Wireless Standards and Implementation

1

Wireless Network Operation

Masafumi OE, PhD

[email protected]

NAOJ

SOI Asia IT workshop 2005

Introduce myself

My name is Masafumi OE.

I’m senior researcher in NAOJ.NAOJ: National Astronomical Observatory of Japan“Astronomical“ Research institute is founded by the government.

2

Introduce myself

Why the astronomer does teach on this workshop?

I’m network professional researcher☺.Operate the entire of NAOJ network.

When I was belonging to NAIST, I had a employment opportunity that NAOJ is requesting a researcher of Network area to WIDE Project.

NAOJFacility location MAP

OKINAWA

MItaka

HAWAII,US

CHILI

MIzusawa

Norikura

Okayama

Nobeyama

3

Subaru Telescope8.2m Primary Mirrorlocated on the summit of Mauna Kea, a dormant volcano on the Big Island of Hawaii.

The air is only 60% as thick as at sea level.=>The summit of Mauna Kea is one of the best astronomical observing sites in the world

Introduce yourself

Your name and etc..

Your ability and experience of a wireless.

Your aim on this WS.

4

Quiz

Test your knowledge about wireless technologies.

TIME LIMIT is 30MIN.

Your aim

5

Goal

Participants acquire new experience by absorbing my lecture.

You practice to construct a wireless site.I hope to construct and operate a good wireless site.

6

Outline of the workshopDAY1

Introduction of 802.11Basic usage and configuration of Cisco Aironet access point

DAY2Advanced configurationDesigning of a wireless site

DAY3Practice

Construct a wireless site on this site.

DAY1

9:00 - 10:30 selfintroduce/milestone

Introduction of 802.11

11:00 - 12:30 Introduction of 802.11 (2)

Install and Initial setup Cisco-APs

13:30 - 15:00 Basic configuration (1)

15:30 - 17:00 Basic configuration (2)MAY BE RESCADULE ON OUR PROGRESS.

7

DAY111:00-12:30

Introduction of 802.11

Current state of wireless usage

Everything connects with wireless!Notebook computerPersonal Digital Assistant (PDA)PrinterMedia playerHandheld gaming system

etc.have built-in wireless device. Handheld Gaming system

Nintendo DS

Wireless network printer HP PSC2710

Network Media player Buffalo PC-P3LWG

8

Background of this trendWhy is wireless installed in any equipment?This reason as follows.

Decrease price of wireless devices by mass production.At 1997,

PC-card type wireless NIC was $10000/unit.It have no interoperability with other maker’s wireless products.

Nowwireless PC-card based on 802.11b/g is only $30.

It is able to install wireless device to consumer gaming machines due to low priced wireless chipset.

Nintendo DS is $150, PSP by Sony is $200.

Background of this trend(2)Miniaturization of wireless devices.

Wireless functions packaged to one chip IC.(Not including RF unit)

It becomes easy to develop built-in wireless devices.Various size (type) of NIC released.

ONLY2.4cm

SD card typeIEEE802.11b wireless NIC

By SanDISK

9

Background of this trend(3)System technology for mobility by manufacturers

“Intel Centrino mobile technology”.It is a mobile platform configured from of Pentium M, Intel 855 chipset and Intel Pro/wireless network connection.

Wireless built-in notebook PC was popularized.

Background of this trend(4)Enrich Hotspot service at public areas.

ISP provides Hotspot service, that is wireless connectivity service at public areas.In Japan, many ISP provide hotspot services at airports, railway stations,　STARBACKS, McDonalds, etc.Lufthansa provide in-flight internet service “FlyNet”by Connection by Boeing.

->we can make full use of wireless devices at public area.

Hotspot service providersin Japan

10

Background of this trend(5)Wireless release us from a tangled wire world.

In a house, there are a variety of network capable equipment, such as PC, printer, broadband routers, etc.

-> Wireless is able to easy layout of network devices.

It is not restricted by the length of the cable.

->Wire instillation is required to take a lot of time and money to equip.

Technology overview of wirelsss

About 802.11 specifications

11

History of 802.11 standardization

IEEE 802.11 commission is working for standardization of wireless network.

IEEE approved 802.11 at ‘97Has Infrared (IR) and 2.4GHz-band (microwave) as link carrier.

has 1Mbps mode and 2Mbps mode as link speed.

802.11On 2.4Ghz-band, 802.11 has two types of spectrum spread method.

FH-SS, Frequency Hopping - Spectrum Spread.Fault tolerance is high, transmission rate is slow.

Bluetooth use FHSS.DS-SS, Direct Sequence - Spectrum Spread.

Fault tolerance is low, transmission rate is fast.

2.4GHz is ISM band.ISM: Industry Science Medical band can be used without the radio license.

Example) Microwave cooker, Cordless phoneRegulation for ISM-band MAY be different in each country.

12

FHSS on 802.11

Hopping

Hopping

Hopping

Spread-spectrum signals are highly resistant to noise and interference.b: Actual bandwidth

Time

Radio frequency

DS-SS

Sender ReceiverAdd PN-Sequence

spread-spectrum transmissions

Generate a spectrum from digital data

Spread the spectrum with pseudo noise

Spread

De-spread the spread spectrum with pseudo noise

De-Spread

Decode the digital data from the spectrum

13

802.11b was on stage.

IEEE approved 802.11b at ‘99

It is CCK that is extension of 802.11 DS-SS.

Added 5.5Mbps and 11Mbps as link speed.11b has the function of dynamically changing link speed to 1, 2, 5.5 and 11Mbps.

The speed is depending on a radio signal condition.

About IEEE802.11a(1)

IEEE approved 802.11a at 1999, too.Product released at ’01.

Manufactures released after successful of 802.11b.

802.11a use 5GHz-band5Ghz is ISM band.

Regulation for ISM-band MAY be different in each country.

5GHz-band may have some effect by rain and snow.

5Ghz of straightness is higher than 2.4GHz of it.S/N rate is low on furniture’s shadow.

14


Link speed is 54Mbps.802.11a use OFDM (Orthogonal Frequency Division Multiplexing) as modulation.

OFDM is able to use a radio bandwidth in efficiently than DSSS in 802.11b.

Merit of OFDM is strong in phasing and the multi-pass.

