Wireless Network Blog

Wireless Network Logical Architecture

2011-01-02T19:27:00.000-08:00

The logical architecture of a network refers to the structure of standards and protocols that enable connections to be established between physical devices, or nodes, and which control the routing and flow of data between these nodes.

Since logical connections operate over physical links, the logical and physical architectures rely on each other, but the two also have a high degree of independence, as the physical configuration of a network can be changed without changing its logical architecture, and the same physical network can in many cases support different sets of standards and protocols.

The logical architecture of wireless networks will be described in this chapter with reference to the OSI model.

The OSI Network Model

The Open Systems Interconnect (OSI) model was developed by the International Standards Organisation (ISO) to provide a guideline for the development of standards for interconnecting computing devices. The OSI model is a framework for developing these standards rather than a standard itself — the task of networking is too complex to be handled by a single standard.

The OSI model breaks down device to device connection, or more correctly application to application connection, into seven so-called “layers” of logically related tasks (see Table 2-1). An example will show

how these layers combine to achieve a task such as sending and receiving an e-mail between two computers on separate local area networks (LANs) that are connected via the Internet.

The process starts with the sender typing a message into a PC e-mail application (Figure 2-1). When the user selects “Send”, the operating system combines the message with a set of Application layer (Layer 7) instructions that will eventually be read and actioned by the corresponding operating system and application on the receiving computer.

The message plus Layer 7 instructions is then passed to the part of sender’s operating system that deals with Layer 6 presentation tasks. These include the translation of data between application layer formats as well as some types of security such as Secure Socket Layer (SSL) encryption. This process continues down through the successive software layers, with the message gathering additional instructions or control elements at each level.

By Layer 3 — the Network layer — the message will be broken down into a sequence of data packets, each carrying a source and destination

Wireless Network Physical Architecture

Wired Network Topologies — A Refresher

The topology of a wired network refers to the physical configuration of links between networked devices or nodes, where each node may be a computer, an end-user device such as a printer or scanner, or some other piece of network hardware such as a hub, switch or router.

The building block from which different topologies are constructed is the simple point-to-point wired link between two nodes, shown in Figure 3-1. Repeating this element results in the two simplest topologies for wired networks — bus and ring.

For the ring topology, there are two possible variants depending on whether the inter-node links are simplex (one-way) or duplex (two-way). In the simplex case, each inter-node link has a transmitter at one end and a receiver at the other, and messages circulate in one direction around the ring, while in the duplex case each link has both transmitter and receiver (a so-called transceiver) at each end, and messages can circulate in either
direction.

Bus and ring topologies are susceptible to single-point failures, where a single broken link can isolate sections of a bus network or halt all traffic in the case of a ring.

The step that opens up new possibilities is the introduction of specialised network hardware nodes designed to control the flow of data between

other networked devices. The simplest of these is the passive hub, which is the central connection point for LAN cabling in star and tree topologies, as shown in Figure 3-2. An active hub, also known as a repeater, is a variety of passive hub that also amplifies the data signal to improve signal strength over long network connections.

For some PAN technologies, such as USB, star and tree topologies can be built without the need for specialised hardware,

because of the daisy-chaining capability of individual devices (see Figure 2-11).

An active or passive hub in a star topology LAN transmits every received data packet to every connected device. Each device checks every packet and decodes those identified by the device’s MAC address. The disadvantage of this arrangement is that the bandwidth of the network is shared among all devices, as shown in Figure 3-3. For example, if two PCs are connected through a 10 Mbps passive hub, each will have on average 5 Mbps of bandwidth available to it.

If the first PC is transmitting data, the hub relays the data packets on to all other devices in the network. Any other device on the network will have to wait its turn to transmit data.

A switching hub (or simply a switch) overcomes this bandwidth sharing limitation by only transmitting a data packet to the device to which it is addressed. Compared to a non-switching hub, this requires increased memory and processing capability, but results in a significant improvement in network capacity.

The first PC (Figure 3-4) is transmitting data stream A to the printer and the switch directs these data packets only to the addressed device. At the same time, the scanner is sending data stream B to the second PC.

The switch is able to process both data stream concurrently, so that the full network bandwidth is available to every device.

Troubleshooting Wireless Network

2010-10-27T22:15:00.000-07:00

Physical Connections and LEDs

Trouble usually happens between Layer 1 and Layer 3 of the OSI reference model. That is not to say that trouble does not occur at Layers 4 through 7, but Layers 1 through 3 are the layers where network administrators have the most hands on. Working your way up can often prove to be a time saver. Starting at Layer 1, physical connectivity can often save valuable time. You can begin by visually examining the physical connections. Keep in mind all that is involved in the path of your traffic. This can include areas related to the following:

AP to switcch
Switch to switch
Switch to controller
Controller to distribution

While you are examining the physical connectivity, note the port LED status of each device. What do the LEDs indicate? Are they green? Are they amber? Are they red? Each device has different LEDs; for example, the LEDs on a controller are different from the LEDs on an AP, yet they all have somewhat of a common color coding. Usually red is bad, amber is not so good, and green is okay. Look up the Cisco documentation for details for each product that you work with. The “References” section at the end of this chapter in- cludes some valuable links that can help you determine issues in the network and correct them, some using the port LEDs for verification.

After you have verified the physical connections, you can work in one of two directions:

Verification from the client back to the controller

Verification from the controller to the client

In either case, common issues arise. You might find that connectivity issues are not related to the wireless network at all, but rather the distribution network, gateway, or Internet service provider (ISP). Regardless, the ability to isolate problems is a requirement of those seeking the CCNA Wireless certification. The next section explores some common client- side issues.

Common Client-Side Issues

Client-side issues arise frequently and are often expressed in vague ways, for example, “I cannot get to the Internet.” “Okay,” you might think, “What does that mean?” The answer might not always be clear, but you can verify some values to quickly restore connectivity for end users.

Some of the more common issues that you can verify include the following:

Check that the client card is enabled. Many laptops have a hardware switch that dis- ables the wireless card internally, which can cause issues.

Check that service set identifiers (SSIDs) are not incorrectly configured.

Verify whether the client is using a radio that is not enabled on the AP.

Verify whether the MAC address of the client is being “blacklisted” on the network.

If using 802.1x, verify whether the client side is configured to support the network method, such as Extensible Authentication Protocol-Transport Layer Security (EAP- TLS) with certificates.

Verify whether the client is getting an IP address that is blocked by an access control list (ACL) somewhere else in the network.

Check the client firewall or antivirus software, because it might be blocking access. There might not be much you can do other than asking the client to turn each of these off temporarily for testing.

If performing Network Access Control (NAC), check whether the client is posturing properly. Check the Authentication, Authorization, and Accounting (AAA) server or the Monitoring, Analysis, and Response System (MARS) logs to determine this. From a wireless perspective, there is not much you can do except have the users access a “Guest” type of network that does not require security posturing.

If you are using preshared keys for wireless authentication, verify that they are cor- rectly configured on the client side. Also, verify that they are configured for the cor- rect length.

Authentication and Encryption

2010-06-09T07:42:00.000-07:00

Now that you understand some of the methods used to authenticate users, it’s time to ex- plore some encryption methods. The beginning of this chapter discussed WEP. The prob- lem with WEP is that it can be broken easily. Therefore, other methods have been established in an effort to provide more strength in encryption. In the following sections, you will learn about Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2).

WPA Overview

WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP. WPA uses Temporal Key Integrity Protocol (TKIP) to automatically change the keys. TKIP still uses RC4; it just improves how it’s done. This is a major improvement over static WEP. WPA can optionally support Advanced Encryption Standard (AES), but it’s not mandatory. WPA is based on 802.11i draft version 3. WEP uses RC4 encryption, which is very weak. The better alternative was to use AES encryption, but that would have required an equip- ment upgrade. To avoid an equipment upgrade, WPA was developed to use TKIP and a larger IV than WEP. This would make it more difficult to guess the keys while not requir- ing new hardware. Instead, you could simply perform a firmware upgrade in most cases.

WPA offers two authentication modes:

Enterprise mode: Enterprise mode WPA requires an authentication server. RADIUS is used for authentication and key distribution, and TKIP is used with the option of AES available as well.

Personal mode: Personal mode WPA uses preshared keys, making it the weaker op- tion, but the one that is most likely to be seen in a home environment.

Figure 17-15 shows the process of WPA authentication.

At the beginning of negotiations, the client and AP must agree on security capabilities. After the two agree on the same level of security, the 802.1x process starts. This is the standard 802.1x process, as outlined previously. After successful 802.1x authentication, the authentication server derives a master key and sends it to the AP. The same key is de- rived from the client. Now the client and the AP have the same Pairwise Master Key (PMK) , which will last for the duration of the session.

Next, a four-way handshake occurs (see Figure 17-16), in which the client and authentica- tor communicate and a new key called a Pairwise Transient Key (PTK) is derived. This key confirms the PMK between the two, establishes a temporal key to be used for message encryption, authenticates the negotiated parameters, and creates keying material for the next phase, called the two-way group key handshake.

When the two-way group key handshake occurs, the client and authenticator negotiate the Group Transient Key (GTK), which is used to decrypt broadcast and multicast trans- missions.

In Figure 17-16, you can see that the AP first generates a random number and sends it to the client. The client then uses a common passphrase along with this random number to derive a key that is used to encrypt data to the AP. The client then sends its own random number to the AP, along with a Message Integrity Code (MIC), which is used to ensure that the data is not tampered with. The AP generates a key used to encrypt unicast traffic to the client. To validate, the AP sends the random number again, encrypted using the de- rived key. A final message is sent, indicating that the temporal key (TK) is in place on both sides.

The two-way handshake that exchanges the group key involves the generation of a Group Master Key (GMK) , usually by way of a random number. After the AP generates the GMK, it generates a group random number. This is used to generate a Group Temporal Key (GTK) . The GTK provides a group key and a MIC. This key changes when it times out or when a client leaves the network.

Threats to Wireless Networks

2010-05-06T05:12:00.000-07:00

Throughout this book, you have learned about the many threats to wireless networks. If you really wanted to simplify the threats, you could think of it like this: You want legiti- mate clients to connect to legitimate APs and access corporate resources. Some attacks are formed from the perspective of an AP trying to gain information from clients. Other attacks are from the perspective of getting illegitimate clients onto the network to use corporate resources at no charge or to actually steal data or cause harm to the network.

These threats include the following:

Ad hoc networks
Rogue APs
Client misassociation
Wireless attacks

Ad Hoc Networks

An ad hoc network is a wireless network formed between two clients. The security risk in- volves bypassing corporate security policies. An attacker could form an ad hoc network with a trusted client, steal information, and even use it as a means of attacking the corpo- rate network by bridging to the secure wired LAN.

Rogue APs

A rogue AP is not part of the corporate infrastructure. It could be an AP that’s been brought in from home or an AP that’s in a neighboring network. A rogue AP is not always bad. It could be an AP that’s part of the corporate domain yet still operating in au- tonomous mode. Part of an administrator’s job is determining if the AP is supposed to be there. Fortunately, you don’t have to do all the work yourself. A few functions of the AP’s software can detect rogue APs and even indicate if they are on your network.

Something to consider when looking for rogue APs is what happens to clients that can connect to those rogue APs. If a client connects to a rogue AP, it should be considered a rogue client. The reason is that rogue APs typically are installed with default configura- tions, meaning that any client that connects bypasses any corporate security policy. So you do not know if the client is a corporate user or an attacker.

Client Misassociation

When a client connects to an AP, operating system utilities normally allow the client to save the SSID. In the future, when that SSID is seen again, the client can create a connec- tion automatically. There is a possibility that clients will be unaware of the connection. If the SSID is being spoofed, the client could connect to a potentially unsafe network. Con- sider the following scenario. An attacker learns the SSID of your corporate network. Us- ing this information, he sends beacons advertising your SSID. A wireless station in the range of the rogue AP connects to the AP. The AP allows connectivity to the Internet but is not actually on your corporate wired network. Using tools that are easily available on the Internet, another client connected to the same rogue AP attacks the misassociated client and steals valuable corporate data.

This scenario employs multiple attack methods. It uses a method known as management frame spoofing as well as an active attack against a misassociated client. So how can this be prevented? The answer begins with a function called Management Frame Protection.

