NYSC Rathmalana

Wireless Technologies WLANs are only one usage of the radio frequency (RF) spectrum. Figure illustrates the distance versus data rate relationships that exist in different wireless technologies. Figure lists the different radio frequency bands, along with the name of the transmitted waves in each band and typical usages. A multitude of different and complex technologies crowd the frequency spectrum and cannot be fully covered in this course.

The U.S. General Services Administration definition of radio is as follows:

1. Telecommunication by modulation and radiation of electromagnetic waves 2. A transmitter, receiver, or transceiver used for communication via electromagnetic waves 3. A general term applied to the use of radio waves
Wireless technologies are comprised of many variable parameters, as listed in Figure . Some technologies provide one-way communications while others provide two-way simultaneous communications. Some operate at low power levels, whereas others operate at high power levels. Some are digital and some are analog. Some operate at short distances of 30.5 m (100 ft.) or less, and others operate over larger spans, even across continents. The cost of various wireless technologies can vary from several U.S. dollars to billions of U.S. dollars. Wireless technologies, some of which are shown in Figure , have been around for many years. Television, AM/FM radio, satellite TV, cellular phones, remote control devices, radar, alarm systems, weather radios, CBs, and cordless phones are integrated into everyday life. Beneficial technologies that depend on wireless include weather radar systems, x-rays, Magnetic Resonant Imaging (MRIs), microwave ovens, and Global Positioning Satellites (GPSs). Wireless technology surrounds humanity on a daily basis, in business and in personal life.

NYSC Rathmalana
What is a wireless LAN?

In the simplest of terms, a wireless LAN (WLAN) does exactly what the name implies. It provides all the features and benefits of traditional LAN technologies such as Ethernet and Token Ring, but without the limitations of wires or cables. Thus, WLANs redefine the way the industry views LANs. Connectivity no longer implies attachment. Local areas are measured not in feet or meters, but in miles or kilometers. An infrastructure need not be buried in the ground or hidden behind walls. An infrastructure can be moved and changed based on the needs of an organization.

A WLAN, just like a LAN, requires a physical medium through which transmission signals pass. Instead of using twisted-pair or fiber-optic cable, WLANs use infrared light (IR) or radio frequencies (RFs). The use of RF is far more popular for its longer range, higher bandwidth, and wider coverage. WLANs use the 2.4-gigahertz (GHz) and 5-GHz frequency bands. These portions of the RF spectrum are reserved in most of the world for unlicensed devices. Wireless networking provides the freedom and flexibility to operate within buildings and between buildings

Wi-Fi Alliance The IEEE 802.11 committee and the Wi-Fi Alliance have diligently worked to make wireless equipment standardized and interoperable. Figure lists some of the important functions of these two organizations. Figure shows many of the WLAN vendors that have joined the Wi-Fi Alliance. Wireless technology will now support the data rates and interoperability necessary for LAN operation. Also, the cost of the new wireless devices has decreased greatly. WLANs are now an affordable option to wired LAN connectivity. In most countries these devices do not require special governmental licensing.

NYSC Rathmalana
Consumer wireless products Wireless networks are rapidly becoming more popular for consumer use and coming down in price. Whereas Cisco provides wireless enterprise level wireless equipment, there are many vendors providing consumer WLAN devices . Since wireless networks do not require cables, the devices can be used anywhere in a home, even out on the patio. There is no need to roll out an Ethernet network cable to each room of a house, the network can be anywhere, without wires. Outside of the home, wireless networking is available in hotspots at coffee shops, businesses, airports, which are great when on the road and some work needs to be done. These networks typically allow any vendor NICs to connect. Overview of Standardization Standardization of networking functions has done much to further the development of affordable, interoperable networking products. This is true for wireless products as well. Prior to the development of standards, wireless systems were plagued with low data rates, incompatibility, and high costs. Standardization provides all of the following benefits: Interoperability among the products of multiple vendors Faster product development Stability Ability to upgrade Cost reductions

