WiFi Fundamentals

 Wi-Fi, or Wireless Fidelity, is freedom: it allows you to connect to

the Internet from your couch at home, a bed in a hotel room or a conference room at work without wires.  Wi-Fi is a wireless technology like a cell phone. Wi-Fi enabled computers send and receive data indoors and out; anywhere within the range of a base station.  Its just as fast as a cable modem connection.  Allows you to access the Internet while on the move ; you can remain online while moving from one area to another, without a disconnection or loss in coverage.

Sample WiFi Illustration

Components required for a SOHO environment 

A PC, laptop or PDA, running Windows 98 or above.

 A wireless PCMCIA card, or a wireless adapter.  A Network Interface Card (optional) - Only if a LAN connection is required)  An Access Point - essentially a compact radio transmitter with an antenna that connects to a wired connection, such as an Ethernet, DSL, or Cable Network.  A valid internet connection.

Components required for a larger environment

 Multiple Access Points - To provide overlapping coverage throughout a site. Access points can be installed almost anywhere. Repeaters can be installed in areas where cabling is difficult.  Network switch - A device that joins multiple computers together. A set of Access Points can be connected to a single network switch.  Wireless LAN bridge (optional) A wireless LAN workgroup bridge enables connection between two different hotspot networks.

Components required for a larger environment

 Authentication and Billing Server Enables control access to the Wi-Fi hotspot network by conducting authentication checks similar to credit card or member ID authentication. Also tracks wireless usage for billing purposes and provides payment transaction services.  Wireless Access Gateway A device which connects wireless subscribers to the wired network. It employs one Ethernet port to interface with the router (network side) and one wireless subscriber port that supports IEEE 802.11b/g standard (subscriber side)

IEEE Wireless Standards

Wireless Standard
Frequency Range Max Speed Max Encryption

802.11b
2.4 2.4835 GHz 11 MBPS 128 bit WEP

802.11g
2.4 2.4835 GHz 54 MBPS 128 bit WEP 3 802.11b, 802.11g Larger networks, small business

802.11a
5.725 - 5.850 GHz 54 MBPS 152 bit WEP 256 bit AES 8 802.11a Large business concerned with security

Discrete Channels 3 Natively Compatible Potential user 802.11b, 802.11g Entry level and home networks

Characteristics of an AP
We use Accton, DAX and SMC Access Points, which support 802.11b/g protocols. AP antennas are either uni-directional (helical and patch) or omnidirectional. The 3 discrete channels are 1, 6 and 11, each has an R/F range of 22MHz. The transmission power of an AP is measured either in Milliwat or DBM
30 mw 67 mw 100 mw 15 dbm 18 dbm 20 dbm

An AP can be identified based on a unique MAC address, an IP address, or an assigned name.

Antenna Basics
 An antenna propagates and receives RF signals from the air and makes them available to the receiver  Frequency Antennas should be tuned to either 2.4 GHz (802.11 b/g) or 5 GHz (802.11a)  Power - Antennas can handle specific amounts of power put out by the transmitter. Antennas are generally rated >1W  Radiation pattern Defines the radio wave propagation of the antenna. An isotropic pattern means the AP transmits radio waves in all directions equally (beach ball pattern)  Gain Represents how well the antenna increases effective signal power, with decibels as unit of measure. For instance, AP transmitting at 100mw with 3 dB gain produces 200mw effective output. dBi is the gain relative to an isotropic source.

Antenna Basics
 SNR (Signal to Noise Ratio) Ratio of amplitude of radio signal to amplitude of noise in a transmission channel. The greater the ratio, the better the transmission.  Receiver sensitivity A measurement of the weakest signal a receiver can receive and still correctly translate it into data.  Omni-directional antennas Propagate RF signals in all directions equally in the horizonal plane, but limit range on the vertical plane. Radiation pattern resembles a doughnut with the antenna at the center of the hole.  Directional antenna - Transmits and receives RF energy more in one direction than others. Radiation pattern is similar to a flashlight or spotlight. The higher gain antennas have a narrower beam width, which limits coverage on the sides of the antennas.

WiFi Security
 Wireless Encryption methods operate strictly between the computer and the AP.  SSID (Service Set ID) A unique identifier that acts as a password when a device tries to connect to an AP. Sent in plain text.  WEP (Wired Equivalent Privacy) Defined in the 802.11b standard. Designed to provide the same kind of security as a wired LAN. Uses a 40 or 64 bit key to encrypt data over radio waves.  WPA (Wifi Protected Access) Provides a higher level of security than WEP. Uses RADIUS authentication and advanced encryption protocols. Will be compatible with the 802.11i standard.  MAC Address Filtering It is possible to program an AP to accept only certain MAC addresses and filter out all others.

