Wireless Networking Slides

Wireless NetworkingWireless NetworkingWireless NetworkingWireless Networking

WiFi 802.11b/g/a

Bluetooth

3G PCS

802.11s Mesh

WiFi 802.11b/g/a

1. Introduction2. RF Bands3. 802.11b4. WLAN IN-BUILDING5. WLAN BUILDING-BUILDING6. Equipment7. Site Survey8. Security9. Future

INTRODUCTION

What is a Wireless LAN?What is a Wireless LAN?

Internet

Ethernet

Hub/ Switch

10/100 Mbps Shared

Bandwidth (CSMA/CD)

Ethernet

Access Point

11 Mbps Shared Bandwidth (CSMA/CA)

In-Building WLANs

Building-to-Building WLANS

WLAN Product CategoriesWLAN Product CategoriesWLAN Product CategoriesWLAN Product Categories

Wireless Bridging LAN-to-LAN connectivity

Two Different Implementations Two Different Implementations

of Wireless LAN Technologyof Wireless LAN TechnologyWireless Networking

Mobile user connectivity

Ethernet Everywhere

10/100Ethernet

Layer 3SwitchedEthernet

GigabitEthernet

WirelessEthernet

Long-ReachEthernet

Ethernet TechnologiesEthernet Technologies

Solutions and Building Blocks

High-Speed Access High-Speed Access Anywhere, AnytimeAnywhere, AnytimeHigh-Speed Access High-Speed Access Anywhere, AnytimeAnywhere, Anytime

Environments

Wireless Switches

SiSi

At Home On the Road At Work

Security Access

At School

Local Area Network (LAN)Local Area Network (LAN)Local Area Network (LAN)Local Area Network (LAN)

Hub

Server Switch

Internet

Access PointHub

Wireless LAN (WLAN) as an extension to wired LAN

Work Group Bridge

Typical WLAN TopologiesTypical WLAN Topologies

Access Point

Wireless “Cell”

Channel 6

Wireless Clients

LAN Backbone

Channel 1

Access Point

Wireless “Cell”

Wireless Clients

Wireless Repeater TopologyWireless Repeater Topology

Channel 1

Access Point

Wireless Clients

Channel 1

Access Point

Wireless Repeater “Cell”

LAN Backbone

Work Group BridgeWork Group BridgeApplicationApplication

Work Group BridgeWork Group BridgeApplicationApplication

Server

Access Point

WGBHub

RF BANDS

ISM Unlicensed ISM Unlicensed Frequency BandsFrequency Bands

ExtremelyLow

VeryLow

Low Medium High VeryHigh

Infrared VisibleLight

Ultra-violet

X-Rays

AudioAM Broadcast

Short Wave Radio FM BroadcastTelevision Infrared wireless LAN

Cellular (840 MHz)NPCS (1.9GHz)

902-928 MHz26 MHz

5 GHz(IEEE 802.11)

HyperLANHyperLAN2

2.4 – 2.4835 GHz83.5 MHz

(IEEE 802.11)

UltraHigh

SuperHigh

900 MHz vs. 2.4 GHz vs. 5 GHz900 MHz vs. 2.4 GHz vs. 5 GHz

900 MHz band900 MHz band 2.4 GHz band2.4 GHz band 5 GHz band5 GHz band

PROsPROs

CONsCONs

Greater range than Greater range than 2.4 GHz band ( for in- 2.4 GHz band ( for in- building LANs)building LANs)

Global marketGlobal market

IEEE 802.11IEEE 802.11

Higher data rates Higher data rates (10+ Mbps)(10+ Mbps)

Global marketGlobal market

IEEE 802.11IEEE 802.11

Higher data rates Higher data rates (20+Mbps)(20+Mbps)

Less range than Less range than 900 MHz (for in-900 MHz (for in-building LANs)building LANs)

Maximum data Maximum data rate rate 1 Mbps1 Mbps

Limited Limited bandwidthbandwidth

Crowded bandCrowded band

Much less Range Much less Range than 900 MHz or than 900 MHz or 2.4 GHz2.4 GHz

Higher cost RF Higher cost RF componentscomponents

Large antenna Large antenna requiredrequired

What Is Spread Spectrum What Is Spread Spectrum RF Technology?RF Technology?

What Is Spread Spectrum What Is Spread Spectrum RF Technology?RF Technology?

