Intro: Caso de Estudio Sesion04

Red Enterprise is having trouble with the wireless section of their network. While the wired portion works
fine, the wireless traffic is too slow.

The Scenario:
Red network can be divided in 2 sections: wired and wireless. The 2 sections are connected by Cisco
1811 wireless router (R1) which is also used to route packets to/from The Internet (devices located
outside Reds Network). The wireless traffic is being transmitted clear (no encryption used). The topology
is shown below:

Topology:








Step 1 High Delays and Packet Loss
You get to Reds office and connect to their wireless network using your laptops wireless card. The
association process (between your laptop and Reds Access Point R1) takes longer than usual and you
decide to run a few tests.
Once your laptop is associated with Reds Wireless Access Point (Cisco 1811) you issue a few pings from
it. Pings issued from your laptop to any address (inside Reds network or internet addresses) have hi gh
response time and high loss rate.
You suspect the walls are weakening the signal and decide to move closer to the AP. From a closer spot
you issue the pings again and although the shorter physical distance, the loss rate and delay are still very
high.

Question 1:
Is physical distance relevant when it comes to wireless traffic throughput?
Sitting with your laptop just by the AP and still facing high delays and packet loss, you conclude physical
distance is not the main problem.
You disable the wireless card installed in your laptop and, using your laptops wired card, you connect it to
the wired portion of Reds network. In this situation everything works fine.
In order to have a better understanding of the problem, you need a wireless tool. From your laptop you
run a wireless diagnose tool.
Note: There are a number of free and non-free wireless diagnose tools available on the Internet,
designed to different platforms and different type of Operating Systems.
A wireless diagnose tool is able to scan the medium and provide information about the wireless network.
Wireless diagnose tools usually provide information like a list of open APs, their MAC addresses, SSIDs
and their channels of operation.
After running a wireless diagnose tool in your laptop you learn that there are 10 other wireless Access
Points running in the same building. Because Red Enterprises office is located in a commercial building
and other companies also have a wireless structure installed, the proximity of their APs allows your laptop
to catch their signal too.
Just for the record, you name the APs you found as AP1 through to 10 and since your wireless diagnose
tool gave out the channels of operation of all APs it has found, you compiled the table shown below:

SSID Channel




REDs 11
AP1 11
AP2 9
AP3 11
AP4 11
AP5 9
AP6 1
AP7 11
AP8 9
AP9 11
AP10 11

As you can see on the table above, many APs are using channel 11 to communicate, including Reds.
Because so many APs are using the same channel in the same physical area, the channel 11 is
congested. Although most wireless Access Points are able to scan and select the best channel
automatically, others either dont have this feature or it is disabled.
Because the way wireless access points channels of operation were split (overlapping frequencies
between consecutive APs) it is considered good practice not use consecutive channels when dealing with
neighbor wireless APs.

Question 2:
Give an example of a good channel to be assigned to Red Enterprises AP.


Question 3:
Even though is possible to find a good channel to be statically assigned to Reds AP, why is this not a
good idea?





You connect to the 1811s console port and check its configuration. The relevant portion (the wireless
section) is shown below:
interface Dot11Radio0/0/0 ip address
192.168.1.1 255.255.255.0
ip nat inside ip
virtual-reassembly
!
!
ssid REDs
authentication open
! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 channel 11 station-role root bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source no
bridge-group 1 source-learning
no bridge-group 1 unicast-flooding


Even though the default for Cisco router is to scan the spectrum during the startup for the least congested
channel, the output shown above reveals R1 (Cisco 1811) was configured to operate with 802.11b/g in
channel 11. Because many other APs in the area were also manually configured to operate in channel 11,
the busy channel is slowing down Reds wireless network.

Question 4:
How do you know it is operating on 802.11b/g?
For more information about wireless channels visit:
http://www.cisco.com/en/US/products/hw/routers/ps272/prod_configuration_basics09186a008073f6ec.ht
ml
Still connected to R1s console, you configure the channel selection to its default option which is, as
mentioned before, least congested. The command is listed below:

R1(config)# interface dot0/0/0
R1(config-if)# channel least-congested
R1(config-if)# end

You take a last look at R1s configuration to ensure everything is correct. Below is R1s configuration after
the change (only the relevant portion is shown):
interface Dot11Radio0/0/0 ip address
192.168.1.1 255.255.255.0
ip nat inside ip
virtual-reassembly
!
!




ssid REDs
authentication open
! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0
station-role root bridge-
group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source no
bridge-group 1 source-learning
no bridge-group 1 unicast-flooding

Question 5:
There is no channel information in R1s configuration anymore. Is this correct?
Once the channel was changed you issue a few pings again. None of them is being lost or have high
response delays. The problem was solved.

Step 2 Encryption
Since you are configuring Reds wireless network and they have no encryption, you decide to add a very
basic encryption level.
Note: WEP encryption is considered weak and should NOT be used in current wireless environments.
You configure R1 to encrypt wireless frames using a key based on a protocol named WEP. Even though it
is considered a weak protocol, virtually every wireless client (computers, phones, PDAs, etc) support it.
In order to make it a little more secure, you decide to use 128 bits long WEP key. You also force the client
to know the encryption key by specifying the mandatory keyword. In Cisco routers, WEP keys must be in
hexadecimal.
You connect to R1s console port once more and configure a key which will be used to encrypt all wireless
frames. The commands are listed below:

R1(config)# interface dot0/0/0
R1(config-if)# encryption key 1 size 128bit 0 AFBECD1029384756FED098A1B2 transmit-key
R1(config-if)# encryption mode wep mandatory

Once the commands were entered you take a look at the configuration one more time: (only the relevant
portion is shown)
interface Dot11Radio0/0/0 ip address
192.168.1.1 255.255.255.0
ip nat inside ip
virtual-reassembly
! encryption key 1 size 128bit 0 AFBECD1029384756FED098A1B2 transmit-
key
encryption mode wep mandatory




! ssid REDs
authentication open
! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0 station-role root bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source no
bridge-group 1 source-learning no
bridge-group 1 unicast-flooding


Because you configured R1 to use an encryption key, all Reds clients must be configured with the same
key in order to associate with Reds AP (R1).
Once all Reds wireless clients are configured with the just created key, you issue a few pings and run a
few tests with a wireless diagnose tool. Everything works fine, with no unexpected delays or packet loss.
Note: A famous wireless diagnose tool is named Netstumbler. It is a free tool and runs under MS
Windows. There many other free and non-free tools running under different operational systems
environments. You just have to find the one which best match your needs.