Professional Documents
Culture Documents
Wireless
Overview
Wireless Basics
Hard to believe there was once a time when a laptop or PC had to be
connected to an outlet to access the Internet, isn't it? Wireless is
becoming a larger and larger part of everyday life, to the point where
people expect to be able to access the Net or connect to their network
while eating lunch.
Wireless networks are generally created by configuring Wireless Access
Points (WAP or AP, depending on documentation). If you're connecting
to the Internet or your company's network from a hotel or restaurant,
you're connected to a lily pad network.
Unlike the physical networks we've discussed previously in this course, the
WAPs in a lily pad network can be owned by different companies. The
WAPs create hotspots where Internet access is available to anyone with a
wireless host - and hopefully, a username and password is required as
well!
WAPs are not required to create a wireless network. In an ad hoc WLAN
("wireless LAN"), the wireless devices communicate with no WAP
involved. Ad hoc networks are also called Independent Basic Service Sets
(iBSS or IBSS, depending on whose documentation you're reading).
There are two kinds of infrastructure WLANs. While a Basic Service Set
(BSS) will have a single AP, Extended Service Set WLANs (ESS), have
multiple access points. An ESS is essentially a series of interconnected
BSSes.
Hosts successfully connecting to the WAP in a BSS are said to have
formed an association with the WAP. Forming this association usually
requires the host to present required authentication and/or the correct
Service Set Identifier (SSID). The SSID is the public name of the wireless
network. SSIDs are case-sensitive text strings and can be up to 32
characters in length.
Creating An Association
There's quite a bit going on when a client forms an association with an
AP, but here's an overview of the entire process. The client is going to
transmit Probe Requests, and in turn the AP response with Probe
Responses.
Basically, the Probe Request is the client yelling "Anybody out there?"
and the Probe Response is the AP saying "I'm Over Here!"
When the client learns about the AP, the client then begins the process of
association. The exact information the client sends depends on the
configuration of the client and the AP, but it will include authentication
information such as a pre-shared key.
If the client passes the authentication process, the AP then records the
client's MAC address and accepts the association with the client.
Roamin', Roamin', Roamin'
APs can also be arranged in such a way that a mobile user, or roaming
user, will (theoretically) always be in the provider's coverage area. Those
of us who are roaming users understand the "theoretical" part!
Roaming is performed by the wireless client. Under certain circumstances
that we'll discuss in just a moment, the client will actively search for
another AP with the same SSID as the AP it's currently connected to.
There are two different methods the client can use to find the next AP active scanning and passive scanning. With active scanning, the client
sends Probe Request frames and then waits to hear Probe Responses. If
multiple Probe Responses are heard, the client chooses the most
appropriate WAP to use in accordance with vendor standards.
Passive scanning is just what it sounds like - the client listens for beacon
frames from APs. No Probe Request frames are sent.
Roaming networks use multiple APs to create overlapping areas of
coverage called cells. While your signal may occasionally get weak near
the point of overlapping, the ESS allows roaming users to hit the network
Why would the data rate change? With wireless, the lower the data rate,
the greater the range. The 802.11 standard will automatically reduce the
data rate as the association with an AP deteriorates.
L2 Roaming vs. L3 Roaming
The difference between the two is straightforward - L2 roaming is
performed when the APs the client is roaming are on the same IP subnet,
while L3 roaming occurs when the APs are on different IP subnets.
Service Set Identifier (SSID)
When you configure a name for your WLAN, you've just configured a
SSID. The SSID theory is simple enough - if the wireless client's SSID
matches that of the access point, communication can proceed. The SSID
is case-sensitive and it has a maximum length of 32 characters.
universally with wireless NICs, but not with all early APs.
When the IEEE issued 802.11i, the Wi-Fi Alliance improved the original
WPA standards, and came up with WPA2. As you might expect, not all
older wireless cards will work with WPA2.
To put it lightly, both WPA and WPA2 are major improvements over
WEP. Many wireless devices, particularly those designed for home use,
offer WEP as the default protection - so don't just click on all the defaults
when you're setting up a home wireless network! The WPA or WPA2
password will be longer as well - they're actually referred to as
passphrases. Sadly, many users will prefer WEP simply because the
password is shorter.
Wireless Networking Standards, Ranges, and Frequencies
Along with the explosion of wireless is a rapidly-expanding range of
wireless standards. Some of these standards play well together, others
do not. Let's take a look at the wireless standards you'll need to know to
pass the exam and to work with wireless in today's networks.
