This is a generally a nice to know topic; if you don’t want to know the basics on “how” it works but rather just care that it works this might not be “light” reading.
There are “generally” (dependant on your country) unlicensed bands:
- 900-MHz Industrial, Scientific and Medical (ISM) Band (902-MHz to 928-MHz)
- 2.4-GHz Industrial, Scientific and Medical (ISM) Band (2400-MHz to 2483-MHz) (Japan to 2495-MHz)
- 5.7-GHz Unlicensed National Information Infrastructure (UNII) Band (5150-MHz to 5350/5725/5825 MHz) (Not all countries support 802.11a)
Radio Frequency Transmission (for dummies i.e. with no electric/electronic engineering background a.k.a ME):
Radio Frequencies (RF) are radiated (why does this not make me feel better I’ve seen what a microwave do when it radiates things) into the air by antennas that create radio waves. When radio waves are propagated through objects, they may be absorbed (walls) or reflected (metal). This absorption may cause areas of low-signal.
Radio wave transmission is affected by the three factors:
- Reflection: when RF waves bounce of objects (metal, glass)
- Scattering: when RF waves strike uneven surfaces and are reflected in many directions
- Absorption: when RF waves are absorbed by objects (concrete, bricks, walls)
Data Transmission over Radio Waves (for dummies i.e. with no eletric/electronic engineering background a.k.a ME):
- Higher data rates (faster connection) have shorter range because the receiver needs a stronger signal with a better signal-to-noise ratio (SNR) to retrieve the information.
- Higher transmit power results in greater range. To double the range, the power has to be increased by a factor of 4 (four).
- Higher data rates require more bandwidth. Increased bandwidth is possible with higher frequencies.
- Higher frequencies have shorter range through higher degradation and absorption. More efficient antennas can compensate for this effect.
WLAN Regulations and Standardizations:
Regulatory Agencies control the use and enjoyment of RF bands. The two main regulatory agencies are the FCC (USA) and ETSI (Europe) (South Africa and EMEA region if in doubt follow ETSI).
The network (802) standardization is done by the IEEE. The wireless (802.11) standards are part of the network standard these include 802.11 a/b/g and soon to be finalized/ratified n.
Finally the Wi-Fi Alliance offers certification for vendors of 802.11 products so that their products are interoperable. The Wi-Fi Alliance certifications include all three 802.11 RF technologies and Wi-Fi Protected Access (WPA) security model (2003) based on IEEE 802.11i (ratified 2004).
IEEE 802.11b
Ratified Sept 1999
Operates in the 2.4-GHz ISM Band
Specifies direct sequence spread spectrum (DSSS)
Specifies four data rates up to 11-Mbps (1, 2, 5.5, and 11-Mbps)
Throughput Mbps * 1024/Users = X kbps Bandwidth per user
2.4-GHz Channels
Up until this point Wireless channels might not have made “sense” if you weren’t as I joked “previously advantaged” with a electrical or electronic engineering qualification. Those ladies and gents are force fed this amongst other things for at the very least a semester in university so they know this kind of thing backwards (I know how they complained about it). If you are like myself a business grad then this is all new.
What this graph shows (pay attention to the grey highlight) is 3 non-overlapping Channels (except for Japan). If you are in Japan you can use the 14th channel along with 3 others to have access to 4 total channels.
This information is region specific and then also country specific (I know South Africa in general follows ETSI which falls under EMEA). Some countries may allow 14 channels while others may only allow 1 channel.
At a Cisco Tech-Update (I can’t remember the speaker forgive me) Wireless channel usage was explained using the below diagram and it made all the above fall into place for me.
What the diagram shows is the 2.4-Ghz frequency (visually) with the channels laid out how all the channels overlap. This is what 802.11 b/g “looks” like with the 3 non-overlapping channels (black).
Example: Three non-overlapping channels (1, 6, and 11) that do not share RFs. There would be no degradation in throughput if 3 APs were to operate in the same cell using channels 1, 6, and 11.
To show the maths 3 APs on 3 non-overlapping channels (2, 6, and 11) provide an aggregate data-rate for a cell of 33-Mbps (11-Mbps x 3), with an aggregated throughput of approx. 16-Mbps (33-Mbps/2).
Example: Three APs sharing the same channel, in the same cell.
To show the math 3 APs on the same channel(1, 1, and 1) provide an aggregate data rate a 11-Mbps but an aggregated throughput of 6-Mbps. This results from APs sharing a cell.
Example: Three APs sharing overlapping channels, in the same cell.
To show the math 3 APs on overlapping channels (1, 2, and 3) the throughput could drop to well below 1-Mbps due to interference.
Channel Reuse
At the same Tech Update they explained how using the non-overlapping channels a deployment can be done where none of the same channels border. Imagine the cells from top down on an overaly of an office plan looking like the diagram below.
Data Rates
WLAN clients (end-devices) can shift data rates as they move. The closer you are to a AP the better coverage will be (11-Mbps), as you move away from the AP coverage will get worse (5.5-Mbps) and worse (2-Mbps) and worse (1-Mbps) until there is no signal. This data rate shifting occurs without user interaction or connection loss.
