Wireless Network Management

In very large networks, a single wireless controller isn’t enough to manage all your APs. This type of scenario might call for the Cisco Wireless Control System (WCS). The WCS is a single point of management for up to 3000 lightweight APs and 1250 autonomous APs. The WCS runs on a Windows or Red Hat Linux server. To scale beyond 3000 APs, you would need the WCS Navigator. The WCS Navigator enables you to navigate between different wireless control systems. It is a manager of managers, so to speak. You can use the WCS Navigator to navigate between different WCS servers. You can then scale it up to 30,000 APs in a single deployment and support up to 20 WCS deployments, all within the WCS Navigator. There is also an additional appliance you can use, called the Cisco Wireless Location Appliance, as shown in Figure 10-13.


This is designed to do location tracking for Wi-Fi devices and RFID tags. It helps track thousands of devices.


Controller Discovery and Association

When a lightweight AP boots up, it cannot function without a controller. In this chapter, you will learn about the Lightweight Access Point Protocol (LWAPP) and the modes in which it can operate. You will also learn about how an AP finds controllers on the net- work, chooses one to join with, and then retrieves its configuration. In addition, you will look at the ways to provide redundancy for your AP in the event that a controller goes down. Finally, when an AP is joined with a controller, it can operate in certain modes that can be used for different reasons. You will learn these operational modes and when they are used.


Understanding the Different LWAPP Modes

LWAPP can operate in either Layer 2 LWAPP mode or Layer 3 LWAPP mode. The Layer 2 mode is considered out of date, and Cisco prefers and recommends Layer 3 mode. Layer 3 mode is the default LWAPP mode on most Cisco devices.

At a high level, and after the AP has an IP address, the phases of LWAPP operation include these:

Step 1. An AP sends an LWAPP discovery request message. This is a broadcast that is sent at Layer 2.

Step 2. Assuming that a controller is operating in Layer 2 LWAPP mode, the wireless LAN controller (WLC) receives the LWAPP discovery request and responds with an LWAPP discovery response message.

Step 3. The AP chooses a controller based on the response received and sends a join request.

Step 4. The WLC receiving the LWAPP join request responds to the AP join request with an LWAPP join response. This process is going to include a mutual au- thentication. An encryption key is created to secure the rest of the join process and any future LWAPP control messages.

Step 5. After the AP has joined the WLC, LWAPP messages are exchanged, and the AP initiates a firmware download from the WLC (if the AP and WLC have a version mismatch). If the onboard firmware of the AP is not the same as that of the WLC, the AP downloads firmware to stay in sync with the WLC. The firmware download mechanism utilizes LWAPP.

Step 6. After the WLC and AP match firmware revisions, the WLC provisions the AP with the appropriate settings. These settings might include service set identi- fiers (SSID), security parameters, 802.11 parameters such as data rates and sup- ported PHY types, radio channels, and power levels.

Step 7. After the provisioning phase is completed, the AP and WLC enter the LWAPP runtime state and begin servicing data traffic.

Step 8. During runtime operations, the WLC might issue various commands to the AP through LWAPP control messages. These commands might be provisioning commands or requests for statistical information that the AP collects and maintains.

Step 9. During runtime operations, LWAPP keepalive messages are exchanged be- tween the AP and WLC to preserve the LWAPP communication channel. When an AP misses a sufficient number of keepalive message exchanges, it at- tempts to discover a new WLC.

Wireless LAN Controllers

The entire design of the Wireless LAN Controllers is for scalability. The communication between a lightweight AP can happen over any type of Layer 2 or Layer 3 infrastructure using LWAPP. There are integrated controller platforms designed for installation in switches. The 3750-G actually comes as an integrated 2RU switch with either a 25 or 50 AP controller, as well as the WiSM and the WLCM. These are both modular controllers that can be installed in 6500 series switches or in Integrated Services Routers (ISR). There are also appliance-based controllers, which include the 44xx series WLC as well as the 2100 series WLC. Which controller you require depends on how many APs you need de- ployed. This can be anywhere from six to 300 access points per controller. This is a fixed value and can’t be upgraded via licensing. If you need to support more APs, you need an- other controller or a controller that supports more APs.


The Cisco 44xx Series WLC

The Cisco 44xx series Wireless LAN Controller, shown in Figure 10-8, is a standalone appliance.


It is designed to take up one rack unit. It has either two or four Gigabit Ethernet uplinks, and they use mini-GBIC FSG slots. It can support 12, 25, 50, or 100 APs, depending on the model. And it can support up to 5000 MAC addresses in its database.

The 4400 series has a 10/100 interface called a service port; it is used for SSH and SSL connections for management purposes. The service port can be used for out-of-band management, but it is not required to manage the device. You can manage the device via the controller’s logical management interface. There is also a console port that you can use to connect via HyperTerminal or Teraterm Pro.

Depending on the country you are in, power requirements vary, but the chassis has two power supply slots.

The controller code version used for the CCNA Wireless exam is version 5.x, and the AP runs the same version. It’s actually a requirement that they run the same version, so when an AP joins with a controller, the controller upgrades or downgrades the AP. The con- troller upgrades four APs at a time. The 4400 series can support up to 100 access points. So, a 4400 would upgrade ten APs at a time until they are all upgraded.


