Wide-Area Networks.ppt

Chapter 1: Course IntroductionICND v2.3—5-*
Introducing Wide-Area Networks
ICND v2.3—5-*
Purpose: This slide states the chapter objectives.
Emphasize: Read or state each objective so that each student has a clear understanding of the chapter objectives.
Note: Catalyst switches have different CLIs. The Catalyst 2900xl and the Catalyst 1900 has a Cisco IOS CLI. The Cisco IOS CLI commands available on the 2900xl is different from the 1900. The Catalyst 5000 family has no Cisco IOS CLI, and use the set commands instead. This class only covers the configuration on the Catalyst 1900 switch.
© 2006 Cisco Systems, Inc. All rights reserved.
ICND v2.3—5-*
Purpose: This figure introduces students to WAN connections.
Emphasize: Highlight the interconnected WAN connections between the various company sites. The site graphically present a mobile dial-up user, a telecommuter using a DDR connection, and two office sites with multiple connections.
This course teaches students how to configure a WAN. Tell students that a WAN is a data communications network that serves users across a broad geographic area.
Transition: Following are the various physical connections that will connect these sites.
ICND v2.3—5-*
WAN Overview
A WAN is a data communications network that operates beyond the geographical scope of a LAN.
WANs use facilities provided by a service provider, or carrier, such as a telephone or cable company. They connect the locations of an organization to each other, to locations of other organizations, to external services, and to remote users. WANs generally carry a variety of traffic types, such as voice, data, and video.
WAN connections are made up of many types of equipment and components.
data communications equipment (DCE) terminates a connection between two sites and provides clocking and synchronization for that connection; it connects to data termination equipment (DTE).
A DTE is an end-user device, such as a router or PC, which connects to the WAN via the DCE.
ICND v2.3—5-*
Customer premises equipment (CPE)
Your network's equipment, which includes the DCE (modem, NT1, CSU/ DSU) and your DTE (router, access server)
Demarcation point
Where the responsibility of the carrier is passed on to you; this could be inside or outside your local facility; note that this is a logical boundary, not necessarily a physical boundary
Local loop
The connection from the carrier's switching equipment to the demarcation point
Central office (CO) switch
Toll network
The carrier's internal infrastructure for transporting your data
ICND v2.3—5-*
Customer premises equipment (CPE)
Customer premises equipment (CPE) is equipment that's owned by the subscriber and located on the subscriber’s premises.
Demarcation point
The demarcation point is the precise spot where the service provider’s responsibility ends and the CPE begins. It’s generally a device in a telecommunications closet owned and installed by the telecommunications company (telco). It’s your responsibility to cable (extended demarc) from this box to the CPE, which is usually a connection to a CSU/DSU or ISDN interface.
Local loop
The local loop connects the demarc to the closest switching office, which is called a central office.
ICND v2.3—5-*
Central office (CO)
This point connects the customer’s network to the provider’s switching network.
Toll network
The toll network is a trunk line inside a WAN provider’s network. This network is a collection of switches and facilities owned by the ISP. Definitely familiarize yourself with these terms because they’re crucial to understanding WAN technologies.
ICND v2.3—5-*
Leased line
Circuit switched
Packet switched
Encapsulation methods
ICND v2.3—5-*
WAN Terms
Leased-Line Connections
In lease line, you get your very own piece of wire from your location
to the service provider's network. This is good because no other
customer can affect your line, as can be the case with other WAN services.
You have a lot of control over this circuit to do things such as
Quality of Service and other traffic management.
The downside is that a leased line is expensive and gets a
lot more expensive if you need to connect offices that are far apart.
These are usually referred to as a point-to-point or dedicated connection.
A leased line is a pre-established WAN communications path that goes
from the CPE through the DCE switch, then over to the CPE of the remote site.
The distance between the two sites is small,
making them cost-effective.
traffic between two sites and need to
guarantee bandwidth for certain applications
ICND v2.3—5-*
WAN Terms
Circuit-Switched Connections
A circuit-switched WAN uses the phone company as the service provider, either with analog dial-up or digital ISDN connections. With circuit-switching, if you need to connect to the remote LAN, a call is dialed and a circuit is established; the data is sent across the circuit, and the circuit is taken down when it is no longer needed. Circuit-switched connections include the following types:
Asynchronous serial connections
These include analog modem dialup connections and the standard telephone system, which is commonly referred to as Plain Old Telephone Service (POTS) by the telephone carriers.
Synchronous serial connections
These include digital ISDN BRI and PRI dialup connections; they provide guaranteed bandwidth.
ICND v2.3—5-*
WAN Terms
Packet-Switched Connections
Packet-switched WAN services allow you to connect to the provider's network in much the same way as a PC connects to a hub: When connected, your traffic is affected by other customers' and theirs by you. This can be an issue sometimes,
but it can be managed. The advantage of this shared-bandwidth technology is that with a single physical connection from your router's serial port, you can establish virtual connections to many other locations around the world.
Packet-switched connections use logical circuits to make connections between two sites. These logical circuits are referred to as virtual circuits (VCs).
So if you have a lot of branch offices and they are far away from the head office, a packet-switched solution is a good idea.
ICND v2.3—5-*
X.25
The oldest of these four technologies is X.25, which is an ITU-T standard. X.25 is a network layer protocol that runs across both synchronous and asynchronous physical circuits, providing a lot of flexibility for your connection options.
X.25 was actually developed to run across unreliable medium. It provides error detection and correction, as well as flow control, at both the data link layer (by LAPB) and the network layer (by X.25). In this sense, it performs a function similar to what TCP, at the transport layer, provides for IP.
Because of its overhead, X.25 is best delegated to asynchronous, unreliable connections. If you have a synchronous digital connection, another protocol, such as Frame Relay or ATM, is much more efficient.