TDMA

Frequency

TIME

Time Division Multiple Access

Ex) 2G Mobile phone

15

FDMA

TIME

Frequency

Frequency Division Multiple Access

Ex) AM Radio

Spectrum of FDMA

Frequency

Signal LevelFrequency bandwidth

16

Orthogonal-FDMSignalLevel

OFDM

Frequency

Distributes the data over a large number of carriers that are spaced apart at precise frequencies.This spacing provides the "orthogonally" in this technique

Frequency bandwidth

About IEEE802.11a(3)Usage limitation of 802.11a is different each country.

In Japan, Permitted frequency from 5.15GHz to 5.25GHz without a license and also indoor use only.

Because 802.11a interferes in weather observation system, AMEDAS, that use 5GHz-band.

In US, permitted 5.15～5.25GHz, 5.25～5.35GHzand 5.725～5.825GHz-band.

US has three times of radio band range than Japan.☺

Country localized products fit each country’s law.Japan localized 11a card can’t associate with US localized access point.

17


Usage limitation of 802.11a is different each country.

In Japan, Permitted frequency from 5.15GHz to 5.25GHz without a license and also indoor use only.

Because 802.11a interferes in weather observation system, AMEDAS, that use 5GHz-band.

In US, permitted 5.15～5.25GHz, 5.25～5.35GHz and 5.725～5.825GHz-band.

US has three times of radio band range than Japan.☺

About IEEE802.11g

First product was released at ’03.Manufacturers release products while IEEE is finalizing specification of 802.11g from draft.

11g uses same frequency band as 11b. 2.4Ghz-band.

Link speed is up to 54Mbps.11g use OFDM / PBCC(=Packet Binary Convolution Code) / OFDM-CCK as modulation.

18

Compatibility with 11b(1)

11b and 11g use same 2.4GHz-band with different modulation architecture.

11b can’t recognized 11g’s OFDM frame.

11g client

11b client

DATA

AP

CCK

OFDM

DATACollision

11b can’t recognize OFDM frame. Start sending datas.

Compatibility with 11b(2)11g use OFDM-CCK modulation to avoid framing collisions between 11b and 11g.OFDM-CCK is send CTS (Clear to send) frame with CCK modulation before OFDM modulation and ACK frame after send.

802.11b clients recognize CTS frame and stop to send data until receiving ACK.

The performance decreases when both of 11g client and 11b client exist in same area because OFDM-CCK has more overhead than OFDM.

11g client11b client

CTS DATA

AP ACK

Stop sending data

CCK

CCK

OFDM

OVERHEAD OVERHEAD

19

Channels

Channels and available frequency on 11a/b/g are different each country.

Channel availability of NIC is different by selling region of product.We should pay attention for participant's country.

802.11b Channels

20

802.11g ChannelsC

hannel ID (x: perm

itted)

permitted on M

ar 2005.

802.11a

Not m

atch channels with other countries

21

Three operation mode

IEEE802.11 has three operation mode. Infrastructure mode

ad-hoc mode

Repeater mode

Infrastructure modeNode associate with AP as client.Client communicate via access point(AP).AP works as bridge. This mode is usually used in wireless network.

AP

22

Ad-hoc mode

A node commutates other node without AP.

No AP is required

Repeater mode(1)

Connects between LAN and LAN via AP.

AP

AP

Bldg A

road

23

Repeater mode(2)

AP can work as a relay station.

AP

AP

APAP as a Relay station.

Wireless Interoperability WECA (Wireless Ethernet Compatibility Alliance) is founded.

WECA established to popularize wireless technologies at 1999.

Founded by Lucent, Intersil, Airnet (now Cisco) .Authorizes interoperability of 802.11 device.

It is called “Wi-Fi Certified”.Defines specification for interoperability.

Wi-Fi System Interoperability Test Plantests wireless device to interoperable with IEEE 802.11 specification.

Certified Logo

24

Security technology for wireless(1)

WEP: Wired Equivalent PrivacyEncrypts a data link with a shared key.

WEP based on RC4 algorism.

Private key length is 128bit and 64bit.128bit key is recommended.

The key should be changed at periodic intervals.

The risk for leaking the key is proportional to the number of users.

WEP function

Client Access Point

data dataEncrypteddata

Encrypteddata

WEP PASSWORD

WEP PASSWORD

IV: Initialization Vector – random number

Pseudo-Random Number Generator

XOR operated XOR operated

Pseudo-Random Number Generator

25

WEP is not so strong.

RC4 with a KEY that is 128bit or 64bit.XOR operate an original data and KEY that is generated by Pseudo-Random Number Generator with “WEP PASSWORD” + “IV”.

128bit WEP= 13 octet=104bit.

64bit WEP = 5 octet=40bit.

Variable bit,IV is only 24bit.

IV is transmitted with clear-text.In 64bit WEP, it is few hours to break the key.


Operate an authentication system for users.ID/Password authentication on the WEB.MAC address authentication.

Permitted user’s MAC address is registered. to RADIUS server or to AP’s local database..

Separate wireless network from secured network.

Operate wireless network with different security policy.Make access control from wireless network to wire network.

26


Operate IEEE802.11i.802.11i is configured an authentication function and a encryption function.The encryption function on 802.11i is called WPA (WiFi protected access). WPA has more strongly encryption than WEP.The authentication function is based on IEEE802.11x.

Operating 802.11i takes cost though it is very safe.

encryption function of WPA

Client Access Point

data dataEncrypteddata

Encrypteddata

WEP PASSWORD

WEP PASSWORD

MACAddress

Client’sMAC Address

XOR operated XOR operated

24bit ->40bit Key include client’s MAC address.Use different key each client.

KEY(WEP+IV+MAC) is hashed.

WEP is only 128bit.

27

Summarize(1)Introduce 802.11b, 11a and 11g.

11g and 11a is up-to 54Mbps.11b is 11Mbps.

802.11 specifications use ISM band.802.11b and 802.11g use 2.4GHz.802.11a use 5Ghz5Ghz of straightness is higher than 2.4GHz of it. => 5Ghz is difficult to cover under object’s shadow.

802.11b use CCK as modulation.802.11a and 11g use OFDM.

11b only client can’t understand OFDM frame of 11a/11g.