It is important to understand the two primary types of standards. A public standard has not been approved by an official standards organization, but is recognized as a standard because of its widespread use. It is also called a de facto standard. Often, an official standards group will later adopt de facto standards. An official standard is published and controlled by an official standards organization such as the IEEE. Most official standards groups are funded by government and industry, which increases cooperation and implementation at the national and international level. For this reason most companies should deploy wireless products that follow official standards. Officially approved standards are called de jure standards. Some important standards organizations are shown in Figure

NYSC Rathmalana
Overview of IEEE and the 802 Committee The IEEE, founded in 1884, is a nonprofit professional organization comprised of over 377,000 members worldwide. The IEEE consists of many individual societies and working groups. It plays a critical role in developing standards, publishing technical works, sponsoring conferences, and providing accreditation in the area of electrical and electronics technology. In the area of networking, the IEEE has produced many widely used standards such as the 802.x group of local area network

Carrier-sense mechanism Physical and virtual carrier-sense functions are used to determine the state of the medium. When either function indicates a busy medium, the medium is considered busy. If the medium is not busy it will be considered idle. A physical carrier-sense mechanism is provided by the PHY. The details of physicalcarrier sense are provided in the individual PHY specifications. The MAC provides a virtual carrier-sense mechanism. This mechanism is referred to as the network allocation vector (NAV). The NAV maintains a prediction of future traffic on the medium, based on information in the duration field of unicast frames.

NYSC Rathmalana
MAC-Level acknowledgments The reception of some frames requires the receiving station to respond with an acknowledgment, generally an ACK frame, if the Frame Check Sequence (FCS) of the received frame is correct. This technique is known as positive acknowledgment and is shown in Figure . Lack of reception of an expected ACK frame indicates to the source station that an error has occurred. It may be possible that the destination station may have received the frame correctly and that the error may have occurred in the delivery of the ACK frame. To the initiator of the frame exchange, these two conditions are indistinguishable.

Why wireless? Current wired Ethernet LANs operate at speeds around 100 Mbps at the access layer, 1 Gbps at the distribution layer, and up to 10 Gbps at the core layer. Most WLANs operate at 11 Mbps to 54 Mbps at the access layer and are not intended to operate at the distribution or core layers. The cost of implementing WLANs is competitive with wired LANs. So why install a system that is at the lower end of the current bandwidth capabilities? One reason is that in many small LAN environments, the slower speeds are adequate to support the application and user needs. With many offices now connected to the Internet by broadband services such as DSL or cable, WLANs can handle the bandwidth demands. Another reason is that WLANs allow users to roam a defined area with freedom and still remain connected. During office reconfigurations, WLANs do not require rewiring and its associated costs. Figure lists many of the benefits provided by WLANs. WLANs have numerous benefits for home offices, small businesses, medium businesses, campus networks, and larger corporations. The environments that are likely to benefit from a WLAN have the following characteristics: Require standard Ethernet LAN speeds Benefit from roaming users Reconfigure the physical layout of the office often Expand rapidly Utilize a broadband Internet connection Face significant difficulties installing wired LANs Need connections between two or more LANs in a metropolitan area Require temporary offices and LANs

Evolution of wireless LANs

The first wireless LAN technologies defined by the 802.11 standard were low-speed proprietary offerings

NYSC Rathmalana

of 1 to 2 Mbps. Despite these shortcomings, the freedom and flexibility of wireless allowed these early products to find a place in technology markets. Mobile workers used hand-held devices for inventory management and data collection in retail and warehousing. Later, hospitals applied wireless technology to gather and deliver patient information. As computers made their way into the classrooms, schools and universities began installing wireless networks to avoid cabling costs, while enabling shared Internet access. Realizing the need for an Ethernet-like standard, wireless vendors joined together in 1991 and formed the Wireless Ethernet Compatibility Alliance (WECA). WECA proposed and built a standard based on contributed technologies. WECA later changed its name to Wi-Fi. In June 1997, the IEEE released the 802.11 standard for wireless local-area networking. Figure illustrates the wireless LAN evolution. Just as the 802.3 Ethernet standard allows for data transmission over twisted-pair and coaxial cable, the 802.11 WLAN standard allows for transmission over different media. Specified media include the following:

Infrared light Three types of radio transmission within the unlicensed 2.4-GHz frequency bands: o Frequency hopping spread spectrum (FHSS) o Direct sequence spread spectrum (DSSS) o Orthogonal frequency-division multiplexing (OFDM) 802.11g One type of radio transmission within the unlicensed 5-GHz frequency bands: o Orthogonal frequency-division multiplexing (OFDM) 802.11a

Spread spectrum is a modulation technique that was developed in the 1940s. It spreads a transmission signal over a broad range of radio frequencies. This technique is ideal for data communications because it is less susceptible to radio noise and creates little interference. The Future of Wireless Local-Area Networking Current WLAN technologies offer increasing data rates, better reliability and dependability, and decreasing costs. Data rates have increased from 1 Mbps to 54 Mbps, interoperability has become a reality with the introduction of the IEEE 802.11 family of standards, and prices have dramatically decreased. As WLANs become more popular, manufacturers can increasingly leverage economies of scale.

NYSC Rathmalana
There will be many improvements to come. For example, many weaknesses have been found in the basic security settings of WLANs, and stronger security in all future products is a priority. Versions such as 802.11g will offer 54 Mbps like 802.11a, but also will be backward compatible with 802.11b. This course will cover the general technologies behind 802.11a and 802.11b WLANs, including radio technologies, WLAN design, site preparation, and antenna theory. Detailed coverage of the Cisco Aironet products and accessories will also be presented. Students should be able to apply their knowledge at the completion of the course to design WLANs using products from one or multiple vendors. IEEE 802.11g PHY specification The IEEE 802.11g standard was published (finalized) in July 2003. It provides the same theoretical maximum speed as 802.11a, which is 54 Mbps, but operates in the same 2.4 GHz spectrum as 802.11b. Unlike 802.11a, 802.11g is backward compatible with 802.11b. Interoperability among and between all speeds exists, so the entire WLAN does not need to be upgraded when moving to higher speeds. The operating data rates for the different 802.11 standards, along with the frequency band and modulation used, are summarized in Figure and 802.11g is expected become the standard of choice over 802.11b. The 802.11g standard requires the use of OFDM for fast data rates (greater than 20 Mbps), as well as backward compatibility with 802.11b CCK encoding. The standard utilizes a hybrid architecture to provide backward compatibility. Even though legacy 802.11b devices will not be able to decode the packet payload of these frames, they are able to "sense" them on the network. The new frames can coexist with 802.11b, similar to the way 802.11b can coexist with older, 2 Mbps 802.11 systems. The pure OFDM specification, which uses a more efficient OFDM-based preamble/header, does not have the same characteristics. 802.11b devices will not sense 802.11g frames, and vice-versa. By taking advantage of the RTS/CTS elements of IEEE 802.11, in which access points speaking both languages can regulate the transmissions, the two can coexist peacefully.

American

European

Number of operating channels The channel center frequencies and CHNL_ID numbers are shown in Figure . As shown in the figure, not all countries national regulatory bodies have allocated the same number of channels. The three nonoverlapping operating channels for North America are shown in Figure .

NYSC Rathmalana
Complementary Code Keying (CCK) is used to increase the peak data rate of 802.11b from 2 to 11 Mbps, while still using DQPSK modulation. It does this by first increasing the data clock rate from 1 Mbps to 1.375 Mbps, and then taking data in 8-bit blocks (8*1.375 = 11). Six of the eight bits are used to choose 1 of 64 complementary codes, which are each eight chips long and clocked out at 11 MHz. The other 2 bits are combined with the code in the DQPSK modulator. Modulation and channel data rates Four modulation formats and data rates are specified for the High Rate PHY . The basic access rate is based on 1 Mbps differential binary phase shift keying (DBPSK) modulation. The enhanced access rate is based on 2- Mbps differential quadrature phase shift keying (DQPSK). The extended direct sequence specification defines two additional data rates. The High Rate access rates are based on the Complementary Code Keying (CCK) modulation scheme for 5.5 Mbps and 11 Mbps. The optional packet binary convolutional coding (PBCC) mode is also provided for enhanced performance up to 22 Mbps. Basic Service Set (BSS) The basic service set (BSS) is the basic building block of an IEEE 802.11 LAN. Figure shows a BSS with three stations that are members of the BSS, in addition to the access point (AP). The BSS covers a single RF area, or cell, as indicated by the circle. As a station moves further from the AP, its data rate will decrease. When it moves out of its BSS, it can no longer communicate with other members of the BSS. A BSS uses infrastructure mode, a mode that needs an AP. All stations communicate by way of the AP, and do not communicate directly. A BSS has one service set ID (SSID).