• Data sent over the air waves

• Two-way radio communications (half duplex)

• Cisco designs and manufactures its own radios

• Same radio frequency for sending & receiving (transceiver)

• No licensing required for Cisco Aironet Wireless products

802.11b

IEEE 802.11 StandardIEEE 802.11 StandardIEEE 802.11 StandardIEEE 802.11 Standard

IEEE 802.11 became a standard in July 1997

• Infrared

• RF

Two RF technologies defined:

• Direct sequence spread spectrum - 1 Mbps and 2 Mbps

• Frequency hopping spread spectrum - 1 Mbps and 2 Mbps

IEEE 802.11b became a standard in September 1999

• Only one RF technology defined- DSSS at 5.5 Mbps & 11 Mbps

802.11 defines a high-performance radio

802.11 promises “true” vendor interoperability (over the air)

InteroperabilityInteroperabilityInteroperabilityInteroperability

• 802.11 covers RF connectivity, association processes, and modulation schemes

• Does not cover AP-to-AP connectivity over the wired network, roaming, load balancing, or repeaters

• These features are vendor specific and proprietary

• Choose a single vendor for the wireless backbone

Cisco Radio TechnologyCisco Radio Technology

Direct Sequence Spread Spectrum (DSSS)

• 2.4 GHz

• One piece PCMCIA radio product

• 1, 2, 5.5 and 11 Mbps

• Fully 802.11 compliant at all speeds

Spread Spectrum ApproachesSpread Spectrum Approaches

Both technologies are viable.

Direct Sequence Frequency Hopping

Frequency not used

Frequency not used

22

FREQUENCY

TIM

EPOWER

2.402 GHz2.402 GHz 2.483 GHz2.483 GHz

1 MwMhz

100 MwMhz

1 Ms

1 Sec

Channels- 802.11 DSChannels- 802.11 DSChannels- 802.11 DSChannels- 802.11 DS

• (11) 22 MHz wide stationary channels

• X “chips per bit” means each bit sent redundantly

• 11 Mbps data rate

• 3 non-overlapping channels

• 3 Access Points can occupy same area

1

2

3

4

5

6

7

8

9

10

11

Channel

Frequency

2400 2483 2437

Frequency2.400 GHz 2.483 GHz

12

34

56

78

9

Tim

e

Frequency HoppingFrequency HoppingFrequency HoppingFrequency Hopping

• A total of 79 channels, available

• Changes frequency (hops) at least every 0.4 seconds

• Synchronized hopping required

Time

DS vs. FH: A Summary DS vs. FH: A Summary on Interference Handlingon Interference Handling

• FH system hops around interference

• Lost packets are re-transmitted on next hop

• Data may be decoded from redundant bits

• Can move to an alternate channelto avoid interference

12

3F

req

uen

cy2.

400

GH

z2.

4835

GH

z Direct Sequence

Channel 11

Channel 1

Channel 6

Fre

qu

ency

2.40

0 G

Hz

2.48

35 G

Hz

Frequency Hopping

Access Point CoverageAccess Point CoverageAccess Point CoverageAccess Point Coverage

1Mbps DSSS

5.5 Mbps DSSS

11 Mbps DSSS

2 Mbps DSSS

Moduation ProfilesModuation ProfilesModuation ProfilesModuation Profiles

1 Mbps DBPSK Diff Binary Phase Shift Keying2 Mbps DQPSK Diff Quad Phase Shift Keying5.5 Mbps CCK Complementary Code Keying11 Mbps CCK Complementary Code Keying

Higher data rates use less reliable modulation profiles and require stronger received signal strength to operate properly. Tradeoff between speed and reliability.Minimal Required Signal Strength for Aironet 350:1 Mbps -94 dBm2 Mbps -91 dBm5.5 Mbps -89 dBm11 Mbps -85 dBm

Scalability With Direct Scalability With Direct SequenceSequence

Scalability With Direct Scalability With Direct SequenceSequence

Blue = 11Mb

Green = 11Mb

Red = 11Mb

Total Bandwidth=33Mb!!!

