You are on page 1of 68

Introducing Wide-Area

Networks

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-1

Outline
Overview
WAN Overview
WAN Connection Types
WAN Components
WAN Cabling
Layer 2 Encapsulation Protocols
Summary

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-2

WAN Overview

WANs connect remote sites.


Connection requirements vary depending on user
requirements, cost, and availability.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-3

WAN Overview
A WAN is a data communications network that operates
beyond the geographical scope of a LAN.
WANs use facilities provided by a service provider, or carrier,
such as a telephone or cable company. They connect the
locations of an organization to each other, to locations of
other organizations, to external services, and to remote
users. WANs generally carry a variety of traffic types, such as
voice, data, and video.
WAN connections are made up of many types of equipment
and components.
data communications equipment (DCE) terminates a
connection between two sites and provides clocking and
synchronization for that connection; it connects to data
termination equipment (DTE).
A DTE is an end-user device, such as a router or PC, which
connects to the WAN via the DCE.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-4

WAN Terms
Term
Customer premises
equipment (CPE)

Definition
Your network's equipment, which includes the DCE (modem, NT1,
CSU/ DSU) and your DTE (router, access server)

Demarcation point

Where the responsibility of the carrier is passed on to you; this


could be inside or outside your local facility; note that this is a
logical boundary, not necessarily a physical boundary

Local loop

The connection from the carrier's switching equipment to the


demarcation point

Central office (CO) switch

The carrier's switch within the toll network

Toll network

The carrier's internal infrastructure for transporting your data

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-5

WAN Terms
Customer premises equipment (CPE)
Customer premises equipment (CPE) is equipment that's
owned by the subscriber and located on the subscribers
premises.
Demarcation point
The demarcation point is the precise spot where the service
providers responsibility ends and the CPE begins. Its
generally a device in a telecommunications closet owned and
installed by the telecommunications company (telco). Its
your responsibility to cable (extended demarc) from this box
to the CPE, which is usually a connection to a CSU/DSU or
ISDN interface.
Local loop
The local loop connects the demarc to the closest switching
office, which is called a central office.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-6

WAN Terms
Central office (CO)
This point connects the customers network to the
providers switching network.
Toll network
The toll network is a trunk line inside a WAN
providers network. This network is a collection of
switches and facilities owned by the ISP. Definitely
familiarize yourself with these terms because theyre
crucial to understanding WAN technologies.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-7

WAN Terms + Encapsulation method

wide-area networking can be broken into three cate


Leased line
Circuit switched
Packet switched
Encapsulation methods
PPP
HDLC
Frame-relay

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-8

WAN Terms
Leased-Line Connections
In lease line, you get your very own piece of wire from your location
to the service provider's network. This is good because no other
customer can affect your line, as can be the case with other WAN services.
You have a lot of control over this circuit to do things such as
Quality of Service and other traffic management.
The downside is that a leased line is expensive and gets a
lot more expensive if you need to connect offices that are far apart.
These are usually referred to as a point-to-point or dedicated connection.
A leased line is a pre-established WAN communications path that goes
from the CPE through the DCE switch, then over to the CPE of the remote site.
The distance between the two sites is small,
making them cost-effective.
You have a constant amount of
traffic between two sites and need to
guarantee bandwidth for certain applications
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-9

WAN Terms
Circuit-Switched Connections
A circuit-switched WAN uses the phone company as the
service provider, either with analog dial-up or digital ISDN
connections. With circuit-switching, if you need to connect
to the remote LAN, a call is dialed and a circuit is
established; the data is sent across the circuit, and the
circuit is taken down when it is no longer needed. Circuitswitched connections include the following types:
Asynchronous serial connections
These include analog modem dialup connections and the
standard telephone system, which is commonly referred to
as Plain Old Telephone Service (POTS) by the telephone
carriers.
Synchronous serial connections
These include digital ISDN BRI and PRI dialup
connections; they provide guaranteed bandwidth.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-10