ICND v2.3—5-*
WAN Terms
Frame Relay
Frame Relay is a digital packet-switched service that can run only across synchronous digital connections at the data link layer.
Because it uses digital connections (which have very few errors), it does not perform any error correction or flow control as X.25 does.
Frame Relay will, however, detect errors and drops bad frames. It is up to a higher layer protocol, such as TCP, to resend the dropped information.
ICND v2.3—5-*
Purpose: This figure introduces students to various physical WAN connections.
Emphasize: Leased lines have point-to-point connections that are indefinitely reserved for transmissions, rather than switched as transmission is required. Typically, a leased connection is made using serial lines.
Circuit-switched connections are dedicated physical circuit paths established only during the duration of a call. Physical circuit-switched examples are asynchronous serial and ISDN.
Packet-switched networks use packet switching technology for data transfer.
Evolving physical connections not discussed in this course follow:
Digital subscriber line (DSL)—DSL is an emerging technology that delivers high bandwidth over conversational copper lines. There are four varieties of DSL: asymmetric digital subscriber line (ADSL), high-data-rate digital subscriber line (HDSL), single-line digital subscriber line (SDSL), and very-high-data-rate digital subscriber line (VDSL). Because most DSL technologies do not use the whole bandwidth of the twisted pair, there is room left for a voice channel.
Cable—Cable is an emerging technology for data transport that uses a coaxial cable medium to transport the data. It is a good choice in emerging markets such as China where copper pairs for telephones are not standardized.
ICND v2.3—5-*
WAN Service Providers
Purpose: This figure identifies the terms of various devices used to complete the WAN connection.
Note: CPE includes both the devices owned by the subscriber and devices leased to the subscriber by the service provider.
The demarc often occurs at a telecommunication closet (a room containing a punch-down block of provider wiring).
Usually the local loop extends for a relatively short distance to the nearest telephone company premises.
The central office acts as:
An entry point to the WAN cloud for calling.
An exit point from the WAN for called devices.
A switching point for calls that traverse the facility.
Inside the long-distance toll network are several types of central offices. For example, a calling subscriber’s connection on a local loop can enter an end central office switch and access an interoffice trunk to a toll central office. In most U.S. locations, AT&T, Sprint, and MCI offer toll offices to handle their subscribers’ calls.
Within the provider’s cloud, the caller’s traffic may cross a trunk to a primary center, then go to a sectional center, and then to a regional or international carrier center as the call goes the long distance to its destination.
A called subscriber can receive a call that has traversed the trunks and switches of a similar hierarchy of central offices. The called subscriber receives the call over the local loop from the called subscriber’s end central office.
Often, for point-to-point circuits spanning regional or national boundaries, several providers handle a connection in the toll network.
ICND v2.3—5-*
Serial Point-to-Point Connections
Purpose: This section describes the various serial standards that support leased-line connections.
Emphasize: The same 60-pin end that attaches to a Cisco device supports all the standards illustrated.
Note: Data switching equipment (DSE) is an additional term sometimes used to describe the switch components that appear inside the cloud. The DSE adds and removes channels assigned inside the WAN. The DSE connects traffic from various sources to their final destinations through other switches.
Transition: The next layer in the stack is Layer 2, the data link layer.
ICND v2.3—5-*
Typical WAN Encapsulation Protocols: Layer 2
Purpose: This figure introduces students to various encapsulation options to use over the various physical connections.
Emphasize: In order to exchange traffic over a WAN link, the packets must be encapsulated into a Layer 2 frame. There are a variety of Layer 2 encapsulation types available that can be used, depending on the WAN connection being used. Some of the types are listed the figure.
Encapsulation must be configured on the router when configuring the interface. Some of these encapsulation types will be seen again in the following chapters.
In an ISDN environment, the Point-to-Point Protocol (PPP) is the B channel’s Layer 2 encapsulation. Link Access Procedure on the D channel (LAPD) is the encapsulation for the D channel.
Either the proprietary Cisco or Internet Engineering Task Force (IETF) (defined in RFC 1490) encapsulations are the Layer 2 encapsulations for Frame Relay.
Note: Other encapsulations not shown include AppleTalk Remote Access Protocol (ARAP), Compressed Serial Link Internet Protocol (CSLIP), or Synchronous Data Link Control (SDLC).
Transition: We will first look at the HDLC encapsulation.
ICND v2.3—5-*
Wireless Data Technologies
*
There are many different types of wireless data communications. Each of these has its advantages and drawbacks.
Infrared (IR): Very high data rates, lower cost, very short distance.
Narrowband: Low data rates, medium cost, license required, limited distance.
Spread Spectrum: Limited to campus coverage, medium cost, high data rates.
Personal communication service (PCS): Low data rates, medium cost, citywide coverage.
2.5 GHz service, T-Mobile: Global System for Mobile Communication (GSM), medium cost, and worldwide coverage.
Cellular, Cellular digital packet data (CDPD), Mobitex, DataTac: Low data rates, flat monthly rate, and national coverage.
ICND v2.3—5-*
Speed
Enterprise networks
*
In today’s wireless world, there are many different types of networks offered. Each of these different networks are designed to give different coverage areas. Starting with the smallest coverage area, they are as follows:
Personal Area Network (PAN) – Typically designed to cover your personal work space. Radios are typically very low powered and do not deliver options in antenna selection thus limiting the size of coverage area (typically less than 20 feet of radius). One such PAN network is Bluetooth. Good applications of this technology is communications between PC and peripheral or between wireless phone and headset. In the PAN wireless network, the customer owns 100% of the network, therefore no airtime charges are incurred.
Local Area Network (LAN) – Designed to be enterprise based wireless networks allowing for complete enterprise applications to be utilized without wires. Typically delivers Ethernet capable speeds (up to 54 Mbps). In the LAN wireless network, the customer owns 100% of the network, therefore no airtime charges are incurred.
