Wireless Networking
Download
1 / 119

- PowerPoint PPT Presentation


  • 276 Views
  • Updated On :

Wireless Networking. Is Wireless in Your Future? LAN’s, WAN’s, and Digital Canopies. Ray Curci Sr. Network Engineer Hayes Computer Systems. Outline. Introduction RF Bands 802.11b WLAN IN-BUILDING WLAN BUILDING-BUILDING Equipment Site Survey Security Future. INTRODUCTION.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - erika


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Wireless Networking

  • Is Wireless in Your Future?

  • LAN’s, WAN’s, and Digital Canopies

Ray Curci

Sr. Network Engineer

Hayes Computer Systems


Slide2 l.jpg

Outline

  • Introduction

  • RF Bands

  • 802.11b

  • WLAN IN-BUILDING

  • WLAN BUILDING-BUILDING

  • Equipment

  • Site Survey

  • Security

  • Future



What is a wireless lan l.jpg
What is a Wireless LAN?

Ethernet

10/100 Mbps Shared Bandwidth (CSMA/CD)

Hub/ Switch

Internet

Ethernet

11 Mbps Shared Bandwidth (CSMA/CA)

Access Point


Wlan product categories l.jpg

In-Building WLANs

WLAN Product Categories

Building-to-Building WLANS


Two different implementations of wireless lan technology l.jpg

Wireless Bridging

LAN-to-LAN connectivity

Wireless Networking

Mobile user connectivity

Two Different Implementations of Wireless LAN Technology


High speed access anywhere anytime l.jpg
High-Speed Access Anywhere, Anytime

Ethernet Everywhere

At Home

At School

On the Road

At Work

Environments

Solutions and Building Blocks

Wireless

Switches

Security

Access

Ethernet Technologies

Layer 3

Switched

Ethernet

Wireless

Ethernet

10/100

Ethernet

Gigabit

Ethernet

Long-Reach

Ethernet


Local area network lan l.jpg
Local Area Network (LAN)

Wireless LAN (WLAN) as an extension to wired LAN

Hub

Hub

Access Point

Server

Switch

Internet

Work Group Bridge


Typical wlan topologies l.jpg
Typical WLAN Topologies

Wireless “Cell”

Wireless “Cell”

Channel 1

Channel 6

LAN Backbone

Access Point

Access Point

Wireless Clients

Wireless Clients


Wireless repeater topology l.jpg
Wireless Repeater Topology

Wireless Repeater “Cell”

Channel 1

LAN Backbone

Channel 1

Access Point

Access Point

Wireless Clients


Work group bridge application l.jpg
Work Group BridgeApplication

Access Point

Hub

WGB

Server



Ism unlicensed frequency bands l.jpg

902-928 MHz

26 MHz

2.4 – 2.4835 GHz

83.5 MHz

(IEEE 802.11)

5 GHz

(IEEE 802.11)

HyperLAN

HyperLAN2

ISM Unlicensed Frequency Bands

Short Wave Radio

FM Broadcast

Infrared wireless LAN

AM Broadcast

Television

Audio

Cellular (840 MHz)

NPCS (1.9GHz)

Extremely

Low

Very

Low

Low

Medium

High

Very

High

Ultra

High

Super

High

Infrared

Visible

Light

Ultra-

violet

X-Rays


900 mhz vs 2 4 ghz vs 5 ghz l.jpg
900 MHz vs. 2.4 GHz vs. 5 GHz

900 MHz band

2.4 GHz band

5 GHz band

Global market

IEEE 802.11

Higher data rates (10+ Mbps)

Global market

IEEE 802.11

Higher data rates (20+Mbps)

Greater range than 2.4 GHz band ( for in- building LANs)

PROs

Much less Range than 900 MHz or 2.4 GHz

Higher cost RF components

Large antenna required

Maximum data rate 1 Mbps

Limited bandwidth

Crowded band

Less range than 900 MHz (for in-building LANs)

CONs


What is spread spectrum rf technology l.jpg
What Is Spread Spectrum RF Technology?