The standards listed here are all part of the 802.11x standards developed
by the IEEE.
802.11a has a typical data rate of 25 MBPS, but can reach speeds of 54
MBPS. Indoor range is 100 feet. Operating frequency is 5 GHz.
802.11b has a typical data rate of 6.5 MBPS, but can reach speeds of 11
MBPS. Indoor range is 100 feet. Operating frequency is 2.4 GHz.
802.11g has a typical data rate of 25 MBPS, a peak data rate of 54
MBPS, and an indoor range of 100 feet. Operating frequency is 2.4 GHz.
802.11g is fully backwards-compatible with 802.11b, and many routers
and cards that use these standards are referred to as "802.11b/g", or just
"b/g". .11g and .11b even have the same number of non-overlapping
channels (three).
You can have trouble with 802.11g from an unexpected source - popcorn!
Well, not directly, but microwave ovens also share the 2.4 GHz band, and
the presence of a microwave in an office can actually cause connectivity
issues. (And you thought they were just annoying when people burn
popcorn in the office microwave!) Solid objects such as walls and other
buildings can disturb the signal in any bandwidth.
802.11n has a typical data rate of 200 MBPS, a peak data rate of 540
MBPS, and an indoor range of 160 feet. Operating frequency is either 2.4
GHz or 5 GHz.
Infrared Data Association (IrDA)
The IrDA is another body that defines specifications, but the IrDA is
concerned with standards for transmitting data over infrared light. IrDA 1.0
only allowed for a range of 1 meter and transmitted data at approximately
115 KBPS. The transmission speed was greatly improved with IrDA 1.1,
which has a theoretical maximum speed of 4 MBPS. The two standards
are compatible.
Keep in mind that neither IrDA standard has anything to do with radio
frequencies - only infrared light streams.
The IrDA notes that to reach that 4 MBPS speed, the hardware must be
1.1 compliant, and even that might not be enough - the software may have
to be modified as well. Which doesn't sound like fun.
Antenna Types
A Yagi antenna (technically, the full name is "Yagi-Uda antenna") sends its
signal in a single direction, which means it must be aligned correctly and
kept that way. Yagi antennas are sometimes called directional antennas,
since they send their signal in a particular direction.
Avoidance).
Let's walk through an example of Wireless LAN access, and you'll see
where the "avoidance" part of CSMA/CA comes in.
The foundation of CSMA/CA is the Distributed Coordination Function
(DCF). The key rule of DCF is that when a station wants to send data,
the station must wait for the Distributed Interframe Space (DIFS) time
interval to expire before doing so. In our example, Host A finds the
wireless channel to be idle, waits for the DIFS timer to expire, and then
sends frames.
Host B and Host C now want to send frames, but they find the channel to
be busy with Host A's data.
The potential issue here is that Host B and Host C will simultaneously
realize Host A is no longer transmitting, so they will then both transmit,
which will lead to a collision. To help avoid (there's the magic word!) this,
DCF requires stations finding the busy channel to also invoke a random
timer before checking to see if the channel is still busy.
In DCF-speak, this random amount of time is the Backoff Time. The
formula for computing Backoff Time is beyond the scope of the exam, but
the computation does involve a random number, and that random value
helps avoid collisions.
The Cisco Compatible Extensions Program
When you're looking to start or add to your wireless network, you may just
wonder....
"How The $&!(*% Can I Figure Out Which Equipment Supports Which
Features?"
A valid question!
Thankfully, Cisco's got a great tool to help you out - the Cisco Compatible
Extension (CCX) website. Cisco certification isn't just for you and I - Cisco
also certifies wireless devices that are guaranteed to run a desired
wireless feature.
The website name is a little long to put here, and it may well change, so I
recommend you simply enter "cisco compatible extension" into your
favorite search engine - you'll find the site quickly. Don't just enter "CCX"
in there - you'll get the Chicago Climate Exchange. I'm sure they're great
at what they do, but don't trust them to verify wireless capabilities!
Lightweight Access Points and LWAPP
Originally, most access points were autonomous - they didn't depend on
any other device in order to do its job. The BSS we looked at earlier in
this section was a good example of an autonomous AP.
The problem with autonomous APs is that as your wireless network grows
- and it will! - it becomes more difficult to have a uniform set of policies
applied to all APs in your network. It's imperative that each AP in your
network enforce a consistent policy when it comes to security and Quality
of Service - but sometimes this just doesn't happen.
Many WLANs start small and end up being not so small! At first,
centralizing your security policies doesn't seem like such a big deal,
especially when you've only got one access point.
