H A N O I C T T N E T W O R K I N G A C A D E M Y CCNA Exploration (640-802) w w w .hanoictt.com Wireless LAN H A N O I C T T N E T W O R K I N G A C A D E M Y CCNA Exploration (640-802) w w w .hanoictt.com Objectives In this chapter, you will learn to: • Wireless LAN Concepts • Deploying WLANs • Wireless LAN Security
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Objectives
In this chapter, you will learn to:• Wireless LAN Concepts• Deploying WLANs• Wireless LAN Security
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN (WLAN)• A WLAN is a shared network.• An access point is a shared
device and functions like a shared Ethernet hub.
• Data is transmitted over radiowaves.
• Two-way radio communications (half-duplex) are used.
• To arbitrate the use of the frequency, WLANs use the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)algorithm to enforce HDX logic and avoid as many collisions as possible.
• The same radio frequency is used for sending and receiving (transceiver).
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
What Are WLANs?
They are:• Local• In building or campus for
mobile users• Radio or infrared• Not required to have RF
licenses in most countries• Using equipment owned by
customers
They are not:• WAN or MAN networks• Cellular phones networks• Packet data transmission
via celluar phone networks– Cellular digital packet
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Similarities Between WLAN and LAN• A WLAN is an 802 LAN.
– The IEEE defines standards for both, using the IEEE 802.3 family for Ethernet LANs and the 802.11 family for WLANs.
– Transmits data over the air vs. data over the wire– Looks like a wired network to the user – Defines physical and data link layer– Both define a frame format with a header and trailer, with the
header including a source and destination MAC address field, each 6 bytes in length.
– Both define rules about how the devices should determine when they should send frames and when they should not.
• The same protocols/applications run over both WLANs and LANs. – IP (network layer)– IPSec VPNs (IP-based)– Web, FTP, SNMP (applications)
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Differences Between WLAN and LAN
• WLANs use radio waves as the physical layer.– WLANs use CSMA/CA instead of CSMA/CD to access the network.
• Radio waves have problems that are not found on wires.– Connectivity issues.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Different WLAN Modes and Names
Multiple APs create one wirelessLAN, allowing roaming and a largercoverage area.
Extended ServiceSet (ESS)
Infrastructure(more than one AP)
A single wireless LAN created with an AP and all devices that associate with that AP
Basic Service Set (BSS)
Infrastructure(one AP)
Allows two devices to communicate directly. No AP is needed.
Independent Basic Service Set (IBSS)
Ad hoc
Name DescriptionService SetMode
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• WLANs transmit data at Layer 1 by sending and receiving radio waves• Many electronic devices radiate energy at varying frequencies. To prevent
the energy radiated by one device from interfering with other devices, national government agencies, regulate and oversee the frequency ranges that can be used inside that country. For example, Radio Frequency Directorate (RFD) in the Vietnam regulates the electromagnetic spectrum of frequencies.
• The wider the range of frequencies in a frequency band, the greater the amount of information that can be sent in that frequency band
• Unlicensed frequencies can be used by all kinds of devices; however, the devices must still conform to the rules set up by the regulatory agency. In particular, a device using an unlicensed band must use power levels at or below a particular setting. Otherwise, the device might interfere too much with other devices sharing that unlicensed band
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• ISM (Industry, Scientific, and Medical) bands: 900 MHz and 2.4 GHz
• U-NII (Unlicensed National Information Infrastructure) bands: 5GHz
• No license required
• No exclusive use • Best effort• Interference and degradation are
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• It is important to know the names of three general classes of encoding, in part because the type of encoding requires some planning and forethought for some WLANs.
• Frequency Hopping Spread Spectrum (FHSS):– Uses all frequencies in the band, hopping to different ones. – By using slightly different frequencies for consecutive transmissions,
a device can hopefully avoid interference from other devices that use the same unlicensed band, succeeding at sending data at some frequencies.
