8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
1/79
Chapter 7: Basic Wireless
Concepts and Configuration
CCNA Ex loration 4.0
Please purchase apersonal license.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
2/79
Objectives
Describe the components and operations of basicwireless LAN topologies.
Describe the components and operations of basicwireless LAN security.
Configure and verify basic wireless LAN access.
Hc vin mng Bach Khoa - Website: www.bkacad.com 2
Configure and troubleshoot wireless client access.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
3/79
The Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 3
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
4/79
Why Use Wireless?
Hc vin mng Bach Khoa - Website: www.bkacad.com 4
Business networks today are evolving to support people who are onthe move.
Mobility environment: where people can take their connection to thenetwork along with them on the road.
There are many different infrastructures (wired LAN, service providernetworks) that allow mobility like this to happen, but in a businessenvironment, the most important is the WLAN.
People now expect to be connected at any time and place
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
5/79
Benefits of WLANs
Hc vin mng Bach Khoa - Website: www.bkacad.com 5
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
6/79
Wireless Technologies
Hc vin mng Bach Khoa - Website: www.bkacad.com 6
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
7/79
Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 7
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
8/79
Comparing a WLAN to a LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 8
In an 802.3 Ethernet LAN, each client hasa cable that connects the client NIC to aswitch. The switch is the point where theclient gains access to the network.
In a wireless LAN, each client uses awireless adapter to gain access to thenetwork through a wireless device such asa wireless router or access point.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
9/79
Wireless standards
Hc vin mng Bach Khoa - Website: www.bkacad.com 9
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
10/79
Wi-Fi Certification
Hc vin mng Bach Khoa - Website: www.bkacad.com 10
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
11/79
Wireless Infrastructure Components
Hc vin mng Bach Khoa - Website: www.bkacad.com 11
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
12/79
Extra: Wireless LAN Frame
Hc vin mng Bach Khoa - Website: www.bkacad.com 12
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
13/79
Wireless Access Points
Hc vin mng Bach Khoa - Website: www.bkacad.com 13
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
14/79
Carrier Sense Multiple Access with Collision Avoidance(CSMA/CA)
Hc vin mng Bach Khoa - Website: www.bkacad.com 14
Access points oversee a distributed coordination function (DCF) calledCarrier Sense Multiple Access with Collision Avoidance (CSMA/CA).
This simply means that devices on a WLAN must sense the medium for energy(RF stimulation above a certain threshold) and wait until the medium is free
before sending.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
15/79
RTS/CTS
Hc vin mng Bach Khoa - Website: www.bkacad.com 15
One means of resolving the hidden node problem is a CSMA/CAfeature called request to send/clear to send (RTS/CTS).
RTS/CTS was developed to allow a negotiation between a client andan access point.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
16/79
Extra: RTS/CTS
The optional request-to-send and clear-to-send (RTS/CTS) functionallows the access point to control use of the medium for stationsactivating RTS/CTS.
With most radio NICs, users can set a maximum frame-lengththreshold for when the radio NIC activates RTS/CTS. For example, a frame length of 1,000 bytes triggers RTS/CTS for all
frames larger than 1,000 bytes.
Hc vin mng Bach Khoa - Website: www.bkacad.com 16
,
access point before sending a data frame. The access point thenresponds with a CTS frame, indicating that the radio NIC can send thedata frame.
With the CTS frame, the access point provides a value in the durationfield of the frame header that holds off other stations from transmittinguntil after the radio NIC initiating the RTS can send its data frame. Thisavoids collisions between hidden nodes.
The RTS/CTS handshake continues for each frame, as long as theframe size exceeds the threshold set in the corresponding radio NIC.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
17/79
Extra: RTS/CTS
Hc vin mng Bach Khoa - Website: www.bkacad.com 17
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
18/79
Configurable Parameters for Wireless Endpoints
Hc vin mng Bach Khoa - Website: www.bkacad.com 18
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
19/79
Configurable Parameters for Wireless Endpoints
If there are three adjacent access points, use channels 1, 6, and 11. Ifthere are just two, select any two that are five channels apart, such aschannels 5 and 10.