Summarize(2)Channel availability is depending on local regulation.IEEE802.11 has three operation mode, Infrastructure mode, ad-hoc mode and Repeater mode.802.11 has security features to protect a wireless LAN.

WEP, WPA(802.11i) as link-layer.

28

DAY113:30-15:00

Touch Cisco Aironet Wireless access point.

What is AP1140AG

You learn a wireless operation with Cisco AP1140AG.

Features Slim and Smart body.☺

Support IEEE802.11b,11g, and 11a.Support one Ethernet port and one serial console port.It works the IOS and support CLI (Command Line Interface).

29

What is AP1140AG

A retail price of AP1140AG in Japan is about US$450.

Including a wall mount kit and POE injector.

Teaching EquipmentsRent equipments

LaptopWith USB Serial

Cisco APFought with CUSTOM officer.

Serial Cable (RJ45-DUB9)PoE InjectorUTP (patch cable/Yellow)AC/DC adapter

AC cable (JP type connecter)JP-ID converter plug

Gift for you☺CD-ROM

Aironet Manual (PDF)Subaru postcard☺

30

AP1130AG

This AP is marketed in Japan.Then, AP’s specification fits the law of Japan.

Usable channels, Transmit power

AttentionThe base plate of AP is HOT in power-ON.

To access the interfaces, slide (push) top cover.

InterfaceEthernet 100BaseTX or 10BaseT

Console RS232C compatible/ 9600bps

DC-IN48V

2 status LEDs

The top over

indicator

MODE buttonCONSOLE

EthernetPOWER(DC-IN)

LEDs

MODE Button

31

The top cover indicator

GREEN: boot up state.

White: UP and no client associated.

Blue: UP and clients associated

PoEThe AP supports Power Over Ethernet (PoE).

Bring DATA and DC power to AP with one UTP cable.No need wiring a power cable.

The AP supports IEEE802.3af and Cisco inline power (non-standard PoE spec. by Cisco) specification.

Supplier of PoE is PoE capable switching hub or PoE injector.

In Cisco catalyst supporting PoE, It’s product code has “–PS” at the end of the product code.

Get more smart connection to AP.

Don’t supply a power both PoE and DC.

32

Cisco inline power injector

AP Power and DataOver UTP

PoE injector unit

DC Power

Data(ethernet)HUB

PoE capable switching hub

Cisco Catalyst 2916-PS with CatalystSwitching Hub

AC

PoE

33

Configure the AP via CLI

The AP support CLI, Command Line Interface, and WEB to configure.On this workshop, we use CLI.

CLI can access all function of AP on any situation. When AP has a miss configuration such as IP address, Ethernet media, VLAN and etc., we can fix the configuration via CLI without the factory reset.AP is no answer to TELNET/SSH/WEB connection under heavy load condition. However, AP provide CLI access.

CLI of AP is same as CLI of other Cisco router/switch product.

Also, Concept and Syntax is same as CLI on cisco catalyst IOS.

Let’s access your AP.

Connect your serial cable to the console port.

RJ45-RJ232C cable

Start “Hyperterminal”.Use the shortcut named “Cisco-access”.

Serial port is COM4.Speed 9600bps with None parity, 8bit data late, 1 stop bit, non parity and non flow control.

34

How to input/edit on CLI.

Input and edit as shell like.Edit a command line.

CTRL+A Jump to the top.

CTRL+E Jump to the end.

CTRL+U Clear the line.

Access the command history with Up (or CTRL+P) and Down (or CTRL+N) key.

How to input/edit on CLI.(2)

Press RETURN to get started![return]ap> my name is MASAFUMI. % Invalid input detected at '^' marker.

ap>_

Try and get used to CLI.Edit a line with CTRL+A/E/U UP/DOWN

EXAMPLE _ is a cursor.

35

HELP system

If you forgot the command, use HELP to input “?”, “TAB key” and “help” command.

ap> ?. ap> show <type-”?”aaa Show AAA valuesauto Show Automation Templatecaller Display information about dialup connections

.

.Ap> show ? Async Async interfaceBVI Bridge-Group Virtual InterfaceCTunnel CTunnel interfaceDialer Dialer interface

EXAMPLE _ is a cursor.

HELP system(2)

complement of command input.

ap> ?. ap> sho <-TABap>show ap>

36

CLI has the three mode.

CLI has 3-mode.User mode

Permit to exec a part of operation commands.

Enable mode (privilege mode)Permit to exec privileged commands.

Mostly use this mode.

Configuration mode Permit to exec configuration commands

Move the three mode.USER MODE

ENABLE MODE

CONFIGURATION MODE

“enable”command

“configure”command

“disable”command

“end” or “exit”command

37

Default password information

The password is “Cisco”.

(Username: Cisco)

Configuration modeCompletely enter a configuration command per line.

No interactive input and output.

A command that are entered will be effective at the same time.A configuration is stored on a RAM memory.

To save your configuration to a media, you have to exec “write memory” command on ENABLE MODE.If you have a miss-configuration, you restart your AP without saving.

38

Example

Name your AP.hostname [your AP’s name]

Ex)

ap(config)# hostname CISCOCISCO(config)#

Example

Set a password for enable mode.enable secret 0 [your password]

Ex)

ap(config)# enable secret 0 SOIap(config)# endap# disableap> enablePassword: <-enter “SOI”ap#

39

Do command

Exec enable command with “DO” under configuration mode.

Ap(config)# do show run.

Omitting

you can omit a command under matching only one exact command.

Ap(config)# show running.Ap(config)# sh run.

40

the factory reset procedureIf you are a situation to do the factory rest, the procedure is as follows.

Forgot the password.Clear the configuration to setup a new site.Etc.

Take care!The startup configuration is erased.

You get feel easy!You have miss, then do the factory reset.

the factory reset procedure

1. Turn off the AP.

Unplug DCIN or PoE Ethernet cable.

2. Hold MODE button and turn on the AP

41


3. When the AP is under a boot procedure, LED “E” turns into GREEN immediately.

GREEN


3. LED “E” turns into UMBER within 2 seconds after power-on.

4. Release MODE button.

GREEN UMBER

42


5. The procedure is end.AP’s configuration is recovered from the factory configuration..

Boot message shows a successful reset procedure.button pressed for 1 secondsprocess_config_recovery: set IP address and config to default 10.0.0.1Loading "flash:/c1130-k9w7-mx.123-2.JA/c1130-k9w7-mx.123-2.JA"...#########################################################################

Basic command

COMMIT TO YOUR MEMORY!!