Channel SetupChannel SetupChannel SetupChannel Setup

Site Survey Channel ExampleSite Survey Channel Example

Channel 1

Channel 6

Channel 11

Channel 1

Channel 6

Channel 11

Channel 11

Channel 1

Channel 6

Channel 11

Access Point Coverage & Access Point Coverage & Data Rate Shifting ReviewData Rate Shifting ReviewAccess Point Coverage & Access Point Coverage & Data Rate Shifting ReviewData Rate Shifting Review

1 Mbps DSSS

2 Mbps DSSS

5.5 Mbps DSSS

11 Mbps DSSS

Site Survey Bandwidth ExampleSite Survey Bandwidth Example

Multi-rate ImplementationMulti-rate ImplementationMulti-rate ImplementationMulti-rate Implementation

2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps


5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps

5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps



350 (100mW)350 (100mW)Cell Size ComparisonCell Size Comparison

350 (100mW)350 (100mW)Cell Size ComparisonCell Size Comparison

100 milli-Watt client and Access Point range capabilities

11 Mbps DSSS 100-150 feet radius

5.5 Mbps DSSS150-250 feet radius

2 Mbps DSSS250-350 feet radius

WLAN IN-BUILDING

Scalability Requirements for Scalability Requirements for WLANsWLANs

Scalability Requirements for Scalability Requirements for WLANsWLANs

Robust roaming for seamless handoff between access point

Centralized user-based authentication

Dynamic WEP key distribution and management

Subnet roaming

Client support for all popular operating systems

WLAN TopologiesWLAN TopologiesWLAN TopologiesWLAN Topologies

Multiple AP’s with roaming

Redundant WLAN

Wireless Repeaters

Rate ShiftingRate ShiftingRate ShiftingRate Shifting

Survey performed at each data rate

Coverage cell for each rate mapped

Higher rates – shift to proper areas

Lower rates – overlap and frequency5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

5.5 Mbps

11 Mbps

2 Mbps

Wireless OfficeWireless OfficeWireless OfficeWireless Office

Maximum CoverageAuto Rate Negotiation

Wireless Mobile WorkersDiPole Antennas

Office 1 Office 3

Class 1

Hallway

2000’

850’

Office 4 Office 5 Office 6 Office 7 Office 8Office 2

Office 9 Office 11 Conference Room Break RoomOffice 10

AP’s on Isolated LAN with PIX

1

11 1 11

6 111

6

Indoor/Outdoor CoverageIndoor/Outdoor CoverageIndoor/Outdoor CoverageIndoor/Outdoor Coverage


Wireless for Mobile WorkersDiPole Indoor, Patch Outdoor

Office 1 Office 3

Hallway

1000’

850’

Office 4Office 2

AP’s on Isolated LANwith PIX

Conference RoomBreak Room

Building Courtyard

1000’

11

6

6

111

1

Warehouse Design SampleWarehouse Design SampleWarehouse Design SampleWarehouse Design Sample


Cabling Available to Middle of RoomHigh Gain Mast Mount Antennas

2000’

850’

1

6

11

1

1

611

6

WLAN

BUILDING-TO-BUILDING

Upon completion of this chapter, you will be able to perform the following tasks:

• Determine the feasibility of installing a wireless bridge link.

• Explain why a wireless bridge may be a better solution than other alternatives.

• Determine the maximum distance that can be achieved using wireless bridges with given antennas and extension cables.

• Protect a wireless bridge installation against a lightning strike.

ObjectivesObjectives

Bridging DefinedBridging DefinedBridging DefinedBridging Defined

Medium Drawbacks

Phone lines Monthly costs

Installation costs(56K, T1)

SlowSlow

Extra equipment needed

InflexiblePhysical barriers

may preclude

Difficult installation High costMicrowaveFCC Licensing

required

Cable

Wireless Bridge AlternativesWireless Bridge Alternatives

Installation costs

0 to 25 miles(line of sight)

Ethernet

Bridge

OptionalAntenna

Building A Building B

OptionalAntenna

Point-to-Point ConfigurationPoint-to-Point ConfigurationPoint-to-Point ConfigurationPoint-to-Point Configuration

