Two Different Implementations of Wireless LAN Technology
Mobile user connectivity
High-Speed Access Anywhere, Anytime Ethernet Everywhere 10/100 Ethernet Layer 3 Switched Ethernet Gigabit Ethernet Wireless Ethernet Long-Reach Ethernet Ethernet Technologies Solutions and Building Blocks Environments Wireless Switches At Home On the Road At Work Security Access At School
Wireless Technologies PAN (Personal Area Network) LAN (Local Area Network) WAN (Wide Area Network) MAN (Metropolitan Area Network) PDAs, Mobile Phones, cellular access Fixed, last mile access Enterprise networks Peer-to-Peer Device-to-Device Applications Long Medium-Long Medium Short Range 10 to 384Kbps 22+ Mbps 2 to 54+ Mbps < 1Mbps Speed GSM, GPRS, CDMA, 2.5-3G 802.11 MMDS, LMDS 802.11a,11b,11g HiperLAN2 Bluetooth Standards WAN MAN LAN PAN
Local Area Network (LAN) Hub Server Switch Internet Access Point Hub Wireless LAN (WLAN) as an extension to wired LAN Work Group Bridge
Typical WLAN Topologies Access Point Wireless “Cell” Channel 6 Wireless Clients LAN Backbone Channel 1 Access Point Wireless “Cell” Wireless Clients
Wireless Repeater Topology Channel 1 Access Point Wireless Clients Channel 1 Access Point Wireless Repeater “Cell” LAN Backbone
Work Group Bridge Application Server Access Point WGB Hub
ISM Unlicensed Frequency Bands Extremely Low Very Low Low Medium High Very High Infrared Visible Light Ultra- violet X-Rays Audio AM Broadcast Short Wave Radio FM Broadcast Television Infrared wireless LAN Cellular (840 MHz) NPCS (1.9GHz) Ultra High Super High 902-928 MHz 26 MHz 5 GHz (IEEE 802.11) HyperLAN HyperLAN2 2.4 – 2.4835 GHz 83.5 MHz (IEEE 802.11)
900 MHz vs. 2.4 GHz vs. 5 GHz 900 MHz band 2.4 GHz band 5 GHz band PROs CONs Greater range than 2.4 GHz band ( for in- building LANs) Global market IEEE 802.11 Higher data rates (10+ Mbps) Global market IEEE 802.11 Higher data rates (20+Mbps) Less range than 900 MHz (for in-building LANs) Maximum data rate 1 Mbps Limited bandwidth Crowded band Much less Range than 900 MHz or 2.4 GHz Higher cost RF components Large antenna required
What Is Spread Spectrum RF Technology?
Data sent over the air waves
Two-way radio communications (half duplex)
Cisco designs and manufactures its own radios
Same radio frequency for sending & receiving (transceiver)
No licensing required for Cisco Aironet Wireless products
IEEE 802.11 Standard
IEEE 802.11 became a standard in July 1997
Two RF technologies defined:
Direct sequence spread spectrum - 1 Mbps and 2 Mbps
Frequency hopping spread spectrum - 1 Mbps and 2 Mbps
IEEE 802.11b became a standard in September 1999
Only one RF technology defined- DSSS at 5.5 Mbps & 11 Mbps
802.11 defines a high-performance radio
802.11 promises “true” vendor interoperability (over the air)
802.11 covers RF connectivity, association processes, and modulation schemes
Does not cover AP-to-AP connectivity over the wired network, roaming, load balancing, or repeaters
These features are vendor specific and proprietary
Choose a single vendor for the wireless backbone
Cisco Radio Technology
Direct Sequence Spread Spectrum (DSSS)
One piece PCMCIA radio product
1, 2, 5.5 and 11 Mbps
Fully 802.11 compliant at all speeds
Spread Spectrum Approaches Both technologies are viable. Direct Sequence Frequency Hopping Frequency not used Frequency not used 22 FREQUENCY TIME POWER 2.402 GHz 2.483 GHz 1 Mw Mhz 100 Mw Mhz 1 Ms 1 Sec
Wireless Office Maximum Coverage Auto Rate Negotiation Wireless Mobile Workers DiPole Antennas Office 1 Office 3 Class 1 Hallway 2000’ 850’ Office 4 Office 5 Office 6 Office 7 Office 8 Office 2 Office 9 Office 11 Conference Room Break Room Office 10 AP’s on Isolated LAN with PIX 1 11 1 11 6 1 11 6
Indoor/Outdoor Coverage Maximum Coverage Auto Rate Negotiation Wireless for Mobile Workers DiPole Indoor, Patch Outdoor Office 1 Office 3 Hallway 1000’ 850’ Office 4 Office 2 AP’s on Isolated LANwith PIX Conference Room Break Room Building Courtyard 1000’ 11 6 6 1 11 1
Warehouse Design Sample Maximum Coverage Auto Rate Negotiation Cabling Available to Middle of Room High Gain Mast Mount Antennas 2000’ 850’ 1 6 11 1 1 6 11 6
Upon completion of this chapter, you will be able to perform the following tasks:
Determine the feasibility of installing a wireless bridge link.