Management Frame Protection

One method of Management Frame Protection (MFP) is Infrastructure MFP. With this method, each management frame includes a cryptographic hash called a Message In- tegrity Check (MIC). The MIC is added to each frame before the Frame Check Sequence (FCS). When this is enabled, each WLAN has a unique key sent to each radio on the AP. Then, the AP sends management frames, and the network knows that this AP is in protec- tion mode. If the frame were altered, or if someone spoofs the SSID of the WLAN and doesn’t have the unique key, it invalidates the message. This causes other APs that hear the invalid frames to report them to the controller.

The other method of MFP is called Client MFP. If the client is running Cisco Compatible Extensions (CCX) 5 or better, it can talk to the AP and find out what the MIC is. Then it can verify management frames it hears in addition to the APs that provide this function. The major benefit of this mode is the extension of detection. In Figure 17-1, the APs are in the middle of the network, and clients are on the outside. The clients can detect the AP called BAD_AP that is generating invalid frames, even though BAD_AP is out of the range of the APs that are in protection mode.

With MFP version 1, all local mode APs are protectors. They digitally sign all frames they send. Any other AP, or the same local mode AP, for that matter, could be a validator.

With MFP version 2, clients must run the Cisco Secure Services Client (CSSC) or a client that is capable of CCXv5. This enables the client to hear the rogue and report illegitimate frames. You don’t have to worry about your client associating with the rogue AP, because it drops invalid frames.

Client MFP has another benefit. Suppose a neighboring AP performed containment as a denial-of-service (DoS) method against your network because it’s a deauthentication frame that is used for containment. The client would see that the containment frame does- n’t have the MIC and would ignore the deauthentication frame. This would keep people from containing your network as a form of DoS attack.

To enable MFP, choose SSEECCUURRIITTYY >> WWiirreelleessss PPrrootteeccttiioonn PPoolliicciieess >> AAPP AAuutthheennttiiccaa-- ttiioonn//MMFFPP . You view MFP with the Wireless LAN Controller by choosing SSEECCUURRIITTYY >> WWiirreelleessss PPrroot teeccttiioonn PPoolliicciieess >> MMaannaaggeemmeenntt FFrraammee PPrrootteeccttiioonn , as shown in Figure 17-2.

Wireless Attacks

It’s not news that networks in general are constantly bombarded with attacks. Some of these attacks are unique to wireless networks, as is the case with management frame spoofing. With management frame spoofing, a rogue AP advertises an SSID known to the

client in an attempt to get the client to connect to the rogue AP. Other attacks apply to both wired and wireless networks:

Reconnaissance attacks: An attacker attempts to gain information about your net- work. Initially, the method of mitigating recon attacks involved hiding the SSID by not broadcasting it in beacon frames.

Access attacks: An attacker tries to gain access to data, devices, and/or the net- work. Initially the method of preventing access to the network involved MAC-based authentication as well as static Wired Equivalent Privacy (WEP). The problem with WEP today is that the keys can be broken in 4 to 7 minutes.

Denial-of-service (DoS) attacks: An attacker attempts to keep legitimate users from gaining services they require. Today, the use of intrusion detection system/in- trusion prevention system (IDS/IPS) sensors on the wired network can help mitigate these attacks. You also can use MFP to prevent containment DoS attacks.

The mitigation methods used to prevent attacks mentioned here are not very advanced and are considered weak by today’s standards. However, you might be wondering how these methods work. What alternatives are there if these mitigation methods are weak? What other options exist? The following sections discuss these aspects.

Types of Roaming

2010-03-15T03:46:00.000-07:00

Before we dive into roaming as a Layer 2 or 3 process, let’s define it. Roaming is the move- ment of a client from one AP to another while still transmitting. Roaming can be done across different mobility groups, but must remain inside the same mobility domain. Con- sider the following examples.

Figure 12-4 shows a client transmitting data and moving from AP1 to AP2. These two APs are in the same mobility domain. This is roaming.

Figure 12-5 shows a client transmitting data and moving from AP2 to AP3. These two APs are in different mobility groups but are in the same mobility domain. This too is roaming.

Now here is where roaming breaks. In Figure 12-6, a user is transmitting data and decides to go work at a local coffee shop that offers wireless network access. After buying a $5 cup of coffee and settling down into a cushy sofa, he fires up his laptop and continues surfing the net. This is not roaming. In this case, the user has a new IP address, and any sessions that were active before need to be restarted.

The following must occur for your controllers to support roaming:

The controllers need to be in the same mobility domain.

The controllers need to run the same code version.

The controllers need to operate in the same LWAPP mode.

Access control lists (ACL) in the network need to be the same.

The SSID (WLAN) needs to be the same.

The following section takes a closer look at the Layer 2 roaming process.

The Layer 2 Roaming Process

As previously discussed, Layer 2 roaming happens when a user moves to another AP but stays on the same VLAN and the same IP subnet. As far as the user is concerned, nothing special has happened. The client isn’t notified that he is roaming. He also keeps his IP ad- dress, and all active transmissions stay active. This process is handled within a single con- troller. This process is called intracontroller roaming and takes less than 10 ms. Behind the scenes, the client, when roaming to a new AP, sends a query to request authentication. The query is sent from the AP to the controller, where the controller realizes that the client is already authenticated, just via another AP. The client is then registered as roaming in the controller, although you do not see this in the controller or in the WCS, and life goes on. Figure 12-7 depicts this scenario.

Now take that same scenario and add another controller, as shown in Figure 12-8. Here, the client associated with Controller1 is on VLAN10. Upon roaming to AP3, which is managed by Controller2, the connection stays active. What happened? In this situation, intercontroller roaming happened. This occurs when a user roams from one controller to another but remains on the same VLAN and does not have to perform a DHCP process again, which would force the session to break. The two controllers are configured with the same mobility group. The two controllers then exchange mobility messages. Using mobil- ity messages, the client database entry on Controller1 is moved to Controller2. This hap- pens in less than 20 ms. Again, the process is transparent to the user. He roams, data keeps flowing, sessions stay active, and life is good.

Both intracontroller roaming and intercontroller roaming allow the user to roam and re- main on the same IP subnet. This is Layer 2 roaming. Now let’s explore Layer 3 roaming.

The Layer 3 Roaming Process

As with Layer 2 roaming, the goal of Layer 3 roaming is for a client to roam transparently. The difference is that you are working with multiple controllers on different subnets. The catch is that although the controllers are on different subnets, the user does not change IP addresses. Instead, the controllers tunnel the traffic back to the original controller. So it’s a smoke-and-mirrors configuration. You are literally making the network believe that the user hasn’t roamed. The two tunneling methods are as follows:

Asymmetric tunneling: In asymmetric tunneling, traffic from the client is routed to the destination, regardless of its source address, and the return traffic is sent to its original controller, called an anchor, and is tunneled to the new controller.

Symmetric tunneling: In symmetric tunneling, all traffic is tunneled from the client to the anchor controller, sent to the destination, returned to the anchor controller, and then tunneled back to the client via the foreign controller.

Asymmetric Tunneling

When a client roams in an intercontroller roam, the database entry moves to the new con- troller. That’s not the case with Layer 3 roaming. In the case of Layer 3 roaming, the client’s entry in the original controller is marked as an anchor entry. Then the database en- try is not moved; instead, it is copied to the foreign controller. On the foreign controller, the entry is marked “Foreign.” The client is then reauthenticated, the entry is updated in the new AP, and the client is good to go. The client’s IP address doesn’t change. All this is transparent to the user. Figure 12-9 depicts this process.

Normally when a client sends traffic, it is sent to a default gateway, assuming that it is leav- ing the subnet, and then on to the destination. The traffic makes its way back to the client, taking the reverse path that it traveled to get there. This means that if Controller1 sends traffic to Router1 and then to Server1, Server1 returns the traffic via Router1 and then Controller1, as shown in Figure 12-10.

After the client roams to a new controller and a new AP, the return traffic is not delivered to the correct controller. So the anchor controller sees that the return traffic is for a client with an entry marked anchor and knows that it needs to tunnel it to the foreign controller. The foreign controller, upon receiving the packet, forwards it to the client, and all is well. This is how asymmetric tunneling works.

However, this configuration has some problems. Today’s networks are taking more and more security precautions; one of these precautions is Reverse Path Filtering (RPF), a function used by routers. The router examines all packets received as input on that inter- face to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received. Also, following RFC 3837 and some other antispoofing ACL recommendations, the source address would not match what is expected to be seen, and it would be dropped. So what do you do when this hap- pens? The answer is symmetric tunneling.

Symmetric Tunneling

In general, when a client sends a packet for Server1, much like what is shown in Figure 12- 10, the following occurs:

The foreign controller tunnels the packet to the anchor controller rather than forwarding it. Then the anchor controller forwards the packet to Server1. Server1 replies, sending the traffic back to the anchor controller. The anchor controller tunnels it back to the foreign

controller. The foreign controller delivers the packet back to the client. If the client roams to another foreign controller, the database is moved to the new foreign controller, but the anchor controller does not change.

Understanding Roaming

2010-02-24T08:24:00.000-08:00

It’s probably safe to say that most people understand the concept of roaming at a high level. You want to move from your desk to the conference room. The conference room is on the other side of the building, but you are in the middle of a large upload. You don’t sweat it because you are on a wireless network and wireless is...“everywhere”!

That sounds nice, and that’s what wireless networks have to offer, but how does wireless get “everywhere”? From what you have learned so far, you know that a wireless signal can’t travel “everywhere” because of absorption, refraction, scattering, and more. You’ve also learned a little about roaming and how an AP needs some overlap to facilitate the process. But there is still more to it. If you step back and look at the big picture, you start to see that the controller has to be involved in this lightweight AP deployment. How is the controller involved? To understand that, you need to understand mobility groups.

Understanding Mobility Groups

In simple terms, a mobility group is a setting on a controller that defines the controller as a member of a group. Other controllers would also be members of that group. These controllers share information about the clients that are roaming. In Figure 12-1, two controllers are in the same mobility group. They can exchange information about the client that is roaming. Figure 12-2 shows a network with three controllers. Controller1 and Controller2 are in the same mobility group, and Controller3 is in a different one. When this scenario occurs, the three controllers are considered to be in the same mobility domain. A controller can be aware of another controller in a different mobility group as long as they are in the same mobility domain. This allows them to exchange information regarding their clients. This allows clients in different mobility groups to roam between the different mobility domains. If the controllers were in different mobility groups and did not have knowledge of each other, roaming could not occur. To provide this knowledge, you as an administrator need to enter the MAC address and management IP address of the other controller in the first controller, and vice versa. In other words, Controller2 needs to be configured with Controller3’s MAC and management IP addresses, and Controller3 needs to be configured with Controller2’s MAC and IP addresses.

To set this up in the controller, first you need to configure the controller’s mobility domain. Remember that multiple controllers share the same mobility group, and controllers in different mobility groups can communicate with each other if they are part of the same mobility domain. To configure the mobility domain using the controller web interface, choose CONTROLLER > General.

A controller can be in only one mobility group and one mobility domain. To configure the mobility group, choose CONTROLLER > Mobility Management. Controllers that are in the same mobility group have the same virtual gateway IP address. You can add these controllers by clicking New and then adding the IP address, MAC address, and mobility group of the other controller, as shown in Figure 12-3. In Figure 12-3, Controller2 is added to Controller1. If you have more than one controller to add, you can do it all at once.

How an LWAPP AP Discovers a Controller

2010-02-09T19:35:00.000-08:00

When an AP discovers and joins a controller, the AP proceeds through several states. In Figure 11-2, you can see these states and when they happen.

The process begins with the discovery of a controller. Because the lightweight APs are by definition “zero-touch” when deployed, you should only need to plug them in and let them do the rest. On the back end, the part you do not see is a little more complex. The steps in this process, beginning with discovery, are as follows:

Step 1. The APs send LWAPP discovery request messages to WLCs. This is broadcast at Layer 2. Because Layer 3 mode is what you want to use, this should fail.

Step 2. Upon failing, the AP proceeds to Layer 3 by checking its configuration for an IP address. If no IP address exists, the client uses DHCP to obtain one.

Step 3. The AP uses information obtained in the DHCP response to contact a con- troller.

Step 4. Any WLC receiving the LWAPP discovery request message responds with an LWAPP discovery response message. If no controller responds, the AP reverts to Layer 2 broadcasts and starts the process again.

The Cisco implementation uses the hunting process and discovery algorithm to find as many controllers as possible. The AP builds a list of WLCs using the search and discovery process, and then it selects a controller to join from the list. The controller search process repeats continuously until at least one WLC is found and joined. IOS-based APs only do a Layer 3 discovery.

The Layer 3 discovery process follows a certain order:

Step 1. The AP does a subnet broadcast to see if a controller is operating in Layer 3 mode on the local subnet.