The Cisco WiSM

The Cisco WiSM, shown in Figure 10-10, is a services module that installs in the 6500 se- ries switch or 7600 series router with the Cisco Supervisor Engine 720.


It has the same functionality as the 4400 series standalone controllers; the difference is that it supports up to 300 APs. The WiSM supports 150 access points per controller, with each blade having two controllers. Thus, you can have a total of 300 access points. You can also cluster 12 of them into a mobility domain. This allows up to 7200 lightweight APs in a mobility domain.


The Cisco 2106 WLC

The Cisco 2106 Wireless LAN Controller, shown in Figure 10-11, is also a single-rack unit design with eight 10/100 Ethernet ports.


It can support up to six primary access points. It has an RJ-45 console port and two RJ-45 ports that support PoE. It has nearly all the same features as the 4400 series controllers but has eight built-in switch ports. You can expect to see this controller in a small branch environment.


The Cisco WLCM

The Wireless LAN Controller Module (WLCM), shown in Figure 10-12, is designed for the ISR routers. You would see this controller in a small office.


It has the same functionality as the 2106, but it does not have the directly connected AP and console port. It supports six APs. The WLCM-Enhanced (WLCM-E) supports eight or 12 APs, depending on which module you get.

Of course, some limitations apply. Most of the features are similar to the 4000 series:

• LWAPP

• RF control

• The ability to be a DHCP server

• Layer 2 security

The differences are things such as the following:

• Lack of PoE ports

• The number of APs supported

• The LWAPP modes supported

Wireless LAN Controller Summary

Table 10-3 summarizes the Cisco Wireless LAN Controller models.

Access Points

As previously mentioned, there are two types of access points:

• Autonomous APs

• Lightweight APs

Some APs are built into modules and deployed in ISR routers at branch sites; other APs are deployed as just standalone devices. Cisco APs are known to offer the best range and throughput in the industry, as well as a number of security features that you do not find with other vendors.

Cisco APs offer multiple configuration options. Some of them support external antennas, some support internal antennas, and some are to be deployed outdoors. Still others are de- signed to be deployed indoors. Some APs are designed to be implemented for wide-area networking and bridging purposes and, while operating as a bridge, may also allow client connections. The point is that Cisco APs can serve a number of purposes.

The benefit of the CUWN APs is that they are zero-touch management, assuming that Layer 2 connectivity is already in place. As soon as they are plugged in and powered on, you don’t have to do anything else at the AP level. The models that you need to be familiar with for the CCNA Wireless exam include the 1130AG, 1240AG, 1250AG, 1300, and 1400 series wireless bridges.

The 1130, 1240, and 1250 can be both autonomous and lightweight APs. Whereas the 1300 and 1400 series are designed to operate as bridges, the 1300 series can also sup- port wireless clients. In turn, the 1400 series supports bridging only. Another model is the outdoor mesh 1500 series, which supports only LWAPP, so that would be designed for a lightweight scenario only.

Cisco is known for being ahead of the curve. That’s where the special functionality of the 1250AG comes in. The 1250AG is one of the first access points to support the 802.11n draft version 2.0 standard and is the basis for all 802.11 Wi-Fi interoperability testing. For a client vendor to get the v2.0 stamp of approval, it must be validated against the 1250, and the 1250 is the only AP used during this validation.

The 1130AG

The 1130AG, shown in Figure 10-3, is a dual-band 802.11 a/b or g AP that has integrated antennas.

The 1130AG can operate as a standalone device or in lightweight AP mode. It also can op- erate as a Hybrid Remote Edge AP (H-REAP) device. An H-REAP device operates on the far side of a WAN, and its controller is back at the core site.

The 1130AG is 802.11i/WPA2-compliant, and it has 32 MB of RAM and 16 MB of flash memory. The 1130 AP typically is deployed in office or hospital environments. Naturally, the internal antennas do not offer the same coverage and distance as APs that are designed for external antennas. Consider the 1130s. They have 3 dB gain and 4.5 dB gain for the 2.4- and 5-GHz frequencies, respectively. If you were to compare the 1131 to the 1242 with the 2.2 dipole antennas, you would see a larger coverage area than with the 1242.


The 1240AG


The 1240AG series AP, shown in Figure 10-4, is also a dual-band 802.11 a/b or g device, similar to the 1130AG; however, it supports only external antennas.

Those external antennas would connect using the RP-TNC connectors. The 1240AG can operate as an autonomous AP and in lightweight AP mode. Like the 1130AG, it also can operate in H-REAP mode. It too is 802.11i/WPA2-compliant.


The 1250 Series AP

Shown in Figure 10-5, the 1250 series AP is one of the first enterprise APs to support the 802.11n draft version 2.0.

Because it supports the 802.11n draft standard, you can get data rates of about 300 Mbps on each radio and the 2-by-3 multiple input and multiple output technology. The 2-by-3 is discussed in Chapter 6, “Overview of the 802.11 WLAN Protocols.” Also, because the 1250 is modular, it can easily be upgraded in the field. It operates in controller-based and standalone mode and is also 802.11i/WPA2-compliant.

The 1250 is designed for a more rugged type of indoor environment. You might see this at more hazardous locations such as packaging plants, or in situations where you might need


to place an antenna in a hazardous location and the AP elsewhere. You might see this type of AP in factories and hospitals. It has 64 MB of DRAM and 32 MB of flash memory. It has 2.4-GHz and 5-GHz radios.

