Wireless Infrastructures

Wireless

Wireless InfrastructuresWireless LAN

Predominantly 802.11IEEE 802.11 A, B, G, N

Wireless MANWiMax

802.16 and its derivatives 802.16-2001 Fixed Broadband Wireless

Access (10–63 GHz)Current : P802.16m Advanced Air Interface

with data rates of 100 Mbit/s mobile & 1 Gbit/s fixed

Bluetooth 802.15 assortments

802.15.1 WPAN (Wireless Personal Area Networks) IEEE 802.15.2-2003

coexistence of wireless personal area networks (WPAN) with other wireless devices operating in unlicensed frequency bands such as wireless local area networks (WLAN).

802.15.2, 802.15.3-2003 is a MAC and PHY standard for high-rate (11 to

55 Mbit/s) WPANs802.14.4 (Low Rate WPAN) ZigBee802.15.5

Mesh networking of WPAN 802.16.6 (medical purposes)

Body Area Network Technologies. The goal is a low-power and low-frequency short-range wireless standard

Similarities Between WLAN and LAN

A wireless LAN is an IEEE 802 LAN.Transmits data using RF carriers vs. data over

the wire Looks like a wired network to the user Defines physical and data link layerUses MAC addresses

The same protocols/applications run over both WLANs and LANs. IP (network layer)IPSec VPNs (IP-based)Web, FTP, SNMP (applications)

Current Standards – 802.11a,b,g, n

802.11a Up to 54 Mbps 5 GHz Not compatible with either 802.11b or 802.11g

802.11b Up to 11 Mbps 2.4 GHz

802.11g Up to 54 Mbps 2.4 GHz

802.11n, the newest protocol, utilizes both 2.4-GHz and 5-GHz bands. Datarate varying from 15 -150 Mbps)[

860 Kbps

900 MHz

1 and 2 Mbps

2.4 GHz

Proprietary

802.11 Ratified

802.11a,b Ratified1986 1988 1990 1992 1994 1996 1998 2000 2003

1 and 2 Mbps

2.4 GHz

11 Mbps 54 Mbps

Standards-based 5

GHzRadio

Network

Speed

IEEE 802.11Begins Drafting

802.11g is backwards compatible with 802.11b

802.11n is backward compatible with existing 802.11a/b/g

802.11g Ratified

Radio Frequency Issues As signal strength decreases, so will the

transmission rate. An 802.11b client’s speed may drop from 11 Mbps

to 5.5 Mbps, to 2 Mbps, or even 1 Mbps. This can all be associated with a combination of

factors including:

1. Distance2. Line of Sight3. Obstructions4. Reflection 5. Multpath Reflection6. Refraction (partially blocked by obstruction)7. Diffraction (bending of signal) 8. Noise and Interference

Wireless Access Points•An access point (AP) is a WLAN device that can act as the center point of a stand-alone wireless network.

•An AP can also be used as the connection point between wireless and wired networks.

•In large installations, the roaming functionality provided by multiple APs allows wireless users to move freely throughout the facility, while maintaining seamless, uninterrupted access to the network.

Wireless Bridges • The bridges connect hard-to-wire sites, noncontiguous floors, satellite offices, school or corporate campus settings, temporary networks, and warehouses.

•Example: The Cisco Aironet 1300 Series Wireless Bridge is designed to connect two or more networks that are typically located in different buildings.

•They can be configured for point-to-point or point-to-multipoint applications.

Service Set Identifier (SSID)SSID is used to logically

separate WLANs.The SSID must match on

client and access point.Access point can

broadcast SSID in beacon.Client can be configured

without SSID.

Basic Topologies

Peer-to-Peer (Ad Hoc) Topology (IBSS)

Basic Infrastructure Topology (BSS)

Extended Infrastructure Topology (ESS)

WiFi (802.11) Media Access Control

•As all the devices in the network share the same frequency, to a common Access Point (AP)

• They cannot all transmit at the same time as their signals will interfere.

•Therefore, WiFi networks operate in half-duplex, using an access method similar called CSMA/CA.

Access Point

Using Wireless Routers

Local area networks (LAN)

Adding an AP is also a way to add wireless devices and extend the range of an existing wired system.

If a single cell does not provide enough coverage, any number of cells can be added to extend the range.

It is recommended that adjacent BSS cells have a 10 to 15 percent overlap.

802.11b/g Channels

802.11a Channels

A wireless repeater is simply an access point that is not connected to the wired backbone.