Access Point Configuration

 Set the antennas of the AP at right angles to each other, preferably in the horizontal and vertical positions.  They can be configured in the following ways : o Web management Connect the AP to your PC or switch LAN port, and ensure your PC is on the same subnet as the AP. Entering the APs IP Address in your browser will take you to the configuration screen.

o Configuration utility The Access Point CD contains a configuration utility, which can be installed on your PC and used to configure connected APs. o COM port Some APs (DAX, for instance) can be connected to the PC via com port and configured using hyperterminal

Access Point Configuration

Some important configuration parameters are :  IP Address, Subnet mask and default gateway Our access points are in the 10.44 range. A default /8 subnet mask is preferred.  AP name The name should identify the location of the AP.  SSID All APs on an ESS should be set to the same SSID. We use Microsense.  Wireless channel Set to either 1, 6 or 11, as appropriate.  WEP encryption Disabled  DHCP client Disabled, as we assign static IPs to our Access Points.

OS Support for PCMCIA cards

Win XP Win 2000 Win 98

Orinoco

Plug n play

Plug n play

Accton

Drivers required Drivers required

Cisco

Plug n play

Drivers required

Proxim

Drivers required

User authentication in hotels

A user is authenticated and permitted to access the internet based on the MAC address of the PCMCIA card. When the user inserts the PCMCIA card and browses, the signal is picked up by the nearest AP.  The user is taken to a default XML login page, currently hosted on a web server at Microsense Mumbai.  The user selects his hotel name and usage plan, and enters his name and room no.  The MAC address of the card is then added to an accept list and the user is allowed to browse.  Billing details are stored on the hotel PMS (Property Management System) for Taj hotels, and on a central Microsense server for ITC hotels  For subsequent sessions, the MAC address is verified in the list and user is directly allowed to browse.

Manual Authentication
To be used when the Taj login page does not display.  Enter 203.199.75.20/nomxm/index.html in the address bar of your browser.  Click Subscriber Add.  Enter the IP address of the hotels Nomadix Access Gateway, and the MAC address of the PCMCIA card.  Enter the expiration time in hours or minutes.  Click Submit.  Click Cache Update and fill in the Nomadix IP address and card MAC address.  Click Submit.  An OK message is generated after each submit. An ERR message would mean that the details were entered incorrectly. If this occurs, please re-enter the information

Nomadix Access Gateway

AG2000w  This is a wireless gateway that connects the wireless clients on the subscriber end, to the RADIUS server and internet on the network end.  Supports the 802.11 b/g/a protocols.  Contains integrated hotspot connectivity.  Employs one ethernet port to interface with the network side, and one wireless subscriber port that supports 802.11b/g/a.  Supports upto 50 users.

Nomadix Access Gateway

HSG (HotSpot Gateway)
 An Access Gateway designed for small to mediumsized HotSpots. Works with wired as well as wireless clients.  Supports 50 150 users  Employs one fast Ethernet port to interface with the network side, and two fast Ethernet ports to interface with the subscriber side.  Does not contain integrated HotSpot connectivity.

Nomadix Access Gateway

USG (Universal Subscriber Gateway)  Designed for large public-access HotSpots. Works with wireless as well as wired clients.  Supports upto 2000 users.  Contains one fast Ethernet port to interface with the subscriber side, one fast ethernet port to interface with the network side, and two DB9 ports for Management and to a hotels Property Management System.  Does not contain integrated HotSpot connectivity.

Salient features of AG2000 w

 AAA services Enables authentication using an internal or external web server. We use this to direct users to the Taj authentication page.  Access Control Restricts access based on protocols or IP addresses.  DHCP Assigns dynamic IP addresses to Wifi clients from a DHCP pool.  iNAT Provision for a range of external public IP addresses, to allow multiple users to connect over the same VPN  Passthrough addresses Specifies addresses that can circumvent the authentication process  SMTP redirection Allows redirection SMTP email to a local SMTP relay server. This ensures no reconfiguration is required by the user to send mail.

Salient features of AG2000 w

 SNMP Allows SNMP protocol to function, to enable tracking.  DAT This feature allows users with any IP settings (static, dynamic, with any IP address) to connect without reconfiguration.  Subscriber Administration Various options to add, delete a subscriber by username or MAC, and list the current subscribers.  Subscriber interface Allows specification of billing plans, and personalization of subscriber interface if inbuilt AAA is used.  System Various settings to manually add/delete ARP, route settings, MAC filtering etc  Wireless configuration Allows configuration of wireless settings, such as SSID, channel, rate, WEP encryption and others.

