Skip to content

Network Ninja

The Long Road to Cisco

  • Home
  • About
  • Legal Disclaimer
  • Archives
Less
More
Trim
Untrim
« Older
Home
Loading
Newer »

Archive for the 'Wireless' Category

Switch Security – Wireless

Published
by
Deon Botha
on May 27, 2008
in 802.11, Access Point, BCMSN, BPDU Guard, Certification, Cisco Systems, Concepts and Constructs, Root Guard, STP and Wireless
. 0 Comments

This post will be broken into five (including this one) smaller posts. This is taking me far longer than I imagined to finish “Switch Security” (the last section of work before revision) as a section and I have had a few too many close calls in losing this draft post as it gets bigger and bigger.

Security has in the past been focused from the outside in and at the upper layers of the OSI model. Think of the deployment in most situations of a firewall (at the edge). Firewall and security devices often focus on edge routing devices and layer-3 and layer-4 information, stateful packet inspection, etc.

This being said internal communication is often open and unhindered. This is because out of the box “internal” trusted devices forward and just “trust” all. If an attack is launched from inside the network (trusted) then it often goes without notice for a long time. Many security features are available for internal network devices but they must be activated to work.

Access Points

With the large scale adoption of Access Points (APs) and other Wireless devices many employees want the same devices at work as those they enjoy at home. This brings with it the problem of employees plugging wireless AP devices into the office network (Malicious Rogues) when the IT department has no knowledge and has not given consent for these devices to operate on the enterprise network. This is a serious breach of company security because the APs are plugged into a network point (trusted) behind the firewall (untrusted) intentionally hidden from view (behind credenzas, filing cabinets, etc) and network view (SMTP, etc). Because John Doe office employee isn’t thinking about the L33t Hacker or Security ramifications they make the wireless AP work (without any security measures whatsoever).

To mitigate against Spanning Tree Protocol (STP) manipulation, use root guard and the BPDU guard enhancement commands. These commands enforce the placement of the root bridge in the network and enforce the STP domain borders. BPDU guard is best deployed towards user-facing ports to prevent rogue switch-network extensions by an attacker.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

WLAN Configuration

Published
by
Deon Botha
on May 20, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 0 Comments

This brings together all posts regarding WLAN solutions and deals with configuration of the technologies both autonomous access points (AP) and lightweight access points (LAP) with Cisco Wireless LAN Controllers (WLC).

Autonomous Access Points

APs can be configurared using

  • Cisco IOS Command Line Interface (CLI) via Serial.
  • Cisco IOS CLI via Telnet or Secure Shell Protocol (SSH).
  • Using a Web browser.
  • Using CiscoWorks Wireless LAN Solution Engine (WLSE).

All the above options require an IP Address on the AP except for the config via Serial. To get an IP Address on an AP either use DHCP or CLI via Serial. The IP Address can be found in the following ways:

  • Checking the DHCP server for the LAN MAC address of the AP.
  • Using the Serial Console.
  • Checking the Cisco Discovery Protocol (CDP) table on the next-hop switch or router.
  • Checking the network map on other access points in the broadcast domain.

Cisco Aironet 1100,1200, and 1300 Series can perform the following functions in a Wireless network:

  • Access Point
  • Repeater (nonroot access point)
  • Brige (nonroot and root) (NB not 1100)
  • Workgroup bridge
  • Scanner

Lightweight Access Points

Lets start this by addressing the Wireless LAN Controller (WLC) first, the initial configuration can be done using:

  • Cisco IOS Command Line Interface (CLI) via Serial.
  • Using a web-browser via the service port.

The Service port and initial web-browser config is not available on the Cisco 2000 series WLC.

The WLC requires that an IP Address is configured and can be done in the following ways:

  • Using the web-browser.
  • Cisco IOS Command Line Interface (CLI) via Serial.
  • Using the Cisco Wireless Control System (WCS).

Resources and Links

Cisco.com

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

WLAN Antenna

Published
by
Deon Botha
on May 20, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 0 Comments

To understand Wireless Local Area Networks (WLAN) some understanding of WLAN antenna is important (this is some more for dummies type stuff i.e. with no electric/electronic engineering background a.k.a ME). This is important because to setup a WLAN it isn’t just install, config and done, there is a fair bit of optimizing at times and when you don’t understand how antennas work this gets difficult.

There are several terms that you need to understand:

Directionality: In short means the coverage around the antenna.

  • A directional Antenna focuses the signal from the Access Point (AP) into a smaller coverage area, resulting in a stronger signal in this direction.
  • A Omni-directional Antenna transmits and receives signals in all horizontal directions equally.

Gain: The amount of increase in energy that an antenna appears to add to a Radio Frequency (RF) signal. Cisco Aironet Wireless is standardizing on dBi (gain using a theoretical isotropic antenna as a reference point).

Polarization: The physical orientation of the element on the antenna that actually emits the RF energy. All Cisco Aironet antennas are set for vertical polarization. A vertical (upright) dipole antenna is vertically polarized (as opposed to horizontal).

Multipath Distortion

Multipath interference occurs when an RF signal has more than one path between the transmitter and a receiver. Looking back at this post, you will find an explanation on how radio waves bounce off and are absorbed.

Multipath distortion is where high signal strength yet low signal quality causes data to be unreadable. When an antenna transmits, it radiates RF energy in more than one definite direction. The end result is a desired (most direct) path and one or more alternate paths that could include reflected paths off other surfaces.

At the receiving end the numerous RF waves are combined and may cause data to be unreadable. There is also a possibility that the RF waves can cancel each other out causing radio null or dead spot.

Changing the location of the antenna can change the reflections and diminish the change of multipath interference.