Step 2. The AP does an over-the-air provisioning (OTAP).

Step 3. When other APs exist and are in a joined state with a controller, they send messages that are used for resource management. These messages have the IP address of the controller in it. The AP can listen to these messages and get the controller IP address. The AP can then send a directed discovery message to the controller.

Step 4. The next process is called AP priming.

How an LWAPP AP Chooses a Controller and Joins It

Now that the AP potentially has numerous controllers to join, it must choose one and send it a join request message. Figure 11-3 illustrates this portion of communication.

A join request message contains the following information:

Type of controller

MAC of controller

AP hardware version

AP software version

AP name

Number and type of radios

Certificate payload (x.509)

Session payload to set up the session values

Test payload to see if jumbo frames can be used

How an LWAPP AP Receives Its Configuration

After joining, the AP moves to an image data phase, as shown in Figure 11-6, but only if the image on the AP is not the same as the image on the controller. If they are the same, this step is skipped and the image is used.

The controller upgrades or downgrades the AP at this point, and then it resets the AP. Af- ter a reset, the process begins again. The code is downloaded in LWAPP messages.

After the process of discovery and join happen and the image is the same on the controller and the AP, the AP gets its configuration from the controller. This happens during the con- fig data stage, as illustrated in Figure 11-7.

The AP then prompts the controller for a config by sending an LWAPP configure request message that contains parameters that can be configured as well as any values that are currently set; however, most of these values are empty.

When the controller gets the request, it sends a configure response message, which has the configuration values.

The AP then applies the configuration values in RAM. It is important to understand that these values are not stored in flash. If the AP reboots, the process begins again.

After applying the configuration, the AP is up and running.

Wireless Network Management

2010-01-20T03:17:00.001-08:00

In very large networks, a single wireless controller isn’t enough to manage all your APs. This type of scenario might call for the Cisco Wireless Control System (WCS). The WCS is a single point of management for up to 3000 lightweight APs and 1250 autonomous APs. The WCS runs on a Windows or Red Hat Linux server. To scale beyond 3000 APs, you would need the WCS Navigator. The WCS Navigator enables you to navigate between different wireless control systems. It is a manager of managers, so to speak. You can use the WCS Navigator to navigate between different WCS servers. You can then scale it up to 30,000 APs in a single deployment and support up to 20 WCS deployments, all within the WCS Navigator. There is also an additional appliance you can use, called the Cisco Wireless Location Appliance, as shown in Figure 10-13.

This is designed to do location tracking for Wi-Fi devices and RFID tags. It helps track thousands of devices.

Controller Discovery and Association

When a lightweight AP boots up, it cannot function without a controller. In this chapter, you will learn about the Lightweight Access Point Protocol (LWAPP) and the modes in which it can operate. You will also learn about how an AP finds controllers on the net- work, chooses one to join with, and then retrieves its configuration. In addition, you will look at the ways to provide redundancy for your AP in the event that a controller goes down. Finally, when an AP is joined with a controller, it can operate in certain modes that can be used for different reasons. You will learn these operational modes and when they are used.

Understanding the Different LWAPP Modes

LWAPP can operate in either Layer 2 LWAPP mode or Layer 3 LWAPP mode. The Layer 2 mode is considered out of date, and Cisco prefers and recommends Layer 3 mode. Layer 3 mode is the default LWAPP mode on most Cisco devices.

At a high level, and after the AP has an IP address, the phases of LWAPP operation include these:

Step 1. An AP sends an LWAPP discovery request message. This is a broadcast that is sent at Layer 2.

Step 2. Assuming that a controller is operating in Layer 2 LWAPP mode, the wireless LAN controller (WLC) receives the LWAPP discovery request and responds with an LWAPP discovery response message.

Step 3. The AP chooses a controller based on the response received and sends a join request.

Step 4. The WLC receiving the LWAPP join request responds to the AP join request with an LWAPP join response. This process is going to include a mutual au- thentication. An encryption key is created to secure the rest of the join process and any future LWAPP control messages.

Step 5. After the AP has joined the WLC, LWAPP messages are exchanged, and the AP initiates a firmware download from the WLC (if the AP and WLC have a version mismatch). If the onboard firmware of the AP is not the same as that of the WLC, the AP downloads firmware to stay in sync with the WLC. The firmware download mechanism utilizes LWAPP.

Step 6. After the WLC and AP match firmware revisions, the WLC provisions the AP with the appropriate settings. These settings might include service set identi- fiers (SSID), security parameters, 802.11 parameters such as data rates and sup- ported PHY types, radio channels, and power levels.

Step 7. After the provisioning phase is completed, the AP and WLC enter the LWAPP runtime state and begin servicing data traffic.

Step 8. During runtime operations, the WLC might issue various commands to the AP through LWAPP control messages. These commands might be provisioning commands or requests for statistical information that the AP collects and maintains.

Step 9. During runtime operations, LWAPP keepalive messages are exchanged be- tween the AP and WLC to preserve the LWAPP communication channel. When an AP misses a sufficient number of keepalive message exchanges, it at- tempts to discover a new WLC.

Wireless LAN Controllers

2010-01-04T05:56:00.000-08:00

The entire design of the Wireless LAN Controllers is for scalability. The communication between a lightweight AP can happen over any type of Layer 2 or Layer 3 infrastructure using LWAPP. There are integrated controller platforms designed for installation in switches. The 3750-G actually comes as an integrated 2RU switch with either a 25 or 50 AP controller, as well as the WiSM and the WLCM. These are both modular controllers that can be installed in 6500 series switches or in Integrated Services Routers (ISR). There are also appliance-based controllers, which include the 44xx series WLC as well as the 2100 series WLC. Which controller you require depends on how many APs you need de- ployed. This can be anywhere from six to 300 access points per controller. This is a fixed value and can’t be upgraded via licensing. If you need to support more APs, you need an- other controller or a controller that supports more APs.

The Cisco 44xx Series WLC

The Cisco 44xx series Wireless LAN Controller, shown in Figure 10-8, is a standalone appliance.

It is designed to take up one rack unit. It has either two or four Gigabit Ethernet uplinks, and they use mini-GBIC FSG slots. It can support 12, 25, 50, or 100 APs, depending on the model. And it can support up to 5000 MAC addresses in its database.

The 4400 series has a 10/100 interface called a service port; it is used for SSH and SSL connections for management purposes. The service port can be used for out-of-band management, but it is not required to manage the device. You can manage the device via the controller’s logical management interface. There is also a console port that you can use to connect via HyperTerminal or Teraterm Pro.

Depending on the country you are in, power requirements vary, but the chassis has two power supply slots.

The controller code version used for the CCNA Wireless exam is version 5.x, and the AP runs the same version. It’s actually a requirement that they run the same version, so when an AP joins with a controller, the controller upgrades or downgrades the AP. The con- troller upgrades four APs at a time. The 4400 series can support up to 100 access points. So, a 4400 would upgrade ten APs at a time until they are all upgraded.

The Cisco WiSM

The Cisco WiSM, shown in Figure 10-10, is a services module that installs in the 6500 se- ries switch or 7600 series router with the Cisco Supervisor Engine 720.

It has the same functionality as the 4400 series standalone controllers; the difference is that it supports up to 300 APs. The WiSM supports 150 access points per controller, with each blade having two controllers. Thus, you can have a total of 300 access points. You can also cluster 12 of them into a mobility domain. This allows up to 7200 lightweight APs in a mobility domain.

The Cisco 2106 WLC

The Cisco 2106 Wireless LAN Controller, shown in Figure 10-11, is also a single-rack unit design with eight 10/100 Ethernet ports.

It can support up to six primary access points. It has an RJ-45 console port and two RJ-45 ports that support PoE. It has nearly all the same features as the 4400 series controllers but has eight built-in switch ports. You can expect to see this controller in a small branch environment.

The Cisco WLCM

The Wireless LAN Controller Module (WLCM), shown in Figure 10-12, is designed for the ISR routers. You would see this controller in a small office.

It has the same functionality as the 2106, but it does not have the directly connected AP and console port. It supports six APs. The WLCM-Enhanced (WLCM-E) supports eight or 12 APs, depending on which module you get.

Of course, some limitations apply. Most of the features are similar to the 4000 series:

LWAPP

RF control

The ability to be a DHCP server

Layer 2 security

The differences are things such as the following:

Lack of PoE ports

The number of APs supported

The LWAPP modes supported

Wireless LAN Controller Summary

Table 10-3 summarizes the Cisco Wireless LAN Controller models.

Access Points

2009-12-23T05:42:00.000-08:00

As previously mentioned, there are two types of access points:

Autonomous APs

Lightweight APs

Some APs are built into modules and deployed in ISR routers at branch sites; other APs are deployed as just standalone devices. Cisco APs are known to offer the best range and throughput in the industry, as well as a number of security features that you do not find with other vendors.

Cisco APs offer multiple configuration options. Some of them support external antennas, some support internal antennas, and some are to be deployed outdoors. Still others are de- signed to be deployed indoors. Some APs are designed to be implemented for wide-area networking and bridging purposes and, while operating as a bridge, may also allow client connections. The point is that Cisco APs can serve a number of purposes.

The benefit of the CUWN APs is that they are zero-touch management, assuming that Layer 2 connectivity is already in place. As soon as they are plugged in and powered on, you don’t have to do anything else at the AP level. The models that you need to be familiar with for the CCNA Wireless exam include the 1130AG, 1240AG, 1250AG, 1300, and 1400 series wireless bridges.

The 1130, 1240, and 1250 can be both autonomous and lightweight APs. Whereas the 1300 and 1400 series are designed to operate as bridges, the 1300 series can also sup- port wireless clients. In turn, the 1400 series supports bridging only. Another model is the outdoor mesh 1500 series, which supports only LWAPP, so that would be designed for a lightweight scenario only.

Cisco is known for being ahead of the curve. That’s where the special functionality of the 1250AG comes in. The 1250AG is one of the first access points to support the 802.11n draft version 2.0 standard and is the basis for all 802.11 Wi-Fi interoperability testing. For a client vendor to get the v2.0 stamp of approval, it must be validated against the 1250, and the 1250 is the only AP used during this validation.

The 1130AG

The 1130AG, shown in Figure 10-3, is a dual-band 802.11 a/b or g AP that has integrated antennas.

The 1130AG can operate as a standalone device or in lightweight AP mode. It also can op- erate as a Hybrid Remote Edge AP (H-REAP) device. An H-REAP device operates on the far side of a WAN, and its controller is back at the core site.

The 1130AG is 802.11i/WPA2-compliant, and it has 32 MB of RAM and 16 MB of flash memory. The 1130 AP typically is deployed in office or hospital environments. Naturally, the internal antennas do not offer the same coverage and distance as APs that are designed for external antennas. Consider the 1130s. They have 3 dB gain and 4.5 dB gain for the 2.4- and 5-GHz frequencies, respectively. If you were to compare the 1131 to the 1242 with the 2.2 dipole antennas, you would see a larger coverage area than with the 1242.

The 1240AG

The 1240AG series AP, shown in Figure 10-4, is also a dual-band 802.11 a/b or g device, similar to the 1130AG; however, it supports only external antennas.

Those external antennas would connect using the RP-TNC connectors. The 1240AG can operate as an autonomous AP and in lightweight AP mode. Like the 1130AG, it also can operate in H-REAP mode. It too is 802.11i/WPA2-compliant.

The 1250 Series AP

Shown in Figure 10-5, the 1250 series AP is one of the first enterprise APs to support the 802.11n draft version 2.0.

Because it supports the 802.11n draft standard, you can get data rates of about 300 Mbps on each radio and the 2-by-3 multiple input and multiple output technology. The 2-by-3 is discussed in Chapter 6, “Overview of the 802.11 WLAN Protocols.” Also, because the 1250 is modular, it can easily be upgraded in the field. It operates in controller-based and standalone mode and is also 802.11i/WPA2-compliant.

The 1250 is designed for a more rugged type of indoor environment. You might see this at more hazardous locations such as packaging plants, or in situations where you might need

to place an antenna in a hazardous location and the AP elsewhere. You might see this type of AP in factories and hospitals. It has 64 MB of DRAM and 32 MB of flash memory. It has 2.4-GHz and 5-GHz radios.

