Beruflich Dokumente
Kultur Dokumente
0. Welcome
Floor Plan
Information
Messages on the door. Wireless access.
User and password Telindus Reception (Floor 0)
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards 802.1x framework
Business Ready
Voice, Video, Data
Mobile Data
Email Web browsing
Point Applications
Inventory Management Barcode Scanning
802.11n
300 Mbps
802.11ag
54 Mbps
802.11b
11 Mbps
802.11
2 Mbps
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 8
IEEE 802.11g (2000): 5.5, 11, 54 Mbps IEEE 802.11n (sept. 2009): up to 600 Mbps?
UMTS
HSPDA
LTE
ETSI
European Telecommunications Standards Institute
Hyperlan (instead of 802.11a)
IEEE
Institute of Electrical and Electronics Engineers
802.11a, 802.11b, 802.11g, 802.11i, 802.11e 802.3AF
BIPT
Belgian Institute for Postal services and Telecommunications
http://www.wi-fi.org/ http://www.wi-fizone.org/
Guest access
Wifi phones
Environment specific
Healthcare Education Retail
Ad-hoc networks
Independent Basic Service Set (IBSS) Exists as soon as two wireless devices communicate Limited in number of devices due to collision and organization issues
Ad-hoc architecture
Infrastructure mode
Infrastructure Basic Service Set (BSS) The AP functions as a translational bridge between 802.3 wired media and 802.11 wireless media.
Wireless cell
DS
DS
Channel 1 Channel 6
Mesh
Devices are connected with redundant connection between nodes; no
single point of failure
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards 802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 23
Wireless spectrum
Wireless networks use RF signals.
Radio frequencies are electromagnetic waves. Spectrum defines wave sizes, grouped by categories. Wireless network radio range is in the microwave segment.
Wireless Data
902-928 MHz 26 MHz 2.4-2.4835 GHz 85 MHz 5.725-5850 GHz 125 MHz
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 25
1876
James Clerck Maxwell develops the theory that predicts the existence of electro-magnetic waves
1886
Heinrich Hertz demonstrates the existence of electro-magnetic waves
1901
Marconi transmits the letter S across the Atlantic Ocean
Modulator
f c
Modulator
Amplifier
Amplifier
AC and subsequent frequency changes are described as a Sine Wave Radio waves move at a speed of about 299,792 km per second
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 27
Frequency
The frequency determines how often a signal is seen. One cycle per second equals 1 Hz. Low frequencies travel farther in the air than high frequencies.
Wavelength
The signal generated in the transmitter is sent to the antenna.
The movement of the electrons generates an electric field, which is the electromagnetic wave.
The size of the cycle pattern is called the wavelength.
Amplitude
Amplitude is the vertical distance, or height, between crests. For the same wavelength and frequency, different amplitudes can exist. Amplitude represents the quantity of energy injected in the signal.
Attenuation
the shorter the wavelength of a wireless signal, the more it is attenuated
Multipath
Obstacles cause the signal to bounce in different directions 1. 2. A part of the signal might go directly to the destination Another portion of the signal might bounce of a desk, ceiling,
Typical Reflectors
Line of Sight
Line of sight is necessary for good signal transmission. Earth curvature plays a role in the quality of outdoor links, even with a distance of a few miles (depending on the elevation of the transmitter and receiver). Visual obstacles may or may not prevent radio line of sight.
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 34
Fresnel zone
Outdoor point to point connection needs radio line of sight Fresnel zone
Is an elliptical area immediately surrounding the visual path Parameters depend on the frequency and length of direct line
Fresnel Zone
Decibels
Compares powers, originally sounds 0 dB = same power 3 dB = twice the power -3 dB = half the power 10 dB = 10 x the power -10 dB = 1 tenth of the power
dBm
Used for AP transmitters Same scale as the other dB 0 dBm = 1 mW 30 dBm = 1 W
- 20 dBm = 0.01 mW
Antenna Principles
The radiation pattern describes coverage shape. RF radiation pattern is described by E-plane (elevation chart) and Hplane (azimuth chart). Expressed in dB.