Ethernet

Bridge

Building B Building C

Building A

DirectionalAntenna

Omni-directional Antenna

Point-to-Multipoint Point-to-Multipoint ConfigurationConfiguration

Point-to-Multipoint Point-to-Multipoint ConfigurationConfiguration

DirectionalAntenna

Optional AntennasOptional Antennas for Long Range for Long Range

13.5dBi YagiDistances over 6.5miles @ 2Mbps and2miles @11Mbps

21dBi Solid DishFor distances up to25+ miles @ 2Mbps 11.5miles @ 11Mbps

Note: Distances include 50 feet of low loss cable and 10dB fade margin

Common QuestionsCommon Questions

340 Wireless BridgeHow Fast?

Max data rate

11.5+ Miles

11 Mbps5.5 Mbps

2 MilesHow Far? (at MAX rate)

Typical throughput

Yagi antenna

2 Mbps1.4 Mbps

6.5 miles25+ milesDish antenna

Bridge Application: Bridge Application: School DistrictSchool District

RichardsonElementaryYagi

LincolnElementaryYagi

BodeElementaryYagi

PriceElementaryYagi

Dewitt ElementaryYagi

BolichMiddle SchoolYagi

RobertsMiddle SchoolDish

Weaver-Special EducationDish

High School 2 BridgesOne 12dB omniOne Dish Administration

2 BridgesOne 12dB omniOne Yagi

U N I V E R S I T YU N I V E R S I T Y

Channel #11

Channel #6

Channel #1

LightningLightningLightningLightning

Ethernet

BridgeStatic Electricity

• Wind

• Nearby Strikes

Path Loss ConsiderationsPath Loss Considerations

How far will it go?

22 miles?

Calculations of Coverage Calculations of Coverage PerformancePerformance

Coax Length150ft?

Coax Length100ft?

Wants 11Mb datarateDistance =13miles

Towers needed to clear trees andother buildings

Calculations of Coverage Calculations of Coverage PerformancePerformance

Line of SightLine of SightLine of SightLine of Sight

The following obstructions might obscure a visual link:• Topographic features, such as mountains.

• The curvature of the Earth.

• Buildings and other man-made objects

• Trees

Line of site!

Longer DistancesLonger DistancesLonger DistancesLonger Distances

Line of Sight disappears at 6 miles due to the earth curve

Fresnel ZoneFresnel ZoneFresnel ZoneFresnel Zone

Fresnel Zone

Improving Fresnel EffectImproving Fresnel EffectImproving Fresnel EffectImproving Fresnel Effect

Improve the Fresnel effect:

• Raise the antenna

• New structure

• Existing structure

• Different mounting point

• Remove trees

Total Distance

Fresnel @ 60% (Value “F”)

Earth Curvature (Value “C”)

Antenna Height (Value “H”)

Site to Site Fresnel ZoneSite to Site Fresnel ZoneSite to Site Fresnel ZoneSite to Site Fresnel Zone

Antenna Height

• Fresnel zone consideration

• Line-of-Sight over 25 miles hard to implement

Antenna AlignmentAntenna AlignmentAntenna AlignmentAntenna Alignment

Line of Sight

Antenna AlignmentAntenna AlignmentAntenna AlignmentAntenna Alignment

Antenna Installation Antenna Installation Antenna Installation Antenna Installation

Towers and antennas may require permits and must meet local regulations.

EQUIPMENT

Cisco Aironet 1200 Series Cisco Aironet 1200 Series Access Points – other featuresAccess Points – other features

Cisco Aironet 1200 Series Cisco Aironet 1200 Series Access Points – other featuresAccess Points – other features

Wi-Fi certified–11Mbps data rate

Up to 100 mW output power

Aluminum case for plenum rating; UL 2043 certified;extended operating temperature (-20 to 55 C)

2 separate locking mechanisms

Cisco Aironet 350 Series Cisco Aironet 350 Series Access PointsAccess Points

Cisco Aironet 350 Series Cisco Aironet 350 Series Access PointsAccess Points

• Same great features of 1200 series in a static platform

• Affordable cost point to meet all budget requirements

• Reliable interoperability with 1200 series 802.11b solutions

• Software upgrade path for future software enhancements

• Dynamic WEP Security

Cisco Aironet 350 Client Cisco Aironet 350 Client AdaptersAdapters

Cisco Aironet 350 Client Cisco Aironet 350 Client AdaptersAdapters

PCMCIA card for Laptops and PDAs

PCI adapter for Desktops

Mini-PCI for embedded applications

Driver Support

•Windows 95, 98, Me, NT 4.0, 2000, XP

•Windows CE 2.11, 3.0 (Pocket PC)

•Linux

•Mac OS 9, X

Utilities include user configuration and site survey tool for simple installation and upgrade