Metropolitan Area Networks (MAN) – These wireless networks are deployed inside a metropolitan area allowing wireless connectivity throughout an urban area. The MAN networks typically deliver up to broadband speeds (similar to DSL) but are not capable of Ethernet speeds. In the MAN wireless network, the wireless networks can either be a licensed carrier requiring the customer to purchase airtime or may be built out and supported by one entity such as a police department.
Wide Area Networks (WAN) – The WAN wireless networks are typically slower in speeds but have more coverage, sometimes covering rural areas. Due to the vast deployment, all WAN wireless networks will require a customer purchase airtime for data transmission.
The Cisco Aironet wireless products are considered Local Area Network wireless products.
ICND v2.3—5-*
Wireless LAN (WLAN)
A WLAN is a shared network.
An access point is a shared device and functions like a shared Ethernet hub.
Data is transmitted
over radio waves.
Two-way radio communications
(half-duplex) are used.
*
A Wireless LAN is SHARED network
An access point is a SHARED device and has a performance similar to an SHARED Ethernet Hub
In the wireless cell only one station can transmit at any time. All other stations listen.
A station which wants to transmit until the wireless media is unused.
This is similar to coax-cable or half-duplex Ethernet and an Ethernet hub.
Therefore the performance of a wireless access point is similar to a hub.
The average data rate per station is total badwidth divided by the number of stations.
Data is transmitted over radio waves.
Transmitting a signal using 802.11 specifications is a two-way communication, using the same frequency for both transmit and receive (half-duplex). A station transmitting cannot receive while transmitting because the same frequency is used.
Therefore only half-duplex transmission is possible. This is comparable with a coax-cable Ethernet.
Spread spectrum is a type of emission designed to be somewhat immune to interference, difficult to detect, and hard to intercept.
U.S. Actress Hedy Lamarr and music composer George Antheil patented the concept of spread spectrum in 1942. The idea was to provide a method for guiding a torpedo without interference from a jamming signal.
In 1986, the U.S. Federal Communications Commission (FCC) agreed to allow the use of spread spectrum in the commercial market under the ISM bands.
Just as the radio in your car has amplitude modulation (AM) and frequency modulation (FM) bands, other radios use different bands and types of modulation.
ICND v2.3—5-*
*
The WLAN evolution started in the 1980s using 900-MHz Direct Sequence Spread Spectrum (DSSS) technology. The 900-MHz systems were fairly easy to deploy because one access point could cover large areas and no licenses were required in the approved countries. One problem for 900-MHz technology was that only a few countries allowed the technology. As time progressed, the need for faster speeds, open standards, and global acceptance forced the manufacturers of WLAN products to engineer new products to use the 2.4-GHz band.
The move to 2.4 GHz in the 1990s put WLAN products into a “cleaner” radio frequency (RF) environment, making it possible to deploy data collection systems without the worries of 900-MHz interference. The 2.4-GHz technology was also well-received because the throughput grew from 860 kbps to 1 Mbps and 2 Mbps. When frequency and speeds are increased, distances are decreased, but the new data collection opportunities that the faster throughput helped to create justified the extra access points that were needed. However, end users were still concerned about using a proprietary system and that is when the Institute for Electrical and Electronics Engineers (IEEE) became involved. In 1992, the IEEE began drafting the 802.11 standard. The focus of the effort was to eliminate the issue of proprietary technology and design an open standard for WLAN.
In July 1997, the IEEE ratified the 2.4-GHz standard that included DSSS technology, Frequency Hopping Spread Spectrum (FHSS) technology, and infrared light, commonly referred to as IR, at the physical layer. The standard specified 1 Mbps as the standard speed and 2 Mbps as a “turbo” mode. In September 1999, the IEEE 802.1la standard (5 GHz at 54 Mbps) and the IEEE 802.1lb standard (2.4 GHz at 11 Mbps) were ratified by the IEEE. In December 2001, the IEEE drafted the 802.11g standard (2.4 GHz at 54 Mbps). This standard will be backward compatible with 802.11b systems because both use the same 2.4-GHz bandwidth.
ICND v2.3—5-*
Unlicensed Frequency Bands
No license required
No exclusive use
*
There are three unlicensed bands: 900 MHz, 2.4 GHz, and 5.7 GHz. The 900-MHz and 2.4-GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5-GHz band is commonly referred to as the Unlicensed National Information Infrastructure (UNII) band.
Frequencies for these bands are as follows:
900-MHz band: 902. to 928. MHz
2.4-GHz band: 2.400 to 2.483 GHz (in Japan extends to 2.495 GHz)
5-GHz band: 5.150 to 5.350 MHz, 5.725 to 5.825 MHz, with some countries supporting middle bands between 5.350 and 5.825 MHz. The number of countries that permit 802.11a and the available spectrum varies widely, and the list change quickly.
The focus of this module is on 2.4 and 5 GHz bands. Cisco Aironet ® products utilize these bands today as well as adhere to the Institute of Electrical and Electronics Engineers (IEEE) 802.11a, 802.11b and 802.11g standards.
ICND v2.3—5-*
Radio Frequency Transmission
Radio frequencies are radiated into the air via an antenna, creating radio waves.
Radio waves are absorbed when they are propagated through objects (e.g., walls).
Radio waves are reflected by objects (e.g., metal surfaces).
*
Radio frequencies are radiated into the air via an antenna creating radio waves
Radio waves are absorbed when propagating through objects (e.g. walls)
Radio waves are and reflected by objects (e.g. metal surfaces)
This can cause areas of low signal strength or low signal quality
ICND v2.3—5-*
Radio Frequency Transmission
Higher data rates have a shorter transmission range.
The receiver needs more signal strength and better SNR to retrieve information.
Higher transmit power results in greater distance.
Higher frequencies allow higher data rates.
Higher frequencies have a shorter transmission range.