Cisco Wireless Networks Architecture

The Need for Centralized Control

There is certainly a need for centralized control in wireless deployments today. Initial wireless deployments were based on standalone access points called autonomous access or fat APs. An autonomous AP is one that does not rely on a central control device. Al- though this is a great start, the problem lies in scalability. Eventually, you will have prob- lems keeping your configurations consistent, monitoring the state of each AP, and actually taking action when a change occurs. You end up with holes in your coverage area, and there is no real dynamic method to recover from that. There is certainly a need for central- ized control, and the Cisco Unified Wireless Network (CUWN) is based on centralized control.

Eventually you will want or need to convert those standalone APs, if possible, to light- weight APs. A lightweight AP is managed with a controller.

Traditionally after a site survey, you would deploy your wireless network based on the in- formation you gathered. As time passes, the environment you did the original site survey in will change. These changes, although sometimes subtle, will affect the wireless cover- age. The CUWN addresses these issues.


The Cisco Solution

The CUWN solution is based on a centralized control model. Figure 10-1 illustrates the numerous components of the CUWN.


An AP operating in lightweight mode gets its configuration from the controller. This means that you will perform most of your configuration directly on the controller. It dy- namically updates the AP as the environment changes. This also allows all the APs to share a common configuration, increasing the uniformity of your wireless network and eliminat- ing inconsistencies in your AP configurations.


As you can see, five functional areas exist:

• Wireless clients

• Access points

• Network unification

• Network management

• Network services

Supporting Multiple Networks

Previous chapters discussed that an AP can actually advertise multiple SSIDs, which lets the AP offer guest access as well as corporate user access and maybe even access for wire- less IP phones. Each Wireless LAN Controller actually can support 512 different VLAN instances. Remember that on the connection between the AP and the Wireless LAN Con- troller, all your wireless client data is passed via the LWAPP tunnel as it travels toward the wired domain.

To review, recall that an SSID exists only in the wireless space. An SSID is then tied to a VLAN within the controller. Each lightweight AP can support 512 different VLANs, but you don’t very often see that many on one AP.

On the other hand, your Wireless LAN Controller can have up to 16 wireless LANs (WLAN) tied to each AP. Each WLAN is assigned a wireless LAN identification (WLANID) by the controller. This is a number between 1 and 16, and you don’t get to choose which one to use.

So, now you have a WLAN that brings together the concept of an SSID on the wireless space and a VLAN on the wired space. By having separate WLANs, you can assign differ- ent quality-of-service (QoS) policies to the type of traffic encountered on each of them. An example of this would be to have a WLAN for IP Phones and a different WLAN for regular network users.

Each AP supports up to 16 SSIDs; generally, one SSID is mapped to one VLAN. With that said, even though a Wireless LAN Controller can support up to 512 VLANs per AP, you see a maximum of only 16 VLANs in most situations.


The CUWN Architecture

The Cisco Unified Wireless Network defines a total of five functional areas or intercon- nected elements, as shown in Figure 10-2.

The five elements or components all work together. It’s no longer about point products, where you can buy a standalone AP and deploy it and then later get management software to handle it. Today it is all about everything working together to create a smarter, more functional net- work. To illustrate how it all comes together, consider a Cisco wireless network. This type of network includes the following wireless clients (the first component of the CUWN):

• Cisco Aironet client devices

• Cisco-compatible client devices (not necessarily Cisco products, but still compatible)

• Cisco Secure Services Client (SSC)

The client devices get a user connected.

The second component, the access point, is dynamically managed by your controllers, and they use LWAPP to communicate. The AP bridges the client device to the wired net- work. A number of APs that could be discussed here are as follows:

• The 1130AG

• The 1240AG

• The 1250AG

• The 1300 series bridge

• The 1400 series bridge

• The 1500 series outdoor mesh

Delivering Packets from the Wireless to Wired Network

The Association Process

To begin, you need a network. This chapter uses the common logical topology seen in Figure 9-1. As you can see, multiple wireless clients are in range of an AP that is advertis- ing multiple service set identifiers (SSID). One SSID puts users on a network that is of- fered to guest users called Guest. The other SSID is called UserNet and is designed for authenticated users of the corporate network. Naturally, more security is going to be applied to users of UserNet, such as authentication and encryption, as opposed to the net- work Guest. The Guest network places users on the 172.30.1.0/24 subnet. The UserNet places users on the 10.99.99.0/24 network. Although these two networks are on different subnets and users associate with different SSIDs, recall that an AP can advertise multiple SSIDs but actually uses the same wireless radio. In the wireless space, the SSID and IP subnet keep the networks logically separated.


Getting back to the association process, a client scans the channels hoping to hear a beacon from an AP or actively sends a probe request. If a probe response is received or a bea- con is heard, the client can attempt to associate with the SSID received in that probe response or beacon.

The next step is to authenticate and associate with the AP. When the client chooses an SSID, it sends an authentication request. The AP should reply with an authentication response. After this occurs and a “Success” message is received, an association request is sent, including the data rates and capabilities of the client, followed by an association re- sponse from the AP. The association response from the AP includes the data rates that the AP is capable of, other capabilities, and an identification number for the association.