Hc vin mng Bach Khoa - Website: www.bkacad.com 19
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
20/79
802.11 Topologies: Ad hoc Network
Hc vin mng Bach Khoa - Website: www.bkacad.com 20
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
21/79
802.11 Topologies: Infrastructure
Basic Service Sets
Hc vin mng Bach Khoa - Website: www.bkacad.com 21
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
22/79
802.11 Topologies: Infrastructure
Extended Service Sets
Hc vin mng Bach Khoa - Website: www.bkacad.com 22
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
23/79
Extra: Roaming
Hc vin mng Bach Khoa - Website: www.bkacad.com 23
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
24/79
Extra: Roaming
Hc vin mng Bach Khoa - Website: www.bkacad.com 24
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
25/79
Extra: Scanning
The 802.11 standard defines both passive and active scanning,whereby a radio NIC searches for access points.
Passive scanning is mandatory where each NIC scans individualchannels to find the best access-point signal. Periodically, accesspoints broadcast a beacon, and the radio NIC receives these beaconswhile scanning and takes note of the corresponding signal strengths.The beacons contain information about the access point, includingSSID and supported data rates. The radio NIC can use this information
Hc vin mng Bach Khoa - Website: www.bkacad.com 25
along with the signal strength to compare access points and decide onwhich one to use.
Active scanning is similar, except the radio NIC initiates the processby broadcasting a probe frame, and all access points within rangerespond with a probe response. Active scanning enables a radio NIC to
receive immediate response from access points, without waiting for abeacon transmission. The issue, however, is that active scanningimposes additional overhead on the network because of thetransmission of probe and corresponding response frames.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
26/79
Client and Access Point Association
Beacon
Hc vin mng Bach Khoa - Website: www.bkacad.com 26
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
27/79
Client and Access Point Association
Hc vin mng Bach Khoa - Website: www.bkacad.com 27
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
28/79
Client and Access Point Association
Step 3 - 802.11 Association
Hc vin mng Bach Khoa - Website: www.bkacad.com 28
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
29/79
Extra: Authentication and Association
Hc vin mng Bach Khoa - Website: www.bkacad.com 29
Open Authentication and Shared Key Authentication are the two methodsthat the 802.11 standard defines for clients to connect to an access point.
The association process can be broken down into three elements:1. Probe2. Authentication
3. Association.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
30/79
Extra: Open Authentication
Hc vin mng Bach Khoa - Website: www.bkacad.com 30
The Open Authentication method performs the entire authenticationprocess in clear text.
Open Authentication is basically a null authentication, which meansthere is no verification of the user or machine.
Open Authentication is usually tied to a WEP key. A client canassociate to the access point with an incorrect WEP key or even noWEP key. A client with the wrong WEP key will be unable to send orreceive data, since the packet payload will be encrypted.
Keep in mind that the header is not encrypted by WEP. Only thepayload or data is encrypted.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
31/79
Extra: Shared Key Authentication
Hc vin mng Bach Khoa - Website: www.bkacad.com 31
Shared Key Authentication works similarly to Open Authentication,except that it uses WEP encryption for one step.
Shared key requires the client and the access point to have the sameWEP key.
An access point using Shared Key Authentication sends a challengetext packet to the client. If the client has the wrong key or no key, it willfail this portion of the authentication process. The client will not beallowed to associate to the AP.
Shared key is vulnerable to a man-in-the-middle attack, so it is notrecommended.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
32/79
Extra: ARS
When a source node sends a frame, the receiving node returns a
Hc vin mng Bach Khoa - Website: www.bkacad.com 32
.
This can cause consumption of50%of the available bandwidth. This overhead when combined with the collision avoidance protocol
overhead reduces the actual data throughput to a maximum of 5.0 to5.5 Mbpson an 802.11b wireless LAN rated at 11 Mbps.
