Day 5 - Switching and Wireless

Understanding
LAN Switching
1-2 Networking Fundamentals 2009, Velocis Systems
Switch

It breaks the Collision Domain

It takes the packet and forwards to destined port
without any modification.

It increases bandwidth of the network.

Multiple devices can be connected to each
interface.
Collision Domain
All the computers which are physically connected
together and their frames can collide with each
other are part of a single Collision Domain.
Hubs
Ethernet
10
One device sending at a time
Hub
All nodes share 10 Mbps
Ethernet concentrator
Works at physical layer 1
Collisions: Issues
Sluggish network response
Increasing user complaints
CRASH
Hub
I could have walked to Finance
by now.
I knew I should have
stayed home.
File transfers take forever.
Im waiting all the time.
Hub-Based LANs
Shared resources
Desktop connections wired to
centralized closets
Poor security within shared
segments
Routers provide scalability
Groups of users determined
by physical location
10BaseT
Hub
10BaseT
Hub
Switching Technology

To understand Switching Technology we need to
understand the following :
Layer 2 Switching
Address Learning
Forward/Filtering Decisions
Loop Avoidance
LAN Switch Types
SwitchesLayer 2
Ethernet Switch

Each Node has
10 Mbps
Backbone
Switched Ethernet
10
Multiple devices sending at the same time
Switches versus Hubs
Ethernet
10
One device
sending at
a time
Hub
All nodes share 10 Mbps
Ethernet
Switch
Each node has 10 Mbps
Backbone
Switched Ethernet
10
Multiple devices
sending at the
same time
2009, Velocis Systems
LAN Switching Basics
Layer 2 Switching

This is hardware based switching
It uses MAC address to filter the network.
To build Filter Table, it uses ASICs (Application-
specific Integrated Circuits)
It is like Multiport bridge.
Layer 2 switches do not look at the Network layer
header and hence faster.
Based on hardware address it decides whether to
forward the packet or drop it.

Layer 2 Switching provides the following:

Wire speed
Layer 2 switch is considered faster because
no modification in the packet.
Low Latency
Because the switching is faster
Layer 2 Switching
LAN Switching Basics
Enables dedicated
access
Eliminates collisions
and increases
capacity
Supports multiple
conversations at the
same time
Functions of Switch
at Layer 2

There are three main functions at Layer2

Address Learning

Forward / Filter Decisions

Loop Avoidance

Address Learning
Switches and Bridges remember the source address of each frame
received on an interface and enter this information into MAC database.
Whenever switch receives a packet it makes an entry of the source
address and sends a broadcast for destination.
- The destination machine then responds to broadcast and switch
receives a packet from destination.
Switch again makes entry for the destination machines hardware
address.
Using this method Switch maintains a table stating that which
hardware address is available at which port.
Switching Table
Forward / Filter Decisions

When a frame is received on an interface, the switch
looks at the destination hardware address and finds
the exit interface in the MAC database.
When a frame is reached to the switch the destination port
is checked in MAC database to find out the exit interface.

If found the packet will be forwarded to the mentioned
port

If not found the Broadcast is sent on all the ports and
the exit port for this particular address is determined.
Broadcast / Unicast
When packets are sent to a specific machine
that is called Unicast.
It always knows the destination address
When packets are sent to all that is called
Broadcast.
It the destination address will be all 1s.

A
C
B
2
4
1
10 Mbps
10 Mbps
LAN Switch Operation
Forwards packets based on
a forwarding table
Forwards based on the MAC
(Layer 2) address
Operates at OSI Layer 2
Learns a stations location
by examining source
address

Sends out all ports when
destination address is broadcast,
or unknown address
Forwards when destination is
located on different interface
Interface
S
t
a
t
i
o
n
s

1 2 3 4
3
Data from A to B
A
C
B
2
4
1
10 Mbps
10 Mbps
a forwarding table
(Layer 2) address
by examining source
address

or unknown address
Interface
S
t
a
t
i
o
n
s

1 2 3 4
A X
3
A
C
B
2
4
1
10 Mbps
10 Mbps
a forwarding table
(Layer 2) address
by examining source
address

or unknown address
Interface
S
t
a
t
i
o
n
s

1 2 3 4
A X
3
Data from A to B
D
a
t
a

f
r
o
m

A

t
o

B

D
a
t
a

f
r
o
m

A

t
o

B

A
C
B
2
4
1
10 Mbps
10 Mbps
a forwarding table
(Layer 2) address
by examining source
address

or unknown address
Interface
S
t
a
t
i
o
n
s

1 2 3 4
A X
3
B X
D
a
t
a

f
r
o
m

B

t
o

A

A
C
B
2
4
1
10 Mbps
10 Mbps
a forwarding table
(Layer 2) address
by examining source
address
or unknown address
Interface
S
t
a
t
i
o
n
s

1 2 3 4
A X
B X
3
Data from B to A
LAN Switch Types

Switching type basically effects the Latency and the reliability of
your network.

