Wireless Networking Slides
Upcoming SlideShare
Loading in...5

Wireless Networking Slides






Total Views
Views on SlideShare
Embed Views



1 Embed 2

http://www.slideshare.net 2



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • very usefull information in this slide
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Objectives
  • Objectives
  • A Wireless LAN is a network without wires. It can be compared with an Ethernet hub, where the 10Mbps of available bandwidth is shared in a half duplex fashion amongst all connected devices. Only one device connected to the hub can send at any one time. Contention is resolved using Carrier Sense Multiple Access with Collision Detection (CSMA/CD) An Access Point centric Wireless LAN operates in a “similar” way (but not exactly). Only one station, including the Access Point, can send at any one time - the 11Mbps of bandwidth is shared amongst all stations. If a station wishes to send, it listens and waits for an available slot. WLANs use Carrier Sense Multiple Access with Collision Avoidance. The 802.11 standard covers the MAC and PHY layers or layers 1 & 2. Hence a wireless LAN, just like a switch, can transport a variety of LAN and network layer protocols. E.g. IP, IPX, AppleTalk, NetBEUI and so on.
  • The two categories of WLANs are in-builiding WLANs or Building to Building WLANs, also known as Bridges. Whilst an in-building WLAN can connect classrooms within your campus, bridges can connect remote building or even other school sites. In-building WLANs allow teachers and students to roam around the school campus, with continuous connection to the network. In building WLANs can extend the range of your network to the common areas or the grounds of the school Bridges can provide broadband wireless access for distances of up to 40km in the US and 25km in EMEA. Performance is 5x faster than E1 A clear line of site if required for bridges to be installed. Bridges can connect two buildings (point to point) or three or more buildings (point to multi-point) Bridges are ideal for connecting buildings where roads or rivers divide the buildings, or where the dividing area cannot be trenched.
  • Cisco Aironet Wireless products fit into two main categories: wireless in-building LANs and wireless building-to-building bridges. Wireless LANs replace the layer one transmission medium of a traditional wired network (usually Cat 5 cable) with radio transmission over the air. Cisco Aironet WLAN products can plug into a wired network and function as an overlay to traditional or wired LANs, or can be deployed as a standalone LAN where wired networking isn’t feasible.Wireless LANs permit the use of desktop and/or portable computers or specialty devices in a system where connection to the network is essential. WLANs are typically within a building, and for distances up to 1000 feet. Properly deployed WLANs can provide instant access to the network from anywhere in facility. Users can roam without losing network connection. The Cisco Aironet WLAN provides complete flexibility. Wireless bridges allow two or more networks that are physically separated to be connected on one LAN, without the time or expense of dedicated cable or T1 lines. This section will explore typical topologies used for building Wireless LANs.
  • In order to provide this solution of ‘Ethernet Everywhere’, a number of solutions and building blocks can be provided. Cisco is ideally placed to provide the end to end solution for schools and colleges
  • There are a number of wireless technologies available on the market PAN (Personal Area Network) – Bluetooth is increasing in its adoption, but is designed for very low bandwidth and short distance transmission of data Our focus today is on the Wireless Local Area Network which allows transfer of data at rates up to 54Mbps today
  • Wired LANs require that users locate in one place and stay there. WLANs are an extension to the wired LAN network. WLANs can be an overlay to or substitute for traditional wired LAN networks. With Cisco Aironet Wireless LANs, mobile users can: Move freely around a facility Enjoy real time access to the wired LAN, at wired Ethernet speeds Access ALL the resources of wired LANs
  • The basic service area (BSA) is the area of RF coverage provided by an access point, also referred to as a “microcell.” To extend the BSA, or to simply add wireless devices and extend range of an existing wired system, an Access Point can be added. (As the name “access point” indicates, this unit is the point at which wireless clients can access the network.) The Access Point attaches to the Ethernet backbone and communicates with all the wireless devices in the cell area. The AP is the master for the cell, and controls traffic flow to and from the network. The remote devices do not communicate directly with each other; they communicate to the AP. If a single cell does not provide enough coverage, any number of cells can be added to extend the range. This is known as an extended service area (ESA). It is recommended that the ESA cells have 10-15% overlap to allow remote users to roam without losing RF connections. Bordering cells should be set to different non-overlapping channels for best performance.
  • In an environment where extended coverage is needed, but access to the backbone is not practical or available, a wireless repeater can be used. A wireless repeater is simply an access point that is not connected to the wired backbone. This requires a 50% overlap of the AP on the backbone and the wireless repeater. Data rates will decrease due to the receive and re-transmit time involved. Up to 6 hops (five repeaters) on a Cisco Aironet Wireless system can be used to get data from a remote to a backbone, permitting large distances between the remote and the backbone.
  • The Cisco Aironet workgroup bridge (WGB) product connects to the Ethernet port of a device that does not have a PCI or PCMCIA slot available. It provides a single MAC address connection into an AP, and onto the LAN backbone. It cannot be used in a peer to peer mode connection, and must communicate to an AP. Another configuration of the workgroup bridge will allow up to 8 wired machines to be attached to the same radio device. It is ideal for connecting remote workgroups to a wired LAN. In order to use a WGB with multiple MAC addresses, the WGB must be connected to a hub. All users must connect to the hub.The unit will automatically select the first 8 MAC addresses it hears on the Ethernet, or the addresses may be entered manually into a table. These 8 MAC addresses are static. In the case where there are more than 8 MAC devices on the Ethernet, it will ONLY use the first 8 it heard. All others MAC address packets will not be acknowledged. If a “smart” hub is used, it may take one of the available MAC address entries. This MAC address may be removed from the table manually to allow the 8 th client to use the WGB.
  • Objectives
  • There are three unlicensed bands, at 900 MHz, 2.4 GHz, and 5.7 GHz. These bands are referred to as the Industrial, Medical and Scientific Frequencies. This presentation focuses on the 2.4 GHz band because Cisco Aironet Wireless products use those bands today and adhere to the IEEE 802.11b standard. The 5.7 GHz band is promising for future products and Cisco is actively pursuing projects in that area. Recently, the FCC also opened up the 5.2 GHz band for unlicensed use by high speed data communications devices. 5.2 GHz is the same band that is used for the ETSI HIPERLAN specification in Europe. A nearby neighbor of the 900 MHz band is the cellular phone system. This helped the early development of the WLAN industry in the 900 MHz band because of the availability of inexpensive, small RF components developed for use in that band. The 2.4 GHz band has a neighbor in the PCS system. That helps with component costs too. There are no such neighbors for the 5 GHz band. The WLAN industry will have to drive the development of low cost components for 5 GHz products. This may mean that practical, cost effective, PCMCIA products in the 5 GHz band are a few years away. The other downside to the 5 GHz band is the poor range performance as compared to 2.4 GHz band. This section describes the ISM Bands and which frequencies are used with the Cisco Aironet Wireless products.
  • The 900 MHz band is becoming overcrowded due to consumer products. It does offer longer range (for the same gain antennas) than the 2.4 GHz band, but it has limitations on the maximum size of antennas that limits its overall range. At 900 MHz the highest datarate that be reliably obtained is under 1Mb, due to the limited frequency range. At 2.4 GHz, the lower power transmitter allows very high gain antennas, which allows long distance communication (up to 25 miles). The frequency range is also much wider than 900 MHz, allowing higher datarate with a reliable range. The 5 GHz band offers more bandwidth, allowing higher datarates; however, the nature of the higher frequency limits range. Typical range for 5 GHz band products indoors is about 50 feet, and outdoors is limited to about 2500 feet.
  • This section discusses theories and processes of using Spred Spectrum technology to send data over an RF signal. Spread Spectrum is a type of modulation designed to be somewhat immune to interference, difficult to detect, and hard to intercept. The concept of Spread Spectrum was patented by an actress, Hedy Lamarr, and a music composer, George Antheil, in 1942. The idea was a method for guiding a torpedo without interference from a jamming signal. In 1986, the FCC agreed to allow the use of Spread Spectrum in the commercial market under the ISM bands. Just as the radio in your car has AM (Amplitude Modulation) and FM (Frequency Modulation) bands, other radios use different bands and types of modulation.
  • Objectives
  • Any time an IEEE committee works on a standard, they invite the top engineers from all appropriate companies in the field to participate in the development of the specification. The 802.11 Committee was formed in the same manner. Top engineers from many different wireless data companies (and some wired data LAN companies) together developed a standard that they all believed would deliver a high quality, high performance product. For this reason, an 802.11 radio will be a better product than any of the older proprietary products. 802.11 defines such things as receiver sensitivity, MAC layer performance and optimum hopping patterns.
  • Under the 802.11 standard you should be able to use any 802.11 wireless client with any 802.11 wireless backbone. This is possible because 802.11 covers the transmission between the client and the AP, association processes, and modulation schemes. However the 802.11 standard does not cover communication between APs across the wired backbone, roaming, wireless links over 1 mile, load balancing, wireless repeaters, etc. Further cooperation from the WLAN vendors will be required before many of these features can be implemented into the standard.
  • Cisco Aironet Wireless offers a wide range of Spread Spectrum products for both in-building (wireless LAN) and building-to-building (wireless bridge) applications. In the next section of the presentation the difference between some of the products and the radio modulations types will be demonstrated. With this knowledge, helping a customer choose the right product for a particular application will be possible.
  • The deciding factor is price/performance. DS generally delivers higher performance in range and throughput.
  • With Direct Sequence, the energy is spread out over a wide area of the band. With Cisco Aironet Wireless products, the 802.11 channels have a bandwidth of 22 MHz. This will allow 3 non-overlapping, non-interfering channels to be used in the same area. This is also the 802.11 channel scheme. If there is a severe signal interference in one area, it is possible to change to another channel and totally avoid the interference. Normally, changing channels does not happen automatically in DS, and must be done with re-configuration. Cisco Aironet Wireless firmware will allow an Access Point to search for a “less congested” channel.
  • With Frequency Hopping, the FCC requires the use of 75 different channels before repeating the use of any one channel. 802.11 has defined 26 hopping patterns in three different sets. These 26 patterns are designed to have minimum interference with each other. These patterns are called orthogonal patterns The maximum time on any one frequency is 400mS in any 30 second period. If interference appears on a frequency, reception of the data on that frequency is impaired, and will be retransmitted on the next frequency.