Next, the client must determine the speed. It does this by determining the Received Signal Strength Indicator (RSSI) and signal-to-noise ratio (SNR), and it chooses the best speed to send at based on these determinations. All management frames are sent at the lowest rate, whereas the data headers can be sent faster than management frames, and the actual data frames at the fastest possible rate. Just as the client determines its rates to send, the AP, in turn, does the same. Now that the client is associated, it can attempt to send data to other devices on the network.


Sending to a Host on Another Subnet

When a client is associated with an AP, the general idea is to send data to other devices. To illustrate this, first try to send data between Client A in Figure 9-2, which is on the User- Net network, and Client B, which is on the Guest network. Although a typical network would not allow guest users to send traffic to internal WLAN users for security purposes, this will provide an example of how the connection works.

The two clients are clearly on two different subnets, so the rules of how IP works are still in play. The clients cannot send traffic directly to each other. Based on normal IP rules, they would first determine that the other is not on the same subnet and then decide to use a default gateway to relay the information. If a client has never communicated with the de- fault gateway, it uses Address Resolution Protocol (ARP) to resolve its MAC address. The process would appear as follows:

Step 1. Client A wants to send traffic to Client B.
Step 2. Client A determines that the IP address of Client B is not on the same subnet.
Step 3. Client A decides to send the traffic to the default gateway of 10.99.99.5.
Step 4. Client A looks in its ARP table for a mapping to the gateway, but it is not there.
Step 5. Client A creates an ARP request and sends to the AP, as seen in Figure 9-3.


When the ARP request is sent to the AP, it is an interesting process and actually works a little bit differently than on a wired network. Remember that on a wired network, the header has only two MAC addresses: the source address and the destination address. An 802.11 frame can have four addresses: the source address (SA), destination address (DA), transmitter address (TA), and receiving address (RA). In this situation, the SA is the MAC of the client sending the ARP request, the DA is broadcast (for the ARP), and the RA is the AP. No TA is present in this example.

Figure 9-4 shows the ARP request.


The AP receives the ARP and sees its MAC address. It verifies the frame check sequence (FCS) in the frame and waits the short interframe space (SIFS) time. When the SIFS time expires, it sends an ACK back to the wireless client that sent the ARP request. This ACK is not an ARP response; rather, it is an ACK for the wireless frame transmission.

The AP then forwards the frame to the WLC using the Lightweight Access Point Protocol (LWAPP), as illustrated in Figure 9-5.


The LWAPP frame that travels from the AP to the WLC is traveling on a wired network. This brings forth the question, “What happened to the 802.11 frame format?” LWAPP simply encapsulates the frame inside a 6-byte header. The new 6-byte header has the AP IP and MAC address as the source and the WLC IP and MAC address as the destination. Encapsulated inside of that header is the original 802.11 frame with the three MAC ad- dresses, including the broadcast MAC address for the ARP process. When the WLC re- ceives the LWAPP frame, it opens the frame revealing the ARP request and rewrites the ARP request in an 802.3 frame that can be sent across the wired network. The first ad- dress from the 802.11 frame is dropped, the second address is placed as the source address in the new 802.3 frame, and the third address, the broadcast address, is placed as the desti- nation address. The WLC then forwards the ARP request, in 802.3 format, across the wired network, as seen in Figure 9-6. Here you can see how the frame appears between the wireless Client A and the AP, how the AP encapsulates the frame and sends it to the WLC, and how the WLC rewrites the frame and sends it to the wired network.


As switches receive the ARP request, they read the destination MAC address, which is a broadcast, and flood the frame out all ports except the one it came in on. The exception to this rule is if VLANs are in use, in which case the frame would be flooded to all ports that are members of the same VLAN. Assuming that VLANs are not in use, the frame, as stated, is flooded out all ports except the one it came in on.

At some point, the frame will be received by a Layer 3 device, hopefully the default gate- way. In Figure 9-7, the router has received the ARP request and will respond to it with its MAC address.


That ARP response is sent back as a unicast message, so the switches in the path are going to forward it directly to the port that leads back to the wireless client, rather than flooding the frame out all ports. Eventually the frame is received by the WLC, and it must be re- built as an 802.11 frame. When the WLC rewrites the frame, it places the DA as address 1, the SA as address 3, and the TA as address 2, which is the SSID of the AP. Figure 9-8 illus- trates this process.

As illustrated in Figure 9-9, the newly formed 802.11 frame is placed inside an LWAPP header where the AP IP and MAC is the destination and the WLC IP and MAC is the source. The LWAPP frame is forwarded to the AP.

Next, the AP must remove the LWAPP header, exposing the 802.11 frame. The 802.11 frame is buffered, and the process of sending a frame on the wireless network begins. The AP starts a backoff timer and begins counting down. If a wireless frame is heard during the countdown, the reservation in the heard frame is added to the countdown and the AP continues. Eventually, the timer expires, and the frame can be sent an 802.11 frame.

WiMax

Worldwide Interoperability for Microwave Access (WiMax) is defined by the WiMax fo- rum and standardized by the IEEE 802.16 suite. The most current standard is 802.16e.

According to the WiMax Forum:

“WiMAX is a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to wired broadband like cable and DSL. WiMAX provides fixed, nomadic, portable and, soon, mobile wireless broadband connectivity without the need for direct line-of-sight with a base station. In a typical cell radius deployment of three to ten kilometers, WiMAX Forum Certified systems can be ex- pected to deliver capacity of up to 40 Mbps per channel, for fixed and portable ac- cess applications.