Workgroup Bridge

350 Series Wireless Bridge350 Series Wireless Bridge350 Series Wireless Bridge350 Series Wireless Bridge

Building-to-building links of up to 25 miles (40.2 km)

Flexibility: point-to-point and point-to-multipoint

Metal case for durability and plenum rating; UL 2043 certified

In-line power; simplified installation tools; industry-leading receive sensitivity

Management capabilities:•SNMP, Telnet, FTP, HTML

•802.1d spanning tree

Aironet 1200Aironet 1200Ethernet In-Line PowerEthernet In-Line Power

Aironet 1200Aironet 1200Ethernet In-Line PowerEthernet In-Line Power

Aironet 350 uses Ethernet in-line power

ONLY

Eliminates need for local power and AC

infrastructure cost

Draws in-line power from edge devices

(-48 Volts)

Catalyst power switches support device

discovery mode

Ethernet In-line Power Source:• Catalyst 3524 Power Switch• Catalyst 6000 Power Blade• Catalyst 4000 Power Blade• 48 Port Power Patch Panel

Ethernet In-line Power Source:• Aironet Power Injector

No Power

Power

Power

Cisco Aironet AntennasCisco Aironet AntennasCisco Aironet AntennasCisco Aironet Antennas

DirectionalDirectional

Patch

Yagi

Dish

Omni DirectionalOmni Directional

• Dipole

• Mast mount

• Ceiling mount

• Ground plane

http://www.aironet.com/graphics/products/antennas/430-003549.jpg

2.4Ghz Omni-Directional 2.4Ghz Omni-Directional AntennasAntennas

2.2dBi Dipole “Standard Rubber Duck”

Cisco Aironet Part # AIR-ANT4941

2.4Ghz Omni-Directional 2.4Ghz Omni-Directional AntennasAntennas

12dBi Omni Directional (Outdoor only)


2.4Ghz Directional 2.4Ghz Directional AntennasAntennas

3dBi Patch Antenna – 65 degree



13.5dBi Yagi Antenna – 25 degree



21dBi Parabolic Dish Antenna – 12 degree

Cisco Part # AIR-ANT3338

Beam MountingBeam MountingBeam MountingBeam Mounting

Zip ties

2x4 secured with beam clamps

Mounting bracket secured with beam clamps

Mount antenna in same position they were surveyed

Antenna MountingAntenna MountingAntenna MountingAntenna Mounting

Some antennae not shipped with mounting brackets

Modify brackets to fit your needs

Modified brackets can be used with a variety of antennae

Be creative

Ceiling Mount

Mast Mount

Patch

Antenna MountingAntenna MountingAntenna MountingAntenna Mounting

Sometimes antennae are mounted in unusual ways

Specify in your report exactly how the antenna is to be mounted

NEMA EnclosuresNEMA EnclosuresNEMA EnclosuresNEMA Enclosures

Mounting plate with standoffs

Bulkhead Extender (Part #AIR-ACC2537-018 [18 inch], AIR-ACC2537-

060 [60 inch])

External Antenna Connector

Electrical Workbox

SITE SURVEY

Lab 2B – ACU Site Survey Lab 2B – ACU Site Survey (cont’d)(cont’d)

Lab 2B – ACU Site Survey Lab 2B – ACU Site Survey (cont’d)(cont’d)

RF PropagationRF PropagationRF PropagationRF Propagation

• Radio waves are reflected just like light waves

• Can reduce the reflected waves by using directional antennae


Waves 1800 out of phase will create a “null” or dead spot

Use diversity antennae to help overcome nulls

When using a single antenna, change the antenna location to overcome the null

Nulls


If the RF wave is unable to pass through an object, it may suffer from Diffraction

Diffraction creates RF “shadows”

Shadow

Site SurveySite SurveySite SurveySite Survey

Channel SelectionChannel SelectionChannel SelectionChannel Selection

AP1

Channel 1

AP 4

Channel 1 AP 6

Channel 11

AP 5

Channel 6AP 3

Channel 11

AP 2

Channel 6

Data RatesData RatesData RatesData Rates

Surveyed at 2Mb Surveyed at 5.5Mb

Interference (cont’d)Interference (cont’d)Interference (cont’d)Interference (cont’d)

CardboardWood Paper

Electrical Transformers

Microwave Ovens

Fluorescent Lighting

Firewalls

Why would I want a Site Why would I want a Site Survey?Survey?

Why would I want a Site Why would I want a Site Survey?Survey?