43

Write memory

Write memory(write mem) command can save current running config to startup config.

Copy

Copy X YCopy A to B.

AP has a flush memory.

Destination is flush/tftp/ftp/scp etc..

44

Reboot the AP

Use reload command Ap# reload

System configuration has been modified. Save? [yes/no]: no

Proceed with reload? [confirm] <= if you didn’t save save.

Show command

Show is one of basic important command.IF you want to know, type “SHOW”.

SHOW run

Show int

Show dot ….

45

Show running

Show AP’s current configurationShow running

Show startupShow AP’s startup configuration

Show interface

show status of the interfaces on AP.

46

Interface naming rule on Cisco

FastEthernet X

Interface Name Number(0,1,2..)

1st interface of fastethernet is “fastethernet 0”

kind of interface

FastEthernet

dot11radio

BVI

Example

Show interface fastethernet 0

SHOW status 1st interface of fastethernet.

47

dot11Radio interface

Dot11radio 0 is for 2.4Ghz band11b and 11g

Dot11radio 1 is for 5Ghz band11a

BVI 1 interface

Logical interface Input and output physical interface are automatically selected.

48

Shutdown

To shutdown a interface,

shutdown on interface layer

Show run and check current conf.

Entering Configuration commands are stored as same as your inputs.

You are able to copy and paste commands on configuration mode.

How to erase a command (configuration)Exec command with “no” at the top.

hostname MASAErase above command as follows

no hostname

49

Start the setup

IP address parameter

We are allocated static private address for AP.10.0.0.91/24

10.0.0.92/24

10.0.0.93/24

10.0.0.94/24

10.0.0.95/24

10.0.0.96/24

Our gateway is 10.0.0.1

.91 .92 .93

.94 .95 .96

Lecturer

50

Set IP address

Int bvi 1Ip address X.X.X.X y.y.y.y

X: your IP address.

Y: netmask.

Default gatewayIp default-gateway x.x.x.x

x: D.GW.

Shutdown WWW service.

No ip http server

51

Config the wireless interface

SET CHANNEL/POWER/SSID/encryption

channel

Set Channel under dot11radio interface

CHANNEL ALLOCATION

1 3 5

7 9 11

Lecturer

52

Speed Set a link-media speed.

ap(config)#int dot11Radio 0ap(config-if)#speed ?1.0 Allow 1 Mb/s rate11.0 Allow 11 Mb/s rate12.0 Allow 12 Mb/s rate18.0 Allow 18 Mb/s rate2.0 Allow 2 Mb/s rate24.0 Allow 24 Mb/s rate36.0 Allow 36 Mb/s rate

6.0 Allow 6 Mb/s rate9.0 Allow 9 Mb/s ratebasic-1.0 Require 1 Mb/s ratebasic-11.0 Require 11 Mb/s ratebasic-12.0 Require 12 Mb/s rate

Speed

ap(config-if)#speed basic-1.0 basic-2.0 basic-5.5 basic-11.0

=that is 11b only.

ap(config-if)#speed throughput ofdm

=Only access OFDM client expect 11b.

53

Power

ap(config-if)#power local cck 30SET transmit power 30mW

SET transmit power maximumSET transmit power maximum

Black hole avoidance

ap(config)#int dot 0ap(config-if)# station-role root fallback

shutdown

=>Eth is down, Dot11 is also down.

station-role root fallback repeater

=>work as a repeater client.

54

Sub-layer on a interface.

Interface has sub-layer structureDot11radio 0 has “SSID”.

Use EXIT to move to upper layer.

Ap(config)# int dot11radio 0.Ap(config-if)# <-ENTER Interface layerAp(config-if-ssid)# <-ENTER ssid layer under IF.Ap(config-if-ssid)# exitAp(config-if)#

Set your SSID

SSID is a network identifier for a wireless LAN.

Show run int dot 0Show interface configuration of “dot11radio 0” interface.

You see “ssid tsunami”It is default configuration on Cisco Aironet.

55

SSID naming

Erase “tsunami”How do you erase it?

You name your original SSID on AP.It is able to identify each AP.

Declare your SSID.

Check your wireless net.

Associate your AP.With SSID.

Guest-mode no guest-mode

56

2nd DAY

2nd Day schedule 9:00-10:30Newcomer orientation and summary 1st day sessions.Advanced configuration(1)

11:00-12:30Advanced configuration(2)

13:30-15:00Adv. Configuration(3)Monitoring techniques

15:30-17:00How to design the wireless site

toward to built-up your group work.

57

2nd Day – Morning session 1

9:00-10:30

Welcome, Again

Newcomers are arrival. Please introduce yourself.

Your name and etc..

Your ability and experience of a wireless.

Your aim on this WS.

58

Introduce myself

My name is Masafumi OE.

I’m senior researcher in NAOJ.NAOJ: National Astronomical Observatory of Japan

I’m network professional researcher☺.Operating the entire of NAOJ network. Operated the wireless LAN on IETF-Korea and IETF-Japan.

Quiz

Newcomer, Test your knowledge about wireless technologies.

TIME LIMIT is 30MIN.

59

Summarize of 1st DAY

Introduce 802.11b, 11a and 11g.11g and 11a is up-to 54Mbps.

11b is 11Mbps.

802.11b and 802.11g use 2.4GHz.

802.11a use 5Ghz5Ghz of straightness is higher than 2.4GHz of it.


Introduce 802.11b, 11a and 11g.802.11b use CCK technique as modulation.802.11a and 11g use OFDM technique as modulation.11b only client can’t understand OFDM frame of 11a/11g.

To avoid a collision, use Protection mode.

60

Summarize of 1st DAYChannel availability is depending on local regulation.

Channel availability of the AP is fitting to JAPAN regulations.

IEEE802.11 has three operation mode.Infrastructure mode, ad-hoc mode and Repeater mode.

802.11 has security features to protect a wireless LAN.

WEP, WPA(802.11i) as link-layer.


Our teaching equipments are Cisco AP1130AG and WiFi notebook PC.