Cisco Wireless Networks Architecture

2009-12-02T08:58:00.000-08:00

The Need for Centralized Control

There is certainly a need for centralized control in wireless deployments today. Initial wireless deployments were based on standalone access points called autonomous access or fat APs. An autonomous AP is one that does not rely on a central control device. Al- though this is a great start, the problem lies in scalability. Eventually, you will have prob- lems keeping your configurations consistent, monitoring the state of each AP, and actually taking action when a change occurs. You end up with holes in your coverage area, and there is no real dynamic method to recover from that. There is certainly a need for central- ized control, and the Cisco Unified Wireless Network (CUWN) is based on centralized control.

Eventually you will want or need to convert those standalone APs, if possible, to light- weight APs. A lightweight AP is managed with a controller.

Traditionally after a site survey, you would deploy your wireless network based on the in- formation you gathered. As time passes, the environment you did the original site survey in will change. These changes, although sometimes subtle, will affect the wireless cover- age. The CUWN addresses these issues.

The Cisco Solution

The CUWN solution is based on a centralized control model. Figure 10-1 illustrates the numerous components of the CUWN.

An AP operating in lightweight mode gets its configuration from the controller. This means that you will perform most of your configuration directly on the controller. It dy- namically updates the AP as the environment changes. This also allows all the APs to share a common configuration, increasing the uniformity of your wireless network and eliminat- ing inconsistencies in your AP configurations.

As you can see, five functional areas exist:

Wireless clients

Access points

Network unification

Network management

Network services

Supporting Multiple Networks

Previous chapters discussed that an AP can actually advertise multiple SSIDs, which lets the AP offer guest access as well as corporate user access and maybe even access for wire- less IP phones. Each Wireless LAN Controller actually can support 512 different VLAN instances. Remember that on the connection between the AP and the Wireless LAN Con- troller, all your wireless client data is passed via the LWAPP tunnel as it travels toward the wired domain.

To review, recall that an SSID exists only in the wireless space. An SSID is then tied to a VLAN within the controller. Each lightweight AP can support 512 different VLANs, but you don’t very often see that many on one AP.

On the other hand, your Wireless LAN Controller can have up to 16 wireless LANs (WLAN) tied to each AP. Each WLAN is assigned a wireless LAN identification (WLANID) by the controller. This is a number between 1 and 16, and you don’t get to choose which one to use.

So, now you have a WLAN that brings together the concept of an SSID on the wireless space and a VLAN on the wired space. By having separate WLANs, you can assign differ- ent quality-of-service (QoS) policies to the type of traffic encountered on each of them. An example of this would be to have a WLAN for IP Phones and a different WLAN for regular network users.

Each AP supports up to 16 SSIDs; generally, one SSID is mapped to one VLAN. With that said, even though a Wireless LAN Controller can support up to 512 VLANs per AP, you see a maximum of only 16 VLANs in most situations.

The CUWN Architecture

The Cisco Unified Wireless Network defines a total of five functional areas or intercon- nected elements, as shown in Figure 10-2.

The five elements or components all work together. It’s no longer about point products, where you can buy a standalone AP and deploy it and then later get management software to handle it. Today it is all about everything working together to create a smarter, more functional net- work. To illustrate how it all comes together, consider a Cisco wireless network. This type of network includes the following wireless clients (the first component of the CUWN):

Cisco Aironet client devices

Cisco-compatible client devices (not necessarily Cisco products, but still compatible)

Cisco Secure Services Client (SSC)

The client devices get a user connected.

The second component, the access point, is dynamically managed by your controllers, and they use LWAPP to communicate. The AP bridges the client device to the wired net- work. A number of APs that could be discussed here are as follows:

The 1130AG

The 1240AG

The 1250AG

The 1300 series bridge

The 1400 series bridge

The 1500 series outdoor mesh

Delivering Packets from the Wireless to Wired Network

2009-11-13T22:53:00.000-08:00

The Association Process

To begin, you need a network. This chapter uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in range of an AP that is advertis- ing multiple service set identifiers (SSID). One SSID puts users on a network that is of- fered to guest users called Guest. The other SSID is called UserNet and is designed for authenticated users of the corporate network. Naturally, more security is going to be applied to users of UserNet, such as authentication and encryption, as opposed to the net- work Guest. The Guest network places users on the 172.30.1.0/24 subnet. The UserNet places users on the 10.99.99.0/24 network. Although these two networks are on different subnets and users associate with different SSIDs, recall that an AP can advertise multiple SSIDs but actually uses the same wireless radio. In the wireless space, the SSID and IP subnet keep the networks logically separated.

Getting back to the association process, a client scans the channels hoping to hear a beacon from an AP or actively sends a probe request. If a probe response is received or a bea- con is heard, the client can attempt to associate with the SSID received in that probe response or beacon.

The next step is to authenticate and associate with the AP. When the client chooses an SSID, it sends an authentication request. The AP should reply with an authentication response. After this occurs and a “Success” message is received, an association request is sent, including the data rates and capabilities of the client, followed by an association re- sponse from the AP. The association response from the AP includes the data rates that the AP is capable of, other capabilities, and an identification number for the association.

Next, the client must determine the speed. It does this by determining the Received Signal Strength Indicator (RSSI) and signal-to-noise ratio (SNR), and it chooses the best speed to send at based on these determinations. All management frames are sent at the lowest rate, whereas the data headers can be sent faster than management frames, and the actual data frames at the fastest possible rate. Just as the client determines its rates to send, the AP, in turn, does the same. Now that the client is associated, it can attempt to send data to other devices on the network.

Sending to a Host on Another Subnet

When a client is associated with an AP, the general idea is to send data to other devices. To illustrate this, first try to send data between Client A in Figure 9-2, which is on the User- Net network, and Client B, which is on the Guest network. Although a typical network would not allow guest users to send traffic to internal WLAN users for security purposes, this will provide an example of how the connection works.

The two clients are clearly on two different subnets, so the rules of how IP works are still in play. The clients cannot send traffic directly to each other. Based on normal IP rules, they would first determine that the other is not on the same subnet and then decide to use a default gateway to relay the information. If a client has never communicated with the de- fault gateway, it uses Address Resolution Protocol (ARP) to resolve its MAC address. The process would appear as follows:

Step 1. Client A wants to send traffic to Client B.
Step 2. Client A determines that the IP address of Client B is not on the same subnet.
Step 3. Client A decides to send the traffic to the default gateway of 10.99.99.5.
Step 4. Client A looks in its ARP table for a mapping to the gateway, but it is not there.
Step 5. Client A creates an ARP request and sends to the AP, as seen in Figure 9-3.

When the ARP request is sent to the AP, it is an interesting process and actually works a little bit differently than on a wired network. Remember that on a wired network, the header has only two MAC addresses: the source address and the destination address. An 802.11 frame can have four addresses: the source address (SA), destination address (DA), transmitter address (TA), and receiving address (RA). In this situation, the SA is the MAC of the client sending the ARP request, the DA is broadcast (for the ARP), and the RA is the AP. No TA is present in this example.

Figure 9-4 shows the ARP request.

The AP receives the ARP and sees its MAC address. It verifies the frame check sequence (FCS) in the frame and waits the short interframe space (SIFS) time. When the SIFS time expires, it sends an ACK back to the wireless client that sent the ARP request. This ACK is not an ARP response; rather, it is an ACK for the wireless frame transmission.

The AP then forwards the frame to the WLC using the Lightweight Access Point Protocol (LWAPP), as illustrated in Figure 9-5.

The LWAPP frame that travels from the AP to the WLC is traveling on a wired network. This brings forth the question, “What happened to the 802.11 frame format?” LWAPP simply encapsulates the frame inside a 6-byte header. The new 6-byte header has the AP IP and MAC address as the source and the WLC IP and MAC address as the destination. Encapsulated inside of that header is the original 802.11 frame with the three MAC ad- dresses, including the broadcast MAC address for the ARP process. When the WLC re- ceives the LWAPP frame, it opens the frame revealing the ARP request and rewrites the ARP request in an 802.3 frame that can be sent across the wired network. The first ad- dress from the 802.11 frame is dropped, the second address is placed as the source address in the new 802.3 frame, and the third address, the broadcast address, is placed as the desti- nation address. The WLC then forwards the ARP request, in 802.3 format, across the wired network, as seen in Figure 9-6. Here you can see how the frame appears between the wireless Client A and the AP, how the AP encapsulates the frame and sends it to the WLC, and how the WLC rewrites the frame and sends it to the wired network.

As switches receive the ARP request, they read the destination MAC address, which is a broadcast, and flood the frame out all ports except the one it came in on. The exception to this rule is if VLANs are in use, in which case the frame would be flooded to all ports that are members of the same VLAN. Assuming that VLANs are not in use, the frame, as stated, is flooded out all ports except the one it came in on.

At some point, the frame will be received by a Layer 3 device, hopefully the default gate- way. In Figure 9-7, the router has received the ARP request and will respond to it with its MAC address.

That ARP response is sent back as a unicast message, so the switches in the path are going to forward it directly to the port that leads back to the wireless client, rather than flooding the frame out all ports. Eventually the frame is received by the WLC, and it must be re- built as an 802.11 frame. When the WLC rewrites the frame, it places the DA as address 1, the SA as address 3, and the TA as address 2, which is the SSID of the AP. Figure 9-8 illus- trates this process.

As illustrated in Figure 9-9, the newly formed 802.11 frame is placed inside an LWAPP header where the AP IP and MAC is the destination and the WLC IP and MAC is the source. The LWAPP frame is forwarded to the AP.

Next, the AP must remove the LWAPP header, exposing the 802.11 frame. The 802.11 frame is buffered, and the process of sending a frame on the wireless network begins. The AP starts a backoff timer and begins counting down. If a wireless frame is heard during the countdown, the reservation in the heard frame is added to the countdown and the AP continues. Eventually, the timer expires, and the frame can be sent an 802.11 frame.

WiMax

2009-11-05T08:44:00.001-08:00

Worldwide Interoperability for Microwave Access (WiMax) is defined by the WiMax fo- rum and standardized by the IEEE 802.16 suite. The most current standard is 802.16e.

According to the WiMax Forum:

“WiMAX is a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to wired broadband like cable and DSL. WiMAX provides fixed, nomadic, portable and, soon, mobile wireless broadband connectivity without the need for direct line-of-sight with a base station. In a typical cell radius deployment of three to ten kilometers, WiMAX Forum Certified systems can be ex- pected to deliver capacity of up to 40 Mbps per channel, for fixed and portable ac- cess applications.

“This is enough bandwidth to simultaneously support hundreds of businesses with T- 1 speed connectivity and thousands of residences with DSL speed connectivity. Mo- bile network deployments are expected to provide up to 15 Mbps of capacity within a typical cell radius deployment of up to three kilometers. It is expected that WiMAX technology will be incorporated in notebook computers and PDAs by 2007, allowing for urban areas and cities to become ‘metro zones’ for portable outdoor broadband wireless access.”

You must understand a few aspects of WiMax; the first is the concept of being fixed line of sight (LOS) or non-LOS (mobile). In non-LOS, mobile doesn’t mean mobile in the sense that most of us think. WiMax mobility is more like the ability to travel and then set up shop temporarily. When you are done, you pack up and move on. A few service providers use this technology to provide end-user access as an alternative to DSL or cable modem. Your signal range in this Non-LOS scenario is about 3 to 4 miles, and data rates are adver- tised at around 30 Mbps, but you can expect less—closer to 15 Mbps.

Other service providers are targeting business customers in a fixed LOS WiMax deploy- ment in which the topology most closely resembles that of a traditional T1, being a point- to-point type of topology and providing backhaul or backbone services. This fixed LOS advertises 30 to 70 Mbps throughput, but you can expect around 40 Mbps.

As the IEEE standardizes WiMax technology, it has progressed from the original 802.16 to 802.16a, c, d, and finally 802.16e.

As mentioned, the WiMax defines last-mile access. Figure 8-6 shows a sample topology in which subscribers have a point-to-point connection back to a service provider and from there have access to the public Internet.

WiMax operates on the 10- to 66-GHz frequency band, so it doesn’t interfere with 802.11 LANs. So why is it discussed in this section? The school of thought here is that, with some planning, a device acting as a gateway can be deployed offering 802.11 LAN access with 802.16 last-mile access or upstream access to a service provider, thus removing the need for wires. The question of how feasible this is lies in the hands of the vendors devel- oping the products and the standards committees ensuring interoperability. Some vendors, however, have tested this technology in lab environments with much success.