– The original 802.11 WLAN standards used FHSS, but the current standards (802.11a, 802.11b, and 802.11g) do not.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• Direct Sequence Spread Spectrum (DSSS) followed as the next general class of encoding type for WLANs.– Designed for use in the 2.4 GHz unlicensed band, – Uses one of several separate channels or frequencies.– This band has a bandwidth of 82 MHz, with a range from 2.402 GHz to
2.483 GHz. As regulated by the FCC, this band can have 11 (NorthAmerica) or 13 (Europe) different overlapping DSSS channels.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• The devices in one BSS (devices communicating through one AP) can send at the same time as the other two BSSs and not interfere with each other, because each uses the slightly different frequencies of the nonoverlapping channels
Using Nonoverlapping DSSS 2.4-GHz Channels in an ESS WLAN
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• The last of the three categories of encoding for WLANs is called Orthogonal Frequency Division Multiplexing (OFDM). Like DSSS, WLANs that use OFDM can use multiple nonoverlapping channels.
• NOTE: The emerging 802.11n standard uses OFDM as well as multiple antennas, a technology sometimes called multiple input multiple output (MIMO).
Encoding Classes and IEEE Standard WLANs
802.11aOrthogonal Frequency Division Multiplexing (OFDM)
802.11Frequency Hopping Spread Spectrum (FHSS)What It Is Used ByName of Encoding Class
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• Radio frequencies are radiated into the air via an antenna, creating radio waves. The following factors influence the transmission of radiowaves:– Reflection: Occurs when RF waves bounce off objects (for
example, metal or glass surfaces).– Scattering: Occurs when RF waves strike an uneven surface (for
example, a rough surface) and are reflected in many directions.– Absorption: Occurs when RF waves are absorbed by objects (for
example, walls).• Additionally, wireless communication is impacted by other radio
waves in the same frequency range.• One key measurement for interference is the Signal-to-Noise Ratio
(SNR). This calculation measures the WLAN signal as compared to the other undesired signals (noise) in the same space. The higher the SNR, the better the WLAN devices can send data successfully.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)
• A WLAN coverage area is the space in which two WLAN devices can successfully send data. The coverage area created by a particular AP depends on many factors:
– The transmit power by an AP or WLAN NIC cannot exceed a particular level based on the regulations from regulatory agencies such as the FCC
– The materials and locations of the materials near the AP
• NOTE: The power of an AP is measured based on the Effective Isotropic Radiated Power (EIRP) calculation. This is the radio’s power output, plus the increase in power caused by the antenna, minus any power lost in the cabling. In effect, it’s the power of the signal as it leaves the antenna.
Coverage Area, Speed, and Capacity
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless Transmissions (Layer 1)WLAN Speed and Frequency Reference
35Same as 802.11.a
54802.11g
1256, 9, 12, 18, 24, 36, 48
54802.11a
32.41, 2, 5.511802.11b
NonoverlappingChannels
Frequency(GHz)
Other Speeds (Mbps)
Maximum Speed (Mbps)
IEEE Standard
• The speeds listed in bold text are required speeds according to the standards. The other speeds are optional.
• NOTE: The original 802.11 standard supported speeds of 1 and 2 Mbps.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Media Access (Layer 2)• The solution to the media access problem with WLANs is to use the carrier sense
multiple access with collision avoidance (CSMA/CA) algorithm. • However, CSMA/CA does not prevent collisions, so the WLAN standards must have a
process to deal with collisions when they do occur. • Because the sending device cannot tell if its transmitted frame collided with another
frame, the standards all require an acknowledgment of every frame. Each WLAN device listens for the acknowledgment, which should occur immediately after the frame is sent. If no acknowledgment is received, the sending device assumes that the frame was lost or collided, and it resends the frame.
– Step 1: Listen to ensure that the medium (space) is not busy (no radio waves currently are being received at the frequencies to be used).
– Step 2: Set a random wait timer before sending a frame to statistically reduce the chance of devices all trying to send at the same time.
– Step 3: When the random timer has passed, listen again to ensure that the medium is not busy. If it isn’t, send the frame.
– Step 4: After the entire frame has been sent, wait for an acknowledgment.– Step 5: If no acknowledgment is received, resend the frame, using CSMA/CA
logic to wait for the appropriate time to send again.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN Implementation ChecklistThe following basic checklist can help guide the installation of a new BSS WLAN:• Step 1: Verify the Existing Wired Network
– Verify that the existing wired network works, including DHCP services, VLANs, and Internet connectivity.
• Step 2: Install and Configure the AP’s Wired and IP Details– Install the AP and configure/verify its connectivity to the wired
network, including the AP’s IP address, mask, and default gateway.• Step 3: Configure the AP’s WLAN Details
– Configure and verify the AP’s wireless settings, including Service Set Identifier (SSID), but no security.