Independent BSS (IBSS) The independent basic service set (IBSS) is the most basic type of IEEE 802.11 LAN. A minimum IEEE 802.11 LAN consists of only two stations. In this mode of operation, IEEE 802.11 stations communicate directly. Because this type of IEEE 802.11 LAN is often formed without pre-planning for only as long as the WLAN is needed, it is often referred to as an ad hoc network. Because an IBSS consists of STAs that are directly connected, it is also called a peer-to-peer network. There is, by definition, only one BSS and there is no Distribution System (DS). An IBSS with four stations is shown in Figure . An IBSS may have an arbitrary number of members. In order to communicate outside of the IBSS, one of the STAs must be acting as a gateway or router.

NYSC Rathmalana
Distribution System (DS) Physical limitations determine the station-to-station distances that may be supported. For some networks this distance is sufficient. For other networks, increased coverage is required. Instead of existing independently, a BSS may also form a component of an extended service set (ESS). An ESS is built from multiple BSSs that are connected through APs. The APs are connected to a common DS as shown in Figure . The DS can be either wired or wireless, LAN or WAN. The IEEE 802.11 WLAN architecture is specified independently of the physical characteristics of the DS. The DS enables mobile device support by providing the services necessary to handle address to destination mapping and seamless integration of multiple BSSs. Data moves between a BSS and the DS through an AP. Note that all APs are also STAs, which makes them addressable entities. Extended service set (ESS) An extended service set (ESS) is defined as two or more BSSs connected by a common DS as illustrated in Figure . This allows for the creation of a wireless network of arbitrary size and complexity. As with a BSS, all packets in an ESS must go through one of the APs. A key concept is that the ESS network appears the same to the LLC layer as an IBSS or a single BSS network. Stations within an ESS may communicate directly and mobile stations can move from one BSS to another within the same ESS transparently to LLC. Roaming WLAN designer must determine whether clients will require seamless roaming from access point to access point, as depicted in Figure . As a client roams across the wireless network, it must establish and maintain an association with an Aironet access point. The following s teps are taken to ensure seamless roaming: The client sends out a request for association and immediately receives a response from all access points within its coverage area. WLAN designer must determine whether clients will require seamless roaming from access point to access point, as depicted in Figure .

NYSC Rathmalana
As a client roams across the wireless network, it must establish and maintain an association with an Aironet access point. The following steps are taken to ensure seamless roaming: The client sends out a request for association and immediately receives a response from all access points within its coverage area. The client decides which access point to associate with based on signal quality, strength, the number of users associated, and the required number of hops to reach the backbone. After an association is established, the client's Media Access Control (MAC) address drops into the table of the selected access point. If the client encounters difficulty, it will roam for another access point. If no other access point is available, the client will lower its data transmission rate and try to maintain connection. After the client roams to another access point, its MAC address drops into the table of the new access point, which sends a broadcast message basically stating that it received "MAC address X".

The following two factors need to be considered when designing a WLAN with seamless roaming capabilities for devices that are powered on while moving from one point to another: Coverage must be sufficient for the entire path. A consistent IP address should be available throughout the entire path. The IP subnet for each access point could be on different switches and separated by Layer 3 devices. If so, consider using Layer 2 switching technologies such as ATM-LANE, ISL, or 802.1q, to span the VLANs. This will help ensure that there is a single broadcast domain for all access points. Figure illustrates such a scenario. Determine placement of access points or bridges - This includes determining where they should be placed and deciding how many are required for the desired coverage. Very few gaps in the coverage should be left. These gaps are essentially dead air and the client will lack connectivity in these locations. As discussed before, bandwidth requirements have an impact on the coverage areas. Map out the channel assignments - There should be as little overlap as possible between channels that use the same frequency.