There are three Switching Types:

Store and Forward

Cut-through

Fragment free

Store and Forward

It is default in Switches
In this method the entire data is first stored,
processed for errors, if it is found error free, it is
forwarded otherwise returned.
Uses CRC for error checking.
Latency is high in this case but it is extremely
reliable.
Latency : Time involved in sending the data from
one node to another.

Cut-Through
Cut-Through switching is the fastest one, because it does
not check for errors.
It does not store data and process for error.
It just reads the destination address and forwards it.
It begins to forward the frame as soon as it reads the
destination address and determines the outgoing interface.
It has Lowest Latency and not reliable.
Hence it is also called Wire Speed Switching.
Fragmentfree
(Modified Cut-Through)
It provides us both Low latency as well as Speed.
It is a modified form of Cut Through switching.
It reads the first 64 bytes and then forwards.
I t checks 64 bytes because most of the errors occur in these bytes
only. I f first 64 bytes are error free Fragment Free Switching
considers entire data error free.
If there is any error in first 64 bytes the packet will be dropped or else
forwarded.
It provides better reliability than the Cut-through with almost same
Latency as in Cut through.

Loop Avoidance

If multiple connections between switches are created
for redundancy, network loops can occur.
Most commonly networks are implemented with
redundant links for fault tolerance purpose.
These multiple links may cause loops and broadcast storm
In a switched network some scheme should be
implemented to avoid these loops.
The Spanning-Tree Protocol (STP) is used to stop network
loops and allow redundancy.
Understanding
Spanning-tree
protocol(802.1d)
How does Loop occur

Loop Occurring
In this scenario if no loop avoidance scheme is
implemented the switch will generate a broadcast storm.
A device can receive multiple copy of same frames.
The MAC address table will be continuously updated and
the table itself will be confused, because frames will be
received from more than one link. This is called
thrashing MAC Table.
This is how loops within other loop will be generated and
no switching will be performed in the network.
Note : Spanning Tree Protocol is designed to solve this
problem.
Spanning-Tree Protocol

The main function of STP is to maintain a loop free
network.

Originally STP was created by DEC

It was modified by IEEE and was published in
802.1d specification.

All CISCO switches run on IEEE802.1d version of
STP
How STP Works
STP continuously monitors the network for a failure or addition
of a link, switch or bridge.
Whenever there is a change in topology, it reconfigures switch or
bridge to avoid a total loss of connectivity or creation of new
loops.
STP is by-default enabled in Catalyst switches.
STP provides a loop-free network by following:
Electing a Root Bridge
Root Port for a Non-root Bridge
Designated port for Each Segment
Bridge ID

Bridge ID is used to determine the Root Bridge .
The Bridge ID is 8 bytes long.
Bridge ID includes the priority and the MAC Address of the device.
All devices running IEEE STP version has 32,768 as priority value.
To Determine Bridge ID the Priorities and MAC address are
combined.
If two switches / Bridges have the same priority then MAC
Address is used to determine Bridge ID.
Eg. If switch A with MAC ID 0000.0c00.1111.1111 and switch B
with MAC IS 0000.0c00.2222.2222 have the same priority then
switch A will become the Root Bridge.

Electing Root Bridge
In one Broadcast Domain only one Bridge is designated
as Root Bridge.
All Ports on the Root Bridge are in Forwarding State and
are called Designated Port.
All ports in forwarding state can send and receive traffic.
Bridge ID is used to determine the Root Bridge.
Bridge ID includes the priority and the MAC Address of
the device.

Root Port for a Non-root Bridge
The Root Port is the lowest cost path from a Non-
Root Bridge to the Root Bridge.
Spanning Tree Path Cost is an accumulated cost
based on bandwidth.
More Bandwidth - Less Cost
In the event that the cost is the same then the
deciding factor would be the lowest port no.
Root Ports are in forwarding state.