“This is enough bandwidth to simultaneously support hundreds of businesses with T- 1 speed connectivity and thousands of residences with DSL speed connectivity. Mo- bile network deployments are expected to provide up to 15 Mbps of capacity within a typical cell radius deployment of up to three kilometers. It is expected that WiMAX technology will be incorporated in notebook computers and PDAs by 2007, allowing for urban areas and cities to become ‘metro zones’ for portable outdoor broadband wireless access.”

You must understand a few aspects of WiMax; the first is the concept of being fixed line of sight (LOS) or non-LOS (mobile). In non-LOS, mobile doesn’t mean mobile in the sense that most of us think. WiMax mobility is more like the ability to travel and then set up shop temporarily. When you are done, you pack up and move on. A few service providers use this technology to provide end-user access as an alternative to DSL or cable modem. Your signal range in this Non-LOS scenario is about 3 to 4 miles, and data rates are adver- tised at around 30 Mbps, but you can expect less—closer to 15 Mbps.

Other service providers are targeting business customers in a fixed LOS WiMax deploy- ment in which the topology most closely resembles that of a traditional T1, being a point- to-point type of topology and providing backhaul or backbone services. This fixed LOS advertises 30 to 70 Mbps throughput, but you can expect around 40 Mbps.

As the IEEE standardizes WiMax technology, it has progressed from the original 802.16 to 802.16a, c, d, and finally 802.16e.

As mentioned, the WiMax defines last-mile access. Figure 8-6 shows a sample topology in which subscribers have a point-to-point connection back to a service provider and from there have access to the public Internet.


WiMax operates on the 10- to 66-GHz frequency band, so it doesn’t interfere with 802.11 LANs. So why is it discussed in this section? The school of thought here is that, with some planning, a device acting as a gateway can be deployed offering 802.11 LAN access with 802.16 last-mile access or upstream access to a service provider, thus removing the need for wires. The question of how feasible this is lies in the hands of the vendors devel- oping the products and the standards committees ensuring interoperability. Some vendors, however, have tested this technology in lab environments with much success.


Other Types of Interference

Other types of interference can occur in the same frequency ranges. These devices might not be the most obvious, but they should be considered. They can include the following:

• Microwaves (operate at 1 to 40 GHz)

• Wireless X11 cameras (operate at 2.4 GHz)

• Radar systems (operate at 2 to 4 GHz for moderate-range surveillance, terminal traffic control, and long-range weather and at 4 to 8 GHz for long-range tracking and air- borne weather systems)

• Motion sensors (operate at 2.4 GHz)

• Fluorescent lighting (operates at 20000 Hz or higher)

• Game controllers and adapters (usually operate at 2.5 GHz)

When dealing with wireless deployments, you can use tools to determine signal strength and coverage, but just knowing about these additional sources of interference will save you some time in determining where to place APs and clients.

Additional Wireless Technologies

Cordless Phones

Cordless phones have been around as long as I can remember—or at least since I was in junior high. Cordless phones sometimes operate in the wireless spectrum as WLANs, which can cause interference issues. Visit an electronics store, and you’ll find some phones that operate at 2.4 GHz and others that operate at 5.8 GHz. This should be a consideration when you purchase cordless phones. If you have 802.11a deployed, a 2.4-GHz phone should suffice. If you have 802.11b/g, you should avoid a phone that operates in the 2.4- GHz range and go with a 5.8-GHz phone. With that said, let’s look at cordless phone technology in more detail.


To begin with,cordless phones canuse Time Division Multiple Access (TDMA) or Frequency Division Multiple Access (FDMA). The Multiple Access technology is used to allow more than one handset to access the frequency band at the same time, as shown in Figure 8-1. As you can see, a cordless phone communicates with the base station. Multiple cordless phones can use the same base station at the same time by using TDMA or FDMA.


It’s common for cordless phones to use the Digital Enhanced Cordless Telecommunica- tions (DECT) standard. DECT is an ETSI standard for digital portable phones and is found in cordless technology that is deployed in homes and businesses. Currently, the DECT standard is a good alternative for avoiding interference issues with any 802.11 technolo- gies. The original DECT frequency band was 1880 to 1900 MHz. It’s used in all European countries. It is also used in most of Asia, Australia, and South America.

In 2005, the FCC changed channelization and licensing costs in the 1920 to 1930 MHz, or 1.9 GHz, band. This band is known as Unlicensed Personal Communications Services (UPCS). This change by the FCC allowed the use of DECT devices in the U.S. with few changes. The modified DECT devices are called DECT 6.0. This allows a distinction to be made between DECT devices used overseas and other cordless devices that operate at 900 MHz, 2.4 GHz, and 5.8 GHz.


Bluetooth

Bluetooth is a personal-area technology that was named after a king of Denmark, Harald “Bluetooth” Gormson. It is said that the use of his name is based on his role in unifying Denmark and Norway. Bluetooth technology was intended to unify the telecom and com- puting industries. Today, Bluetooth can be found integrated into cell phones, PDAs, lap- tops, desktops, printers, headsets, cameras, and video game consoles. Bluetooth has low power consumption, making it a good choice for mobile, battery-powered devices.

