more then one SSID
How can you have different separated networks?
7/30/2019 Designing Optimizing Securing Wireless Networks
120/257
www.jcacademy.com| Telindus 2012 | slide 119
Configure a SSID (network) per VLAN
Same VLANs wired as wireless
Access point maps VLANs to Service Set Identifiers (SSIDs)
Static SSID-to-VLAN
Dynamic RADIUS-based VLAN assignment (role-based VLANs)
SSID: data
SSID: voice
Wireless VLANs
Allows a Single WLAN 802.1q Trunk
7/30/2019 Designing Optimizing Securing Wireless Networks
121/257
www.jcacademy.com| Telindus 2012 | slide 120JOHN CORDIER ACADEMY
gto Handle Different
Devices and
Applications withDifferent Types ofSecurity
SSID: DataSecurity:PEAP + AES
AP Channel: 6
SSID Data = VLAN 1
SSID: Voice
Security:LEAP + WPA
SSID Voice = VLAN 2
SSID: Visitor
Security:Open
SSID Visitor = VLAN 3
802.11a/b/g Best Practices
7/30/2019 Designing Optimizing Securing Wireless Networks
122/257
www.jcacademy.com| Telindus 2012 | slide 121
802.11a/b/g Best Practices
Recommendations
Technologies
802.11b-only is end-of-life, avoid if at all possible
Buy 802.11a/b/g adapters at a minimum
Transition to the 5GHz spectrum (802.11a now, 802.11n next) to achieve:
Increased capacity
Significantly reduced interference
Simplified channel planning
Use multiple radios on different channels in a given cell to increase capacity
Limit the number of users per radio to about 12-15
Lower this limit if using voice to about 8-10
Why Power over Ethernet
Simplicity
7/30/2019 Designing Optimizing Securing Wireless Networks
123/257
www.jcacademy.com| Telindus 2012 | slide 122JOHN CORDIER ACADEMY |Wireless Lan Essentials
Simplicity
A single connection provides network and power to end devices
AC-Free Deployments
No AC power required to support end devices
Mobility
Low voltage, Ethernet Powered Devices can be easily moved
Safety
48V DC low voltage POE reduce user exposure to local AV power
circuits
Operational Resiliency
Centralized power solution allows for a centralized UPS deployment
Power over Ethernet (PoE) Delivery
Common Mode Resistor Discovery
7/30/2019 Designing Optimizing Securing Wireless Networks
124/257
www.jcacademy.com| Telindus 2012 | slide 123JOHN CORDIER ACADEMY |Wireless Lan Essentials
Common Mode Resistor Discovery
Optional Classification (4-, 7-, 15.4- Watts Before PWR on)
Up to 15.4 Watts
Power Off on Disconnect (DC/AC)
Power over Ethernet Plus (PoE+)
7/30/2019 Designing Optimizing Securing Wireless Networks
125/257
www.jcacademy.com| Telindus 2012 | slide 124JOHN CORDIER ACADEMY |Chapter title
IEEE 802.3at
Max power 30 60 Watt
On category 5 cables
Problem: what is the max of power trough a CAT 5 cable?
Equipments which ask more power:
Some diskless CPUs
Access points with more versions of 802.11
Camera's with engine
IP phones with colour video.
Designing, optimizing and Securing Wireless Networks
01 Designing
7/30/2019 Designing Optimizing Securing Wireless Networks
126/257
www.jcacademy.com| Telindus 2012 | slide 125
01. Designing
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
127/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Designing wireless networks
Site Survey
Site survey
7/30/2019 Designing Optimizing Securing Wireless Networks
128/257
www.jcacademy.com| Telindus 2012 | slide 127JOHN CORDIER ACADEMY |Wireless Lan Essentials
Site survey: channel selection
7/30/2019 Designing Optimizing Securing Wireless Networks
129/257
www.jcacademy.com| Telindus 2012 | slide 128JOHN CORDIER ACADEMY |Wireless Lan Essentials
AP1
Channel 1
AP 4
Channel 1
AP 6
Channel 11
AP 5
Channel 6AP 3
Channel 11
AP 2
Channel 6
Site survey: data rates
Overlap for voice should be 15-20%, for data only 10-15%
7/30/2019 Designing Optimizing Securing Wireless Networks
130/257
www.jcacademy.com| Telindus 2012 | slide 129JOHN CORDIER ACADEMY |Wireless Lan Essentials
Use by preference the AP and wireless client that you intend to deploy
Surveyed at 36 Mbps Surveyed at 54 Mbps
Airmagnet Surveyor Airmagnet Surveyor: SNR G
7/30/2019 Designing Optimizing Securing Wireless Networks
131/257
www.jcacademy.com| Telindus 2012 | slide 130JOHN CORDIER ACADEMY |Wireless Lan Essentials
Ekahau Heatmapper
7/30/2019 Designing Optimizing Securing Wireless Networks
132/257
www.jcacademy.com| Telindus 2012 | slide 131JOHN CORDIER ACADEMY