As your network grows larger and more access points are added, having
a central policy does become more important. The more WAPs you have,
the bigger the chance of security policies differing between them - and the
bigger the chance of a security breach.
Let's say you add two WAPs to the WLAN network shown above. Maybe
they're configured months apart, maybe they're configured by different
people - but the result can be a radically different set of security
standards.
We've now got three very different WLAN security protocols in place, and
the difference between the three is huge, as you'll soon see. Depending
on which WAP the laptop uses to authenticate to the WLAN, we could
have a secure connection - or a very non-secure connection.
This simple example shows us the importance of a standard security
policy, and that's made possible through the concept of the Cisco Unified
Wireless Network, which has two major components - Lightweight Access
Points (LAP or WLAP) and WLAN Controllers (WLC).
The WLC brings several benefits to the table:
If that doesn't work, the entire process begins again with the LAP sending
a DHCP Discovery message.
Now the LAP needs to associate with one of the WLCs it has discovered.
To do so, the LAP sends a LWAPP Join Request, and the WLC returns a
LWAPP Join Response.
How does the LAP know where to send that LWAPP Join Request? After
receiving an IP address of its own via DHCP, the LAP must learn the IP
address of the WLC via DHCP or DNS. To use DHCP, the DHCP Server
must be configured to use DHCP Option 43.
When Option 43 is in effect, the DHCP Server will include the IP
addresses of WLCs in the Option 43 field of the DHCP Offer packet. The
LAP can then send L3 LWAPP Discovery Request messages to each of
the WLCs.
The LAP can also broadcast that Join Request to its own IP subnet, but
obviously that's only going to work if the WLC is actually on the subnet
local to the LAP.
Once this Join has taken place, a comparison is made of the software
revision number on both the LAP and WLC. If they have different
versions, the LAP will download the version stored on the WLC.
There will be two forms of traffic exchanged between the LAP and WLC:
Control traffic
Data traffic
LWAPP uses secure key distribution to ensure the security of the control
connection between the two - the control messages will be both encrypted
and authenticated. The encryption is performed by the AES-CCM
protocol. (The previously mentioned LWAPP Join Request and Response
messages are not encrypted.)
The data packets passed between the LAP and WLC will be LWAPPencapsulated - essentially, LWAPP creates a tunnel through which the
data is sent - but no other encryption or security exists by default.
Just as we had L2 and L3 roaming, we also have LWAPP L2 and L3
mode. A lightweight AP will first use LWAPP L2 mode to attempt to
locate a WLC; if none is found, the AP will then use LWAPP L3 mode.
Many networks will have more than one WLC, which is great for
redundancy, but how does the AP decide which WLC to associate with if it
finds more than one? The AP will simply use the WLC with the fewest
associated APs. This prevents one WLC from being overloaded with
associations while another WLC in the same network remains relatively
idle.
Many Cisco Aironet access points can operate autonomously or as an
LAP. Here are a few of those models:
1230 AG Series
1240 AG Series
1130 AG Series
Sounds simple enough, but there are some serious restrictions to APs that
have been converted from Autonomous mode to Lightweight mode.
Courtesy of Cisco's website, here are the major restrictions:
Roaming users cannot roam between Lightweight and Autonomous
APs.
Wireless Domain Services (WDS) cannot support APs converted
from Autonomous to Lightweight. Those Lightweight APs will use
WLCs, as we discussed earlier.
The console port on a converted Lightweight AP is read-only.
Converted APs do not support L2 LWAPP.
Converted APs must be assigned an IP address and discover the IP
address of the WLC via one of three methods:
DNS
DHCP
A broadcast to its own IP subnet
You can telnet into lightweight APs if the WLC is running software
release 5.0 or later.
You can convert the Lightweight AP back to Autonomous mode.
Check Cisco's website for directions. If tech forums are any
indication, this can be more of an art form than a science.
Some other Aironet models have circumstances under which they cannot
operate as LAPs - make sure to do your research before purchasing!
The Cisco Wireless Control System and Wireless Location Appliance
The examples in this section have shown only one WLC, but it's common
to have more than one in a wireless network, due to either the sheer
number of LAPs and/or the desire for redundancy. We don't want our
entire wireless network to go down due to a WLC issue and a lack of a
backup!
To monitor those WLCs and the LAPs as well, you can use the Cisco
Wireless Control System. There's a little hype in this description, but
here's how Cisco's website describes the WCS:
"The Cisco WCS is an optional network component that works in
conjunction with Cisco Aironet Lightweight Access Points, Cisco wireless
LAN controllers and the Cisco Wireless Location Appliance.