Designated Port
There will be one Designated Port in one
Segment.
Designated Port is selected on the bridge that
has the lowest cost path to Root Bridge.
Designated Port is in the forwarding state.
Non-designated Ports are normally in the
blocking state to break the loop topology.
That means the Spanning Tree is preventing
it from forwarding traffic.
Spanning Tree Path Cost
Spanning Tree Path Cost is an accumulated
total path cost based on the bandwidth of all the
links in the path. Table shows some of the path
costs specified in IEEE 802.1d specification
Link Speed Cost (Revised IEEE Cost (Previous IEEE
Specification) Specification)
10 Gbps 2 1
1 Gbps 4 1
100 Mbps 19 10
10 Mbps 100 100
Spanning Tree Example
Find out the following:
What is the Root Bridge?
What are the Designated, Nondesignated and Root Ports?
What are the Forwarding and Blocking Ports?
Switch Z
MAC 0c0011110000
Default Priority 32768
Switch X
MAC 0c0011111100
Switch Y
MAC 0c0011111111
Port 1
Port 0
100BaseT
100BaseT
Port 0
Port 1
Port 0
Lets verify the answers
Root Bridge: Switch Z, Because it has the lowest bridge ID (priority
and MAC address)
Root Port: Port 0 of Switches X and Y because it is the lowest-cost
path to the root.
Designated Port: Port 0 of Switch Z. All ports on the root are
designated ports. Port 1 of Switch X is a designated port. Because
both Switch X and SwitchY have the same path cost to the Root
Bridge, the designated port is selected to be on switch X because it
has a lower bridge ID than Switch Y.
Blocking: Port 1 of Switch Y. The nondesignated port on the
segment.
Forwarding: All designated ports and root ports are in the
forwarding state.
VIRTUAL LANs
In layer 2 switched network, broadcast packet transmitted arrives at every device on the
network , whether intended or not for that device. One broadcast domain within a switch

Flat Network
Drawback of Layer 2 Switched
Network
Larger the number of Devices and Users, the
more broadcasts and packets are to be handle
by each device

The Solution is VLAN
VLAN
UNDERSTANDING VIRTUAL LOCAL
AREA NETWORKS (VLANS)
VLAN
We create VLANs in order to address these issues.
A VLAN is a logical broadcast domain that can span
multiple physical LAN segments.
VLANs provide segmentation and organizational
flexibility.
You can design a VLAN structure that lets you group
stations that are segmented logically by functions,
project teams, and applications without regard to the
physical location of the users.
VLANS CONTINUED
Ports in a VLAN share broadcasts; ports in
different VLANs do not. Containing broadcasts
in a VLAN improves the overall performance of
the network.
A VLAN can exist on a single switch or span
multiple switches. VLANs can include stations in
a single building or multiple-building
infrastructures.

VLAN Definition

VLAN is defined as logical grouping of
network resources & Users connected to
predefined ports on a Switch, defined by An
Administrator.


VLANs are used to create smaller
broadcast domain within a switch.

A Single VLAN is treated as a separate
subnet or broadcast domain.

VLAN
VLANS SPANNING MULTIPLE
SWITCHES
Virtual LANs
VLANs help manage
broadcast domain
LAN switches and network
management software provide
a mechanism to create VLANs
A VLAN also lets you group
ports on a switch so that you
can limit unicast, multicast,
and broadcast traffic flooding.
Server Farm
VLAN 1
VLAN 2
VLAN 3
VLAN Benefits
Reduced administrative costs
Simplify moves, adds, and changes
Efficient bandwidth utilization
Better control of broadcasts
Improved network security
Separate VLAN group for high-security users
Relocate servers into secured locations
Scalability and performance
Micro segment with scalability
Distribute traffic load
Flexibility and Scalability
Layer 2 Switches only read Frames for filtering, which
causes it to forward all Broadcasts.
So, creating VLAN, means creating more Broadcast
Domains.
Assigning Switch ports or users to VLAN groups on a
switch, you have the option to add selected users in the
broadcast domain.
This stops Broadcast Storms caused by faulty
Network Interface Card (NIC) or applications.
VLAN can be kept on multiplying in order to efficiently
utilize the bandwidth.

In case of Inter-VLAN communication, restriction
are implemented on the router.