  • Data sent over the air waves

  • Two-way radio communications (half duplex)

  • Cisco designs and manufactures its own radios

  • Same radio frequency for sending & receiving (transceiver)

  • No licensing required for Cisco Aironet Wireless products



Ieee 802 11 standard l.jpg
IEEE 802.11 Standard

  • IEEE 802.11 became a standard in July 1997

    • Infrared

    • RF

  • Two RF technologies defined:

    • Direct sequence spread spectrum - 1 Mbps and 2 Mbps

    • Frequency hopping spread spectrum - 1 Mbps and 2 Mbps

  • IEEE 802.11b became a standard in September 1999

    • Only one RF technology defined- DSSS at 5.5 Mbps & 11 Mbps

  • 802.11 defines a high-performance radio

  • 802.11 promises “true” vendor interoperability (over the air)


Interoperability l.jpg
Interoperability

  • 802.11 covers RF connectivity, association processes, and modulation schemes

    • Does not cover AP-to-AP connectivity over the wired network, roaming, load balancing, or repeaters

    • These features are vendor specific and proprietary

    • Choose a single vendor for the wireless backbone


Cisco radio technology l.jpg
Cisco Radio Technology

  • Direct Sequence Spread Spectrum (DSSS)

    • 2.4 GHz

    • One piece PCMCIA radio product

    • 1, 2, 5.5 and 11 Mbps

    • Fully 802.11 compliant at all speeds


Spread spectrum approaches l.jpg

POWER

Frequency not used

Frequency not used

1 Sec

TIME

1 Mw

100 Mw

1 Ms

Mhz

Mhz

22

2.402 GHz

FREQUENCY

2.483 GHz

Spread Spectrum Approaches

Direct Sequence Frequency Hopping

Both technologies are viable.


Channels 802 11 ds l.jpg
Channels- 802.11 DS

Channel

10

5

4

9

  • (11) 22 MHz wide stationary channels

  • X “chips per bit” means each bit sent redundantly

  • 11 Mbps data rate

  • 3 non-overlapping channels

  • 3 Access Points can occupy same area

3

8

2

7

1

11

6

2400

2437

2483

Frequency


Frequency hopping l.jpg
Frequency Hopping

9

8

7

6

Time

5

  • A total of 79 channels, available

  • Changes frequency (hops) at least every 0.4 seconds

  • Synchronized hopping required

4

3

2

1

2.400 GHz

2.483 GHz

Frequency


Ds vs fh a summary on interference handling l.jpg

Frequency Hopping

Direct Sequence

2.4835 GHz

3

2.4835 GHz

Channel 11

2

Channel 6

Frequency

Frequency

1

Channel 1

2.400 GHz

2.400 GHz

DS vs. FH: A Summary on Interference Handling

Time

  • FH system hops around interference

  • Lost packets are re-transmitted on next hop

  • Data may be decoded from redundant bits

  • Can move to an alternate channelto avoid interference


Access point coverage l.jpg
Access Point Coverage

1Mbps DSSS

2 Mbps DSSS

5.5 Mbps DSSS

11 Mbps DSSS


Moduation profiles l.jpg
Moduation Profiles

1 Mbps DBPSK Diff Binary Phase Shift Keying2 Mbps DQPSK Diff Quad Phase Shift Keying

5.5 Mbps CCK Complementary Code Keying

11 Mbps CCK Complementary Code Keying

Higher data rates use less reliable modulation profiles and require stronger received signal strength to operate properly. Tradeoff between speed and reliability.

Minimal Required Signal Strength for Aironet 350:

1 Mbps -94 dBm

2 Mbps -91 dBm

5.5 Mbps -89 dBm

11 Mbps -85 dBm


Scalability with direct sequence l.jpg
Scalability With Direct Sequence

Blue = 11Mb

Total Bandwidth=33Mb!!!