Access to the AP.Use CLI to configure your AP via serial.Touch the Cisco IOS that is a firmware of Cisco’s AP.

It is similar to the IOS on Catalyst.

Command edit is like a UNIX shell.

61


The IOS3-mode: user/enable/configurationMove between modes with “enable”/”configterm”/”disable”.

Learned a basic configurationTo save a configuration, “write mem” on enable mode.

To Exec enable mode commands, “DO + command”.Ex) do show int


Learned a basic configurationYou want to know, exec “show “ command.

Show ?

To erase a configuration, “NO + command”.Ex) no hostname

The AP has 3 physical interfaces.FastEthernet 0 for LAN.Dot11radio 0 for 2.4GHz WLANDot11radio 1 for 5GHz WLAN

62


Shutdown a interface.Exec shutdown on interface configuration.

Int dot 1

Shutdown

To enable the shut downed interface,Int dot 1

No shutdown


Set up the APSET IP address to BVI1(logocal interface).

(Config mode)

Int bvi1

Ip address X.X.X.X y.y.y.y

63


Learned SPEED/POWER/STATION-ROLL.Speed mode has basic(require) and optional speed definition between client and AP.

Power is a transmit power of the AP.Station-roll is setup a behavior when LAN interface’s state change to DOWN.

Set a channel.(conf-if)# channel X

Enter N


Clear default SSID “tsunami”.Conf)# Int dot11radio 0

Conf-int)# No ssid tsunami

Define your original SSID.Conf-int)# ssid WIDE

Conf-int)# association open

64


Check SSID advertising with Guest-mode : the AP broadcasts SSID.

No Guest-mode: The AP is No advertise SSID.

Ex)

conf-if-ssid)# guest-mode

conf-if-ssid)# no guest-mode

InterfaceEthernet 100BaseTX or 10BaseT

Console RS232C compatible/ 9600bps

DC-IN48V

2 status LEDs

The top over

indicator

MODE buttonCONSOLE

EthernetPOWER(DC-IN)

LEDs

MODE Button

For newcomers

65


1. Turn off the AP.

Unplug DCIN or PoE Ethernet cable.

2. Hold MODE button and turn on the AP

For newcomers


3. When the AP is under a boot procedure, LED “E” turns into GREEN immediately.

GREEN

For newcomers

66


3. LED “E” turns into UMBER within 2 seconds after power-on.

4. Release MODE button.

GREEN UMBER

For newcomers


5. The procedure is end.AP’s configuration is recovered from the factory configuration..

Boot message shows a successful reset procedure.button pressed for 1 secondsprocess_config_recovery: set IP address and config to default 10.0.0.1Loading "flash:/c1130-k9w7-mx.123-2.JA/c1130-k9w7-mx.123-2.JA"...#########################################################################

For newcomers

67

IP address parameter

We are allocated static private address for AP.10.0.0.91/24

10.0.0.92/24

10.0.0.93/24

10.0.0.94/24

10.0.0.95/24

10.0.0.96/24

Our gateway is 10.0.0.1

.91 .92 .93

.94 .95 .96

Lecturer

For newcomers

channel

Set Channel under dot11radio interface

CHANNEL ALLOCATION

1 3 5

7 9 11

Lecturer

For newcomers

68

Go to next stage

Ready for connect your AP?

Check list is as follows.IP address

SSID

Channel

Stop the web server.No ip http server

69

Connect to LAN

Connect your AP to LANUse a UTP cable that is wired to your table.Connect the UTP cable to “Network port” on the injector.

And you try to associate your laptop to your AP with your SSID.

If you success, you get IP address from the DHCP server via YOUR AP.

Practice

1) Try to make an association

2) Check your laptop is pingable or not.

70

2nd Day –Session 2

11:00-12:30

Management from LAN.

AP has following service for management operation.

CLISSH

TELNET

Serial

WEB

SNMP

Make an access control for AP.

71

Create a user accountTo operate a AP form a network, you make user account and setup a login configuration.Create account

Default is Cisco/Cisco as username and password.username Cisco password 7 032752180500

Erace and making your new account.ap(config)# no username Ciscoap(config)# username WIDE password 0 WIDE!OrSet privilege parameter. (15is MAX)

username WIDE privilege 15 password 0 WIDE!=>start with enable mode.

Try Telnet access

Open command prompt on XP.telnet X.X.X.X <= AP’s IP ADDRESS

->login

72

Practice

1) Create your account and erase the default account.

2) Try access to your AP via Telnet.

Make an access filter

If you want to make restriction for access host.Permit from 10.0.0.99.ap(config)# access-list 90 permit 10.0.0.99 0.0.0.0 log

ap(config)# access-list 90 remark ***COMMENT***

73

Added to a list ap(config)# access-list 90 permit 192.168.0.0 0.0.0.255ap(config)# do show access-list 90Standard IP access list 90

10 permit 192.168.0.0, wildcard bits 0.0.0.255ap(config)# access-list 90 permit 192.168.11.0 0.0.0.255ap(config)# access-list 90 deny anyap(config)# do show access-list 90 Standard IP access list 90

10 permit 192.168.0.0, wildcard bits 0.0.0.25520 permit 192.168.11.0, wildcard bits 0.0.0.25530 deny any

Ap(config)” no access-list 90 < erace.

Set the access list to Login I/F.ap(config)# line vty 0 15

ap(config-config)# access-class 90 in

TEST(config)#no access-list 90 permit 10.0.0.98 0.0.0.0 log

TEST(config)#access-list 90 permit 10.0.0.98 0.0.0.0 log

TEST(config)#

Access is permited from 10.0.0.99 to 10.0.0.98

74

Practice

1) Make an access list to only permit from your Laptop's IP.

2) Set the access list to vty.

3) Check an accessibility.

Get status of your AP

show dot11 associations Display association client under the AP.

75

Clear association

“Clear dot client” is able to disassociate the client.

Clear dot client X.X.XX.X.X = the client’s MAC address

WEP setting

Try to set WEP key.(config-if)#encryption key 1 size 128bit 0

[HEXDATA]

You prepare HEX code of WEP key.

W I D E ! =0x5749444521 =40bit.

To Enable WEP mode, type as follows.

(config-if)#encryption mode wep mandatory

76

Practice

1) MAKE your SSID.