Site Survey prepares for 802.11n
7/30/2019 Designing Optimizing Securing Wireless Networks
133/257
www.jcacademy.com| Telindus 2012 | slide 132JOHN CORDIER ACADEMY
Overlap for data traffic
7/30/2019 Designing Optimizing Securing Wireless Networks
134/257
www.jcacademy.com| Telindus 2012 | slide 133JOHN CORDIER ACADEMY
Wireless Clients
LAN Backbone
Access Point Access Point
Wireless Clients
Overla
pping
10-1
5%
allows remote users to roam without losing RF connections
802.11n Deployment Expectations Data services
Overlap
7/30/2019 Designing Optimizing Securing Wireless Networks
135/257
www.jcacademy.com| Telindus 2012 | slide 134
10-15%
Range
10-15% increase in maximum range
versus an AP1130
Recommended 1:1 replacement
of an 802.11a/g deployment
Coverage
10-20% increase in 802.11a/g high data rate coverage
More uniform coverage versus an AP1130
Capacity
Maximum data rates of 144Mbps in 2.4GHz
Maximum data rates of 300Mbps in 5GHz
JOHN CORDIER ACADEMY
Impact on speed and range with 11n?
7/30/2019 Designing Optimizing Securing Wireless Networks
136/257
www.jcacademy.com| Telindus 2012 | slide 135
Test results between 2 cisco APs
Cisco 1240 a/g AP Cisco 1250 a/g/n AP
JOHN CORDIER ACADEMY
Example Speed vs. Range Comparison
Cisco 1240 and 1250 11A Active Survey
7/30/2019 Designing Optimizing Securing Wireless Networks
137/257
www.jcacademy.com| Telindus 2012 | slide 136
28 m 31 m
JOHN CORDIER ACADEMY
Example Speed vs. Range Comparison
1240 and 1250 11G Active Survey
7/30/2019 Designing Optimizing Securing Wireless Networks
138/257
www.jcacademy.com| Telindus 2012 | slide 137
1240 and 1250 11G Active Survey
34 m 45 m
JOHN CORDIER ACADEMY
802.11n Deployment Expectations Voice services
Voice
7/30/2019 Designing Optimizing Securing Wireless Networks
139/257
www.jcacademy.com| Telindus 2012 | slide 138
Plan for the same number of calls per AP as 11a/g (15-25 calls)
Voice over WiFi phones still top out at 54Mbps
No 11n WiFi phones on the market right now
Expect better voice reliability, especially in the upstream direction (Phone to AP)
Overlap 20-25%
Recommendations Forget about 11b
5 GHz
Disable speeds lower then 12 Mbps
JOHN CORDIER ACADEMY
RF Interference and Noise Floor
7/30/2019 Designing Optimizing Securing Wireless Networks
140/257
www.jcacademy.com| Telindus 2012 | slide 139
Designing, optimizing and Securing Wireless Networks
01. Designing
7/30/2019 Designing Optimizing Securing Wireless Networks
141/257
www.jcacademy.com| Telindus 2012 | slide 140
Introducing Wireless Networks and Topologies
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
142/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Optimizing wireless networks
Throughput
The Physical Components
L7 APPLICATION
7/30/2019 Designing Optimizing Securing Wireless Networks
143/257
www.jcacademy.com| Telindus 2012 | slide 142JOHN CORDIER ACADEMY
L1
L2 DATA LINK
PHYSICAL
Physical Medium Dependent (DPM)
The Physical Layer Convergence Procedure (PLCP)
Media Access Control sublayer (MAC)
Logical Link Control sublayer (LLC)
L3
L4
L5
L6 PRESENTATION
SESSION
TRANSPORT
NETWORK
This is WI-FI
Classes of frames
7/30/2019 Designing Optimizing Securing Wireless Networks
144/257
www.jcacademy.com| Telindus 2012 | slide 143JOHN CORDIER ACADEMY
Data frames
Carry higher level protocol data
Control frames
Administration of the access to the wireless medium
RTS/CTS, ACK,
Management frames
Beacon transmitted at regular intervals to allow wireless devices to find
networks + match parameters with the AP
Association and authentication frames
Probe Request / Probe Response
Frame Format: Frame Control
7/30/2019 Designing Optimizing Securing Wireless Networks
145/257
www.jcacademy.com| Telindus 2012 | slide 144JOHN CORDIER ACADEMY
Frame Format: Duration & Sequence Control
7/30/2019 Designing Optimizing Securing Wireless Networks
146/257
www.jcacademy.com| Telindus 2012 | slide 145JOHN CORDIER ACADEMY
Frame Format: Addressing: BSS
7/30/2019 Designing Optimizing Securing Wireless Networks
147/257
www.jcacademy.com| Telindus 2012 | slide 146JOHN CORDIER ACADEMY
At least 3 mac addresses are used:
Destination address
Source address
Address of the access point (BSSID)
Address 4 is optional and used in bridging
DA
BSSID
SA
How does your client connects to the AP?