*
Radio frequencies are radiated into the air via an antenna creating radio waves
Radio waves are absorbed when propagating through objects (e.g. walls)
Radio waves are and reflected by objects (e.g. metal surfaces)
This can cause areas of low signal strength or low signal quality
ICND v2.3—5-*
Certifications include 802.11a, 802.11b, 802.11g, dual-band products, and security testing.
Certified products can be found at http://www.wi-fi.org.
*
Wi-Fi offers certification for interoperability between vendors 802.11 products. This certification provides a comfort zone for the users purchasing the products. It also helps to market the WLAN technology, by promoting interoperability between vendors. Certification includes all three 802.11 RF technologies as well as Wi-Fi Protected Access, a security model that follows model 802.11i security task group work.
ICND v2.3—5-*
802.11b
ICND v2.3—5-*
Operates in the 2.4-GHz band
Specifies direct sequence spread spectrum (DSSS)
Specifies four data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
Provides specifications for vendor interoperability (over
the air)
Defines basic security, encryption, and authentication for the wireless link
Is the most commonly deployed WLAN standard
*
802.11b was ratified in 1999, and products were actually introduced into the market before the standard was ratified. It became the defacto standard for wireless and adoption grew rapidly.
It operates in the worldwide available 2.4 GHz ISM band.
Only one RF transmissions was specified:
Direct Sequence Spread Spectrum (DSSS)
It provides 4 Data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
It is based on 802.11 standard and the most common Wireless LAN standard
Virtually approved for worldwide use
ICND v2.3—5-*
Japan
1
*
There are a total of 11 channels available in the US, however, there are only 3 of these channels that are non-overlapping. In the ETSI domains, there are 13 available channels, but again there are only 3 non-overlapping channels. In Japan, there is an additional channel located at the top end of the ban, and it is possible to utilize this along with 3 other channels for a total of 4 non-overlapping channels.
11 U.S. channels
14 Japanese channels
Different countries have different regulatory bodies and may have as many as 14 channel sets available. In some countries, this may mean that the number of non-overlapping channels is reduced to one, and an aggregate data rate of 33 Mbps may not be possible.
The following list the countries that belong to each regulatory domain. Regulatory Domain information is subject to change. An up-to-date listing of the countries that correspond to theses Regulatory Domains is available at: // www.cisco.com/go/aironet/compliance
ICND v2.3—5-*
2.4-GHz Channel Use
North America: 11 channels.
Using any other channels will cause interference.
Three access points can occupy the same area.
*
2.4GHz 802.11b/g has three non-overlapping channels do not share any frequency. This means that 3 access points (AP’s) could operate in the same cell area without sharing the media. An AP on channel 1 does not share time with an AP on channel 6, because they do not have any common frequencies. There is no degradation in throughput when three AP’s are in the same cell area if the AP’s are each on a non-overlapping channel. Three AP’s in the same cell on three non-overlapping channels provide an aggregated data rate for the cell of 33Mbps with an aggregated throughput of 18.6Mbps. If the same three AP’s shared the same channel the aggregate data rate would still be 33Mbps but the aggregated throughput be more like 7 Mbps.
List the channels. 1=2412, 2=2417, 3=2422, 4=2427, 5=2432, 6=2437, 7=2442, 8=2447, 9=2452, 10=2457, 11=2462, 12=2467, 13=2472, and 14=2477. Channels are known by their center frequency.
802.11g standard ratified in June, 2003. Operates in the same 2.4 GHz band as 802.11b and uses the same three non-overlapping channels.
Full backward compatibility with 802.11b. 802.11g uses OFDM modulation for 802.11g data rates, CCK modulation for 802.11b data rates. The 802.11g data rates are 54, 48, 36, 24, 18, 12, 9 and 6 Mbps. The 802.11b data rates are 11, 5.5, 2 and 1 Mbps.
ICND v2.3—5-*
*
Wireless LAN clients have the ability to data rate shift while moving, allowing the same person operating at 11 Mbps, to shift to 5.5 Mbps, 2 Mbps, and finally still communicate at the outside ring at 1 Mbps. This rate shifting happens without losing connection, and without any interaction from the user. Rate shifting also happens on a transmission by transmission basis, therefore the access point has the ability to support multiple clients at multiple speeds depending upon the location of each client.
Higher data rates require stronger signals at the receiver. Therefore lower data rates have a greater range.
Wireless clients will always try to communicate with the highest possible data rate.
Only if transmission errors and transmission retries occur, the client with reduce the data rate.
This provides the highest total throughput of the wireless network.
ICND v2.3—5-*
802.11a
ICND v2.3—5-*
Uses eight data rates of up to 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
Has from 12 to 23 nonoverlapping channels (FCC)
Has up to 19 nonoverlapping channels (ETSI)
Regulations different across countries
*
The 802.11a standard was ratified at the same time as 802.11b. However, because of limited supplies of silicon and other components, products did not start to appear in the market until late 2000. The technology provides up to a 54-Mbps data rate, and in most countries provides eight channels of indoor WLAN usage. However, the regulations vary widely across countries and are in constant change at present.
ICND v2.3—5-*
802.11g
ICND v2.3—5-*
802.11g Protection Mechanism
Problem: 802.11b stations cannot decode 802.11g radio signals.
802.11b/g access point communicates with 802.11b clients with max. 11 Mbps.
802.11b/g access point communicates with 802.11g clients with max. 54 Mbps.
802.11b/g access point activates RTS/CTS to avoid collisions when 802.11b clients are present.
802.11b client learns from CTS frame the duration of the 802.11g transmission.
Reduced throughput is caused by additional overhead.