Restriction can also be placed on the Hardware
address.
Contd..
Static VLAN
This is the basic and most secure type for creating
VLAN.
Port assignment associated with a VLAN is
maintained until and unless modified by the
Administrator.
This type of VLAN configuration is easy to Setup
and Monitor.
VLAN RANGES
Normal VLANS (1 1005)
Extended VLANS ( 1006 4094)
VLAN 1 is the CISCO default
VLAN Identification
VLAN can span multiple connected
switches.
Switches must keep a track of Frames and
which VLAN, these Frame belong to.
Frame Tagging performs this function.
VLAN TRUNKING
VLAN identification modes

TO identify which frames belongs to which
VLAN, VLAN identification is required.
Two Types of trunking methods are used:-
1) ISL
2) 802.1q
Inter-Switch Link (ISL)
Proprietary to Cisco Switches
Used for Fast Ethernet and Gigabit Ethernet
links only
Inter-Switch Link (ISL) Protocol
ISL is an external tagging process, which
means the original frame is not altered but
encapsulated with a new 26 byte ISL header.
It also adds a second 4 byte FCS field at the
end of the frame.

Drawback
As the frame is encapsulated with
information, only ISL devices can read it.
It makes the frame heavy as it crosses the
actual allowable MTU size.
IEEE 802.1q
Created by IEEE as standard method for Frame
Tagging.
It inserts a field into Frame to identify the VLAN.
When trunking between Cisco Switches link and
different brand of Switch, it is mandatory to use
802.1q for the trunk to work.
IEEE 802.1q
In this method of tagging a 4 byte field is
added inside the frame itself for the
identification of the VLAN.
Types of Links in Switched
environment

Access Links :
Device attached to these links are unaware of
VLAN membership.
VLAN information from the frame are remove
before it is set to an access link device.
Access link devices are not capable of
communicating to device outside the VLAN
unless the packet is routed through a router.

Trunk Links
A trunk is a point-to-point link between one or more
Ethernet switch interfaces and another networking
device such as a router or a switch.
Ethernet trunks carry the traffic of multiple VLANs
over a single link and allow you to extend the VLANs
across an entire network.
Cisco supports IEEE 802.1Q for FastEthernet and
Gigabit Ethernet interfaces.

VLAN Configuration
Global Mode
Switch# configure terminal
Switch(config)# vlan 3
Switch(config-vlan)# name Vlan3
Switch(config-vlan)# exit
Switch(config)# end

VLAN Implementation Commands
Configuring VLANs
Switch (config) # vlan 101
Switch (config-vlan) # switchport mode access
Switch (config-vlan) # switchport access vlan 101
Verifying VLANs
Switch # show interfaces
Switch # show vlan brief
Configuring an Access VLAN
Switch(config)# vlan vlan_id
Create a VLAN.
Switch(config-vlan)# name vlan_name
Provide a VLAN name.
Switch(config-if)# switchport mode access
Place the switch port into access mode.
Switch(config-if)# switchport access vlan vlan_id
Associate the access switch port with a VLAN.
Virtual Trunking Protocol (VTP)

Allows Administrator to add, delete, and rename VLAN,
which are further propagated to all Switches
(automatically).
VLAN Trunking Protocol (VTP) is a Layer 2
messaging protocol that maintains VLAN configuration
consistency by managing the additions, deletions, and
name changes of VLANs across networks.
It is Cisco Propriety

Benefits of VTP
Consistent VLAN configuration across all switches
in the network.
Accurate tracking and Monitoring of VLANs.
Dynamic reporting of adding VLAN to all Switches.
Plug and Play VLAN adding.
VLAN administration and
configuration protocol
Reduces VLAN setup and
administration
Eliminates configuration errors
such as duplicate VLAN names
Decreases network managers
time adding and managing
VLANs

Virtual Trunk Protocol (VTP)
ATM
Fabric
VLAN 2
VLAN 1
ISL
LANE
ISL
LANE
LANE
802.1Q
VTP DOMAIN
VTP works in a Domain.
A VTP Domain is one switch or several
interconnected switches sharing the same
management domain.
By default, a Cisco Catalyst switch is in the no-
management-domain state until you configure a
management domain
Configurations made to a VTP server are
propagated across trunk links to all the
connected switches in the network.