7/30/2019 Designing Optimizing Securing Wireless Networks
148/257
www.jcacademy.com| Telindus 2012 | slide 148JOHN CORDIER ACADEMY
BEACON
Management Frame: Beacon
The access point periodically sends a beacon frame to announce its
7/30/2019 Designing Optimizing Securing Wireless Networks
149/257
www.jcacademy.com| Telindus 2012 | slide 149JOHN CORDIER ACADEMY
presence and relay information, such as timestamp, SSID, ...
Clients continually scan all channels and listen to beacons as the basis forchoosing which access point is best to associate with.
In infrastructure networks
Access points periodically send beacons.
In general, the beacon interval is set to 100ms, which provides goodperformance for most applications.
In ad hoc networks
There are no access points.
One of the peer stations assumes the responsibility for sending thebeacon.
Used in passive scanning
Management Frame: Beacon
7/30/2019 Designing Optimizing Securing Wireless Networks
150/257
www.jcacademy.com| Telindus 2012 | slide 150JOHN CORDIER ACADEMY
Used in passive scanning
Capability Info
How does your client connects to the AP?
7/30/2019 Designing Optimizing Securing Wireless Networks
151/257
www.jcacademy.com| Telindus 2012 | slide 152JOHN CORDIER ACADEMY
BEACON
PROBE REQUEST
PROBE RESPONSE
Management Frame: Probes
Probe request frame
7/30/2019 Designing Optimizing Securing Wireless Networks
152/257
www.jcacademy.com| Telindus 2012 | slide 153JOHN CORDIER ACADEMY
Used in active scanning
A station sends a probe request frame when it needs to obtain
information from another station. For example, a station would send aprobe request to determine which access points are within range.
Probe response frame
A station will respond with a probe response frame, containing
capability information, supported data rates, etc., when after it receivesa probe request frame.
Management Frame: Probes
Request
7/30/2019 Designing Optimizing Securing Wireless Networks
153/257
www.jcacademy.com| Telindus 2012 | slide 154JOHN CORDIER ACADEMY
Used in active scanning
Management Frame: Probes
Response
7/30/2019 Designing Optimizing Securing Wireless Networks
154/257
www.jcacademy.com| Telindus 2012 | slide 155JOHN CORDIER ACADEMY
Used in active scanning
How does your client connects to the AP?
7/30/2019 Designing Optimizing Securing Wireless Networks
155/257
www.jcacademy.com| Telindus 2012 | slide 158JOHN CORDIER ACADEMY
BEACON
PROBE REQUEST
PROBE RESPONSE
OPEN OR SHAREDAUTHENTICATION
ASSOCIATION REQUEST
ASSOCIATION RESPONSE
Management Frame: Association
To establish relationship with Access-Point
7/30/2019 Designing Optimizing Securing Wireless Networks
156/257
www.jcacademy.com| Telindus 2012 | slide 159JOHN CORDIER ACADEMY
To establish relationship with Access Point
Association request frame
This frame carries information about the station (e.g., supported data
rates) and the SSID of the network it wishes to associate with.
Association response frame
An access point sends an association response frame containing an
acceptance or rejection notice to the station requesting association.
Disassociation frame
A station sends a disassociation frame to another station if it wishes to
terminate the association.