  • DS “muscles through” the interference, whereas FH hops around the interference. A DS system can also be set to a different channel to avoid the interference altogether. Many cordless phones today are starting to operate in the 2.4 GHz band using FH technology. The FH phone is far more likely to experience interference from the DS system than vice versa.
  • With the Cisco Aironet Wireless products, coverage at 1 Mbps and 2 Mbps is identical to the other 2 Mbps products with the added benefit of support for 5.5 Mbps and 11 Mbps. When compared to FH, a 2 Mbps FH product will typically cover what a Cisco Aironet Wireless 340 series AP will cover while running 5.5 Mbps. The Cisco Aironet Wireless products also have the ability to datarate shift when moving, allowing the same person operating at 11 Mbps, to then shift to 5.5 Mbps, 2 Mbps, and finally still communicate at the outside ring at 1 Mbps. This rate shifting happens without losing connection, and without any interaction from the user.
  • With the Cisco Aironet Wireless products, coverage at 1 Mbps and 2 Mbps is identical to the other 2 Mbps products with the added benefit of support for 5.5 Mbps and 11 Mbps. When compared to FH, a 2 Mbps FH product will typically cover what a Cisco Aironet Wireless 340 series AP will cover while running 5.5 Mbps. The Cisco Aironet Wireless products also have the ability to datarate shift when moving, allowing the same person operating at 11 Mbps, to then shift to 5.5 Mbps, 2 Mbps, and finally still communicate at the outside ring at 1 Mbps. This rate shifting happens without losing connection, and without any interaction from the user.
  • Scalability is the ability to locate more than one AP in the same area, increasing the bandwidth of that area for all users local to that AP. Since DS has 3 non overlapping channels, three discrete systems can reside in the same area with no interference. If more than three systems are required in the same area, they must time share the frequency. Therefore, the highest aggregate (total combined) data rate for a Cisco Aironet Wireless DS system is 33 Mbps for a given cell area. Using the ability to scale throughput and add access points in the same cell area increases the overall available bandwidth of any cell. In the past, this scalability was limited to only FH products. DS products could not change channels without some reconfiguration. The Cisco Aironet Wireless series products are frequency agile. This means that they will look for the best channel. With 3 separate, 11Mb channels available that are completely non-overlapping and non-interfering, 33 Mbps per cell can be achieved .
  • The first critical step to a good deployment is laying out the access points, determining where they should be placed, and deciding how many are required for the desired coverage. Very few gaps in the coverage should be left, because these gaps are essentially “dead air” and the client could lack connectivity in these locations. As discussed before, bandwidth requirements have an impact on the coverage areas. The second critical area is to map out the channel assignments and make sure there is as little overlap as possible between channels that cover the same frequency. Channels 1, 6 and 11 do not overlap frequencies and are used for roaming applications with direct sequence access points.
  • As a client roams away from the access point, the transmission between the two attenuates. Rather than decreasing reliability, the Cisco Aironet AP shifts to a slower data rate, which gives more accurate throughput. This is called data rate or multi-rate shifting. As a client moves away from an access point, their throughput will go from 11Mpbs, to 5.5Mpbs, 2Mpbs, and finally to 1Mpbs, as shown in this illustration. This happens without losing connection, and without any interaction from the user
  • Bandwidth requirements factor into the coverage mappings, since the distance from an Access Point effects the available bandwidth. The above example provides for seamless roaming, but not at a constant speed. Here you would take advantage of the multi-rate technology and step down in bandwidth in order to gain greater coverage distances with a single access point. On the other hand, if 11Mbps is required everywhere, the access points would need to be relocated so that ONLY the 11 Mbps circles were touching each other. This would require a greater amount of access points but consistent bandwidth would be achieved. Notice that the data rate decreases as the coverage distance increases.
  • The 350 series uses a newly designed more robust radio. The transmit power is 100mW (+20dBm). Other supported power levels will include: 50mW 30mW 20mW 5mW 1mW The redesigned receiver has better sensitivity than the older 4800 or 340 series radios (@ 10 -5 BER) 85 dBm @ 11mb 89 dBm @ 5.5mb 91 dBm @ 2mb 94 dBm @ 1mb
  • Objectives
  • Talk about make before break roaming. Role of Inter-access point protocol L2 and L3 roaming today Future plans with L3 roaming This slide is good for a chalk board discussion of how we do L2 roaming and how the problem becomes complex with inter-subnet roaming (For technical audiences only) Mention how in L2 roaming data buffers from AP to which the client is associated are sent to the new AP to which the client has roamed Mention the different ways of achieving inter-subnet roaming today: DHCP release/renew, Win 2000 automatically doing it, ability to run mobile IP stack on the client, Mobile IP services in our routers Explain the tunneling required between home agent and foreign agent in L3 roaming
  • Just as with wired networks, the topology of your WLAN may take many forms. But in reference to a WLAN, the term “topology” does not refer to architectures such as bus or ring. Instead it refers to the BSA (Basic Service Area) which is comprised of “microcells.” Each AP has an area of coverage referred to as a “microcell, or “cell.” In an installation comprised of a single AP this is a very simple concept. When multiple APs are installed, the cells must overlap so that the wireless connection is never interrupted while roaming from AP-to-AP. This is the main purpose of a site survey - to place APs and survey the cells to allow for proper overlap. Too much or too little overlap can cause disruption of the wireless connection to the client.
  • There will be “pools” of coverage at each data rate. If the customer wants to provide certain area with coverage at a specific data rate, you may have to perform multiple site surveys. You may have to survey at each data rate and find out where the coverage pool is for each data rate. The Cisco Site Survey Utility surveys at a given rate and does not rate shift. You will need to map out the higher data rate cells so they can be shifted to the proper areas. You will need to map out the lower data rate coverage cells with an eye on the overlap of these cells and on frequency selection. This can be time consuming but may well be necessary, depending on your customer’s needs. Finding out ahead of time how much throughput the users will require should be something you do before you start surveying. This will be one of the factors that will help you determine where you need to place the APs.
  • This design is for an educational environment which is very similar to our warehouse environment with the exception of walls between the classrooms. We are able to provide enough coverage using the rubber dipole antennas attached to the access points. The school has a concern the students using the access points could gain access to the production network so the access points will be on a firewall. Connectivity for the teachers will be handled by Ethernet switches in the wiring closets and cat5 pulled into the classroom teaching stations.
  • In education wireless is more popular in higher education and college students spend much more time outdoors doing work during nice weather. We’ve chosen to put to patch antennas located directly outside the building which allows coverage in the courtyard for students who wish to work outside.
  • The following sample shows a design for a warehouse in which wireless coverage is the maximum concern for the user. Autorate negotiation will be used, since coverage is the primary concern and cabling is available to all points in the store. The warehouse has a very high ceiling and the visibility of antennas to the customers is not of much concern; therefore we chose a high gain mast mount antenna for the maximum coverage.
  • Objectives
  • Objectives
  • Bridges are used to connect two or more wired LAN’s, usually located within separate buildings, to create one large LAN. A bridge can act as an AP in some applications by communicating with clients at the remote sites. This is accomplished with the Cisco Workgroup Bridge, PC Card and PCI products. Cisco Aironet bridges operate at the MAC address layer (Data Link Layer), which means they have no routing capabilities. A router must be put in place if IP subnetting is needed within the network.
  • Cisco Aironet bridges offer many advantages over other more costly alternative connections. Some alternatives include T1 lines, cabling, and microwave connections. A T-1 line typically costs between $200 to over $1,000 per month. For a site with four buildings, that could cost anywhere from $10,000 to $36,000 per year. If such sites were connected via Cisco Aironet bridges the payback for the hardware costs incurred could actually be realized in less than a single year. In some cases where T-I is not available, or the buildings are located on the same property, an underground cable could be put in place. Trenching today can cost over $100/foot, depending upon the task. To connect three buildings located 1000 feet apart from each other, the cost could exceed $200,000. Microwave is a solution for some sites where distance is close, reliability is not critical, and money is not an issue. With microwave, an FCC license is required. The cost of the equipment is typically over $10,000 per site, not including installation items. In the event of heavy fog, rains, and snows, performance is questionable. Multipoint connections are usually not possible.
  • In a point-to-point bridge, two LANs can be located up to 25 miles apart. The antennas MUST have line of site with each other. Obstacles such as buildings, trees and hills will cause communication problems. When connected using Cisco Aironet bridges the Ethernet segments in both buildings act as if they are one. The bridge does not add to the Ethernet hop count, and is viewed by the network as simply a cable. Set one bridge as Root ON and the other as Root OFF for the bridges to connect to each other.
  • For multipoint bridging, an omni directional antenna is typically used at the main site. The remote sites then communicate with the main site, though not with each other directly. Again, all the LANs appear as one. Traffic from one remote site to another will be sent to the main site and then forwarded to the other remote site. Line of sight must be maintained between the remote sites and the main site. Set one bridge as Root ON and all others as Root OFF for the bridges to connect to each other.
  • Cisco offers several directional long range antennas. The Yagi is a small (18” x 3”) lightweight (1.5Lbs) antenna, that can be used for ranges up to 6.5 miles at 2Mbps, and 2miles at 11Mbps. The solid dish is the best structural dish antenna on the market. It will withstand icing and winds over 110 MPH. It will allow 2 Mbps operation up to 25 miles, and 11 Mbps operation up to 11.5 miles.
  • Typical questions for bridges include how far will it go, how fast will it go, and how many users can it support. How fast- One item that is very deceiving is datarate - what does it really mean? As with the LAN systems, data rate indicates how fast the RF passes data. This RF data includes the radio system overhead, plus the network data. The real item that should be discussed is throughput . This is the actual amount of network data that gets passed from one LAN to another. Remember higher data rates do not mean higher throughput . Some 1.6 Mbps systems achieve as little as 500 Kbps throughput. The data rate can be set to various speeds (1,2,5.5, 11Mbps). Reducing the speed increases the maximum distances that can be obtained. Adding filtering in the configuration can increase actual performance by eliminating unnecessary traffic over the RF. This has the same effect as increasing throughput. How many users the bridge can support is a question of what type of traffic is being handled. Throughput is the real limiting factor.