Defining Decibel

Antennas and RF Power are measurement units based in decibels. A decibel (dB) is the ratio between two signal levels (named after Alexander Graham Bell).

dB Milliwatt (dBm): A signal strenght or power level. 0 dBm is defined as 1mW (milliwatt) of power into a terminating load such as an antenna or power meter. Small signals are negative numbers (-78 dBm).

dB Isotropic (dBi): The gain a given antenna has over a theoretical isotropic (point source) antenna. Unfortunately, an isotropic antenna cannot be made in the real world, but it can be useful for calculating theoretical fade and systems operating margins.

Effective Isotropic Radiated Power

Effective Isotropic Radiated Power (EIRP) is defined as the effective power in front of the antenna. The EIRP of a transmitter is the power that the transmitter would appear to have if the transmitter were an isotropic radiator (the antenna radiated equally in all directions).

EIRP = Transmitted power + antenna gain – cable loss

Cable loss is where RF energy carried between the antenna and the radio equipment introduces signal loss. Signal loss is directly proportional to the length of cable used. As the diameter of cable increases, signal loss decreases (cable more expensive). As singal frequency increases, singal loss increases.

To reduce the singal loss, minimize the cable lenght and use low-loss or ultralow-loss antenna cable to connect equiptment (Cisco offers LMR400 20 and 40 feet total loss 1.3 and 3.4 dB and LMR600 100 and 150 feet 4.4 and 6.6 dB).

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Implementation of a WLAN

Published
by
Deon Botha
on May 20, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 0 Comments

This post brings together the theory into a more practical setting. This post covers the two types of Wireless Local Area Network (WLAN) implementations that Cisco offers namely autonomous WLAN Access Points (AP) and lightweight APs (LAP) with WLAN Controller (WLC).

For ease of my own use and understanding, I am going to use the proper acronums an Autonomous Access Point (AP), a lightweight Access Point (LAP) this is however not to be confused (NB) with Lightweight Access Point Protocol (LWAPP).

So take note of when I talk about hardware and the protocol in my notes. So to round up an AP is a full IOS Access Point able to be used in a stand-alone environment and can be downgraded for use (in most cases) to become an LAP; a LAP is a less extensive IOS feature-set and needs to be used in conjunction with a Wireless LAN Controller (WLC), then finally LWAPP is the protocol.

Autonomous APs

Jumping right in an AP implementation has various components, some of which are considered needed and some of which are considered optional:

  • A Cisco AP that uses Cisco IOS Software. To show this in an example the Cisco product code AIR-AP1131AG-x-K9 is a Aironet (AIR) product, is an autonomous Access Point (AP) of the 1131 product range at least Wireless 802.11 A and G capable (AG) this example product code is non region specific (x) and is an export restricted product range due to cryptology information resident in IOS (K9). If this was region specific the (x) would change to A=FCC, C=China, E=ETSI, I=Israel, J=TELEC (Japan), K=Korea, N=North America (Excluding FCC), P=Japan2, S=Singapore, or T=Taiwan.
  • Network infrastructure like switches and routers. Switches with Power over Ethernet (PoE) can provide power to AP.
  • Wireless Domain Services (WDS) for radio frequency (RF) management and fast, secure roaming. You can run Cisco Structured Wireless Aware Network (SWAN) WDS on Cisco Aironet APs, Cisco Catalyst Switches and Cisco Routers. The following list supports SWAN WDS Aironet 1230 AG, 1240AG, 1200, 1130 AG 1100 Series APs, Catalyst 6500 Series Wireless LAN Services Module (WLSM), Cisco 3800, 3700 Series Integrates Services Routers (ISR) and some models of 2800 and 2600 series ISR that run Cisco IOS version 12.3(11)T or later.
  • CiscoWorks Wireless LAN Solution Engine (WLSE) for Management (optional).
  • Cisco Secure Access Control Server (ACS) for security using RADIUS and TACACS+ protocols.

Lightweight APs

  • A Cisco Lightweight Access Point (LAP) that uses Cisco IOS Software. To show this in an example the Cisco product code AIR-LAP1131AG-x-K9 is a Aironet (AIR) product, is an Lightweight Access Point (LAP) of the 1131 product range at least Wireless 802.11 A and G capable (AG) this example product code is non region specific (x) and is an export restricted product range due to cryptology information resident in IOS (K9). If this was region specific the (x) would change to A=FCC, C=China, E=ETSI, I=Israel, J=TELEC (Japan), K=Korea, N=North America (Excluding FCC), P=Japan2, S=Singapore, or T=Taiwan.
  • Network infrastructure like switches and routers. Switches with Power over Ethernet (PoE) can provide power to AP.
  • Cisco Wireless LAN Controller (WLC) for configuration of the Access Points.
  • Cisco Wireless Control System (WCS) for management (optional).
  • Cisco Wireless Location Appliance for location tracking
  • Cisco Secure Access Control Server (ACS) for security using RADIUS and TACACS+ protocols.

Comparison of WLAN Solutions

The above two bullet lists should show that autonomous and lightweight WLAN solutions have some differences.

The main difference being in Autonomous mode the Cisco IOS feature set is more extensive and as the name denotes autonomy meaning “the right to govern itself” so each AP is configured individually and manage themselves (this can and probably will at some point lead to configuration errors if there are more than a couple of APs). Centralized management is possible through WLSE. Redundancy is achieved at the AP level (do the math if its cheaper to add APs than to add a WLC then this is the option).

In Lightweight mode a Wireless LAN Controller takes the centralized configuration and means the APs are dependant on the WLC (read point of failure) and pushed the configs to the APs. This gives congruence between the APs on the network without much hard work. Centralized management is possible through WCS. Redundancy is achieved at the WLC level (do the math if its cheaper to add a WLC than to just add APs then this is the option).