WAN Terms
Packet-Switched Connections
Packet-switched WAN services allow you to connect to the provider's network
in much the same way as a PC connects to a hub: When connected, your traffic
is affected by other customers' and theirs by you. This can be an issue
sometimes,
but it can be managed. The advantage of this shared-bandwidth technology is
that with a single physical connection from your router's serial port, you can
establish virtual connections to many other locations around the world.
Packet-switched connections use logical circuits to make connections between
two sites. These logical circuits are referred to as virtual circuits (VCs).
So if you have a lot of branch offices and they are far away from the head
office, a packet-switched solution is a good idea.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-11

WAN Terms
X.25
The oldest of these four technologies is X.25, which is an ITU-T standard. X.25
is a network layer protocol that runs across both synchronous and
asynchronous physical circuits, providing a lot of flexibility for your connection
options.
X.25 was actually developed to run across unreliable medium. It provides error
detection and correction, as well as flow control, at both the data link layer (by
LAPB) and the network layer (by X.25). In this sense, it performs a function
similar to what TCP, at the transport layer, provides for IP.
Because of its overhead, X.25 is best delegated to asynchronous, unreliable
connections. If you have a synchronous digital connection, another protocol,
such as Frame Relay or ATM, is much more efficient.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-12

WAN Terms
Frame Relay
Frame Relay is a digital packet-switched service that can run
only across synchronous digital connections at the data link
layer.
Because it uses digital connections (which have very few
errors), it does not perform any error correction or flow control
as X.25 does.
Frame Relay will, however, detect errors and drops bad
frames. It is up to a higher layer protocol, such as TCP, to
resend the dropped information.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-13

WAN Connection Types: Layer 1

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-14

Interfacing Between
WAN Service Providers

Provider assigns connection parameters


to subscriber
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-15

Serial Point-to-Point Connections

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-16

Typical WAN Encapsulation Protocols:


Layer 2

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-17

Wireless Data Technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-18

Wireless Data Technologies (Cont.)


WAN

(Wide Area Network)

MAN

(Metropolitan Area Network)

LAN

(Local Area Network)

PAN

(Personal Area
Network)

PAN

LAN

MAN

WAN

Bluetooth

IEEE 802.11a,
802.11b, 802.11g

802.16
MMDS, LMDS

GSM, GPRS,
CDMA, 2.53G

Speed

<1 Mbps

154+ Mbps

22+ Mbps

10384 kbps

Range

Short

Medium

Mediumlong

Long

Peer to peer,
device to device

Enterprise
networks

Fixed, lastmile access

PDAs, mobile
phones, cellular
access

Standards

Applications

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-19

Wireless LAN (WLAN)


A WLAN is a shared
network.
An access point is a
shared device and
functions like a shared
Ethernet hub.
Data is transmitted
over radio waves.
Two-way radio
communications
(half-duplex) are used.
The same radio
frequency is used for
sending and receiving
(transceiver).
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-20

WLAN Evolution
Warehousing
Retail
Health care
Education
Businesses
Home

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-21

Unlicensed Frequency Bands

ISM: Industry, scientific, and


medical frequency band

No exclusive use

No license required

Interference possible

2006 Cisco Systems, Inc. All rights reserved.

Best effort

ICND v2.35-22

Radio Frequency Transmission


Radio frequencies are radiated into the air via an antenna,
creating radio waves.
Radio waves are absorbed when they are propagated
through objects (e.g., walls).
Radio waves are reflected by objects (e.g., metal surfaces).
This absorption and reflection can cause areas of low signal
strength or low signal quality.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-23

Radio Frequency Transmission


Higher data rates have a shorter transmission range.
The receiver needs more signal strength and better SNR
to retrieve information.
Higher transmit power results in greater distance.
Higher frequencies allow higher data rates.
Higher frequencies have a shorter transmission range.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-24

WLAN Regulation and Standardization


Regulatory agencies
FCC (United States)
ETSI (Europe)

Standardization
IEEE 802.11
http://standards.ieee.org/getieee802/

Certfication of equipment
Wi-Fi Alliance certifies
interoperability between products.
Certifications include 802.11a,
802.11b, 802.11g, dual-band
products, and security testing.
Certified products can be found at
http://www.wi-fi.org.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-25

