Nội dung

CHAPTER 2: WIRELESS LAN Page  1 2.1: Introducing WLANs Page  2 Wireless Data Technologies Page  3 Wireless Data Technologies (Cont.) WAN (Wide Area Network) MAN (Metropolitan Area Network) LAN (Local Area Network) PAN (Personal Area Network) PAN LAN MAN WAN Bluetooth IEEE 802.11a, 802.11b, 802.11g 802.16 MMDS, LMDS GSM, GPRS, CDMA, 2.5–3G Speed <1 Mbps 1–54+ Mbps 22+ Mbps 10–384 kbps Range Short Medium Medium–long Long Peer to peer, device to device Enterprise networks Fixed, lastmile access PDAs, mobile phones, cellular access Standards Applications Page  5 Wireless LAN (WLAN)  A WLAN is a shared network.  An access point is a shared device and functions like a shared Ethernet hub.  Data is transmitted over radio waves.  Two-way radio communications (half-duplex) are used.  The same radio frequency is used for sending and receiving (transceiver). Page  6 WLAN Evolution  Warehousing  Retail  Health care  Education  Businesses  Home Page  7 What Are WLANs? They are:  Local  In building or campus for mobile users  Radio or infrared  Not required to have RF licenses in most countries  Using equipment owned by customers They are not:  WAN or MAN networks  Cellular phones networks  Packet data transmission via celluar phone networks  Cellular digital packet data (CDPD)  General packet radio service (GPRS)  2.5G to 3G services Page  8 Similarities Between WLAN and LAN  A WLAN is an 802 LAN.     Transmits data over the air vs. data over the wire Looks like a wired network to the user Defines physical and data link layer Uses MAC addresses  The same protocols/applications run over both WLANs and LANs.  IP (network layer)  IPSec VPNs (IP-based)  Web, FTP, SNMP (applications) Page  9 Differences Between WLAN and LAN  WLANs use radio waves as the physical layer.  WLANs use CSMA/CA instead of CSMA/CD to access the network.  Radio waves have problems that are not found on wires.  Connectivity issues.  Coverage problems  Multipath issues  Interference, noise  Privacy issues.  WLANs use mobile clients.  No physical connection.  Battery-powered.  WLANs must meet country-specific RF regulations. Page  10 2.2: Describing WLAN Topologies Page  11 WLAN Topologies  Wireless client access  Mobile user connectivity  Wireless bridging  LAN-to-LAN connectivity  Wireless mesh networking  Combination of bridging and user connectivity Page  12 WLAN and LAN Page  13 Service Set Identifier (SSID)  SSID is used to logically separate WLANs.  The SSID must match on client and access point.  Access point broadcasts one SSID in beacon.  Client can be configured without SSID.  Client association steps: 1. 2. 3. 4. 5. Client sends probe request. A point sends probe response. Client initiates association. A point accepts association. A point adds client MAC address to association table. Page  14 Service Sets and Modes Ad hoc mode • Independent Basic Service Set (IBSS) – Mobile clients connect directly without an intermediate access point. Infrastructure mode • Basic Service Set – Mobile clients use a single access point for connecting to each other or to wired network resources. • Extended Services Set – Two or more Basic Service Sets are connected by a common distribution system. Page  15 Alternative Peer-to-Peer Topology Page  16 WLAN Access Topology Page  17 Roaming Through Wireless Cells Roaming Page  18 Client Roaming • Maximum data retry count exceeded • Too many beacons missed • Data rate shifted • Periodic intervals • Roaming without interruption requires the same SSID on all access points. Page  20 Wireless Repeater Topology Page  21 Workgroup Bridge Topology Page  22 Wireless VLAN Support  Multiple SSIDs  Multiple security types  Support for multiple VLANs from switches  802.1Q trunking protocol Page  23 Wireless VLAN Support (Cont.)  VLANs propagate across access points.  VLAN numbers are unique.  