LAP Solution

LAP architecture splits processing of the 802.11 protocol between two devices; the LAP and the WLC. The processing of the 802.11 data and management protocols and the AP functionality is also divided between the two devices. This approach is called split MAC.

The LAP handles the portions of the protocol that have real-time requirements:

  • Frame Exchange handshake between a end-device and AP when transferring a frame over the air.
  • Transmission of beacon frames.
  • Buffering and transmission of frames for end-devices in power save operation
  • Response to probe request frames from end-devices
  • Forwarding notifications of received probe requests to the controller
  • Providing real-time signal quality information to the controller with every received frame.
  • Monitoring each radio channel for noise, interference, and presence of other WLANs.
  • Monitoring of presence of other LAPs.

The remaining functions are all handled by the WLC because either the function is not time-sensitive or a system wide visibility is required by the function.

  • 802.11 authentication
  • 802.11 association and re-association (mobility)
  • 802.11 frame translation and bridging

The control (management) traffic between the AP and the WLC is encapsulated using LWAPP and encrypted using Advanced Encryption Standard (AES); the data from the LAP and the WLC is also encapsulated using LWAPP but not encrypted. The data is switched once it reaches the WLC where it receives VLAN tagging, quality of service (QoS).

Layer-2 and Layer-3 Mode of LWAPP

Layer-2 LWAPP is in an Ethernet Frame. For layer-2 mode, the WLC and WLAP must be in the same broadcast domain and IP subnet.

Layer-3 LWAPP is in a User Datagram Protocol (UDP)/IP Packet. The WLC and WLAP can be in the same or different broadcast domains and IP Subnets. For layer-3 operation WLAP need IP Addresses. They must obtain these IP Addresses via DHCP.

So to bring this together; think of a network in your mind, if the network is flat/or the WLAP and WLC are located on the same network segment; iow is a switched network then the LAWPs can use either layer-2 or layer-3 mode. If the WLAPs and the WLC find themselves spread across the enterprise (physically) meaning that they would be in different subnets and on different segments (I’m thinking big business) you must use layer-3 mode.

LAP Association

There is a nice explanation on this document. A LAP will search for a WLC first using LWAPP layer-2 mode, then layer-3 mode. The process runs as followings; the LAP requests an IP Address via DHCP, the LAP then sends a LWAPP discovery request to the management IP address of the WLC via a broadcast.

The LWC responds with a discovery response from the management IP Address. This response includes the number of AP associated to the Access Point Manager interface and the Access Point Manager IP address.

The LAP then chooses the Access Point Manager with the least number of associated APs and sends a join request.

All following communication between the LAP and the WLC is done via the Access Point Manager IP Address.

Cisco Aironet WLC

The Cisco Aironet standalone WLCs range (2106, 4402 and 4404) are designed for Small and medium enterprise/business (SMB) to medium to large enterprise.

The 2106 Series allows Small and medium sized enterprise/business (SMB) environments to support up to six LAPs and are fairly cost effective (this is objective). With integrated DHCP services, zero-touch AP configuration, the Cisco 2106 is built for SMB companies that don’t have on-site IT support, like branch offices with distributed offices (i.e. corporate infrastructure and support teams to lean on when things go wrong).

The Cisco 4400 series is built for medium to large enterprise/business.

  • Cisco 4402
    • 2 GigabitEthernet (GE) ports
    • Configurations that support 12, 25, and 50 APs
    • One Expansion Slot
  • Cisco 4404
    • 4 GE ports
    • Support for 100 APs
    • Two Expansion slots

Optional redundant power supplies to ensure maximum availability can be purchased for the 4400 Series.

WLC are also available for the Cisco Catalyst 6500 and Cisco Integrated Sercies Routers (ISR) in the form of Integrated Controllers of Controller Modules.

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

WLAN Standards

Published
by
Deon Botha
on May 15, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 0 Comments

This is a generally a nice to know topic; if you don’t want to know the basics on “how” it works but rather just care that it works this might not be “light” reading.

There are “generally” (dependant on your country) unlicensed bands:

  1. 900-MHz Industrial, Scientific and Medical (ISM) Band (902-MHz to 928-MHz)
  2. 2.4-GHz Industrial, Scientific and Medical (ISM) Band (2400-MHz to 2483-MHz) (Japan to 2495-MHz)
  3. 5.7-GHz Unlicensed National Information Infrastructure (UNII) Band (5150-MHz to 5350/5725/5825 MHz) (Not all countries support 802.11a)

Radio Frequency Transmission (for dummies i.e. with no electric/electronic engineering background a.k.a ME):

Radio Frequencies (RF) are radiated (why does this not make me feel better I’ve seen what a microwave do when it radiates things) into the air by antennas that create radio waves. When radio waves are propagated through objects, they may be absorbed (walls) or reflected (metal). This absorption may cause areas of low-signal.

Radio wave transmission is affected by the three factors:

  • Reflection: when RF waves bounce of objects (metal, glass)
  • Scattering: when RF waves strike uneven surfaces and are reflected in many directions
  • Absorption: when RF waves are absorbed by objects (concrete, bricks, walls)

Data Transmission over Radio Waves (for dummies i.e. with no eletric/electronic engineering background a.k.a ME):

  1. Higher data rates (faster connection) have shorter range because the receiver needs a stronger signal with a better signal-to-noise ratio (SNR) to retrieve the information.
  2. Higher transmit power results in greater range. To double the range, the power has to be increased by a factor of 4 (four).
  3. Higher data rates require more bandwidth. Increased bandwidth is possible with higher frequencies.
  4. Higher frequencies have shorter range through higher degradation and absorption. More efficient antennas can compensate for this effect.