Customer AssistanceCustomer AssistanceCustomer AssistanceCustomer Assistance

How

man

y?

Where?Throughput?

RF WLAN

Coverage

Wired Ave.

Wire

less

Blv

d.

SECURITY

Older Security MethodsOlder Security MethodsOlder Security MethodsOlder Security Methods

Older forms of security on WLANs

• SSID

• Authentication controlled by MAC

802.11 Security802.11 Security802.11 Security802.11 Security

WEP (Wired Equivalency Privacy)

• 40 bit keys

• 128 bit keys

• Part of the association process

• WEP uses the RC4 stream cipher of RSA Data Security, Inc. (RSADSI) for encryption.

802.11 Open Authentication802.11 Open Authentication802.11 Open Authentication802.11 Open Authentication

Steps to Authentication:

Client sends probe.

AP sends Probe Response.Client evaluates APresponse, selects best AP.

Client sends authenticationrequest to selected AP (A).

AP A confirms authenticationand registers client.

Access Point

A

Access Point B

802.11 Shared Key 802.11 Shared Key AuthenticationAuthentication

802.11 Shared Key 802.11 Shared Key AuthenticationAuthentication

Steps to Authentication:

Steps 1 - 3 are the same as Open Authentication

AP A confirms authenticationand sends unencrypted test packet.

Client encrypts packet and returns to AP. AP checks encryption against WEP key.

Correct WEP key is allowed on the network. Incorrect WEP key is not not allowed to associate.

Access Point

A

Access Point B

Configuring WEP Keys (cont.)Configuring WEP Keys (cont.)Configuring WEP Keys (cont.)Configuring WEP Keys (cont.)

Header: Use Key3 Data: Encrypted using KEY3 Trailer

Header: Use Key2Data: Encrypted using KEY2Trailer

Key1=1234……Key2=5678……Key3=9012……Key4=3456……

Key1=1234……Key2=5678……Key3=9012……Key4=3456……

802.11 Security Issues 802.11 Security Issues 802.11 Security Issues 802.11 Security Issues

SSID (Service Set Identifier)• 32 ASCII character string

• Under 802.11, any client with a ‘NULL’ string will associate to any AP regardless of SSID setting on AP

• This should not be considered a security feature

802.11 Security Issues (cont.)802.11 Security Issues (cont.)802.11 Security Issues (cont.)802.11 Security Issues (cont.)

Assumes threat is “outside” the LAN

Hardware Theft

Rogue APs


Authentication is one-way

No way to dynamically generate keys

No integration with existing network authentication methods on LAN

Keys are static


Authentication is device-based

No method for account auditing

802.1x802.1x802.1x802.1x

802.1x is an IEEE Standard in progress for Port Based Network Access Control

• EAP

• Improved user authentication: username and password

• Dynamic, session-based encryption keys

• Centralized user administration

802.1x advantages for WLANs802.1x advantages for WLANs802.1x advantages for WLANs802.1x advantages for WLANs

Extensible authentication support• EAP designed to allow additional

authentication methods to be deployed with no changes to the AP or client NIC

• Password authentication

• One-Time Passwords

• Smartcard authentication and Security Dynamics

EAP and LEAPEAP and LEAPEAP and LEAPEAP and LEAP

Operating systems with native EAP support:• Windows 2000, CE

Cisco LEAP Authentication type• Legacy Operating Systems

• Quick support on multitude of host systems

• Implementation reduces support requirements on host systems

Improved Security (cont.)Improved Security (cont.)Improved Security (cont.)Improved Security (cont.)

Session Keys

802.1X Protocol in WLAN 802.1X Protocol in WLAN EnvironmentEnvironment

802.1X Protocol in WLAN 802.1X Protocol in WLAN EnvironmentEnvironment

~

~

1) User requests access. AP prevents network access.2) Encrypted credentials sent to authentication server.3) Authentication server validates user, grants access rights.4) AP Port enabled and dynamic WEP keys are assigned to client

(encrypted).5) Wireless client can now access general network services securely.