Management Frame: Association
Stations scan frequency band and select Access-Point with best
i ti lit
7/30/2019 Designing Optimizing Securing Wireless Networks
157/257
www.jcacademy.com| Telindus 2012 | slide 162JOHN CORDIER ACADEMY
communications quality
Active Scan (sending a Probe request)
Passive Scan (assessing communications quality from beacon
message)
Access-Point maintains list of associate stations in MAC FW
Record station capability (data-rate)
To allow inter-BSS relay
Stations MAC address is also maintained in bridge learn table associated
with the port it is located on
Traffic flow - Inter-BSS
7/30/2019 Designing Optimizing Securing Wireless Networks
158/257
www.jcacademy.com| Telindus 2012 | slide 163JOHN CORDIER ACADEMY
Wireless PC-Card
Association table
Inter-BSS
Relay
Bridge learn
table
STA-1
BSS-A
Associate
STA-2
AssociatePacket for STA-2ACK Packet for STA-2
ACK
STA-1
STA-1
2
STA-2
STA-2 2
AP
Traffic flow - ESS operation
APBridge learn
7/30/2019 Designing Optimizing Securing Wireless Networks
159/257
www.jcacademy.com| Telindus 2012 | slide 164JOHN CORDIER ACADEMY
STA-1 STA-2BSS-A
BSS-B
Packet for STA-2
ACK
Packet for STA-2
ACK
AP
Wireless PC-Card
Association table
Bridge learntable
Wireless PC-Card
Association table
table
STA-1
STA-2 1
STA-1
STA-2
STA-1
2STA-2
2
1
7/30/2019 Designing Optimizing Securing Wireless Networks
160/257
Multiple access Distributed Coordination Function (DCF)
CSMA/CA
7/30/2019 Designing Optimizing Securing Wireless Networks
161/257
www.jcacademy.com| Telindus 2012 | slide 169JOHN CORDIER ACADEMY
Contention based access
Priority Coordination Function (PCF)
Contention free periods
Tricky and not used in commercial products
Carrier Sense Multiple Access with Collision Avoidance(CSMA/CA)
Medium is free DCF IFS(Inter Frame Space) (DIFS)
7/30/2019 Designing Optimizing Securing Wireless Networks
162/257
www.jcacademy.com| Telindus 2012 | slide 170JOHN CORDIER ACADEMY
Immediate access
Medium is busy
Transmission is deferred by DIFS + random time
Collision avoidance (but not elimination!)
BusyMedium
SIFS
PIFS
DIFS
BackoffWindow
Slot Time
Defer Access Select Slot and decrement backoffas long as medium stays idle
DIFS
Contention WindowImmediate access whenmedium is idle >= DIFS
Data
Back-Off Timer
7/30/2019 Designing Optimizing Securing Wireless Networks
163/257
www.jcacademy.com| Telindus 2012 | slide 171JOHN CORDIER ACADEMY
Back-Off Time is subsequently calculated (slots)
Starting with random number powers of 2 minus 1 (2x 1)
Ascending integer powers of 2 minus 1 if transmission fails
Source 1
Source 2
Source 3
DIFS
7 slots
DIFS
15 slots
DIFS
31 slots
Two way delivery: data-acknowledgement Two frames
Frame sent from source to destination
7/30/2019 Designing Optimizing Securing Wireless Networks
164/257
www.jcacademy.com| Telindus 2012 | slide 172JOHN CORDIER ACADEMY
Acknowledgement sent from destination back to source
The exchange of this pair of frames is atomic in the MAC protocol
Cannot be interrupted
If an acknowledgement is not received, the MAC will retransmit
Reduces latency compared to letting a higher layer protocol
DIFSData
SIFS ACK
BackoffWindow
Slot Time
Contention WindowDIFS
Source
Destination
Other
Broadcast and Multicast have no ACK!!!!!
7/30/2019 Designing Optimizing Securing Wireless Networks
165/257
Hidden node problem
Carrier sensing may not work due to hidden terminal
RTS/CTS reservation mechanism
7/30/2019 Designing Optimizing Securing Wireless Networks
166/257
www.jcacademy.com| Telindus 2012 | slide 174JOHN CORDIER ACADEMY
RTS/CTS reservation mechanism
If A starts sending, C might also start sending
Resulting in collision at B
A B C
RTS
RTS Range
CTS
CTS Range
Four way delivery: virtual carrier sensing
Duration field in all frames
Including RTS and CTS, monitored by every station
7/30/2019 Designing Optimizing Securing Wireless Networks
167/257
www.jcacademy.com| Telindus 2012 | slide 175JOHN CORDIER ACADEMY
g , y y
Duration field to construct a network access vector (NAV)
Inhibits transmission even if no carrier is detected
Source 1
Destination 1CTS
S
IFS
SIFS
Data
ACK
S
IFS
Source 2
Destination 2
Source 3
Destination 3ACK
Data
RTS
Station deffers, but keeps backoff 2 slots
DIFS
2 slots
Set NAV
Set NAV
SIFS
Set NAV
ACK
Set NAV
DIFS
7 slots
9 slotsDIFS
802.11g throughput Compatibility mode requires 11g OFDM packets
To be preceded by RTS/CTS or CTS packet exchange
7/30/2019 Designing Optimizing Securing Wireless Networks
168/257
www.jcacademy.com| Telindus 2012 | slide 176JOHN CORDIER ACADEMY