WLAN Regulations and Standardizations:

Regulatory Agencies control the use and enjoyment of RF bands. The two main regulatory agencies are the FCC (USA) and ETSI (Europe) (South Africa and EMEA region if in doubt follow ETSI).

The network (802) standardization is done by the IEEE. The wireless (802.11) standards are part of the network standard these include 802.11 a/b/g and soon to be finalized/ratified n.

Finally the Wi-Fi Alliance offers certification for vendors of 802.11 products so that their products are interoperable. The Wi-Fi Alliance certifications include all three 802.11 RF technologies and Wi-Fi Protected Access (WPA) security model (2003) based on IEEE 802.11i (ratified 2004).

IEEE 802.11b

Ratified Sept 1999

Operates in the 2.4-GHz ISM Band

Specifies direct sequence spread spectrum (DSSS)

Specifies four data rates up to 11-Mbps (1, 2, 5.5, and 11-Mbps)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

2.4-GHz Channels

Wireless-2.4-Channels

Up until this point Wireless channels might not have made “sense” if you weren’t as I joked “previously advantaged” with a electrical or electronic engineering qualification. Those ladies and gents are force fed this amongst other things for at the very least a semester in university so they know this kind of thing backwards (I know how they complained about it). If you are like myself a business grad then this is all new.

What this graph shows (pay attention to the grey highlight) is 3 non-overlapping Channels (except for Japan). If you are in Japan you can use the 14th channel along with 3 others to have access to 4 total channels.

This information is region specific and then also country specific (I know South Africa in general follows ETSI which falls under EMEA). Some countries may allow 14 channels while others may only allow 1 channel.

At a Cisco Tech-Update (I can’t remember the speaker forgive me) Wireless channel usage was explained using the below diagram and it made all the above fall into place for me.

Wireless Channel Use

What the diagram shows is the 2.4-Ghz frequency (visually) with the channels laid out how all the channels overlap. This is what 802.11 b/g “looks” like with the 3 non-overlapping channels (black).

Example: Three non-overlapping channels (1, 6, and 11) that do not share RFs. There would be no degradation in throughput if 3 APs were to operate in the same cell using channels 1, 6, and 11.

To show the maths 3 APs on 3 non-overlapping channels (2, 6, and 11) provide an aggregate data-rate for a cell of 33-Mbps (11-Mbps x 3), with an aggregated throughput of approx. 16-Mbps (33-Mbps/2).

Example: Three APs sharing the same channel, in the same cell.

To show the math 3 APs on the same channel(1, 1, and 1) provide an aggregate data rate a 11-Mbps but an aggregated throughput of 6-Mbps. This results from APs sharing a cell.

Example: Three APs sharing overlapping channels, in the same cell.

To show the math 3 APs on overlapping channels (1, 2, and 3) the throughput could drop to well below 1-Mbps due to interference.

Channel Reuse

At the same Tech Update they explained how using the non-overlapping channels a deployment can be done where none of the same channels border. Imagine the cells from top down on an overaly of an office plan looking like the diagram below.

Wireless Cell Re-Use

Data Rates

WLAN clients (end-devices) can shift data rates as they move. The closer you are to a AP the better coverage will be (11-Mbps), as you move away from the AP coverage will get worse (5.5-Mbps) and worse (2-Mbps) and worse (1-Mbps) until there is no signal. This data rate shifting occurs without user interaction or connection loss.

This rate shifting also happens on a transmission-by-transmission basis; whereby the AP can support multiple clients at multiple speeds (meaning transmissions 1 might be 11-Mbps and transmission 2 might be 1-Mbps depending on the end-user location).

IEEE 802.11a

Ratified Sept 1999

Operates in the 5-GHz ISM Band

Uses orthogonal frequency-division multiplexing (OFDM)

Specifies eight data rates up to 54-Mbps (6, 9, 12, 18, 24, 36, 48, 54-Mbps)

FCC – 12 to 23 non-overlapping channels

ETSI – up to 19 non-overlapping channels

Regulatory differences across countries

802.11a requires Transmit (Tx) power control and dynamic frequency selection (802.11h)

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

5-GHz Channels

802.11a must comply with two features in 802.11h namely Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).

TPC links back to the basics, the more Transmit Power pumped into an AP the greater the range (greater range = less data-rate). TPC is where an AP exchanges transmit power information with end-device adapters. This has a twofold advantage:

  1. end-device adapters use only enough power to maintain association with APs at any given data rate. In turn conserving energy (good for mobile devices and at current Eksom).
  2. end-devices contribute less to adjacent cell interference.

DFS is where the AP monitors the available 5-Ghz RF spectrum radar installations in the environment and if found flags the appropriate channel(s) as unavailable. DFS continually monitors the operating environment for changes during operation.

IEEE 802.11g

Ratified June 2003

Operates in the 2.4-GHz ISM Band as 802.11b

Uses direct sequence spread spectrum (DSSS) complementary code keying (CKK) and orthogonal frequency-division multiplexing (OFDM)

Specifies twelve data rates up to 54-Mbps (1, 2, 5.5, 11-Mbps DSSS/802.11b and 6, 9, 12, 18, 24, 36, 48, 54-Mbps OFDM).

Throughput Mbps * 1024/Users = X kbps Bandwidth per user

Security and Mitigation of Wireless Risks

Linking back to the beginning of this post and why Wireless could potentially be a security threat. The process of Wireless is “Radio Frequencies (RF) (that) are radiated into the air by antennas that create radio waves” and in turn your network data travels across radio waves from source (server or point A) to destination (end-device or point B).