  • Illustrated in the slide above is a typical school environment. The Internet line comes into the Administration building. At that site, the network spans in two directions. Assume 5.5Mbps of throughput for the 11Mbps bridges. Weaver, Lincoln, Bolich and Dewitt schools all communicate to the administration building with channel 1, providing a minimum of 1.3 Mbps throughput connection to each school. (That is T1 speed!) Richardson, Roberts and Bode all communicate to the High School using Channel 11, providing at least 1.8Mbps throughput to the High School. The data is then passed on to another bridge that uses Channel 6 to communicate to the Administration building. Price school is also tied in on this same channel. In this manner we have 5 schools sharing Channel 6, which still provides over 1.1Mbps to all 5 schools. Over all, the worst case for ANY school is over 1 Mbps of throughput. And payback for the cost of the bridges averages about 1 year. No need to spend taxpayer’s money year after year. Cisco Aironet = LESS MONEY & MORE PERFORMANCE
  • The Cisco Lightning Arrester is designed to protect Cisco Spread Spectrum Wireless LAN devices from static electricity and lightning surges that travel on coaxial transmission lines. The Cisco Aironet lightning arrester comes complete with the RP-TNC (reverse polarity TNC) connectors used on all Cisco Antennas and RF devices to meet FCC and DOC regulations. Lightning does not need a direct hit to cause problems. An indirect hit can induce enough energy into the cable and antennas to cause damage to the bridge and other network devices.
  • Calculations can be done to provide accurate information on performance and distance The following are included in calculations for determining coverage performance: Antenna Gain Transmitter Power Receiver Performance Cable Losses Environmental structures Path Loss determines how far a signal will travel and still provide reliable communications. Calculations are done in dB, and can be derived from the theoretical model. Margin determines how much path interference can be inserted and still maintain communications. A 10dB fade margin is required for dependable communications in all weather conditions.
  • Suppose the customer is attempting to install the system as depicted in the slide above. Will the system work and meet their needs? Using path loss calculations, antenna gains, and cable lengths, the distances can be theoretically checked. Changes to the design can be made BEFORE attempting to install based upon these calculations. Some level of comfort can be obtained for a system when using these calculations. You can use the Antenna Calculation Utility to find out if the above situation is feasible. Later in this chapter the Antenna Calculation Utility will be discussed as well as how to use it to determine maximum distances possible while using various cables and antennae at different speeds.
  • Rain, fog, and snow have little effect on path loss at 2.4GHz. The effect that is does have can be offset by having a path margin of at least 10dB, as provided by the Cisco Antenna Calculation spreadsheet. Line of sight is required between sites for long distances. Microwave ovens operate at 2.4 GHz. 2.4GHz is the frequency at which water absorbs RF energy. Therefore the water in the food actually absorbs the RF energy and releases it in heat, causing the food to cook. Because trees are mostly water, they can have a major effective on loss. Microwave ovens use the 2.4GHz band because of how well water absorbs this particular frequency…therefore, the RF signal in the 2.4GHz band will not get through trees because their high water content means the trees will absorb the signal.
  • One of the most important concepts for installing Cisco Aironet bridges is line of sight . Unfortunately this is a concept that is far too often not taken seriously enough. Wireless bridges operating at 2.4 GHz must have a clear line of sight. Operating at 2.4 GHz and 100mW, the Cisco Aironet bridges do not have enough power to allow the signal to penetrate objects such as mountains, trees, or buildings. The signal will be either absorbed or reflected, and the end result will be that the bridges are unable to connect. .
  • For a typical 6 foot person, the horizon appears at about 6 miles. Disappearance is determined by the height of the observer. If you have two 10’ structures, the top of one will have line of sight to the other at about 16 miles, but it will have minimum clearance at the horizon point.
  • The Fresnel zone is an elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal. The Fresnel zone can be calculated, and it must be taken into account when designing a wireless link. If the Fresnel zone is obstructed then there is not the clear line of sight that is required and the link may be unreliable.
  • There are a variety of things that can be done to keep the Fresnel zone clear: Raise the antenna mounting point on the existing structure. Build a new structure, i.e. radio tower, tall enough to mount the antenna. Increase the height of an existing tower. Locate a different mounting point, for the antenna. Cut down problem trees.
  • In order to determine the antenna mounting height, take the mid-path Fresnel zone width (at 60%) for 2.4GHz and add it to the curvature of the earth. In order to get these measurements, refer to Fresnel Calculation Table below.
  • Verify the radio line of sight, which was previously discussed. Alignment suggestions: Balloon - attached to a rope marked at ten feet intervals so a height can be established. This figure will determine the overall height of the tower or mast needed. Binoculars/telescope- These are needed for the more distant links. Remember the balloon must be visible from the remote site. GPS- For very distant radio links. This is a tool which will allow the installer to aim the antennas in the correct direction. Strobe light- This is used in lieu of the balloon. Use this at night to determine where to align the antenna and at what height.
  • Verify the radio line of sight, which was previously discussed. Alignment suggestions: Balloon - attached to a rope marked at ten feet intervals so a height can be established. This figure will determine the overall height of the tower or mast needed. Binoculars/telescope- These are needed for the more distant links. Remember the balloon must be visible from the remote site. GPS- For very distant radio links. This is a tool which will allow the installer to aim the antennas in the correct direction. Strobe light- This is used in lieu of the balloon. Use this at night to determine where to align the antenna and at what height.
  • Verify the radio line of sight, which was previously discussed. Alignment suggestions: Balloon - attached to a rope marked at ten feet intervals so a height can be established. This figure will determine the overall height of the tower or mast needed. Binoculars/telescope- These are needed for the more distant links. Remember the balloon must be visible from the remote site. GPS- For very distant radio links. This is a tool which will allow the installer to aim the antennas in the correct direction. Strobe light- This is used in lieu of the balloon. Use this at night to determine where to align the antenna and at what height.
  • Restrictions: When dealing with tall structures and tower installations, the codes and laws of each city/municipality may vary. A building permit to install towers or masts may be required depending upon height.
  • Objectives
  • The Cisco Bridge product line is the broadest line on the market today. With a data rate range covering From 1 to 11Mbps, and distance factors of up to 25 miles, it is no wonder why the Cisco bridge has won so many comparison tests and been chosen as the top overall product by several leading magazines. Some of the outstanding features include 802.1d Spanning tree capabilities, full SNMP capability, FTP, BootP and telnet capabilities and the flexibility of configuration with non-volatile Flash ROM. And perhaps the most outstanding feature is the price. The Cisco bridge products are priced as one of the lowest in the industry, while still maintaining highest possible performance. This price/performance ratio is very high.
  • The full range of antennas are suitable for use with the 1200 Series AP as well as the 350 rugged AP All Cisco-supplied cables, APs, bridges, and antennas have reverse-polarity TNC connectors, preventing attachment of off-the-shelf antennas in violation of FCC rules. All Cisco antennas are set for vertical polarization. Gain is increased energy that antenna adds to RF signal. It is measured in dBi, where dBi = dBd + 2.14. As you increase gain, you decrease the angle of coverage area. Patch: indoor/outdoor Dipole: 2.2 dBi 3 dBi 65% 6 dBi 65% 8.5 dBi 55% Yagi: long-distance...13.5 dBi 25% Mast mount: 2.2 dBi indoor/outdoor Dish: outdoor…21 dBi 12% Ceiling mount: 5.2 dBi indoor Ground plane: 5.2 dBi indoor Long-range: 12 dBi outdoor (P2MP)
  • The “Rubber Duck” Dipole antenna is a standard dipole supplied with some Cisco Aironet access points and client devices.
  • The 12dBi antenna is ONLY for outdoor long range applications. The antenna has a short 12” coax pigtail making it necessary to utilize antenna extension cables. This antenna is designed to be clamped to a mast or pole. The base of the antenna has a metal section giving it enough strength to withstand being clamped. This antenna is delivered with a set of U-bolts and friction brackets. You must supply the mast to which the antenna will be clamped. This antenna is vertically polarized and must be mounted perpendicular to the ground with the pigtail on the bottom. This antenna has a +3.5 and –3.5 degree beam spread from perpendicular.
  • The 3dBi patch provides excellent coverage with a wide radiation pattern. This antenna looks identical to the 6dBi Patch, but comes with 20 feet of RG-58 coax antenna cable instead of 3 feet. This antenna is typically used for European applications (due to restrictions on antenna gain). This antenna is a good choice for indoor and outdoor applications when properly mounted. This antenna has three holes around the perimeter of antenna, allowing the antenna to be mounted to a wide variety of surfaces.
  • The 13.5dBi Yagi is used for long distance communication, and provides excellent results in a small package. This antenna comes with a 3 foot coax pigtail. This is a good antenna for outdoor and some indoor applications. This antenna has four holes in the corners of antenna base and comes with two u-bolts for mounting to a mast. Optional articulating mount is available.
  • For very long distances Cisco offers the 21dBi parabolic dish. NOTE: The use of this dish antenna with the standard Cisco product, can exceed the FCC limitation on radiated power for point to multi point systems. This antenna, as with all outdoor only antennas, has a short 12” coax pigtail making it necessary to utilize antenna extension cables. This is a very effective antenna for outdoor long distance bridging applications. The antenna has very sturdy mounting hardware on back side with adjusting turnbuckles allowing for altitude and latitude adjustments. The antenna is also delivered with u-bolts for mounting to a mast. Keep in mind that the mast must be very sturdy; the 21dBi parabolic dish is rated to 120 m.p.h. with ½” of ice.
  • When mounting to a rafter or beam, the AP may be zip tied to the rafter or beam. In some cases, it is not possible to wrap a zip tie around the rafter or beam. If this is the case, you may use the piece of 2x4, secured to the beam with beam clamps. You may also use a beam clamp to secure a mounting plate to the beam and then attach the AP to the mounting plate. Always make sure that the 2x4 is securely mounted to the structure before mounting the AP. If surveying with the “rubber ducky” antennae, make sure to survey with them in the position they will be mounted. In the examples shown on this page and the prior two pages, the antennae would be pointing straight down. There are different coverage patterns above and below the antenna. If you survey with the antenna in one position and mount it in another position, your coverage may be different than what you expect.
