7 Basic Wireless Concepts and Configuration

7.0 Chapter Introduction

7.0.1 Chapter Introduction

Page 1:
In the previous chapters, you learned how switch functions can facilitate interconnecting devices on a wired network. Typical business networks make extensive use of wired networks. Physical connections are made between computer systems, phone systems, and other peripheral devices to switches located in the wiring closets.

Managing a wired infrastructure can be challenging. Consider what happens when a worker decides they prefer their computer system in a different location in their office, or when a manager wants to bring a notebook to a meeting room and connect to the network there. In a wired network, you need to move the network connection cable to a new location in the worker's office and make sure there is a network connection available in the meeting room. To avoid these physical changes, wireless networks are becoming more and more common.

In this chapter, you will learn how wireless local area networks (WLANs) offer businesses a flexible networking environment. You will learn the different wireless standards available today and the features that each standard offers. You will learn which hardware components are typically necessary in a wireless infrastructure, how WLANs operate, and how to secure them. Finally, you will learn how to configure a wireless access point and a wireless client.

7.0.1 - Chapter Introduction
The diagram depicts the chapter objectives.
- Describe the components and basic operation of wireless LAN's.
- Describe the components and operations of basic W LAN security.
- Configure and verify basic wireless LAN access.
- Troubleshoot wireless client access.

7.1 The Wireless LAN

7.1.1 Why Use Wireless?

Page 1:
Why have Wireless LANs Become so Popular?

Click the Play button in the figure to view the video.

Business networks today are evolving to support people who are on the move. Employees and employers, students and faculty, government agents and those they serve, sports fans and shoppers, all are mobile and many of them are "connected." Perhaps you have a mobile phone that you route instant messages to when you are away from your computer. This is the vision of mobility-an environment where people can take their connection to the network along with them on the road.

There are many different infrastructures (wired LAN, service provider networks) that allow mobility like this to happen, but in a business environment, the most important is the WLAN.

Productivity is no longer restricted to a fixed work location or a defined time period. People now expect to be connected at any time and place, from the office to the airport or even the home. Traveling employees used to be restricted to pay phones for checking messages and returning a few phone calls between flights. Now employees can check e-mail, voice mail, and the status of products on personal digital assistants (PDAs) while at many temporary locations.

At home, many people have changed the way they live and learn. The Internet has become a standard service in many homes, along with TV and phone service. Even the method of accessing the Internet has quickly moved from temporary modem dialup service to dedicated DSL or cable service. Home users are seeking many of the same flexible wireless solutions as office workers. For the first time, in 2005, more Wi-Fi-enabled mobile laptops were purchased than fixed-location desktops.

In addition to the flexibility that WLANs offer, another important benefit is reduced costs. For example, with a wireless infrastructure already in place, savings are realized when moving a person within a building, reorganizing a lab, or moving to temporary locations or project sites. On average, the IT cost of moving an employee to a new location within a site is $375 (US dollars).

Another example is when a company moves into a new building that does not have any wired infrastructure. In this case, the savings resulting from using WLANs can be even more noticeable, because the cost of running cables through walls, ceilings, and floors is largely avoided.

Though harder to measure, WLANs can result in better productivity and more relaxed employees, leading to better results for customers and increased profits.

7.1.1 - Why Use Wireless?
The video depicts Cisco Enterprise Mobility Solutions.

Page 2:
Wireless LANs

In the previous chapters, you learned about switch technologies and functions. Most current business networks rely on switch-based LANs for day-to-day operation inside the office. However, workers are becoming more mobile and want to maintain access to their business LAN resources from locations other than their desks. Workers in the office want to take their laptops to meetings or to a co-worker's office. When using a laptop in another location, it is inconvenient to rely on a wired connection. In this topic, you will learn about wireless LANs (WLANs) and how they benefit a business. You will also explore the security concerns associated with WLANs.

Portable communications have become an expectation in many countries around the world. You can see portability and mobility in everything from cordless keyboards and headsets, to satellite phones and global positioning systems (GPS). The mix of wireless technologies in different types of networks allows workers to be mobile.

Click on the Wireless LANs button in the figure.

You can see that the WLAN is an extension of the Ethernet LAN. The function of the LAN has become mobile. You are going to learn about WLAN technology and the standards behind the mobility that allow people to continue a meeting, while walking, while in a cab, or while at the airport.

7.1.1 - Why Use Wireless?
The diagram compares various wireless technologies. Four nested ovals are shown with each one larger than the previous one. From smallest to largest, they show a personal area network (PAN), local area network (LAN), metropolitan area network (MAN), and wide area network (WAN). A wireless LAN topology is also shown.

Information is provided on each of these wireless network types.

Wireless Technologies:
Personal Area Network (PAN)
Standards: Bluetooth, 8 0 2 dot 15.3.
Speed: less than 1 Megabit per second.
Range: Short.
Applications: Peer-to-Peer, Device-to-Device.

Local Area Network (LAN)
Standards: 8 0 2 dot 11.
Speed: 11 to 54 Megabit per second.
Range: Medium.
Applications: Enterprise Networks.

Metropolitan Area Network (MAN)
Standards: 8 0 2 dot 11, 8 0 2 dot 16, and 8 0 2 dot 20.
Speed: 10 to 100 plus Megabit per second.
Range: Medium-Long.
Applications: Last Mile Access.

Wide Area Network (WAN)
Standards: GSM, CDMA, Satellite.
Speed: 10 Kilobits per second to 2 Megabits per second.
Range: Long.
Applications: Mobile Data Devices.

Wireless LAN's:
Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh using dual trunk links between switches. Switch S1 is connected to router R1 using a single link and one router interface. Wireless access points and wireless PC's are connected to the main LAN as an extension of it. Device connections are as follows:
- Switch S1 port F0/1 is connected to S2 port F0/1 (Trunk).
- Switch S1 port F0/2 is connected to S2 port F0/2 (Trunk).
- Switch S1 port F0/5 is connected to R1 port F0/1.
- Switch S2 port F0/3 is connected to S3 port F0/1 (Trunk).
- Switch S2 port F0/4 is connected to S3 port F0/2 (Trunk).
- Switch S2 port F0/11 is connected to PC1 with IP address 172.17.10.21.
- Switch S2 port F0/18 is connected to PC2 with IP address 172.17.20.22.
- Switch S2 port F0/7 is connected to wireless router WRS2. The WRS2 IP address is 172.17.99.25 /24. PC3, with IP address 172.17.99.23, is connected to WRS2 via wireless.
- Switch S3 port F0/4 is connected to S1 port F0/4 (Trunk).
- Switch S3 port F0/3 is connected to S1 port F0/3 (Trunk).
- Switch S3 port F0/7 is connected to wireless router WRS3. The WRS3 IP address is 172.17.99.35 /24. PC6 is connected to WRS3 via wireless.
- Web/FTP Server is connected to R1 port F0/0. The R1 F0/0 IP address is 172.17.50.1. The Web/FTP Server IP address is 172.17.50.254.

Page 3:
Comparing a WLAN to a LAN

Wireless LANs share a similar origin with Ethernet LANs. The IEEE has adopted the 802 LAN/MAN portfolio of computer network architecture standards. The two dominant 802 working groups are 802.3 Ethernet and 802.11 wireless LAN. However, there are important differences between the two.

WLANs use radio frequencies (RF) instead of cables at the Physical layer and MAC sub-layer of the Data Link layer. In comparison to cable, RF has the following characteristics:

• RF does not have boundaries, such as the limits of a wire in a sheath. The lack of such a boundary allows data frames traveling over the RF media to be available to anyone that can receive the RF signal.
• RF is unprotected from outside signals, whereas cable is in an insulating sheath. Radios operating independently in the same geographic area but using the same or a similar RF can interfere with each other.
• RF transmission is subject to the same challenges inherent in any wave-based technology, such as consumer radio. For example, as you get further away from the source, you may hear stations playing over each other or hear static in the transmission. Eventually you may lose the signal all together. Wired LANs have cables that are of an appropriate length to maintain signal strength.
• RF bands are regulated differently in various countries. The use of WLANs is subject to additional regulations and sets of standards that are not applied to wired LANs.

WLANs connect clients to the network through a wireless access point (AP) instead of an Ethernet switch.

WLANs connect mobile devices that are often battery powered, as opposed to plugged-in LAN devices. Wireless network interface cards (NICs) tend to reduce the battery life of a mobile device.

WLANs support hosts that contend for access on the RF media (frequency bands). 802.11 prescribes collision-avoidance instead of collision-detection for media access to proactively avoid collisions within the media.

WLANs use a different frame format than wired Ethernet LANs. WLANs require additional information in the Layer 2 header of the frame.

WLANs raise more privacy issues because radio frequencies can reach outside the facility.

7.1.1 - Why Use Wireless?
The diagram compares the characteristics of 8 0 2 dot 11 wireless LAN's (W LAN's) and 8 0 2 dot 3 Ethernet LAN's.

Characteristic: Physical Layer.
8 0 2 dot 11 Wireless LAN: Radio Frequency (RF).
8 0 2 dot 3 Ethernet LAN: Cable.

Characteristic: Media Access.
8 0 2 dot 11 Wireless LAN: Collision Avoidance.
8 0 2 dot 3 Ethernet LAN: Collision Detection.

Characteristic: Availability.
8 0 2 dot 11 Wireless LAN: Anyone with a radio NIC in range of an access point.
8 0 2 dot 3 Ethernet LAN: Cable connection required.

Characteristic: Signal Interference.
8 0 2 dot 11 Wireless LAN: Yes.
8 0 2 dot 3 Ethernet LAN: Inconsequential.

Characteristic: Regulation.
8 0 2 dot 11 Wireless LAN: Additional regulation by local authorities.
8 0 2 dot 3 Ethernet LAN: i e e e standard dictates.

Page 4:
Introducing Wireless LANs

802.11 wireless LANs extend the 802.3 Ethernet LAN infrastructures to provide additional connectivity options. However, additional components and protocols are used to complete wireless connections.

In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC to a switch. The switch is the point where the client gains access to the network.

Click the WLAN Devices button in the figure.

In a wireless LAN, each client uses a wireless adapter to gain access to the network through a wireless device such as a wireless router or access point.

Click the Clients button in the figure.

The wireless adapter in the client communicates with the wireless router or access point using RF signals. Once connected to the network, wireless clients can access network resources just as if they were wired to the network.

7.1.1 - Why Use Wireless?
The diagram depicts wireless LAN components and client devices.

Network Topology:
W LAN Devices:
Two switches, S1 and S2, are connected using dual trunk links. Switch S1 is connected to router R1 using a single link and one router interface. A wireless access point, WRS2, is connected to switch S2.

Clients: Two wireless laptops with wireless NIC's installed are connected to the wireless access point, WRS2.

7.1.2 Wireless LAN Standards

Page 1:
Wireless LAN Standards

802.11 wireless LAN is an IEEE standard that defines how radio frequency (RF) in the unlicensed industrial, scientific, and medical (ISM) frequency bands is used for the Physical layer and the MAC sub-layer of wireless links.

When 802.11 was first released, it prescribed 1 - 2 Mb/s data rates in the 2.4 GHz band. At that time, wired LANs were operating at 10 Mb/s so the new wireless technology was not enthusiastically adopted. Since then, wireless LAN standards have continuously improved with the release of IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and draft 802.11n.

Typically, the choice of which WLAN standard to use is based on data rates. For instance, 802.11a and g can support up to 54 Mb/s, while 802.11b supports up to a maximum of 11 Mb/s, making 802.11b the "slow" standard, and 802.11 a and g the preferred ones. A fourth WLAN draft, 802.11n, exceeds the currently available data rates. The IEEE 802.11n should be ratified by September 2008. The figure compares the ratified IEEE 802.11a, b, and g standards.

Click the Table button in the figure to see details about each standard.

The data rates of different wireless LAN standards, are affected by something called a modulation technique. The two modulation techniques that you will reference in this course are Direct Sequence Spread Spectrum (DSSS) and Orthogonal Frequency Division Multiplexing (OFDM). You do not need to know how these techniques work for this course, but you should be aware that when a standard uses OFDM, it will have faster data rates. Also, DSSS is simpler than OFDM, so it is less expensive to implement.