This wireless communication if left unsecured, leaves a wide open method of access to anyone that wants to enter, use and abuse your enterprise infrastructure. With the low cost of IEEE 802.11 wireless equipment these days adoption is gaining in the mass market (home, small office/home office (SOHO),  small medium business (SMB)). With greater adoption of the mass market the products are easier to use and deploy and implement (graphical user interface (GUI) deployments and out the box operation). This large adoption also makes for sub-business class consumer grade products making a regular appearance in server-rooms, business settings and other environments where they are definitely not meant to be (don’t get me wrong consumer products work great for a family of 5 people but aren’t built or designed to handle with an office of 10 people or a department of 50 people).

There are many large telco (Telkom) companies that offer pre-configured Wi-Fi combination routers with the DSL accounts. Most if not the majority of users literally plug and play (plug it in and use it with default settings). This is a very conducive environment for “war driving” for the single purpose of free Internet, collecting sensitive information through the use of various freely available tools and applications.

The Process

Anyone implementing Wireless needs to at the very least consider security which is a three step process of Authentication (802.1x or Extensible Authentication Protocol (EAP)), Encryption (Wi-Fi Protected Access (WPA – TKIP, WPA2 – AES or TKIP)) and Intrusion Detection and Protection (IDS and IPS).

Wireless Association

Looking at how end-devices (clients like notebooks, smartphones, PDAs) associate with APs then something I mentioned in a previous post will crystallize.

APs broadcast (send out) beacons with SSIDs (one or many), data rates (depending on distance from AP) and other information. The end-device scans the available channels looking for beacons and responses from APs. The end-device then in turn associates with the AP with the strongest signal.

If you are using a mobile device and moving with your device and signal becomes weak this process will repeat.

It is during this association process that SSID, MAC address and security settings are sent from end-device to the AP and checked. This is what we are going to be talking about in the next couple of paragraphs.

Authentication

When an end-device attempts to associate this is done via the 802.1x protocol. The end-device is called a supplicant which communicates with an autonomous AP* (called the authenticator) that communicates and in turn authenticates to an Authentication, Authorization and Accounting Server (AAA Server) like RADIUS/TACACS+ or Cisco Secure ACS.

*LWAPP uses the WLAN controller that acts as the Athenticator that in turn communicates and authenticates with the AAA Server.

Encryption

After authentication is successful (if unsuccessful the connection is denied) data between the end-device and the AP is sent encrypted in either TKIP or AES encryption.

Definitions

Signal-to-Noise

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

WLAN Infrastructure Topologies

Published
by
Deon Botha
on May 14, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems, Concepts and Constructs and Wireless
. 4 Comments

As talked about in the previous post the difference between a wired LAN and a Wireless Local Area Networks (WLANs) is that the Layer-1 transmission medium of a traditional wired local area network (LAN) (CAT-5 cable) is replaced with Radio Frequency (RF) transmissions.

What follows is the pimping of Cisco Aironet products and where they fit into three main wireless categories:

Wireless in-building LANs for client Access: The Cisco Aironet products can plug into an existing wired infrastructure and function like an overlay to the existing LAN or even replace the wired LAN.

Wireless Building-to-Building bridges: The Cisco Aironet products can provide wireless bridging to connect two or more networks that are physically separated to be connected on one LAN without the time or expense required to get physical lines to be installed.

Wireless mesh networks: Mesh networking is a mixture of the above two categories. Mesh networking provide dynamic, redundant, fault-tolerant links for building and client access.

Service Set Identifier (SSID)

Myth: Hidden (not broadcasting) the SSID makes a wireless network secure.

The SSID is the “name” of a wireless cell, this name is used to logically separate WLANs. The SSID must match exactly between the client and the access point for them to connect. The Access Point (AP) sends the SSID out in beacons.

The beacons are broadcasts that an AP sends to advertise available services, these beacons go out whether SSID is hidden or not (Clients can be configured without a SSID, where they learn the SSID from the beacons of the AP).

The Topology Basic

Wireless

Extended Services Set: Two or more Basic Serve sets (Mobile clients use a single AP to connect) are connected by a common distribution system (backbone) An Extended Service Set includes a common SSID to allow roaming from AP to AP without client config.

The diagram shows the WLAN topology with 2 APs and some devices (Microsoft Icons) that I know to be Wi-Fi capable (from left to right tablet notebook, projector, PDA, smartphone, notebook).

Wireless Cell: The basic area is the RF coverage provided by an AP (Channel 1 or Channel 2 NOT both). This area is also called the “microcell“. To extend/enlarge/make bigger the basic area one simply adds APs (Recently microcell has moved to picocell reducing AP coverage by reducing power and increasing total number of AP deployed).

The basic area of an AP is called the service set, the basic area of the combined APs is called the extended services set (There is a recommended 10 – 15 % overlap between cells for data networks to allow roaming without losing RF connection. There is a 15 – 20% overlap for voice/data/video networks). Bordering cells should be set to different non-overlapping channels for best performance (more on this later).

Access Point: The name is self explanatory reverse the name Point “of” Access. As the name denotes this is the point at which client-devices connect/access the wireless network. The APs connect to then to the Ethernet backbone and facilitate the communication between wired and wireless networks

The AP is the master of a given cell and manages/controls traffic to and from the network (remote devices do not communicate with each other they communicate through the AP).

Picocell: the benefit of a picocell is better coverage, less interference, higher data rates, and fault tolerance through convergence. When an AP goes down, the neighbouring AP expands coverage by increasing power (this increases the RF range) to cover for the lost AP. (Look into WLAN Controllers cause this gets complicated to do manually quickly with say more than 5 APs)

Wireless Repeater

Wireless Repeater

In environments (factory floors, doctors room, large retail, wholesale storehouses) where its just not practical to put down a wired LAN or the application of the network wouldn’t work with a wired system a wireless repeater can be put down.