Access Point

Very scalableSupports a variety of authentication types (EAP-TLS, EAP-LEAP, biometrics, etc.)Standards based solutionCentralized policy control

1

Other network serversAnd services

2

4 Encrypted

WEP

3

5

WirelessClient

Authentication Server

Very scalable

Strong Authentication

Transparent Roaming

Better multicast capability

Standards based solution

Very scalable

Strong Authentication

Transparent Roaming

Better multicast capability

Standards based solution

802.1x Authentication Process802.1x Authentication Process802.1x Authentication Process802.1x Authentication Process

Start

broadcast key

identity

AP sends client broadcast key, encrypted

with session key

AP blocks all requests until authentication

completesidentity

RADIUS server authenticates client

Request identity

Client authenticates RADIUS server

key length

clientAP

RADIUS

server

DerivekeyDeriv

ekey

Comparison between Aironet Comparison between Aironet Dynamic WEP and VPN solutions Dynamic WEP and VPN solutions

in intranetsin intranets

Comparison between Aironet Comparison between Aironet Dynamic WEP and VPN solutions Dynamic WEP and VPN solutions

in intranetsin intranets VPN Solution

3DES, end-to-end securitySomewhat less scalableMore expensiveWorks with Aironet solutionNo mobility between VPN Concentrators; roaming latencyLoss of QoS insight

Aironet Dynamic WEP & Enhanced Security Suite

Encryption only between client and APHighly scalable Less expensiveSeamless mobility between profiles and locationsEnd-to-end QoS integration

VLAN

VPN Server

Access Point

Local Network

ACS RADIUS Server

Secure VPN connectionVPN at the office

Aironet Dynamic WEP at the office

Cisco offers BOTH solutions!

EnterpriseIntranet

Application Servers

Cisco Wireless Security SuiteCisco Wireless Security SuiteCisco Wireless Security SuiteCisco Wireless Security Suite

No WEP and Broadcast Mode

Public Access

No Security

Wi-Fi 40-bit, 128-bit, and Static WEP

Telecommuter and Small Business

Basic Security

Dynamic Key Management

System, Mutual Authentication, and

802.1x via EAP

Mid-Market and Enterprise

Enhanced Security

End-to-end security using VPN

Mobile User andPublic Access

Specialized Security

Assessing Security Assessing Security RequirementsRequirements

Assessing Security Assessing Security RequirementsRequirements

Analyze your business environment

Perform your risk assessment

Determine your Cisco wireless security profile ….

Analyze your business environment

Perform your risk assessment

Determine your Cisco wireless security profile ….

SecuritySecurity = =

Authentication + EncryptionAuthentication + Encryption

FUTURE

Wireless LAN TechnologiesWireless LAN TechnologiesWireless LAN TechnologiesWireless LAN Technologies

The Laws of Radio Dynamics:

Higher data rates = shorter transmission rangeHigher power output = increased range, but lower battery lifeHigher frequency radios = higher data rates, shorter ranges

802.11b802.11b 802.11a802.11a HiperLAN2HiperLAN2

2.4 GHz2.4 GHz 5 GHz5 GHz 5 GHz5 GHz

WorldwideWorldwide US/AP (initially)US/AP (initially) EuropeEurope

1-11 Mbps(now)

1-11 Mbps(now)

20-54 Mbps (now)100+Mbps (future)20-54 Mbps (now)100+Mbps (future)

20-54 Mbps (??)

20-54 Mbps (??)

Freq.Band

Coverage

DataRate

802.11g802.11g

2.4 GHz2.4 GHz

Worldwide(subject to approval)

Worldwide(subject to approval)

<54 Mbps(?? mths)<54 Mbps(?? mths)

IEEE 802.11 Standard IEEE 802.11 Standard ActivitiesActivities

IEEE 802.11 Standard IEEE 802.11 Standard ActivitiesActivities

802.11a- 5GHz- ratified in 1999

802.11b - 11Mb 2.4GHz- ratified in 1999

802.11d - Additional regulatory domains

802.11e- Quality of Service

802.11f - Inter-Access Point Protocol (IAPP)

802.11g - Higher Data rate (>20mBps) 2.4GHz

802.11h - Dynamic Frequency Selection and Transmit Power Control

mechanisms

802.11i - Authentication and security

Europe19 Channels(*assumes noantenna gain)

1W200mW

Understanding the 5 GHz Understanding the 5 GHz SpectrumSpectrum

Understanding the 5 GHz Understanding the 5 GHz SpectrumSpectrum

5.15 5.35 5.470 5.725 5.8255GHzUNII Band

5.25

UNII-1: Indoor Use, antenna must be fixed to the radioUNII-2: Indoor/Outdoor Use, fixed or remote antennaUNII-3: Outdoor Bridging Only