2) SET WEP

3) CHECK AND ASSOCIATE WITH YOUR AP.

2nd Day –Session 3

13:30-15:00

77

Setup a tftp server.Open Solarwinds TFTP server from START menu on your laptop.

Open “configuration” from “file menu”.Check TFTP server’s root directory.

Default is “c:¥TFTP-Root”Select “transmit and receive files” on Security tab.

Check a connectivity to TFTP server with “ping”.ping [target IP] on enable mode.if you are operating a firewall, disable or open UDP port for

TFTP server.Try to use

Backup a running configuration to TFTP server.Copy running tftp://10.0.0.x/run-conf

Copy progress.AP#copy running-config tftp://10.0.0.99/run-config

Address or name of remote host [10.0.0.99]?

Destination filename [run-config]?

!!

2085 bytes copied in 0.098 secs (21276 bytes/sec)

ap#

78

Check and edit, then uploadOpen the uploaded file with WordPad.

Edit hostname HOGE to TEST.Copy from tftp to running-config.

HOGE#copy tftp://10.0.0.99/test runHOGE#copy tftp://10.0.0.99/test running-configDestination filename [running-config]? Accessing tftp://10.0.0.99/test...Loading test from 10.0.0.99 (via BVI1): ![OK - 2186 bytes]

2186 bytes copied in 9.341 secs (234 bytes/sec)TEST#TEST#

If you should setup a lot of AP

You generate AP configurations form a sample configuration and AP download the configuration from TFTP server.

I set up over 30 access point with configgeneration script and tftp download.

ConfigFile-AConfig

File-AConfigFile-AConfig

File-AConfigFile

Generator

TFTP

APAP

APAP

AP

79

Sample

Perl script

Tips

no ip domain-lookup

ip name-server 10.0.0.1

80

Update AP’s firmware

The Latest firmware for AP1130AG is IOS 12.3(7)JA.

Show versionROM: Bootstrap program is C1130 boot loader

BOOTLDR: C1130 Boot Loader (C1130-BOOT-M)

Version 12.3(2)JA, RELEASE SOFTWARE (fc2)

You are in 12.3(2)JA

Upgrade AP’s firmwareGet the latest version of IOS.Put the IOS firmware file to TFTP server’s root.Type archive to UpgradeTEST#archive download-sw /overwrite

tftp://10.0.0.99/[FILENAME]Loading c1100-k9w7-tar.123-7.JA.tar from 10.0.0.99 (via BVI1): !extracting info (271

bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Chek your IOS versionHow to ?

81

SSID syntax changed

Global SSIDdot11 ssid masa

guest-mode

authen open

Interface SSID

Virtual LAN config

Operate Multiple-SSID on a wireless LAN.

Research divistion MarketingGuest

82

Tagging

On LAN802.11q tagged vlan.

On WirelessMultiple SSID

Create Logical Interface

Both fastethernet 0 and dot11radio 0.Fastethernet 0.X

X: Logical interface number.

SET vlan ID.

Map SSID and VLAN ID

83

Create Logical Interface(2)

Dot11radio 0.[

RADIUS authentication

84

2nd Day – Morning session 4

15:30-17:00

How to design a wireless site

85

Design points

Wireless network design is quite different from a wire network design.

Understand characteristics of wireless.Cover range of a access point.

Interference with between channels.

How to design a wireless LAN

Fix policy from purposes, requirement of a wireless network.

Who use the wireless network?

How long is life of the wireless network?

What is security level?

etc.

86

How to design a wireless LAN

A design of a wireless network is different according to a operation purpose.

Operation wireless network on a campus.

Operation wireless network on an enterprise.

Operation temporary network on a conference.

Your balance sense of a policy is important.

Understanding “Trade-off.”

Operate wireless network with high security level.

It is possible to construct it with 802.11i/WPA etc.

We can enjoy a safe network.

HOWEVER

87

Understanding “Trade-off.”Management side needs an account work of each user.And require to support user side.

Assistant settings, distributing account, etc.User side is required to install security future capable OS.

Linux/FreeBSD/NetBSD support 802.11i?Guys can enjoy the high security wireless network?Only a part of OS supports new security technologies, such as WPA, 802.11i(11x).

In the compensation for safety, the operation cost is large.

Security level and operation costs(1)

Operate a wireless network with WEPWe can prevent to tapping of the wireless network from unauthorized users.

We need to provide the parameter information, such as WEP key to authorized users.

Management cost is UP.

88


Operate 802.11i/WPA on a wireless network for high security.

It’s good for a enterprise network.Information leakages and unlawful computer accesses have to prevented on a enterprise.

It is easy to install this security feature in a enterprise network because users and type of clients are limited.

MAY NOT CARE UNIX CLIENTS on WLAN.☺


WEP or 11x are not good for a temporary network on conference.

When the distributing information is required to operate secure wireless network,

a human cost is also required.

We have to care to various OS.Participants use various OS.

Can we correspond to the trouble at participant's clients?The workload of the help desk is very large.It might be impossible!

When the distributing information is required by a wireless network, a human cost is also required.

89


We have to design a wireless network with thinking profits of both user side and

manager side.

There is a right design in the right design.

802.11b/g Channel allocation

Channel configuration of 802.11b is2.412GHz(1ch)- 2.484GHz(14ch)

The interval of the channel is 5MHz.

Bandwidth per channel is about 22MHz.

Ch1 2 3 4 5 6 7 8 9 10 11 12 13 14

2401 2405 2411 2416 2421 2426 2431 2436 2441 2446 2451 2456 2461 2473 2496

Frequency MHz

22Mhz

2412MHz

90

802.11b Channel allocation(2)Combination of channels without interference is limited.

The spacing of the channel frequency should be larger than 22Mhz. Example for channel combination.

Channel 1(2.412GHz) - 6(2.437GHz) - 11(2.462GHz) - 14(2.484GHz)*)channel 14 is only use in Japan.

Location of access point is decided to avoid overlapping of combination of channels.

Example on next slide.

Ch1 2 3 4 5 6 7 8 9 10 11 12 13 14

2401 2405 2411 2416 2421 2426 2431 2436 2441 2446 2451 2456 2461 2473 2496

Frequency MHz

Example-1

Decide each position of access point to avoid overlapping.