Access points handle up to 16 VLANs. Page  24 2.3:Explaining WLAN Technology and Standards Page  25 Unlicensed Frequency Bands • ISM: Industry, scientific, and medical frequency band • No exclusive use • No license required • Interference possible • Best effort Page  26 Radio Frequency Transmission  Radio frequencies are radiated into the air via an antenna, creating radio waves.  Radio waves are absorbed when they are propagated through objects (e.g., walls).  Radio waves are reflected by objects (e.g., metal surfaces).  This absorption and reflection can cause areas of low signal strength or low signal quality. Page  27 Radio Frequency Transmission  Higher data rates have a shorter transmission range.  The receiver needs more signal strength and better sign-to-noise ratio (SNR) to retrieve information.  Higher transmit power results in greater distance.  Higher frequencies allow higher data rates.  Higher frequencies have a shorter transmission range. Page  28 WLAN Regulation and Standardization Regulatory agencies  FCC (Federal Communication Commission) (United States)  ETSI (European Communications Standards Institute ) (Europe) Standardization  IEEE 802.11  http://standards.ieee.org/getieee802/ Certfication of equipment  Wi-Fi Alliance certifies interoperability between products.  Certifications include 802.11a, 802.11b, 802.11g, dual-band products, and security testing.  Certified products can be found at http://www.wi-fi.org. Page  29 802.11b © 2005 Cisco Systems, Inc. All rights reserved. Page  30 802.11b Standard  Standard was ratified in September 1999  Operates in the 2.4-GHz band  Specifies direct sequence spread spectrum (DSSS)  Specifies four data rates up to 11 Mbps  1, 2, 5.5, 11 Mbps  Provides specifications for vendor interoperability (over the air)  Defines basic security, encryption, and authentication for the wireless link  Is the most commonly deployed WLAN standard Page  31 2.4-GHz Channels Regulatory Domain Channel Identifier Channel Center Frequency Channel Frequency Range [MHz] Americas Europe, Middle East, and Asia Japan 1 2412 MHz 2401 – 2423 X X X 2 2417 MHz 2406 – 2428 X X X 3 2422 MHz 2411 – 2433 X X X 4 2427 MHz 2416 – 2438 X X X 5 2432 MHz 2421 – 2443 X X X 6 2437 MHz 2426 – 2448 X X X 7 2442 MHz 2431 – 2453 X X X 8 2447 MHz 2436 – 2458 X X X 9 2452 MHz 2441 – 2463 X X X 10 2457 MHz 2446 – 2468 X X X 11 2462 MHz 2451 – 2473 X X X 12 2467 MHz 2466 – 2478 X X 13 2472 MHz 2471 – 2483 X X 14 2484 MHz 2473 – 2495 Page  32 X 2.4-GHz Channel Use • Each channel is 22 MHz wide. • North America: 11 channels. • Europe: 13 channels. • There are three nonoverlapping channels: 1, 6, 11. • Using any other channels will cause interference. • Three access points can occupy the same area. Page  33 802.11b/g (2.4 GHz) Channel Reuse Page  34 802.11b Access Point Coverage Page  35 802.11a © 2005 Cisco Systems, Inc. All rights reserved. Page  36 802.11a Standard  Standard was ratified September 1999  Operates in the 5-GHz band  Uses orthogonal frequency-division multiplexing (OFDM)  Uses eight data rates of up to 54 Mbps  6, 9, 12, 18, 24, 36, 48, 54 Mbps  Has from 12 to 23 nonoverlapping channels (FCC)  Has up to 19 nonoverlapping channels (ETSI)  Regulations different across countries  Transmit (Tx) power control and dynamic frequency selection required (802.11h) Page  37 5-GHz Channels with 802.11h  802.11h implements TPC (Transmit Power Control) and DFS (Dynamic Frequency Selection).  With 802.11h in February 2004, the FCC added 11 channels.  23 channels in the United States (FCC)  19 channels in Europe (ETSI)  UNII-3 band currently not allowed in most of Europe UNII: Unlicensed National Information Infrastructure Page  38 802.11a Channel Reuse • 802.11h DFS not available • Manual channel assignment required • 802.11h DFS implemented • Channel assignment done by Dynamic Frequency Selection (DFS) • Only frequency bands can be selected Page  39 802.11g © 2005 Cisco Systems, Inc. All rights reserved. Page  40 802.11g Standard  Standard was ratified June 2003  Operates in the 2.4-GHz band as 802.11b  Same three nonoverlapping channels: 1, 6, 11  DSSS (CCK: Complementary Code Keying) and OFDM transmission  12 data rates of up to 54 Mbps  1, 2, 5.5, 11 Mbps (DSSS / 802.11b)  6, 9, 12, 18, 24, 36, 48, 54 Mbps (OFDM)  Full backward compatiblity to 802.11b standard Page  41 802.11g Protection Mechanism  Problem: 802.11b stations cannot decode 802.11g radio signals.  