180
180
Antenna Beamwidth
Horizontal Beam width
Antenna Polarization
Diversity
Dual antennas each receive a different signal
One may receive a bad signal while the other may receive a good signal Some wireless technologies use diversity to choose, on a per-client basis, which antenna to use to receive and which to answer.
3dB
6dB
3dB 6dB 12.4dB Remember! 3 dB = 12 the power in mW +3 dB = 2 times the power in mW 10 dB = 110 the power in mW +10 dB = 10 times the power in mW
Telec FCC
50 mW 30 mW
17 dBm 15 dBM
3 dBi 5 dBi
20 dBm 20 dBm
20 mW 5 mW 1 mW
WI-FI basics
Interference
PRESENTATION
This is WI-FI
SESSION
L4 L3
TRANSPORT NETWORK
Logical Link Control sublayer (LLC)
L2 L1
DATA LINK
PHYSICAL
Physical Medium Dependent (PMD)
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 53
Infrared
Narrow Band
OFDM
Direct Sequence
Frequency Hopping
DSSS: Idea
DSSS: Encoding
Each bit is transformed into a sequence, called chip or symbol. In this example, the chipping code is called Barker 11. Up to 9 bits can be lost.
2 Mhz
22 Mhz
I Channel Q Channel
0 1
0 0
1 0
1 1
DQPSK RF Carrier
B A D C
DBPSK
RF Carrier Symbols A: 0o Phase Shift B: 90o Phase Shift C: 180o Phase Shift D: 270o Phase Shift
PMD
Modulator
Amplifier
Spreading: Information signal (I.e. a symbol) is multiplied by a unique, high rate digital
code which stretches (spreads) its bandwidth before transmission.
PMD
Modulator
Amplifier
Correlator
At the receiver, the spread signal is multiplied again by a synchronized replica of the same
code, and is de-spread and recovered
Modulation
BPSK
BPSK
QPSK QPSK
187.5
250 375
9
12 18
Conceptual Illustration
S6
S4
S9
S15
JOHN CORDIER ACADEMY
1 2412
2406
2423
2431
7 2442
2436
2453
2461
13 2472
2483
2 2417
2411
2428
8 2447
2441
2458
3 2422
2416
2433
9 2452
2446
2463
4 2427
2421
2438
10 2457
2451
2468
Bottom of channel
5 2432
2426
2443
11 2462
2456
2473
6 2437
2448
12 2467
2478
2400 MHz
ISM Band
2484 MHz
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 64
UNII-1
UNII-2
UNII-3
DFS (Dynamic Frequency Selection) lets the device listen to what is happening in the airspace before picking a channel
Interference
Choosing a Channel
Choosing a Channel
??
??
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 71
RF Output power
dBm is measure of absolute power output Formula:
dbM = 10 log (Power in milliwatts)
Exs.
0 dBm = 1 mW (Bluetooth)
10 dBm = 10 mW 20 dBm = 100 mW (802.11, Phones) 30 dBm = 1 Watt (FCC Limit)
RF Propagation Loss
dB is a relative power measurement
Exs. (indoor)
2 Meters = 50 dB loss 4 meters = 60 dB loss 8 meters = 70 dB loss
Netstumbler
InSSIDer
Wi-Fi Inspector
A low RF signal does NOT mean poor communication A low signal quality DOES mean poor communication
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 77
Time
> 40dB SNR = Excellent signal (5 bars); always associated; lightening fast.
25dB to 40dB SNR = Very good signal (3 - 4 bars); always associated; very fast.
15dB to 25dB SNR = Low signal (2 bars); always associated; usually fast.
Bluetooth
Microwave ovens
radar
Motion detectors
2.4/5 GHz cordless phones
802.11b Signature
Arch ~22 MHz wide Centered on 802.11 channel
802.11g Signature
Flat Sloping shoulders ~18 MHz wide Centered on 802.11 channel
Change channels of AP
Ex. Microwave affecting some frequencies worse than others
Increase Tx Power of AP
Possibly use directional antenna to direct more power in desired areas.