A wireless repeater is a AP that is not connected to the Wired LAN (Requires 50% overlap of the AP on the Wired LAN side). This setup however has a large throughput impact where throughput is decreased by half due to the receive and retransmit time.

The SSID of the AP (the one on the left) must be configured on the wireless repeater (the one on the right). The wireless repeater uses the same channel as the AP (NB not all implementations support this).

Workgroup Bridge

Wireless Work Group Bridge

Cisco Wireless Workgroup Bridge (WGB) (Reference Cisco Q&A Document) that connects to the Ethernet (RJ-45) port of any end-device (if it has a Ethernet port and is therefore network-able) that doesn’t have a WLAN Network Interface Card (NIC) (either because the end-device doesn’t have the option of a Peripheral Component Interconnect (PCI) slot, Personal Computer Memory Card International Association (PCMCIA) slot or USB slot, or software for WLAN connectivity).

A WGB provides a single MAC address connection into an AP and in turn then onto the Wired LAN backbone (The WGB cannot work in peer-to-peer mode). Another option is to connect a remote workgroups wired LAN. To implement a remote workgroup installation (i.e. multiple MAC addresses) the WGB is connected to a hub/switch switch with a Ethernet patch cable (for single MAC Address use a crossover cable) (NB not all implementations support this).

Ad-hoc mode

Wireless Ad Hoc Mode

Ad-Hoc Mode: This is called Independant Basic Service Set (IBSS). Mobile clients connect directly without an AP.

Peer-to-Peer (P2P) a.k.a Ad-hoc mode networking is the opposite of a Server-Client model (duh). This can be in a wired or wireless environment and is where a group of end-devices come together and form an ad-hoc/P2P network with each other to share files, pictures, music, movies and applications (The ease and current application (Kazaa and Torrents) of this type of network is the main reason the RIAA hates ad-hoc/P2P networks).

In a WLAN the coverage is very limited; where all users must be in wireless reception distance of each other. There are a couple of problems with P2P “office” networks one being that security is almost non-existent, other problems being that there is no central location for any files, applications, or printing.

In most P2P environments I have found that the receptionist is given the “server-role” Pc which creates other larger problems. The person at the front desk in a company is the receptionist, in case of a theft the first computer out the door is the server. In most cases the most “spam” is received by a receptionist (classing teddy-bears, hearts and hugs, chain-mail, friend-mail, etc. as spam) being on numerous forwarding lists increases the risk of virus, trojan, worm infection. If the company allows internet access to employees its only a matter of time before the “server” begins doing its own thing.

In a WLAN it is not a good idea (iow just don’t do it) to connect a Server, or a Server-Role computer using Wireless

Roaming

Wireless Roaming

The roaming “feature” on wireless allows a mobile user to move from one cell to another without a drop in signal or need to manually change network settings. Roaming is enabled by complete coverage with wireless cells.

  1. Seamless roaming allows for users to move around from one cell to another.
  2. Power management lengthens the battery life of portable devices (i.e. they don’t have to search for wireless networks all the time)
  3. Dynamic Load Balancing distributes users among access points to increase throughput for each user.
  4. AP with overlapping coverage cells and redundant switches provide fault tolerant WLAN networks.

A user experiences “roaming” when one of the following conditions is met:

  1. The maximum data retry count is exceeded.
  2. The client has missed too many beacons from the access point.
  3. The client has reduced the data rate.
  4. The client intends to search for a new AP at periodic intervals.

Roaming without service interruption requires identical SSIDs, VLANs and IP subnets on all APs. The client initiates the roaming when he/she searches for another AP with the same SSID and then sends a re-authentication request (for voice and video short roaming times are important).

Layer-2 and Layer-3 Roaming

Wireless Layer-2 and Layer-3 Roaming

Roaming from one AP to another AP on the same subnet (Cell 1 to Cell 2) would be considered Layer-2 roaming (data link layer). Roaming between APs that reside on different subnets (Cell 1 to Cell3) would be considered Layer-3 roaming (network layer).

Layer-2 roaming is managed by the AP, using mulicast packets that inform switches that a devices has moved. The protocol between the APs is called Inter-Access Point Protocol (IAPP).

Layer-3 roaming is managed by either Mobile IP or Lightweight Access Point Protocol (LWAPP) with a WLAN controller.

Mobile IP: allows fixed IP addresses in an IP Subnet of a network. It relies on devices like routers (home agents and foreign agents), to runel traffic for a mobile device. This was used in Legacy WLANs.

Wireless VLAN Support

Switches use VLANs to separate traffic. WLAN APs can in turn extend the VLANs by mapping VLANs to SSIDs. The VLANs then share the same wireless cell and channel end result being virtualization of the AP.

Through the use of trunking (ISL or 802.1q) the VLANs can be mapped to APs from a/the switch allowing roaming throughout the enterprise. A Cisco Aironet AP can be configured with 8 – 16 VLANs for system design flexibility. (Some client NICs require SSID broadcast, the AP can be configured for SSID broadcast per VLAN).

Wireless Enterprise (read business) Voice Architecture

Wired LAN Voice (IP Phone) networks can be extended using the 802.11e standard that specifies QoS upstream and downstram for WLAN networks. This is very important because of the delay sensitive nature of voice.

Wireless Mes Networks

A Mesh network infrastructure is decentralized and inexpensive because each node needs to transmit only as far as the next node (WirelessAfrica). The nodes act as repeaters to transmit data from nearby nodes to peers that are too far away to reach. The result is a network that can span a large area (cost effectively if each node is owned by individuals).