802.11a

The IEEE 802.11a adopted the OFDM modulation technique and uses the 5 GHz band.

802.11a devices operating in the 5 GHz band are less likely to experience interference than devices that operate in the 2.4 GHz band because there are fewer consumer devices that use the 5 GHz band. Also, higher frequencies allow for the use of smaller antennas.

There are some important disadvantages to using the 5 GHz band. The first is that higher frequency radio waves are more easily absorbed by obstacles such as walls, making 802.11a susceptible to poor performance due to obstructions. The second is that this higher frequency band has slightly poorer range than either 802.11b or g. Also, some countries, including Russia, do not permit the use of the 5 GHz band, which may continue to curtail its deployment.

802.11b and 802.11g

802.11b specified data rates of 1, 2, 5.5, and 11 Mb/s in the 2.4 GHz ISM band using DSSS. 802.11g achieves higher data rates in that band by using the OFDM modulation technique. IEEE 802.11g also specifies the use of DSSS for backward compatibility with IEEE 802.11b systems. DSSS data rates of 1, 2, 5.5, and 11 Mb/s are supported, as are OFDM data rates of 6, 9, 12, 18, 24, 48, and 54 Mb/s.

There are advantages to using the 2.4 GHz band. Devices in the 2.4 GHz band will have better range than those in the 5GHz band. Also, transmissions in this band are not as easily obstructed as 802.11a.

There is one important disadvantage to using the 2.4 GHz band. Many consumer devices also use the 2.4 GHz band and cause 802.11b and g devices to be prone to interference.

802.11n

The IEEE 802.11n draft standard is intended to improve WLAN data rates and range without requiring additional power or RF band allocation. 802.11n uses multiple radios and antennae at endpoints, each broadcasting on the same frequency to establish multiple streams. The multiple input/multiple output (MIMO) technology splits a high data-rate stream into multiple lower rate streams and broadcasts them simultaneously over the available radios and antennae. This allows for a theoretical maximum data rate of 248 Mb/s using two streams.

The standard is expected to be ratified by September 2008.

Important: RF bands are allocated by the International Telecommunications Union-Radio communication sector (ITU-R). The ITU-R designates the 900 MHz, 2.4 GHz, and 5 GHz frequency bands as unlicensed for ISM communities. Although the ISM bands are globally unlicensed, they are still subject to local regulations. The use of these bands is administered by the FCC in the United States and by the ETSI in Europe. These issues will impact your selection of wireless components in a wireless implementation.

7.1.2 - Wireless LAN Standards
The diagram depicts the wireless LAN standards data rate and range in a graphical and tabular format. The information presented includes the following:

Band:
8 0 2 dot 11a: 5.7 Gigahertz.
8 0 2 dot 11b: 2.4 Gigahertz.
8 0 2 dot 11g: 2.4 Gigahertz.
8 0 2 dot 11n: Unconfirmed, possibly 2.4 and 5 Gigahertz bands.

Channels, Non-overlapping:
8 0 2 dot 11a: Up to 23.
8 0 2 dot 11b: 3.
8 0 2 dot 11g: 3.
8 0 2 dot 11n: Unconfirmed.


Modulation:
8 0 2 dot 11a: OFDM.
8 0 2 dot 11b: DSSS.
8 0 2 dot 11g: DSSS, OFDM.
8 0 2 dot 11n: M I M O - OFDM.

Data Rates:
8 0 2 dot 11a: Up to 54 Megabits per second.
8 0 2 dot 11b: Up to 11 Megabits per second.
8 0 2 dot 11g: Up to 11 with DSSS and up to 54 Megabits per second with OFDM.
8 0 2 dot 11n: Speculated to be 248 Megabits per second for two M I M O streams.

Range:
8 0 2 dot 11a: 150 feet or 35 meters.
8 0 2 dot 11b: 150 feet or 35 meters.
8 0 2 dot 11g: 150 feet or 35 meters.
8 0 2 dot 11n: 230 feet or 70 meters.

Year Standard Ratified:
8 0 2 dot 11a: October 1999.
8 0 2 dot 11b: October 1999.
8 0 2 dot 11g: June 2003.
8 0 2 dot 11n: Expected in 2008 or 2009.

Pros:
8 0 2 dot 11a: Fast, less prone to interference.
8 0 2 dot 11b: Low cost, good range.
8 0 2 dot 11g: Fast, good range, not easily obstructed.
8 0 2 dot 11n: Very good data rates, improved range.

Cons:
8 0 2 dot 11a: Higher cost, shorter range.
8 0 2 dot 11b: Slow, prone to interference.
8 0 2 dot 11g: Prone to interference from appliances operating on a 2.4 Gigahertz band.
8 0 2 dot 11n: Unconfirmed.

Page 2:
Wi-Fi Certification

Wi-Fi certification is provided by the Wi-Fi Alliance (http://www.wi-fi.org), a global, nonprofit, industry trade association devoted to promoting the growth and acceptance of WLANs. You will better appreciate the importance of Wi-Fi certification if you consider the role of the Wi-Fi Alliance in the context of WLAN standards.

Standards ensure interoperability between devices made by different manufacturers. Internationally, the three key organizations influencing WLAN standards are:

• ITU-R
• IEEE
• Wi-Fi Alliance

The ITU-R regulates the allocation of the RF spectrum and satellite orbits. These are described as finite natural resources that are in demand from such consumers as fixed wireless networks, mobile wireless networks, and global positioning systems.

The IEEE developed and maintains the standards for local and metropolitan area networks with the IEEE 802 LAN/MAN family of standards. IEEE 802 is managed by the IEEE 802 LAN/MAN Standards Committee (LMSC), which oversees multiple working groups. The dominant standards in the IEEE 802 family are 802.3 Ethernet, 802.5 Token Ring, and 802.11 Wireless LAN.

Although the IEEE has specified standards for RF modulation devices, it has not specified manufacturing standards, so interpretations of the 802.11 standards by different vendors can cause interoperability problems between their devices.

The Wi-Fi Alliance is an association of vendors whose objective is to improve the interoperability of products that are based on the 802.11 standard by certifying vendors for conformance to industry norms and adherence to standards. Certification includes all three IEEE 802.11 RF technologies, as well as early adoption of pending IEEE drafts, such as 802.11n, and the WPA and WPA2 security standards based on IEEE 802.11i.

The roles of these three organizations can be summarized as follows:

• ITU-R regulates allocation of RF bands.
• IEEE specifies how RF is modulated to carry information.
• Wi-Fi ensures that vendors make devices that are interoperable.

7.1.2 - Wireless LAN Standards
The diagram depicts the WiFi certified verification document developed by the WiFi Alliance, http://www.wi-fi.org. This document has checkboxes indicating that the product to which it is affixed is interoperable with wireless data rates of 11 Megabits per second and 54 Megabits per second in the 2.4 Gigahertz band, and 54 Megabits per second in the 5 Gigahertz band. A checkbox is also present that indicates interoperability with WiFi protected access.

7.1.3 Wireless Infrastructure Components

Page 1:
Wireless NICs

You may already use a wireless network at home, in a local coffee shop, or at the school you attend. Have you ever wondered what hardware components are involved in allowing you to wirelessly access the local network or Internet? In this topic, you will learn which components are available to implement WLANs and how each is used in the wireless infrastructure.

To review, the building block components of a WLAN are client stations that connect to access points that, in turn, connect to the network infrastructure. The device that makes a client station capable of sending and receiving RF signals is the wireless NIC.

Like an Ethernet NIC, the wireless NIC, using the modulation technique it is configured to use, encodes a data stream onto an RF signal. Wireless NICs are most often associated with mobile devices, such as laptop computers. In the 1990s , wireless NICs for laptops were cards that slipped into the PCMCIA slot. PCMCIA wireless NICs are still common, but many manufacturers have begun building the wireless NIC right into the laptop. Unlike 802.3 Ethernet interfaces built into PCs, the wireless NIC is not visible, because there is no requirement to connect a cable to it.

Other options have emerged over the years as well. Desktops located in an existing, non-wired facility can have a wireless PCI NIC installed. To quickly set up a PC, mobile or desktop, with a wireless NIC, there are many USB options available as well.

7.1.3 - Wireless Infrastructure Components
The diagram depicts various types of wireless NIC's for use with desktop and laptop PC's. Desktop wireless NIC's include ISA, PCI and USB. The laptop shows a PC card that goes into the PCMCIA slot, but many laptops now have a wireless NIC built-in.

Page 2:
Wireless Access Points

An access point connects wireless clients (or stations) to the wired LAN. Client devices do not typically communicate directly with each other; they communicate with the AP. In essence, an access point converts the TCP/IP data packets from their 802.11 frame encapsulation format in the air to the 802.3 Ethernet frame format on the wired Ethernet network.

In an infrastructure network, clients must associate with an access point to obtain network services. Association is the process by which a client joins an 802.11 network. It is similar to plugging into a wired LAN. Association is discussed in later topics.

An access point is a Layer 2 device that functions like an 802.3 Ethernet hub. RF is a shared medium and access points hear all radio traffic. Just as with 802.3 Ethernet, the devices that want to use the medium contend for it. Unlike Ethernet NICs, though, it is expensive to make wireless NICs that can transmit and receive at the same time, so radio devices do not detect collisions. Instead, WLAN devices are designed to avoid them.

CSMA/CA

Access points oversee a distributed coordination function (DCF) called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). This simply means that devices on a WLAN must sense the medium for energy (RF stimulation above a certain threshold) and wait until the medium is free before sending. Because all devices are required to do this, the function of coordinating access to the medium is distributed. If an access point receives data from a client station, it sends an acknowledgement to the client that the data has been received. This acknowledgement keeps the client from assuming that a collision occurred and prevents a data retransmission by the client.

Click the Hidden Nodes button in the figure.

RF signals attenuate. That means that they lose their energy as they move away from their point of origin. Think about driving out of range of a radio station. This signal attenuation can be a problem in a WLAN where stations contend for the medium.

Imagine two client stations that both connect to the access point, but are at opposite sides of its reach. If they are at the maximum range to reach the access point, they will not be able to reach each other. So neither of those stations sense the other on the medium, and they may end up transmitting simultaneously. This is known as the hidden node (or station) problem.

One means of resolving the hidden node problem is a CSMA/CA feature called request to send/clear to send (RTS/CTS). RTS/CTS was developed to allow a negotiation between a client and an access point. When RTS/CTS is enabled in a network, access points allocate the medium to the requesting station for as long as is required to complete the transmission. When the transmission is complete, other stations can request the channel in a similar fashion. Otherwise, normal collision avoidance function is resumed.

7.1.3 - Wireless Infrastructure Components
The diagram depicts a wireless network infrastructure with four wireless access points (AP's), AP1, AP2, AP3, and AP4, at various locations on a building floorplan. Each AP has a circle around it representing the range or coverage area for station access. These circles overlap with one another.

Hidden node problem:
The diagram also depicts the hidden node problem, which can occur when two client stations that are connected to the same AP are at the maximum range. Neither station senses the other on the medium, and they may end up transmitting simultaneously. Wireless LAN's use Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) to avoid the hidden node problem.

In the topology shown, wireless AP WRS3 has three wireless laptops, PC1, PC2, and PC3, communicating with it.

The hidden node problem:
- PC1 and PC2 reach WRS3.
- PC1 and PC2 cannot reach each other.
- PC1 does not detect PC2 activity on the channel.
- PC1 sends data while PC2 is transmitting.
- A collision occurs.

PC3 is sensed by both PC1 and PC2, so there are no collisions involving PC3.

Page 3:
Wireless Routers

Wireless routers perform the role of access point, Ethernet switch, and router. For example, the Linksys WRT300N used is really three devices in one box. First, there is the wireless access point, which performs the typical functions of an access point. A built-in four-port, full-duplex, 10/100 switch provides connectivity to wired devices. Finally, the router function provides a gateway for connecting to other network infrastructures.

The WRT300N is most commonly used as a small business or residential wireless access device. The expected load on the device is low enough that it should be able to manage the provision of WLAN, 802.3 Ethernet, and connect to an ISP.

7.1.3 - Wireless Infrastructure Components
The diagram depicts a wireless router (WR) in a home network.

The example shows a DSL modem connected to an ISP and then to the wireless router. An end-user PC is also communicating wirelessly with the wireless router.