Architecture
Site Survey
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards 802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 86
MULTIPATH =
MIMO Overview
Spatial Multiplexing
Tomorrow: MIMO on AP
Channel Bonding
Guard Interval
802.11n
Standard Approved
Sept. 1999
Sept. 1999
2009
Available Bandwidth
83.5 MHz
580 MHz
83.5 MHz
83.5/580 MHz
Frequency Band of Operation # Non-Overlapping Channels (US) Data Rate per Channel
2.4 GHz
5 GHz
2.4 GHz
2.4/5 GHz
24
3/24
1 11 Mbps
6 54 Mbps
1 54 Mbps
Modulation Type
DSSS, CCK
OFDM
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 104
Ad-hoc architecture
Infrastructure architecture
Bridged architecture
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 106
Cisco Aironet
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 108
Cisco Airespace
WI-FI Array
Mesh
Wireless VLANs.
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 113
802.11a/b/g Review
802.11b
Ratified in 1999
Operates in 2.4GHz spectrum Data Rates: 1, 2, 5.5, 11Mbps Available Channels: 11 (3 used)
802.11a
Ratified in 2000 Operates in 5GHz spectrum Data Rates: 6, 9, 12, 18, 24, 36, 48, 54Mbps Available Channels: 24 (19 used in EU)
802.11g
Ratified in 2000 Operates in 2.4GHz spectrum Data Rates: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54Mbps Available Channels: 11 (3 used)
JOHN CORDIER ACADEMY
-------------------------------------------------------------------------------------
802.11a Channels = 19
High Performance: 8 times the capacity Far less interference from cells on same channel More channels to avoid interference
SSID: data
One network has one SSID, can be installed over different access points An Access point can have more then one SSID
SSID: data
SSID: voice
www.jcacademy.com | Telindus 2012 | slide 119
Wireless VLANs
Allows a Single WLAN to Handle Different Devices and Applications with Different Types of Security 802.1q Trunk
AP Channel: 6
SSID Data = VLAN 1 SSID Voice = VLAN 2 SSID Visitor = VLAN 3 SSID: Data Security: PEAP + AES
Use multiple radios on different channels in a given cell to increase capacity Limit the number of users per radio to about 12-15 Lower this limit if using voice to about 8-10
AC-Free Deployments
No AC power required to support end devices
Mobility
Low voltage, Ethernet Powered Devices can be easily moved
Safety
48V DC low voltage POE reduce user exposure to local AV power circuits
Operational Resiliency
Centralized power solution allows for a centralized UPS deployment
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 122
Up to 15.4 Watts
Power Off on Disconnect (DC/AC)
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 123
JOHN CORDIER ACADEMY | Chapter title www.jcacademy.com | Telindus 2012 | slide 124
Architecture
Site Survey
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards 802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 125
Site survey
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 127
AP 5
AP1 Channel 1 Channel 6
AP 3
Channel 11
AP 2 Channel 6
AP 4 Channel 1
AP 6 Channel 11
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 128
Surveyed at 36 Mbps
Surveyed at 54 Mbps
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 129
JOHN CORDIER ACADEMY | Wireless Lan Essentials www.jcacademy.com | Telindus 2012 | slide 130
Ekahau Heatmapper
LAN Backbone
Overlapping 10-15%
Access Point
Access Point
Wireless Clients
Wireless Clients
Range
10-15% increase in maximum range versus an AP1130 Recommended 1:1 replacement of an 802.11a/g deployment
Coverage
10-20% increase in 802.11a/g high data rate coverage More uniform coverage versus an AP1130
Capacity
Maximum data rates of 144Mbps in 2.4GHz Maximum data rates of 300Mbps in 5GHz
28 m
31 m
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 136
34 m
45 m
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 137
Recommendations
Forget about 11b 5 GHz Disable speeds lower then 12 Mbps
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 140
PRESENTATION
This is WI-FI
SESSION
L4 L3
TRANSPORT NETWORK
Logical Link Control sublayer (LLC)
L2 L1
DATA LINK
Media Access Control sublayer (MAC)
The Physical Layer Convergence Procedure (PLCP)
PHYSICAL
Classes of frames
Data frames
Carry higher level protocol data
Control frames
Administration of the access to the wireless medium RTS/CTS, ACK,
Management frames
Beacon transmitted at regular intervals to allow wireless devices to find networks + match parameters with the AP Association and authentication frames Probe Request / Probe Response
DA SA
BSSID
BEACON
Clients continually scan all channels and listen to beacons as the basis for
choosing which access point is best to associate with.