IEEE 802.11b In the example shown in Figure , the goal was to cover the whole office area with wireless coverage. A full 11 Mbps is provided everywhere, due to the density of users. Figure shows a design that uses only the three nonoverlapping 802.11b channels that are available in the U.S. As can be seen in Figure , Channels 1, 6, and 11 do not overlap frequencies. This concept can be correlated to the placement of FM radio stations throughout the country. There will never be two radio stations, in the same geographic area, on the exact same channel or frequency. IEEE 802.11a Using the same diagram as on the 802.11b example, Figure shows how, by using 802.11a products, the throughput of any individual user can be increased. This is due to the increased data rate of each cell. A full 54 Mbps is to be available in any cell.

NYSC Rathmalana
With 802.11a products the user has eight non-overlapping channels. This means there can be more cells, on a per area basis. It also means that it will be easier to deploy multiple APs. Since there are eight channels to work with, it is not as important, to be concerned about the co-channel interference. This is shown in Figure . The process to achieve optimum placement and channel mapping will be discussed in later modules. These later modules will also cover site survey and design in more detail.

WLAN threats There are four primary classes of threats to wireless security:

1. 2. 3. 4.

Unstructured threats Structured threats External threats Internal threats

Unstructured threats consist of inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Structured threats come from hackers who are more highly motivated and technically competent. These people know wireless system vulnerabilities, and they can understand and develop exploit-code, scripts, and programs. External threats are individuals or organizations working from outside of the company. They do not have authorized access to the wireless network. They work their way into a network mainly from outside the building such as parking lots, adjacent buildings or common areas . These are the type of threats that people spend the most time and money protecting against. Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the wire. According to the FBI, internal access and misuse account for 60 to 80 percent of reported incidents.

Wired equivalent privacy (WEP) The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from casual eavesdropping. The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP could be exported and used worldwide, as indicated in Figure . Most vendors have extended WEP to 128 bits or more. When using WEP, both the wireless client and the access point must have a matching WEP key. WEP is based upon an existing and familiar encryption type, Rivest Cipher 4 (RC4). The IEEE 802.11 standard provides two schemes for defining the WEP keys to be used on a WLAN. In the first scheme, a set of up to four default keys are shared by all stations, including clients and access points, in a wireless subsystem. In the first scheme, a set of up to four default keys are shared by all stations, including clients and access points, in a wireless subsystem. The problem with default keys is

NYSC Rathmalana
that when they become widely distributed, they are more likely to be compromised. Cisco WLAN equipment uses this scheme. In the second scheme, each client establishes a key mapping relationship with another station. This is a more secure form of operation, because fewer stations have the keys. However, distributing such unicast keys becomes more difficult as the number of stations increases. The way that 802.11 uses WEP encryption is weak in several ways. These weaknesses are being addressed by the 802.11i standard, which will be explained in the following sections. Open Authentication and Shared Key Authentication are the two methods that the 802.11 standard defines for clients to connect to an access point . The association process can be broken down into three elements known as probe, authentication, and association. This section will explain both authentication methods and the steps the client undergoes during the process. Network EAP will be discussed in the enterprise WLAN security section. Open Authentication The Open Authentication method performs the entire authentication process in clear text. This is shown in Figure . Open Authentication is basically a null authentication, which means there is no verification of the user or machine. Open Authentication is usually tied to a WEP key. A client can associate to the access point with an incorrect WEP key or even no WEP key. A client with the wrong WEP key will be unable to send or receive data, since the packet payload will be encrypted. Keep in mind that the header is not encrypted by WEP. Only the payload or data is encrypted. Shared Key Authentication Shared Key Authentication works similarly to Open Authentication, except that it uses WEP encryption for one step. Shared key requires the client and the access point to have the same WEP key. An access point using Shared Key Authentication sends a challenge text packet to the client, as shown in Figure . If the client has the wrong key or no key, it will fail this portion of the authentication process. The client will not be allowed to associate to the AP. Shared key is vulnerable to a man-in-the-middle attack, so it is not recommended. Interoperability On most access points, including Cisco, it is possible to use Open Authentication with or without a WEP key. For basic interoperability requiring WEP, a Cisco Access point will be set up using Open Authentication. Data Encryption is set to Required, and TKIP, MIC, and BKR are all disabled.