The Bluetooth Special Interest Group (SIG) was formed in 1998, and the name “Bluetooth” was officially adopted. In 1999, Bluetooth 1.0 and 1.0b were released, although they were pretty much unusable. Bluetooth 1.1 followed and was much more functional. Eventually, based on Bluetooth 1.1, the 802.15.1 specification was approved by the IEEE to conform with Bluetooth technology.

Bluetooth 1.2 was then adopted in 2003 with faster connections and discovery of devices as well as the use of adaptive Frequency Hopping Spread Spectrum technology. In 2004, Bluetooth 2.0 + Enhanced Data Rate (EDR), supporting speeds up to 2 Mbps, was adopted by the Bluetooth SIG. The IEEE followed with 802.15.1-2005, which is the speci- fication that relates to Bluetooth 1.2. After the 802.15-2005 standard, the IEEE severed ties to the Bluetooth SIG because the Bluetooth SIG wanted to pursue functionality with other standards.

Bluetooth technology might interfere with 802.11 LANs, because it operates in the 2.4- GHz range. However, because it is designed for a proximity of about 35 feet, has low transmit power, and uses Frequency Hopping Spread Spectrum, it is unlikely that Blue- tooth will interfere.

Bluetooth is considered a piconet; it allows eight devices (one master and seven slaves) to be paired, as shown in Figure 8-2. Although the figure is a little extreme, it shows you just how many devices can be paired with a laptop or desktop. You can download photos you’ve taken, while listening to music with your headphones, synchronizing your cell phone’s contacts and PDA calendar with Outlook, and using your mouse to print that new white paper on Cisco.com, all while playing a video game. Imagine the wire mess you would have without Bluetooth.


ZigBee

Many people have never heard of ZigBee, but it’s a technology that is well-designed and very useful. ZigBee was developed by the ZigBee Alliance. It consists of small, low-power digital radios based on the IEEE 802.15.4 standard for wireless personal-area networks (WPAN), such as wireless headphones connecting to cell phones via short-range radio. If you look at the ZigBee Alliance home page at http://www.zigbee.org, you’ll likely notice that ZigBee relates much of its use to control and monitoring. In fact, ZigBee is often used for monitoring, building automation, control devices, personal healthcare devices, and computer peripherals.

A Wireless Connection

Using Figures 7-11 through 7-18, you can step through a simple discovery and association process.

1. The AP sends beacons every 2 seconds, as shown in Figure 7-11.


2. Client A is passively scanning and hears the beacon. This enables the client to deter- mine whether it can connect. You can see this in Figure 7-12.

3. A new client (Client B) arrives. Client B is already configured to look for the AP, so in- stead of passive scanning, it sends a probe request for the specific AP (see Figure 7-13).


4. The AP sends a probe response, seen in Figure 7-14, which is similar to a beacon. This lets Client B determine if it can connect.


5. From this point on, the process would be the same for Client A and Client B. In Figure 7-15, Client B sends an authentication request.

6. Also seen in Figure 7-15, the AP returns an authentication response to the client.

7. The client then sends an association request, as seen in Figure 7-16.

8. Now the AP sends an association response, also seen in Figure 7-16.

9. When the client wants to send, it uses an RTS, assuming this is a mixed b/g cell. The RTS includes the duration, as you can see in Figure 7-17.

10. Also seen in Figure 7-17, the AP returns a CTS.

11. The client sends the data (see Figure 7-17).

12. The AP sends an ACK after each frame is received (Figure 7-17).

13. In Figure 7-18, the client sends a disassociation message.

14. The AP replies with a disassociation response (Figure 7-18).

15. The client returns and sends a reassociation message (Figure 7-18).

16. The AP responds with a reassociation response (Figure 7-18).


Again, this process has other variations, but this should give you a pretty good under- standing of how to manage a connection.

Wireless Frame Transmission

When people talk about wireless networks, they often say that they are just like wired 802.3 LANs. This is actually incorrect, aside from the fact that they use MAC addresses. Wireless LANs use the 802.11 frame structure, and you can encounter multiple types of frames. To get a better understanding, you can begin by learning the three types of wireless frames. Once you are familiar with the three types of wireless frames, you can further your knowledge by taking a deeper look at interframe spacing (IFS) and why it is necessary.


Wireless Frame Types

Wireless LANs come in three frame types:

• Management frames: Used for joining and leaving a wireless cell. Management frame types include association request, association response, and reassociation request, just to name a few. (See Table 7-2 for a complete list.)

• Control frames: Used to acknowledge when data frames are received.

• Data frames: Frames that contain data.

Now that you have an idea of what frames are used, it is helpful to see how these frames are sent. For this, you need to understand a few more terms that might be new to you. Because all the terms meld together to some degree, they are explained in context throughout the next section.


Sending a Frame

Recall that wireless networks are half-duplex networks. If more than one device were to send at the same time, a collision would result. If a collision occurs, the data from both senders would be unreadable and would need to be resent. This is a waste of time and resources. To overcome this issue, wireless networks use multiple steps to access the network. Wireless LANs use carrier sense multiple access collision avoidance (CSMA/CA), which is similar to the way 802.3 LANs work. The carrier sense part means that a station has to determine if anyone else is sending. This is done with clear channel assessment (CCA), and what it means is that you listen. You can, however, run into an issue where two devices cannot hear each other. This is called the hidden node problem. This issue is overcome using virtual carrier sense (VCS). The medium is not considered available until both the physical and virtual carrier report that it is clear.