  • Every AP will have an antenna attached to it. Most antennae are either shipped with a mounting bracket or a mounting bracket is available as an option. The challenge is that most antennae are designed to be mounted in a certain way. A 5.2 dBi mast mount antenna is designed to mounted to a mast and is shipped with the hardware to mount the antenna to a mast. In order to mount the antenna to an I-beam, you may need some ingenuity. Standoff brackets are available, but these are not designed to be mounted to an I-beam, either. Some installers use zip ties, beam clamps, or bolts to attach the standoff brackets to I-beams and then mount the antenna to the bracket. If you intend to use a mast mount antenna indoors, make sure it is mounted as shown above. The antenna is intended for outdoor use and designed to be mounted with the metal sleeve on the bottom. For indoor use, invert the antenna. Be creative. Modified brackets can be used for a variety of antennae.
  • Sometimes antennae may be used or mounted in an unusual way. In some circumstances, a Yagi or Patch antenna mounted very high and pointed straight down at the floor is the best solution. If you intend for the antenna to be mounted in an unusual way, make a note of it in your report. The installer may not understand your intent and mount the antenna per its specifications, changing the coverage pattern.
  • Almost no NEMA enclosure is available off the shelf with an internal power supply. Mounting for the AP inside the enclosure can be fashioned just as you would when mounting an AP without an enclosure. Power will have to run to the enclosure and an electrical workbox (plug) installed inside the enclosure. In order to attach an external antenna (an antenna mounted inside the box is not very effective), a bulkhead extender will need to be installed. This is a simple connector that connects to the AP inside the enclosure and provides an antenna connector on the outside of the enclosure. Make sure that any holes drilled into the box are sealed. If even one hole is left unsealed then the integrity of the enclosure has been compromised. Antenna connectors should be mounted to the bottom of the enclosure to provide as much protection from dripping condensation as possible. It is also a good idea to seal the antenna connection with a product like Coax Seal.
  • Objectives
  • Once you are satisfied with the settings, click the OK button to return to the Site Survey screen. Now click the Start button to start the site survey in active mode. Percent Complete - shows the percentage of the packets that have been sent. If continuous linktest has been selected, it shows the percentage of packets that have been sent until it reaches 100%, then starts over again. Percent Successful - shows the number of packets the have been successfully sent and received. Notice the red threshold line. If the percentage drops below this line, the bars will become yellow. To stop the survey click Stop or OK.
  • When a radio wave strikes a solid surface, it is reflected in the same way that a light wave would be. The reflected waves may have a different polarization depending upon the angle at which the waves are reflected. Directional antennae can be used to reduce the amount of reflected waves. A directional antenna will focus the RF energy in a single direction, leaving less radio waves to be reflected from objects to the side or behind the antenna.
  • When a radio wave bounces back on itself 180 0 degrees out out phase, it creates a “null” or dead spot, where the combined siognals virtually cancel each other out. Nulls are a fact of life with RF. Nulls will be all around you, but their positions may be constantly changing. As a forklift drives through a warehouse, or a person walks through an office, radio waves may be reflected off of these moving surfaces. As the location of the forklift changes, so do the nulls. A problem can occur when a null is stationary (RF wave reflected back on itself by a stationary object). If the antenna is located in a null, their will be poor reception. Use diversity antennae to overcome nulls. When a single antenna is used, the AP may have to be relocated to overcome the null.
  • If the RF wave is unable to penetrate an object it will suffer from what is called diffraction. The RF waves may pass over, under, or around the object, still providing coverage on the other side of the object, but there will be an area directly behind the object where there is no coverage. This area is most commonly known as an “RF shadow”. If there are other objects nearby, reflected RF waves may fill in the the area behind the object, eliminating the shadow. The only way to know for sure is to survey the area.
  • The easiest way to start a site survey is to pick one area of the facility that needs coverage. Choose a corner and place the AP in the corner. Survey the coverage of that AP and make a note of where the furthest point of coverage is from that AP. Then move the AP to that point. If you were to place the AP in the corner, as much as 75% of your coverage cell might be wasted covering an area outside the building that does not need coverage. Once you have moved the AP, then survey the coverage of the AP. It may be necessary to move the AP several times in order to find the best placement. Once you have decided on the best location for that AP, then move to a different corner of the facility and repeat the process. In a simple warehouse like the one shown above, you would repeat the process four times. The survey of the RF coverage would then be complete.
  • In a more advanced survey, repeating the process four times might only provide coverage around the perimeter of the facility. You would then need to fill in the holes. This is where experience and judgment will come into play. Some engineers might elect to survey the perimeter and then fill in the center. Remember, if you need seamless coverage, the coverage cells must overlap. For a standard survey, 15% overlap is usually sufficient to provide for smooth, transparent handoffs. If you intend to use repeaters, then the repeaters will need to have a 50% overlap with a wired AP.
  • Another approach is to survey the first two APs and find the coverage areas. Then place an AP at the edge of the first AP’s cell, survey the coverage, and then move the AP out further to utilize it’s entire cell. This allows you to roughly judge the size of the cell and then move the cell. Survey the new location to determine feasibility and adjust as necessary. Once the AP location has been decided, the SE would continue this process until the entire facility is covered.
  • When you are surveying, take into account the fact that there are only three non-overlapping channels. In order to maximize your data rate, use these channels. By using the non-overlapping channels you insure that the APs will not interfere with each other. As you design the WLAN, survey using the channel that you intend that AP to operate on. Part of your survey duty is to test for interference. If you survey every AP using the same channel, and not the actual channel the AP will be using, you cannot be certain that no interference exists on the channel that the AP will actually be using.
  • Once you know the minimum data rate your customer will be using, survey at that data rate. The data rate you choose will drastically effect the results of your site survey. In the example above, we see the same warehouse surveyed at two different datarates. If at 2Mb it takes six APs to cover the facility… At 5.5Mb it might take twelve APs to cover the facility. Know what your customer needs. If you survey at the wrong data rate and the customer installs the WLAN, he may be able to only connect in certain areas, or unable to connect at all!
  • Some of the objects that may have a detrimental effect on your signal are:   - Cardboard, wood, or paper (which may contain a lot of moisture) - Walls fabricated from “chicken wire” and stucco - Filing cabinets - Firewalls - Metal - Concrete - Transformers - Refrigerators - Heavy-duty motors Also watch out for sources of Electromagnetic Interference (EMF): - Fluorescent lights (FUSION 2.4 GHz lighting systems) - Microwave ovens - Air conditioning ductwork - Other radio equipment Always attempt to mount the AP as far away from these items as possible.
  • Many people think that there is a science behind installing a Wireless LAN (WLAN). While there is certainly a lot of science behind the technology, performing a site survey may be thought of more as an art. Scientists are traditionally thought of as stringent and unable to operate “outside the box.” Artists are bold and creative. As a WLAN site survey engineer, you will have to be knowledgeable on both the wireless equipment you are installing, as well as the wired equipment with which you may be interfacing. You will often have to be creative in the design and implementation of the WLAN equipment. A good site survey engineer will be able to think “outside the box,” allowing him to overcome limitations presented by the facility as well as the equipment.
  • A site survey will help the customer determine how many access points (APs) will be needed throughout the facility to provide the desired coverage. It will also determine the placement of those APs as well as detail the necessary information for installation. A site survey will also determine the feasibility of the desired coverage in the face of obstacles such as wired connectivity limitations, radio hazards, and application requirements. This will allow the customer to properly install the WLAN and have consistent, reliable wireless access. In this class we will provide you with all of the necessary tools and knowledge needed to perform a site survey. While this is certainly the place to start, it must be combined with experience. The more experienced and knowledgeable the site survey engineer, the better the survey.
  • Objectives
  • In the past, security on WLANs was not a major concern. This was, in large part, due to the fact that WLANs were restrictive. Some of these restrictions were bandwidth, proprietary systems, and the inability to manage the WLAN as part of the LAN. The most common methods of securing the WLAN were the SSID and the Authentication process. The SSID (System Set Identifier) a network naming scheme that both the client and the AP must share. If the client did not have the proper SSID, it was unable to associate to the AP, and would have no access to the network. As previous modules have shown, when connecting to an AP, a client must go through the process of authenticating and associating. Some WLANs support filtering by MAC address. Tables are manually constructed on the AP to allow or disallow clients based upon their physical hardware address. With the new high speed 802.11 compliant products, users are now implementing WLANs to support more typical users. As company networks have progressed, and more valuable information is sent and kept electronically, security has become an issue. WLANs are no exception. Just as users expect performance similar to wired LANS, users expect security similar to wired LANS.
  • The 802.11 standard defines a type of security. This security is WEP (Wired Equivalency Privacy) using 40 bit keys. WEP is based upon the RC4 encryption method. Using this method a wireless client and AP shared static WEP keys. This key is checked during the authentication process. If the client’s WEP key does not match that of the AP, the client is not allowed to associate, and is unable to connect to the network. WEP is based upon an existing and familiar encryption type, RC4. This allows encryption up to 128-bit. IEEE 802.11 has chosen to use 40-bit keys. Several vendors such as Lucent and Cisco Aironet support 128-bit WEP encryption with their WLAN solutions for improved security. Cisco Aironet 128-bit devices will support both 40-bit and 128-bit encryption. Key must be shared by both the encrypting and decrypting endpoints. Key distribution or key negotiation is not mentioned in the standard. 802.11 defines two ways to implement WEP security. A method called Key Mapping may be used. In this implementation, only a few clients have the key(s) and other clients establish a relationship with these clients to learn the keys. In the second method a set of keys (up to four) may be configured on each AP or client. Cisco Aironet uses the second method.
  • Two types of WEP encryption are defined: Open and Shared Key. This section will look at both of these and the process the client undergoes during the authentication process. Open Authentication The Open Authentication method allows authorization and associations with or without a WEP key. If a WEP key is not used by the client, the client undergoes the normal association process with the AP. The user is then granted access to the network. If a WEP key is used, both the client and the AP must have matching WEP keys. If the client uses a WEP key(s) that is different than the WEP key(s) of the AP, data traffic cannot be passed because the data is encrypted. Keep in mind that the header is not encrypted, only the payload (or data) is encrypted. Using Open Authentication, the client goes through the normal association process, whether or not the client is using a WEP key. Once the client is associated, and data transmission begins, a client using a WEP key will encrypt the data. If the WEP key on the AP does not match, then the AP is unable to decrypt the data so it is impossible to send data via the WLAN.