VTP MODES
VTP operates in one of three modes:
1) Server
2) Client
3) Transparent

Server Mode
The default VTP mode is server mode.
Can create, modify, or delete VLANs and Propagates
to all the switches in the Domain.
A VTP server synchronizes its VLAN database file
with other VTP servers and clients.
Client Mode
Cannot Create, modify or delete VLANs.
Forwards VTP Advertisements.
A VTP client synchronizes its database with other
VTP servers and clients.

Transparent mode
Can Create, modify or delete VLANs.
When you change the VLAN configuration in
VTP transparent mode, the change affects only the
local switch and does not propagate to other
switches in the VTP domain.
It forwards VTP Advertisements that it gets
within the domain.
Does not synchronize its database

VTP OPERATION
VTP advertisements are flooded throughout the
management domain.
VTP advertisements are sent every 5 minutes or
whenever VLAN configurations change.
A configuration revision number is included in each
VTP advertisement.
A higher configuration revision number indicates that
the VLAN information being advertised is more
current than the stored information.
CONFIGURATION REVISION
NUMBER
One of the most critical components of VTP is the
configuration revision number.
Each time a VTP server modifies its VLAN
information, the VTP server increments the
configuration revision number by one.
VTP Server then sends the advertisement with the
new revision number.
If a higher revision number is found in the received
advertisement, it is overwritten with the current
VLAN configuration.

VTP Configuration Guidelines
The default VTP configuration parameters for the
2950 Switch are as follows:
VTP domain name: None
VTP mode: Server
VTP password: None
VTP pruning: Disabled
VTP CONFIGURATION COMMANDS
Use the vtp global configuration command to modify the VTP
configuration, domain name,
interface, and mode:

SwitchX# configure terminal
SwitchX(config)# vtp mode [ server | client | transparent ]
SwitchX(config)# vtp domain domain-name
SwitchX(config)# vtp password password
SwitchX(config)# end

Note: The domain name and password are case sensitive.

VLAN CONFIGURATION COMMANDS
Use the VLAN global configuration command to create
a VLAN and enter VLAN configuration mode:
SwitchX(config)# vlan 2
SwitchX(config-vlan)# name testvlan

Note: Use the no form of this command to delete the
VLAN.

VLAN PORT ASSIGNMENT
SwitchX(config)# interface range fastethernet 0/2 - 4
SwitchX(config-if)# switchport access vlan 2
SwitchX# show vlan

VLAN Name Status
Ports
---- -------------------------------- --------- -------------------
1 default active Fa0/1
2 testvlan active Fa0/2,
Fa0/3,
Fa0/4

Explaining Trunk Link Problems
Trunks can be configured statically or autonegotiated with DTP.
For trunking to be autonegotiated, the switches must be in the same VTP
domain.
Some trunk configuration combinations will successfully configure a trunk,
some will not.

Will any of the above combinations result in an operational trunk?
Resolving Trunk Link Problems
When using DTP, ensure that both ends of the link
are in the same VTP domain.
Ensure that the trunk encapsulation type
configured on both ends of the link is valid.
On links where trunking is not required, DTP
should be turned off.
Best practice is to configure trunk and nonegotiate
where trunks are required.
DTP
Trunk negotiation is managed by DTP
It is a point to point protocol.
To enable trunking to a device that does not support DTP, use
Switch (config - if) # switchport mode trunk
Switch (config - if) # swicthport nonegotiate
To cause interface to become a trunk but to not generate DTP frames.
Switch (config - if) # switchport mode {dynamic {auto |desirable} | trunk}
dynamic auto Set the interface to a trunk link if the neighboring interface is
set to trunk or desirable mode.
dynamic desirable Set the interface to a trunk link if the neighboring
interface is set to trunk, desirable, or auto mode.
Trunk Set the interface in permanent trunking mode and negotiate to
convert the link to a trunk link even if the neighboring interface is not a trunk
interface.
Routing Between VLANs
In a VLAN environment, frames are switched only
between ports within the same broadcast
domain.
VLANs perform network partitioning and traffic
separation at Layer 2.
Inter-VLAN communication cannot occur without a
Layer 3 device, such as a router.

ROUTER ON A STICK
CREATING SUB-INTERFACES
To support 802.1Q trunking, you must subdivide the physical
FastEthernet interface of the router into multiple, logical, addressable
interfaces, one per VLAN.
This address will be used as the gateway for the workstations in a that
VLAN.