Each station must also observe IFS. IFS is a period that a station has to wait before it can send. Not only does IFS ensure that the medium is clear, but it ensures that frames are not sent so close together that they are misinterpreted. The types of IFS periods are as follows:

• Short interframe space (SIFS): For higher priority and used for ACKs, among other things

• Point-coordination interframe space (PIFS): Used when an AP is going to control the network

• Distributed-coordination interframe space (DIFS): Used for data frames and is the normal spacing between frames

Each of these has a specific purpose as defined by the IEEE.

SIFS is used when you must send a frame quickly. For example, when a data frame is sent and must be acknowledged (ACK), the ACK should be sent before another station sends other data. Data frames use DIFS. The time value of DIFS is longer than SIFS, so the SIFS would preempt DIFS because it has a higher priority.

Figure 7-1 illustrates the transmission of a frame. In the figure, Station A wants to send a frame. As the process goes, both the physical and virtual carrier need to be free. This means the client has to listen. To listen, the client chooses a random number and begins a countdown process, called a backoff timer. The speed at which the countdown occurs is called a slottime and is different for 802.11a, b, and g.


It works like this:

1. Station A selects the random timer value of 29.

2. Station A starts counting at 29, 28, 27, 26, and so on. While Station A is counting down, it is also listening for whether anyone else is sending a frame.

3. When the timer is at 18, Station B sends a frame, having a duration value in the header of 45.

4. The duration of 45 that is in the header of the frame sent by Station B is called a network allocation vector (NAV) and is a reservation of the medium that includes the amount of time to send its frame, wait for the SIFS, and then receive an ACK from the AP.

5. Station A adds 45 to the 18 that is left and continues counting down, 63, 62, 61, and so on. The total time that Station A waits before sending is called the contention window.

6. After the timer on Station A reaches 0, it can send its frame as illustrated in Figure 7- 2. At this point, the medium should be clear.

If Station A sends but fails, it resets the backoff timer to a new random number and counts down again. The backoff timer gets larger as the frames fail in transmission. For example, the initial timer can be any number between 0 and 31. After the first failure, it jumps to any number between 0 and 127. It doubles for the next failure, then again, then again.


This entire process is known as the distributed coordination function (DCF). This simply means that each station is responsible for coordinating the sending of its data. The alternative to DCF is point coordination function (PCF), which means the AP is responsible for coordination of data transmission.


If the frame is successful, an ACK must be sent. The ACK uses the SIFS timer value to make sure it is sent quickly. Some amount of silence between frames is natural. The SIFS is the shortest period of silence. The NAV reserves this time. A normal silence time is the DIFS. Again, the ACK uses SIFS because you want it to be sent immediately. The station that sends the ACK waits for the SIFS and then ACKs with the duration of 0. This is how the end of the transmission is indicated.


Frame Types

For the most part, all frames are going to have the same type of header. The difference is in the body of the frame. The body is more specific and indicates what the frame is all about. Table 7-2 shows some frame types.

802.11 WLAN Protocols

wireless space consists of numerous protocols. Specifically in the WLAN area, the Institute of Engineers Electrical and Electronic Engineers (IEEE) has created several protocols within the 802.11 category to facilitate the networking process. These protocols define the data rates, the modulation techniques, and more. An understanding of these protocols is essential for any administrator of wireless networks.

The IEEE helps to standardize wireless protocols. Those that you must be familiar with for the CCNA Wireless Exam are the 802.11 a/b/g and n protocols. These four IEEE standards define the wireless family that is used in almost all wireless LANS today. The standardization of wireless networking started with the original 802.11 protocol in 1997, and each protocol thereafter has simply added to the benefit of wireless technologies. This chapter looks at the 802.11 protocol families, their history, and how they operate. The 802.11 protocols encompass the 2.4-GHz and 5-GHz range.


The Original 802.11 Protocol

The original 802.11 protocol was where wireless LANs find there beginnings. It is rare to find this original protocol in new hardware today, probably because it only operates at 1 and 2 Mbps. The 802.11 standard describes frequency-hopping spread spectrum (FHSS), which operates only at 1 and 2 Mbps. The standard also describes direct sequence spread spectrum (DSSS), which operates only at 1 and 2 Mbps. If a client operates at any other data rate, it is considered non-802.11 compliant, even if it can use the 1- and 2-Mbps rates.


The original 802.11 protocol falls within the industry, scientific, and medical (ISM) bands and operates only in the 2.4-GHz range. The 2.4-GHz range has up to 14 channels depending on the country you are in. In the United States, the FCC allows channels 1 through 11 to be used. This gives you 3 nonoverlapping channels: 1, 6, and 11. This is important because you do not want to have APs and clients operating on the same channel placed near each other for interference reasons.


The 802.11b Protocol

802.11b is a supplement to the 802.11 protocol. To get an better feel for how the 802.11 protocols progressed, understand that technology moves faster than the standards do. 802.11 was quickly outgrown because wired networks offered 10 Mbps versus the 1 and 2 Mbps of 802.11. Vendors developed methods of achieving higher data rates. The danger in vendor-designed protocols, of course, is interoperability. The job of the IEEE was simply to define a standard that all vendors could follow based on the proprietary implementations that they were using.