  • Shared Key Authentication Using Shared Key Authentication, a client must use a WEP key. The client goes through the normal authentication process. Once the client is authenticated, a challenge text packet(unencrypted) is sent to the client. The client then encrypts the packet and return it to the AP. The encryption is then checked against the WEP key(s) on the AP. If a correct WEP key has been used, then the client is allowed to associate to the AP and begin sending data using the WLAN. Shared Key Authentication is considered less secure than OPEN Authentication because of the challenge text packet. Because this packet is sent unencrypted and the returned as an encrypted packet, it may be possible to capture enough of these packets to break the encryption.
  • The reason the order of the keys must match is because a Transmit Key will have to be chosen. When sending data encrypted, the client (or AP) will use the Transmit Key to encrypt the packet. The Transmit Key information is included in the packet’s header. This lets the AP (or client) know which key to use to decrypt the packet.
  • The SSID is a configurable parameter that must match on both the wireless client and the AP. This value is checked as part of the association process. If a wireless client does not possess the proper SSID it may not be able to associate. In the past this was used WLANs to provides some measure of security. But as WLANs have changed, this feature now offers at best a rudimentary level of security. The SSID feature serves to logically segment the users and Access Points that form part of a Wireless subsystem. Under 802.11 specifications, an AP may “advertise” or broadcast it’s SSID. During the association process, any 802.11 wireless client with a “null” (no value entered into the SSID field) will request that the AP broadcast it’s SSID. If the AP is so configured, it will send the SSID to the client. The client will then use this SSID to associate to the AP. For these reasons, the SSID should not be considered a security feature on the Cisco Aironet products.
  • 802.11 WEP security makes the assumption that the threat to network security is located “outside” the LAN, meaning that the concern is that someone could “hack” into the network. There is no real protection from users who have been granted access to the network. If persistent WEP Keys are assigned to a client adapter, and the adapter is stolen, then the adapter still contains those keys. A stolen card could then be used to access the WLAN. The measure of protection against such intrusions is if the card is reported stolen, and the MAC address then disallowed. Then all of the WEP Keys must be changed. As there is no way to remotely administer WEP Keys, this could be a very burdensome task (depending on the number of wireless devices). Someone trying to hack into the network may wirelessly attach an AP to the LAN (repeater) without anyone’s knowledge. A “Rogue AP” is an AP that has been placed on a WLAN and might be used to interfere with normal network operations (denial of service attacks, for example). This AP may also provide unwanted users with information about the network such as MAC addresses of clients (both wireless and wired), the ability to capture and spoof data packets, and at worst, access to servers and files. Another problem is that an allowed user may unknowingly attach an AP to a LAN, not realizing that they may be granting access to unwanted users.
  • There are other issues with the 802.11 security methods having less to do with hardware, and more to do with administration. One of these issues is the WEP encryption is a one-way authentication. The client is authenticated with the AP, but not vice-versa. The client has no way of knowing if the AP is actually an allowed AP or potentially a rogue AP. No matter which method of authentication is used, the keys are entered statically. There is no way to generate or administer keys remotely. The best method of security is to frequently change WEP Keys. But without the ability to remotely administer these keys, this can be a daunting task. Changing keys on a global basis could be a tremendous task. There is also no way to integrate with existing network authentication methods, such as the Lightweight Directory Access Protocol (LDAP) or Remote Access Dial Up Service (RADIUS).
  • The authentication is also device-based. With this method identification is based upon MAC address, not username. And keys are typically stored in the flash memory of the card. As we have already seen, a stolen card could circumvent this authentication method. A more effective method is for authentication to be dependent on usernames and passwords, which are client independent, and which users may already possess. But even if authentication were based upon username and password, we would still want to be able to audit and/or account for usage to warn against unusual activities, such as: Unusual activity Users who don’t log in for long periods of time Users who transfer too much data, stay on too long Multiple simultaneous logins. Logins from “wrong” account In other words, what is needed is the ability to administer and monitor wireless clients just as you would wired clients.
  • The IEEE is working on a supplement to the 802.1d standard which will define the changes necessary to the operation of a MAC layer bridge in order to provide Port based network access control capability. This is the 802.1x standard. 802.1x will offer: RADIUS/EAP for encapsulation of EAP packets within RADIUS. Identification based on Network access identifier. Support for roaming access in public spaces. RADIUS support for centralized authentication, authorization, and accounting. WEP keys that will be dynamic instead of static and will no require user intervention based management. Compatibility with existing roaming technologies, enabling use in hotels and public places.
  • By providing support for the Extensible authentication protocol (EAP) the 802.1x standards is designed to leverage existing standards. Support for EAP, WLANs can now offer: Support for RFC 2284, with password authentication. Users are authenticated based upon username and password which is typically already stored in an active directory on the network. This directory is then connected to a certificate server, such as a RADIUS server or the Cisco access control server (ACS). One-Time Passwords (OTP). OTP takes a plaintext password and will encrypt it. Then plaintext passwords will never have to be typed on a non-secure connection (telnet and ftp use no encryption and therefore are not considered secure protocols). EAP support is designed to allow additional authentication methods to be deployed with no changes to the AP or client NIC. Nothing beyond the latest versions of firmware and drivers are required for the Cisco Aironet equipment to take advantage of the benefits offered with EAP.
  • Windows 2000 and Windows CE will have native support for EAP. LEAP is Cisco’s Lightweight extensible authentication protocol. The reason for a lightweight version of EAP is that the current versions of EAP may not provide the functionality that is needed or may be too demanding and could compromise the performance of the the WLAN equipment. Also, no native EAP support is currently available on legacy operating systems such as Windows 95, 98, Me, Windows NT, Linux, or Macintosh operating systems. All of these systems require LEAP. The network will also need support in backend for delivery of session key to access points to speak WEP with client. This might be the Windows 2000 RADIUS server or Cisco’s ACS.
  • An unauthorized user would not even be allowed to send any data through the AP. The process a client undergoes while “attaching” with an AP is two part, authentication and association. Authentication is the process of verifying the credentials of a client desiring to join a WLAN. Association is the process of associating a client with a given AP in the WLAN. Using Cisco Aironet’s security features means that each wireless client can be granted a new, dynamic WEP key each time they access the network. Because these keys are dynamic and session based, an intruder can not learn the system WEP keys and then use them to access the WLAN. WEP keys administered in this fashion are referred to as “session” keys. Each user will have a unique WEP key. The AP will have all of the WEP keys for each associated client, thus allowing it to communicate discreetly with each client. Users who receive information that they are unable to decrypt will discard the information.
  • SAFE Blueprints serves as a guide to network designers considering the security requirements of their network. SAFE designs focuses on the expected threats and their methods of mitigation. SAFE is based on Cisco products and those of its partners. What is your Business Environment? Size, Vertical, Regulatory Issues The SAFE Wireless Network architecture addresses the needs and concerns of securing wireless traffic within a variety of network environments such as remote, small, medium, and enterprise Risk Assessment What level of security is necessary? Comfort level? Each design takes into consideration current security options available for wireless deployments and focuses on solutions that customers can implement. Secure WLAN Architecture The designs will leverage existing wireless authentication methods in combination with VPN-based solutions, 802.1X, and WEP to provide secure connectivity for wireless clients.
  • Objectives
  • There are three unlicensed bands - 900 MHz, 2.4 GHz, and 5.7 GHz within the Industry, Medical and Scientific Frequency This presentation focuses on 2.4 GHz and 5 GHz bands which is where Cisco is focussing its product development. Cisco’s focus is on the IEEE standards. Recently, the FCC also opened up the 5.2 GHz band for unlicensed use by high speed data communications devices. 5.2 GHz is the same band that is used for the ETSI HYPERLAN specification in Europe. A nearby neighbor of the 900 MHz band is the cellular phone system. This helped the early development of the WLAN industry in the 900 MHz band because of the availability of low cost small RF components in that band. 2.4GHz has a neighbor in the PCS system. That helps with component costs too. There are no such neighbors for the 5 GHz band. The WLAN industry will have to drive the development of low cost components for 5GHz on its own, hence the cost of 5GHz technology is likely to be higher than that of lower bands for some time
  • 802.11b is the only standard available today as a worldwide standard. This is the only technology that can be deployed in Europe today. 802.11g which also works in the 2.4GHz Frequency Band is under development, but has not been ratified by the IEEE. This will also need to be approved by the regulatory regions, but may be available worldwide when products are expected to start shipping in approximately 9-12 months. 802.11g is an attractive migration path, allowing more bandwidth in the 2.4GHz because being in that band it is fully backward compatible with 802.11b products 802.11a as a standard has been ratified, but has only been approved for use in the Americas and some areas within Asia-Pacific. There is a sub-committee within the IEEE standards bodies to extend this standard to Europe, where additional requirements are demanded (including Frequency Detection and Transmit Power Control). Ratification of this standard (802.11h) and approval within Europe is expected no earlier than early 2003. HiperLAN2 has been the standard backed by many European organisations. However, many of its supporters are now backing away from this and supporting the extension of 802.11a (I.e. 802.11h) to the rest of the world. 802.11b and .11g both operate in the 2.4GHz frequency band where other devices such as mobile phones, microwaves and Bluetooth operate. As well as the higher data rates, 802.11a is also in the 5GHz frequency band which is not subject to interference. The 5GHz band also provides 8 channels instead of 3 in the 2.4GHz band, ensuring that this technology is much more applicable for scalable solutions. However, it should be noted that range decreases with an increase in frequency. Hence the range expectations of 802.11a products is less than that provided today by the 802.11b products.