802.11b/g access point communicates with 802.11b clients with max. 11 Mbps.  802.11b/g access point communicates with 802.11g clients with max. 54 Mbps.  802.11b/g access point activates RTS/CTS to avoid collisions when 802.11b clients are present.  802.11b client learns from CTS frame the duration of the 802.11g transmission.  Reduced throughput is caused by additional overhead. Page  42 802.11 Standards Comparison © 2005 Cisco Systems, Inc. All rights reserved. Page  43 802.11 RF Comparison 802.11b – 2.4 GHz  Most commonly deployed WLAN standard 802.11g – 2.4 GHz 802.11a – 5 GHz  Higher throughput  Highest throughput  OFDM technology  OFDM technology Pro reduces multipath issues reduces multipath issues  Provides up to 23 nonoverlapping channels  Interference and noise Con from other services in the 2.4-GHz band  Only 3 nonoverlapping channels  Distance limited by multipath issues  Interference and noise from other services in the 2.4-GHz band  Only three nonoverlapping channels  Throughput degraded in the presence of 802.11b clients Page  44  Lower market penetration 802.11 Standards Comparison 802.11b 802.11g 802.11a Ratified 1999 2003 1999 Frequency band 2.4 GHz 2.4 GHz 5 GHz No of channels 3 3 Up to 23 Transmission DSSS DSSS OFDM OFDM Data rates [Mbps] 1, 2, 5.5, 11 1, 2, 5.5, 11 6, 9, 12, 18, 24, 36, 48, 54 6, 9, 12, 18, 24, 36, 48, 54 Throughput [Mbps] Up to 6 Up to 22 Page  45 Up to 28 Range Comparisons Page  46 2.4: WLAN Security © 2005 Cisco Systems, Inc. All rights reserved. Page  47 Why WLAN Security?  Wide availability and low cost of IEEE 802.11 wireless equipment  802.11 standard ease of use and deployment  Availability of sniffers  Statistics on WLAN security  Media hype about hot spots, WLAN hacking, war driving  Nonoptimal implementation of encryption in standard Wired Equivalent Privacy (WEP) encryption  Authentication vulnerability Page  48 WLAN Security Threats Page  49 Mitigating the Threats Privacy and Confidentiality Protection and Availability Authentication Encryption Intrusion Detection System (IDS) Ensure that legitimate clients associate with trusted access points. Protect data as it is transmitted and received. Track and mitigate unauthorized access and network attacks. Control and Integrity Page  50 Evolution of WLAN Security Initial (1997) Interim (2001) Interim (2003) Encryption (WEP) 802.1x EAP Wi-Fi Protected Access (WPA) • No strong authentication • Static, breakable keys • Not scalable • Dynamic keys • Standardized • Improved encryption • Improved encryption • User authentication • Strong, user authentication (e.g., LEAP, PEAP, EAPFAST) • 802.1x EAP (LEAP, PEAP) • RADIUS Present Wireless IDS • Identification and protection against attacks, DoS IEEE 802.11i WPA2 (2004) • AES strong encryption EAP: Extensible Authentication Protocol LEAP: Lightweight EAP PEAP: Protected EAP EAP-FAST: EAP-Fast • Authentication Page  51 • Dynamic key management Wireless Client Association  Access points send out beacons announcing SSID, data rates, and other information.  Client scans all channels.  Client listens for beacons and responses from access points.  Client associates to access point with strongest signal.  Client will repeat scan if signal becomes low to reassociate to another access point (roaming).  During association SSID, MAC address and security settings are sent from the client to the access point and checked by the access point. Page  52 WPA and WPA2 Authentication Page  53 WPA and WPA2 Encryption Page  54