The caption states: In small businesses and homes, wireless routers perform the role of access point, Ethernet switch, and router.

7.1.4 Wireless Operation

Page 1:
Configurable Parameters for Wireless Endpoints

The figure shows the initial screen for wireless configuration on a Linksys wireless router. Several processes should occur to create a connection between client and access point. You have to configure parameters on the access point-and subsequently on your client device-to enable the negotiation of these processes.

Click the Modes button in the figure to view the Wireless Network Mode parameter.

The wireless network mode refers to the WLAN protocols: 802.11a, b, g, or n. Because 802.11g is backward compatible with 802.11b, access points support both standards. Remember that if all the clients connect to an access point with 802.11g, they all enjoy the better data rates provided. When 802.11b clients associate with the access point all the faster clients contending for the channel have to wait on 802.11b clients to clear the channel before transmitting. When a Linksys access point is configured to allow both 802.11b and 802.11g clients, it is operating in mixed mode.

For an access point to support 802.11a as well as 802.11b and g, it must have a second radio to operate in the different RF band.

Click the SSID button in the figure to view a list of SSIDs for a Windows client.

A shared service set identifier (SSID) is a unique identifier that client devices use to distinguish between multiple wireless networks in the same vicinity. Several access points on a network can share an SSID. The figure shows an example of SSIDs distinguishing between WLANs, each which can be any alphanumeric, case-sensitive entry from 2 to 32 characters long.

Click the Channel button in the figure to view a graphic of non-overlapping channels.

The IEEE 802.11 standard establishes the channelization scheme for the use of the unlicensed ISM RF bands in WLANs. The 2.4 GHz band is broken down into 11 channels for North America and 13 channels for Europe. These channels have a center frequency separation of only 5 MHz and an overall channel bandwidth (or frequency occupation) of 22 MHz. The 22 MHz channel bandwidth combined with the 5 MHz separation between center frequencies means there is an overlap between successive channels. Best practices for WLANs that require multiple access points are set to use non-overlapping channels. If there are three adjacent access points, use channels 1, 6, and 11. If there are just two, select any two that are five channels apart, such as channels 5 and 10. Many access points can automatically select a channel based on adjacent channel use. Some products continuously monitor the radio space to adjust the channel settings dynamically in response to environmental changes.

7.1.4 - Wireless Operation
The diagram depicts the graphical user interface (G U I) of a Linksys wireless router with wireless router setup parameters. These include Wireless Network Mode, Service Set Identifier (SSID), and Channel.

Parameters settings:
The Linksys G U I screenshot shows:
Wireless Network Mode: Mixed.
Wireless Network Name (SSID): linksys 03.
Wireless Channel: 1 - 2.412 Gigahertz.
Wireless SSID Broadcast: Enabled.

Mode:
In the topology shown, wireless router WRS2 has three wireless laptop clients communicating with it. One of the clients is 8 0 2 dot 11b, and the other two are 8 0 2 dot 11g. The WR supports both 8 0 2 dot 11b and g. A text bubble for the 8 0 2 dot 11b client states: 8 0 2 dot 11b client forces faster clients who are contending for the channel to wait longer.

SSID:
The G U I screenshot shows a wireless client network connection screen from which the user can select one of three different wireless network AP's that are in range based on the SSID. SSID's are linksys 03, linksys 03, and linksys.

Channel:
The diagram depicts the 2.4 Gigahertz Radio Frequency (RF) band. All channels are 22 Megahertz in bandwidth, with 5 Megahertz separation between channels. Channel One, Channel Six, and Channel Eleven frequency ranges do not overlap. The curvature of each frequency range indicates that the highest RF energy is at the center point of each channel and that it dissipates toward the edges of the channel.

Page 2:
802.11 Topologies

Wireless LANs can accommodate various network topologies. When describing these topologies, the fundamental building block of the IEEE 802.11 WLAN architecture is the basic service set (BSS). The standard defines a BSS as a group of stations that communicate with each other.

Click the Ad Hoc button in the figure.

Ad hoc Networks

Wireless networks can operate without access points; this is called an ad hoc topology. Client stations which are configured to operate in ad hoc mode configure the wireless parameters between themselves. The IEEE 802.11 standard refers to an ad hoc network as an independent BSS (IBSS).

Click the BSS button in the figure.

Basic Service Sets

Access points provide an infrastructure that adds services and improves the range for clients. A single access point in infrastructure mode manages the wireless parameters and the topology is simply a BSS. The coverage area for both an IBSS and a BSS is the basic service area (BSA).

Click the ESS button in the figure.

Extended Service Sets

When a single BSS provides insufficient RF coverage, one or more can be joined through a common distribution system into an extended service set (ESS). In an ESS, one BSS is differentiated from another by the BSS identifier (BSSID), which is the MAC address of the access point serving the BSS. The coverage area is the extended service area (ESA).

Common Distribution System

The common distribution system allows multiple access points in an ESS to appear to be a single BSS. An ESS generally includes a common SSID to allow a user to roam from access point to access point.

Cells represent the coverage area provided by a single channel. An ESS should have 10 to 15 percent overlap between cells in an extended service area. With a 15 percent overlap between cells, an SSID, and non-overlapping channels (one cell on channel 1 and the other on channel 6), roaming capability can be created.

Click the Summary button in the figure to see a comparions of WLAN topologies.

7.1.4 - Wireless Operation
The diagram depicts various wireless 8 0 2 dot 11 topologies. These include ad hoc, basic service sets (BSS), and extended service sets (E S S).

Ad Hoc:
The topology shows two PC's communicating directly via wireless and no AP.
The tabular information provided is as follows:
AP's: None.
Topology: Independent BSS (I BSS).
Connection: Peer-to-Peer.
Mode: Ad hoc.
Coverage: Basic Service Area (BSA).

Basic Service Sets (BSS):
The topology shows two PC's communicating via wireless through an AP (labeled WRS for wireless router switch). The AP is connected to switch S2. S2 has two PC's attached and has a redundant connection to switch S1. Switch S1 is connected to router R1.
The tabular information provided is as follows:
AP's: One.
Topology: BSS.
Connection: Client to AP.
Mode: Infrastructure.
Coverage: BSA.

Extended Service Sets (E S S):
The topology builds on the BSS topology with an additional switch, S3. A second AP is connected to S3, and a wireless laptop is communicating with the AP.
The tabular information provided is as follows:
AP's: More than one.
Topology: E S S.
Connection: Client to AP.
Mode: Infrastructure.
Coverage: Extended Service Area (ESA).

Summary:
The tabular information provided is as follows:
Wireless Devices: No access points.
Topology Mode: Ad hoc.
Topology Building Block: I BSS.
Coverage Area: BSA.

Wireless Devices: One access point.
Topology Mode: Infrastructure.
Topology Building Block: BSS.
Coverage Area: BSA.

Wireless Devices: Multiple access points.
Topology Mode: Infrastructure.
Topology Building Block: E S S.
Coverage Area: ESA.

Page 3:
Client and Access Point Association

A key part of the 802.11 process is discovering a WLAN and subsequently connecting to it. The primary components of this process are as follows:

• Beacons - Frames used by the WLAN network to advertise its presence.
• Probes - Frames used by WLAN clients to find their networks.
• Authentication - A process which is an artifact from the original 802.11 standard, but still required by the standard.
• Association - The process for establishing the data link between an access point and a WLAN client.

The primary purpose of the beacon is to allow WLAN clients to learn which networks and access points are available in a given area, thereby allowing them to choose which network and access point to use. Access points may broadcast beacons periodically.

Although beacons may regularly be broadcast by an access point, the frames for probing, authentication, and association are used only during the association (or reassociation) process.

The 802.11 Join Process (Association)

Before an 802.11 client can send data over a WLAN network, it goes through the following three-stage process:

Click the Probe button in the figure.

Stage 1 - 802.11 probing

Clients search for a specific network by sending a probe request out on multiple channels. The probe request specifies the network name (SSID) and bit rates. A typical WLAN client is configured with a desired SSID, so probe requests from the WLAN client contain the SSID of the desired WLAN network.

If the WLAN client is simply trying to discover the available WLAN networks, it can send out a probe request with no SSID, and all access points that are configured to respond to this type of query respond. WLANs with the broadcast SSID feature disabled do not respond.

Click the Authenticate button in the figure.

Stage 2 - 802.11 authentication

802.11 was originally developed with two authentication mechanisms. The first one, called open authentication, is fundamentally a NULL authentication where the client says "authenticate me," and the access point responds with "yes." This is the mechanism used in almost all 802.11 deployments.

A second authentication mechanism is referred to as shared key authentication. This technique is based on a Wired Equivalency Protection (WEP) key that is shared between the client and the access point. In this technique, the client sends an authentication request to the access point. The access point then sends a challenge text to the client, who encrypts the message using its shared key, and returns the encrypted text back to the access point. The access point then decrypts the encrypted text using its key and if the decrypted text matches the challenge text, the client and the access point share the same key and the access point authenticates the station. If the messages do not match, the client is not authenticated.

Although shared key authentication needs to be included in client and access point implementations for overall standards compliance, it is not used or recommended. The problem is that the WEP key is normally used to encrypt data during the transmission process. Using this same WEP key in the authentication process provides an attacker with the ability to extract the key by sniffing and comparing the unencrypted challenge text and then the encrypted return message. Once the WEP key is extracted, any encrypted information that is transmitted across the link can be easily decrypted.

Click the Associate button in the figure.

Stage 3 - 802.11 association

This stage finalizes the security and bit rate options, and establishes the data link between the WLAN client and the access point. As part of this stage, the client learns the BSSID, which is the access point MAC address, and the access point maps a logical port known as the association identifier (AID) to the WLAN client. The AID is equivalent to a port on a switch. The association process allows the infrastructure switch to keep track of frames destined for the WLAN client so that they can be forwarded.

Once a WLAN client has associated with an access point, traffic is now able to travel back and forth between the two devices.

7.1.4 - Wireless Operation
The diagram depicts client and AP association, including beacon, probe, authenticate, and associate.

Beacon:
The topology shows two PC's and AP WRS2. The AP emits a periodic beacon that includes the following:
- SSID.
- Supported rates.
- Security implementation, for example, WPA2.

Clients with radio NIC's hear the beacon.


Probe:
Stage 1 - 8 0 2 dot 11 probing:
The client sends a probe that includes the following:
- SSID.
- Supported rates.

The AP sends a probe response that includes the following:
- SSID.
- Supported rates.
- Security implementation.

Authenticate:
Stage 2 - 8 0 2 dot 11 authentication:
The client sends an authentication request that includes the following:
- Type (open or shared key).
- Key (if type is shared).

The AP sends an authentication response that includes the following:
- Type.
- Key.
- Successful or unsuccessful.

Associate:
Stage 3 - 8 0 2 dot 11 association:
Client sends an association request that includes the following:
- Client MAC address.
- AP MAC address (B SSID).
- E S S identifier (E SSID).

The AP sends an authentication response that includes the following:
- Successful or unsuccessful.
- Association identifier (A ID) if the association is successful.

7.1.5 Planning the Wireless LAN

Page 1:
Planning the Wireless LAN

Implementing a WLAN that takes the best advantage of resources and delivers the best service can require careful planning. WLANs can range from relatively simple installations to very complex and intricate designs. There needs to be a well-documented plan before a wireless network can be implemented. In this topic, we introduce what considerations go into the design and planning of a wireless LAN.

The number of users a WLAN can support is not a straightforward calculation. The number or users depends on the geographical layout of your facility (how many bodies and devices fit in a space), the data rates users expect (because RF is a shared medium and the more users there are the greater the contention for RF), the use of non-overlapping channels by multiple access points in an ESS, and transmit power settings (which are limited by local regulation).You will have sufficient wireless support for your clients if you plan your network for proper RF coverage in an ESS. Detailed consideration of how to plan for specific numbers of users is beyond the scope of this course.

Click the Map button in the figure.

When planning the location of access points, you may not be able to simply draw coverage area circles and drop them over a plan. The approximate circular coverage area is important, but there are some additional recommendations.

If access points are to use existing wiring or if there are locations where access points cannot be placed, note these locations on the map.