Explain why a wireless bridge may be a better solution than other alternatives.
Determine the maximum distance that can be achieved using wireless bridges with given antennas and extension cables.
Protect a wireless bridge installation against a lightning strike.
Wireless Bridge Alternatives Medium Drawbacks Phone lines Monthly costs Installation costs (56K, T1) Slow Extra equipment needed Inflexible Physical barriers may preclude Difficult installation High cost Microwave FCC Licensing required Cable Installation costs
Point-to-Point Configuration 0 to 25 miles (line of sight) Ethernet Bridge Optional Antenna Building A Building B Optional Antenna
Point-to-Multipoint Configuration Ethernet Bridge Building B Building C Building A Directional Antenna Omni-directional Antenna Directional Antenna
Optional Antennas for Long Range 13.5dBi Yagi Distances over 6.5miles @ 2Mbps and 2miles @11Mbps 21dBi Solid Dish For distances up to 25+ miles @ 2Mbps 11.5miles @ 11Mbps Note: Distances include 50 feet of low loss cable and 10dB fade margin
Common Questions 340 Wireless Bridge How Fast? Max data rate 11.5+ Miles 11 Mbps 5.5 Mbps 2 Miles How Far? (at MAX rate) Typical throughput Yagi antenna 2 Mbps 1.4 Mbps 6.5 miles 25+ miles Dish antenna
Bridge Application: School District Richardson Elementary Yagi Lincoln Elementary Yagi Bode Elementary Yagi Price Elementary Yagi Dewitt Elementary Yagi Bolich Middle School Yagi Roberts Middle School Dish Weaver- Special Education Dish High School 2 Bridges One 12dB omni One Dish Administration 2 Bridges One 12dB omni One Yagi Channel #11 Channel #6 Channel #1
Path Loss Considerations How far will it go? 22 miles?
Calculations of Coverage Performance Coax Length 150ft? Coax Length 100ft? Wants 11Mb datarate Distance =13miles Towers needed to clear trees and other buildings
Calculations of Coverage Performance
Line of Sight
The following obstructions might obscure a visual link:
Topographic features, such as mountains.
The curvature of the Earth.
Buildings and other man-made objects
Line of site!
Line of Sight disappears at 6 miles due to the earth curve
Customer Assistance How many? Where? Throughput? RF WLAN Coverage Wired A v e . Wireless Blvd.
Older Security Methods
Older forms of security on WLANs
Authentication controlled by MAC
WEP (Wired Equivalency Privacy)
40 bit keys
128 bit keys
Part of the association process
WEP uses the RC4 stream cipher of RSA Data Security, Inc. (RSADSI) for encryption.
802.11 Open Authentication Steps to Authentication: Client sends probe. AP sends Probe Response. Client evaluates AP response, selects best AP. Client sends authentication request to selected AP (A). AP A confirms authentication and registers client. Access Point A Access Point B
802.11 Shared Key Authentication
Steps to Authentication:
Steps 1 - 3 are the same as Open Authentication
AP A confirms authentication
and sends unencrypted test
Client encrypts packet and
returns to AP. AP checks encryption against WEP key.
Correct WEP key is allowed on
the network. Incorrect WEP key
is not not allowed to associate.