*
802.11b/g AP communicates with 802.11b Clients with max. 11Mbps
802.11b/g AP communicates with 802.11g Clients with max. 54 Mbps
802.11b/g AP activates RTS/CTS to avoid collisions when 802.11b clients are present
802.11b client learns from CTS frame the duration of the 802.11g transmission
802.11g protection mode results in reduced total throughput caused by the additional overhead
ICND v2.3—5-*
802.11 Standards Comparison
ICND v2.3—5-*
802.11 Standards Comparison
Throughput [Mbps]
*
This table summarizes the features of the 802.11 wireless LAN standards which were introduced earlier.
ICND v2.3—5-*
*
The 11b and 11g ranges are based on default power settings with 2.2 dBi 2.4 GHz antennas on the AP’s and 0 dBi antennas on the clients.
The 11a ranges are based on default power settings with 5dBi Omni on the AP and 6 dBi Omni on the client.
This slides compares the range of the different data rates and the different wires LAN standards in an open office environment.
Actual distances can be different due to absorption and reflection.
The size of a wireless cell depends on the data rate.
It is possible to limit the range by disabling lower data rates.
To limit the range to 150ft data rates of 5.5, 2, and 1 Mbps (802.1b/g) and 6, 9, 12, 18 Mbps (802.11g) could be disabled.
ICND v2.3—5-*
802.11a: WLAN 54-Mbps at 5 GHz
802.11b: WLAN 11-Mbps at 2.4 GHz
802.11d: Multiple regulatory domains
802.11e: Quality of service
802.11g: WLAN 54-Mbps at 2.4 GHz
802.11h: Dynamic Frequency Selection (DFS) Transmit Power Control (TPC) at 5 GHz
802.11i: Security
http://standards.ieee.org/getieee802/
*
The 802.11a, b, and g specifications all relate to WLAN physical layer standards.
Cisco Aironet access points in this release support the 802.11d standard for world mode. World mode enables the access point to inform an 802.11d client device which radio setting the device should use to conform to local regulations.
The IEEE 802.11e standard is being developed to enhance the current 802.11 MAC to expand support for applications with quality of service (QoS) requirements and improve the capabilities and efficiency of the protocol. This standard will assist with voice, video, and other time-sensitive applications. In March 2005, the IEEE will submit this standard to the Executive Committee for approval.
The IEEE 802.11F standard is a recommended practice guideline, defining a protocol for intercommunication between access points, to assist in roaming, and handoff of traffic. Most vendors have implemented their own proprietary Inter-Access Point Protocol (IAPP) for use with their access points.
The IEEE 802.11h standard is supplementary to the MAC layer to comply with European regulations for 5-GHz WLANs. Most European radio regulations for the 5-GHz band require products to have transmission power control (TPC) and dynamic frequency selection (DFS). TPC limits the transmitted power to the minimum needed to reach the farthest user. DFS selects the radio channel at the access point to minimize interference with other systems, particularly radar.
The IEEE 802.11i standard specifies the improved security, encryption and authentication for Wireless LANs and the enhancements to the current 802.11 MAC to provide improvements in security.
The IEEE 802.11j standard is intended to enhance the 802.11 standard and amendments, to add channel selection for 4.9 GHz and 5 GHz in Japan to conform to Japanese rules on operational mode, operational rate, radiated power, spurious emissions, and channel sense.
ICND v2.3—5-*
*
In most parts of the world Cisco products can be deployed without a user license (that is, unlicensed). In most countries there is over 80 MHz of available spectrum. The 5-GHz WLAN technology is also gaining popularity worldwide as more products become available in the UNII-1, UNII-2, and UNII-3 frequency bands. The operating frequency range varies worldwide from 5.150 GHz to 5.825 GHz, as does the maximum power, which is determined by the local regulating country.
The Cisco Aironet products and the specific countries for which each product is currently certified for order and shipment are listed at http://www.cisco.com/go/aironet/compliance If there is no “X” in the matrix box that corresponds to the country and product, then that product is not certified to ship to that country. Please take note of the Country SKU suffix in the column adjacent to your country. You will need this specific SKU suffix to ensure that you order the product with the proper power and channel settings required for each country. If you have any questions regarding this information, please contact your Cisco Account Manager or Cisco Reseller for more information. Each country has its own set of rules governing the installation and use of RF products. Be aware that these rules may affect which products you use and may require you to obtain a site-specific license.
ICND v2.3—5-*
Eight 802.11g access points deployed
7 users per access point with no conference rooms provides 3.8 Mbps throughput per user
7 users + 1 conference room (10 users) = 17 total users, provides 1.5 Mbps throughput per user
54 Cubes—4 Conference Rooms
95 Feet
Conference Room
120 Feet
*
In this general office design 802.11g products with a maximum data rate is 54 Mbps are deployed.
Throughput is data rate minus overhead. The Throughput is about 50% of the data rate.
7 users per access points with no conference rooms provides 3.8 Mbps throughput per users.
7 users + 1 conference room (10 users) = 17 total users provides 1.5 Mbps throughput per user.
ICND v2.3—5-*
WLAN Security
ICND v2.3—5-*
WLAN Security Threats
The WLAN security threads are
War drivers trying to find open access points for free Internet access.
Hackers trying to exploit weak encryption to access sensitive data via tghe WLAN.
Employees install access points intended for home use without the necessary security configuration on the enterprize network causing a security risk for the network.
ICND v2.3—5-*
Threats control machanism
Control and Integrity
Privacy and Confidentiality
Protection and Availability
Protect data as it is transmitted and received.
Track and mitigate unauthorized access and network attacks.
ICND v2.3—5-*
Threats control machanism
Control and Integrity
Privacy and Confidentiality
Protection and Availability
Protect data as it is transmitted and received.
Track and mitigate unauthorized access and network attacks.
ICND v2.3—5-*
Present
AES strong encryption
The figure shows the evolution of wireless LAN (WLAN) security.
Initially, IEEE 802.11 security relied on static keys for both encryption and if used authentication. The authentication method was not strong and the keys were eventually compromised. Because the keys were administered statically, this method of security was not scalable to large enterprise environments.