Performance of the network will also be affected by signal strength anddegradation in signal quality due to distance or interference.
As the signal becomes weaker, Adaptive Rate Selection (ARS) maybe invoked and the transmitting unit will drop the data rate from 11Mbps to 5.5 Mbps, from 5.5 Mbps to 2 Mbps or 2 Mbps to 1 Mbps.
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
33/79
Planning the Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 33
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
34/79
Planning the Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 34
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
35/79
Planning the Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 35
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
36/79
Planning the Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 36
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
37/79
Activity 7.1.5.2
Hc vin mng Bach Khoa - Website: www.bkacad.com 37
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
38/79
Activity 7.1.5.2
Hc vin mng Bach Khoa - Website: www.bkacad.com 38
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
39/79
Wireless LAN Security
Hc vin mng Bach Khoa - Website: www.bkacad.com 39
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
40/79
Wireless LAN Security Threats
Unauthorized Access
Hc vin mng Bach Khoa - Website: www.bkacad.com 40
S
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
41/79
Wireless LAN Security Threats
Hc vin mng Bach Khoa - Website: www.bkacad.com 41
Wi l LAN S i Th
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
42/79
Wireless LAN Security Threats
Denial of Service
Hc vin mng Bach Khoa - Website: www.bkacad.com 42
E t S i WLAN
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
43/79
Extra: Securing a WLAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 43
E t SSID
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
44/79
Extra: SSID
Most access points have options like SSID broadcast and allow any
Hc vin mng Bach Khoa - Website: www.bkacad.com 44
. ese eatures are usua y ena e y e au t an ma e t easy
to set up a wireless network. Using the allow any SSID option lets the access point allow
access to a client with a blank SSID. The SSID broadcast sends beacon packets, which advertise the
SSID.
Disabling these two options do not secure the network, since awireless sniffer can easily capture a valid SSID from normal WLANtraffic.
SSIDs should not be considered a security feature.
Wireless Security Protocols
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
45/79
Wireless Security Protocols
Hc vin mng Bach Khoa - Website: www.bkacad.com 45
Extra: Wireless Security Protocols
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
46/79
Extra: Wireless Security Protocols
Hc vin mng Bach Khoa - Website: www.bkacad.com 46
Extra: Encryption Methods
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
47/79
Extra: Encryption Methods
Hc vin mng Bach Khoa - Website: www.bkacad.com 47
Many encryption methods, such as the 802.11 Wired Equivalent Privacy(WEP), are symmetricthat is, the same key that does the encryption is alsothe one that performs the decryption.
If a user activates WEP, the NIC encrypts the payload (frame body and cyclicredundancy check [CRC]) of each 802.11 frame before transmission using anRC4 stream cipher provided by RSA security. The receiving station, such as anaccess point or another radio NIC, performs decryption upon arrival of theframe. As a result, 802.11 WEP only encrypts data between 802.11 stations.Once the frame enters the wired side of the network, such as between access
points, WEP no longer applies.
Extra: Encryption Methods
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
48/79
Extra: Encryption Methods
Hc vin mng Bach Khoa - Website: www.bkacad.com 48
Wi-Fi Protected Access The Wi-Fi Protocol Access (WPA) standard provided by the Wi-Fi
Alliance provides an upgrade to WEP that offers dynamic keyencryption and mutual authentication.
Most wireless vendors now support WPA. WPA clients utilizedifferent encryption keys that change periodically. This makes itmore difficult to crack the encryption.