• Position access points above obstructions.
• Position access points vertically near the ceiling in the center of each coverage area, if possible.
• Position access points in locations where users are expected to be. For example, conference rooms are typically a better location for access points than a hallway.

When these points have been addressed, estimate the expected coverage area of an access point. This value varies depending on the WLAN standard or mix of standards that you are deploying, the nature of the facility, the transmit power that the access point is configured for, and so on. Always consult the specifications for the access point when planning for coverage areas.

Based on your plan, place access points on the floor plan so that coverage circles are overlapping, as illustrated in the following example.

Example Calculation

The open auditorium (a Warehouse/Manufacturing Building Type) shown in the figure is approximately 20,000 square feet.

Network requirements specify that there must be a minimum of 6 Mb/s 802.11b throughput in each BSA, because there is a wireless voice over WLAN implementation overlaid on this network. With access points, 6 Mbps can be achieved in open areas like those on the map, with a coverage area of 5,000 square feet in many environments.

Note: The 5,000 square foot coverage area is for a square. The BSA takes its radius diagonally from the center of this square.

Let us determine where to place the access points.

Click Coverage Area button in the figure.

The facility is 20,000 square feet, therefore dividing 20,000 square feet by a coverage area of 5,000 square feet per access point results in at least four access points required for the auditorium. Next, determine the dimension of the coverage areas and arrange them on the floor plan.

• Because the coverage area is a square with side "Z", the circle that is tangent to its four corners has a radius of 50 feet, as shown in the calculations.
• When the dimensions of the coverage area have been determined, you arrange them in a manner similar to those shown for Align Coverage Areas in the figure. Click the Align Coverage Areas button in the figure.
• On your floor plan map, arrange four 50-foot radius coverage circles so that they overlap, as shown in the Plan. Click the Plan button in the figure.

7.1.5 - Planning the Wireless LAN
The diagram depicts the process of planning a wireless LAN. The process starts with a map of a building floorplan, with a scale from zero to one hundred feet. Additional information is provided on the coverage area, the alignment of the coverage areas, and arrangement of AP's on the plan map.

Coverage Area:
The diagram shows a square representing one of the four coverage areas in the building and the calculation of the radius (R) for determining the size of the circular coverage area for the square footage involved. The length of one side of the square is Z.

The requirements specify that coverage area A equals 5000 square feet.
Where A = Z squared, find R.

From Pythagoras:
2 times R squared = Z squared.

R= the square root of Z squared, divided by 2.
R= the square root of 5000 square feet, divided by 2.
R= the square root of 2500 square feet.
R= 50 feet, and Z = 70.71 feet.

Alignment of Coverage Area:
The diagram shows aligning two of the four coverage areas in the building along the length of the square side (Z) to ensure minimum BSA overlap of the coverage circles.

Arrangement on the Plan Map:
The diagram shows four 50-foot radius coverage circles arranged on the floorplan so that they overlap. The center of each circle is the location of the AP for that coverage area.

Page 2:

7.1.5 - Planning the Wireless LAN
The diagram depicts three activities.

Activity One:
The diagram depicts an activity in which you match the facts provided with the correct i e e e 8 0 2 dot 11 W LAN standard. Some facts may be used more than once.

Year Standard Ratified:
8 0 2 dot 11b.
8 0 2 dot 11a.
8 0 2 dot 11g.
8 0 2 dot 11n.

RF Band:
8 0 2 dot 11b.
8 0 2 dot 11a.
8 0 2 dot 11g.
8 0 2 dot 11n.

Modulation:
8 0 2 dot 11b.
8 0 2 dot 11a.
8 0 2 dot 11g.
8 0 2 dot 11n.

Data Rate:
8 0 2 dot 11b.
8 0 2 dot 11a.
8 0 2 dot 11g.
8 0 2 dot 11n.

Range:
8 0 2 dot 11b.
8 0 2 dot 11a.
8 0 2 dot 11g.
8 0 2 dot 11n.

Facts to match to W LAN standard:
- 150 feet, or 35 meters.
- 2008.
- Up to 11 Megabits per second.
- M I M O.
- 5 Gigahertz.
- 2003.
- Unconfirmed.
- OFDM and DSSS.
- Up to 54 Megabits per second.
- 1999.
- DSSS.
- OFDM.
- 2.4 Gigahertz.
- 230 feet, or 70 meters.
- 248 Megabits per second.

Activity Two:
The diagram depicts an activity in which you must select the appropriate word or phrase to complete the BLANK in the sentence.

Sentence:
One. The BLANK enables a client station capable of sending and receiving RF signals.

Two. An BLANK connects wireless clients to the wired LAN.

Three: Wireless clients that are at the maximum range and opposite sides of an access point will not be able to reach each other or detect each others transmissions. This is known as the BLANK problem.

Four. BLANK was developed to solve the hidden node problem. When enabled, the AP will allocate the medium to a requesting station for as long as required to complete the transmission.

Five. Desktops located in an existing, non-wired facility can have a wireless BLANK installed.

Six. A BLANK like the WRT300N performs the role of access point, Ethernet switch, and router.

Seven. In the 1990's, wireless NIC's for laptops were cards that slipped into the BLANK slot.

Word/Phrase:
- Access points.
- Hidden node.
- Wireless router.
- RTS/CTS.
- Wireless NIC.
- PCMCIA.
- PCI NIC.

Activity Three:
The diagram depicts an activity in which you must select the appropriate word, phrase or number to complete the BLANK in the sentence. Not all answers are used.

Sentence:
One. When a Linksys access point is configured to allow both 8 0 2 dot 11b and 8 0 2 dot 11g clients, it is operating in BLANK mode.

Two. The 2.4 Gigahertz band is broken down into BLANK channels for North America and BLANK channels for Europe.

Three. Best practice for W LAN's that require multiple access points are to use non-overlapping channels. If there are three adjacent access points, use channels BLANK, BLANK, and BLANK.

Four. The fundamental building block of the i e e e 8 0 2 dot 11 wireless LAN architecture is the BLANK.

Five. When a single BSS provides insufficient RF coverage, one or more can be joined through a common distribution system into an BLANK.

Six. The BLANK allows multiple access points in an E S S to appear to be a single BSS.

Seven. The W LAN network uses BLANK to advertise its presence, whereas W LAN clients use BLANK to find a W LAN network.

Word, Phrase or number:
Common distribution system.
Mixed service set.
Beacons.
Mixed.
Probes.
Basic service set.
Extended service area.
Choices for numbers include:
1, 5, 6, 7, 10, 11, 12, 13, 14 and 15.

7.2 Wireless LAN Security

7.2.1 Threats to Wireless Security

Page 1:
Unauthorized Access

Security should be a priority for anyone who uses or administers networks. The difficulties in keeping a wired network secure are amplified with a wireless network. A WLAN is open to anyone within range of an access point and the appropriate credentials to associate to it. With a wireless NIC and knowledge of cracking techniques, an attacker may not have to physically enter the workplace to gain access to a WLAN.

In this first topic of this section, we describe how wireless security threats have evolved. These security concerns are even more significant when dealing with business networks, because the livelihood of the business relies on the protection of its information. Security breaches for a business can have major repercussions, especially if the business maintains financial information associated with its customers.

There are three major categories of threat that lead to unauthorized access:

• War drivers
• Hackers (Crackers)
• Employees

"War driving" originally referred to using a scanning device to find cellular phone numbers to exploit. War driving now also means driving around a neighborhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to exploit.

The term hacker originally meant someone who delved deeply into computer systems to understand, and perhaps exploit for creative reasons, the structure and complexity of a system. Today, the terms hacker and cracker have come to mean malicious intruders who enter systems as criminals and steal data or deliberately harm systems.Hackers intent on doing harm are able to exploit weak security measures.

Most wireless devices sold today are WLAN-ready. In other words, the devices have default settings and can be installed and used with little or no configuration by users. Often, end users do not change default settings, leaving client authentication open, or they may only implement standard WEP security. Unfortunately, as mentioned before, shared WEP keys are flawed and consequently easy to attack.

Tools with a legitimate purpose, such as wireless sniffers, allow network engineers to capture data packets for system debugging. These same tools can be used by intruders to exploit security weaknesses.

Rogue Access Points

A rogue access point is an access point placed on a WLAN that is used to interfere with normal network operation. If a rogue access point is configured with the correct security settings, client data could be captured. A rogue access point also could be configured to provide unauthorized users with information such as the MAC addresses of clients (both wireless and wired), or to capture and disguise data packets or, at worst, to gain access to servers and files.

A simple and common version of a rogue access point is one installed by employees without authorization. Employees install access points intended for home use on the enterprise network. These access points typically do not have the necessary security configuration, so the network ends up with a security hole.

7.2.1 - Threats to Wireless Security
The diagram depicts three major categories of threat that lead to unauthorized access for W LAN's: war drivers, hackers (crackers), and employees.

War drivers: Find open networks and use them to gain free Internet access.

Hackers: Exploit weak privacy measures to view sensitive W LAN information and even break into W LAN's.

Employees: Plug consumer-grade AP's or gateways into company Ethernet ports to create their own W LAN's.

Page 2:
Man-in-the-Middle Attacks

One of the more sophisticated attacks an unauthorized user can make is called a man-in-the-middle (MITM) attack. Attackers select a host as a target and position themselves logically between the target and the router or gateway of the target. In a wired LAN environment, the attacker needs to be able to physically access the LAN to insert a device logically into the topology. With a WLAN, the radio waves emitted by access points can provide the connection.

Radio signals from stations and access points are "hearable" by anyone in a BSS with the proper equipment, such as a laptop with a NIC. Because access points act like Ethernet hubs, each NIC in a BSS hears all the traffic. Device discards any traffic not addressed to it. Attackers can modify the NIC of their laptop with special software so that it accepts all traffic. With this modification, the attacker can carry out wireless MITM attacks, using the laptop NIC acts as an access point.

To carry out this attack, a hacker selects a station as a target and uses packet sniffing software, such as Wireshark, to observe the client station connecting to an access point. The hacker might be able to read and copy the target username, server name, client and server IP address, the ID used to compute the response, and the challenge and associate response, which is passed in clear text between station and access point.

If an attacker is able to compromise an access point, the attacker can potentially compromise all users in the BSS. The attacker can monitor an entire wireless network segment and wreak havoc on any users connected to it.

Defeating an attack like a MITM attack, depends on the sophistication of your WLAN infrastructure and your vigilance in monitoring activity on the network. The process begins with identifying legitimate devices on your WLAN. To do this, you must authenticate users on your WLAN.

When all legitimate users are known, you then monitor the network for devices and traffic that is not supposed to be there. Enterprise WLANs that use state-of-the-art WLAN devices provide administrators with tools that work together as a wireless intrusion prevention system (IPS). These tools include scanners that identify rogue access points and ad hoc networks, and radio resource management (RRM) which monitors the RF band for activity and access point load. An access point that is busier than normal, alerts the administrator of possible unauthorized traffic.

Further explanation of these mitigation techniques is beyond the scope of this course. For more information, refer to the Cisco paper "Addressing Wireless Threats with Integrated Wireless IDS and IPS" available at http://www.cisco.com/en/US/products/ps6521/products_white_paper0900aecd804f155b.shtml.

7.2.1 - Threats to Wireless Security
The diagram depicts a man-in-the-middle attack. An attacker character with a laptop collects information that passes between a legitimate client and access point. The attacker then uses this information to intercept traffic intended for the client.

Page 3:
Denial of Service

802.11b and g WLANs use the unlicensed 2.4 GHz ISM band. This is the same band used by most wireless consumer products, including baby monitors, cordless phones, and microwave ovens. With these devices crowding the RF band, attackers can create noise on all the channels in the band with commonly available devices.

Click the DoS 2 button in the figure.

Earlier we discussed how an attacker can turn a NIC into an access point. That trick can also be used to create a DoS attack. The attacker, using a PC as an access point, can flood the BSS with clear-to-send (CTS) messages, which defeat the CSMA/CA function used by the stations. The access points, in turn, flood the BSS with simultaneous traffic, causing a constant stream of collisions.

Another DoS attack that can be launched in a BSS is when an attacker sends a series of disassociate commands that cause all stations in the BSS to disconnect. When the stations are disconnected, they immediately try to reassociate, which creates a burst of traffic. The attacker sends another disassociate command and the cycle repeats itself.