In infrastructure networks
Access points periodically send beacons. In general, the beacon interval is set to 100ms, which provides good performance for most applications.
In ad hoc networks
There are no access points. One of the peer stations assumes the responsibility for sending the beacon.
Capability Info
BEACON
PROBE REQUEST
PROBE RESPONSE
BEACON
PROBE REQUEST
PROBE RESPONSE
ASSOCIATION REQUEST
ASSOCIATION RESPONSE
Disassociation frame
A station sends a disassociation frame to another station if it wishes to terminate the association.
AP
2 2
BSS-A
AP
AP
STA-2 STA-1
1 Wireless PC-Card 2
STA-2
Association table
STA-1
BSS-B
STA-1
BSS-A
STA-2
Scanning and association as before IAPP protocol used to convey information from new to old AP
Multiple access
Distributed Coordination Function (DCF)
CSMA/CA Contention based access
Medium is busy
Transmission is deferred by DIFS + random time Collision avoidance (but not elimination!) Immediate access when medium is idle >= DIFS DIFS Busy Medium DIFS
PIFS SIFS
Contention Window
Backoff Window Slot Time Data
Defer Access
Back-Off Timer
Back-Off Time is subsequently calculated (slots)
Starting with random number powers of 2 minus 1 (2x 1) Ascending integer powers of 2 minus 1 if transmission fails
7 slots
15 slots
31 slots
DIFS
ACK
DIFS
Slot Time
Carrier-sensing
Physical carrier-sensing
Detects signal strength from other sources at PHY
CCA: Clear Channel Assessment
CTS Range
DIFS
RTS
SIFS
Source 1
7 slots
SIFS CTS
DIFS
Destination 1
DIFS
Set NAV
Set NAV
9 slots 2 slots
Source 2
Destination 2
Source 3
ACK Destination 3
Set NAV
Set NAV
802.11g throughput
Compatibility mode requires 11g OFDM packets
To be preceded by RTS/CTS or CTS packet exchange Additional overhead DIFS SIFS DIFS SIFS
RTS
Source 1 g
7 slots
Data OFDM
SIFS CTS
Destination 1
DIFS
ACK
2 slots
Set NAV
Set NAV
9 slots
Source 2 b
Destination 2
Source 3 b
ACK Destination 3
Set NAV
Set NAV
Message fragmentation
IEEE 802.11 defines:
Function to transmit large messages as smaller frames Improves performance in RF polluted environments Can be switched off to avoid the overhead in RF clean environments
Hit
A hit in a large frame requires re-transmission of a large frame Fragmenting reduces the frame size and the required time to retransmit
PRESENTATION
This is WI-FI
SESSION
L4 L3
TRANSPORT
NETWORK
Logical Link Control sublayer (LLC)
L2 L1
DATA LINK
PHYSICAL
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 180
Voice
Bandwidth Low to Moderate Low
FTP
Moderate to High High
Loss Sensitivity
Delay Sensitive
High
Low
Jitter Sensitive
High
Low
Traffic should be grouped into classes that have similar QoS requirements
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 182
Polled access
HCF Coordinated Channel Access (HCCA)
WSM
Based on 802.11e draft, includes WME Based on HCCA (HCF Coordinated Channel Access)
HCCA reserves bandwidth based on traffic specifications from client devices Best suited for two way streaming media (voice, video) Uses Scheduled APSD- suitable for power save
PRI
CFI
VLAN ID
802.1Q/p header
Pream. SFD
DA
SA
Type
TAG
4 bytes
PT
Data
FCS
Version Length
ToS Byte
Len
ID
ID
offset
Data
7
MBZ
Precedence
Type of Service
RFC 1122
RFC 1349
Must Be Zero