Green = 11Mb

Red = 11Mb


Channel setup l.jpg

Channel 1

Channel 11

Channel 6

Channel 11

Channel 6

Channel 6

Channel 1

Channel 11

Channel 1

Channel 11

Channel Setup

Site Survey Channel Example


Access point coverage data rate shifting review l.jpg
Access Point Coverage & Data Rate Shifting Review

1 Mbps DSSS

2 Mbps DSSS

5.5 Mbps DSSS

11 Mbps DSSS


Multi rate implementation l.jpg

2 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps

Multi-rate Implementation

Site Survey Bandwidth Example


350 100mw cell size comparison l.jpg
350 (100mW)Cell Size Comparison

100 milli-Watt client and Access Point range capabilities

11 Mbps DSSS

100-150 feet radius

5.5 Mbps DSSS

150-250 feet radius

2 Mbps DSSS

250-350 feet radius



Scalability requirements for wlans l.jpg
Scalability Requirements for WLANs

  • Robust roaming for seamless handoff between access point

  • Centralized user-based authentication

  • Dynamic WEP key distribution and management

  • Subnet roaming

  • Client support for all popular operating systems


Wlan topologies l.jpg
WLAN Topologies

Multiple AP’s with roaming

Redundant WLAN

Wireless Repeaters


Rate shifting l.jpg
Rate Shifting

  • Survey performed at each data rate

  • Coverage cell for each rate mapped

  • Higher rates – shift to proper areas

  • Lower rates – overlap and frequency

2 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

11 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

5.5 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps

2 Mbps


Wireless office l.jpg
Wireless Office

Maximum Coverage

Auto Rate Negotiation

Wireless Mobile Workers

DiPole Antennas

AP’s on Isolated LAN with PIX

Class 1

1

6

11

1

Office 1

Office 2

Office 3

Office 4

Office 5

Office 6

Office 7

Office 8

850’

Hallway

Office 9

Office 10

Office 11

Conference Room

Break Room

11

1

6

11

2000’


Indoor outdoor coverage l.jpg
Indoor/Outdoor Coverage

Maximum Coverage

Auto Rate Negotiation

Wireless for Mobile Workers

DiPole Indoor, Patch Outdoor

AP’s on Isolated LANwith PIX

11

1

6

Office 1

Office 2

Office 3

Office 4

850’

Hallway

Break Room

Conference Room

11

1

6

Building

Courtyard

1000’

1000’


Warehouse design sample l.jpg

1

11

6

1

6

1

11

6

Warehouse Design Sample

Maximum Coverage

Auto Rate Negotiation

Cabling Available to Middle of Room

High Gain Mast Mount Antennas

850’

2000’


Slide38 l.jpg

WLAN

BUILDING-TO-BUILDING


Slide39 l.jpg

Objectives

  • Upon completion of this chapter, you will be able to perform the following tasks:

    • Determine the feasibility of installing a wireless bridge link.

    • Explain why a wireless bridge may be a better solution than other alternatives.

    • Determine the maximum distance that can be achieved using wireless bridges with given antennas and extension cables.

    • Protect a wireless bridge installation against a lightning strike.



Wireless bridge alternatives l.jpg
Wireless Bridge Alternatives

Medium

Drawbacks

Monthly costs

Phone lines

Slow

Installation costs

Extra equipment needed

(56K, T1)

Installation costs

Physical barriers may preclude

Cable

Inflexible

FCC Licensing required

Microwave

Difficult installation

High cost


Point to point configuration l.jpg
Point-to-Point Configuration

Building A

Building B

Optional

Antenna

Optional

Antenna

0 to 25 miles

(line of sight)

Bridge

Ethernet


Point to multipoint configuration l.jpg
Point-to-Multipoint Configuration

Ethernet

Building A

Bridge

Omni-directional Antenna

Building B

Building C

Directional

Antenna

Directional

Antenna


Optional antennas for long range l.jpg
Optional Antennas for Long Range

13.5dBi Yagi

Distances over

6.5miles @ 2Mbps and

2miles @11Mbps

21dBi Solid Dish

For distances up to

25+ miles @ 2Mbps

11.5miles @ 11Mbps

Note: Distances include 50 feet of low loss cable and 10dB fade margin


Common questions l.jpg

340 Wireless Bridge

How Fast?