7.2.1 - Threats to Wireless Security
The diagram depicts two types of Denial of Service (D o S) attacks.

D o S One: Devices, such as common consumer devices, that operate in the same RF band as the wireless network can interfere with W LAN devices, causing a D o S.

D o S Two: Another D o S attack can result from an attacker that turns a laptop into an AP. The attacker sends clear-to-send (CTS) messages or disassociate commands. Clients flood the W LAN causing collisions and denying service.

7.2.2 Wireless Security Protocols

Page 1:
Wireless Protocol Overview

In this topic, you will learn about the features of the common wireless protocols and the level of security each provides.

Two types of authentication were introduced with the original 802.11 standard: open and shared WEP key authentication. While open authentication is really "no authentication," (a client requests authentication and the access point grants it), WEP authentication was supposed to provide privacy to a link, making it like a cable connecting a PC to an Ethernet wall-jack. As was mentioned earlier, shared WEP keys proved to be flawed and something better was required. To counteract shared WEP key weakness, the very first approach by companies was to try techniques such as cloaking SSIDs and filtering MAC addresses. These techniques were also too weak. You will learn more about the weaknesses of these techniques later.

The flaws with WEP shared key encryption were two-fold. First, the algorithm used to encrypt the data was crackable. Second, scalability was a problem. The 32-bit WEP keys were manually managed, so users entered them by hand, often incorrectly, creating calls to technical support desks.

Following the weakness of WEP-based security, there was a period of interim security measures. Vendors such as Cisco, wanting to meet the demand for better security, developed their own systems while simultaneously helping to evolve the 802.11i standard. On the way to 802.11i, the TKIP encryption algorithm was created, which was linked to the Wi-Fi Alliance WiFi Protected Access (WPA) security method.

Today, the standard that should be followed in most enterprise networks is the 802.11i standard. This is similar to the Wi-Fi Alliance WPA2 standard. For enterprises, WPA2 includes a connection to a Remote Authentication Dial In User Service (RADIUS) database. RADIUS will be described later in the chapter.

For more about the WEP security weakness, see the paper "Security of the WEP algorithm" available at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.

7.2.2 - Wireless Security Protocols
The diagram depicts the features of the common wireless protocols and the level of security each provides.

Open Access: SSID.
- No encryption.
- Basic authentication.
- Not a security handle.

First Generation Encryption: WEP.
- No strong authentication.
- Static, breakable keys.
- Not scalable.

Interim: WPA.
- Standardized.
- Improved encryption.
- Strong, user-based authentication (for example, LEAP, PEAP, E AP-FAST).

Present: 8 0 2 dot 11i / WPA2.
- A E S Encryption.
- Authentication: 8 0 2 dot 1X.
- Dynamic key management.
- WPA2 is the WiFi Alliance implementation of 8 0 2 dot 11i.

Page 2:
Authenticating to the Wireless LAN

In an open network, such as a home network, association may be all that is required to grant a client access to devices and services on the WLAN. In networks that have stricter security requirements, an additional authentication or login is required to grant clients such access. This login process is managed by the Extensible Authentication Protocol (EAP). EAP is a framework for authenticating network access. IEEE developed the 802.11i standard for WLAN authentication and authorization to use IEEE 802.1x.

Click the EAP button in the figure to see the authentication process.
The enterprise WLAN authentication process is summarized as follows:

• The 802.11 association process creates a virtual port for each WLAN client at the access point.
• The access point blocks all data frames, except for 802.1x-based traffic.
• The 802.1x frames carry the EAP authentication packets via the access point to a server that maintains authentication credentials. This server is an Authentication, Authorization, and Accounting (AAA) server running a RADIUS protocol.
• If the EAP authentication is successful, the AAA server sends an EAP success message to the access point, which then allows data traffic from the WLAN client to pass through the virtual port.
• Before opening the virtual port, data link encryption between the WLAN client and the access point is established to ensure that no other WLAN client can access the port that has been established for a given authenticated client.

Before 802.11i (WPA2) or even WPA were in use, some companies tried to secure their WLANs by filtering MAC addresses and not broadcasting SSIDs. Today, it is easy to use software to modify MAC addresses attached to adapters, so the MAC address filtering is easily fooled. It does not mean you should not do it, but if you are using this method, you should back it up with additional security, such as WPA2.

Even if an SSID is not broadcast by an access point, the traffic that passes back and forth between the client and access point eventually reveals the SSID. If an attacker is passively monitoring the RF band, the SSID can be sniffed in one of these transactions, because it is sent in clear text. The ease of discovering SSIDs has led some people to leave SSID broadcasting turned on. If so, that should probably be an organizational decision recorded in the security policy.

The idea that you can secure your WLAN with nothing more than MAC filtering and turning off SSID broadcasts can lead to a completely insecure WLAN. The best way to ensure that end users are supposed to be on the WLAN is to use a security method that incorporates port-based network access control, such as WPA2.

7.2.2 - Wireless Security Protocols
The diagram depicts the process of authenticating to the wireless LAN, including association and the use of the Extensible Authentication Protocol (E AP). A wireless client is connected to the AP. The AP has a wired connection to an AAA authentication server.

Association: The client and AP associate, and a virtual port is created. 8 0 2 dot 1x frames can now be exchanged between the client and the AP.

E AP: The exchange between the wireless client (supplicant), the AP (authenticator), and the AAA authentication server is as follows:

One. AP to client - Identity request.
Two. Client to AP - Identity response.
Three. AP to AAA server - Forward identity.
Four. AAA server to AP - E AP request - E AP type.
Five. AP to client - E AP request - E AP type.
Six. Client to AP - E AP response - E AP type.
Seven. AP to AAA server - E AP response - E AP type.
Eight. AAA server to AP - E AP success.
Nine. AP to client - E AP success.

Page 3:
Encryption

Two enterprise-level encryption mechanisms specified by 802.11i are certified as WPA and WPA2 by the Wi-Fi Alliance: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).

TKIP is the encryption method certified as WPA. It provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 WEP encryption method. It makes use of the original encryption algorithm used by WEP.

TKIP has two primary functions:

• It encrypts the Layer 2 payload
• It carries out a message integrity check (MIC) in the encrypted packet. This helps ensure against a message being tampered with.

Although TKIP addresses all the known weaknesses of WEP, the AES encryption of WPA2 is the preferred method, because it brings the WLAN encryption standards into alignment with broader IT industry standards and best practices, most notably IEEE 802.11i.

AES has the same functions as TKIP, but it uses additional data from the MAC header that allows destination hosts to recognize if the non-encrypted bits have been tampered with. It also adds a sequence number to the encrypted data header.

When you configure Linksys access points or wireless routers, such as the WRT300N, you may not see WPA or WPA2, instead you may see references to something called pre-shared key (PSK). Various types of PSKs are as follows:

• PSK or PSK2 with TKIP is the same as WPA
• PSK or PSK2 with AES is the same as WPA2
• PSK2, without an encryption method specified, is the same as WPA2

7.2.2 - Wireless Security Protocols
The diagram depicts two enterprise-level encryption mechanisms specified by 8 0 2 dot 11i: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (A E S).

TKIP:
- Encrypts by adding increasingly complex bit coding to each packet.
- Based on the same cipher (RC4) as WEP.

A E S:
- New cipher used in 8 0 2 dot 11i.
- Based on TKIP, with additional features that enhance the level of provided security.

7.2.3 Securing a Wireless LAN

Page 1:
Controlling Access to the Wireless LAN

The concept of depth means having multiple solutions available. It is like having a security system in your house, but still locking all the doors and windows and asking the neighbors to watch it for you. The security methods you have seen, especially WPA2, are like having a security system. If you want to do something extra to secure access to your WLAN, you can add depth, as shown in the figure, by implementing this three-step approach:

• SSID cloaking - Disable SSID broadcasts from access points
• MAC address filtering - Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address
• WLAN security implementation - WPA or WPA2

An additional consideration for a vigilant network administrator is to configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. This is to merely reduce the RF signature on the outside of the building where anyone running an application such as Netstumbler (http://www.netstumbler.com), Wireshark, or even Windows XP, can map WLANs.

Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons:

• MAC addresses are easily spoofed.
• SSIDs are easily discovered even if access points do not broadcast them.

7.2.3 - Securing a Wireless LAN
The diagram depicts methods for controlling access to the wireless LAN. These include:

One. SSID broadcasts from access points that are off. The diagram depicts a wireless client issuing a probe request to the AP, but there is no response.

Two. MAC address filtering is enabled. The diagram depicts a wireless client attempting to associate, but the MAC address is not recognized.

Three. WPA2 security is implemented. The diagram depicts a wireless client authenticated and meeting all requirements.

Caution: Items one or two are not considered valid security measures.

7.3 Configure Wireless LAN Access

7.3.1 Configuring the Wireless Access Point

Page 1:
Overview of Configuring the Wireless Access Point

In this topic, you will learn how to configure a wireless access point. You will learn how to set the SSID, enable security, configure the channel, and adjust the power settings of a wireless access point. You will also learn how to back up and restore the configuration of a typical wireless access point.

The basic approach to wireless implementation, as with any basic networking, is to configure and test incrementally. Before implementing any wireless devices, verify the existing network and Internet access for the wired hosts. Start the WLAN implementation process with a single access point and a single client, without enabling wireless security. Verify that the wireless client has received a DHCP IP address and can ping the local wired default router and then browse to the external Internet. Finally, configure wireless security with WPA2. Use WEP only if the hardware does not support WPA.

Most access points have been designed to be functional right out of the box with the default settings. It is good practice to change initial, default configurations. Many access points can be configured through a GUI web interface.

With a plan for implementation in mind, wired network connectivity confirmed, and the access point installed, you will now configure it. The following example uses the Linksys WRT300N multifunction device. This device includes an access point.

The steps for configuring the Linksys WRT300N are as follows:

Ensure your PC is connected to the access point via a wired connection, and access the web utility with a web browser. To access the web-based utility of the access point, launch Internet Explorer or Netscape Navigator, and enter the WRT300N default IP address, 192.168.1.1, in the address field. Press the Enter key.

A screen appears prompting you for your username and password. Leave the Username field blank. Enter admin in the Password field. These are the default settings for a Linksys WRT300N. If the device has already been configured, the username and password may have been changed. Click OK to continue.

For a basic network setup, use the following screens, as shown when you click the Setup, Management, and Wireless buttons in the figure:

• Setup - Enter your basic network settings (IP address).
• Management - Click the Administration tab and then select the Management screen. The default password is admin. To secure the access point, change the password from its default.
• Wireless - Change the default SSID in the Basic Wireless Settings tab. Select the level of security in the Wireless Security tab and complete the options for the selected security mode.

Make the necessary changes through the utility. When you have finished making changes to a screen, click the Save Settings button, or click the Cancel Changes button to undo your changes. For information on a tab, click Help.

The figure summarizes the implementation steps for an access point.

7.3.1 - Configuring the Wireless Access Point
The diagram depicts an overview of configuring a wireless access point, including the configuration steps, setup, and management, and security.

Configuration Steps:
Step One. Verify local wired operation - DHCP and Internet access.
Step Two. Install the access point.
Step Three. Configure the access point - SSID (no security yet).
Step Four. Install one wireless client (no security yet).
Step Five. Verify wireless network operation.
Step Six. Configure wireless security - WPA2 with PSK.
Step Seven. Verify wireless network operation.

Setup - Screenshot of Linksys G U I. Enter your basic network settings (IP address).
Management - Screenshot of Linksys G U I. Click the Administration tab and then select the Management screen. The default password is admin. To secure the access point, change the password from its default.
Security - Screenshot of Linksys G U I. Change the default SSID in the Basic Wireless Settings tab. Select the level of security in the Wireless Security tab and complete the options for the selected security mode.

Page 2:
Configuring Basic Wireless Settings

The Basic Setup screen is the first screen you see when you access the web-based utility. Click the Wireless tab and then select the Basic Wireless Settings tab.

Basic Wireless Settings

Click the buttons along the bottom of the figure for a view of the GUI for each configuration.