Additional overhead
Source 1 g
Destination 1CTS
SIFS
SIFS
DataOFDM
ACK
SIFS
Source 2 b
Destination 2
Source 3 b
Destination 3ACK
Data
RTS
Station deffers, but keeps backoff 2 slots
DIFS
2 slotsSet NAV
Set NAV
SIFS
Set NAV
ACK
Set NAV
DIFS
7 slots
9 slotsDIF
S
Extra delay because sent @ 11 Mbps
Message fragmentation
IEEE 802.11 defines:
Function to transmit large messages as smaller frames
7/30/2019 Designing Optimizing Securing Wireless Networks
169/257
www.jcacademy.com| Telindus 2012 | slide 177JOHN CORDIER ACADEMY
Function to transmit large messages as smaller frames
Improves performance in RF polluted environments
Can be switched off to avoid the overhead in RF clean environments
A hit in a large frame requires re-transmission of a large frame
Fragmenting reduces the frame size and the required time to re-
transmit
Hit
802.11n and data link layer
7/30/2019 Designing Optimizing Securing Wireless Networks
170/257
www.jcacademy.com| Telindus 2012 | slide 178JOHN CORDIER ACADEMY
The Physical Components
L7 APPLICATION
7/30/2019 Designing Optimizing Securing Wireless Networks
171/257
www.jcacademy.com| Telindus 2012 | slide 179JOHN CORDIER ACADEMY
L1
L2 DATA LINK
PHYSICAL
Physical Medium Dependent (DPM)
The Physical Layer Convergence Procedure (PLCP)
Media Access Control sublayer (MAC)
Logical Link Control sublayer (LLC)
L3
L4
L5
L6 PRESENTATION
SESSION
TRANSPORT
NETWORK
This is WI-FI
Designing, optimizing and Securing Wireless Networks
01. Designing
Introducing Wireless Networks and Topologies
7/30/2019 Designing Optimizing Securing Wireless Networks
172/257
www.jcacademy.com| Telindus 2012 | slide 180
g p g
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
173/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Optimizing wireless networks QoS: 802.11e
Voice FTP
ERP andMission-
QoS Requirements for Applications
7/30/2019 Designing Optimizing Securing Wireless Networks
174/257
www.jcacademy.com| Telindus 2012 | slide 182JOHN CORDIER ACADEMY
Voice FTPCritical
Bandwidth Low toModerate
Moderateto High
Varies
Loss Sensitivity Low HighModerateto High
Delay Sensitive High Low Low toModerate
Jitter Sensitive High Low Varies
Traffic should be grouped into classesthat have similar QoS requirements
802.11e and Wi-Fi
Modification of the MAC architecture to support QoS
Two new channel access functions
7/30/2019 Designing Optimizing Securing Wireless Networks
175/257
www.jcacademy.com| Telindus 2012 | slide 183JOHN CORDIER ACADEMY
Priority classes Enhanced Distributed Coordination Access (EDCA)
Polled access
HCF Coordinated Channel Access (HCCA)
Subsets defined by Wi-Fi: Wireless Multimedia (WMM)
WME (Wi-Fi Multimedia Extensions) ~ EDCA
Parametrised QoS
WSM, (Wi-Fi Scheduled MultiMedia) ~ HCCA
Guaranteed QoS
7/30/2019 Designing Optimizing Securing Wireless Networks
176/257
WMM Access Category timings
WMM will initially use WME
7/30/2019 Designing Optimizing Securing Wireless Networks
177/257
www.jcacademy.com| Telindus 2012 | slide 185JOHN CORDIER ACADEMY
WME vs. WSM
WME WSM
7/30/2019 Designing Optimizing Securing Wireless Networks
178/257
www.jcacademy.com| Telindus 2012 | slide 186JOHN CORDIER ACADEMY
Based on 802.11e draft Based on 802.11e draft, includes WME
Based on EDCA
(Enhanced Distributed Coordination Access)
Based on HCCA
(HCF Coordinated Channel Access)
EDCA provides priority classes of service HCCA reserves bandwidth based on traffic
specifications from client devices
Best suited for one way audio applications Best suited for two way streaming media (voice,
video)
Triggered APSD Optional Uses Scheduled APSD- suitable for power save
Existing QoS mechanisms: 802.1p, IP precedence, DSCP Layer 2: 802.1Q/p on LAN segments
Three bits CoS(802.1p User Priority)
802.1Q/pheaderPRI VLAN IDCFI
7/30/2019 Designing Optimizing Securing Wireless Networks
179/257
www.jcacademy.com| Telindus 2012 | slide 187JOHN CORDIER ACADEMY
Layer 3: IP end to end
TAG4 bytes Data FCSPTSADASFDPream. Type
ID Offset TTL Proto FCS IP SA IP DA DataLenVersionLength
ToSByte
IP prec (3 bits)
DSCP (6 bits)
Layer 2 Classification802.1p, CoS
7/30/2019 Designing Optimizing Securing Wireless Networks
180/257
www.jcacademy.com| Telindus 2012 | slide 188JOHN CORDIER ACADEMY
Layer 3 ClassificationIP Precedence, DSCP
7/30/2019 Designing Optimizing Securing Wireless Networks
181/257
www.jcacademy.com| Telindus 2012 | slide 189JOHN CORDIER ACADEMY
Redefinition RFC 1349 It is possible to map 802.1q directly into TOS Precedence
VersionL th
ToS1 B t
Len ID offset TTL Proto FCS IP-SA IP-DA Data