Max data rate

11 Mbps

2 Mbps

Typical throughput

5.5 Mbps

1.4 Mbps

How Far? (at MAX rate)

2 Miles

6.5 miles

Yagi antenna

Dish antenna

11.5+ Miles

25+ miles

Common Questions


Bridge application school district l.jpg

Channel #1

Channel #6

Channel #11

Bridge Application: School District

Richardson

Elementary

Yagi

Weaver-

Special Education

Dish

Roberts

Middle School

Dish

High School 2 Bridges

One 12dB omni

One Dish

Bode

Elementary

Yagi

Lincoln

Elementary

Yagi

Administration

2 Bridges

One 12dB omni

One Yagi

Bolich

Middle School

Yagi

Price

Elementary

Yagi

Dewitt Elementary

Yagi


Lightning l.jpg

Bridge

Ethernet

Lightning

  • Static Electricity

    • Wind

    • Nearby Strikes


Path loss considerations l.jpg

22 miles?

Path Loss Considerations

How far will it go?


Calculations of coverage performance l.jpg
Calculations of Coverage Performance

Coax Length

100ft?

Towers needed to

clear trees and

other buildings

Coax Length

150ft?

Wants 11Mb datarate

Distance =13miles



Line of sight l.jpg
Line of Sight

The following obstructions might obscure a visual link:

  • Topographic features, such as mountains.

  • The curvature of the Earth.

  • Buildings and other man-made objects

  • Trees

Line of site!


Longer distances l.jpg
Longer Distances

  • Line of Sight disappears at 6 miles due to the earth curve


Fresnel zone l.jpg
Fresnel Zone

  • Fresnel Zone


Improving fresnel effect l.jpg
Improving Fresnel Effect

Improve the Fresnel effect:

  • Raise the antenna

  • New structure

  • Existing structure

  • Different mounting point

  • Remove trees


Site to site fresnel zone l.jpg
Site to Site Fresnel Zone

  • Antenna Height

    • Fresnel zone consideration

    • Line-of-Sight over 25 miles hard to implement

Antenna Height (Value “H”)

Total Distance

Fresnel @ 60% (Value “F”)

Earth Curvature (Value “C”)


Antenna alignment l.jpg
Antenna Alignment

Line of Sight




Antenna installation l.jpg
Antenna Installation

Towers and antennas may require permits and must meet local regulations.



Cisco aironet 1200 series access points other features l.jpg
Cisco Aironet 1200 Series Access Points – other features

  • Wi-Fi certified–11Mbps data rate

  • Up to 100 mW output power

  • Aluminum case for plenum rating; UL 2043 certified;extended operating temperature (-20 to 55 C)

  • 2 separate locking mechanisms


Cisco aironet 350 series access points l.jpg
Cisco Aironet 350 Series Access Points

  • Same great features of 1200 series in a static platform

  • Affordable cost point to meet all budget requirements

  • Reliable interoperability with 1200 series 802.11b solutions

  • Software upgrade path for future software enhancements

  • Dynamic WEP Security


Cisco aironet 350 client adapters l.jpg
Cisco Aironet 350 Client Adapters

  • PCMCIA card for Laptops and PDAs

  • PCI adapter for Desktops

  • Mini-PCI for embedded applications

  • Driver Support

    • Windows 95, 98, Me, NT 4.0, 2000, XP

    • Windows CE 2.11, 3.0 (Pocket PC)

    • Linux

    • Mac OS 9, X

  • Utilities include user configuration and site survey tool for simple installation and upgrade

  • Workgroup Bridge


350 series wireless bridge l.jpg
350 Series Wireless Bridge

  • Building-to-building links of up to 25 miles (40.2 km)

  • Flexibility: point-to-point and point-to-multipoint

  • Metal case for durability and plenum rating; UL 2043 certified

  • In-line power; simplified installation tools; industry-leading receive sensitivity

  • Management capabilities:

    • SNMP, Telnet, FTP, HTML

    • 802.1d spanning tree


Aironet 1200 ethernet in line power l.jpg

Power

Power

Aironet 1200Ethernet In-Line Power

Aironet 350 uses Ethernet in-line power ONLY

Eliminates need for local power and AC infrastructure cost

Draws in-line power from edge devices

(-48 Volts)

Catalyst power switches support device discovery mode

No Power

  • Ethernet In-line Power Source:

  • Aironet Power Injector

  • Ethernet In-line Power Source:

  • Catalyst 3524 Power Switch

  • Catalyst 6000 Power Blade

  • Catalyst 4000 Power Blade

  • 48 Port Power Patch Panel


Cisco aironet antennas l.jpg
Cisco Aironet Antennas

Directional

  • Patch

  • Yagi

  • Dish

  • Omni Directional

  • Dipole

  • Mast mount

  • Ceiling mount

  • Ground plane


2 4ghz omni directional antennas l.jpg

2.2dBi Dipole “Standard Rubber Duck”

Cisco Aironet Part # AIR-ANT4941

2.4Ghz Omni-Directional Antennas


2 4ghz omni directional antennas68 l.jpg
2.4Ghz Omni-Directional Antennas

  • 12dBi Omni Directional (Outdoor only)

  • Cisco Aironet Part # AIR-ANT4121


2 4ghz directional antennas l.jpg
2.4Ghz Directional Antennas

  • 3dBi Patch Antenna – 65 degree

  • Cisco Aironet Part # AIR-ANT3195


2 4ghz directional antennas70 l.jpg
2.4Ghz Directional Antennas

  • 13.5dBi Yagi Antenna – 25 degree

  • Cisco Aironet Part # AIR-ANT1949


2 4ghz directional antennas71 l.jpg
2.4Ghz Directional Antennas

  • 21dBi Parabolic Dish Antenna – 12 degree

  • Cisco Part # AIR-ANT3338


Beam mounting l.jpg
Beam Mounting

  • Zip ties

  • 2x4 secured with beam clamps

  • Mounting bracket secured with beam clamps

  • Mount antenna in same position they were surveyed


Antenna mounting l.jpg
Antenna Mounting

  • Some antennae not shipped with mounting brackets

  • Modify brackets to fit your needs

  • Modified brackets can be used with a variety of antennae

  • Be creative

Mast Mount

Patch

Ceiling Mount


Antenna mounting74 l.jpg
Antenna Mounting

  • Sometimes antennae are mounted in unusual ways

  • Specify in your report exactly how the antenna is to be mounted


Nema enclosures l.jpg

Bulkhead Extender (Part #AIR-ACC2537-018 [18 inch], AIR-ACC2537-060 [60 inch])

External Antenna Connector

NEMA Enclosures

Mounting plate with standoffs

Electrical Workbox


Slide76 l.jpg

SITE SURVEY AIR-ACC2537-060 [60 inch])


Lab 2b acu site survey cont d l.jpg
Lab 2B – ACU Site Survey (cont’d) AIR-ACC2537-060 [60 inch])


Rf propagation l.jpg
RF Propagation AIR-ACC2537-060 [60 inch])

  • Radio waves are reflected just like light waves

  • Can reduce the reflected waves by using directional antennae


Rf propagation79 l.jpg
RF Propagation AIR-ACC2537-060 [60 inch])

  • Waves 1800 out of phase will create a “null” or dead spot

  • Use diversity antennae to help overcome nulls

  • When using a single antenna, change the antenna location to overcome the null

Nulls


Rf propagation80 l.jpg
RF Propagation AIR-ACC2537-060 [60 inch])

  • If the RF wave is unable to pass through an object, it may suffer from Diffraction

  • Diffraction creates RF “shadows”

Shadow


Site survey l.jpg
Site Survey AIR-ACC2537-060 [60 inch])


Site survey82 l.jpg
Site Survey AIR-ACC2537-060 [60 inch])


Site survey83 l.jpg
Site Survey AIR-ACC2537-060 [60 inch])


Channel selection l.jpg
Channel Selection AIR-ACC2537-060 [60 inch])