1ch 6ch11ch

WirelessAccess Point

91

Example-2: Overlap (BEFORE)It is Overlapped!

1ch

11ch

6ch

11ch

1ch

OVERLAP

Example-2: Overlap (AFTER)Swap the position of access points.

1ch

11ch

6ch

11ch

1ch

The overlaps removed.

92

Techniques for setting up APs

Use PoE, Power over Ethernet, to supply power to AP.

PoE specifications are existed. IEEE 802.3af

Cisco In-Line Power (Cisco original)

Use PoE adapter or PoE capable Ethernet switching to supply.

Such as Cisco Catalyst series, Foundry, etc..

Benefit for AP with PoE

The cable wiring for a power supply is unnecessary.

PoE decreases the restriction of AP’s location at the installation site.

Decrease installation cost.

93

Class of access point(1)

AP for consumer usages

Retail price is about $100.

Management functions are poor. Most AP supports WEB interface only.

The performance of access point is low. Maximum capacity of client under AP is about 30- clients.

Class of access point(1)AP for enterprise/campus usages

Retail price is about $500.Cisco aironet AP1130AG including 11a/b/g interfaces.

AP has high performance CPU and tuned software.Maximum capacity of client is up to 120 clients.

AP has SNMP/WEB/CLI management i/f.Wireless LAN switch system

Able to manage entire of wireless APs on wireless switch.It is convenient in a large-scale wireless network.

Wireless switch system manufacture is Aruba/Meru/AeroSwitch etc..

94

Estimation for number of wireless clients

AP has the maximum capacity of users.The capacity is depending on the performance of access point.

“AP A” is for consumer use can handle 20 users per AP.“AP B” is for enterprise use can handle 120+ users per AP.

Estimate maximum number of users.11b can use three channels per room to avoid interference.

If you construct wireless network with “AP A”,Maximum capacity is 60 users.

If you construct wireless network with “AP B”,Maximum capacity is 360 users.

POINT: A model of AP is selected expecting the number of users.

ExampleA plenary session at IETF meeting, the number of users is up to 500+.

If you choose “AP B”, You have a lot of troubles☺.

Case study

95

Threat of AP overload conditionWhen the number of clients under AP exceeds the limitation of the base station,

The following troubles will occur.New associating clients are rejected by AP.Can’t manage the AP.

Connection to CLI/WEB is refused.rebootHalt, need to restart in manually.Crash with damaged configuration files.

need to re-setup access point.(Its are based on my experience.)

No one knows what happens.

Case study: Chain of failureAt IETF54 Yokohama conference room.

Operate three access point in the room.

400 clients existed in the room

1ch

6ch

11ch

AP1 has 100 users. AP2:150 users

AP3:150 users

Conference room

96

Case study from IETF54AP3 was halted due to overload.

1ch

6ch

11chAP1: 100 clientsAP2: 150 clients

1. Halt with overload.

Case study from IETF54Clients under AP3 lost signal from AP3, then search and associate with other APs.

1ch

6ch

11ch

AP3: under rebooting

2.Clients under AP3 do handover to other APs.

AP1: 100 clientsAP2: 150 clients

97

Case study from IETF54AP1 and AP2 should handle the clients under AP3.

1ch

6ch

11chAP1: Up to 150 clinets

AP2: Up to 200 clients


3. AP1 and AP2 had to handle all of client inside the room.APs were becoming overload state.

Case study from IETF54Also, AP1 and AP2 halted due to overload.

1ch

6ch

11ch


4. Both of APs halted due to overload.

AP1/2: under rebooting

98

Case study from IETF54AP3 was up but halted again due to associate all of client inside the room.

1ch

6ch

11ch

AP3 is UP! and HALT.

5. Cllents under AP1/2 associated with AP3

AP1/2: under rebooting

Case study from IETF54Wireless service had been terminiteduntil the end of session.

1ch

6ch

11ch

6. Wireless service terminated until session end.ALL OF AP are UP and REBOOT.

99

Case study from IETF54How to protect from this stuation?

Set association limit of clients per AP.Some products support for association limit.

“Max-association [association limit]” command for cisco Aironet/IOS.

We used Orinoco AP1000 and Cisco Aironet at IETF54(2001).

Both of them didn’t support limitation function.

Case study: Worm infected nodes.Blaster worm generate many network traffic.

It use ICMP Echo-request and reply to search active nodes.Many nodes infected Blaster worm connected to wireless network.

Some user didn't understand infection.Some user infected on wireless network due to forget applying security patches.

Infected nodes consume wireless resource.Throughput of Wireless is going down.The load of AP is going up.

100

Case study: unofficial DHCP server

Client with enabled DHCP server function was existed.Ex) At home, a user enable enable Internet Connection

Sharing(ICS) service on the notebook to share a connectivity to the Internet.->ICS enable, DHCP Server service start, too.The notebook connect to the wireless network, then, it start to provide un-official DHCP server service.

Other clients is confused, because two or more DHCP server exists on same network.

Disassociate illegal clients from network immediately.

Case study: IETF59IETF59(Seoul) held 2004.03 at LotteHotel Seoul.Provided wireless service to three floors.Total number of AP was 32.

I used Cisco Aironet 1220 with PoE

101

2nd Floor

Router

Big Distribution Switch

Distribution Switch

Access Switch

AP

Server

MTG1 (60)

Gardenia A2

EPS

MTG3 (200)

Emerald

MTG7 (500)

Crystal 1,2

MTG4 (300)

Crystal 3

Multicast Desks

6 111802.11b channels

1

6

11

6

1

6

11

1

6

11

Note: another AP is right below covering

lobby lounge

1

11

Fiber runs from Jade to NOC

Cat5 runs from Jade to SW/AP

Storage

Jade

PDP

Note: another AP are right up and down

the escalator

3rd Floor

IESG

Topaz

Dist. SWs

Access SWs

APs 6 11

6

11

MTG2 (100)

Sapphire 1 MTG5 (300)

Sapphire 2,3

MTG6 (300)

Sapphire 4

6

1

11

6

1802.11b channels

This no longer is Topaz

PDP

102

Operate a monitoring systemI developed and operated the wireless monitoring system.This system can monitor all of AP status.

Record association number of clients, associating client’s MAC address, load average, etc.

This system has a function to disassociate a client from entire of wireless network.