7/30/2019 Designing Optimizing Securing Wireless Networks
182/257
www.jcacademy.com| Telindus 2012 | slide 190JOHN CORDIER ACADEMY
Type of ServicePrecedence
RFC 1122MustBe
Zero
IP Type of Serv ice (TOS)
0 32 4 5 6 71
MBZ
RFC 1349
011 - Flash
010 - Immediate
001 - Priority
000 - Routine0-2Precedence111 - Network Control
110 - Internetwork Control
101 - CRITIC/ECP
100 - Flash Override
3-6 Type of Service Defined
0000 all normal
1000 minimize delay
0100 maximize troughput0010 maximize reliability
0001 minimize monetary cost
Length 1 ByteLen ID offset TTL Proto FCS IP SA IP DA Data
Classification: DSCP Values
DSCP CUDS field
7/30/2019 Designing Optimizing Securing Wireless Networks
183/257
www.jcacademy.com| Telindus 2012 | slide 191JOHN CORDIER ACADEMY
DROP
Precedence
Class#1 Class #2 Class #3 Class #4
Low DropPrecedence
AF11
(001010)
10
AF21
(010010)
18
AF31
(011010)
26
AF41
(100010)
34
MediumDrop Prec
AF12
(001100)
12
AF22
(010100)
20
AF32
(011100)
28
AF42
(100100)
36
High DropPrecedence
AF13
(001110)
14
AF23
(010110)
22
AF33
(011110)
30
AF43
(100110)
38
High Priority = EF = 101110 = 46 Best Effort = 000000 = 0
L2 QoS marking: wireless LANs Standard mappings by WMM (but may be customized)
Access category Description 802.1Q/p DSCP
7/30/2019 Designing Optimizing Securing Wireless Networks
184/257
www.jcacademy.com| Telindus 2012 | slide 192JOHN CORDIER ACADEMY
g y p p
tags
WME voice priority
(ACI 3)
Highest priority
Allows multiple concurrent VoIP calls with low latency and toll voice
quality
7,6 EF
WME video priority
(ACI 2)
Prioritize video traffic above other data traffic
One 802.11g/a channel can support 3-4 SDTV streams or 1 HDTV
stream
5,4 AF4x
WME best effort priority
(ACI 0)
Traffic from legacy devices or from applications that lack QoS
capabilities
Traffic less sensitive to latency but affected by long delays, such as
internet surfing
0,3 BE
WME background
(ACI 1)
Low priority traffic (file downloads, print jobs) that does not have strict
latency and throughput requirements
1,2 AF2x
802.11b throughput: impact of 802.11 MAC & PHY
Idle time (IFS)12
7/30/2019 Designing Optimizing Securing Wireless Networks
185/257
www.jcacademy.com| Telindus 2012 | slide 193JOHN CORDIER ACADEMY
PLCP preamble
PLCP header
MAC header + ACK
LLC/SNAP header
TCP/IP overhead
Net throughput
0
1
2
3
4
56
7
8
9
10
11
1 2 5.5 11
Mbit/s
Fraction in Mbit/s
802.11g throughput Mixed mode requires 11g adaptations for protection
CTS-only
RTS/CTS
7/30/2019 Designing Optimizing Securing Wireless Networks
186/257
www.jcacademy.com| Telindus 2012 | slide 194JOHN CORDIER ACADEMY
RTS/CTS
Slot time of 20 s (vs 9 s)
Maximum back-off time
Most APs support automatic performance tuning by adapative 802.11b
protection, typically 3 levels
No 11b clients sensed
11b clients sensed
11b clients active
11g stations get higher probability of air time in mixed environment
Throughput performance may vary over time
g-only mode (turning off protection)
11g performance deteriorates when 11b clients start to associate/send data
Network capacity
Theoretical maximum application-level throughput
7/30/2019 Designing Optimizing Securing Wireless Networks
187/257
www.jcacademy.com| Telindus 2012 | slide 195JOHN CORDIER ACADEMY
Theoretical maximum application level throughput
1500 byte packets, encryption enabled, zero packet errors
Modulation Maximum link
rate
Theoretical maximum TCP rate Theoretical maximum UDP rate
802.11b CCK 11 Mbps 5.9 Mbps 7.1 Mbps
802.11g
(with 802.11b)
OFDM/CCK 54 Mbps 14.4 Mbps 19.5 Mbps
802.11g
(11g-only mode)
OFDM 54 Mbps 24.4 Mbps 30.5 Mbps
802.11a OFDM 54 Mbps 24.4 Mbps 30.5 Mbps
Designing, optimizing and Securing Wireless Networks
01. Designing
Introducing Wireless Networks and Topologies
7/30/2019 Designing Optimizing Securing Wireless Networks
188/257
www.jcacademy.com| Telindus 2012 | slide 197
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
189/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Optimizing wireless networks Voice on Wireless
The new voice infrastructure
PBX VoIP
Signalling OtherSignalling
7/30/2019 Designing Optimizing Securing Wireless Networks
190/257
www.jcacademy.com| Telindus 2012 | slide 199JOHN CORDIER ACADEMY
Transport
Signalling Other
Transport
g g
Voice Protocols
AudioCodec
VideoCodec
RTCP RasH 225 0 H 245 Q 931MGCP SIP
Media Transport ProtocolsSignaling
7/30/2019 Designing Optimizing Securing Wireless Networks
191/257
www.jcacademy.com| Telindus 2012 | slide 200JOHN CORDIER ACADEMY
Application
Host to Host
Internet
Network access Ethernet / PPP / ATM / ?