Other Types of Interference

Other types of interference can occur in the same frequency ranges. These devices might not be the most obvious, but they should be considered. They can include the following:

Microwaves (operate at 1 to 40 GHz)

Wireless X11 cameras (operate at 2.4 GHz)

Radar systems (operate at 2 to 4 GHz for moderate-range surveillance, terminal traffic control, and long-range weather and at 4 to 8 GHz for long-range tracking and air- borne weather systems)

Motion sensors (operate at 2.4 GHz)

Fluorescent lighting (operates at 20000 Hz or higher)

Game controllers and adapters (usually operate at 2.5 GHz)

When dealing with wireless deployments, you can use tools to determine signal strength and coverage, but just knowing about these additional sources of interference will save you some time in determining where to place APs and clients.

Additional Wireless Technologies

2009-10-17T11:05:00.000-07:00

Cordless Phones

Cordless phones have been around as long as I can remember—or at least since I was in junior high. Cordless phones sometimes operate in the wireless spectrum as WLANs, which can cause interference issues. Visit an electronics store, and you’ll find some phones that operate at 2.4 GHz and others that operate at 5.8 GHz. This should be a consideration when you purchase cordless phones. If you have 802.11a deployed, a 2.4-GHz phone should suffice. If you have 802.11b/g, you should avoid a phone that operates in the 2.4- GHz range and go with a 5.8-GHz phone. With that said, let’s look at cordless phone technology in more detail.

To begin with,cordless phones canuse Time Division Multiple Access (TDMA) or Frequency Division Multiple Access (FDMA). The Multiple Access technology is used to allow more than one handset to access the frequency band at the same time, as shown in Figure 8-1. As you can see, a cordless phone communicates with the base station. Multiple cordless phones can use the same base station at the same time by using TDMA or FDMA.

It’s common for cordless phones to use the Digital Enhanced Cordless Telecommunica- tions (DECT) standard. DECT is an ETSI standard for digital portable phones and is found in cordless technology that is deployed in homes and businesses. Currently, the DECT standard is a good alternative for avoiding interference issues with any 802.11 technolo- gies. The original DECT frequency band was 1880 to 1900 MHz. It’s used in all European countries. It is also used in most of Asia, Australia, and South America.

In 2005, the FCC changed channelization and licensing costs in the 1920 to 1930 MHz, or 1.9 GHz, band. This band is known as Unlicensed Personal Communications Services (UPCS). This change by the FCC allowed the use of DECT devices in the U.S. with few changes. The modified DECT devices are called DECT 6.0. This allows a distinction to be made between DECT devices used overseas and other cordless devices that operate at 900 MHz, 2.4 GHz, and 5.8 GHz.

Bluetooth

Bluetooth is a personal-area technology that was named after a king of Denmark, Harald “Bluetooth” Gormson. It is said that the use of his name is based on his role in unifying Denmark and Norway. Bluetooth technology was intended to unify the telecom and com- puting industries. Today, Bluetooth can be found integrated into cell phones, PDAs, lap- tops, desktops, printers, headsets, cameras, and video game consoles. Bluetooth has low power consumption, making it a good choice for mobile, battery-powered devices.

The Bluetooth Special Interest Group (SIG) was formed in 1998, and the name “Bluetooth” was officially adopted. In 1999, Bluetooth 1.0 and 1.0b were released, although they were pretty much unusable. Bluetooth 1.1 followed and was much more functional. Eventually, based on Bluetooth 1.1, the 802.15.1 specification was approved by the IEEE to conform with Bluetooth technology.

Bluetooth 1.2 was then adopted in 2003 with faster connections and discovery of devices as well as the use of adaptive Frequency Hopping Spread Spectrum technology. In 2004, Bluetooth 2.0 + Enhanced Data Rate (EDR), supporting speeds up to 2 Mbps, was adopted by the Bluetooth SIG. The IEEE followed with 802.15.1-2005, which is the speci- fication that relates to Bluetooth 1.2. After the 802.15-2005 standard, the IEEE severed ties to the Bluetooth SIG because the Bluetooth SIG wanted to pursue functionality with other standards.

Bluetooth technology might interfere with 802.11 LANs, because it operates in the 2.4- GHz range. However, because it is designed for a proximity of about 35 feet, has low transmit power, and uses Frequency Hopping Spread Spectrum, it is unlikely that Blue- tooth will interfere.

Bluetooth is considered a piconet; it allows eight devices (one master and seven slaves) to be paired, as shown in Figure 8-2. Although the figure is a little extreme, it shows you just how many devices can be paired with a laptop or desktop. You can download photos you’ve taken, while listening to music with your headphones, synchronizing your cell phone’s contacts and PDA calendar with Outlook, and using your mouse to print that new white paper on Cisco.com, all while playing a video game. Imagine the wire mess you would have without Bluetooth.

ZigBee

Many people have never heard of ZigBee, but it’s a technology that is well-designed and very useful. ZigBee was developed by the ZigBee Alliance. It consists of small, low-power digital radios based on the IEEE 802.15.4 standard for wireless personal-area networks (WPAN), such as wireless headphones connecting to cell phones via short-range radio. If you look at the ZigBee Alliance home page at http://www.zigbee.org, you’ll likely notice that ZigBee relates much of its use to control and monitoring. In fact, ZigBee is often used for monitoring, building automation, control devices, personal healthcare devices, and computer peripherals.

A Wireless Connection

2009-10-07T03:10:00.001-07:00

Using Figures 7-11 through 7-18, you can step through a simple discovery and association process.

1. The AP sends beacons every 2 seconds, as shown in Figure 7-11.

2. Client A is passively scanning and hears the beacon. This enables the client to deter- mine whether it can connect. You can see this in Figure 7-12.

3. A new client (Client B) arrives. Client B is already configured to look for the AP, so in- stead of passive scanning, it sends a probe request for the specific AP (see Figure 7-13).

4. The AP sends a probe response, seen in Figure 7-14, which is similar to a beacon. This lets Client B determine if it can connect.

5. From this point on, the process would be the same for Client A and Client B. In Figure 7-15, Client B sends an authentication request.

6. Also seen in Figure 7-15, the AP returns an authentication response to the client.

7. The client then sends an association request, as seen in Figure 7-16.

8. Now the AP sends an association response, also seen in Figure 7-16.

9. When the client wants to send, it uses an RTS, assuming this is a mixed b/g cell. The RTS includes the duration, as you can see in Figure 7-17.

10. Also seen in Figure 7-17, the AP returns a CTS.

11. The client sends the data (see Figure 7-17).

12. The AP sends an ACK after each frame is received (Figure 7-17).

13. In Figure 7-18, the client sends a disassociation message.

14. The AP replies with a disassociation response (Figure 7-18).

15. The client returns and sends a reassociation message (Figure 7-18).

16. The AP responds with a reassociation response (Figure 7-18).

Again, this process has other variations, but this should give you a pretty good under- standing of how to manage a connection.

Wireless Frame Transmission

2009-09-18T00:27:00.000-07:00

When people talk about wireless networks, they often say that they are just like wired 802.3 LANs. This is actually incorrect, aside from the fact that they use MAC addresses. Wireless LANs use the 802.11 frame structure, and you can encounter multiple types of frames. To get a better understanding, you can begin by learning the three types of wireless frames. Once you are familiar with the three types of wireless frames, you can further your knowledge by taking a deeper look at interframe spacing (IFS) and why it is necessary.

Wireless Frame Types

Wireless LANs come in three frame types:

Management frames: Used for joining and leaving a wireless cell. Management frame types include association request, association response, and reassociation request, just to name a few. (See Table 7-2 for a complete list.)

Control frames: Used to acknowledge when data frames are received.

Data frames: Frames that contain data.

Now that you have an idea of what frames are used, it is helpful to see how these frames are sent. For this, you need to understand a few more terms that might be new to you. Because all the terms meld together to some degree, they are explained in context throughout the next section.

Sending a Frame

Recall that wireless networks are half-duplex networks. If more than one device were to send at the same time, a collision would result. If a collision occurs, the data from both senders would be unreadable and would need to be resent. This is a waste of time and resources. To overcome this issue, wireless networks use multiple steps to access the network. Wireless LANs use carrier sense multiple access collision avoidance (CSMA/CA), which is similar to the way 802.3 LANs work. The carrier sense part means that a station has to determine if anyone else is sending. This is done with clear channel assessment (CCA), and what it means is that you listen. You can, however, run into an issue where two devices cannot hear each other. This is called the hidden node problem. This issue is overcome using virtual carrier sense (VCS). The medium is not considered available until both the physical and virtual carrier report that it is clear.

Each station must also observe IFS. IFS is a period that a station has to wait before it can send. Not only does IFS ensure that the medium is clear, but it ensures that frames are not sent so close together that they are misinterpreted. The types of IFS periods are as follows:

Short interframe space (SIFS): For higher priority and used for ACKs, among other things

Point-coordination interframe space (PIFS): Used when an AP is going to control the network

Distributed-coordination interframe space (DIFS): Used for data frames and is the normal spacing between frames

Each of these has a specific purpose as defined by the IEEE.

SIFS is used when you must send a frame quickly. For example, when a data frame is sent and must be acknowledged (ACK), the ACK should be sent before another station sends other data. Data frames use DIFS. The time value of DIFS is longer than SIFS, so the SIFS would preempt DIFS because it has a higher priority.

Figure 7-1 illustrates the transmission of a frame. In the figure, Station A wants to send a frame. As the process goes, both the physical and virtual carrier need to be free. This means the client has to listen. To listen, the client chooses a random number and begins a countdown process, called a backoff timer. The speed at which the countdown occurs is called a slottime and is different for 802.11a, b, and g.

It works like this:

1. Station A selects the random timer value of 29.

2. Station A starts counting at 29, 28, 27, 26, and so on. While Station A is counting down, it is also listening for whether anyone else is sending a frame.

3. When the timer is at 18, Station B sends a frame, having a duration value in the header of 45.

4. The duration of 45 that is in the header of the frame sent by Station B is called a network allocation vector (NAV) and is a reservation of the medium that includes the amount of time to send its frame, wait for the SIFS, and then receive an ACK from the AP.

5. Station A adds 45 to the 18 that is left and continues counting down, 63, 62, 61, and so on. The total time that Station A waits before sending is called the contention window.

6. After the timer on Station A reaches 0, it can send its frame as illustrated in Figure 7- 2. At this point, the medium should be clear.

If Station A sends but fails, it resets the backoff timer to a new random number and counts down again. The backoff timer gets larger as the frames fail in transmission. For example, the initial timer can be any number between 0 and 31. After the first failure, it jumps to any number between 0 and 127. It doubles for the next failure, then again, then again.

This entire process is known as the distributed coordination function (DCF). This simply means that each station is responsible for coordinating the sending of its data. The alternative to DCF is point coordination function (PCF), which means the AP is responsible for coordination of data transmission.

If the frame is successful, an ACK must be sent. The ACK uses the SIFS timer value to make sure it is sent quickly. Some amount of silence between frames is natural. The SIFS is the shortest period of silence. The NAV reserves this time. A normal silence time is the DIFS. Again, the ACK uses SIFS because you want it to be sent immediately. The station that sends the ACK waits for the SIFS and then ACKs with the duration of 0. This is how the end of the transmission is indicated.

Frame Types

For the most part, all frames are going to have the same type of header. The difference is in the body of the frame. The body is more specific and indicates what the frame is all about. Table 7-2 shows some frame types.

802.11 WLAN Protocols

2009-08-24T10:27:00.000-07:00

wireless space consists of numerous protocols. Specifically in the WLAN area, the Institute of Engineers Electrical and Electronic Engineers (IEEE) has created several protocols within the 802.11 category to facilitate the networking process. These protocols define the data rates, the modulation techniques, and more. An understanding of these protocols is essential for any administrator of wireless networks.

The IEEE helps to standardize wireless protocols. Those that you must be familiar with for the CCNA Wireless Exam are the 802.11 a/b/g and n protocols. These four IEEE standards define the wireless family that is used in almost all wireless LANS today. The standardization of wireless networking started with the original 802.11 protocol in 1997, and each protocol thereafter has simply added to the benefit of wireless technologies. This chapter looks at the 802.11 protocol families, their history, and how they operate. The 802.11 protocols encompass the 2.4-GHz and 5-GHz range.

The Original 802.11 Protocol

The original 802.11 protocol was where wireless LANs find there beginnings. It is rare to find this original protocol in new hardware today, probably because it only operates at 1 and 2 Mbps. The 802.11 standard describes frequency-hopping spread spectrum (FHSS), which operates only at 1 and 2 Mbps. The standard also describes direct sequence spread spectrum (DSSS), which operates only at 1 and 2 Mbps. If a client operates at any other data rate, it is considered non-802.11 compliant, even if it can use the 1- and 2-Mbps rates.

