2. 5-2
802.11 Wireless LANs (WLANs)
• Wireless LAN Technology
– 802.11 is the dominant WLAN technology today
– Standardized by the 802.11 Working Group
– Popularly known as Wi-Fi
3. 5-3
802.11 Wireless LANs (WLANs)
Wireless hosts connect
by radio to access points
Wireless hosts connect
by radio to access points
5. 5-5
802.11 Wireless LANs (WLANs)
WLANs usually supplement wired LANs
instead of replacing them.
The access point connects wireless users
to the firm’s main wired LAN (Ethernet)
WLANs usually supplement wired LANs
instead of replacing them.
The access point connects wireless users
to the firm’s main wired LAN (Ethernet)
This gives the mobile client access to
the servers on the wired LAN and
the firm’s router for Internet access
This gives the mobile client access to
the servers on the wired LAN and
the firm’s router for Internet access
1
6. 5-6
802.11 Wireless LANs (WLANs)
Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps.
Distances between station and access point: 30 to 100 meters.
Transmission speed: up to 300 Mbps but usually 10 Mbps to 100 Mbps.
Distances between station and access point: 30 to 100 meters.
7. 5-7
Recap of Radio Propagation
Concepts
• Frequency
– Radio waves are measured in terms of frequency
– Measured in hertz (Hz)—the number of complete cycles
per second
• Most Common Frequency Range for WLANs:
– High megahertz to low gigahertz range
9. 5-9
Channel Bandwidth and Speed
• Channel Bandwidth
– Channel bandwidth is the highest frequency in a channel
minus the lowest frequency
– An 88.0 MHz to 88.2 MHz channel has a bandwidth of
0.2 MHz (200 kHz)
10. 5-10
Channel Bandwidth Speed
• Broadband and Narrowband Channels
– Broadband means wide channel bandwidth and
therefore high speed
– Narrowband means narrow channel bandwidth and
therefore low speed
– Today, any speed, whether in channels or not, is called
narrowband or broadband
• Narrowband is below 200 kbps
• Broadband is above 200 kbps
11. 5-11
Licensed and Unlicensed Bands
• Licensed Radio Bands
– If two nearby radio hosts transmit in the same channel,
their signals will interfere
– Most radio bands are licensed bands, in which hosts
need a license to transmit
– The government limits licenses to avoid interference
– Television bands, AM radio bands, etc., are licensed
– In cellular telephone bands, which are licensed, only the
central transceivers are licensed, not the mobile phones
12. 5-12
Licensed and Unlicensed Bands
• Unlicensed Radio Bands
– Some service bands are set aside as unlicensed bands
– Hosts do not need to be licensed to be turned on or
moved
– 802.11 operates in unlicensed radio bands
– This allows access points and hosts to be moved freely
13. 5-13
802.11 in the 2.4 GHz and 5 GHz
Unlicensed Bands
• The 2.4 GHz Unlicensed Band
– Defined the same in almost all countries (2.400 GHz to
2.485 GHz)
– This sameness reduces radio costs
– Propagation characteristics are good
– For 20 MHz 802.11 channels, only three nonoverlapping
channels are possible
• Channels 1, 6, and 11
14. 5-14
Mutual Interference in the 2.4 GHz Unlicensed
Band
If two nearby access points operate on the same channel,
the access points and their stations will interfere with each other
15. 5-15
802.11 in the 2.4 GHz and 5 GHz Unlicensed
Bands
• The 5 GHz Unlicensed Band
– Radios in the 5 GHz band are expensive because
frequencies in different countries are different and
because higher-frequency technology is more expensive
than lower-frequency technology
– Also, smaller market sales mean more expensive
devices
– Shorter propagation distance than in the 2.4 GHz band
because of greater absorptive attenuation at higher
frequencies
– Deader shadow zones because of higher frequencies
16. 5-16
802.11 in the 2.4 GHz and 5 GHz Unlicensed
Bands
• The 5 GHz Unlicensed Band
– More bandwidth than in the 2.4 GHz band, so between
11 and 24 non-overlapping channels
– Allows many nearby access points to operate on non-
overlapping channels
– Or, some access points can operate on two channels
• They serve some clients with one channel, some with
the other
• This allows them to serve more clients with good
throughput
17. 5-17
Spread Spectrum Transmission Methods
Early spread spectrum products used one of two slow methods.