UNII-140mW

UNII-2200mW

US (FCC)12 Channels(*can use up to

6dBi gain antenna)

UNII-3800mW

11 Ch 4 Ch4 Ch4 Ch

*if you use a higher gain antenna, you must reduce the transmit power accordingly

Characteristics of 802.11aCharacteristics of 802.11aCharacteristics of 802.11aCharacteristics of 802.11a

Orthogonal Frequency Division Multiplexing (OFDM)•Data rates supported: 54, 48, 36, 24, 12 & 6Mbps

•Can “downshift” to lower data rates for longer range

Compliant with FCC and Japanese regulations•Initial offering will not be available in EMEA & portions of Asia/Pacific

5GHz band has more channels than 2.4GHz band•UNII-1 + UNII-2 = 8 non-overlapping channels•(vs. 3 channels for 2.4GHz)

802.11 a/b/g Comparison802.11 a/b/g Comparison802.11 a/b/g Comparison802.11 a/b/g Comparison

standard frequency Max speed Backwards Compatible

802.11b 2.4GHz 11Mbps n/a

802.11a 5.8GHz 54Mbps NO

802.11g 2.4GHz 54Mbps YES

BluetoothBluetoothBluetoothBluetooth

Ethernet framing

Short distances only (typical 10 meters)

Applications-

Network notebooks, PDAs, printers, phone, etc., in a cubical or home office.

Share files with others in a conference room.

3G PCS3G PCS3G PCS3G PCS

3rd Generation Personal Communications Service (3G PCS)

Use cell phone CDMA and GSM technology on existing cell phone network infrastructure.

Offered by cell phone companies with cell phone services like Cingular/AT&T, Sprint, Verizon.

Currently on 3rd generation or “3G” of this technology.

3G PCS - Speed3G PCS - Speed3G PCS - Speed3G PCS - Speed

This technology is assymetrical with the following download speeds:

1G 14Kbps

2G 56K – 80Kbps

3G 300Kbps (current)

4G 10Mbps ??? (future)

3G PCS - Cost3G PCS - Cost3G PCS - Cost3G PCS - Cost

$150 3G CardBUS network card

(Use in notebook pc or PDA)

$75/mo 3G service with unlimited use

3G PCS - Uses3G PCS - Uses3G PCS - Uses3G PCS - Uses

1. Attach individual notebook computer to the Internet, and optionally use VPN encryption to access secure network. Eg Florida Highway Patrol (FHP).

2. Use with PCS router to provide wired and 802.11b wireless access using PCS as Internet uplink for small office, trade show, etc.

802.11s Mesh Networks802.11s Mesh Networks802.11s Mesh Networks802.11s Mesh Networks

Proprietary only today—

Tropos, BelAir Networks, Firetide, Nortel

802.11s Task Group working on standard

Devices-

Mesh Gateway (hard wired to network)

Mesh Router (wireless only)

802.11b or 802.11g client

802.11s Mesh - Tropos802.11s Mesh - Tropos802.11s Mesh - Tropos802.11s Mesh - Tropos

Tropos “Metromesh”

Mesh Gateways connect to wired network and talk wirelessly to Mesh Routers and 802.11b/g clients.

Designed for outdoor installation where Mesh Routers require only power.

Predictive Wireless Routing Protocol (PWRP) optimizes the switching path for Mesh Routers to relay to a Mesh Gateway while consuming less than 5% of the bandwidth.

End user may be relayed wirelessly through several Mesh Routers.

802.11s Mesh - MIT802.11s Mesh - MIT802.11s Mesh - MIT802.11s Mesh - MIT

Working on building $100 laptop computer to bring technology to undeveloped countries.

2 problems- (1) Power, (2) network access.

1- Charge battery with hand crank

2- Built-in custom Mesh network software with integrated 802.11b/g hardware

802.11s Mesh - Intel802.11s Mesh - Intel802.11s Mesh - Intel802.11s Mesh - Intel

Working on chipsets 802.11g chipsets with additional features for discovery, security, authentication, etc., to build mesh networks supporting 802.11s.

Designing Mesh portals to connect mesh networks to other technologies like 802.11g

802.11s technical editor is also Intel wireless network architecht

Wireless Networking Slides

Documents

Transcript of Wireless Networking Slides