802.11b offers higher data rates—up to 11 Mbps—with backward compatibility at 1 and 2 Mbps. At 1 and 2 Mbps, the same coding and modulation as 802.11 is used. When operating at the new speeds—5.5 Mbps and 11 Mbps—a different modulation and coding is used. 802.11 uses Barker 11 coding, as covered in Chapter 1, “Introduction to Wireless Networking Concepts,” and 802.11b uses complementary code keying (CCK) for coding. For modulation, 802.11 uses differential binary phase-shift keying (DBPSK), whereas 802.11b uses differential quadrature phase-shift keying (DQPSK). The result is more data sent in the same period.

802.11b was ratified in September 1999. The United States has 11 channels, the same as 802.11. In Europe, the ETSI defines 13 channels, and Japan has 14. 802.11b allows dynamic rate shifting (DRS) to enable clients to shift rates to lower rates as they travel farther away from an AP and higher rates as they get closer to an AP. Today, 802.11b is the most popular and most widely deployed wireless standard. Table 6-3 gives some basic information on the 802.11b standard.


The 802.11g Protocol

The IEEE ratified 802.11g in June 2003. In addition to the four data rates of 802.11b, it added eight more. The maximum data rate of 54 Mbps places 802.11g in the same speed range as 802.11a; however, it remains in the 2.4-Ghz frequency range. On the lower end, 802.11g is still compatible with 802.11b, using the same modulation and coding as 802.11b for the 1-, 2-, 5.5-, and 11-Mbps rates. To achieve the higher data rates, 802.11g uses orthogonal frequency division multiplexing (OFDM) for modulation. OFDM is the same modulation that 802.11a uses.

There are still only three nonoverlapping channels. With OFDM, you must be careful about power outputs; the power needs to be reduced to handle the peaks in the modulation technique and still fall within governmental regulations. Table 6-4 shows some details about 802.11g.


The 802.11a Protocol

802.11a was ratified in 1999 and operates in the 5-GHz frequency range. This makes it incompatible with 802.11, 802.11b, and 802.11g, while avoiding interference from these devices in addition to microwaves, Bluetooth devices, and cordless phones. 802.11a had late-market adoption, so it is not as widely deployed as the 802.11b and g protocols.

Another difference is that 802.11a supports anywhere from 12 to 23 nonoverlapping channels as opposed to the 3 nonoverlapping channels in 802.11b/g. Because OFDM is used, subchannels can overlap. 802.11a requires that the data rates of 6, 12, and 24 Mbps be supported but allows for data rates up to 54 Mbps.

Table 6-5 shows some details on the 802.11a standard.


The rules under ETSI specifications are a little different. ETSI allows 19 channels and requires that dynamic frequency control (DFC) and transmit power control (TPC) be used.

What makes 802.11a unique is the way the 5-GHz frequency band is divided into multiple parts. These parts, the Unlicensed National Information Infrastructure (UNII), were designed for different uses. UNII-1 was designed for indoor use with a permanent antenna. UNII-2 was designed for indoor or outdoor use with an external antenna, and UNII-3 was designed for outdoor bridges and external antennas.

The FCC revised the use of the frequency in 2004 by adding channels and requiring compliance of DFC and TPC to avoid radar. The revision also allows all three parts of the UNII to be used indoors. This is not the case with ETSI, however, because it does not allow unlicensed use of UNII-3.


In the 802.11a spectrum, the higher-band channels are 30 MHz apart. This includes UNII- 2 and above. The lower bands are 20 MHz apart.


The 802.11n Protocol

802.11n is currently a draft standard. Again, technology has progressed more rapidly than the standards, because vendors are already shipping 802.11n APs and clients. What makes 802.11n special is that in a pure 802.11n environment, you can get speeds up to 300 Mbps, but most documentation says it will provide 100 Mbps. This is probably because the expectation is that other 802.11 clients will be present. 802.11n is, in fact, backward compatible with 802.11b/g and a.

The backward compatibility and speed capability of 802.11n come from its use of multiple antennas and a technology called Multiple-Input, Multiple-Output (MIMO). MIMO, pronounced Mee-Moh, uses different antennas to send and receive, thus increasing throughput and accomplishing more of a full duplex operation.

MIMO comes in three types:

• Precoding

• Spatial multiplexing

• Diversity coding

Precoding is a function that takes advantage of multiple antennas and the multipath issue that was discussed in Chapter 3, “WLAN RF Principles.” 802.11n uses transmit beamforming (TxBF), which is a technique that is used when more than one transmit antenna exists where the signal is coordinated and sent from each antenna so that the signal at the receiver is dramatically improved, even if it is far from the sender. This technique is something that you would use when the receiver has only a single antenna and is not moving. If the receiver is moving, then the reflection characteristics change, and the beamforming can no longer be coordinated. This coordination is called channel state information (CSI).

Spatial multiplexing takes a signal, splits it into several lower rate streams, and then sends each one out of different antennas. Each one of the lower rate streams are sent on the same frequency. The number of streams is limited to the lowest number of antennas on either the transmitter or the receiver. If an AP has four antennas and a client has two, you are limited to two.

Currently, the Wi-Fi Alliance is certifying 802.11n devices even though they are still in draft status. The Wi-FI Alliance is doing this using the interim IEEE 802.11n draft 2.0.