3-6 Type of Service Defined 0000 all normal 1000 minimize delay 0100 maximize troughput 0010 maximize reliability 0001 minimize monetary cost
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 190
DSCP
Class#1 Class #2 Class #3
CU
Class #4
DSCP
Highest priority
Allows multiple concurrent VoIP calls with low latency and toll voice quality
EF
Prioritize video traffic above other data traffic One 802.11g/a channel can support 3-4 SDTV streams or 1 HDTV stream
5,4
AF4x
(ACI 0)
Traffic from legacy devices or from applications that lack QoS capabilities Traffic less sensitive to latency but affected by long delays, such as internet surfing
0,3
BE
Low priority traffic (file downloads, print jobs) that does not have strict latency and throughput requirements
1,2
AF2x
12 11
Fraction in Mbit/s 10
9
8 7 6 5 4 3 2 1 0 1 2 Mbit/s 5.5 11
802.11g throughput
Mixed mode requires 11g adaptations for protection
CTS-only
RTS/CTS Slot time of 20 s (vs 9 s) Maximum back-off time
Network capacity
Theoretical maximum application-level throughput
1500 byte packets, encryption enabled, zero packet errors
Modulation Maximum link rate Theoretical maximum TCP rate Theoretical maximum UDP rate
802.11b
CCK
11 Mbps
5.9 Mbps
7.1 Mbps
OFDM/CCK
54 Mbps
14.4 Mbps
19.5 Mbps
OFDM
54 Mbps
24.4 Mbps
30.5 Mbps
802.11a
OFDM
54 Mbps
24.4 Mbps
30.5 Mbps
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 197
Signalling
Other
Transport
Transport
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 199
Voice Protocols
Media Transport ProtocolsSignaling
Audio Video RTCP Ras H.225.0 MGCP Codec Codec Megaco H.248 RTP UDP
IP
SIP
H.245 Q.931
TCP
Perception
I think my WLAN is Lightly utilized So, I should be able To easily add voice
Reality
But interference is eating Into my capacity
+
So, theres no room in the pipe for voice
DSCP
Highest priority Allows multiple concurrent VoIP calls with low latency and toll voice quality
EF
Prioritize video traffic above other data traffic One 802.11g/a channel can support 3-4 SDTV streams or 1 HDTV stream
5,4
AF4x
Traffic from legacy devices or from applications that lack QoS capabilities Traffic less sensitive to latency but affected by long delays, such as internet surfing
0,3
BE
Low priority traffic (file downloads, print jobs) that does not have strict latency and throughput requirements
1,2
AF2x
UDP
RTP
8 bytes
12 bytes
IP RTP UDP
At 64 Kbps PCM
20 ms = 160 Bytes overall rate = 80 Kbps
40 IP RTP UDP 40 20
160
At 8 Kbps, encoding
20 ms = 20 Bytes Overall rate = 24 Kbps
TCP throughput
# VoIP connections
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 206
802.11b/g
(RTS/CTS protection)
14
15
1 Mb/s
2 Mb/s 5.5 Mb/s
11 Mb/s 12 Calls
Recommendations
Forget about 11b 5 GHz Disable speeds lower then 12 Mbps
02. Optimizing
Throughput QoS: 802.11e Voice on Wireless
03. Securing
Encryption and authentication standards
802.1x framework
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 210
Wireless is un-secure
Windows is un-secure Using your neighbors network Wired network is un-secure
War chalking
Physical marking of a wireless accessible network
A roguish WLAN
Adding fake access points
Jamming
Taking a device off the air by overriding the signal by a stronger one
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 213
Who am I ?
Protect Access?
Protect Users?