AP 5

Channel 6

AP1

Channel 1

AP 3

Channel 11

AP 4

Channel 1

AP 2

Channel 6

AP 6

Channel 11


Data rates l.jpg
Data Rates AIR-ACC2537-060 [60 inch])

Surveyed at 5.5Mb

Surveyed at 2Mb


Interference cont d l.jpg
Interference (cont’d) AIR-ACC2537-060 [60 inch])

Cardboard

Paper

Wood

Firewalls

Fluorescent Lighting

Microwave Ovens

Electrical Transformers


Why would i want a site survey l.jpg
Why would I want a Site Survey? AIR-ACC2537-060 [60 inch])


Customer assistance l.jpg

WLAN AIR-ACC2537-060 [60 inch])

RF

Throughput?

Where?

Coverage

How many?

WiredAve.

Wireless Blvd.

Customer Assistance


Slide89 l.jpg

SECURITY AIR-ACC2537-060 [60 inch])


Older security methods l.jpg
Older Security Methods AIR-ACC2537-060 [60 inch])

  • Older forms of security on WLANs

    • SSID

    • Authentication controlled by MAC


802 11 security l.jpg
802.11 Security AIR-ACC2537-060 [60 inch])

  • WEP (Wired Equivalency Privacy)

    • 40 bit keys

    • 128 bit keys

    • Part of the association process

    • WEP uses the RC4 stream cipher of RSA Data Security, Inc. (RSADSI) for encryption.


802 11 open authentication l.jpg

Access AIR-ACC2537-060 [60 inch])

Point

A

Access

Point

B

802.11 Open Authentication

Steps to Authentication:

Client sends probe.

AP sends Probe Response.

Client evaluates AP

response, selects best AP.

Client sends authentication

request to selected AP (A).

AP A confirms authentication

and registers client.


802 11 shared key authentication l.jpg

Access AIR-ACC2537-060 [60 inch])

Point

B

Access

Point

A

802.11 Shared Key Authentication

  • Steps to Authentication:

  • Steps 1 - 3 are the same as Open Authentication

    • AP A confirms authentication

    • and sends unencrypted test

    • packet.

    • Client encrypts packet and

    • returns to AP. AP checks encryption against WEP key.

    • Correct WEP key is allowed on

    • the network. Incorrect WEP key

    • is not not allowed to associate.


Configuring wep keys cont l.jpg

Header: AIR-ACC2537-060 [60 inch]) Use Key3

Data: Encrypted using KEY3

Trailer

Trailer

Data: Encrypted using KEY2

Header: Use Key2

Configuring WEP Keys (cont.)

Key1=1234……Key2=5678……Key3=9012……Key4=3456……

Key1=1234……Key2=5678……Key3=9012……Key4=3456……


802 11 security issues l.jpg
802.11 Security Issues AIR-ACC2537-060 [60 inch])

  • SSID (Service Set Identifier)

    • 32 ASCII character string

    • Under 802.11, any client with a ‘NULL’ string will associate to any AP regardless of SSID setting on AP

    • This should not be considered a security feature


802 11 security issues cont l.jpg
802.11 Security Issues (cont.) AIR-ACC2537-060 [60 inch])

  • Assumes threat is “outside” the LAN

  • Hardware Theft

  • Rogue APs


802 11 security issues cont97 l.jpg
802.11 Security Issues (cont.) AIR-ACC2537-060 [60 inch])

  • Authentication is one-way

  • No way to dynamically generate keys

  • No integration with existing network authentication methods on LAN

  • Keys are static


802 11 security issues cont98 l.jpg
802.11 Security Issues (cont.) AIR-ACC2537-060 [60 inch])

  • Authentication is device-based

  • No method for account auditing


802 1x l.jpg
802.1x AIR-ACC2537-060 [60 inch])

  • 802.1x is an IEEE Standard in progress for Port Based Network Access Control

    • EAP

    • Improved user authentication: username and password

    • Dynamic, session-based encryption keys

    • Centralized user administration


802 1x advantages for wlans l.jpg
802.1x advantages for WLANs AIR-ACC2537-060 [60 inch])