The original 802.11 protocol falls within the industry, scientific, and medical (ISM) bands and operates only in the 2.4-GHz range. The 2.4-GHz range has up to 14 channels depending on the country you are in. In the United States, the FCC allows channels 1 through 11 to be used. This gives you 3 nonoverlapping channels: 1, 6, and 11. This is important because you do not want to have APs and clients operating on the same channel placed near each other for interference reasons.

The 802.11b Protocol

802.11b is a supplement to the 802.11 protocol. To get an better feel for how the 802.11 protocols progressed, understand that technology moves faster than the standards do. 802.11 was quickly outgrown because wired networks offered 10 Mbps versus the 1 and 2 Mbps of 802.11. Vendors developed methods of achieving higher data rates. The danger in vendor-designed protocols, of course, is interoperability. The job of the IEEE was simply to define a standard that all vendors could follow based on the proprietary implementations that they were using.

802.11b offers higher data rates—up to 11 Mbps—with backward compatibility at 1 and 2 Mbps. At 1 and 2 Mbps, the same coding and modulation as 802.11 is used. When operating at the new speeds—5.5 Mbps and 11 Mbps—a different modulation and coding is used. 802.11 uses Barker 11 coding, as covered in Chapter 1, “Introduction to Wireless Networking Concepts,” and 802.11b uses complementary code keying (CCK) for coding. For modulation, 802.11 uses differential binary phase-shift keying (DBPSK), whereas 802.11b uses differential quadrature phase-shift keying (DQPSK). The result is more data sent in the same period.

802.11b was ratified in September 1999. The United States has 11 channels, the same as 802.11. In Europe, the ETSI defines 13 channels, and Japan has 14. 802.11b allows dynamic rate shifting (DRS) to enable clients to shift rates to lower rates as they travel farther away from an AP and higher rates as they get closer to an AP. Today, 802.11b is the most popular and most widely deployed wireless standard. Table 6-3 gives some basic information on the 802.11b standard.

The 802.11g Protocol

The IEEE ratified 802.11g in June 2003. In addition to the four data rates of 802.11b, it added eight more. The maximum data rate of 54 Mbps places 802.11g in the same speed range as 802.11a; however, it remains in the 2.4-Ghz frequency range. On the lower end, 802.11g is still compatible with 802.11b, using the same modulation and coding as 802.11b for the 1-, 2-, 5.5-, and 11-Mbps rates. To achieve the higher data rates, 802.11g uses orthogonal frequency division multiplexing (OFDM) for modulation. OFDM is the same modulation that 802.11a uses.

There are still only three nonoverlapping channels. With OFDM, you must be careful about power outputs; the power needs to be reduced to handle the peaks in the modulation technique and still fall within governmental regulations. Table 6-4 shows some details about 802.11g.

The 802.11a Protocol

802.11a was ratified in 1999 and operates in the 5-GHz frequency range. This makes it incompatible with 802.11, 802.11b, and 802.11g, while avoiding interference from these devices in addition to microwaves, Bluetooth devices, and cordless phones. 802.11a had late-market adoption, so it is not as widely deployed as the 802.11b and g protocols.

Another difference is that 802.11a supports anywhere from 12 to 23 nonoverlapping channels as opposed to the 3 nonoverlapping channels in 802.11b/g. Because OFDM is used, subchannels can overlap. 802.11a requires that the data rates of 6, 12, and 24 Mbps be supported but allows for data rates up to 54 Mbps.

Table 6-5 shows some details on the 802.11a standard.

The rules under ETSI specifications are a little different. ETSI allows 19 channels and requires that dynamic frequency control (DFC) and transmit power control (TPC) be used.

What makes 802.11a unique is the way the 5-GHz frequency band is divided into multiple parts. These parts, the Unlicensed National Information Infrastructure (UNII), were designed for different uses. UNII-1 was designed for indoor use with a permanent antenna. UNII-2 was designed for indoor or outdoor use with an external antenna, and UNII-3 was designed for outdoor bridges and external antennas.

The FCC revised the use of the frequency in 2004 by adding channels and requiring compliance of DFC and TPC to avoid radar. The revision also allows all three parts of the UNII to be used indoors. This is not the case with ETSI, however, because it does not allow unlicensed use of UNII-3.

In the 802.11a spectrum, the higher-band channels are 30 MHz apart. This includes UNII- 2 and above. The lower bands are 20 MHz apart.

The 802.11n Protocol

802.11n is currently a draft standard. Again, technology has progressed more rapidly than the standards, because vendors are already shipping 802.11n APs and clients. What makes 802.11n special is that in a pure 802.11n environment, you can get speeds up to 300 Mbps, but most documentation says it will provide 100 Mbps. This is probably because the expectation is that other 802.11 clients will be present. 802.11n is, in fact, backward compatible with 802.11b/g and a.

The backward compatibility and speed capability of 802.11n come from its use of multiple antennas and a technology called Multiple-Input, Multiple-Output (MIMO). MIMO, pronounced Mee-Moh, uses different antennas to send and receive, thus increasing throughput and accomplishing more of a full duplex operation.

MIMO comes in three types:

Precoding

Spatial multiplexing

Diversity coding

Precoding is a function that takes advantage of multiple antennas and the multipath issue that was discussed in Chapter 3, “WLAN RF Principles.” 802.11n uses transmit beamforming (TxBF), which is a technique that is used when more than one transmit antenna exists where the signal is coordinated and sent from each antenna so that the signal at the receiver is dramatically improved, even if it is far from the sender. This technique is something that you would use when the receiver has only a single antenna and is not moving. If the receiver is moving, then the reflection characteristics change, and the beamforming can no longer be coordinated. This coordination is called channel state information (CSI).

Spatial multiplexing takes a signal, splits it into several lower rate streams, and then sends each one out of different antennas. Each one of the lower rate streams are sent on the same frequency. The number of streams is limited to the lowest number of antennas on either the transmitter or the receiver. If an AP has four antennas and a client has two, you are limited to two.

Currently, the Wi-Fi Alliance is certifying 802.11n devices even though they are still in draft status. The Wi-FI Alliance is doing this using the interim IEEE 802.11n draft 2.0.

Common Antenna Types

2009-08-16T09:47:00.000-07:00

The two main types of antennas are directional and omnidirectional. In this section you will learn the difference between the two types and look at some of the antennas that Cisco offers. Both send the same amount of energy; the difference is in how the beam is focused. To understand this, imagine that you have a flashlight. By twisting the head of the light, you can make the beam focus in a specific area. When the beam has a wider fo- cus, it doesn’t appear to be as bright. While you twist the head of the light, you never change its output. The batteries are the same. The power is the same. The light is the same. You simply focus it in different ways. The same goes for wireless antennas. When you look at a directional antenna, it appears to be a stronger signal in one direction, but it’s still emitting the same amount of energy. To increase power in a particular direction, you add gain.

The angles of coverage are fixed with each antenna. When you buy high-gain antennas, it is usually to focus a beam.

Omnidirectional Antennas

There are two ways to determine the coverage area of an antenna. The first is to place the AP in a location and walk around with a client recording the signal-to-noise ratio (SNR) and Received Signal Strength Indicator (RSSI). This could take a really long time. The sec- ond method is a little easier. In fact, the manufacturer does it for you. Figures 5-3 and 5-4 show different views of the wireless signal. Figure 5-3 shows how the wireless signal might propagate if you were standing above it and looking down on the antenna.

This is called the horizontal plane (H-plane) or azimuth. When you look at an omnidi-rectional antenna from the top (H-plane), you should see that it propagates evenly in a 360-degree pattern.

The vertical pattern does not propagate evenly, though. Figure 5-4 shows the elevation plane (E-plane). This is how the signal might propagate in a vertical pattern, or from top to bottom. As you can see, it’s not a perfect 360 degrees. This is actually by design. It’s what is known as the “one floor” concept. The idea is that the signal propagates wider from side to side than it does from top to bottom so that it can offer coverage to the floor it is placed on rather than to the floor above or below the AP.

Another way to look at this is to imagine an AP, as shown in Figure 5-5. If you draw in the H-plane and E-plane, you can relate the signal to each plane.

Now that you have a better understanding of how to determine the propagation patterns of an antenna, let’s look at some antennas.

2.2-dBi Dipole

The 2.2-dBi dipole,orrubberduck,showninFigure5-6,ismostoftenseenindoorsbe- cause it is a very weak antenna. In fact, it’s actually designed for a client or AP that doesn’t cover a large area. Its radiation pattern resembles a doughnut, because vertically it doesn’t propagate much. Instead, it’s designed to propagate on the H-plane. The term dipole may be new to you. The dipole antenna was developed by Heinrich Rudolph Hertz and is con- sidered the simplest type of antenna. Dipoles have a doughnut-shaped radiation pattern. Many times, an antenna is compared to an isotropic radiator. An isotropic radiator assumes that the signal is propagated evenly in all directions. This would be a perfect 360- degree sphere in all directions, on the H and E planes. The 2.2-dBi dipole antenna doesn’t work this way; rather, it has a doughnut shape.

IR-ANT1728

The AIR-ANT1728, shown in Figure 5-7, is a ceiling-mounted omnidirectional antenna op- erating at 5.2 dBi.

You would use this when a 2.14-dBi dipole doesn’t provide adequate coverage for an area. This antenna has more gain, thus increasing the H-plane, as shown in Figure 5-8.

The easiest way to express the effect of adding gain—in this case, 5.2 dBi versus 2.2 dBi— is to imagine squeezing a balloon from the top and the bottom, as shown in Figure 5-9.

The squeezing represents the addition of gain. The H-plane widens and the E-plane short- ens, as shown in Figure 5-10.

Table 5-2 details the statistics of the AIR-ANT1728.

Antenna Communications

2009-08-09T10:05:00.000-07:00

Principles of Antennas

If someone asked you what the most important part of a wireless network is, what would you say? I’d have to say the antenna. Why? Without it, you have a nice little AP that can offer network services for anyone within about 3 feet. But that’s not what you want. You want to make sure that your space is properly covered. You need antennas to do this. In fact, you need the right antennas to do this. In this section you will learn about the factors involved in dealing with antennas, which include polarity and diversity.

Polarization

The goal of an antenna is to emit electromagnetic waves. The electro portion of the term electromagnetic describes the wave and that it can move in different ways. The way that it moves is its polarization. There are three types of polarization:

Vertical
Horizontal
Circular

As shown in Figure 5-1, vertical polarization means that the wave moves up and down in a linear way. Horizontal polarization means that the wave moves left and right in a linear way.

The third type of polarization, circular polarization, indicates that the wave circles as it moves forward, as illustrated in Figure 5-2.

The electric field is generated by stationary charges, or current. There is also a magnetic field hence the term electromagnetic. The magnetic field is found perpendicular (at a 90- degree angle) to the electric field. This magnetic field is generated at the same time as the electric field; however, the magnetic field is generated by moving charges. Cisco antennas are always vertically polarized in wireless networks. This makes the electric field vertical. Why is this important? The importance is that the antenna is designed to propagate signals in a certain direction. Here is where installation errors can hurt you. For example, if you have a long tube-like antenna, it would face up/down. If you placed it flat instead, the signal would propagate in a different direction and would end up degraded.

Although this is not a huge factor in indoor deployments, it can be in outdoor deployments. Usually other factors degrade your wireless signal propagation on indoor deployments.

Diversity

By now you should understand what the multipath issue is. Traffic takes different paths because of the obstacles in the wireless path. One way to deal with multipath issues is to use two antennas on one AP. Diversity is the use of two antennas for each radio to increase the odds that you receive a better signal on either of the antennas.

Here is how it works: The two antennas are placed one wavelength apart. When the AP hears a preamble of a frame, it switches between the two antennas and uses an algorithm to determine which antenna has the better signal. After an antenna is chosen, it is used for the rest of that frame. You can switch antennas and listen to the preamble because it has no real data. As soon as the real data gets there, it uses only one of the antennas.

Most of the time this happens with a single radio in the AP and two antennas connected to it. This is important because the two antennas cover the same area. You wouldn’t try to cover two different areas with the same radio. Additionally, the antennas need to be the same. If you used a weaker antenna on one side versus the other, the coverage area would not be the same.

Vendor-Specific Topology Extensions

2009-07-28T01:20:00.000-07:00

The vendor-specific topology extensions are an enablement of additional network functionality by way of vendor-defined protocols, devices, and topologies. In this section you will learn how workgroup bridges, wireless repeaters, outdoor wireless bridges, and wire- less mesh networks through the use of wireless controllers can enhance the functionality and capability of your wireless deployment.

