© 2009 Pearson Education, Inc. Publishing as Prentice Hall Wireless LANs (WLANs)

© 2009 Pearson Education, Inc. Publishing as Prentice Hall

Wireless LANs (WLANs)

5-2

802.11 Wireless LANs (WLANs)

• Wireless LAN Technology

– 802.11 is the dominant WLAN technology today

– Standardized by the 802.11 Working Group

– Popularly known as Wi-Fi

5-3


Wireless hosts connectby radio to access pointsWireless hosts connect

by radio to access points

5-4

802.11 Wireless Access Points and NICs

5-5


WLANs usually supplement wired LANsinstead of replacing them.The access point connects wireless usersto the firm’s main wired LAN (Ethernet)

WLANs usually supplement wired LANsinstead of replacing them.The access point connects wireless usersto the firm’s main wired LAN (Ethernet)

This gives the mobile client access tothe servers on the wired LAN andthe firm’s router for Internet access

This gives the mobile client access tothe servers on the wired LAN andthe firm’s router for Internet access

1

5-6


Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps.Distances between station and access point: 30 to 100 meters.

Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps.Distances between station and access point: 30 to 100 meters.

5-7

Recap of Radio Propagation Concepts

• Frequency

– Radio waves are measured in terms of frequency

– Measured in hertz (Hz)—the number of complete cycles per second

• Most Common Frequency Range for WLANs:

– High megahertz to low gigahertz range

5-8

The Frequency Spectrum, Service Bands, and Channels

5-9

Channel Bandwidth and Speed

• Channel Bandwidth

– Channel bandwidth is the highest frequency in a channel minus the lowest frequency

– An 88.0 MHz to 88.2 MHz channel has a bandwidth of 0.2 MHz (200 kHz)

5-10

Channel Bandwidth Speed

• Broadband and Narrowband Channels

– Broadband means wide channel bandwidth and therefore high speed

– Narrowband means narrow channel bandwidth and therefore low speed

– Today, any speed, whether in channels or not, is called narrowband or broadband

• Narrowband is below 200 kbps

• Broadband is above 200 kbps

5-11

Licensed and Unlicensed Bands

• Licensed Radio Bands

– If two nearby radio hosts transmit in the same channel, their signals will interfere

– Most radio bands are licensed bands, in which hosts need a license to transmit

– The government limits licenses to avoid interference

– Television bands, AM radio bands, etc., are licensed

– In cellular telephone bands, which are licensed, only the central transceivers are licensed, not the mobile phones

5-12

Licensed and Unlicensed Bands

• Unlicensed Radio Bands

– Some service bands are set aside as unlicensed bands

– Hosts do not need to be licensed to be turned on or moved

– 802.11 operates in unlicensed radio bands

– This allows access points and hosts to be moved freely

5-13

802.11 in the 2.4 GHz and 5 GHz Unlicensed Bands

• The 2.4 GHz Unlicensed Band

– Defined the same in almost all countries (2.400 GHz to 2.485 GHz)

– This sameness reduces radio costs

– Propagation characteristics are good

– For 20 MHz 802.11 channels, only three nonoverlapping channels are possible

• Channels 1, 6, and 11

5-14

Mutual Interference in the 2.4 GHz Unlicensed Band

If two nearby access points operate on the same channel,the access points and their stations will interfere with each other

5-15


• The 5 GHz Unlicensed Band

– Radios in the 5 GHz band are expensive because frequencies in different countries are different and because higher-frequency technology is more expensive than lower-frequency technology

– Also, smaller market sales mean more expensive devices

– Shorter propagation distance than in the 2.4 GHz band because of greater absorptive attenuation at higher frequencies

– Deader shadow zones because of higher frequencies

5-16


• The 5 GHz Unlicensed Band

– More bandwidth than in the 2.4 GHz band, so between 11 and 24 non-overlapping channels

– Allows many nearby access points to operate on non-overlapping channels

– Or, some access points can operate on two channels

• They serve some clients with one channel, some with the other

• This allows them to serve more clients with good throughput

5-17

Spread Spectrum Transmission Methods

Early spread spectrum products used one of two slow methods.