Cisco introduced enhancements that allowed for the use of IEEE 802.1X authentication protocols and dynamic keys. Cisco also introduced methods to overcome the exploitations of the encryption keys.
The 802.11 committee began the process of upgrading the security of the WLAN. The Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) as an interim solution that was a subset of the expected 802.11i security standard for WLANs using 802.1X authentication and improvements to WEP encryption.
Today IEEE 802.11i has been ratified and Advanced Encryption Standard (AES) has replaced Wired Equivalent Privacy (WEP) as the latest and most secure method of encrypting data. Wireless intrusion detection systems are available to identify and protect the WLAN from attacks. The Wi-Fi Alliance certifies 802.11i devices under Wi-Fi Protected Access 2 (WPA2).
ICND v2.3—5-*
Wireless Client Association
Access points send out beacons announcing SSID, data rates, and other information.
Client scans all channels.
Client associates to access point with strongest signal.
Client will repeat scan if signal becomes low to reassociate to
another access point (roaming).
During association SSID, MAC
address and security settings are
*
Access points send out beacons announcing SSID, data rates and other information
Client scans all channels
Client associates to access point with strongest signal
Client will repeat scan if signal becomes low to re-associate to another access point (roaming)
During association SSID, MAC address and security settings are sent from the client to the AP and checked by the AP
ICND v2.3—5-*
The user authentication is done via the 802.1x protocol.
A supplicant for 802.1x / EAP is needed on the WLAN client.
The access point is the authenticator which communicates via Radius with the AAA server (Cisco ACS).
Lightweight access points communicate with the WLAN controller which acts as the authenticator.
The client and the authentication server implement the different version of EAP.
The EAP messages pass through the authenticator.
ICND v2.3—5-*
*
After authentication of the WLAN client the data is sent encrypted.
TKIP and AES are the strong encryption methods which replaced the weak RC4 encryption.
ICND v2.3—5-*
WLAN Security Summary
We find different requirements for security of WLANs.
For open access at hotspots no encryption with basic authentication is used.
For the home user at least basic security with WPA passphrase or preshared keys is recommended.
For enterprises enhanced security with 802.1x/EAP authentication and TKIP or AES encryption is recommended. This is standardized as WPA / WPA2 and 802.11i security.
ICND v2.3—5-*
Summary
The 2.4-GHz and 5-GHz frequency bands are used by WLAN 802.11 standards.
The throughput per user depends on the data rate and the number of users per wireless cell.
802.11b has data rates of up to 11 Mbps at 2.4 GHz.
802.11a has data rates of up to 54 Mbps at 5 GHz.
802.11g has data rates of up to 54 Mbps at 2.4 GHz.
802.11a has a shorter range than 802.11g.
For maximum efficiency, limit the number of users per cell.
Different WLAN security types with authentication and encryption satisfy the security requirements of enterprise and home users.
ICND v2.3—5-*
PoE switches, routers
ICND v2.3—5-*
Unified cellular and Wi-Fi VoIP. Advanced threat detection, identity networking, location-based security, asset tracking, and guest access.
World-Class Network Management
Same level of security, scalability, reliability, ease of deployment, and management for wireless LANs as wired LANs.
Network Unification
Integration into all major switching and routing platforms. Secure, innovative WLAN controllers.
Mobility Platform
Client Devices
*
Introduce Build Elements
The Cisco Unified Wireless Network is composed of five interconnected elements that work together as building blocks to deliver a unified enterprise-class wireless solution.
1st Build - Client Devices:
Cisco is leading the development of interoperable, standards-based client devices through our Cisco Compatible Extensions program – also called CCX.
This Cisco Compatible program helps to ensure the widespread availability of client devices from a variety of suppliers that are interoperable with a Cisco WLAN infrastructure. These client devices take advantage of Cisco innovations for enhanced security, mobility, quality of service, and network management.
Over 90% of Wi-Fi silicon is Cisco Compatible Certified.
The Cisco Compatible program is key differentiator for Cisco and central to Cisco’s goal of making the wireless network as easy to use and as robust as the wired network.
Cisco Compatible client devices deliver “out-of-the-box” wireless security via WPA and WPA2 and Cisco enhancements like intrusion detection capabilities.
2nd Build Mobility Platform:
The second building block is Mobility Platform:
Cisco Aironet lightweight access points provide ubiquitous network access for a variety of indoor and outdoor wireless environments - including wireless mesh.
Cisco Aironet lightweight access points ….
Are a proven platform with an award-winning, world-wide market share of over 61%.
Offer secure, manageable and reliable wireless connectivity with exceptional range and performance.
Support a wide array of deployment options such as single or dual-radios, integrated or remote antennas, and rugged metal enclosures.
Deliver the versatility, high capacity, security, and enterprise-class features demanded by WLAN customers.
Operate as plug and play wireless devices with zero touch configuration.
Cisco Aironet bridges are deployed in autonomous mode.
Reliable flexible, easy-to-use WLAN bridges for wide area networking for outdoor areas, campuses, or building to building connectivity
New benchmark for wireless bridging by providing a high-performance and feature-rich solution for connecting multiple LANs in a metropolitan area.
Support both point-to-point or point-to-multipoint configurations
Industry-leading range and throughput, supporting data rates up to 54 Mbps
3rd Build Network Unification:
The third building block is Network Unification:
Cisco is the only vendor that delivers a complete end-to-end solution that is unified, innovative and provides solid investment protection to ensure a secure, mobile, interactive workplace for the wired and wireless network.
The Cisco Unified Wireless Network includes a solid migration path into all major Cisco switching and routing platforms via Cisco wireless LAN controllers.
Cisco wireless LAN controllers are responsible for system wide wireless LAN functions, such as integrated intrusion protection system (IPS), real time RF management, clustering, zero-touch deployment and N+1 redundancy.