RTP
UDP
IP
Codec Codec H.225.0
TCP
H.245 Q.931MGCP
MegacoH.248
SIP
Why IP, UDP & RTP Transport?
7/30/2019 Designing Optimizing Securing Wireless Networks
192/257
www.jcacademy.com| Telindus 2012 | slide 201JOHN CORDIER ACADEMY
Parameters affecting VoIP quality
Packet losses due to collisions, bad radio channel and buffer overflow
Packet loss rate 10 % mostly acceptable (depends on the codec)
7/30/2019 Designing Optimizing Securing Wireless Networks
193/257
www.jcacademy.com| Telindus 2012 | slide 202JOHN CORDIER ACADEMY
One-way delay according to ITU G.114
Lower than 150 ms is acceptable for most applications
Between 150 ms and 400 ms is potentially intolerable
Above 400 ms is unacceptable
Delay variations (jitter) must me compensated using buffers
static or adaptive
Wireless LAN specific
Handover causes delay
High compression codecs result in higher delay
Watch out for interference!
7/30/2019 Designing Optimizing Securing Wireless Networks
194/257
www.jcacademy.com| Telindus 2012 | slide 203JOHN CORDIER ACADEMY
+
Perception
Reality
I think my WLAN is
Lightly utilized
So, I should be able
To easily add voice
But interference is eating
Into my capacity So, theres no room inthe pipe for voice
L2 QoS marking: wireless LANs
Standard mappings by WMM (but may be customized)
Access category Description 802.1Q/p DSCP
7/30/2019 Designing Optimizing Securing Wireless Networks
195/257
www.jcacademy.com| Telindus 2012 | slide 204JOHN CORDIER ACADEMY
g y p Q p
tags
WME voice priority
(ACI 3)
Highest priority
Allows multiple concurrent VoIP calls with low latency and toll voice
quality
7,6 EF
WME video priority
(ACI 2)
Prioritize video traffic above other data traffic
One 802.11g/a channel can support 3-4 SDTV streams or 1 HDTV
stream
5,4 AF4x
WME best effort priority
(ACI 0)
Traffic from legacy devices or from applications that lack QoS
capabilities
Traffic less sensitive to latency but affected by long delays, such as
internet surfing
0,3 BE
WME background
(ACI 1)
Low priority traffic (file downloads, print jobs) that does not have strict
latency and throughput requirements
1,2 AF2x
Bandwidth provisioning: VoIP & RTP/UDP/IP overhead IP+UDP+RTP headers = 40 bytes
IP 20 bytes
UDP 8 bytes
7/30/2019 Designing Optimizing Securing Wireless Networks
196/257
www.jcacademy.com| Telindus 2012 | slide 205JOHN CORDIER ACADEMY
IP RTP UDP
40 160
IP RTP UDP
40 20
UDP 8 bytes
RTP 12 bytes
At 64 Kbps PCM
20 ms = 160 Bytes
overall rate = 80 Kbps
At 8 Kbps, encoding
20 ms = 20 Bytes
Overall rate = 24 Kbps
Bandwidth provisioning: VoIP combined with data Single VoIP connection seriously reduces throughput of data applications on same
802.11b AP
4.50E+06
7/30/2019 Designing Optimizing Securing Wireless Networks
197/257
www.jcacademy.com| Telindus 2012 | slide 206JOHN CORDIER ACADEMY
0.00E+00
5.00E+05
1.00E+06
1.50E+06
2.00E+06
2.50E+06
3.00E+06
3.50E+06
4.00E+06
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# VoIP connections
TCPthroughput
G.711, 20 ms packet size
G.729, 20 ms packet size
7/30/2019 Designing Optimizing Securing Wireless Networks
198/257
Bandwidth provisioning: data rate and VoIP call
density
Maximum VoIP call density1 Mb/s
7/30/2019 Designing Optimizing Securing Wireless Networks
199/257
www.jcacademy.com| Telindus 2012 | slide 208JOHN CORDIER ACADEMY
G.711 assumed
No data
4 Calls
2 Mb/s
7 Calls
5.5 Mb/s
10 Calls
11 Mb/s12 Calls
802.11n Deployment Expectations Voice services
Voice
Plan for the same number of calls per AP as 11a/g (15-25 calls)