• Network Mode - If you have Wireless-N, Wireless-G, and 802.11b devices in your network, keep Mixed, the default setting. If you have Wireless-G and 802.11b devices, select BG-Mixed. If you have only Wireless-N devices, select Wireless-N Only. If you have only Wireless-G devices, select Wireless-G Only. If you have only Wireless-B devices, select Wireless-B Only. If you want to disable wireless networking, select Disable.
• Network Name (SSID) - The SSID is the network name shared among all points in a wireless network. The SSID must be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32 characters (use any of the characters on the keyboard). For added security, you should change the default SSID (linksys) to a unique name.
• SSID Broadcast - When wireless clients survey the local area for wireless networks to associate with, they detect the SSID broadcast by the access point. To broadcast the SSID, keep Enabled, the default setting. If you do not want to broadcast the SSID, select Disabled. When you have finished making changes to this screen, click the Save Settings button, or click the Cancel Changes button to undo your changes. For more information, click Help.
• Radio Band - For best performance in a network using Wireless-N, Wireless-G, and Wireless-B devices, keep the default Auto. For Wireless-N devices only, select Wide - 40MHz Channel. For Wireless-G and Wireless-B networking only, select Standard - 20MHz Channel.
• Wide Channel - If you selected Wide - 40MHz Channel for the Radio Band setting, this setting is available for your primary Wireless-N channel. Select any channel from the drop-down menu.
• Standard Channel - Select the channel for Wireless-N, Wireless-G, and Wireless-B networking. If you selected Wide - 40MHz Channel for the Radio Band setting, the standard channel is a secondary channel for Wireless-N.

7.3.1 - Configuring the Wireless Access Point
The diagram depicts configuring the basic wireless settings for the Linksys WRT300N wireless router.

Network Mode.
Select the mode suitable for all devices in the wireless LAN. The default is Mixed.

Mixed: Wireless-N, Wireless-G, and 8 0 2 dot 11b devices.
B G-Mixed: Wireless-G and 8 0 2 dot 11b devices.
Wireless-N Only: Only Wireless-N devices.
Wireless-G Only: Only Wireless-G devices.
Wireless-B Only: Only Wireless-B devices.
Disable: Disable wireless networking.

Network Name (SSID).
For added security, change the default SSID (Linksys) to a unique name.

SSID Broadcast.
When wireless clients survey the local area for wireless networks to associate with, they detect the SSID broadcast by the access point. To broadcast the SSID, keep Enabled, which is the default setting. If you do not want to broadcast the SSID, select Disabled.

Radio Band.
For best performance in a network using Wireless-N, Wireless-G, and Wireless-B devices, keep the default Auto. For Wireless-N devices only, select Wide - 40 Megahertz Channel. For Wireless-G and Wireless-B networking, select Standard - 20 Megahertz Channel.

Wide Channel - If you selected Wide - 40 Megahertz Channel for the Radio Band setting, this setting is available for your primary Wireless-N channel. Select any channel from the drop-down menu.

Standard Channel - Select the channel for Wireless-N, Wireless-G, and Wireless-B networking. If you selected Wide - 40 Megahertz Channel for the Radio Band setting, the standard channel is a secondary channel for Wireless-N.

Page 3:
Configuring Security

Click the Overview button in the figure.

These settings configure the security of your wireless network. There are seven wireless security modes supported by the WRT300N, listed here in the order you see them in the GUI, from weakest to strongest, except for the last option, which is disabled:

• WEP
• PSK-Personal, or WPA-Personal in v0.93.9 firmware or newer
• PSK2-Personal, or WPA2-Personal in v0.93.9 firmware or newer
• PSK-Enterprise, or WPA-Enterprise in v0.93.9 firmware or newer
• PSK2-Enterprise, or WPA2-Enterprise in v0.93.9 firmware or newer
• RADIUS
• Disabled

When you see "Personal" in a security mode, no AAA server is used. "Enterprise" in the security mode name means a AAA server and EAP authentication is used.

You have learned that WEP is a flawed security mode. PSK2, which is the same as WPA2 or IEEE 802.11i, is the preferred option for the best security. If WPA2 is the best, you may wonder why there are so many other options. The answer is that many wireless LANs are supporting old wireless devices. Because all client devices that associate to an access point must be running the same security mode that the access point is running, the access point has to be set to support the device running the weakest security mode. All wireless LAN devices manufactured after March 2006 must be able to support WPA2, or in the case of Linksys routers, PSK2, so in time, as devices are upgraded, you will be able to switch your network security mode over to PSK2.

The RADIUS option that is available for a Linksys wireless router allows you to use a RADIUS server in combination with WEP.

Click the buttons along the bottom of the figure for a view of the GUI for each configuration.

To configure security, do the following:

• Security Mode - Select the mode you want to use: PSK-Personal, PSK2-Personal, PSK-Enterprise, PSK2-Enterprise, RADIUS, or WEP.
• Mode Parameters - Each of the PSK and PSK2 modes have parameters that you can configure. If you select the PSK2-Enterprise security version, you must have a RADIUS server attached to your access point. If you have this configuration, you need to configure the access point to point to the RADIUS server.
• RADIUS Server IP Address - Enter the IP address of the RADIUS server.
• RADIUS Server Port - Enter the port number used by the RADIUS server. The default is 1812.
• Encryption - Select the algorithm you want to use, AES or TKIP. (AES is a stronger encryption method than TKIP.)
• Pre-shared Key - Enter the key shared by the router and your other network devices. It must have 8 to 63 characters.
• Key Renewal - Enter the key renewal period, which tells the router how often it should change encryption keys.

When you have finished making changes to this screen, click the Save Settings button, or click the Cancel Changes button to undo your changes.

7.3.1 - Configuring the Wireless Access Point
The diagram depicts configuring security settings for the Linksys WRT300N wireless router.

Mode: Screenshot of Linksys G U I. Seven wireless security modes supported by the WRT300N are listed from weakest to strongest, except for the last option, which is disabled (the default).
- WEP.
- PSK-Personal.
- PSK2-Personal.
- PSK-Enterprise.
- PSK2-Enterprise.
- RADIUS.
- Disabled.

Note: Enterprise modes are not configured in this chapter.

Mode Parameters - Each of the PSK and PSK2 mode configurable parameters are shown. The PSK2-Enterprise security version requires a RADIUS server attached to the AP. The RADIUS Server IP Address and server port number are required. The default is 1812.

Encryption - Select the algorithm you want to use, A E S or TKIP. (A E S is a stronger encryption method than TKIP.) Select A E S encryption for PSK2 mode.

Pre-shared Key - Enter the key shared by the router and your other network devices. It must have 8 to 63 characters.

7.3.2 Configuring a Wireless NIC

Page 1:
Scan for SSIDs

When the access point has been configured, you need to configure the wireless NIC on a client device to allow it to connect to the wireless network. You also should verify that the wireless client has successfully connected to the correct wireless network, especially since there may be many WLANs available with which to connect. We will also introduce some basic troubleshooting steps and identify common problems associated with WLAN connectivity.

If your PC is equipped with a wireless NIC, you should be ready to scan for wireless networks. PCs running Microsoft Windows XP have a built-in wireless networks monitor and client utility. You may have a different utility installed and selected in preference to the native Microsoft Windows XP version.

The steps below are for using the View Wireless Networks feature in Microsoft Windows XP.

Click the numbered steps in the figure to follow the process.

Step 1. On the Microsoft Windows XP toolbar system tray, find the network connection icon that looks similar to the one shown in the figure. Double-click the icon to open the Network Connections dialog box.

Step 2. Click the View Wireless Networks button in the dialog box.

Step 3. Observe the wireless networks that your wireless NIC has been able to detect.

If you have a WLAN that is not showing up on the list of networks, you may have disabled SSID broadcast on the access point. If this is the case, you must enter the SSID manually.

7.3.2 - Configuring a Wireless NIC
The diagram depicts the Windows XP wireless client application and describes the three-step process of scanning for SSIDs and selecting an SSID.

Step One. Double-click the wireless PC icon in the system tray to open the Wireless Network Connection dialog box.

Step Two. Click the View Wireless Networks button to see which networks are in range.

Step Three. Observe the wireless networks that your wireless NIC has been able to detect and the one to which it is currently associated.

Page 2:
Select the Wireless Security Protocol

After having configured your access point to authenticate clients with a strong security type, you must match your client configuration to the access point parameters. The following steps describe how to configure your wireless network security parameters on the client:

Step 1. Double-click the network connections icon in the Microsoft Windows XP system tray.

Step 2. Click the Properties button in the Wireless Network Connections Status dialog box.

Step 3. In the Properties dialog box, click the Wireless Networks tab.

Step 4. In the Wireless Networks tab, click the Add button. Also, you can save multiple wireless profiles with different security parameters allowing you to quickly connect to the WLANs you may use regularly.

Step 5. In the Wireless Network Properties dialog box, enter the SSID of the WLAN you wish to configure.

Step 6. In the Wireless network key box, select your preferred authentication method from the Network Authentication drop-down menu. WPA2 and PSK2 are preferred because of their strength.

Step 7. Select the Data encryption method from the drop-down menu. Recall that AES is a stronger cipher than TKIP, but you should match the configuration from your access point here on your PC.

After selecting the encryption method, enter and confirm the Network key. Again, this is a value that you have entered into the access point.

Step 8. Click OK.

7.3.2 - Configuring a Wireless NIC
The diagram depicts the Windows XP wireless client application and describes the eight-step process of selecting the Wireless Security Protocol.

Step One. Double-click the wireless PC icon in the system tray to open the Wireless Network Connection dialog box.

Step Two. Click the Properties button in the Wireless Network Connections Status dialog box.

Step Three. In the Properties dialog box, click the Wireless Networks tab.

Step Four. In the Wireless Networks tab, click the Add button.

Step Five. In the Wireless Network Properties dialog box, enter the SSID of the W LAN you want to configure.

Step Six. In the Wireless network key box, select your preferred authentication method from the Network Authentication drop-down menu.

Step Seven. Select the data encryption method from the drop-down menu. You should match the configuration of your access point on your PC.

Step Eight. Click OK.

Page 3:
Verify Connectivity to the Wireless LAN

With configurations set for both the access point and the client, the next step is to confirm connectivity. This is a done by pinging devices in the network.

Open the DOS command prompt window on the PC.

Try to ping a known IP address for a device in the network. In the figure, the IP address is 192.168.1.254. The ping was successful, indicating a successful connection.

7.3.2 - Configuring a Wireless NIC
The diagram depicts verifying connectivity to the wireless LAN. The screenshot of the Windows XP DOS Command window shows a successful ping from the wireless PC to the IP address of a known device in the network.

Page 4:
In this activity, you will configure a Linksys wireless router, allowing for remote access from PCs as well as wireless connectivity with WEP security.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

7.3.2 - Configuring a Wireless NIC
Link to Packet Tracer Exploration: Configuring Wireless LAN Access

7.4 Troubleshooting Simple WLAN Problems

7.4.1 Solve Access Point Radio and Firmware Issues

Page 1:
A Systematic Approach to WLAN Troubleshooting

Troubleshooting any sort of network problem should follow a systematic approach, working up the TCP/IP stack from the Physical layer to the Application layer. This helps to eliminate any issues that you may be able to resolve yourself.

Click the Approach button in the figure.

You should already be familiar with the first three steps of the systematic troubleshooting approach from working with 802.3 Ethernet LANs. They are repeated here in the context of the WLAN:

Step 1 - Eliminate the user PC as the source of the problem.

Try to determine the severity of the problem. If there is no connectivity, check the following:

• Confirm the network configuration on the PC using the ipconfig command. Verify that the PC has received an IP address via DHCP or is configured with a static IP address.
• Confirm that the device can connect to the wired network. Connect the device to the wired LAN and ping a known IP address.
• It may be necessary to try a different wireless NIC. If necessary, reload drivers and firmware as appropriate for the client device.
• If the wireless NIC of the client is working, check the security mode and encryption settings on the client. If the security settings do not match, the client cannot get access to the WLAN.

If the PC of the user is operational but is performing poorly, check the following:

• How far is the PC from an access point? Is the PC out of the planned coverage area (BSA).
• Check the channel settings on the client. The client software should detect the appropriate channel as long as the SSID is correct.
• Check for the presence of other devices in the area that operate on the 2.4 GHz band. Examples of other devices are cordless phones, baby monitors, microwave ovens, wireless security systems, and potentially rogue access points. Data from these devices can cause interference in the WLAN and intermittent connection problems between a client and access point.