  • Cisco is fully engaged in the IEEE standards committee, and chairs some of these sub committees Cisco is committed to providing standards based products and therefore works in parallel with the standards committees to develop standards based products
  • Assuming a 6dB antenna: (The radiated power is) U-NII 1 – 50 mW in the US/Japan, 200mW in Europe, 4 Channels (5.15-5.25), Indoor Access- Fixed Antenna U-NII 2 – 250 mW in US, 4 Channels (5.25-5.35)- Indoor/Outdoor Use – Flexible Antenna U-NII 3 – 1W in the US, 4 Channels (5.725-5.825) – Outdoor Bridging only HiperLAN – 200 mW in Europe, 8 Channels (5.25-5.35) – Indoor Use only HiperLAN– 1W in Europe, 11 channels (5.470-5.725) – Indoor/Outdoor Use –Flexible Antenna
  • Orthogonal Frequency Division Multiplexing (OFDM) modulation provides up to 54 Mbps data rate The central advantage of 802.11a over 802.11b is the ability to achieve higher data rates and associated higher aggregate throughput. This performance advantage is a function of the modulation technique, Orthogonal Frequency Division Multiplexing or OFDM. It is also the case that OFDM has more stringent Signal to Noise Ratio requirements than the CCK modulation technique used for 802.11b. As range increases, the signal grows weaker relative to the ambient noise in the environment, resulting in the inverse relationship between data rate and range. This is true for both 802.11a and 802.11b but is more pronounced with OFDM-based 802.11a. Other data rates for longer range: 48, 36, 24, 12 and 6 Mbps Given the above, it is expected that customers, particularly in initial deployments may choose to architect the wireless LAN such that all users will not be within the highest data rate coverage area. This will serve to decrease system cost by reducing the number of access points required for full coverage. Initial reports from our competitors suggest that the coverage area provided at 48 and 54 Mbps in particular will be so small as to be financially impractical. Cisco’s approach, as previously stated, is to maximize range at all data rates such that customer’s 802.11a deployments will provide for the highest performance possible for the greatest number of users possible within the budgetary constraints of the customers. One can envision a scenario where an access point at half the cost of Cisco but with less than half the range of a Cisco device will actually result in a higher total system cost when the required (high) data rate is held constant. In this scenario, range relates not only to cost but performance as well as the data rate is a function of range. It is understood that Cisco will maximize range for all supported data rates, again leading to a lower total system cost regardless of the minimum data rate required for the application. Built on technology gained from Radiata acquisition Cisco is unique among the vendors in the 802.11a space in that we have made the investment (through acquisition) in silicon level technology. The Aironet acquisition provides for the Media Access Controller used in our 802.11a (and all other offerings) while the Radiata acquisition provides for the Physical Layer (baseband processor) as well as the radio front end itself. All other manufacturers currently rely on merchant silicon from what is today the sole independent source for 802.11a silicon, Atheros. These manufacturers have only limited availability to differentiate their products. Cisco, conversely, is far better able to innovate and differentiate as we have control of all the components that make for the complete solution. This unique capability will manifest itself in the advantages of our initial product offering. Moreover, this ability will provide for further feature differentiation as the technology matures and the product offering expands.

Wireless Networking Slides Wireless Networking Slides Presentation Transcript

  • Wireless Networking
    • WiFi 802.11b/g/a
    • Bluetooth
    • 3G PCS
    • 802.11s Mesh
  • WiFi 802.11b/g/a
    • Introduction
    • RF Bands
    • 802.11b
    • Equipment
    • Site Survey
    • Security
    • Future
  • What is a Wireless LAN? Internet Ethernet Hub/ Switch 10/100 Mbps Shared Bandwidth (CSMA/CD) Ethernet Access Point 11 Mbps Shared Bandwidth (CSMA/CA)
    • In-Building WLANs
    WLAN Product Categories Building-to-Building WLANS
    • Wireless Bridging
    • LAN-to-LAN connectivity
    Two Different Implementations of Wireless LAN Technology
    • Wireless Networking
    • Mobile user connectivity
  • High-Speed Access Anywhere, Anytime Ethernet Everywhere 10/100 Ethernet Layer 3 Switched Ethernet Gigabit Ethernet Wireless Ethernet Long-Reach Ethernet Ethernet Technologies Solutions and Building Blocks Environments Wireless Switches At Home On the Road At Work Security Access At School
  • Wireless Technologies PAN (Personal Area Network) LAN (Local Area Network) WAN (Wide Area Network) MAN (Metropolitan Area Network) PDAs, Mobile Phones, cellular access Fixed, last mile access Enterprise networks Peer-to-Peer Device-to-Device Applications Long Medium-Long Medium Short Range 10 to 384Kbps 22+ Mbps 2 to 54+ Mbps < 1Mbps Speed GSM, GPRS, CDMA, 2.5-3G 802.11 MMDS, LMDS 802.11a,11b,11g HiperLAN2 Bluetooth Standards WAN MAN LAN PAN
  • Local Area Network (LAN) Hub Server Switch Internet Access Point Hub Wireless LAN (WLAN) as an extension to wired LAN Work Group Bridge
  • Typical WLAN Topologies Access Point Wireless “Cell” Channel 6 Wireless Clients LAN Backbone Channel 1 Access Point Wireless “Cell” Wireless Clients
  • Wireless Repeater Topology Channel 1 Access Point Wireless Clients Channel 1 Access Point Wireless Repeater “Cell” LAN Backbone
  • Work Group Bridge Application Server Access Point WGB Hub
  • ISM Unlicensed Frequency Bands Extremely Low Very Low Low Medium High Very High Infrared Visible Light Ultra- violet X-Rays Audio AM Broadcast Short Wave Radio FM Broadcast Television Infrared wireless LAN Cellular (840 MHz) NPCS (1.9GHz) Ultra High Super High 902-928 MHz 26 MHz 5 GHz (IEEE 802.11) HyperLAN HyperLAN2 2.4 – 2.4835 GHz 83.5 MHz (IEEE 802.11)
  • 900 MHz vs. 2.4 GHz vs. 5 GHz 900 MHz band 2.4 GHz band 5 GHz band PROs CONs Greater range than 2.4 GHz band ( for in- building LANs) Global market IEEE 802.11 Higher data rates (10+ Mbps) Global market IEEE 802.11 Higher data rates (20+Mbps) Less range than 900 MHz (for in-building LANs) Maximum data rate 1 Mbps Limited bandwidth Crowded band Much less Range than 900 MHz or 2.4 GHz Higher cost RF components Large antenna required
  • What Is Spread Spectrum RF Technology?
      • Data sent over the air waves
      • Two-way radio communications (half duplex)
      • Cisco designs and manufactures its own radios
      • Same radio frequency for sending & receiving (transceiver)
      • No licensing required for Cisco Aironet Wireless products
  • 802.11b
  • IEEE 802.11 Standard
    • IEEE 802.11 became a standard in July 1997
      • Infrared
      • RF
    • Two RF technologies defined:
      • Direct sequence spread spectrum - 1 Mbps and 2 Mbps
      • Frequency hopping spread spectrum - 1 Mbps and 2 Mbps
    • IEEE 802.11b became a standard in September 1999
      • Only one RF technology defined- DSSS at 5.5 Mbps & 11 Mbps
    • 802.11 defines a high-performance radio
    • 802.11 promises “true” vendor interoperability (over the air)
  • Interoperability
    • 802.11 covers RF connectivity, association processes, and modulation schemes
      • Does not cover AP-to-AP connectivity over the wired network, roaming, load balancing, or repeaters
      • These features are vendor specific and proprietary
      • Choose a single vendor for the wireless backbone
  • Cisco Radio Technology
    • Direct Sequence Spread Spectrum (DSSS)
      • 2.4 GHz
      • One piece PCMCIA radio product
      • 1, 2, 5.5 and 11 Mbps
      • Fully 802.11 compliant at all speeds
  • Spread Spectrum Approaches Both technologies are viable. Direct Sequence Frequency Hopping Frequency not used Frequency not used 22 FREQUENCY TIME POWER 2.402 GHz 2.483 GHz 1 Mw Mhz 100 Mw Mhz 1 Ms 1 Sec
  • Channels- 802.11 DS
      • (11) 22 MHz wide stationary channels
      • X “chips per bit” means each bit sent redundantly
      • 11 Mbps data rate
      • 3 non-overlapping channels
      • 3 Access Points can occupy same area
    1 2 3 4 5 6 7 8 9 10 11 Channel Frequency 2400 2483 2437
  • Frequency Hopping
      • A total of 79 channels, available
      • Changes frequency (hops) at least every 0.4 seconds
      • Synchronized hopping required
    Frequency 2.400 GHz 2.483 GHz 1 2 3 4 5 6 7 8 9 Time
  • DS vs. FH: A Summary on Interference Handling Time
      • FH system hops around interference
      • Lost packets are re-transmitted on next hop
      • Data may be decoded from redundant bits
      • Can move to an alternate channel to avoid interference
    1 2 3 Frequency 2.400 GHz 2.4835 GHz Direct Sequence Channel 11 Channel 1 Channel 6 Frequency 2.400 GHz 2.4835 GHz Frequency Hopping
  • Access Point Coverage 1Mbps DSSS 5.5 Mbps DSSS 11 Mbps DSSS 2 Mbps DSSS
  • Moduation Profiles 1 Mbps DBPSK Diff Binary Phase Shift Keying 2 Mbps DQPSK Diff Quad Phase Shift Keying 5.5 Mbps CCK Complementary Code Keying 11 Mbps CCK Complementary Code Keying Higher data rates use less reliable modulation profiles and require stronger received signal strength to operate properly. Tradeoff between speed and reliability. Minimal Required Signal Strength for Aironet 350: 1 Mbps -94 dBm 2 Mbps -91 dBm 5.5 Mbps -89 dBm 11 Mbps -85 dBm
  • Scalability With Direct Sequence Blue = 11Mb Green = 11Mb Red = 11Mb Total Bandwidth=33Mb!!!