Illegal clients such as worm infected, un-official dhcp server, RA server and etc are forced out.

Result: Number of 802.11b users

2/29Sun 21:00 2/30 9:00 3/1 9:00 3/2 9:00 3/3 9:00 3/4 9:00

524

103

Result: Number of 802.11a users

2/29Sun 21:00 2/30 9:00 3/1 9:00 3/2 9:00 3/3 9:00 3/4 9:00

Session ->Lunch->coffee break -> session

It is synchronous to living.

ResultsTotal unique client was 1297.Peek of 11b clients was 524.Recorded at 2004/3/1 15:51:21

Peek of 11a clients was 46

104

Results10 nodes were shut out from the wireless network.

Number of wire-wireless bridging enabled node is 5.Worm infected node : 3RA enabled node : 1DHCP enabled node : 1

It was success in wireless operation.

3rd Day –Session 1

9:00-10:30

105

Now, It is your side!

Task for group work

Design the wireless site based on this floor.

Your missionYou built-up a wireless service on this site, 3rd

floor.

I prepared the items to you.MAPWe have UTP cable between this room,ROOM2 and ROOM5.

106

Group work schedule9:00-10:30

Design a planPresent your plan to me and discuss the plan

11:00-12:30Construct a wireless site

You know how to mount a AP.

13:30-15:00Site survey, tuning and monitoring the site.

15:30-17:00Advance configuration and withdraw the wireless site.

Hints (1)You remember the case studies on yesterday session.You have to fix ..

POSITION of access pointsDesign a wire plan.Channel allocation

802.11 parameter SSID NAMELINK SPEED/TRANSMIT POWERSecurity features

Then you write out on the MAP and make the configuration information.

107

Hints (2)

You make the configuration file for APsform the plan.

Mount the APs to the planed position.Cabling, mounting

Check you wireless site.Survey with wireless tools.

-> If need, reconfigure the APs.

Request to you

It is group work, cooperate with each other.

You should operate multiple SSID.You support WEP and no WEP service with different SSID.

Serve 11g/b as link-media.

It is Manageable from a LAN.

Share account and password among yours.For smoothly operation.

108


9:00-10:30

START your group work

Design and Discuss

109

Present your plan!!


11:00-12:30

110

Mounting

Mount an AP on a high position.This AP are mounted

at the upper part of door

This AP are mountedon the pole

stand

Configuration procedure

1. Set initial configuration to APs.BE able to access AP from a LAN.

you can up/download a configuration to your TFTP server.

Define of access list is better.

2. Mount APsWire UTP cabling and monitor boot-up at Serial port.

3. Upload a configuration to AP.You generate all of config for the APes on your PC.

111

Construction


13:30-15:00

112

Knowledge is power.

Site survey

Mounting

Setup procedure

Site survey tool

Site survey is surveying a wireless condition of the site.

Channel availability, S/N rate, Number of AP, Media protocols…

Netstumpler and AirMagnet

113

AirMagnet

AirMagnetIt is a market product

A retail price is over 8000$!!Software for Windows XP with Special NICs..

The most powerful tool for a wireless site survey.

Live monitor funtion.

114

Decode wireless frames

What is Netstumpler

It is free and useful.

You can download from the site.

http://www.netstumbler.com/

115

Netstumpler (1)

If it is no working, Select NDIS driver.

You can save your observation.And play back.

Netstumpler (2)

Start and stop.

116

Netstumpler (3)

SSID list

Netstumpler (4)

Display APes per channel.

117

Netstumpler (5)

Display AP.

Netstumpler (6)

Display S/N signal graph per node.

118

Check your site

Is it work fine?

Check overlapping channels.This site already has wireless equipments.

You make efforts to reassign the channel to avoid an overlapping condition.USE Netstumpler to find overlaps.

Tune power.Check S/N rate with Netstumpler.If you find too much covered by an AP. ->Change a transmit power on the IOS

int dot 0power local cck [-1,2,5,8,11,14]power local ofdm [-1,2,5,8,11,14]

->Change a position of AP.

119

Start tuning

You survey your site on a live field.and you discuss and change configurations.


15:30-17:00

120

Operation request

Search and find mission

You find PC that has “X:X:X:X:X:X” on your wireless site.

show dot assoc

or

access MIB.

121

Change both WEP and SSID

Start SSID “testing” and WEP “JCSAT”.You operate Wireless site instead of BU.

J C S A T =0x4a43534154 (5octets)

Terminate 11g service

Only supply 11b as link-media.Stop 11g.

Hint: you limit a link speed that is defined on 802.11b spec.

122

Examination / Quiz

What is tests?

I set questions for all participants.The content of question is you configure your AP in accordance with requirement.

TIME LIMIT IS 20MIN.

123

Common requirementsSet your original name as hostname.Set your assigned IP address to AP.Take care about account and enable password.Stop disused service.To submit your answer, Upload your configuration to tftp://10.0.0.99/[your name]

RequirementsGroup A

Create two SSID, “yama” and “kawa”.“yama” has 128bit WEP. “kawa” has no WEP and is broadcasting SSID.

WEP key is 0x“00010203040506070809101112”.Both of SSIDs is bridged to native vlan (bridge group1).

Group BCreate “apple” as broadcast SSID.Only Provide 802.11b. Not 11g.Install an access control.

You allow an access from 10.0.0.193~10.0.0.222.

Group CCreate “AI3” as SSID with no Broadcast.Only Provide 802.11g. Not 11b.Install an access control.

You allow an access from 10.0.0.1~10.0.0.126.

124

ANSCommon

To broadcast a SSID, add “guest-mode” on the SSID section.No ip http serverSet IP address to BVI1.Change “secret” and erase default “username” and create new one.

ADot 0.1 and dot 0.x are joined to same bridge group 1 and use native vlan ( vlan=1 ).

BTo limit 11b, set 11b’s speed.

speed 1.0 2.0 5.5 11.0

CTo limit 11g clinet, set channel as follows.

speed basic-6.0 1.0 2.0 11.0 12.0 18.0 24.0 36 48.0 5.5 54 9basic-6 = OFDM channel support is required = 11g

End

Do you want to get AP?

Your AP become to your friend☺

Wireless Standards and Implementation

Documents

Transcript of Wireless Standards and Implementation