Step 2 - Confirm the physical status of devices.

• Are all the devices actually in place? Consider a possible physical security issue.
• Is there power to all devices, and are they powered on?

Step 3 - Inspect links.

• Inspect links between cabled devices looking for bad connectors or damaged or missing cables.
• If the physical plant is in place, use the wired LAN to see if you can ping devices including the access point.

If connectivity still fails at this point, perhaps something is wrong with the access point or its configuration.

As you troubleshoot a WLAN, a process of elimination is recommended, working from physical possibilities to application-related ones. When you have reached the point where you have eliminated the user PC as the problem, and also confirmed the physical status of devices, begin investigating the performance of the access point. Check the power status of the access point.

When the access point settings have been confirmed, if the radio continues to fail, try to connect to a different access point. You may try to install new radio drivers and firmware, which is explained next.

7.4.1 - Solve Access Point Radio and Firmware Issues
The diagram depicts a systematic approach to W LAN troubleshooting. The topology is presented, followed by a three-step approach to solving the problem.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh with dual trunk links. In addition:
Switch S1 is connected to router R1.
Switch S2 is connected to wired PC1 and PC2.
Switch S2 is connected to AP WRS2.
Switch S3 is connected to AP WRS3.
AP WRS2 is communicating with two wireless laptops.
AP WRS3 is not communicating with one wireless laptop.

Situation: The laptop does not have connectivity with AP WRS3.

Approach:
Standard troubleshooting practice.
Step One. Eliminate the user PC as the source of the problem.
Step Two. Confirm the physical status of the devices.
Step Three. Inspect wired links.

Page 2:
Updating the Access Point Firmware

Caution: Do not upgrade the firmware unless you are experiencing problems with the access point or the new firmware has a feature you want to use.

The firmware for a Linksys device, such as the one used in the labs on this course, is upgraded using the web-based utility. Follow these instructions:

Click the Download Firmware button in the figure.

Step 1. Download the firmware from the web. For a Linksys WTR300N, go to http://www.linksys.com.

Click the Select Firmware to Install button in the figure.

Step 2. Extract the firmware file on your computer.

Step 3. Open the web-based utility, and click the Administration tab.

Step 4. Select the Firmware Upgrade tab.

Step 5. Enter the location of the firmware file, or click the Browse button to find the file.

Click the Run Firmware Upgrade button in the figure.

Step 6. Click the Start to Upgrade button and follow the instructions.

7.4.1 - Solve Access Point Radio and Firmware Issues
The diagram depicts updating the access point firmware, which is a six-step process that involves downloading the firmware, browse for the firmware to install, and running the firmware upgrade.

Step One. Download the correct firmware. For a Linksys WRT300N, go to http://www.linksys.com.

Step Two. Extract the firmware file on your computer.

Step Three. Open the Linksys G U I web-based utility, and click the Administration tab.

Step Four. Select the Firmware Upgrade tab.

Step Five. Enter the location of the firmware file, or click the Browse button to find the file.

Step Six. Click the Start to Upgrade button and follow the instructions.

7.4.2 Incorrect Channel Settings

Page 1:
Click the Problem button in the figure.

If users report connectivity issues in the area between access points in an extended service set WLAN, there could be a channel setting issue.

Click the Reason button in the figure.

Most WLANs today operate in the 2.4 GHz band, which can have as many as 14 channels, each occupying 22 MHz of bandwidth. Energy is not spread evenly over the entire 22 MHz, rather the channel is strongest at its center frequency, and the energy diminishes toward the edges of the channel. The concept of the waning energy in a channel is shown by the curved line used to indicate each channel. The high point in the middle of each channel is the point of highest energy. The figure provides a graphical representation of the channels in the 2.4 GHz band.

A full explanation of the way energy is spread across the frequencies in a channel is beyond the scope of this course.

Click the Solution button in the figure.

Interference can occur when there is overlap of channels. It is worse if the channels overlap close to the center frequencies, but even if there is minor overlap, signals interfere with each other. Set the channels at intervals of five channels, such as channel 1, channel 6, and channel 11.

7.4.2 - Incorrect Channel Settings
The diagram depicts resolving issues of incorrect channel settings for a wireless AP. The topology is presented, followed by the reason and solution to the problem.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh with dual trunk links. In addition:
Switch S1 is connected to router R1.
Switch S2 is connected to wired PC1 and PC2.
Switch S2 is connected to AP WRS2.
Switch S3 is connected to AP WRS3.
AP WRS2 is communicating with a wireless laptop and using channel two.
AP WRS3 is communicating with a wireless laptop and using channel one.

Problem: Users report connectivity issues in the area between access points in an extended service set W LAN.

Reason: There could be a channel setting issue. The diagram shows that channels one and two are in the 2.4 Gigahertz band, are adjacent, and have a 12-Megahertz overlap.

Solution: Reset the AP's to non-overlapping channels. In the example shown, the Linksys G U I interface is used to set AP WRS2 to channel six, which results in no overlap with AP WRS3 on channel one.

7.4.3 Solve Access Point Radio and Firmware Issues

Page 1:
Solving RF Interference

Incorrect channel settings are part of the larger group of problems with RF interference. WLAN administrators can control interference caused by channel settings with good planning, including proper channel spacing.

Click the Problem button in the figure.

Other sources of RF interference can be found all around the workplace or in the home. Perhaps you have experienced the snowy disruption of a television signal when someone nearby runs a vacuum cleaner. Such interference can be moderated with good planning. For instance, plan to place microwave ovens away from access points and potential clients. Unfortunately, the entire range of possible RF interference issues cannot be planned for because there are just too many possibilities.

Click the Reason button in the figure.

The problem with devices such as cordless phones, baby monitors, and microwave ovens, is that they are not part of a BSS, so they do not contend for the channel-they just use it. How can you find out which channels in an area are most crowded?

In a small WLAN environment, try setting your WLAN access point to channel 1 or channel 11. Many consumer items, such as cordless phones, operate on channel 6.

Site Surveys

In more crowded environments, a site survey might be needed. Although you do not conduct site surveys as part of this course, you should know that there are two categories of site surveys: manual and utility assisted.

Manual site surveys can include a site evaluation to be followed by a more thorough utility-assisted site survey. A site evaluation involves inspecting the area with the goal of identifying potential issues that could impact the network. Specifically, look for the presence of multiple WLANs, unique building structures, such as open floors and atriums, and high client usage variances, such as those caused by differences in day or night shift staffing levels.

Click the Solution button in the figure.

There are several approaches to doing utility-assisted site surveys. If you do not have access to dedicated site survey tools, such as Airmagnet, you can mount access points on tripods and set them in locations you think are appropriate and in accordance with the projected site plan. With access points mounted, you can then walk around the facility using a site survey meter in the WLAN client utility of your PC, as shown in screenshot 1 in the figure.

Alternatively, sophisticated tools are available that allow you to enter a facility floor plan. You can then begin a recording of the RF characteristics of the site, which are then shown on the floor plan as you move about the facility with your wireless laptop. An example of an Airmagnet site survey output is shown in screenshot 2 in the figure.

Part of the advantage to utility-assisted site surveys is that RF activity on the various channels in the various unlicensed bands (900 MHz, 2.4 GHz, and 5 GHz) is documented, and you are then able to choose channels for your WLAN, or at very least identify areas of high RF activity, and make provisions for them.

7.4.3 - RF Interference
The diagram depicts solving RF interference issues from other devices. The topology is presented, followed by the reason and solution to the problem.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh with dual trunk links. In addition:
Switch S1 is connected to router R1.
Switch S2 is connected to wired PC1 and PC2.
Switch S2 is connected to AP WRS2.
Switch S3 is connected to AP WRS3.
AP WRS2 is communicating with a wireless laptop.
AP WRS3 is communicating with a wireless laptop.

Problem: Wireless service interruption. The microwave oven and cordless phone are not in the E S S. They hog the 2.4 Gigahertz channels rather than contend for them.

Reason: Sources of RF interference can be found all around the workplace or in the home. The diagram shows how these devices operate on various channels in the 2.4 Gigahertz band and can interfere with wireless AP channels.

Solution: Perform a site survey using one of the following options:
- Use dedicated and sophisticated site survey tools, such as Airmagnet, to check a facility floorplan and record the RF characteristics. The findings are then shown on the floorplan as you move about the facility with your wireless laptop. An example of an Airmagnet site survey is shown in screenshot 2 in the diagram.

- If dedicated site survey tools are not available, mount AP's on tripods and set them in locations based on the projected site plan. Walk around the facility using a site survey meter in the W LAN client utility of your PC (shown in screenshot 1 in the diagram).

7.4.4 Solve Access Point Radio and Firmware Issues

Page 1:
Identify Problems with Access Point Misplacement

In this topic, you will learn how to identify when an access point is incorrectly placed, and how to correctly place the access point in a small- or medium-sized business.

Click the Problem button in the figure.

You may have experienced a WLAN that just did not seem to perform like it should. Perhaps you keep losing association with an access point, or your data rates are much slower than they should be. You may even have done a quick walk-around the facility to confirm that you could actually see the access points. Having confirmed that they are there, you wonder why you continue to get poor service.

Click the Reason button in the figure.

There are two major deployment issues that may occur with the placement of access points:

• The distance separating access points is too far to allow overlapping coverage.
• The orientation of access point antennae in hallways and corners diminishes coverage.

Click the Solution button in the figure.

Fix access point placement as follows:

Confirm the power settings and operational ranges of access points and place them for a minimum of 10 to 15% cell overlap, as you learned earlier this chapter.

Change the orientation and positioning of access points:

• Position access points above obstructions.
• Position access points vertically near the ceiling in the center of each coverage area, if possible.
• Position access points in locations where users are expected to be. For example, large rooms are typically a better location for access points than a hallway.

The figure explores these issues in a problem, reason, solution sequence.

Click each of the buttons to advance through the graphic.

Some additional specific details concerning access point and antenna placement are as follows:

• Ensure that access points are not mounted closer than 7.9 inches (20 cm) from the body of all persons.
• Do not mount the access point within 3 feet (91.4 cm) of metal obstructions.
• Install the access point away from microwave ovens. Microwave ovens operate on the same frequency as the access point and can cause signal interference.
• Always mount the access point vertically (standing up or hanging down).
• Do not mount the access point outside of buildings.
• Do not mount the access point on building perimeter walls, unless outside coverage is desired.
• When mounting an access point in the corner of a right-angle hallway intersection, mount it at a 45-degree angle to the two hallways. The access point internal antennas are not omnidirectional and cover a larger area when mounted this way.

7.4.4 - Access Point Misplacement
The diagram depicts problems with access point misplacement. The topology is presented, followed by the reason and solution to the problem.

Problem: Wireless clients keep losing association with an access point, or data rates are much slower than they should be.

Reason: Part one of the diagram shows a wireless client in a location between AP's that are too far apart. The client cannot associate with either WRS2 or WRS3. The distance separating the access points is too far to allow overlapping coverage.

Part two of the diagram shows a wireless client in a location where it cannot associate with an AP because of the orientation of the access point antennae in the hallways and corners, which diminishes coverage.

Solution:
Part one:
Confirm the power settings and operational ranges of the AP's, and place them for a minimum of 10 to 15 percent cell overlap.

Part Two:
Change the orientation and positioning of the access points to improve coverage.

7.4.5 Problems with Authentication and Encryption

Page 1:
The WLAN authentication and encryption problems you are most likely to encounter, and that you will be able to solve, are caused by incorrect client settings. If an access point is expecting one type of encryption, and the client offers a different type, the authentication process fails.

Encryption issues involving the creation of dynamic keys and the conversations between an authentication server, such as a RADIUS server, and a client through an access point are beyond the scope of this course.

Remember, all devices connecting to an access point must use the same security type as the one configured on the access point. Therefore, if an access point is configured for WEP, both the type of encryption (WEP) and the shared key must match between the client and the access point. If WPA is being used, the encryption algorithm is TKIP. Similarly, if WPA2 or 802.11i is used, AES is required as the encryption algorithm.