  • Extensible authentication support

    • EAP designed to allow additional authentication methods to be deployed with no changes to the AP or client NIC

    • Password authentication

    • One-Time Passwords

    • Smartcard authentication and Security Dynamics


Eap and leap l.jpg
EAP and LEAP AIR-ACC2537-060 [60 inch])

  • Operating systems with native EAP support:

    • Windows 2000, CE

  • Cisco LEAP Authentication type

    • Legacy Operating Systems

    • Quick support on multitude of host systems

    • Implementation reduces support requirements on host systems


Improved security cont l.jpg
Improved Security (cont.) AIR-ACC2537-060 [60 inch])

Session Keys


802 1x protocol in wlan environment l.jpg

Very scalable AIR-ACC2537-060 [60 inch])

Strong Authentication

Transparent Roaming

Better multicast capability

Standards based solution

5

4

3

1

2

802.1X Protocol in WLAN Environment

Very scalable

Supports a variety of authentication types (EAP-TLS, EAP-LEAP, biometrics, etc.)

Standards based solution

Centralized policy control

~

Encrypted

WEP

Other network servers

And services

Access Point

Wireless

Client

Authentication Server

~

  • User requests access. AP prevents network access.

  • Encrypted credentials sent to authentication server.

  • Authentication server validates user, grants access rights.

  • AP Port enabled and dynamic WEP keys are assignedto client (encrypted).

  • Wireless client can now access general network services securely.


802 1x authentication process l.jpg
802.1x Authentication Process AIR-ACC2537-060 [60 inch])

AP

RADIUS server

client

Start

AP blocks all requests until authentication completes

Request identity

identity

identity

RADIUS server authenticates client

Client authenticates RADIUS server

Derive

key

Derive

key

broadcast key

AP sends client broadcast key, encrypted with session key

key length


Comparison between aironet dynamic wep and vpn solutions in intranets l.jpg

Enterprise AIR-ACC2537-060 [60 inch]) Intranet

Comparison between Aironet Dynamic WEP and VPN solutions in intranets

Cisco offers BOTH solutions!

  • VPN Solution

    • 3DES, end-to-end security

    • Somewhat less scalable

    • More expensive

    • Works with Aironet solution

    • No mobility between VPN Concentrators; roaming latency

    • Loss of QoS insight

  • Aironet Dynamic WEP & Enhanced Security Suite

    • Encryption only between client and AP

    • Highly scalable

    • Less expensive

    • Seamless mobility between profiles and locations

    • End-to-end QoS integration

VPN at the office

Secure VPN connection

VPN Server

Application Servers

VLAN

Access Point

Local Network

ACS RADIUS Server

Aironet Dynamic WEP at the office


Cisco wireless security suite l.jpg

No AIR-ACC2537-060 [60 inch]) Security

Basic Security

Enhanced Security

Specialized Security

Public Access

Telecommuter and Small Business

Mid-Market and Enterprise

Mobile User andPublic Access

Cisco Wireless Security Suite

No WEP and Broadcast Mode

Wi-Fi 40-bit, 128-bit, and Static WEP

Dynamic Key Management System, Mutual Authentication, and 802.1x via EAP

End-to-end security using VPN


Assessing security requirements l.jpg
Assessing Security Requirements AIR-ACC2537-060 [60 inch])

  • Analyze your business environment

  • Perform your risk assessment

  • Determine your Cisco wireless security profile ….

  • Security =

  • Authentication + Encryption


Slide108 l.jpg

FUTURE AIR-ACC2537-060 [60 inch])


Wireless lan technologies l.jpg
Wireless LAN Technologies AIR-ACC2537-060 [60 inch])

802.11b

802.11g

HiperLAN2

802.11a

Freq.

Band

2.4 GHz

2.4 GHz

5 GHz

5 GHz

Worldwide

(subject to approval)

Worldwide

Coverage

US/AP (initially)

Europe

20-54 Mbps

(??)