Cisco wireless LAN controllers …
Work with access points and a management device to deliver enhanced performance and advanced management capabilities.
Provide the control, scalability, security, and reliability that network managers need to build secure, enterprise-scale wireless networks-from branch offices to main campuses
Integrate the wireless and wired network
4th Build World-Class Network Management:
The fourth building block is World-Class Network Management:
The Cisco Unified Wireless Network delivers the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations expect from their wired LANs.
Cisco’s world-class WLAN management interface is the industry leading Cisco Wireless Control System (WCS).
Cisco WCS brings ease of use to wireless LAN management.
Cisco WCS provides a powerful foundation that allows IT managers to design, control, and monitor their enterprise wireless networks from a centralized location, simplifying operations and reducing the total cost of ownership.
5th Build Unified Advanced Services:
The fifth building block is Unified Advanced Services:
The Cisco Unified Wireless Network cost-effectively supports new mobility applications, emerging Wi-Fi technologies, and advanced threat detection and prevention capabilities.
Our services are more comprehensive than other wireless point-product vendors. Cisco’s solution supports:
Advanced features - wireless VoIP and future unified cellular and Wi-Fi VoIP
Emerging technologies - location services for critical applications such as high-value asset tracking, IT management and location based security.
Advanced wireless security features - Network Admission Control (NAC), Cisco Self-Defending Network, identity-based networking, Intrusion Prevention Systems (IPS) and guest access for end-to-end network security
NAC is a set of technologies and solutions built on an industry initiative led by Cisco. Cisco WLANs support NAC by using the network infrastructure to enforce security policy compliance on all wireless devices seeking to access network computing resources, thereby limiting damage from emerging security threats such as viruses, worms, and spy ware.
Cisco WLANs integrate with the Cisco Self-Defending Network to provide end-to-end network security and identity-based networking. The Cisco Self-Defending Network strategy is the Cisco vision for integrated network security. The Cisco Self-Defending Network helps organizations identify, prevent, and adapt to both known and unknown security threats.
Guest access allows customers to keep their wireless networks secure while providing customers, vendors, partners and guests with controlled access to the their WLAN.
Conclusion
Cisco addresses the deployment, management, and RF challenges associated with building business-critical WLANs.
With the Cisco Unified Wireless Network, Cisco unifies wireless and wired LANs and supports innovative RF technology solutions to deliver the same level of security, scalability, and manageability for wireless LANs that organizations expect in their wired LANs.
Overall operational expenses are reduced and network deployment, operations, and management are simplified with the Cisco Unified Wireless Network.
Cisco allows companies to put the RF environment to work to improve the way they do business.
ICND v2.3—5-*
Unified Advanced Services
Unified, built-in support of leading-edge applications, not an afterthought. Cisco Wireless Location Appliance, Cisco WCS, SDN, NAC, Wi-Fi phones, and RF firewalls.
World-Class Network Management
World Class NMS that visualizes and helps secure your air space. Cisco Wireless Control System (WCS).
Cisco
Self-Defending Network
Network Unification
Seamless network infrastructure across a range of platforms. Cisco 4400 and 2000 Wireless LAN Controllers. Future Cisco Catalyst 6500, Series WiSM, ISR, and 3750 integration.
Mobility Platform
Access points dynamically configured and managed through LWAPP. Cisco Aironet Access Points: 1500, 1300, 1240AG, 1230AG, 1130AG, and 1000. Bridges: 1400 and 1300.
Client Devices
*
Introduction
With Cisco’s solution enterprise's can now expect a business class wireless experience
Why settle for anything less?
What's in Business Class Wireless?
Let’s look at the wide breadth and diverse array of WLAN products available from Cisco to support the five interconnecting elements of the Cisco Unified Wireless Network and business class WLANs.
1st Build - Client Devices:
Cisco Compatible or Cisco Aironet client devices are strongly recommended for the Cisco Unified Wireless Network.
With over 90% of shipping client devices certified as Cisco Compatible almost any client device that you select should be Cisco Compatible certified to give you the power of Cisco’s advanced feature sets
Cisco Compatible Clients are secure and work out of the box!
Cisco Compatible client devices interoperate with and support innovative and unique Cisco Unified Wireless Network features such as fast secure roaming, integrated intrusion prevention system, location services and a variety of extensible authentication types.
Note to speaker – The solution does support Wi-Fi Certified or IEEE 802.11 clients but those devices do not support Cisco’s pioneering innovative features. Goal is to emphasize the value of Cisco Compatible client devices
2nd Build Mobility Platform:
Cisco Aironet lightweight access points are dynamically configured and managed through LWAPP
The Cisco Unified Wireless Network supports a variety of Cisco Aironet lightweight access point models: 1500, 1240AG, 1230AG, 1130AG, 1000. (Future LWAPP is planned for 1300)
Cisco Aironet autonomous access points that have been converted to operate as lightweight access points running the Lightweight Access Point Protocol (LWAPP) are supported.
We offer a range of enterprise-class, custom designed and developed access points to fit the needs of a variety of installation environments and requirements
We have access points and bridges for the carpeted enterprise, ruggedized environments and challenging environments like the outdoors. For example:
1130AG are for the carpeted enterprise that has little environmental variability and operates within a controlled environment
1240AG Series is for high-end challenging environments that need a ruggedized enclosure such as manufacturing, loading docks and warehouses
1400 Series for autonomous, high-speed, high-performance outdoor bridging for line-of-sight applications
1500 lightweight outdoor mesh access point for cost-effective, scalable deployment of secure outdoor wireless LANs for network connections within a campus area, outdoor infrastructure for mobile users or public access for outdoor areas. The 1500 Series supports auto-configuring and self-healing wireless mesh deployments.