Access Point A Access Point B
Configuring WEP Keys (cont.) Key1=1234…… Key2=5678…… Key3=9012……Key4=3456…… Key1=1234……Key2=5678…… Key3=9012…… Key4=3456…… Header: Use Key3 Data: Encrypted using KEY3 Trailer Header: Use Key2 Data: Encrypted using KEY2 Trailer
802.11 Security Issues
SSID (Service Set Identifier)
32 ASCII character string
Under 802.11, any client with a ‘NULL’ string will associate to any AP regardless of SSID setting on AP
This should not be considered a security feature
802.11 Security Issues (cont.)
Assumes threat is “outside” the LAN
802.11 Security Issues (cont.)
Authentication is one-way
No way to dynamically generate keys
No integration with existing network authentication methods on LAN
Keys are static
802.11 Security Issues (cont.)
Authentication is device-based
No method for account auditing
802.1x is an IEEE Standard in progress for Port Based Network Access Control
Improved user authentication: username and password
Dynamic, session-based encryption keys
Centralized user administration
802.1x advantages for WLANs
Extensible authentication support
EAP designed to allow additional authentication methods to be deployed with no changes to the AP or client NIC
Smartcard authentication and Security Dynamics
EAP and LEAP
Operating systems with native EAP support:
Windows 2000, CE
Cisco LEAP Authentication type
Legacy Operating Systems
Quick support on multitude of host systems
Implementation reduces support requirements on host systems
Improved Security (cont.) Session Keys
802.1X Protocol in WLAN Environment ~ ~
User requests access. AP prevents network access.
Encrypted credentials sent to authentication server.
Authentication server validates user, grants access rights.
AP Port enabled and dynamic WEP keys are assigned to client (encrypted).
Wireless client can now access general network services securely.
Access Point Very scalable Supports a variety of authentication types (EAP-TLS, EAP-LEAP, biometrics, etc.) Standards based solution Centralized policy control Other network servers And services Encrypted WEP Wireless Client Authentication Server 1 2 4 3 5 Very scalable Strong Authentication Transparent Roaming Better multicast capability Standards based solution
802.1x Authentication Process Start broadcast key identity AP sends client broadcast key, encrypted with session key AP blocks all requests until authentication completes identity RADIUS server authenticates client Request identity Client authenticates RADIUS server key length client AP RADIUS server Derive key Derive key
Comparison between Aironet Dynamic WEP and VPN solutions in intranets
3DES, end-to-end security
Somewhat less scalable
Works with Aironet solution
No mobility between VPN Concentrators; roaming latency
Loss of QoS insight
Aironet Dynamic WEP & Enhanced Security Suite
Encryption only between client and AP
Seamless mobility between profiles and locations
End-to-end QoS integration
VLAN VPN Server Access Point Local Network ACS RADIUS Server Secure VPN connection VPN at the office Aironet Dynamic WEP at the office Cisco offers BOTH solutions! Application Servers Enterprise Intranet
Cisco Wireless Security Suite No WEP and Broadcast Mode Wi-Fi 40-bit, 128-bit, and Static WEP Dynamic Key Management System, Mutual Authentication, and 802.1x via EAP End-to-end security using VPN Public Access No Security Telecommuter and Small Business Basic Security Mid-Market and Enterprise Enhanced Security Mobile User and Public Access Specialized Security
Assessing Security Requirements
Analyze your business environment
Perform your risk assessment
Determine your Cisco wireless security profile ….