7/30/2019 Designing Optimizing Securing Wireless Networks
200/257
www.jcacademy.com| Telindus 2012 | slide 209
Voice over WiFi phones still top out at 54Mbps
No 11n WiFi phones on the market right now
Expect better voice reliability, especially in the upstream direction (Phone to AP)
Overlap 20-25%
Recommendations
Forget about 11b
5 GHz
Disable speeds lower then 12 Mbps
JOHN CORDIER ACADEMY
Designing, optimizing and Securing Wireless Networks
01. Designing
Introducing Wireless Networks and Topologies
R di b i WI FI b i d I t f
7/30/2019 Designing Optimizing Securing Wireless Networks
201/257
www.jcacademy.com| Telindus 2012 | slide 210
Radio basics, WI-FI basics and Interference
802.11n
Architecture
Site Survey
02. Optimizing
Throughput
QoS: 802.11e
Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY
7/30/2019 Designing Optimizing Securing Wireless Networks
202/257
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012
Securing wireless networks Encryption and authentication standards
802.1x Framework
Thinking about security
Social engineering
Physical security
7/30/2019 Designing Optimizing Securing Wireless Networks
203/257
www.jcacademy.com| Telindus 2012 | slide 212JOHN CORDIER ACADEMY
Wireless is un-secure
Windows is un-secure
Using your neighbors network
Wired network is un-secure
Come and get me Wireless networks beg to be used (or abused)
War nibbling
Similar to war driving, but its against Bluetooth technology
R df @ t k / h/t l /i f th i
7/30/2019 Designing Optimizing Securing Wireless Networks
204/257
www.jcacademy.com| Telindus 2012 | slide 213JOHN CORDIER ACADEMY
Redfang: [email protected]/research/tools/info_gathering
War driving / War flying
Finding installed access points 802.11a, b or g
Eaves Dropping / Unauthorized access
Netstumbler: www.netstumbler.com
War chalking
Physical marking of a wireless accessible network
A roguish WLAN
Adding fake access points
Jamming
Taking a device off the air by overriding the signal by a stronger one
Why would people want to hack you?
Just for fun
It gives (nearly) anonymous access
7/30/2019 Designing Optimizing Securing Wireless Networks
205/257
www.jcacademy.com| Telindus 2012 | slide 214JOHN CORDIER ACADEMY
Attacker is difficult to trace
Way of preserving online privacy
Who
amI
?
Wireless Protection Measures: What do you wantto protect?
Protect Data?
Protect Access?
7/30/2019 Designing Optimizing Securing Wireless Networks
206/257
www.jcacademy.com| Telindus 2012 | slide 215JOHN CORDIER ACADEMY
Protect Users?
AirSnort
NetStumblerKismetWEPCrack
WLAN security hierarchy
WPA
7/30/2019 Designing Optimizing Securing Wireless Networks
207/257
www.jcacademy.com| Telindus 2012 | slide 216JOHN CORDIER ACADEMY
VirtualPrivate
Network(VPN)
No Encryption,MAC, SSID
Public Hotspots
Open Access 40-bit or 128-bitStatic WEP Encryption
Home Use
WPA2 - 802.11i
Business
RemoteAccess
Business
Traveler,Telecommuter
Standards
Encryption/Integrity
WEP RC4
TKIP RC4
7/30/2019 Designing Optimizing Securing Wireless Networks
208/257
www.jcacademy.com| Telindus 2012 | slide 217JOHN CORDIER ACADEMY
AES
Authentication
802.1X
Architectures
WEP
WEP
WPA
TKIP + 802.1x
WPA2 (802.11i)
AES + 802.1xIf
not
found
Multiple VLANs+ Multiple SSIDs WIRELESS
Wireless
Security
Wep Authentication
Open
7/30/2019 Designing Optimizing Securing Wireless Networks
209/257
www.jcacademy.com| Telindus 2012 | slide 218JOHN CORDIER ACADEMY
Open
Shared
WEP
WEP is a shared key only
It uses the symmetrical RC4 (Rons