Features of a Hub
 Hubs work on the TCP/IP physical layer.  Used to extend an ethernet wire to allow more end stations to communicate with each other, as if they were on the same segment.  Does not manipulate or view the traffic that crosses it.  Devices are on the same collision and broadcast domain.  Devices share the same bandwidth

Bridges and Layer 2 Switches

 Bridges and Layer 2 switches function on the datalink layer.  In a switch, frame-forwarding is handled by specialized hardware called ASICs. They support greater speeds and low latency  Creates a MAC address table based on source address of frames, and uses this to forward frames to the appropriate segment.  All devices are on the same broadcast domain, but on different collision domains.  Switches contain a greater number of ports than bridges.

Ethernet Standards
Thin Ethernet, 10 Base 2 Speed 10 Mbps Thick Ethernet, 10 Base 5 10 Mbps Twisted Fast Gigabit Pair Ethernet, Ethernet, Ethernet, 100 Base T 1000 Base T 10 Base T 10 Mbps 100 Mbps 1000 Mbps

Max Length Cable

185 m

500 m

100 m

100 m

100 m

RG-58 type coax, 50 ohm impedance

RG-58 UTP. RJ- UTP. RJ-45 type coax, 45 Connectors 50 ohm Connector impedance s

UTP. RJ-45 Connectors

Connectors & Connections

RJ-11 Contain 2 or 4 contacts. Used for telephone wires. RJ-45 Contain 8 contacts. Used for Ethernet cables. Straight-through cables RJ-45 connectors on both ends show all of the wires in the same order. Used for : - Switch to router cabling - Switch to PC or server cabling - Hub to PC or Server Crossover cables Connectors on both ends show that some of the wires on one side of the cable are crossed to a different pin on the other side. Used for : - Switch to switch cabling - Switch to hub - Hub to Hub - Router to router - PC to PC

CAT 5, 6 and 7
 CAT5 Cable CAT 5 is the 5th generation of Ethernet cabling. Is a multi-twisted cable consisting of 4 pairs of copper wires. Its supports Fast Ethernet.  CAT5e Cable Stands for Cat5 enhanced. Ordinary CAT5 utilize only 2 of 4 pairs for Fast Ethernet. CAT6 supports all 4 pairs and supports Gigabit Ethernet (1000mbps). Is backward compatible with CAT 5.  Cat6 Cable Similar to CAT5e, but has improvements which enable a higher Signal-to-noise ratio, allowing higher reliability and higher data rates.

IP Address Basics
Class A addresses : 0-network.host.host.host Initial Byte 0 127 Class B 10-network.network.host.host Initial Byte 128 191 Class C 110-network.network.network.host Initial Byte 192 - 223 Private IP Used on a internal LAN which is not accessed by the public. 10.0.0.0 10.255.255.255 172.16.0.0 172.31.255.255 192.168.0.0 192.168.255.255 Public IP Used for direct access to public networks, such as the internet.

IP Address Basics
Subnet Mask : A 32 bit figure, similar to IP addresses. Accompanies the IP address and is used to divide a network into subnets. A 1 bit indicates network and 0 indicates host. A valid subnet mask has the leftmost bits to 1 and rightmost bits to 0. Port Numbers - Below 1024 Well-known ports - Above 1024 Dynamically assigned ports FTP Telnet SMTP DNS TFTP HTTP SNMP 21 23 25 53 69 80 161

PMS Server (Fidelio)

 Contains the hotel billing information  A windows-based machine, connected to the Nomadix network end, acts as interface for PMS.  The connection is through RS-232 serial port.

Authentication by Fidelio  Users last name and room no. is sent to Fidelio.  Based on room no, Fidelio invokes the username string.  This string is compared to the last name as entered by user. If it matches, user is authenticated and MAC address added to MAC table. Hitting Alt+F4 on the PMS server will display the exact authentication process

Mail Server
 Is usually installed on the PMS interface server.  Is used for SMTP redirection, which is a feature of Nomadix.  Regardless of the server the user has configured, mails are redirected to the configured mail server.  User does not need to make any configuration changes in his e-mail client. Changing the user server settings to include the IP of the mail server will not make a difference.

Mail Server
 Mail server may hang, or processing delayed, if a large amount of spam, or virus-infected mails are sent.  Would also hang if the server machine itself is infected by a virus.  In certain hotels, admin users are given a separate connection to the internet, so do not use our mail server.  In other cases, admin users MAC addresses are added to Nomadix with unlimited access, so are redirected to out mail server.