Public Hotspots
Home Use
Business
Remote Access
Standards
Encryption/Integrity
WEP RC4
TKIP RC4
AES
Authentication
802.1X
Wireless Security
Architectures
WEP
WEP
If not found
WPA
TKIP + 802.1x
WPA2 (802.11i)
AES + 802.1x
Wep Authentication
Open
Shared
WEP
Data
WEP is a shared key only It uses the symmetrical RC4 (Rons Code 4)
40bit 104bit
3
1
Data ICV Data ICV
7 6
XOR
CRC
8 Cipher
Text
40bit 104bit 4
9
24 bit IV
Keystream
Cipher Text
24 bit IV
64bit 128bit
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 219
RC4
802.11 Hdr
Data
Select and insert IV Per-packet Key = IV || RC4 Base Key RC4 Encrypt Data || ICV
802.11 Hdr IV
Remove IV from packet Per-packet Key = IV || RC4 Base Key RC4 Decrypt Data || ICV
Cypher Data ICV
Wep Framing
EAP Protocol-overview
TLS
PEAP
LEAP
MD5
802.1x
Client-server based access control and authentication protocol that
restricts unauthorized devices from connecting to a LAN through publicly accessible ports Standard set by the IEEE 802.1 working group. Standard link layer protocol used for transporting higher-level authentication protocols
IEEE 802.1x
802.1x is a client-server-based access control and authentication protocol that restricts unauthorized devices from connecting to a LAN through publicly accessible ports
Supplicant Authenticator Authentication Server
1 4 1 2 3 4
User activates link (ie: turns on the PC)
2 3
Authentication Server
What is RADIUS?
Remote Access Dial In User Service
Informational
RFC 2866, RADIUS accounting RFC 2867-8, RADIUS Tunneling support RFC 2869, RADIUS extensions
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 227
802.1x Header
EAP Payload
EAP over LAN (EAPOL), is used for all communication between Supplicant and
Authenticator.
DA SA 6B: 0180.C200.0003 T/L DATA 2B: 888E FCS
Authenticator to Supplicant
Destination: 0180.C200.0003 until learned Source: Unicast Authenticator
Supplicant to Authenticator
Destination: 0180.C200.0003 Source: Unicast supplicant
Protocol Version Length 1B: 0000 0001 1B FrameType 1B: EAP-Packet EAPOL-Start EAPOL-Logoff EAPOL-KEY EAPOL-Encapsulated-ASF-Alert
Body XB
0000 0000 0000 0001 0000 0010 0000 0011 0000 0100
Proprietary EAP types being developed by vendors, Ciscos Lightweight Extensible Authentication Protocol LEAP
802.1x Header
EAP Payload
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 230
Ethernet
802.1x
Protocol Version FrameType Length Type 1B 0000 0001 Identity 0000 0010 Notification 0000 0011 NAK (Response Only: Desired Authentication type is unacceptable) 0000 0100 MD-5 Challenge 0000 0101 One-Time Password(OPT) 0000 0110 GenericToken Card
EAP
Type-Data Length XB 2B Identifier 1B Code 1B: 0000 0001 Request 0000 0010 Response
Un-Controlled
EAPOL
Uncontrolled port provides a path for Extensible Authentication Protocol over LAN (EAPOL) traffic ONLY
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 233
Authentication
Before Authentication After successful authentication
Port connect
Supplicant
EAPOL-Start
Access blocked
RADIUS
EAPOL
EAP-Request/Identity
Radius-Access-Request
Radius-Access-Challenge Radius-Access-Request
Radius-Access-Accept
Access allowed
PPP Extensible Authentication Protocol (EAP) RFC2284
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 235
Associate
Supplicant Association Request Association Response EAPOL-Start
Access blocked
802.11 EAPOW RADIUS
Radius-Access-Request
Radius-Access-Challenge Radius-Access-Request Radius-Access-Accept
Access allowed
EAPOL-Key frames can be used periodically
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 236