Wireless LANs
Introducing WLANs
Wireless Data Technologies
Wireless Data Technologies (Cont.)
Wireless Data Technologies (Cont.)
PAN
(Personal Area
Network)
LAN
(Local Area Network)
WAN
(Wide Area Network)
MAN
(Metropolitan Area Network)
PAN LAN MAN WAN
Standards Bluetooth
IEEE 802.11a,
802.11b, 802.11g
802.16
MMDS, LMDS
GSM, GPRS,
CDMA, 2.53G
Speed <1 Mbps 154+ Mbps 22+ Mbps 10384 kbps
Range Short Medium Mediumlong Long
Applications
Peer to peer,
device to device
Enterprise
networks
Fixed, last-
mile access
PDAs, mobile
phones, cellular
access
Wireless LAN (WLAN)
A WLAN is a shared
network.
An access point is a shared
device and functions like a
shared Ethernet hub.
Data is transmitted
over radio waves.
Two-way radio
communications
(half-duplex) are used.
The same radio frequency
is used for sending and
receiving.
WLAN Evolution
Warehousing
Retail
Health care
Education
Businesses
Home
What Are WLANs?
They are:
Local
In building or campus for
mobile users
Radio or infrared
Not required to have RF
licenses in most countries
Using equipment owned by
customers
They are not:
WAN or MAN networks
Cellular phones networks
Packet data transmission via
celluar phone networks
Cellular digital packet
data (CDPD)
General packet radio
service (GPRS)
2.5G to 3G services
Similarities Between WLAN and
LAN
A WLAN is an 802 LAN.
Transmits data over the air vs. data over the wire
Looks like a wired network to the user
Defines physical and data link layer
Uses MAC addresses
The same protocols/applications run over both WLANs and
LANs.
IP (network layer)
IPSec VPNs (IP-based)
Web, FTP, SNMP (applications)
Differences Between WLAN and
LAN
WLANs use radio waves as the physical layer.
WLANs use CSMA/CA instead of CSMA/CD to access the
network.
Radio waves have problems that are not found on wires.
Connectivity issues.
Coverage problems
Multipath issues
Interference, noise
Privacy issues.
WLANs use mobile clients.
No physical connection.
Battery-powered.
WLANs must meet country-specific RF regulations.
Service Set Identifier (SSID)
SSID is used to logically separate
WLANs.
The SSID must match on client and
access point.
Access point broadcasts one SSID
in beacon.
Client can be configured without
SSID.
Client association steps:
1. Client sends probe request.
2. A point sends probe
response.
3. Client initiates association.
4. A point accepts association.
5. A point adds client MAC
address to association table.
WLAN Access Topology
Wireless Repeater Topology
Alternative Peer-to-Peer Topology
Service Sets and Modes
Ad hoc mode
Independent Basic Service Set (IBSS)
Mobile clients connect directly
without an intermediate access
point.

Infrastructure mode
Basic Service Set
Mobile clients use a single access
point for connecting to each other
or to wired network resources.