Workgroup Bridges
You will most likely have times when you have an isolated network that needs access to the rest of the network for access to the server farm and the Internet. You might not be able to run an Ethernet cable to the isolated network, or you might not own the property so you can’t drill holes in the walls, and so on. In this scenario, you would use a WGB topology such as the one shown in Figure 4-6.

Notice that the WGB is used to bridge a wired network to an AP that connects to a distri- bution system.

Cisco offers two types of workgroup bridges:

Autonomous Workgroup Bridge (aWGB): The aWGB was originally just called a workgroup bridge, but Cisco later changed the name when it introduced the Univer- sal WGB. The aWGB is supported in IOS AP version 12.4(3G)JA and later. The aWGB connects only to upstream Cisco APs, and the AP sees multiple Ethernet clients.

Universal Workgroup Bridge (uWGB): The uWGB is supported on IOS AP version 12.4(11)XJ and later. It allows bridging to upstream non-Cisco APs and appears as a single client.

Repeaters
Recall that in an Extended Service Set (ESS), multiple APs connect clients. This is all well and good until you have clients roaming about who get into areas where coverage is neces- sary but not possible. The solution of a WGB doesn’t work, because a WGB connects users who are wired. An example is a worker at a warehouse who carries a barcode scan- ner or even a wireless Cisco IP Phone. There are scenarios where you can’t run a cable into a location to install an AP. This is where you want to use a wireless repeater. A wireless repeater is simply an AP that doesn’t connect to a wired network for its connectivity to the distribution network. Instead, it overlaps with an AP that does physically connect to the distribution network. The overlap needs to be 50 percent for optimal performance. Figure 4-7 shows an example. A repeater is allowing a client to connect to the network when in fact the client would normally be out of the service area of the AP.

You can get APs that act as a repeater as well, which is how the Cisco solution works. The catch is that you need a Cisco AP as the upstream “root” device, and only one SSID is supported in repeater mode. Additionally, the overall throughput is cut in half for each re- peater hop.

Outdoor Wireless Bridges

When you have two or more LANs within a few miles of each other and you want to link them, you can use a wireless bridge. Because you are “bridging,” the technology works at Layer 2. This means that the LANs do not route traffic and do not have a routing table.

You can connect one LAN directly to another in a point-to-point configuration, as shown in Figure 4-8, or you can connect many LANs through a central hub, as shown in Figure 4-9.

Each end of a point-to-multipoint topology would have to communicate through the hub if it wanted to communicate with the others. Cisco offers the Cisco Aironet 1300 series wireless bridge and the Cisco Aironet 1400 series wireless bridge. When using a 1400 se- ries, you can bridge only networks, but if you use a 1300 series, you can allow clients to connect as well as bridge networks. The 1300 series operates in the 2.4-GHz range, and the 1400 series operates in the 5-GHz range.

Outdoor Mesh Networks

As you can see, bridges are a good way to connect remote sites. However, suppose that you are operating in a point-to-multipoint topology, and the central site experiences con- gestion. Who suffers? Just the central site? Just the remote site? No; the answer is every- one. When two remote sites communicate through a central site, the central site makes all the difference.

Assume that the central site goes down, as shown in Figure 4-10.

Now the remote sites can’t communicate with each other or the central site. This can be a major issue to contend with. The solution is to deploy a mesh network such as the one illustrated in Figure 4-11.

The mesh solution is appropriate when connectivity is important, because multiple paths can be used. The IEEE is currently working on a mesh standard (802.11s). However, the solution discussed here is a Cisco solution in which a wireless controller, also shown in Figure 4-11, is involved.

When you have a mesh network, some nodes (another term for APs in a mesh network) are connected to a wired network. Some nodes simply act as repeaters. A mesh node re- peats data to nearby nodes. More than one path is available, so a special algorithm is used to determine the best path. The alternative paths can be used when there is congestion or when a wireless mesh node goes down.

Original 802.11 Topologies

2009-07-14T02:48:00.000-07:00

Although the previous sections discussed network topologies that you might encounter, it was a very general discussion. You also need to understand the original topologies, defined by the 802.11 committees, including the following:

Ad hoc mode
Infrastructure mode

The following sections give more details on these topologies.

Overview of Ad Hoc Networks

When two computers want to communicate directly with one another, they do so in the form of an ad hoc network. Ad hoc networks don’t require a central device to allow them to communicate. Rather, one device sets a group name and radio parameters, and the other uses it to connect. This is called a Basic Service Set (BSS), which defines the area in which a device is reachable. Because the two machines don’t need a central device to speak to each other, it is called an Independent Basic Service Set (IBSS). This type of ad hoc network exists as soonas two devices see each other. Figure4-2 shows an ad hoc network.

Each computer has only one radio. Because there is only one radio, the throughput is lower and acts as a half-duplex device, because you can’t send and receive at the same time.

You don’t have much control in these networks, so you’re stuck when it comes to methods such as authentication. In addition, you need to address who starts the conversation and who decides on the order of communication, to name just a couple issues.

Network Infrastructure Mode

In wireless networks, an access point acts as a connection point for clients. An AP is actually a cross between a hub and a bridge. Here’s why:

There is one radio, which cannot send and receive at the same time. This is where the AP is likened to a hub. It’s a half-duplex operation.
APs have some intelligence that is similar to that of a bridge. That is how an AP can see a frame and decide to forward it based on MAC addresses.

What is different on an AP versus a bridge is that wireless frames are more complex. Standard Ethernet frames have a source MAC address and a destination MAC address. Wireless frames can have three or four MAC addresses. Two of them are the source and destination MAC addresses, and one is the AP’s MAC address that is tied to a workgroup.

The fourth that could be present is a NEXT_HOP address in the event that you are using a workgroup bridge (WGB).

An AP is actually just one type of wireless station. This terminology could cause some confusion between an AP and a client on a network, so to differentiate between them, a client is called a station (STA), and an AP is called an infrastructure device.

So what does a typical wireless topology look like? Of course, wireless clients are associated with an AP. In the wireless space, the coverage area of the AP is called a Basic Service Area (BSA), which is also sometimes known as a wireless cell. They mean the same thing. When only one AP exists, this coverage area is called a BSA, as shown in Figure 4-3. That AP then usually has an Ethernet connection to an 802.3 LAN, depending on the function of the AP.

Assuming that the AP has an Ethernet connection, it bridges the 802.11 wireless traffic from the wireless clients to the 802.3 wired network on the Ethernet side.

The wired network attached to the AP’s Ethernet port is a path to a wireless LAN controller (or controller for short). The client traffic is passed through the controller and then is forwarded to the wired network, called the distribution system. The distribution system is how a client accesses the Internet, file servers, printers, and anything else available on the wired network.
When more than one AP is connected to a common distribution system, as shown in Figure 4-4, the coverage area is called an Extended Service Area (ESA).

Why would you want more than one AP connected to the same LAN? There are a few reasons:

To provide adequate coverage in a larger area.
To allow clients to move from one AP to the other and still be on the same LAN.
To provide more saturation of APs, resulting in more bandwidth per user.

This process of a client moving from one AP to another is called roaming. For roaming to work, the APs must overlap. You might wonder why they need to overlap, because interference in a wireless network is a common issue. The reason for the overlap is so that a client can see both APs and associate to the one with the stronger signal. As soon as the signal from the associated AP hits the threshold built into the client, the client looks for another AP with a better signal.

Service Set Identifiers

Think about how you connect to a wireless network. On your laptop, you might see a popup that says “Wireless networks are available” or something to that effect. When you look at the available networks, you see names. On older Cisco autonomous APs, the network was called “Tsunami.” On a store-bought Linksys, the network is actually called “linksys.” So the client sees a name that represents a network.

On the AP, the network is associated with a MAC address. This network or workgroup that your clients connect to is called a Service Set Identifier (SSID). So on an AP, the SSID is a combination of MAC address and network name. This MAC address can be that of the wireless radio or another MAC address generated on the AP. When an AP offers service for only one network, it is called a Basic Service Set Identifier (BSSID). APs offer the ability to use more than one SSID. This would let you offer a Guest Network and a Corporate Network and still use the same AP. When the AP has more than one network, it is called a Multiple Basic Service Set Identifier (MBSSID). You can think of it as a virtual AP. It offers service for multiple networks, but it’s the same hardware. Because it’s the same hardware and the same frequency range, users on one network share with users on another and can collide if they send at the same time.

Now let’s return to the roaming discussion. To get roaming to work, the BSA of each AP must overlap. The APs also need to be configured for the same SSID. This enables the client to see that the same network is offered by different MAC addresses, as illustrated in Figure 4-5.

When a client roams and moves from one AP to the other, the SSID remains the same, but the MAC address changes to the new AP with a better signal.

Another issue to consider when roaming is the possibility of interference between the two overlapping APs. Even though they offer the same SSID, they need to be on different channels, or frequency ranges, that do not overlap. This prevents co-channel interference, which should be avoided. The 2.4 spectrum allows only three nonoverlapping channels. You must consider this fact when placing APs.

General Wireless Topologies

2009-07-06T03:51:00.000-07:00

When you’re talking about wireless topologies, there are a number of ways it could go. If you are talking about how your wireless network looks next to your wired network, you are most likely talking about a wireless local-area network (WLAN). The goal of a WLAN versus a wireless personal-area network (WPAN) is quite different. The following sections discuss the purpose of each network type, what they try to accomplish, and what types of wireless technologies you might encounter there. Figure 4-1 shows the various wireless topologies.

WPAN

If you were to consider all the options, a WPAN would be the solution to choose if you wanted to wirelessly connect to something that is very close to you. It seems funny to put it that way, because if something close to you needs to be networked, you might as well just walk over and grab it, right? Wrong. Even though this is called a network, its form can mislead you into thinking that it’s not a networking technology. What forms are we talking about? Headsets, headphones—even a mouse.
A WPAN has the following characteristics:

The range is short—about 20 feet.
Eight active devices
Unlicensed 2.4-GHz spectrum
Called a piconet

A WPAN is a network that is designed to operate within a 20-foot range. The most common WPAN is Bluetooth. In a Bluetooth network, you communicate on the 2.4-GHz spec- trum. Thinking about how many people have Bluetooth headsets and mice and such, you would expect a lot of interference, but that’s not the case. Bluetooth uses Frequency Hop- ping Spread Spectrum (FHSS). Although this book doesn’t discuss FHSS, it’s good to un- derstand that even though Bluetooth operates on the same frequency as 802.11b and 802.11g, they don’t interfere as much as another AP in the same frequency spectrum would, but they do interfere. The fact that Bluetooth communicates with a shared hopping sequence in a local area is what makes it a piconet.

Bluetooth piconets consist of up to eight active devices but can have many inactive de- vices. WPANs usually fall into the unlicensed 2.4-GHz spectrum and are standardized by the 802.15 IEEE workgroup. A WPAN study group was formed in 1998, and two months later a Bluetooth Special Interest Group (SIG) was formed. Shortly thereafter the study group became the IEEE 802.15 group. The Bluetooth SIG has more than 9000 members and continues to further the technology.

WLAN

WLANs are designed for a larger area than that of a WPAN. These can scale from very small home offices to large enterprise networks. The fact that they are local-area means that the organization where the WLAN exists also manages and probably owns the equip- ment. WLANs have the following characteristics:

2.4-GHz or 5-GHz spectrum.
A larger range than a WPAN—close to 100 meters from AP to client.
To achieve further distance, more power output is required.
It’s not personal; rather, more clients are expected.
WLANs are very flexible, so more than eight active devices/clients are expected, un- like a WPAN.

Normally you find a mix of dual-band wireless access points, laptops, and desktops in a WLAN. A WLAN operates in either the 2.4-GHz spectrum for 802.11b/g or the 5-GHz spectrum for 802.11a. Of the protocols seen in WLANs, 802.11b was the first to really get market penetration. Others, such as the 802.11a, have followed. Now the 802.11a, b, g, and n WLAN standards are commonly found in networks around the world. The frequency spectrums used by 802.11a/b, g, and n are all unlicensed.

Because WLANs cover larger areas, they require more power output than a WPAN. The issue to watch in WLANs is that you don’t exceed the power rules that the government sets forth. For example, in the U.S., the Federal Communications Commission (FCC) man- dates radiated power levels.

WLANs are designed to give mobile clients access to network resources. For this reason, a WLAN expects to see multiple users. In addition to wireless users, there are wireless print servers, presentation servers, and storage devices. You end up with many devices connecting to each other or sharing information with each other, usually over a common distribution system such as the local-area network. This makes WLANs much more com- plex than WPANs.