In frequency hopping spread spectrum, the signal was kept narrow,
but it hopped around in frequency every two or three frames.
In direct sequence spread spectrum, the signal is spread over
The entire spread spectrum band.
Both have technical limits and all newer 802.11 standards
use a different type of spread spectrum transmission.
18. 5-18
Spread Spectrum Transmission Methods
Newer 802.11 standards use OFDM:
Orthogonal Frequency Division Multiplexing.
OFDM divides the entire channel into smaller subcarriers (subchannels).
It sends part of the signal in each subcarrier.
Information is sent redundantly among the subcarriers,
so the whole message will get through even if some subcarriers are bad
Using smaller channels gives more precise signal spreading
than spreading the signal over the entire channel.
This in turn allows much faster transmission speeds.
19. 5-19
Typical 802.11 Wireless LAN Operation with
Wireless Access Points
802.11 and 802.3 have different frames
1. The access point receives an 802.11
frame carrying the packet
2. The access point removes the packet,
places the packet into an 802.3 frame
and passes the frame on to the Ethernet switch
3. The Ethernet switch sends the 802.3 frame to
the server.
20. 5-20
Hosts and Access Points Transmit in a Single
Channel
The access point and all the hosts it serves
transmit in a single channel
If two devices transmit at the same time,
their signals will collide, becoming unreadable
Media access control (MAC) methods
govern when a device may transmit;
It only lets one device transmit at a time
21. 5-21
CSMA/CA+ACK in 802.11 Wireless
LANs
• CSMA/CA (Carrier Sense Multiple Access with
Collision Avoidance)
– Sender listens for traffic
• 1. If there is traffic, the sender waits
• 2. If there is no traffic:
– 2a. If there has been no traffic for less than a
present amount of time, waits a random amount of
time, then returns to Step 1.
– 2b, If there has been no traffic for more than a
preset amount of time, sends without waiting
– This avoids collision that would result if hosts could
transmit as soon as one host finishes transmitting
Box
22. 5-22
CSMA/CA+ACK in 802.11 Wireless
LANs
• ACK (Acknowledgement)
– Receiver immediately sends back an
acknowledgement
• If sender does not receive the acknowledgement,
retransmits using CSMA
– CSMA/CA plus ACK is a reliable protocol
• CSMA/CA+ACK must be reliable because radio
transmission is unreliable
Box
24. 5-24
Specific 802.11 Wireless LAN
Standards
Characteristic 802.1
1
802.11a 802.11b 802.11g 802.11n 802.11ac
Spread
Spectrum
Method, etc.
FHSS OFDM DSSS OFDM OFDM +
MIMO
OFDM +
MIMO
Unlicensed
Band
2.4
GHz
5
GHz
2.4
GHz
2.4 GHz 2.4 GHz
and 5 GHz
5 GHz
only
Remarks Dead
and
gone
Little
market
accep-
tance
Bloomed
briefly
Now
obsolete
Today’s
dominant
802.11
standard
Growing
rapidly
25. 5-25
Specific 802.11 Wireless LAN
Standards
Characteristic 802.1
1
802.11a 802.11b 802.11g 802.11n 802.11ac
Rated Speed 2
Mbps
54
Mbps
11
Mbps
54
Mbps
100 to
600
Mbps
433 Mbps
to
6.93 Gbps
Actual
Throughput,
3 m
1
Mbps
25
Mbps
6 Mbps 25
Mbps
70-80
Mbps
Closer to
rated
speed
than
earlier
standards
Actual
Throughput,
30 m
? 12
Mbps
6 Mbps 20
Mbps
50
Mbps
70-100
Mbps
26. 5-26
Specific 802.11 Wireless LAN
Standards
• 802.11g
– Obsolete today
– 54 Mbps rated speed with much slower throughput
– Generally sufficient for Web browsing
– Inexpensive
– All access points support it
27. 5-27
Specific 802.11 Wireless LAN
Standards
• 802.11n
– Uses MIMO to give higher throughputs and longer
transmission distances
– Also uses 40 MHz channels instead of normal 20 MHz
802.11 channels to further increase throughput
– 100 Mbps throughputs are common
– Today, the dominant 802.11 standard
– 802.11ac growing, the wave of the future.