In frequency hopping spread spectrum, the signal was kept narrow,but it hopped around in frequency every two or three frames.

In direct sequence spread spectrum, the signal is spread overThe entire spread spectrum band.

Both have technical limits and all newer 802.11 standardsuse a different type of spread spectrum transmission.

5-18

Spread Spectrum Transmission Methods

Newer 802.11 standards use OFDM:Orthogonal Frequency Division Multiplexing.

OFDM divides the entire channel into smaller subcarriers (subchannels).It sends part of the signal in each subcarrier.

Information is sent redundantly among the subcarriers,so the whole message will get through even if some subcarriers are bad

Using smaller channels gives more precise signal spreadingthan spreading the signal over the entire channel.

This in turn allows much faster transmission speeds.

5-19

Typical 802.11 Wireless LAN Operation with Wireless Access Points

802.11 and 802.3 have different frames

1. The access point receives an 802.11frame carrying the packet2. The access point removes the packet,places the packet into an 802.3 frameand passes the frame on to the Ethernet switch3. The Ethernet switch sends the 802.3 frame to the server.

5-20

Hosts and Access Points Transmit in a Single Channel

The access point and all the hosts it servestransmit in a single channel

If two devices transmit at the same time,their signals will collide, becoming unreadable

Media access control (MAC) methodsgovern when a device may transmit;It only lets one device transmit at a time

5-21

CSMA/CA+ACK in 802.11 Wireless LANs

• CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance)

– Sender listens for traffic

• 1. If there is traffic, the sender waits

• 2. If there is no traffic:

– 2a. If there has been no traffic for less than a present amount of time, waits a random amount of time, then returns to Step 1.

– 2b, If there has been no traffic for more than a preset amount of time, sends without waiting

– This avoids collision that would result if hosts could transmit as soon as one host finishes transmitting

Box

5-22

CSMA/CA+ACK in 802.11 Wireless LANs

• ACK (Acknowledgement)

– Receiver immediately sends back an acknowledgement

• If sender does not receive the acknowledgement, retransmits using CSMA

– CSMA/CA plus ACK is a reliable protocol

• CSMA/CA+ACK must be reliable because radio transmission is unreliable

Box

5-23

Request to Send/Clear to Send

5-24

Specific 802.11 Wireless LAN Standards

Characteristic 802.11

802.11a 802.11b 802.11g 802.11n 802.11ac

Spread Spectrum Method, etc.

FHSS OFDM DSSS OFDM OFDM + MIMO

OFDM + MIMO

Unlicensed Band

2.4 GHz

5 GHz

2.4 GHz

2.4 GHz 2.4 GHz and 5 GHz

5 GHz only

Remarks Dead and

gone

Little market accep-tance

Bloomed briefly

Now obsolete

Today’s dominant 802.11

standard

Growing rapidly

5-25


Characteristic 802.11

802.11a 802.11b 802.11g 802.11n 802.11ac

Rated Speed 2 Mbps

54 Mbps

11 Mbps

54 Mbps

100 to600

Mbps

433 Mbps to

6.93 GbpsActual Throughput, 3 m

1 Mbps

25 Mbps

6 Mbps 25 Mbps

70-80 Mbps

Closer to rated speed than

earlier standards

Actual Throughput, 30 m

? 12 Mbps

6 Mbps 20 Mbps

50 Mbps

70-100 Mbps

5-26


• 802.11g

– Obsolete today

– 54 Mbps rated speed with much slower throughput

– Generally sufficient for Web browsing

– Inexpensive

– All access points support it

5-27


• 802.11n

– Uses MIMO to give higher throughputs and longer transmission distances

– Also uses 40 MHz channels instead of normal 20 MHz 802.11 channels to further increase throughput

– 100 Mbps throughputs are common

– Today, the dominant 802.11 standard

– 802.11ac growing, the wave of the future.