802.11b

2006 Cisco Systems, Inc. All rightsreserved.


2005 Cisco Systems, Inc. All rights reserved.

ICND v2.35-26

802.11b Standard
Standard was ratified in September 1999
Operates in the 2.4-GHz band
Specifies direct sequence spread spectrum (DSSS)
Specifies four data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
Provides specifications for vendor interoperability (over
the air)
Defines basic security, encryption, and authentication for the
wireless link
Is the most commonly deployed WLAN standard

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-27

2.4-GHz Channels
Regulatory Domain

Channel
Identifier

Channel
Center
Frequency

Channel
Frequency Range
[MHz]

Americas

Europe, Middle
East, and Asia

Japan

2412 MHz

2401 2423

2417 MHz

2406 2428

2422 MHz

2411 2433

2427 MHz

2416 2438

2432 MHz

2421 2443

2437 MHz

2426 2448

2442 MHz

2431 2453

2447 MHz

2436 2458

2452 MHz

2441 2463

10

2457 MHz

2446 2468

11

2462 MHz

2451 2473

12

2467 MHz

2466 2478

13

2472 MHz

2471 2483

14

2484 MHz

2473 2495

2006 Cisco Systems, Inc. All rights reserved.

X
ICND v2.35-28

2.4-GHz Channel Use

Each channel is 22 MHz wide.


North America: 11 channels.
Europe: 13 channels.
There are three nonoverlapping channels: 1, 6, 11.
Using any other channels will cause interference.
Three access points can occupy the same area.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-29

802.11b Access Point Coverage

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-30

802.11a

2006 Cisco Systems, Inc. All rightsreserved.


2005 Cisco Systems, Inc. All rights reserved.

ICND v2.35-31

802.11a Standard
Standard was ratified September 1999
Operates in the 5-GHz band
Uses orthogonal frequency-division multiplexing (OFDM)
Uses eight data rates of up to 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
Has from 12 to 23 nonoverlapping channels (FCC)
Has up to 19 nonoverlapping channels (ETSI)
Regulations different across countries
Transmit (Tx) power control and dynamic frequency
selection required (802.11h)

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-32

802.11g

2006 Cisco Systems, Inc. All rightsreserved.


2005 Cisco Systems, Inc. All rights reserved.

ICND v2.35-33

802.11g Protection Mechanism


Problem: 802.11b stations cannot
decode 802.11g radio signals.
802.11b/g access point communicates
with 802.11b clients with max. 11
Mbps.
802.11b/g access point communicates
with 802.11g clients with max. 54
Mbps.
802.11b/g access point activates
RTS/CTS to avoid collisions when
802.11b clients are present.
802.11b client learns from CTS frame
the duration of the 802.11g
transmission.
Reduced throughput is caused by
additional overhead.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-34

802.11 Standards
Comparison

2006 Cisco Systems, Inc. All rightsreserved.


2005 Cisco Systems, Inc. All rights reserved.

ICND v2.35-35

802.11 Standards Comparison


802.11b

802.11g

802.11a

Ratified

1999

2003

1999

Frequency band

2.4 GHz

2.4 GHz

5 GHz

No of channels

Up to 23

Transmission

DSSS

Data rates [Mbps]


Throughput
[Mbps]

2006 Cisco Systems, Inc. All rights reserved.

DSSS

OFDM

1, 2, 5.5, 11 1, 2, 5.5, 11
Up to 6

OFDM

6, 9, 12, 18, 24, 6, 9, 12, 18, 24,


36, 48, 54
36, 48, 54

Up to 22

Up to 28

ICND v2.35-36

Range Comparisons

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-37

Ratified IEEE 802.11 Standards


802.11: WLAN 1 and 2 Mbps at 2.4 GHz
802.11a: WLAN 54-Mbps at 5 GHz
802.11b: WLAN 11-Mbps at 2.4 GHz
802.11d: Multiple regulatory domains
802.11e: Quality of service
802.11f: Inter-Access Point Protocol (IAPP)
802.11g: WLAN 54-Mbps at 2.4 GHz
802.11h: Dynamic Frequency Selection (DFS)
Transmit Power Control (TPC) at 5 GHz
802.11i: Security
802.11j: 5-GHz channels for Japan
http://standards.ieee.org/getieee802/
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-38