Cisco offers a variety of enterprise class access points because just like you wouldn’t take a convertible off road, you should not install an access point that is not designed for the environment where it will be installed
Consumer grade access points do not provide the flexibility for simplified management, scalability, reliability, wired and wireless integration, zero touch configuration, integrated advanced security features and support for advanced services
Note to speaker – Customers can continue to deploy Cisco Aironet autonomous access points running Cisco IOS Software as applicable for their networks but these access points will not have all the features of the Cisco Unified Wireless Network unless they are converted to operate as lightweight access points. All bridges are autonomous not lightweight.
3rd Build Network Unification:
The Cisco Unified Wireless Network leverages our customers existing wired network and investment in Cisco products
It supports a seamless network infrastructure across a range of platforms
It builds upon existing wired networks with planned wired and wireless unification via the following future platforms:
Cisco Catalyst 6500 Series Wireless Services Module (WiSM) available in late fall 2005 (300AP/blade with 4 blades per chassis)
Integrated Services Routers (ISR) planned for late fall 2005 (6 AP per ISR/branch office & SMB deployments).
3750 Switch planned for late 2006 to support 12-24 access points per switch for SMB
Today wired and wireless unification occurs with the Cisco 4400 and 2000 Series wireless LAN controllers.
The capacity range of these controllers ranges from six access points with the 2006 model to 100 access points with the 4404 model.
Cisco wireless LAN controllers supporting large-scale and branch office lightweight access points to deliver a unified wired and wireless network with ironclad security.
4th Build World-Class Network Management:
The fourth building block is World-Class Network Management:
Cisco delivers a world class network management system (NMS) that visualizes and helps secure your air space
The Cisco Wireless Control System (WCS) supports wireless LAN planning and design, RF management, location tracking, IPS, and WLAN systems configuration, monitoring, and management.
This platform easily manages multiple controllers and their associated lightweight access points.
It supports zero touch deployment and robust graphical interfaces to make wireless LAN deployment and operations simple and cost-effective
Cisco WCS is available today to deliver business critical, easy to use, wireless network management.
5th Build Unified Advanced Services:
The fifth building block is Unified Advanced Services:
Cisco provides unified support of leading-edge applications that is built into an end-to-end system, not an afterthought
Cisco’s advanced services are industry-leading, innovative and comprehensive.
The Cisco Unified Wireless Network advanced services are delivered by the following products:
Cisco Wireless IP Phone 7920—The power of VoIP is delivered to the enterprise by the comprehensive voice communications capabilities of this Wi-Fi phone from Cisco. The Cisco Wireless IP Phone 7920 supports seamless intelligent services such as security, mobility, quality of service (QoS), and management, across an end-to-end Cisco network.
Cisco Wireless Location Appliance—This appliance is the industry’s first location solution that simultaneously tracks thousands of devices from directly within the WLAN infrastructure. It brings the power of a cost effective, high-resolution location solution to critical applications such as high-value asset tracking, IT management and location based security.
Cisco Aironet lightweight access points, Cisco wireless LAN controllers and Cisco WCS—Built in support for the Cisco Self-Defending Network, identity-based networking, NAC and guest access is available via these award-winning Cisco wireless products.
Conclusion
Cisco is the only company that delivers a unified end-to-end, business class solution that encompasses client devices, access points, controllers, switches and routers, world-class management and advanced services combined with award-winning worldwide product support and professional services.
We are the only company to provide a concrete migration path that delivers solid investment protection.
ICND v2.3—5-*
Connectorized 5-GHz Antennas
*
Cisco connectorized 5 GHz (802.11a) radios use the same RP-TNC radio connector as 2.4 GHz (802.11b/g) radios. Although it’s possible that someone might connect the wrong antenna to the unit, Cisco is now using the color blue to denote 5 GHz to minimize this possibility from occurring. Note: Accidentally connecting the wrong antenna will not damage the unit but will result in reduced performance.
The RP-TNC connector is an excellent connector (both physically as well as electrically) and therefore is Cisco’s the connector of choice for WLAN applications.
ICND v2.3—5-*
Sector antenna, integrated antenna and Omni antennas are vertically polarized.
ICND v2.3—5-*
WAN technologies
Purpose: This slide discuss the initial configurations on the routers and switches.
Note: There is no setup mode on the Catalyst 1900 switch.
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
WAN technologies
ICND v2.3—5-*
ATM
ATM is also a packet-switched technology that uses digital circuits. Unlike Frame Relay and X.25, however, this service uses fixed-length (53 byte) packets, called cells, to transmit information. Therefore, this service is commonly called a cell-switched service. It has an advantage over Frame Relay in that it can provide guaranteed throughput and minimal delay for a multitude of services, includingvoice, video, and data. However, it does cost more than Frame Relay services. ATM (sort of an enhanced Frame Relay) can offer a connection guaranteed bandwidth, limited delay, limited number of errors, Quality of Service (QoS), and more. Frame Relay can provide some minimal guarantees to connections, but not to the degree of precision that ATM can. Whereas Frame Relay is limited to 45 Mbps connections, ATM can scale to very high speeds: OC-192 (SONET), for instance, affords about 10 Gbps of bandwidth
ICND v2.3—5-*
Summary
A WAN makes data connections across a broad geographic area so that information can be exchanged between distant sites.
WAN connection types include leased line, circuit-switched, and packet-switched.
WAN components that the provider assigns to your organization include CPE, demarcation, local loop, CO switch, and toll network.
Cisco routers support the EIA/TIA-232, EIA/TIA-449, V.35, X.21, and EIA/TIA-530 standards for serial connections.
To encapsulate data for crossing a WAN link, a variety of Layer 2 protocols can be used, including HDLC, PPP, SLIP, X.25/LAPB, Frame Relay, and ATM.
ICND v2.3—5-*

Wide-Area Networks.ppt

Documents

Transcript of Wide-Area Networks.ppt