• Step 4: Install and Configure One Wireless Client– Install and configure one wireless client (for example, a laptop), again
with no security.• Step 5: Verify that the WLAN works from the laptop
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN ImplementationStep 1: Verify the Existing Wired Network
For wireless voice networks, an overlap of 15 to 20 percent is recommended.
different non-overlapping or frequencies channels for best performance
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN Implementation
• Just like an Ethernet switch, wireless APs operate at Layer 2 and do not need an IP address to perform their main functions.
• However, just as an Ethernet switch in an Enterprise network should have an IP address so that it can be easily managed, APs deployed in an Enterprise network should also have an IP address.
• In particular, the AP needs an IP address, subnet mask, default gateway IP address, and possibly the IP address of a DNS server.
Step 2: Install and Configure the AP’s Wired and IP Details
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN Implementation
• The following list highlights some of the features mentioned earlier in this chapter that may need to be configured: – IEEE standard (a, b, g, or multiple)– Wireless channel– Service Set Identifier (SSID, a 32-character text identifier for
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN Implementation
• To be a WLAN client, the device simply needs a WLAN NIC that supports the same WLAN standard as the AP.
• When the client starts working, it tries to discover all APs by listening on all frequency channels for the WLAN standards it supports by default.
• WLAN clients may use wireless NICs from a large number of vendors. To help ensure that the clients can work with Cisco APs, Cisco started the Cisco Compatible Extensions Program (CCX).
• With Microsoft operating systems, the wireless NIC may not need to be configured because of the Microsoft Zero Configuration Utility (ZCF). This utility, part of the OS, allows the PC to automatically discover the SSIDs of all WLANs whose APs are within range on the NIC. The user can choose the SSID to connect to. Or the ZCF utility can automatically pick the AP with the strongest signal, thereby automatically connecting to a wireless LAN without the user’s needing to configure anything.
• Note that most NIC manufacturers also provide software that can control the NIC instead of the operating system’s built-in tools such as Microsoft ZCF.
Step 4: Install and Configure One Wireless Client
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wireless LAN Implementation
• if the new client cannot communicate, you might check the following:– Is the AP at the center of the area in which the clients reside?– Is the AP or client right next to a lot of metal?– Is the AP or client near a source of interference, such as a microwave
oven or gaming system?– Is the AP’s coverage area wide enough to reach the client?
• The following list notes a few other common problems with a new installation:– Check to make sure that the NIC and AP’s radios are enabled. In
particular, most laptops have a physical switch with which to enable or disable the radio, as well as a software setting to enable or disable the radio. This allows the laptop to save power (and extend the time before it must be plugged into a power outlet again). It also can cause users to fail to connect to an AP, just because the radio is turned off.
– Check the AP to ensure that it has the latest firmware. AP firmware is the OS that runs in the AP.
– Check the AP configuration—in particular, the channel configuration—to ensure that it does not use a channel that overlaps with other APs in the same location.
Step 5: Verify that the WLAN works from the laptop
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wired Equivalent Privacy (WEP)Open Authentication with Differing WEP Keys
• Open authentication is a null authentication algorithm.• Access control in Open authentication relies on the preconfigured WEP key
on the client and AP. The client and AP must have matching WEP keys to enable them to communicate.
• If the client and AP do not have WEP enabled, there is no security in the BSS. Any device can join the BSS and all data frames are transmitted unencrypted.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wired Equivalent Privacy (WEP)
• The following summarizes the Shared Key authentication process:1. The client sends an authentication request for Shared Key authentication to the
AP.2. The AP responds with a cleartext challenge frame.3. The client encrypts the challenge and responds back to the AP.4. If the AP can correctly decrypt the frame and retrieve the original challenge, the
client is sent a success message.5. The client can access the WLAN.
• The premise behind Shared Key authentication is similar to that of Open authentication with WEP keys as the access control means. The client and AP must have matching keys. The difference between the two schemes is that the client cannot associate in Shared Key authentication unless the correct key is configured
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wired Equivalent Privacy (WEP)
• The main problems were as follows:– Static Preshared Keys (PSK): The key value had to be configured on
each client and each AP, with no dynamic way to exchange the keys without human intervention. As a result, many people did not bother to change the keys on a regular basis, especially in Enterprises with a large number of wireless clients.