What makes WLANs flexible is the fact that the APs and clients are dual-band. This makes it easy to deploy different transmission methods in different areas, and most clients can still operate.

WMAN

A wireless metropolitan-area network (WMAN) covers a large geographic area and has the following characteristics:

Speeds decrease as the distance increases.
Close to broadband speeds versus Ethernet speeds.
Used as a backbone, point-to-point, or point-to-multipoint.
Most well-known is WiMax.

WMANs are used as backbone services, point-to-point, or even point-to-multipoint links that can be a replacement for technologies such as T1 and T3. Sometimes, a WMAN can use unlicensed frequencies. However, this isn’t always a preferred solution, because others could use the same frequency, thus causing interference. Instead, many prefer to use a li- censed frequency range; however, this requires payment for exclusive rights.

It’s normal for the speeds in a WMAN to decrease with distance. This places them in a closer category to broadband than to Ethernet. The most widely known WMAN is WiMax (802.16b). WiMax can be used to offer last-mile access as an alternative to broad- band services such as DSL or cable connections. WiMax is an excellent solution where fa- cilities or distance are a limitation. With WiMax, you pay a service provider for access, because the cost of deployment is normally very high.

WWAN

A wireless wide-area network (WWAN) covers a large geographic area. WWANs have the following characteristics:

Low data rates
Pay-for-use
High cost of deployment

Because they cover a large geographic area, WWANs usually are very expensive to deploy. To better understand what a WWAN is, consider your cellular service. Your cell serv- ice is a WWAN and probably offers data access as well as voice access. The data rates are probably around 115 kbps, although some providers offer higher data rates. The most widely deployed WWAN technologies are Global System for Mobile Communication (GSM) and Code Division Multiple Access (CDMA). Payment for data access or even voice access is typically based on usage.

Wireless Local-Area Networks

2009-06-22T06:04:00.001-07:00

Although wireless networking began to penetrate the market in the 1990s, the technology has actually been around since the 1800s. A musician and astronomer, Sir William Her- schel (1738 to 1822) made a discovery that infrared light existed and was beyond the visi- bility of the human eye. The discovery of infrared light led the way to the electromagnetic wave theory, which was explored in-depth by a man named James Maxwell (1831 to 1879). Much of his discoveries related to electromagnetism were based on research done by Michael Faraday (1791 to 1867) and Andre-Marie Ampere (1775 to 1836), who were researchers that came before him. Heinrich Hertz (1857 to 1894) built on the discoveries of Maxwell by proving that electromagnetic waves travel at the speed of light and that electricity can be carried on these waves.

Although these discoveries are interesting, you might be asking yourself how they relate to wireless local-area networks (WLANs). Here is the tie-in: In standard LANs, data is propagated over wires such as an Ethernet cable, in the form of electrical signals. The dis- covery that Hertz made opens the airways to transfer the same data, as electrical signals, without wires. Therefore, the simple answer to the relationship between WLANs and the other discoveries previously mentioned is that a WLAN is a LAN that does not need ca- bles to transfer data between devices, and this technology exists because of the research and discoveries that Herschel, Maxwell, Ampere, and Hertz made. This is accomplished by way of Radio Frequencies (RF).

With RF, the goal is to send as much data as far as possible and as fast as possible. The problem is the numerous influences on radio frequencies that need to be either overcome or dealt with. One of these problems is interference, which is discussed at length in Chapter 5, “Antennae Communications.” For now, just understand that the concept of wireless LANs is doable, but it is not always going to be easy. To begin to understand how to overcome the issues, and for that matter what the issues are, you need to understand how RF is used.

Wireless Networks

2009-06-22T05:56:00.000-07:00

Many influences can act on a wireless transmission. For that reason, it is important to un- derstand what is actually involved in a wireless transmissions so you know exactly what is being affected. This section reviews what a wavelength is, how frequency it is used in wireless transmission, and what the purpose of amplitude is. In addition, it covers how Ef- fective Isotropic Radiated Power (EIRP) is calculated and what it defines.

Influences on Wireless Transmissions

Free Path Loss Model
To understand Free Path Loss, you can think of jumping smack into the middle of a pud- dle. This would cause a sort of wave effect to spread in all directions away from you. The closer to you that the wave is, the larger it is. Likewise, the farther away from you that wave travels, the smaller it gets. After a certain distance, the wave widens so much that it just disappears.

You might recall learning that an object that is in motion stays in motion until something stops it. But nothing stops the wave. It just disappears. This is where you get the term free. Take a look at Figure 3-1, and you can see that as the wave—or, in this case, the radiated wireless signal—travels away from the source, it thins out. This is represented by the bold dots becoming less and less bold.

You might also notice that the farther away the signal gets from the center, the sparser the dots are. Figure 3-1 has a single transmitting device (you could relate that to an access point) and many receiving devices. Not all the receiving stations get each one of the dots or signals that the transmitter sent. A device closer to the transmitter usually gets a more concentrated signal, and a receiver farther away might get only one dot.

Determining the range involves a determination of the energy loss and the distance. If you place receivers outside of that range, they cannot receive wireless signals from the access point and, in a nutshell, your network does not work.

Absorption
An effect of absorption is heat. When something absorbs a wave, it creates heat in what- ever absorbed the wave. This is seen in microwaves. They create waves that are absorbed by your food. The result is hot food. A problem you can encounter is that if a wave is en- tirely absorbed, it stops. While this effect reduces the distance the wave can travel, it does not change the wavelength or the frequency of the wave. These two values do not change as a wave is absorbed.

You might be asking what some possible sources of absorption are. Walls, bodies, and carpet can absorb signals. Relate it to sound. If you had really loud neighbors who were barbecuing outside your bedroom window, how could you deaden the sound? You could hang a blanket on the window or board up the window. Things that absorb sound waves also absorb data waves.

How can this affect your wireless deployment? Looking at Figure 3-2, you can see an of- fice that has just been leased and ready to move in. After a quick site survey, you deter- mine that four APs will provide plenty of coverage. This is because you cannot see absorption. Nothing causes the issue.

Now look at Figure 3-3, which shows the same office after move-in. Notice that with the furniture, cubicle walls, and other obstacles, the four APs that you originally thought would be sufficient no longer provide the proper coverage because of the signal being ab- sorbed. This is an illustration of absorption.

Reflection
Although absorption causes some problems, it is not the only obstacle that you are going to encounter that will affect your wireless deployments. Another obstacle is reflection. Reflection happens when a signal bounces off of something and travels in a different di- rection. This can be illustrated by shining a flashlight on an angle at a mirror, which causes it to reflect on an opposite wall. The same concept is true with wireless waveforms. You can see this effect in Figure 3-4, where the reflection of the signal is reflected at the same angle that it hits the mirror. You can also relate this to sources of interference in an office environment. Although offices do not usually have mirrors lying around, they do have other objects with similar reflective qualities, such as monitors and framed artwork with glass facing.

Reflection depends on the frequency. You will encounter some frequencies that are not af- fected as much as others. This is because objects that reflect some frequencies might not reflect others.

Multipath

Multipath is what happens when portions of signals are reflected and then arrive out of order at the receiver, as illustrated in Figure 3-5.
One characteristic of multipath is that a receiver might get the same signal several times over. This is dependent on the wavelength and the position of the receiver.

Another characteristic of multipath is that it can cause the signal to become out of phase. When you receive out-of-phase signals, they can cancel each other out, resulting in a null signal.

Scattering

The issue of wireless signals scattering happens when the signal is sent in many different directions. This can be caused by some object that has reflective, yet jagged edges, such as dust particles in the air and water. One way to illustrate the effects would be to consider shining a light onto a pile of broken glass. The light that is reflected shoots off in many different directions. The same is true with wireless, only the pile of glass is replaced with microparticles of dust or water.
On a large scale, imagine that it is raining. Large raindrops have reflective capabilities. When a waveform travels through those microparticles, it is reflected in many directions. This is scattering. To visualize this, notice that Figure 3-6 involves a waveform traveling between two sites on a college campus. During a heavy downpour of rain, the wireless signal would be scattered in transit from one antenna to the next.

Scattering has more of an effect on shorter wavelengths, and the effect depends on fre- quency. The result is that the signal weakens.

Refraction
Refraction is the change in direction of, or the bending of, a waveform as it passes through something that is a different density. This behavior causes some of the signal to be reflected away and part to be bent through the object. To better understand this con- cept, Figure 3-7 demonstrates the effect of refraction. A waveform is being passed through a glass of water. Notice that, because the glass is reflective, some of the light is re- flected, yet some still passes through.

The waveform that is passed through the glass is now at a different angle. Because refraction usually has the most effect on outdoor signals, dryness refracts away from the earth (as seen in dust particles), and humidity refracts toward the earth.

Line of Sight

As an object travels toward a receiver, it might have to deal with various obstructions that are directly in the path. These obstructions in the path cause many of the issues just dis- cussed—absorption, reflection, refraction, scattering. As wireless signals travel farther distances, the signal widens near the midpoint and slims down nearer to the receiver. Figure 3-8 illustrates where two directional antennas are sending a signal between the two points. The fact that it appears to be a straight shot is called visual line of sight (LOS). Although the path has no obvious obstacles, at greater distances the earth itself becomes an obstacle. This means that the curvature of the earth, as well as mountains, trees, and any other environmental obstacles, can actually interfere with the signal.
Even though you see the other endpoint as a direct line, you must remember that the sig- nal does not. The signal in fact widens, as illustrated in Figure 3-9. What was not an obvi- ous obstruction in Figure 3-8 is more clearly highlighted in Figure 3-9.

Determining Signal Strength Influences

2009-06-22T05:53:00.000-07:00

The Fresnel Zone

To give you a little background, Augustin-Jean Fresnel was a French physicist and civil en- gineer who lived from 1788 to 1827. He correctly assumed that light moved in a wavelike motion transverse to the direction of propagation. His assumption, or claim, was correct. Because of his work, a method for determining where reflections will be in phase and out of phase between sender and receiver is based on his name. This method determines what is called the Fresnel zone.

Here is how Fresnel did it. First he divided the path into zones. The first zone should be at least 60 percent clear of obstructions. To visualize this, you can think of the shape of a football, which is wider in the middle. However, with the Fresnel zone calculation, you use an equation to determine what the size of the ball is at the middle. This helps to determine the width that a wave will be so you can make sure that no obstacles are in the path.

Figure 3-10 illustrates the height an antenna would need to be at different distances to overcome this. For example, for a 2.4-GHz system, at 7 miles you need to have the anten- nas mounted at 45 to 50 feeAlthough this is just an example, the numbers are pretty close, and at least you can get more of a visual of what you are up against in the real world. Again, do not spend too much time on this in preparation for the CCNA wireless exam, because it is not a concept you will be tested on.

Although this is just an example, the numbers are pretty close, and at least you can get more of a visual of what you are up against in the real world. Again, do not spend too much time on this in preparation for the CCNA wireless exam, because it is not a concept you will be tested on.

Received Signal Strength Indicator

The Received Signal Strength Indicator (RSSI) measurement uses vendor-specified values. Because of this, you cannot rely on it to compare different vendors. In the end, all this gives you is a grading of how much signal was received.

Keep in mind that the measurement is vendor specific, so the scale that is used might vary. For example, one vendor might use a scale of 0 to 100, whereas another might use a scale of 0 to 60. The scale is usually represented in dBm, so the two scales would not match up. It is also up to the vendor to determine what dBm is represented by 0 and what dBm is represented by 100.

One tool that is used in wireless networks to give RSSI values is called Network Stumbler.

Signal-to-Noise Ratio
Signal-to-noise ratio (SNR) is the term used to describe how much stronger the signal is compared to the surrounding noise that corrupts the signal. To understand this, suppose you walk into a crowded park with many screaming kids and speak in a normal voice while on the phone. The odds are that the noise is going to be so loud that the person on the other end will not be able to distinguish your words from all the noise around you that is also being transmitted over the phone. This is how the wireless network operates. If the outside influences are causing too much noise, the receivers cannot understand the transmissions.

Link Budget
Link budget is a value that accounts for all the gains and losses between sender and re- ceiver, including attenuation, antenna gain, and other miscellaneous losses that might oc- cur. This can be useful in determining how much power is needed to transmit a signal that the receiving end can understand.

The following is a simple equation to factor link budget:

Received Power (dBm) = Transmitted Power (dBm) + Gains (dB) – Losses (dB)