Worldwide Availability

http://www.cisco.com/go/aironet/compliance

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-39

General Office WLAN Design


Eight 802.11g access
points deployed
7 users per access point
with no conference
rooms provides 3.8 Mbps
throughput per user

54 Cubes4 Conference Rooms


Conference
Room

Conference
Room

7 users + 1 conference
room (10 users) = 17 total
users, provides 1.5 Mbps
throughput per user

120
Feet

Conference
Room

Reception

Conference
Room

95 Feet

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-40

WLAN Security

2006 Cisco Systems, Inc. All rightsreserved.


2005 Cisco Systems, Inc. All rights reserved.

ICND v2.35-41

WLAN Security Threats

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-42

Threats control machanism

Control and Integrity

Privacy and
Confidentiality

Protection and
Availability

Authentication

Encryption

Intrusion Detection
System (IDS)

Ensure that legitimate


clients associate with
trusted access points.

Protect data as it
is transmitted and
received.

Track and mitigate


unauthorized
access and
network attacks.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-43

Threats control machanism

Control and Integrity

Privacy and
Confidentiality

Protection and
Availability

Authentication

Encryption

Intrusion Detection
System (IDS)

Ensure that legitimate


clients associate with
trusted access points.

Protect data as it
is transmitted and
received.

Track and mitigate


unauthorized
access and
network attacks.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-44

Evolution of WLAN Security


Initial
(1997)

Interim
(2001)

Interim
(2003)

Encryption
(WEP)

802.1x EAP

Wi-Fi Protected
Access (WPA)

No strong
authentication
Static,
breakable keys
Not scalable

Dynamic keys

Standardized

Improved
encryption

Improved
encryption

User
authentication

Strong, user
authentication
(e.g., LEAP,
PEAP, EAPFAST)

802.1x EAP
(LEAP, PEAP)
RADIUS

Present
Wireless IDS
Identification
and protection
against attacks,
DoS

IEEE 802.11i
WPA2 (2004)
AES strong
encryption
Authentication
Dynamic key
management

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-45

Wireless Client Association


Access points send out beacons
announcing SSID, data rates, and other
information.
Client scans all channels.
Client listens for beacons and responses
from access points.
Client associates to access point with
strongest signal.
Client will repeat scan if signal becomes
low to reassociate to
another access point (roaming).
During association SSID, MAC
address and security settings are
sent from the client to the access point
and checked by the access point.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-46

WPA and WPA2 Authentication

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-47

WPA and WPA2 Encryption

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-48

WLAN Security Summary

WPA Passphrase
WEP Encryption

2006 Cisco Systems, Inc. All rights reserved.

802.1x EAP
Mutual Authentication
TKIP Encryption
WPA / WPA2
802.11i Security

ICND v2.35-49

Summary
The 2.4-GHz and 5-GHz frequency bands are used by WLAN
802.11 standards.
The throughput per user depends on the data rate and the
number of users per wireless cell.
802.11b has data rates of up to 11 Mbps at 2.4 GHz.
802.11a has data rates of up to 54 Mbps at 5 GHz.
802.11g has data rates of up to 54 Mbps at 2.4 GHz.
802.11a has a shorter range than 802.11g.
For maximum efficiency, limit the number of users per cell.
Different WLAN security types with authentication and
encryption satisfy the security requirements of enterprise
and home users.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-50

WLAN Components
Autonomous
Solution

Wireless clients

Lightweight
Solution

Autonomous
access points

Access points

Lightweight
access points

Wireless Domain
Services (WDS)

Control

WLAN controller

WLAN Solution
Engine (WLSE)

WLAN management

Cisco Wireless
Control System
(WCS)

PoE switches,
routers

Network infrastructure

PoE switches,
routers

DHCP, DNS, AAA

Network services

DHCP, DNS, AAA

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-51

Cisco Unified Wireless Network


Unified Advanced Services
Unified cellular and Wi-Fi VoIP. Advanced threat
detection, identity networking, location-based
security, asset tracking, and guest access.