Extended Services Set
Two or more Basic Service Sets
are connected by a common
distribution system.
Roaming Through Wireless Cells
Roaming
Client Roaming
Roaming without interruption requires the same SSID on
all access points.
Maximum data
retry count
exceeded
Too many
beacons missed
Data rate shifted
Periodic intervals
Unlicensed Frequency Bands
ISM: Industry, scientific, and
medical frequency band
No license required
No exclusive use
Best effort
Interference possible
Unlicensed Frequency Bands
Radio Frequency Transmission
Radio frequencies are radiated into the air via an
antenna, creating radio waves.
Radio waves are absorbed when they are propagated
through objects (e.g., walls).
Radio waves are reflected by objects (e.g., metal
surfaces).
This absorption and reflection can cause areas of
low signal strength or low signal quality.
Higher data rates have a shorter transmission range.
The receiver needs more signal strength and
better SNR to retrieve information.
Higher transmit power results in greater distance.
Higher frequencies allow higher data rates.
Higher frequencies have a shorter transmission
range.
WLAN Regulation and
Standardization
Regulatory agencies
FCC (United States)
ETSI (Europe)
Standardization
IEEE 802.11
http://standards.ieee.org/getieee802/
Certfication of equipment
Wi-Fi Alliance certifies
interoperability between products
Certified products can be found at
http://www.wi-fi.org.
2005 Cisco Systems, Inc. All rights reserved.
802.11b
802.11b Standard
Standard was ratified in September 1999
Operates in the 2.4-GHz band
Specifies four data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
Defines basic security, encryption, and authentication for the
wireless link
Is the most commonly deployed WLAN standard
Channe
l
Identifi
er
Channel
Center
Frequency
Channel
Frequency
Range [MHz]
Regulatory Domain
America
s
Europe,
Middle East,
and Asia
Japan
1 2412 MHz 2401 2423 X X X
2 2417 MHz 2406 2428 X X X
3 2422 MHz 2411 2433 X X X
4 2427 MHz 2416 2438 X X X
5 2432 MHz 2421 2443 X X X
6 2437 MHz 2426 2448 X X X
7 2442 MHz 2431 2453 X X X
8 2447 MHz 2436 2458 X X X
9 2452 MHz 2441 2463 X X X
10 2457 MHz 2446 2468 X X X
11 2462 MHz 2451 2473 X X X
12 2467 MHz 2466 2478 X X
13 2472 MHz 2471 2483 X X
14 2484 MHz 2473 2495 X
2.4-GHz Channels
2.4-GHz Channel Use
Each channel is 22 MHz wide.
North America: 11 channels.
Europe: 13 channels.
There are three nonoverlapping channels: 1, 6, 11.
Using any other channels will cause interference.
Three access points can occupy the same area.
802.11b/g (2.4 GHz) Channel Reuse
802.11a
802.11a Standard
Standard was ratified September 1999
Operates in the 5-GHz band
Uses orthogonal frequency-division multiplexing (OFDM)
Uses eight data rates of up to 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
Has from 12 to 23 nonoverlapping channels (FCC)
Has up to 19 nonoverlapping channels (ETSI)
Regulations different across countries
Transmit (Tx) power control and dynamic frequency
selection required (802.11h)
802.11g
802.11 Standards
Comparison
802.11 Standards Comparison
802.11b 802.11g 802.11a
Ratified 1999 2003 1999
Frequency
band
2.4 GHz 2.4 GHz 5 GHz
No of channels 3 3 Up to 23
Transmission DSSS DSSS OFDM OFDM
Data rates
[Mbps]
1, 2, 5.5,
11
1, 2, 5.5,
11
6, 9, 12,
18, 24, 36,
48, 54
6, 9, 12, 18,
24, 36, 48,
54
Throughput
[Mbps]
Up to 6 Up to 22 Up to 28
Range Comparisons
WLAN Security
Why WLAN Security?
Wide availability and low cost
of IEEE 802.11 wireless
equipment
802.11 standard ease of use
and deployment
Availability of sniffers
Statistics on WLAN security
Media hype about
hot spots, WLAN hacking,
war driving
Nonoptimal implementation of
encryption in standard Wired
Equivalent Privacy (WEP)
encryption
Authentication vulnerability
WLAN Security Threats
Mitigating the Threats
Control and
Integrity
Privacy and
Confidentiality
Protection and
Availability
Authentication Encryption
Intrusion
Detection
System (IDS)
Ensure that
legitimate clients
associate with
trusted access
points.
Protect data as
it is transmitted
and received.
Track and
mitigate
unauthorized
access and
network attacks.
Evolution of WLAN Security
No strong
authentication
Static,
breakable keys
Not scalable
Initial
(1997)
Encryption
(WEP)
Interim
(2001)
802.1x EAP
Dynamic keys
Improved
encryption
User
authentication
802.1x EAP
(LEAP, PEAP)
RADIUS
Interim
(2003)
Wi-Fi Protected
Access (WPA)
Standardized
Improved
encryption
Strong, user
authentication
(e.g., LEAP,
PEAP, EAP-
FAST)
Present

Wireless IDS
IEEE 802.11i
WPA2 (2004)
Identification
and protection
against
attacks, DoS

AES strong
encryption
Authentication
Dynamic key
management
Wireless Client Association
Access points send out beacons
announcing SSID, data rates, and
other information.
Client scans all channels.
Client listens for beacons and
responses from access points.
Client associates to access point
with strongest signal.
Client will repeat scan if signal
becomes low to reassociate to
another access point (roaming).
During association SSID, MAC
address and security settings are
sent from the client to the access
point and checked by the access
point.
Access Point Homepage
Express Setup
Initial configuration of access point: hostname, IP address, SNMP

Day 5 - Switching and Wireless

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Day 5 - Switching and Wireless

Hochgeladen von

Copyright:

Verfügbare Formate

Understanding

Das könnte Ihnen auch gefallen