1-11 Mbps

(now)

<54 Mbps

(?? mths)

20-54 Mbps (now)

100+Mbps (future)

Data

Rate

The Laws of Radio Dynamics:

Higher data rates = shorter transmission range

Higher power output = increased range, but lower battery life

Higher frequency radios = higher data rates, shorter ranges


Ieee 802 11 standard activities l.jpg
IEEE 802.11 Standard Activities AIR-ACC2537-060 [60 inch])

  • 802.11a- 5GHz- ratified in 1999

  • 802.11b- 11Mb 2.4GHz- ratified in 1999

  • 802.11d- Additional regulatory domains

  • 802.11e- Quality of Service

  • 802.11f- Inter-Access Point Protocol (IAPP)

  • 802.11g - Higher Data rate (>20mBps) 2.4GHz

  • 802.11h- Dynamic Frequency Selection and Transmit Power Control mechanisms

  • 802.11i- Authentication and security


Understanding the 5 ghz spectrum l.jpg

5GHz AIR-ACC2537-060 [60 inch])

UNII Band

5.15

5.25

5.35

5.470

5.725

5.825

Understanding the 5 GHz Spectrum

4 Ch

4 Ch

11 Ch

4 Ch

US (FCC)

12 Channels

(*can use up to

6dBi gain antenna)

UNII-1

40mW

UNII-2

200mW

UNII-3

800mW

Europe

19 Channels

(*assumes no

antenna gain)

200mW

1W

UNII-1: Indoor Use, antenna must be fixed to the radio

UNII-2: Indoor/Outdoor Use, fixed or remote antenna

UNII-3: Outdoor Bridging Only

*if you use a higher gain antenna, you must reduce the transmit power accordingly


Characteristics of 802 11a l.jpg
Characteristics of 802.11a AIR-ACC2537-060 [60 inch])

  • Orthogonal Frequency Division Multiplexing (OFDM)

    • Data rates supported: 54, 48, 36, 24, 12 & 6Mbps

    • Can “downshift” to lower data rates for longer range

  • Compliant with FCC and Japanese regulations

    • Initial offering will not be available in EMEA & portions of Asia/Pacific

  • 5GHz band has more channels than 2.4GHz band

    • UNII-1 + UNII-2 = 8 non-overlapping channels

    • (vs. 3 channels for 2.4GHz)


Slide113 l.jpg

Wireless Networking AIR-ACC2537-060 [60 inch])

  • Questions?

Ray Curci

Sr. Network Engineer

Hayes Computer Systems


Slide114 l.jpg

Wireless Networking AIR-ACC2537-060 [60 inch])

EXTRA SLIDES GO HERE


Wlans internal and local campus l.jpg
WLANs – Internal and Local Campus AIR-ACC2537-060 [60 inch])

AP’s on Isolated LAN

with PIX

11

1

6

Class 1

Class 2

Class 3

Class 4

850’

Hallway

Class 8

Class 9

Class 10

Class 11

1

6

1

Building

Courtyard

1000’

1000’


Campus and community area network l.jpg
Campus and Community Area Network AIR-ACC2537-060 [60 inch])


The challenges 24 x 7 operation l.jpg

Standby AIR-ACC2537-060 [60 inch])

Primary

The Challenges: 24 x 7 operation

Where high availability applications are running critical applications:

  • Hot standby redundancy

    • Both APs have same configuration

    • Standby AP continually monitors primary AP

    • If primary AP goes down, standby AP automatically takes over


Wlan topologies cont d l.jpg
WLAN Topologies (cont’d) AIR-ACC2537-060 [60 inch])

  • Sometimes the limitations of the wired network may decide how you design your WLAN

    • Knowledge of wired LANs allows you to be creative in your WLAN design. This means a superior design for your customer

    • Know your wired and wireless alternatives


Deployment requirements for wlans l.jpg
Deployment Requirements for WLANs AIR-ACC2537-060 [60 inch])

  • Site survey tools

  • Trained partners

  • World mode for auto localization

  • Wide selection of antennas

  • Broad client and OS support

  • In-line power

  • Plenum-rated access point