World-Class Network Management


Same level of security, scalability, reliability, ease
of deployment, and management for wireless
LANs as wired LANs.

Network Unification
Integration into all major switching and routing
platforms. Secure, innovative WLAN
controllers.

Mobility Platform
Ubiquitous network access in all environments.
Plug and play.

Client Devices
90% of Wi-Fi silicon is Cisco Compatible
certified. Advance services support.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-52

Cisco Unified Wireless Network (Cont.)


Cisco
Self-Defending
Network

Unified Advanced Services


Unified, built-in support of leading-edge
applications, not an afterthought. Cisco Wireless
Location Appliance, Cisco WCS, SDN, NAC, Wi-Fi
phones, and RF
firewalls.

World-Class Network Management


World Class NMS that visualizes and helps secure
your air space. Cisco Wireless Control System
(WCS).

Network Unification
Seamless network infrastructure across a range
of platforms. Cisco 4400 and 2000 Wireless LAN
Controllers. Future Cisco Catalyst 6500, Series
WiSM, ISR, and 3750
integration.

Mobility Platform
Access points dynamically configured and
managed through LWAPP. Cisco Aironet Access
Points: 1500, 1300, 1240AG, 1230AG, 1130AG, and
1000. Bridges: 1400
and 1300.

Client Devices
Secure clients that work out of the box. Cisco
Compatible client devices & Cisco Aironet clients.
2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-53

Connectorized 5-GHz Antennas

Cisco 5-GHz
Rubber Antenna
(Flat with Blue Dot)

Cisco 2.4-GHz
Rubber Antenna
(Round, No Dot)

5-GHz (802.11a) antennas


have blue ID markers.
Dual-band (2.4-GHz and 5-GHz)
antennas have yellow dots.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-54

Cisco Access Point/Bridge Antennas


Frequency

Antenna

Horizontal
Beamwidth

Vertical
Beamwidth

2.4 GHz

2.2-dBi dipole

360o

65o

2.4 GHz

5.2-dBi omni

360o

38o

2.4 GHz

6-dBi diversity patch

80o

55o

2.4 GHz

9-dBi patch

60o

60o

2.4 GHz

10-dBi Yagi

47o

55o

2.4 GHz

13.5-dBi Yagi

30o

25o

2.4 GHz

21-dBi dish

12.5o

12.5o

5 GHz

3.5-dBi dipole

360o

40o

5 GHz

6-dBi omni

360o

17o

5 GHz

7-dBi patch

70o

50o

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-55

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-56

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-57

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-58

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-59

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-60

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-61

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-62

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-63

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-64

WAN technologies

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-65

WAN technologies
ATM

ATM is also a packet-switched technology that uses digital circuits. Unlike


Frame Relay and X.25, however, this service uses fixed-length (53 byte)
packets, called cells, to transmit information. Therefore, this service is
commonly called a cell-switched service. It has an advantage over Frame
Relay in that it can provide guaranteed throughput and minimal delay for a
multitude of services, includingvoice, video, and data. However, it does cost
more than Frame Relay services. ATM (sort of an enhanced Frame Relay) can
offer a connection guaranteed bandwidth, limited delay, limited number of
errors, Quality of Service (QoS), and more. Frame Relay can provide some
minimal guarantees to connections, but not to the degree of precision that ATM
can. Whereas Frame Relay is limited to 45 Mbps connections, ATM can scale
to very high speeds: OC-192 (SONET), for instance, affords about 10 Gbps of
bandwidth

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-66

Summary
A WAN makes data connections across a broad geographic
area so that information can be exchanged between distant
sites.
WAN connection types include leased line, circuit-switched,
and packet-switched.
WAN components that the provider assigns to your
organization include CPE, demarcation, local loop, CO
switch, and toll network.
Cisco routers support the EIA/TIA-232, EIA/TIA-449, V.35,
X.21, and EIA/TIA-530 standards for serial connections.
To encapsulate data for crossing a WAN link, a variety of
Layer 2 protocols can be used, including HDLC, PPP, SLIP,
X.25/LAPB, Frame Relay, and ATM.

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-67

2006 Cisco Systems, Inc. All rights reserved.

ICND v2.35-68