With Cisco WCS, network administrators have a single solution for RF
prediction, policy provisioning, network optimization, troubleshooting, user
tracking, security monitoring, and wireless LAN systems management.
Robust graphical interfaces make wireless LAN deployment and
operations simple and cost-effective. Detailed trending and analysis
reports make Cisco WCS vital to ongoing network operations.
Cisco WCS includes tools for wireless LAN planning and design, RF
management, location tracking, Intrusion Prevention System (IPS), and
wireless LAN systems configuration, monitoring, and management. "
The Wireless Location Appliance mentioned in that description actually
tracks the physical location of your wireless network users.
The Location Appliance And RF Fingerprinting
Your fingerprints can prove who you are; they can also prove who you are
not. In a similar vein, a device's RF Fingerprint can prove that it is a
legitimate access point - or prove that it is not!
All of the devices in our WLAN have a role in RF Fingerprinting. The APs
themselves will collect Received Signal Strength Indicator information, and
will send that information to the WLAN Controller (WLC) via LWAPP.
In turn, the WLAN Controller will send the RSSI information it receives
from the APs to the Location Appliance. Note that Simple Network
Management Protocol is used to do this; make sure not to block SNMP
communications between the two devices.
Not much of a choice there! CiscoWorks WLSE has quite a few features
to help make our WLANs run smoothly:
There are two versions of WLSE. The full version (generally referred to
as simply "WLSE") can manage a maximum of 2500 devices. WLSE
Express is for smaller networks that have 100 or fewer devices to
manage.
If you're using WLSE Express, you'll need to set up an AAA server.
Once the deployment is complete, the infrastructure APs are
communicating with the WDS AP, and the WDS AP is in turn sending any
necessary information to CiscoWorks WLSE.
The limit on the number of APs is determined by the device in use as the
WDS:
Remember that all limits are theoretical and your mileage may vary!
Wireless Repeaters
You don't see many "wired" repeaters in today's networks, but wireless
repeaters are a common sight in today's wireless networks.
From the Linksys website, here's their description / sales pitch for one of
their wireless repeaters:
"Unlike adding a traditional access point to your network to expand
wireless coverage, the <wireless repeater > does not need to be
connected to the network by a data cable. Just put it within range of your
main access point or wireless router, and it "bounces" the signals out to
remote wireless devices.
This "relay station" or "repeater" approach saves wiring costs and helps to
build wireless infrastructure by driving signals into even those distant,
reflective corners and hard-to-reach areas where wireless coverage is
spotty and cabling is impractical."
We all know that when it comes to range and throughput capabilities,
vendors do tend to state maximum values. Having said that, the following
values are commonly accepted as true when it comes to wireless
repeaters.
The overlap of coverage between a wireless repeater and a wired AP
should be much greater than the overlap between two APs. The
repeater and AP coverage should overlap by at least 50 percent.
From personal experience, I can vouch for the fact that this is a
minimum.
The repeater must use the same RF channel as the wired AP, and
naturally must share the same SSID.
Since the repeater must receive and repeat every frame on the same
channel, there is a sharp decrease in overall performance. You
should expect the throughput to be cut by about 50%.
An Autonomous AP can serve as a wireless repeater, but a
Lightweight AP cannot.
The Cisco Aironet Desktop Utility
The ADU is a very popular choice for connecting to APs, so let's take a
detailed look at our options with this GUI. As you'll see in the following
pages, the ADU allows us to do the following:
Configure an encryption scheme
Establish an association between the client and one or more APs, as
well as listing the APs in order of preference for that association
Configure authentication methods and passphrases
Enable or disable the local client's radio capabilities
The install process is much like any other software program, but here's a
specific warning I'd like you to see.
After clicking Next, you'll be prompted to decide if you're using the ADU or
the Microsoft tool. While the MS tool is okay - you can still see the Tray
Utility, which we'll discuss later, and perform some other basic tasks using the ADU does give you config options and capabilities that the MS
tool does not.
For example, you can use disable the radio capability of the client with the
ADU, but not with the Microsoft tool. I've used both and I much prefer the
ADU.
Once the install's done, we launch ADU, which opens to the Current
Status tab.
Note: If you print this section, you may see some choices that look lighter
than others. That simply means they're grayed out in the application, and
it's a good idea to note when certain choices are available and when
they're not!