Mesh Networks are reliable because each node connects to several other nodes. Wireless Mesh networks differ from conventional infrastructure wireless networks in that only a subset of nodes need to be directly connected to the wired network. Extra capacity can be added by installing more nodes. Through the use of Cisco Adaptive Wireless Path Protocol (AWP(P)) each device can find a way back to wired APs and thus by extension the network. Paths (of which there are multiple) through the network can change in response traffic load, radio conditions, or traffic prioritization. The network can cover more distance by using wireless to wireless connectivity. Unlicensed bandwidth (cheap) and wireless routing allow microcells to interconnect over wireless backhaul links.

AWP Protocol

AWP allows APs to communicate with each other to determine the best path back to the wired network. After optimal path selection is estalbished, AWP continues to run as a background service to establish alternate paths to the wired network or if topology changes or other conditions causes the link streghth to diminish. (AWP runs on each AP)

AWP is a wireless protocol by design and takes into consideration wireless radio factors like interference to make a mesh network self-configuring and self-healing. Because wireless is dynamic, addition to the network causes AWP to reconfigure paths back to the wired network automatically. AWP also uses stickiness to mitigate route flaps (disconnection/temporary disruption doesnt cause mesh change).

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Wireless and WLANs and related Technologies

Published
by
Deon Botha
on May 12, 2008
in 802.11, Access Point, BCMSN, Certification, Cisco Systems and Wireless
. 1 Comment

You will all probably see that I have no love lost for Wireless as I do these notes, I really love to hate and hate to love Wireless. Its maybe because its so unpredictable, I don’t know. But without further ado, lets get right into the thick of things.

There are various types of Wireless without being specific. What follows below is the list of “Wireless” data Technologies available:

Wireless-Data-Technologies

Moving swiftly forward; thinking back to CCNA studies the different type(s) of network(s) and respective sizes that defined and characterized those networks now becomes important. A wireless Technology is defined by its tangible and intangible characteristics, think carefully about that statement and its application.

I won’t have a UMTS network (no matter how cool it would on the bragging rights) as my home network or Small Office Network. Even if it might/could/would support voice, video and data just like my 802.11 a/b/g/n network. (I’m not going to start on how fried your brain might get)

Personal Area Networks (PAN): This is marketing and advertising buzz (at least consider it as such). This technologies are Infrared (IR) and Bluetooth. The distance is painfully short and designed to cover your personal work-space environment. Think mobile to headset, notebook to printer, mobile to mobile (all peer-to-peer and device to device) and in the case of IR line of sight. In this category you own the products and therefore there is no charge for “airtime”.

Local Area Networks (LAN): Like a wired LAN, the Wireless LAN (WLAN) is enterprise-based allowing the same enterprise (company) applications to be used without wires. WLANs since 802.11n have reached and surpassed 10/100 spec wired networks with connectivity speed of 300 Mbps maximum (this I think is marketing for when the wind is blowing in the right direction, you are standing on one leg, there is no interference and no other users on the network). WLANs are the same as PANs where the customer owns 100% of the network thus there are no “airtime” charges.

Metropolitan Area Networks (MAN): These Wireless networks are deployed inside an urban area and allow connection within that area without the use of wires. Wireless MANs can connect up to the speed of DSL broadband (define broadband) but not much faster. These networks can be run and maintained by a licensed carrier requiring customers to purchase airtime or by a entity (public mostly) like the police, emergency services, etc. Examples are multichannel multipoint distribution service (MMDS) and local multipoint distribution service (LMDS).

Wide Area Network (WAN): The Wireless WAN is typically slower with more coverage than the “smaller” network technologies. These networks usually cover rural areas or a larger scale areas. Due to the infrastructure requirements, scale and scope of the network they all require the purchase of airtime for data transmission. Examples are packet radio service (GPRS), and code division multiple access (CDMA).

WLANs

A Wireless Local Area Network (WLAN) is similar to a Ethernet network in many ways. WLANs are shared networks as are Ethernet Networks. An Access Point (AP) functions like a Ethernet HUB aggregating and sending for all intents and purposes network information to and from end-devices. In any wireless cell only one station can transmit data at any time; while all others listen.

The transmission setup of wireless is similar to that of coax cable or half-duplex Ethernet working through a Ethernet hub. The average data rate per station is the total bandwidth divided by the total number of stations connected to that AP. Now in reality the actual data throughput is less because of wireless specific issues and the above mentioned calculation.

Use

WLANs are meant for local networks and not WANs. They are used inside buildings, line of sight outdoor building bridging connections (combination of both). There is no license required for WLANs (country specific). A WLAN is not a cellular network. It does not provide packet data transmission for cellular phones.

Similarities

WLANs are 802 LANs (802.11 to get specific). The data in WLANs is sent over radio waves while wired LANs send data over wires (duh). Both WLANs and Wired LANs define physical and data link layers and use MAC addresses. The same applications can be used on WLANs and Wired LANs.

Differences

In WLANs Radio Frequencies (RF) are used as the physical layer of the network. WLANs use carrier sense multiple access collision avoidance (CSMA/CA) and not carrier sense multiple access collision detection (CSMA/CD). This is because collision detection is not possible because a sending station can’t receive at the same time that it is transmitting thus cannot detect a collision. Instead Request to Send (RTS) and Clear to Send (CTS) protocols are used to avoid collisions. Additionally to this WLANs use different frame formats needing more information in the layer-2 header of the frame.