Associate
Supplicant Association Request Association Response EAPOL-Start
Access blocked
802.11 EAPOW
Radius-Access-Request
Radius Ser
EAP-Request/Identity EAP-Response/Identity
RADIUS
EAP-Request (cisco challenge) EAP-Response (Cisco response) EAP-Request (Cisco challenge) EAP-Respose (cisco response)
Radius-Access-Request (Cisco challenge) Radius-Access-Response (Cisco response) Radius-Access-Request (Cisco challenge) Radius-Access-Response (Cisco response)
Access allowed
Client
WAP
Request Connection
AD
Do you support PEAP? Yes Server PKI certificate & servers TLS preferences Certificate verified & clients TLS preferences or OK
Client
WAP
AD
EAP mechanisms
EAP-OPEN
EAP-FAST
LEAP
Ease of use PEAP EAP-MD5
WPA roadmap
WPA (subset 802.11i)
802.1x + TKIP + MIC WPA authenticated key management
WPA2
802.1x + AES + MIC
802.1X
TKIP/MIC
WPA
802.1x provides method for generating master session key
Discovery
EAP credential
Authentication
Derive PMK
EAP authentication
4-way handshake
Key management
2-way handshake
Derive PTK
Data protection
Associate
Supplicant Association Request Association Response EAPOL-Start
Access blocked
802.11 EAPOW RADIUS
Radius-Access-Request
Radius-Access-Challenge Radius-Access-Request Radius-Access-Accept
Generates PMK
Access allowed
4 Way Handshake
PMK
PMK
PTK
PTK
PTK
PTK
GTK GTK
WEP
TKIP
WPA: TKIP
Temporal Key Integrity Protocol
Name is something of a misnomer (J. Walker, Intel)
TKIP + MIC
1
Data MIC Data MIC
MIC ICV
Destination Address
64bits
Data
Source Address
2 7
Keystream RC4
802.1x Key
A Phase 1 Key B Per Packet d Key 5
24bits
6
IV d IV
104bits
XOR
Cipher Text
9
IV IV
Cipher Text
48 bit IV
32bits 16bits
AES-CCMP
Mandatory to implement in 802.11i and WPA2
Other protocols in 802.11i include TKIP and WRAP 3 protocols instead of 1 because of IEEE politics
AES overhead may require new STA hardware for hand-held devices, but not mobile PCs
TKIP
CCMP
WPA AES
WPA2
128 bit 256 bit 48-bit IV Not needed CCM CCM IV sequence EAP-based
Key life Packet key Data integrity Header integrity Replay attack Key management
http://mediaproducts.gartner.com/reprints/merunetworks/153883.html
JOHN CORDIER ACADEMY www.jcacademy.com | Telindus 2012 | slide 259
802.11n
Standard Approved
Sept. 1999
Sept. 1999
2009
Available Bandwidth
83.5 MHz
580 MHz
83.5 MHz
83.5/580 MHz
Frequency Band of Operation # Non-Overlapping Channels (US) Data Rate per Channel
2.4 GHz
5 GHz
2.4 GHz
2.4/5 GHz
24
3/24
1 11 Mbps
6 54 Mbps
1 54 Mbps
Modulation Type
DSSS, CCK
OFDM
Channels
24
Capacity
3.45Gbps
450Mbps
Interference
Low
High
Channel Planning
Flexible
Restricted
Optimal
Limited
802.11n
Optimal
Limited
Although 802.11n supports both bands, the available channels, bandwidth, and client capacity makes the 5GHz band the obvious choice.
Even though the 2.4GHz band has greater range than 5GHz, proper deployment using directional antennas can eliminate any issue.
Range
Good
Better
Latency/Jitter
Low
High
Capacity
2Gbps
300Mbps
Deployment
Simple
Complex
Intelligence
Efficient
Inefficient
Reliability
Great
Good
Scalability
Great
Good
Range (Gain)
Great
Limited
Coverage Shaping
Great
Limited
Capacity
864Mbps
108Mbps
Client Density
Great
Limited
Security
Great
Limited
Description
b
c d e f g h i
PHY
MAC PHY MAC both PHY both MAC
802.11 ABCs
Layer j k m n p
both both both both MAC MAC both
Additional Japanese bands at 4.9 and 5 GHz Radio resource measurement enhancements Maintenance of earlier standards High throughput (>100 Mb/s) Vehicular hand-off Fast roaming Mesh networking
Description
r
s