  • Channel Setup Site Survey Channel Example Channel 1 Channel 6 Channel 11 Channel 1 Channel 6 Channel 11 Channel 11 Channel 1 Channel 6 Channel 11
  • Access Point Coverage & Data Rate Shifting Review 1 Mbps DSSS 2 Mbps DSSS 5.5 Mbps DSSS 11 Mbps DSSS
  • Multi-rate Implementation Site Survey Bandwidth Example 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps
  • 350 (100mW) Cell Size Comparison 100 milli-Watt client and Access Point range capabilities 11 Mbps DSSS 100-150 feet radius 5.5 Mbps DSSS 150-250 feet radius 2 Mbps DSSS 250-350 feet radius
  • Scalability Requirements for WLANs
    • Robust roaming for seamless handoff between access point
    • Centralized user- based authentication
    • Dynamic WEP key distribution and management
    • Subnet roaming
    • Client support for all popular operating systems
  • WLAN Topologies Multiple AP’s with roaming Redundant WLAN Wireless Repeaters
  • Rate Shifting
    • Survey performed at each data rate
    • Coverage cell for each rate mapped
    • Higher rates – shift to proper areas
    • Lower rates – overlap and frequency
    5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps 5.5 Mbps 11 Mbps 2 Mbps
  • Wireless Office Maximum Coverage Auto Rate Negotiation Wireless Mobile Workers DiPole Antennas Office 1 Office 3 Class 1 Hallway 2000’ 850’ Office 4 Office 5 Office 6 Office 7 Office 8 Office 2 Office 9 Office 11 Conference Room Break Room Office 10 AP’s on Isolated LAN with PIX 1 11 1 11 6 1 11 6
  • Indoor/Outdoor Coverage Maximum Coverage Auto Rate Negotiation Wireless for Mobile Workers DiPole Indoor, Patch Outdoor Office 1 Office 3 Hallway 1000’ 850’ Office 4 Office 2 AP’s on Isolated LANwith PIX Conference Room Break Room Building Courtyard 1000’ 11 6 6 1 11 1
  • Warehouse Design Sample Maximum Coverage Auto Rate Negotiation Cabling Available to Middle of Room High Gain Mast Mount Antennas 2000’ 850’ 1 6 11 1 1 6 11 6
    • Upon completion of this chapter, you will be able to perform the following tasks:
      • Determine the feasibility of installing a wireless bridge link.
      • Explain why a wireless bridge may be a better solution than other alternatives.
      • Determine the maximum distance that can be achieved using wireless bridges with given antennas and extension cables.
      • Protect a wireless bridge installation against a lightning strike.
  • Bridging Defined
  • Wireless Bridge Alternatives Medium Drawbacks Phone lines Monthly costs Installation costs (56K, T1) Slow Extra equipment needed Inflexible Physical barriers may preclude Difficult installation High cost Microwave FCC Licensing required Cable Installation costs
  • Point-to-Point Configuration 0 to 25 miles (line of sight) Ethernet Bridge Optional Antenna Building A Building B Optional Antenna
  • Point-to-Multipoint Configuration Ethernet Bridge Building B Building C Building A Directional Antenna Omni-directional Antenna Directional Antenna
  • Optional Antennas for Long Range 13.5dBi Yagi Distances over 6.5miles @ 2Mbps and 2miles @11Mbps 21dBi Solid Dish For distances up to 25+ miles @ 2Mbps 11.5miles @ 11Mbps Note: Distances include 50 feet of low loss cable and 10dB fade margin
  • Common Questions 340 Wireless Bridge How Fast? Max data rate 11.5+ Miles 11 Mbps 5.5 Mbps 2 Miles How Far? (at MAX rate) Typical throughput Yagi antenna 2 Mbps 1.4 Mbps 6.5 miles 25+ miles Dish antenna
  • Bridge Application: School District Richardson Elementary Yagi Lincoln Elementary Yagi Bode Elementary Yagi Price Elementary Yagi Dewitt Elementary Yagi Bolich Middle School Yagi Roberts Middle School Dish Weaver- Special Education Dish High School 2 Bridges One 12dB omni One Dish Administration 2 Bridges One 12dB omni One Yagi Channel #11 Channel #6 Channel #1
  • Lightning
    • Static Electricity
      • Wind
      • Nearby Strikes
    Ethernet Bridge
  • Path Loss Considerations How far will it go? 22 miles?
  • Calculations of Coverage Performance Coax Length 150ft? Coax Length 100ft? Wants 11Mb datarate Distance =13miles Towers needed to clear trees and other buildings
  • Calculations of Coverage Performance
  • Line of Sight
    • The following obstructions might obscure a visual link:
      • Topographic features, such as mountains.
      • The curvature of the Earth.
      • Buildings and other man-made objects
      • Trees
    Line of site!
  • Longer Distances
    • Line of Sight disappears at 6 miles due to the earth curve
  • Fresnel Zone Fresnel Zone
  • Improving Fresnel Effect
      • Improve the Fresnel effect:
      • Raise the antenna
      • New structure
      • Existing structure
      • Different mounting point
      • Remove trees
  • Site to Site Fresnel Zone
    • Antenna Height
      • Fresnel zone consideration
      • Line-of-Sight over 25 miles hard to implement
    Total Distance Fresnel @ 60% (Value “F”) Earth Curvature (Value “C”) Antenna Height (Value “H”)
  • Antenna Alignment Line of Sight
  • Antenna Alignment
  • Antenna Alignment
  • Antenna Installation Towers and antennas may require permits and must meet local regulations.
  • Cisco Aironet 1200 Series Access Points – other features
    • Wi-Fi certified – 11Mbps data rate
    • Up to 100 mW output power
    • Aluminum case for plenum rating; UL 2043 certified;extended operating temperature ( -20 to 55  C)
    • 2 separate locking mechanisms
  • Cisco Aironet 350 Series Access Points
    • Same great features of 1200 series in a static platform
    • Affordable cost point to meet all budget requirements
    • Reliable interoperability with 1200 series 802.11b solutions
    • Software upgrade path for future software enhancements
    • Dynamic WEP Security
  • Cisco Aironet 350 Client Adapters
    • PCMCIA card for Laptops and PDAs
    • PCI adapter for Desktops
    • Mini-PCI for embedded applications
    • Driver Support
      • Windows 95, 98, Me, NT 4.0, 2000, XP
      • Windows CE 2.11, 3.0 (Pocket PC)
      • Linux
      • Mac OS 9, X
    • Utilities include user configuration and site survey tool for simple installation and upgrade
    • Workgroup Bridge
  • 350 Series Wireless Bridge
    • Building-to-building links of up to 25 miles (40.2 km)
    • Flexibility: point-to-point and point-to-multipoint
    • Metal case for durability and plenum rating; UL 2043 certified
    • In-line power; simplified installation tools; industry-leading receive sensitivity
    • Management capabilities:
      • SNMP, Telnet, FTP, HTML
      • 802.1d spanning tree
  • Aironet 1200 Ethernet In-Line Power
    • Aironet 350 uses Ethernet in-line power ONLY
    • Eliminates need for local power and AC infrastructure cost
    • Draws in-line power from edge devices
    • (-48 Volts)
    • Catalyst power switches support device discovery mode
    • Ethernet In-line Power Source:
    • Catalyst 3524 Power Switch
    • Catalyst 6000 Power Blade
    • Catalyst 4000 Power Blade
    • 48 Port Power Patch Panel
    • Ethernet In-line Power Source:
    • Aironet Power Injector
    No Power Power Power
  • Cisco Aironet Antennas
    • Directional
    • Patch
    • Yagi
    • Dish
    • Omni Directional
    • Dipole
    • Mast mount
    • Ceiling mount
    • Ground plane
  • 2.4Ghz Omni-Directional Antennas
    • 2.2dBi Dipole “Standard Rubber Duck”
    • Cisco Aironet Part # AIR-ANT4941
  • 2.4Ghz Omni-Directional Antennas
    • 12dBi Omni Directional (Outdoor only)
    • Cisco Aironet Part # AIR-ANT4121
  • 2.4Ghz Directional Antennas
    • 3dBi Patch Antenna – 65 degree
    • Cisco Aironet Part # AIR-ANT3195
  • 2.4Ghz Directional Antennas
    • 13.5dBi Yagi Antenna – 25 degree
    • Cisco Aironet Part # AIR-ANT1949
  • 2.4Ghz Directional Antennas
    • 21dBi Parabolic Dish Antenna – 12 degree
    • Cisco Part # AIR-ANT3338
  • Beam Mounting
    • Zip ties
    • 2x4 secured with beam clamps
    • Mounting bracket secured with beam clamps
    • Mount antenna in same position they were surveyed
  • Antenna Mounting
    • Some antennae not shipped with mounting brackets
    • Modify brackets to fit your needs
    • Modified brackets can be used with a variety of antennae
    • Be creative
    Ceiling Mount Mast Mount Patch
  • Antenna Mounting
    • Sometimes antennae are mounted in unusual ways
    • Specify in your report exactly how the antenna is to be mounted
  • NEMA Enclosures Mounting plate with standoffs Electrical Workbox Bulkhead Extender (Part #AIR-ACC2537-018 [18 inch], AIR-ACC2537-060 [60 inch]) External Antenna Connector
  • Lab 2B – ACU Site Survey (cont’d)
  • RF Propagation
    • Radio waves are reflected just like light waves
    • Can reduce the reflected waves by using directional antennae
  • RF Propagation
    • Waves 180 0 out of phase will create a “null” or dead spot
    • Use diversity antennae to help overcome nulls
    • When using a single antenna, change the antenna location to overcome the null
  • RF Propagation
    • If the RF wave is unable to pass through an object, it may suffer from Diffraction
    • Diffraction creates RF “shadows”
  • Site Survey
  • Site Survey
  • Site Survey
  • Channel Selection AP1 Channel 1 AP 4 Channel 1 AP 6 Channel 11 AP 5 Channel 6 AP 3 Channel 11 AP 2 Channel 6
  • Data Rates Surveyed at 2Mb Surveyed at 5.5Mb
  • Interference (cont’d) Cardboard Wood Paper Electrical Transformers Microwave Ovens Fluorescent Lighting Firewalls
  • Why would I want a Site Survey?
  • Customer Assistance How many? Where? Throughput? RF WLAN Coverage Wired A v e . Wireless Blvd.
  • Older Security Methods
    • Older forms of security on WLANs
      • SSID
      • Authentication controlled by MAC
  • 802.11 Security
    • WEP (Wired Equivalency Privacy)
      • 40 bit keys
      • 128 bit keys
      • Part of the association process
      • WEP uses the RC4 stream cipher of RSA Data Security, Inc. (RSADSI) for encryption.