– Easily cracked keys: The key values were short (64 bits, of which only 40 were the actual unique key). This made it easier to predict the key’s value based on the frames copied from the WLAN. Additionally, the fact that the key typically never changed meant that the hacker could gather lots of sample authentication attempts, making it easier to find the key.
• Because of the problems with WEP, and the fact that the later standards include much better security features, WEP should not be used today.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
SSID Cloaking and MAC Filtering• Normally, the association process occurs like this:
– Step 1: The AP sends a periodic Beacon frame (the default is every 100 ms) that lists the AP’s SSID and other configuration information.
– Step 2: The client listens for Beacons on all channels, learning about all APs in range.
– Step 3: The client associates with the AP with the strongest signal (the default), or with the AP with the strongest signal for the currently preferred SSID.
– Step 4: The authentication process occurs as soon as the client has associated with the AP.
• SSID cloaking is an AP feature that tells the AP to stop sending periodic Beacon frames. This seems to solve the problem with attackers easily and quickly finding all APs. However, clients still need to be able to find the APs. Therefore, if the client has been configured with a null SSID, the client sends a Probe message, which causes each AP to respond with its SSID. In short, it is simple to cause all the APs to announce their SSIDs, even with cloaking enabled on the APs, so attackers can still find all the APs.
• MAC address filtering: The AP can be configured with a list of allowed WLAN MAC addresses, filtering frames sent by WLAN clients whose MAC address is not in the list. As with SSID cloaking, MAC address filtering may prevent curious onlookers from accessing the WLAN, but it does not stop a real attack. The attacker can use a WLAN adapter that allows its MAC address to be changed, copy legitimate frames out of the air, set its own MAC address to one of the legitimate MAC addresses, and circumvent the MAC address filter.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
The Cisco Interim Solution Between WEP and 802.11i
• The Cisco answer included some proprietary improvements for encryption, along with the IEEE 802.1x standard for end-user authentication. The main features of Cisco enhancements included the following:
– Dynamic key exchange (instead of static preshared keys)– User authentication using IEEE 802.1x– A new encryption key for each packet
• Cisco also added user authentication to its suite of security features. • User authentication means that instead of authenticating the device by checking
to see if the device knows a correct key, the user must supply a username and password. This extra authentication step adds another layer of security. That way, even if the keys are temporarily compromised, the attacker must also know a person’s username and password to gain access to the WLAN.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
Wi-Fi Protected Access (WPA)
• Wi-Fi alliance took the current work-in-progress on the 802.11i committee, made some assumptions and predictions, and defined a de facto industry standard.
• The Wi-Fi Alliance then performed its normal task of certifying vendors’products as to whether they met this new industry standard, calling it Wi-FiProtected Access (WPA).
• WPA essentially performed the same functions as the Cisco proprietaryinterim solution, but with different details. WPA includes the option to use dynamic key exchange, using the Temporal Key Integrity Protocol (TKIP). (Cisco used a proprietary version of TKIP.)
• WPA allows for the use of either IEEE 802.1X user authentication or simple device authentication using preshared keys. And the encryption algorithm uses the Message Integrity Check (MIC) algorithm, again similar to the process used in the Cisco-proprietary solution.
• NOTE: The Cisco-proprietary solutions and the WPA industry standard are incompatible.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)
ww
w.h
an
oic
tt.c
om
IEEE 802.11i and WPA-2
• Like the Cisco-proprietary solution, and the Wi-Fi Alliance’s WPA industry standard, 802.11i includes dynamic key exchange, much stronger encryption, and user authentication. However, the details differ enough so that 802.11i is not backward-compatible with either WPA or the Cisco-proprietary protocols.
• One particularly important improvement over the interim Cisco and WPA standards is the inclusion of the Advanced Encryption Standard (AES) in 802.11i. AES provides even better encryption than the interim Cisco and WEP standards, with longer keys and much more secure encryption algorithms.
• The Wi-Fi Alliance continues its product certification role for 802.11i, but with a twist on the names used for the standard. Because of the success of the WPA industry standard and the popularity of the term “WPA,” the Wi-Fi Alliance calls 802.11i WPA2, meaning the second version of WPA. So, when buying and configuring products, you will more likely see references to WPA2 rather than 802.11i.
H A N O I C T T N E T W O R K I N G A C A D E M YCCNA Exploration (640-802)