This rate shifting also happens on a transmission-by-transmission basis; whereby the AP can support multiple clients at multiple speeds (meaning transmissions 1 might be 11-Mbps and transmission 2 might be 1-Mbps depending on the end-user location).
IEEE 802.11a
Ratified Sept 1999
Operates in the 5-GHz ISM Band
Uses orthogonal frequency-division multiplexing (OFDM)
Specifies eight data rates up to 54-Mbps (6, 9, 12, 18, 24, 36, 48, 54-Mbps)
FCC – 12 to 23 non-overlapping channels
ETSI – up to 19 non-overlapping channels
Regulatory differences across countries
802.11a requires Transmit (Tx) power control and dynamic frequency selection (802.11h)
Throughput Mbps * 1024/Users = X kbps Bandwidth per user
5-GHz Channels
802.11a must comply with two features in 802.11h namely Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS).
TPC links back to the basics, the more Transmit Power pumped into an AP the greater the range (greater range = less data-rate). TPC is where an AP exchanges transmit power information with end-device adapters. This has a twofold advantage:
- end-device adapters use only enough power to maintain association with APs at any given data rate. In turn conserving energy (good for mobile devices and at current Eksom).
- end-devices contribute less to adjacent cell interference.
DFS is where the AP monitors the available 5-Ghz RF spectrum radar installations in the environment and if found flags the appropriate channel(s) as unavailable. DFS continually monitors the operating environment for changes during operation.
IEEE 802.11g
Ratified June 2003
Operates in the 2.4-GHz ISM Band as 802.11b
Uses direct sequence spread spectrum (DSSS) complementary code keying (CKK) and orthogonal frequency-division multiplexing (OFDM)
Specifies twelve data rates up to 54-Mbps (1, 2, 5.5, 11-Mbps DSSS/802.11b and 6, 9, 12, 18, 24, 36, 48, 54-Mbps OFDM).
Throughput Mbps * 1024/Users = X kbps Bandwidth per user
Security and Mitigation of Wireless Risks
Linking back to the beginning of this post and why Wireless could potentially be a security threat. The process of Wireless is “Radio Frequencies (RF) (that) are radiated into the air by antennas that create radio waves” and in turn your network data travels across radio waves from source (server or point A) to destination (end-device or point B).
This wireless communication if left unsecured, leaves a wide open method of access to anyone that wants to enter, use and abuse your enterprise infrastructure. With the low cost of IEEE 802.11 wireless equipment these days adoption is gaining in the mass market (home, small office/home office (SOHO), small medium business (SMB)). With greater adoption of the mass market the products are easier to use and deploy and implement (graphical user interface (GUI) deployments and out the box operation). This large adoption also makes for sub-business class consumer grade products making a regular appearance in server-rooms, business settings and other environments where they are definitely not meant to be (don’t get me wrong consumer products work great for a family of 5 people but aren’t built or designed to handle with an office of 10 people or a department of 50 people).
There are many large telco (Telkom) companies that offer pre-configured Wi-Fi combination routers with the DSL accounts. Most if not the majority of users literally plug and play (plug it in and use it with default settings). This is a very conducive environment for “war driving” for the single purpose of free Internet, collecting sensitive information through the use of various freely available tools and applications.
The Process
Anyone implementing Wireless needs to at the very least consider security which is a three step process of Authentication (802.1x or Extensible Authentication Protocol (EAP)), Encryption (Wi-Fi Protected Access (WPA – TKIP, WPA2 – AES or TKIP)) and Intrusion Detection and Protection (IDS and IPS).
Wireless Association
Looking at how end-devices (clients like notebooks, smartphones, PDAs) associate with APs then something I mentioned in a previous post will crystallize.
APs broadcast (send out) beacons with SSIDs (one or many), data rates (depending on distance from AP) and other information. The end-device scans the available channels looking for beacons and responses from APs. The end-device then in turn associates with the AP with the strongest signal.
If you are using a mobile device and moving with your device and signal becomes weak this process will repeat.
It is during this association process that SSID, MAC address and security settings are sent from end-device to the AP and checked. This is what we are going to be talking about in the next couple of paragraphs.
Authentication
When an end-device attempts to associate this is done via the 802.1x protocol. The end-device is called a supplicant which communicates with an autonomous AP* (called the authenticator) that communicates and in turn authenticates to an Authentication, Authorization and Accounting Server (AAA Server) like RADIUS/TACACS+ or Cisco Secure ACS.
*LWAPP uses the WLAN controller that acts as the Athenticator that in turn communicates and authenticates with the AAA Server.
Encryption
After authentication is successful (if unsuccessful the connection is denied) data between the end-device and the AP is sent encrypted in either TKIP or AES encryption.
Definitions
Notes and Notices:
This is a part of my personal BCMSN notes and research to assist myself in learning and understanding the concepts and theory for the BCMSN exam. I learn by making notes reading and writing things down and wish to file them where I can’t lose them. These notes are not to be seen, judged or mistaken for replacements to Cisco recognized and authorized training which I personally support and attend and suggest you undertake if you are going for the BCMSN Certification.