5-28

Mesh Wireless Network

In mesh wireless networks, the access points do all routingThere is no need for a wired network

The 802.11s standard for mesh networking is under development

In mesh wireless networks, the access points do all routingThere is no need for a wired network

The 802.11s standard for mesh networking is under development

5-29

Smart Antenna

5-31

WLAN Security Threats

• Drive-By Hackers

– Sit outside the corporate premises and read network traffic

– Can send malicious traffic into the network

– Easily done with readily available downloadable software

• War Drivers

– Merely discover unprotected access points—become drive-by hackers only if they break in

5-32

802.11 Core Security Standards

• Provide Security between the Wireless Station and the Wireless Access Point

– Client (and perhaps access point) authentication

– Passes key to client

– Subsequent encryption of messages for confidentiality

Authentication

ProtectedCommunication

5-33


• Protection Does Not Extend Beyond Access Point

– Only protects the wireless client—access point connection

ProtectedCommunication

No Protection

5-34


• Wired Equivalent Privacy (WEP)

– Initial rudimentary core security provided with 802.11 in 1997

– Everyone shared the same secret encryption key, and this key could not be changed automatically

– Because secret key was shared, it does not seem to be secret

• Users often give out freely

– Key initially could be cracked in 1–2 hours; now can be cracked in 3–10 minutes using readily available software

5-35


• Wireless Protected Access (WPA)

– The Wi-Fi Alliance

• Normally certifies interoperability of 802.11 equipment

– Certified products get to use the Wi-Fi logo

• Created WPA as a stop-gap core security standard in 2002 until 802.11i was finished

5-36


• 802.11i (WPA2)

– Uses AES-CCMP with 128-bit keys for confidentiality and key management

– Gold standard in 802.11 core security

– But companies have large installed bases of WPA-configured equipment

– Now that WPA has been partially cracked,companies should upgrade to 802.11i

802.11 Security in 802.1X and PSK Modes

• 802.1X Mode – Uses a central authentication server for consistency– Wi-Fi Alliance calls this enterprise mode– Both WPA and 802.11i use 802.1X mode

5-37

802.11 Security in 802.1X and PSK Modes

• 802.1X Mode

– However, with wireless transmission, protection is needed between the wireless supplicant and the access point because radio transmissions are easy to tap

5-38

5-39

WLAN Security Threats

• Rogue Access Points

– Unauthorized access points that are set up by a department or an individual

– They often fail to implement core security

– This gives drive-by hackers free access to the internal network, bypassing both the border firewall and access point security

– Often operate at high power, attracting many hosts to their low-security service

5-40

Evil Twin Access Point

An attacker makes his or her computer act as an access point.It operates at very high power.

Victim wireless clients within the victim buildingassociate with the evil twin access point

instead of with a legitimate access point within the building.

An attacker makes his or her computer act as an access point.It operates at very high power.

Victim wireless clients within the victim buildingassociate with the evil twin access point

instead of with a legitimate access point within the building.

5-41

Evil Twin Access Point

1. The victim sends its authentication credentials to the evil twin.

2. The evil twin passes the credentials on to the legitimate access point.

3. The legitimate access point sends back a secret key.

4. The evil twin remembers the key, then sends it to the client.

5-42

Added Wireless Protection: VPNs and VLANs

• Virtual Private Networks (VPNs)

– VPN protection defeats evil twins because the two devices preshared a key that is never transmitted

EAP ProtectedCommunication VPN Protection

PresharedVPNKey

PresharedVPNKey

FrustratedEvil Twin

5-43

Added Wireless Protection: VPNs and VLANs

• Virtual LANs (VLANs)

– With VLANs, clients can only talk to some servers

– Wireless clients who first come can be assigned to a VLAN in which they can only connect to a single server-an authentication server

– When the client authenticates itself to the authentication server, they are taken off the restrictive VLAN

Pre-Authentication

VLAN

Rest ofthe network

AuthenticationServer

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Wireless LANs (WLANs)

Documents

Transcript of © 2009 Pearson Education, Inc. Publishing as Prentice Hall Wireless LANs (WLANs)