This setup requires a 50% overlap of the AP on the backbone and the wireless repeater. (So they can reach each other).

The user can set up a chain of several repeater access points, however, the throughput for client devices at the end of the repeater chain will be quite low, as each repeater must receive and re-transmit each frame.

Not covered by 802.11 standards

50% overlap

Wireless repeater

Wireless VLAN Deployment

Combined deployment of infrastructure and non-infrastructure devices

Cisco WLAN Implementation

Distributed WLAN solutionAutonomous APWireless LAN Solution Engine

(WLSE)

Centralized WLAN solutionLightweight APWireless LAN Controller (WLC)

Cisco offers 2 “flavors” of wireless solutions:

Comparison of the WLAN Solutions

Autonomous WLAN:Autonomous access pointConfiguration of each

access pointIndependent operationManagement via

CiscoWorks WLSE and WDS

Access point redundancy

Lightweight WLAN:Lightweight access pointConfiguration via Cisco

Wireless LAN Controller Dependent on Cisco

Wireless LAN Controller Management via Cisco

Wireless LAN Controller Cisco Wireless LAN

Controller redundancy

Why Lightweight APs?A WLAN controller system is used to create and

enforce policies across many different lightweight access points.

With centralized intelligence, functions essential to WLAN operations such as security, mobility, and quality of service (QoS), can be efficiently managed across an entire wireless enterprise. • Splitting functions between the access point and the controller, simplifies management, improves performance, and increases security of large WLANs.

Cisco Centralized WLAN Model

•The control traffic between the access point and the controller is encapsulated by Lightweight Access Point Protocol (LWAPP). And encrypted via the Advanced Encryption Standard (AES).

•The data traffic between the access point and controller is also encapsulated with LWAPP, but not encrypted.

Layer-2 LWAPP Architecture

Access Points don’t require IP addressingControllers need to be on EVERY subnet on which APs resideL2 LWAPP was the first step in the evolution of the architecture;

many current products do not support this functionality

Access Points require IP addressingAPs can communicate w/ WLC across routed boundariesL3 LWAPP is more flexible than L2 LWAPP and all

products support this LWAPP operational ‘flavor’

Layer-3 LWAPP Architecture

Wireless Mesh Networking•Each access point runs the Cisco Adaptive Wireless Path protocol (AWP).

•AWP allows access points to communicate with each other to determine the best path back to the wired network.

•After the optimal path is established, AWP continues to run in the background to establish alternative routes back to the roof-top access point (RAP) if the topology changes or conditions cause the link strength to diminish.

Wireless LAN Security Threats

Wireless Security Protocols

•Today, the standard that should be followed in most enterprise networks is the 802.11i standard. This is similar to the Wi-Fi Alliance WPA2 standard.

•For enterprises, WPA2 includes a connection to a Remote Authentication Dial In User Service (RADIUS) database.

Identification and protection against attacks, DoS

AES strong encryption

Authentication

Dynamic key management

Evolution of Wireless LAN Security

No strong authentication

Static, breakable keys

Not scalable

Initial (1997)

Encryption (WEP)

Interim (2001)

802.1x EAP

Dynamic keys

Improved encryption

User authentication

802.1x EAP (LEAP, PEAP)

RADIUS

Interim (2003)

Wi-Fi Protected

Access (WPA)

Standardized

Improved encryption

Strong, user authentication (e.g., LEAP, PEAP, EAP-FAST)

Present

Wireless IDS

IEEE 802.11i

WPA2 (2004)

WPA and WPA2 Authentication

WPA and WPA2 Encryption

Wi-Fi Protected AccessWhat are WPA and WPA2?

Authentication and encryption standards for Wi-Fi clients and APs

802.1x authenticationWPA uses TKIP encryptionWPA2 uses AES block cipher

encryptionWhich should I use?

Gold, for supporting NIC/OSsSilver, if you have legacy

clients Lead, if you absolutely have

no other choice.

Gold

WPA2/802.11i• EAP-Fast• AES

Silver

WPA• EAP-Fast• TKIP

Lead

Dynamic WEP • EAP-Fast/LEAP• VLANs + ACLs

WLAN Security Summary

Open AccessNo Encryption,

Basic Authentication

Public “Hotspots”

Basic Security40-bit or 128-bit

Static WEP Encryption, WPA

Home Use

Enhanced Security

802.1x, TKIP Encryption,

Mutual Authentication,

Scalable Key Mgmt., Etc.

Enterprise

Remote Access

VirtualPrivateNetwork (VPN)

Business Traveler, Telecommuter