Radio Waves have problems (read lots of) not found with wires. Connectivity issues in WLANs can be caused by several problems, RF transmission, multipath distortion, and interference from other wireless services or other WLANs. There is security and privacy issues because a radio frequency doesn’t stop at the end of a property and can therefore be picked up by someone off-site.

In WLANs mobile clients are used to connect to the network, these mobile devices don’t have a physical wired connection to the network and often run on battery power as opposed to mains.

WLANs must meet country specific RF regulations where wired LANs don’t have these country specific regulations.

History

WLAN technology evolution started in the 1980s using 800-MHz direct sequence spread spectrum (DSSS) technology. DSSS was easy as it required no licenses to use and a single AP could cover large areas. The single biggest problem with DSSS was that few countries allowed the technology. As time passed, need for speed, open standards, and global adoption forced manufacturers to engineer products in the 2.4-GHz band sometime in the 1990s.

The 2.4GHz band put Wireless into a cleaner RF this meant less interference from other “devices” but higher speeds and higher frequency had a range drawback requiring more APs to be placed but the 860 kbps to 1-2 Mbps speed made up for this. The only problem still remaining with Wireless was the proprietary nature of the technology. In 1992 the IEEE drafted the 802.11 standard making the WLAN standard open.

In July 1997, the IEEE ratified the 2.4-GHz standard to include DSSS technology t the physical layer. The standard specified 1 Mbps standard speed and 2 Mbps as “turbo” speed.

In September 1999 the IEEE ratified the IEEE 802.11 a standard (5-GHz at 54 Mbps) and IEEE 802.11b standard (2.4-GHz at 11 Mbps). Then in June 2003 the IEEE ratified 802.11g (2.4-GHz at 54 Mbps). The 802.11b and 802.11g standard are backward compatible (both use 2.4-GHz). Then sometime November 2008 the IEEE should maybe finalize an amendment to IEEE 802.11 for 802.11n (2.4-GHz and/or 5-Ghz at 300 Mbps (2 streams)).

Terms:

Last Mile Access:From CCNA studies referring to the cable connects a customers premises to the telco equipment. The right term for the telco kit would be their Central Office (CO) Customer Premises to the Central Office of the telco.

Resources:

Pretoria Wireless Project

Notes and Notices:

This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.

Search

About

You are currently browsing the Network Ninja weblog archives for the Wireless category.

Latest

RSS
  • Digital Growth with your Job
  • Open Shortest Path First – OSPF Fundamentals – Scenario
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 13
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 12
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 11
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 10
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 9
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 8
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 7
  • Open Shortest Path First – OSPF Fundamentals – Questions and Answers – Question 6

Archives

  • June 2009
  • April 2009
  • March 2009
  • February 2009
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008

Categories

  • 802.11 (7)
  • 802.1Q (1)
  • 802.1X (1)
  • AAA (1)
  • Access Point (7)
  • ACL (4)
  • Addressing (3)
  • Asides (31)
  • auto-summary (3)
  • AutoQoS (1)
  • Bandwidth (2)
  • BCMSN (55)
  • BDR (2)
  • BGP (1)
  • BPDU Filtering (1)
  • BPDU Guard (2)
  • BPDU Root Guard (1)
  • BSCI (67)
  • BSCI Notes (18)
  • BSCI Questions (48)
  • Business (1)
  • Cabling and Equiptment (3)
  • CAM (1)
  • CCDA (1)
  • CDP (1)
  • CEF (1)
  • Certification (123)
  • CIDR (2)
  • CIR (2)
  • Cisco Systems (144)
  • Concepts and Constructs (76)
  • CoS (1)
  • Cost (3)
  • DAI (1)
  • DDNS (1)
  • Debug (2)
  • DHCP Snooping (1)
  • DHCP Spoofing (1)
  • DR (3)
  • DUAL (1)
  • Dynamic ARP Inspection (1)
  • ECNM (5)
  • EIGRP (5)
  • Enterprise Architecture (7)
  • EtherChannel (1)
  • GLBP (1)
  • Hello Timer (2)
  • Hold Timer (2)
  • Hot Standby Router Protocol (1)
  • HSRP (1)
  • IGRP (1)
  • IIN (2)
  • Inter-Vlan Routing (1)
  • Interconnection Technologies (2)
  • IP Source Guard (1)
  • IS-IS (1)
  • ISL (1)
  • LACP (1)
  • Link State Advertisements (2)
  • Load Balancing (2)
  • Loop Guard (1)
  • MAC Address Flooding (1)
  • MLS (1)
  • MSTP (1)
  • NBAR (1)
  • NBMA (1)
  • Off-Topic (12)
  • OSPF (18)
  • PAgP (1)
  • passive-interface (1)
  • PoE (1)
  • Port Security (1)
  • Priority (2)
  • Proxy ARP (1)
  • PVC (1)
  • QoS (2)
  • RIP (1)
  • RIPv2 (1)
  • Root Guard (1)
  • RSTP (1)
  • Show (6)
  • Software (1)
  • SONA (2)
  • SSH (2)
  • STP (5)
  • Stub Router (3)
  • summary-address (1)
  • Support (4)
  • Switch Spoofing (1)
  • TCAM (1)
  • Telnet (2)
  • Troubleshooting (1)
  • Trunk (6)
  • Unidirectional Link Detection (1)
  • VACL (3)
  • VC (1)
  • Vine (20)
  • VLAN (11)
  • VLAN Hopping (1)
  • VLSM (1)
  • VoIP (1)
  • VRRP (1)
  • VTP (4)
  • VTY (1)
  • Wireless (7)

Styled with Sawchuk

Powered by WordPress3.4.1 and K21.0-RC7

Entries Feed and Comments Feed

57 queries. 2.9230 seconds.