Authentication + Encryption
ISM Unlicensed Frequency Bands Audio AM Broadcast Short-Wave Radio FM Broadcast Television Infrared Wireless LAN Cellular 840 MHz NPCS 1.9 GHz Extremely Low Very Low Low Medium High Very High Ultra High Super High Infrared Visible Light Ultra- violet X-Rays 902–928 MHz 26 MHz 5 GHz IEEE 802.11a HyperLAN HyperLAN2 2.4–2.4835 GHz 83.5 MHz IEEE 802.11b
Wireless LAN Technologies The Laws of Radio Dynamics: Higher data rates = shorter transmission range Higher power output = increased range, but lower battery life Higher frequency radios = higher data rates, shorter ranges 802.11b 802.11a HiperLAN2 2.4 GHz 5 GHz 5 GHz Worldwide US/AP (initially) Europe 1-11 Mbps (now) 20-54 Mbps (now) 100+Mbps (future) 20-54 Mbps (??) Freq. Band Coverage Data Rate 802.11g 2.4 GHz Worldwide (subject to approval) <54 Mbps (?? mths)
IEEE 802.11 Standard Activities
802.11a - 5GHz- ratified in 1999
802.11b - 11Mb 2.4GHz- ratified in 1999
802.11d - Additional regulatory domains
802.11e - Quality of Service
802.11f - Inter-Access Point Protocol (IAPP)
802.11g - Higher Data rate (>20mBps) 2.4GHz
802.11h - Dynamic Frequency Selection and Transmit Power Control mechanisms
802.11i - Authentication and security
Understanding the 5 GHz Spectrum Europe 19 Channels (*assumes no antenna gain) 1W 200mW UNII-1: Indoor Use, antenna must be fixed to the radio UNII-2: Indoor/Outdoor Use, fixed or remote antenna UNII-3: Outdoor Bridging Only UNII-1 40mW UNII-2 200mW US (FCC) 12 Channels (*can use up to 6dBi gain antenna) UNII-3 800mW 11 Ch 4 Ch 4 Ch 4 Ch *if you use a higher gain antenna, you must reduce the transmit power accordingly 5.15 5.35 5.470 5.725 5.825 5GHz UNII Band 5.25
Characteristics of 802.11a
Orthogonal Frequency Division Multiplexing (OFDM)
Data rates supported: 54, 48, 36, 24, 12 & 6Mbps
Can “downshift” to lower data rates for longer range
Compliant with FCC and Japanese regulations
Initial offering will not be available in EMEA & portions of Asia/Pacific
5GHz band has more channels than 2.4GHz band
UNII-1 + UNII-2 = 8 non-overlapping channels
(vs. 3 channels for 2.4GHz)
802.11 a/b/g Comparison YES 54Mbps 2.4GHz 802.11g NO 54Mbps 5.8GHz 802.11a n/a 11Mbps 2.4GHz 802.11b Backwards Compatible Max speed frequency standard
Short distances only (typical 10 meters)
Network notebooks, PDAs, printers, phone, etc., in a cubical or home office.
Share files with others in a conference room.
3 rd Generation Personal Communications Service (3G PCS)
Use cell phone CDMA and GSM technology on existing cell phone network infrastructure.
Offered by cell phone companies with cell phone services like Cingular/AT&T, Sprint, Verizon.
Currently on 3 rd generation or “3G” of this technology.
3G PCS - Speed
This technology is assymetrical with the following download speeds:
2G 56K – 80Kbps
3G 300Kbps (current)
4G 10Mbps ??? (future)
3G PCS - Cost
$150 3G CardBUS network card
(Use in notebook pc or PDA)
$75/mo 3G service with unlimited use
3G PCS - Uses
1. Attach individual notebook computer to the Internet, and optionally use VPN encryption to access secure network. Eg Florida Highway Patrol (FHP).
2. Use with PCS router to provide wired and 802.11b wireless access using PCS as Internet uplink for small office, trade show, etc.
802.11s Mesh Networks
Proprietary only today—
Tropos, BelAir Networks, Firetide, Nortel
802.11s Task Group working on standard
Mesh Gateway (hard wired to network)
Mesh Router (wireless only)
802.11b or 802.11g client
802.11s Mesh - Tropos
Mesh Gateways connect to wired network and talk wirelessly to Mesh Routers and 802.11b/g clients.
Designed for outdoor installation where Mesh Routers require only power.
Predictive Wireless Routing Protocol (PWRP) optimizes the switching path for Mesh Routers to relay to a Mesh Gateway while consuming less than 5% of the bandwidth.
End user may be relayed wirelessly through several Mesh Routers.
802.11s Mesh - MIT
Working on building $100 laptop computer to bring technology to undeveloped countries.
2 problems- (1) Power, (2) network access.
1- Charge battery with hand crank
2- Built-in custom Mesh network software with integrated 802.11b/g hardware
802.11s Mesh - Intel
Working on chipsets 802.11g chipsets with additional features for discovery, security, authentication, etc., to build mesh networks supporting 802.11s.
Designing Mesh portals to connect mesh networks to other technologies like 802.11g
802.11s technical editor is also Intel wireless network architecht