7.4.5 - Problems with Authentication and Encryption
The diagram depicts problems with W LAN authentication and encryption. The topology is presented, following by the reason and solution to the problem.

Problem: The wireless client attempts to connect to an AP, and the connections fails.

Reason: If the access point is expecting one type of encryption, and the client offers a different type, the authentication process fails. This can be due to the wrong encryption type set on the client or wrong credentials supplied. For example, the access point might expect 32 characters in the key from the client.

Solution: Using the client wireless utility, set the encryption type to match that of the AP, and set the credential supplied by the client to match those expected by the AP. For example, the client matches its key to 32 characters that is expected by the access point. The access point expects 32 characters in the key. The result is successful authentication.

7.5 Chapter Labs

7.5.1 Basic Wireless Configuration

Page 1:
In this lab, you will configure a Linksys WRT300N, port security on a Cisco switch, and static routes on multiple devices. Make note of the procedures involved in connecting to a wireless network because some changes involve disconnecting clients, which may then have to reconnect after making changes to the configuration.

7.5.1 - Basic Wireless Configuration
Link to Hands-on Lab: Basic Wireless Configuration

7.5.2 Challenge Wireless Configuration

Page 1:
In this lab, you will learn how to configure a Linksys WRT300N. You will also learn how to configure port security on a Cisco switch, as well as configuring static routes on multiple devices. Make note of the procedures involved in connecting to a wireless network, because some changes involve disconnecting current clients and then reconnecting to the device after configuration changes.

7.5.2 - Challenge Wireless Configuration
Link to Hands-on Lab: Challenge Wireless Configuration

Page 2:
In this activity, you will configure a Linksys WRT300N, port security on a Cisco switch, and static routes on multiple devices. Make note of the procedures involved in connecting to a wireless network because some changes involve disconnecting clients, which may then have to reconnect after making changes to the configuration.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

7.5.2 - Challenge Wireless Configuration
Link to Packet Tracer Exploration: Challenge Wireless WRT300N

7.5.3 Troubleshooting Wireless Configuration

Page 1:
In this lab, a basic network and wireless network have been configured improperly. You must find and correct the misconfigurations based on the minimum network specifications provided by your company.

7.5.3 - Troubleshooting a Wireless Configuration
Link to Hands-on Lab: Troubleshooting a Wireless Configuration

Page 2:
In this activity, a basic network and wireless network have been configured improperly. You must find and correct the misconfigurations based on the minimum network specifications provided by your company.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

7.5.3 - Troubleshooting a Wireless Configuration
Link to Packet Tracer Exploration: Troubleshooting Wireless WRT300N

7.6 Chapter Summary

7.6.1 Chapter Summary

Page 1:
In this chapter, we discussed the evolving wireless LAN standards, including IEEE 802.11a, b, g and now, draft n. Newer standards take into account the need to support voice and video and the requisite quality of service.

A single access point connected to the wired LAN provides a basic service set to client stations that associate to it. Multiple access points that share a service set identifier combine to form an extended service set. Wireless LANs can be detected by any radio-enabled client device and therefore may enable access by attackers that do not have access to a wired-only network.

Methods such as MAC address filtering and SSID masking can be part of a security best practice implementation, but these methods alone are easily overcome by a determined attacker. WPA2 and 802.1x authentication provide very secure wireless LAN access in an enterprise network.

End users have to configure a wireless NICs on their client stations which communicate with and associate to a wireless access point. Both the access point and wireless NICs must be configured with similar parameters, including SSID, before association is possible. When configuring a wireless LAN, ensure that the devices have the latest firmware so that they can support the most stringent security options. In addition to ensuring compatible configuration of wireless security settings, troubleshooting wireless LANs involves resolving RF problems.

7.6.1 - Summary and Review
In this chapter, you have learned the following:
- Evolving standards, including 8 0 2 dot 11a, b, g, and now draft n, allow powerful applications, such as voice, to be deployed as mobility services over wireless LAN's.
- A single access point connected to the wired LAN provides a basic service set to client stations that associate to it. Multiple access points that share an SSID combine to form an extended service set.
- Wireless LAN's can be detected by any radio-enabled client device, and therefore potentially allow access to attackers that may not have had access to a wired-only network.
- Methods such as MAC address filtering and SSID masking can be part of a security best practice, but these methods alone are easily overcome by a determined attacker. PSK2 Enterprise with 8 0 2 dot 1x authentication should be the minimum security used in an enterprise wireless LAN.
- Both access points and wireless NIC's must be configured with similar parameters, such as the SSID, before association is possible.
- When you configure a wireless LAN, ensure that the devices have the latest firmware so that they can all be configured correctly and with the latest available settings, for instance, PSK2 Enterprise.
- If wireless devices are disconnecting from the wireless LAN, check channel settings and for interference from common devices, such as microwave ovens and cordless phones.

Page 2:

7.6.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question One. Match the term with the appropriate description.
Answer:
A. Wireless router: Performs the role of a switch, a router, and an access point.
B. Wireless NIC: Encodes a data stream onto an RF signal.
C. Wireless access point: Not required for RF communication between two devices.

Question Two. What is the abbreviation for each of the wireless technologies described?
Answer:
Open Access: SSID.
- No encryption.
- Basic authentication.
- Not a security handle.

First Generation Encryption: WEP.
- No strong authentication.
- Static, breakable keys.
- Not scalable.

Interim: WPA
- Standardized.
- Improved encryption.
- Strong, user-based authentication (for example, LEAP, PEAP, E AP-FAST).

Present: 8 0 2 dot 11i or WPA2
- An E S Encryption.
- Authentication: 8 0 2 dot 1x.
- Dynamic key management.
- WPA2 is the WiFi Alliance implementation of 8 0 2 dot 11i.

Question Three. For the most rudimentary wireless security, which two of the displayed settings should be changed?

Refer to the following diagram description to answer the question.
The Linksys G U I Wireless Tab screenshot shows the Basic Wireless Settings option selected.
The Linksys G U I screenshot shows the following parameter settings:
Wireless Network Name (SSID): linksys-n.
Wireless Network Mode: B / G / N Mixed.
Wireless Channel: 6 - 2.437 Gigahertz.
Wireless SSID Broadcast: Enabled.

Answer:
One. Change the SSID to something other than Linksys (the default).
Two. Change the SSID broadcast setting to disabled.


Question Four. The wireless laptop associated with WRS3 is unable to communicate with the rest of the network. What are three possible problems?
Refer to the following diagram description to answer the question.

Network Topology:
Three switches, S1, S2, and S3, are interconnected in a full mesh with dual trunk links. In addition:
Switch S1 is connected to router R1.
Switch S2 is connected to wired PC1 and PC2.
Switch S2 is connected to AP WRS2.
Switch S3 is connected to AP to WRS3.
AP WRS2 is communicating with two wireless laptops.
AP WRS3 is not communicating with any wireless laptop.

Situation: The laptop does not have connectivity with AP WRS3.

Possible Answers:
1. The SSID does not match the SSID of WRS3.
2. The security mode does not match that of WRS3 (for example, WEP, WPA, or WPA2).
3. The security key does not match that of WRS3.
4. The channel setting does not match that of WRS3.
5. There is RF interference or the distance to WRS3 is too great.
6. The drivers on the laptop need to be upgraded to support the appropriate wireless protocol.
7. The firmware on WRS3 needs to be upgraded to support the appropriate wireless protocol.
8. The laptop user is unable to authenticate to obtain network access.

Page 3:
In this final Packet Tracer Skills Integration Challenge activity for the Exploration: LAN Switching and Wireless course, you will apply all the skills you have learned including configuring VLANs and VTP, optimizing STP, enabling inter-VLAN routing and integrating wireless connectivity.

Detailed instructions are provided within the activity as well as in the PDF link below.

Activity Instructions (PDF)

Click the Packet Tracer icon for more details.

7.6.1 - Summary and Review
Link to Packet Tracer Exploration: Packet Tracer Skills Integration Challenge

7.7 Chapter Quiz

7.7.1 Chapter Quiz

Page 1:

7.7.1 - Chapter Quiz
1.Match the wireless standard to the appropriate description.
Standards:
8 0 2 dot 11b.
8 0 2 dot 11g.
8 0 2 dot 11a.
8 0 2 dot 11n.

Descriptions:
Specifies data rates of 1, 2, 5.5, and 11 Megabits per second due to differently sized spreading sequences specified in the DSSS modulation technique.

Uses the 5.7 Gigahertz band with less interference, but obstructions can affect performance and limit range.

Uses multiple radios and antennae at endpoints, each broadcasting on the same frequency to establish multiple streams.

Uses the 8 0 2 dot 11 MAC address, but with higher data rates in the 2.4 Gigahertz I SM band by using the OFDM modulation technique.

2.Match the wireless device to the appropriate description.
Devices:
Wireless NIC.
Access point.
Wireless router.

Descriptions:
Connects multiple wireless clients or stations to the wired LAN.

Connects two separated, isolated wired networks together.

Encodes a data stream onto an RF signal using the configured modulation technique.

3.At which layer of the O S I model do wireless access points operate?
A.Physical.
B.Data link.
C.Network.
D.Application.

4.Which two steps are required for a wireless client to associate with an access point? (Choose two.)
A.IP addressing.
B.Wireless address translation.
C.Wireless client authentication.
D.Channel identification.
E.Wireless client association.

5.Which three W LAN client authentication types require a preprogrammed network key to be set on the client? (Choose three.)
A.Open with data encryption disabled.
B.Shared with data encryption algorithm WEP.
C.WPA with data encryption algorithm TKIP.
D.WPA-PSK with data encryption algorithm TKIP
E.WPA2 with data encryption algorithm A E S.
F.WPA2-PSK with data encryption algorithm A E S.

6.Which two items contribute to the security of a W LAN? (Choose two.)
A.WPA2.
B.Use of multiple channels.
C.Hiding the SSID.
D.Open authentication.
E.A E S.

7.Which term is used for products that are tested to be interoperable in both PSK and 8 0 2 dot 1x / Extensible Authentication Protocol (E AP) operation for authentication?
A.Personal mode.
B.WPA2 compatible.
C.RADIUS authenticated.
D.Enterprise mode.
E.Pre-shared key authenticated.

8.To help ensure a secure wireless network, most enterprise networks should follow which i e e e standard?
A.8 0 2 dot 11a
B.8 0 2 dot 11b
C.8 0 2 dot 11c
D.8 0 2 dot 11i

9.Refer to the diagram description to answer the question.
A screenshot of the Linksys G U I shows the wireless security screen and the network authentication entry area with Open as the default. Other options are listed as potential answers.

Which method of network authentication provides the highest level of security?
A.Open
B.Shared
C.WPA
D.WPA-PSK

10.Which two combinations of 8 0 2 dot 11b RF channels would allow two wireless AP's to operate simultaneously in the same room with no channel overlap? (Choose two.)
A.Channels 10 and 6.
B.Channels 9 and 6.
C.Channels 8 and 5.
D.Channels 7 and 2.
E.Channels 6 and 2.
F.Channels 6 and 11.

11.Why do cordless devices, such as telephones, sometimes interfere with wireless access points?
A.These devices operate at similar frequencies.
B.These devices operate at the same frequencies and have higher RF power settings.
C.These devices flood the entire frequency spectrum with low power noise, which may cause loss of signal for wireless devices trying to connect with an access point.
D.The signal from the cordless device is non-polarized and combines with the access point polarized signal, thus reducing overall signal strength.

12.Refer to the diagram description to answer the question.
A laptop computer is positioned at the intersection of two AP range areas that overlap.

What is the recommended overlap between the two wireless access points to provide proper connectivity for users?
A.5 to 10 percent
B.10 to15 percent
C.15 to 20 percent
D.20 to 25 percent

13.Match the authentication method to the correct encryption algorithm or security protocol it would use.
Authentication Methods:
Open.
WEP.
WPA.
WPA2.

Protocols:
A E S.
Disabled.
RC4.
TKIP.

14.Which W LAN client settings would be reviewed to resolve encryption problems with the access point?
A.Wireless mode (8 0 2 dot 11a, 8 0 2 dot 11b, 8 0 2 dot 11g).
B.Wireless network card drivers.
C.Channel selection for ad hoc network.
D.TCP/IP properties.
E.Wireless association properties.