  • 802.11 Open Authentication Steps to Authentication: Client sends probe. AP sends Probe Response. Client evaluates AP response, selects best AP. Client sends authentication request to selected AP (A). AP A confirms authentication and registers client. Access Point A Access Point B
  • 802.11 Shared Key Authentication
    • Steps to Authentication:
    • Steps 1 - 3 are the same as Open Authentication
      • AP A confirms authentication
      • and sends unencrypted test
      • packet.
      • Client encrypts packet and
      • returns to AP. AP checks encryption against WEP key.
      • Correct WEP key is allowed on
      • the network. Incorrect WEP key
      • is not not allowed to associate.
    Access Point A Access Point B
  • Configuring WEP Keys (cont.) Key1=1234…… Key2=5678…… Key3=9012……Key4=3456…… Key1=1234……Key2=5678…… Key3=9012…… Key4=3456…… Header: Use Key3 Data: Encrypted using KEY3 Trailer Header: Use Key2 Data: Encrypted using KEY2 Trailer
  • 802.11 Security Issues
    • SSID (Service Set Identifier)
      • 32 ASCII character string
      • Under 802.11, any client with a ‘NULL’ string will associate to any AP regardless of SSID setting on AP
      • This should not be considered a security feature
  • 802.11 Security Issues (cont.)
    • Assumes threat is “outside” the LAN
    • Hardware Theft
    • Rogue APs
  • 802.11 Security Issues (cont.)
    • Authentication is one-way
    • No way to dynamically generate keys
    • No integration with existing network authentication methods on LAN
    • Keys are static
  • 802.11 Security Issues (cont.)
    • Authentication is device-based
    • No method for account auditing
  • 802.1x
    • 802.1x is an IEEE Standard in progress for Port Based Network Access Control
      • EAP
      • Improved user authentication: username and password
      • Dynamic, session-based encryption keys
      • Centralized user administration
  • 802.1x advantages for WLANs
    • Extensible authentication support
      • EAP designed to allow additional authentication methods to be deployed with no changes to the AP or client NIC
      • Password authentication
      • One-Time Passwords
      • Smartcard authentication and Security Dynamics
  • EAP and LEAP
    • Operating systems with native EAP support:
      • Windows 2000, CE
    • Cisco LEAP Authentication type
      • Legacy Operating Systems
      • Quick support on multitude of host systems
      • Implementation reduces support requirements on host systems
  • Improved Security (cont.) Session Keys
  • 802.1X Protocol in WLAN Environment ~ ~
    • User requests access. AP prevents network access.
    • Encrypted credentials sent to authentication server.
    • Authentication server validates user, grants access rights.
    • AP Port enabled and dynamic WEP keys are assigned to client (encrypted).
    • Wireless client can now access general network services securely.
    Access Point Very scalable Supports a variety of authentication types (EAP-TLS, EAP-LEAP, biometrics, etc.) Standards based solution Centralized policy control Other network servers And services Encrypted WEP Wireless Client Authentication Server 1 2 4 3 5 Very scalable Strong Authentication Transparent Roaming Better multicast capability Standards based solution
  • 802.1x Authentication Process Start broadcast key identity AP sends client broadcast key, encrypted with session key AP blocks all requests until authentication completes identity RADIUS server authenticates client Request identity Client authenticates RADIUS server key length client AP RADIUS server Derive key Derive key
  • Comparison between Aironet Dynamic WEP and VPN solutions in intranets
    • VPN Solution
      • 3DES, end-to-end security
      • Somewhat less scalable
      • More expensive
      • Works with Aironet solution
      • No mobility between VPN Concentrators; roaming latency
      • Loss of QoS insight
    • Aironet Dynamic WEP & Enhanced Security Suite
      • Encryption only between client and AP
      • Highly scalable
      • Less expensive
      • Seamless mobility between profiles and locations
      • End-to-end QoS integration
    VLAN VPN Server Access Point Local Network ACS RADIUS Server Secure VPN connection VPN at the office Aironet Dynamic WEP at the office Cisco offers BOTH solutions! Application Servers Enterprise Intranet
  • Cisco Wireless Security Suite No WEP and Broadcast Mode Wi-Fi 40-bit, 128-bit, and Static WEP Dynamic Key Management System, Mutual Authentication, and 802.1x via EAP End-to-end security using VPN Public Access No Security Telecommuter and Small Business Basic Security Mid-Market and Enterprise Enhanced Security Mobile User and Public Access Specialized Security
  • Assessing Security Requirements
      • Analyze your business environment
      • Perform your risk assessment
      • Determine your Cisco wireless security profile ….
      • Security =
      • Authentication + Encryption
  • ISM Unlicensed Frequency Bands Audio AM Broadcast Short-Wave Radio FM Broadcast Television Infrared Wireless LAN Cellular 840 MHz NPCS 1.9 GHz Extremely Low Very Low Low Medium High Very High Ultra High Super High Infrared Visible Light Ultra- violet X-Rays 902–928 MHz 26 MHz 5 GHz IEEE 802.11a HyperLAN HyperLAN2 2.4–2.4835 GHz 83.5 MHz IEEE 802.11b
  • Wireless LAN Technologies The Laws of Radio Dynamics: Higher data rates = shorter transmission range Higher power output = increased range, but lower battery life Higher frequency radios = higher data rates, shorter ranges 802.11b 802.11a HiperLAN2 2.4 GHz 5 GHz 5 GHz Worldwide US/AP (initially) Europe 1-11 Mbps (now) 20-54 Mbps (now) 100+Mbps (future) 20-54 Mbps (??) Freq. Band Coverage Data Rate 802.11g 2.4 GHz Worldwide (subject to approval) <54 Mbps (?? mths)
  • IEEE 802.11 Standard Activities
    • 802.11a - 5GHz- ratified in 1999
    • 802.11b - 11Mb 2.4GHz- ratified in 1999
    • 802.11d - Additional regulatory domains
    • 802.11e - Quality of Service
    • 802.11f - Inter-Access Point Protocol (IAPP)
    • 802.11g - Higher Data rate (>20mBps) 2.4GHz
    • 802.11h - Dynamic Frequency Selection and Transmit Power Control mechanisms
    • 802.11i - Authentication and security
  • Understanding the 5 GHz Spectrum Europe 19 Channels (*assumes no antenna gain) 1W 200mW UNII-1: Indoor Use, antenna must be fixed to the radio UNII-2: Indoor/Outdoor Use, fixed or remote antenna UNII-3: Outdoor Bridging Only UNII-1 40mW UNII-2 200mW US (FCC) 12 Channels (*can use up to 6dBi gain antenna) UNII-3 800mW 11 Ch 4 Ch 4 Ch 4 Ch *if you use a higher gain antenna, you must reduce the transmit power accordingly 5.15 5.35 5.470 5.725 5.825 5GHz UNII Band 5.25
  • Characteristics of 802.11a
    • Orthogonal Frequency Division Multiplexing (OFDM)
      • Data rates supported: 54, 48, 36, 24, 12 & 6Mbps
      • Can “downshift” to lower data rates for longer range
    • Compliant with FCC and Japanese regulations
      • Initial offering will not be available in EMEA & portions of Asia/Pacific
    • 5GHz band has more channels than 2.4GHz band
      • UNII-1 + UNII-2 = 8 non-overlapping channels
      • (vs. 3 channels for 2.4GHz)
  • 802.11 a/b/g Comparison YES 54Mbps 2.4GHz 802.11g NO 54Mbps 5.8GHz 802.11a n/a 11Mbps 2.4GHz 802.11b Backwards Compatible Max speed frequency standard
  • Bluetooth
    • Ethernet framing
    • Short distances only (typical 10 meters)
    • Applications-
    • Network notebooks, PDAs, printers, phone, etc., in a cubical or home office.
    • Share files with others in a conference room.
  • 3G PCS
    • 3 rd Generation Personal Communications Service (3G PCS)
    • Use cell phone CDMA and GSM technology on existing cell phone network infrastructure.
    • Offered by cell phone companies with cell phone services like Cingular/AT&T, Sprint, Verizon.
    • Currently on 3 rd generation or “3G” of this technology.
  • 3G PCS - Speed
    • This technology is assymetrical with the following download speeds:
    • 1G 14Kbps
    • 2G 56K – 80Kbps
    • 3G 300Kbps (current)
    • 4G 10Mbps ??? (future)
  • 3G PCS - Cost
    • $150 3G CardBUS network card
    • (Use in notebook pc or PDA)
    • $75/mo 3G service with unlimited use
  • 3G PCS - Uses
    • 1. Attach individual notebook computer to the Internet, and optionally use VPN encryption to access secure network. Eg Florida Highway Patrol (FHP).
    • 2. Use with PCS router to provide wired and 802.11b wireless access using PCS as Internet uplink for small office, trade show, etc.
  • 802.11s Mesh Networks
    • Proprietary only today—
    • Tropos, BelAir Networks, Firetide, Nortel
    • 802.11s Task Group working on standard
    • Devices-
    • Mesh Gateway (hard wired to network)
    • Mesh Router (wireless only)
    • 802.11b or 802.11g client
  • 802.11s Mesh - Tropos
    • Tropos “Metromesh”
    • Mesh Gateways connect to wired network and talk wirelessly to Mesh Routers and 802.11b/g clients.
    • Designed for outdoor installation where Mesh Routers require only power.
    • Predictive Wireless Routing Protocol (PWRP) optimizes the switching path for Mesh Routers to relay to a Mesh Gateway while consuming less than 5% of the bandwidth.
    • End user may be relayed wirelessly through several Mesh Routers.
  • 802.11s Mesh - MIT
    • Working on building $100 laptop computer to bring technology to undeveloped countries.
    • 2 problems- (1) Power, (2) network access.
    • 1- Charge battery with hand crank
    • 2- Built-in custom Mesh network software with integrated 802.11b/g hardware
  • 802.11s Mesh - Intel
    • Working on chipsets 802.11g chipsets with additional features for discovery, security, authentication, etc., to build mesh networks supporting 802.11s.
    • Designing Mesh portals to connect mesh networks to other technologies like 802.11g
    • 802.11s technical editor is also Intel wireless network architecht