Wireless Security Protocols
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
49/79
Wireless Security Protocols
Hc vin mng Bach Khoa - Website: www.bkacad.com 49
Wireless Security Protocols
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
50/79
Wireless Security Protocols
Hc vin mng Bach Khoa - Website: www.bkacad.com 50
Wireless Security Protocols
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
51/79
Wireless Security Protocols
Encryption
Hc vin mng Bach Khoa - Website: www.bkacad.com 51
Securing a Wireless LAN
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
52/79
Securing a Wireless LAN
Hc vin mng Bach Khoa - Website: www.bkacad.com 52
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
53/79
Configure Wireless LAN Access
Hc vin mng Bach Khoa - Website: www.bkacad.com 53
Configuring the Wireless Access Point
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
54/79
Configuring the Wireless Access Point
Hc vin mng Bach Khoa - Website: www.bkacad.com 54
Setup: Basic Setup
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
55/79
Setup: Basic Setup
Hc vin mng Bach Khoa - Website: www.bkacad.com 55
Administration: Management
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
56/79
Administration: Management
Hc vin mng Bach Khoa - Website: www.bkacad.com 56
Configuring Basic Wireless Settings
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
57/79
g g g
Hc vin mng Bach Khoa - Website: www.bkacad.com 57
Security Mode
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
58/79
y
Hc vin mng Bach Khoa - Website: www.bkacad.com 58
Select the mode you want to use: PSK-Personal, PSK2-Personal, PSK-Enterprise, PSK2-Enterprise, RADIUS, orWEP.
Mode Parameters
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
59/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 59
Enterprise modes are not configured in this chapter
Configure Encryption and Key
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
60/79
g yp y
Hc vin mng Bach Khoa - Website: www.bkacad.com 60
Configure a wireless NIC: Scan SSID
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
61/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 61
Configure a wireless NIC: Scan SSID
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
62/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 62
Select the Wireless Security Protocol
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
63/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 63
Practice: 7.3.2.4
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
64/79
Troubleshooting
Hc vin mng Bach Khoa - Website: www.bkacad.com 64
Systematic Approach to WLAN Troubleshooting
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
65/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 65
Step 1 - Eliminate the client device as the source of theproblem.
Step 2 - Confirm the physical status of WLAN devices. Step 3 - Inspect wired links.
Updating the Access Point Firmware
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
66/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 66
Incorrect Channel Settings
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
67/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 67
Incorrect Channel Settings: Solution
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
68/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 68
Solving RF Interference
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
69/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 69
Solving RF Interference
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
70/79
Site Surveys
Hc vin mng Bach Khoa - Website: www.bkacad.com 70
Site Survey
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
71/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 71
Two categories: Manual and utility assisted. Manual site surveys can include a site evaluation to be followed by a more thorough
utility-assisted site survey. A site evaluation involves inspecting the area with the goal of
identifying potential issues that could impact the network. Specifically, look for thepresence of multiple WLANs, unique building structures, such as open floors andatriums, and high client usage variances, such as those caused by differences in day ornight shift staffing levels.
Note: you do not conduct site surveys as part of this course
Access Point Misplacement
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
72/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 72
Access Point Misplacement: Solution
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
73/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 73
Access Point Misplacement: Solution
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
74/79
Ensure that access points are not mounted closer than 7.9 inches (20cm) from the body of all persons.
Do not mount the access point within 3 feet (91.4 cm) of metalobstructions.
Install the access point away from microwave ovens. Microwave ovensoperate on the same frequency as the access point and can causesignal interference.
Hc vin mng Bach Khoa - Website: www.bkacad.com 74
Always mount the access point vertically (standing up or hangingdown).
Do not mount the access point outside of buildings. Do not mount the access point on building perimeter walls, unless
outside coverage is desired.
When mounting an access point in the corner of a right-angle hallwayintersection, mount it at a 45-degree angle to the two hallways. Theaccess point internal antennas are not omnidirectional and cover alarger area when mounted this way.
Problems with Authentication and Encrytion
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
75/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 75
Problems with Authentication and Encrytion
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
76/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 76
Problems with Authentication and Encrytion
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
77/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 77
Summary
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
78/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 78
8/3/2019 CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
79/79
Hc vin mng Bach Khoa - Website: www.bkacad.com 79