28. 5-28
Mesh Wireless Network
In mesh wireless networks, the access points do all routing
There is no need for a wired network
The 802.11s standard for mesh networking is under development
In mesh wireless networks, the access points do all routing
There is no need for a wired network
The 802.11s standard for mesh networking is under development
31. 5-31
WLAN Security Threats
• Drive-By Hackers
– Sit outside the corporate premises and read network
traffic
– Can send malicious traffic into the network
– Easily done with readily available downloadable
software
• War Drivers
– Merely discover unprotected access points—become
drive-by hackers only if they break in
32. 5-32
802.11 Core Security Standards
• Provide Security between the Wireless Station and
the Wireless Access Point
– Client (and perhaps access point) authentication
– Passes key to client
– Subsequent encryption of messages
for confidentiality
Authentication
Protected
Communication
33. 5-33
802.11 Core Security Standards
• Protection Does Not Extend Beyond Access Point
– Only protects the wireless client—access point
connection
Protected
Communication
No Protection
34. 5-34
802.11 Core Security Standards
• Wired Equivalent Privacy (WEP)
– Initial rudimentary core security provided with 802.11 in
1997
– Everyone shared the same secret encryption key, and
this key could not be changed automatically
– Because secret key was shared, it does not seem to be
secret
• Users often give out freely
– Key initially could be cracked in 1–2 hours; now can be
cracked in 3–10 minutes using readily available software
35. 5-35
802.11 Core Security Standards
• Wireless Protected Access (WPA)
– The Wi-Fi Alliance
• Normally certifies interoperability of 802.11
equipment
– Certified products get to use the Wi-Fi logo
• Created WPA as a stop-gap core security standard
in 2002 until 802.11i was finished
36. 5-36
802.11 Core Security Standards
• 802.11i (WPA2)
– Uses AES-CCMP with 128-bit keys for confidentiality and
key management
– Gold standard in 802.11 core security
– But companies have large installed bases of WPA-
configured equipment
– Now that WPA has been partially cracked,
companies should upgrade to 802.11i
37. 802.11 Security in 802.1X and PSK
Modes
• 802.1X Mode
– Uses a central authentication server for consistency
– Wi-Fi Alliance calls this enterprise mode
– Both WPA and 802.11i use 802.1X mode
5-37
38. 802.11 Security in 802.1X and PSK
Modes
• 802.1X Mode
– However, with wireless transmission, protection is
needed between the wireless supplicant and the access
point because radio transmissions are easy to tap
5-38
39. 5-39
WLAN Security Threats
• Rogue Access Points
– Unauthorized access points that are set up by a
department or an individual
– They often fail to implement core security
– This gives drive-by hackers free access to the internal
network, bypassing both the border firewall and access
point security
– Often operate at high power, attracting many hosts to
their low-security service
40. 5-40
Evil Twin Access Point
An attacker makes his or her computer act as an access point.
It operates at very high power.
Victim wireless clients within the victim building
associate with the evil twin access point
instead of with a legitimate access point within the building.
An attacker makes his or her computer act as an access point.
It operates at very high power.
Victim wireless clients within the victim building
associate with the evil twin access point
instead of with a legitimate access point within the building.
41. 5-41
Evil Twin Access Point
1. The victim sends its authentication credentials to the evil twin.
2. The evil twin passes the credentials on to the legitimate access point.
3. The legitimate access point sends back a secret key.
4. The evil twin remembers the key, then sends it to the client.
42. 5-42
Added Wireless Protection: VPNs and
VLANs
• Virtual Private Networks (VPNs)
– VPN protection defeats evil twins because the two
devices preshared a key that is never transmitted
EAP Protected
Communication VPN Protection
Preshared
VPN
Key
Preshared
VPN
Key
Frustrated
Evil Twin
43. 5-43
Added Wireless Protection: VPNs and
VLANs
• Virtual LANs (VLANs)
– With VLANs, clients can only talk to some servers
– Wireless clients who first come can be assigned to a
VLAN in which they can only connect to a single server-
an authentication server
– When the client authenticates itself to the authentication
server, they are taken off the restrictive VLAN
Pre-
Authentication
VLAN
Rest of
the network
Authentication
Server