One limitation of this particular software is that only one card can be used
at a time - but we can create up to 16 profiles! This allows you to create
one profile for office use, another for home, another for hot spots, etc.
In this example, we'll look at the options for modifying the Default profile.
After clicking Modify, we'll see these tabs:
The Security tab is what we're most interested in, since we have quite a
few options there. Here's the default setting...None.
In ADU, all drop-down and check boxes are only enabled if they're related
to the security option you've chosen. Since None is selected by default,
everything else on the screen is disabled.
Clicking Configure presents us with only one option, and it's the one we'd
expect.
Note the WPA/WPA2/CCKM EAP selections are still disabled, but the
dot1x EAP window is now enabled. If we click Configure, the EAP
choices are the same as they were when we selected WPA/WPA2/CCKM
EAP - except for Host-Based EAP, which is only available with 802.1x.
The previous methods have the authentication server generate a key and
then pass that key to the client, but what if we want to configure the keys
Naturally, a WEP key configured here must match that of the AP you want
the client to associate with. Ad Hoc networks are fairly rare today, but if
you're working without an IP and using WEP keys, the key must be
agreed upon by each client in the Ad Hoc network. (This tends to be the
trickiest part of configuring an Ad Hoc network!)
A couple of points to remember from the Security Options tab..
The default is None
Drop-down boxes are enabled only if you choose an option related to
that box - when we chose WPA/WPA2/CCKM, the dot1x EAP box
was disabled, and vice versa
The Advanced tab has some options that you'll generally leave at the
defaults, but let's take a look at them anyway!
If you want to list your APs in order of preference, click Preferred APs and
then enter their MAC addresses in the following fields.
Configuring preferred APs does not mean that your client is limited to
these APs. If your client is unable to form an association with any APs
specified here, the client can still form an association with other APs.
A reminder - you can still see the ASTU if you're working with the
Microsoft utility, but the ADU's overall capabilities are diminished.
Naturally, Cisco recommends you use the ADU. Having used both, I
agree!
The only problem with the ASTU is that the colors aren't exactly intuitive,
so we better know what they mean. Here's a list of ASTU icon colors and
their meanings.
Red - This does not mean that you don't have a connection to an access
point! It means that you do have connectivity to an AP, and you are
authenticated via EAP if necessary, but that the signal strength is low.
WLAN Controllers are no exception. The GUI is actually built into the
controller, and allows up to five admins to browse the controller
simultaneously.
Real-world note: If you're on a controller with four other admins, make
sure you're all talking to each other while you're on there. Nothing more
annoying than configuring something and having someone else remove
the config.
The GUI allows you to use HTTP or HTTPS, but Cisco recommends you
enable only HTTPS and disable HTTP access.
To enable or disable HTTP access, use the config network webmode
( enable / disable) command.
To enable or disable HTTPS access, use the config network secureweb
(enable / disable) command.
Cisco has an excellent online PDF you can use as a guide to get started
with a WLAN controller configuration - how to connect, console default
settings, etc. Links tend to change so I will not post it here, but to get a
copy, just do a quick search on "cisco wireless lan controller configuration
guide". It's not required reading for the exam, but to learn more about
WLAN controllers, it's an excellent read.
An Introduction To Mesh Networks - And An Age-Old Problem
A wireless mesh network is really just what it sounds like - a collection of
access points that are logically connected in a mesh topology, such as the
following.
Real-world note: Not all APs can serve as a mesh AP. The most popular
mesh AP today is probably the Cisco Aironet 1500 series.
This is obviously a very small mesh network, but several APs have
multiple paths to the AP that has a connection to the WLC. From our
CCNA studies, we already know that we need a protocol to determine the
optimal path - and it's not the Spanning Tree Protocol.
The Cisco-proprietary Adaptive Wireless Path Protocol (AWPP) will
discover neighboring APs and decide on the best path to the wired
network by determining the quality of each path and choosing the highestquality path.
Much like STP, AWPP will continue to run even after the optimal path (the
"root path") to the wired network from a given AP is chosen. AWPP will
continually calculate the quality of the available paths, and if another path
becomes more attractive, that path will be chosen as the root path.
Likewise, if the root path becomes unavailable, AWPP can quickly select
another root path.
Avoid A Heap Of Trouble With H-REAP
The almost-ridiculously named Hybrid Remote Edge Access Point can
really help a remote location keep its wireless access when its access
point loses sight of its Controller.
The H-REAP is an atypical controller-based AP. When your average AP
can't see its own WLC any longer, it can't offer wireless to its clients.