CCNA3-1 Chapter 7-1 Make up Class Tugas hari ini (30 Mei 2012): Baca Chapter 7 CNAP Wireless LAN Baca Chapter 7 CNAP Wireless LAN

CCNA3-1 Chapter 7-1

Make up ClassMake up Class

Tugas hari ini (30 Mei 2012):Tugas hari ini (30 Mei 2012):•Baca Chapter 7 CNAP Wireless LANBaca Chapter 7 CNAP Wireless LAN•http://tif.bakrie.ac.id/cnap/3

Make Up Class:Make Up Class:•Pengganti kelas reguler 6 Juni 2012Pengganti kelas reguler 6 Juni 2012•Make up schedule:Make up schedule:

• 12 Juni 201212 Juni 2012• 10.10 – 12.4010.10 – 12.40• Ruang 8Ruang 8

CCNA3-2 Chapter 7-1

Chapter 7Chapter 7

Basic Wireless ConceptsBasic Wireless Conceptsand Configurationand Configuration

CCNA3-3 Chapter 7-1

Note for InstructorsNote for Instructors

• These presentations are the result of a collaboration among These presentations are the result of a collaboration among the instructors at St. Clair College in Windsor, Ontario.the instructors at St. Clair College in Windsor, Ontario.

• Thanks must go out to Rick Graziani of Cabrillo College. His Thanks must go out to Rick Graziani of Cabrillo College. His material and additional information was used as a reference material and additional information was used as a reference in their creation.in their creation.

• If anyone finds any errors or omissions, please let me know If anyone finds any errors or omissions, please let me know at: at:

• [email protected]@stclaircollege.ca.

CCNA3-4 Chapter 7-1

Basic Wireless Concepts and ConfigurationBasic Wireless Concepts and Configuration

The Wireless LANThe Wireless LAN

CCNA3-5 Chapter 7-1

• Business networks today are evolving to support people who Business networks today are evolving to support people who are on the move.are on the move.

• Productivity isProductivity is no longer restricted no longer restricted to a fixed work location to a fixed work location or a defined time period. or a defined time period.

• People now expect to be connected People now expect to be connected at any time and at any time and placeplace, from the office to the airport or even the home. , from the office to the airport or even the home.

• Now employees can check Now employees can check e-mail, voice mail, and the e-mail, voice mail, and the status of productsstatus of products on personal digital assistants (PDAs) on personal digital assistants (PDAs) while at many temporary locations.while at many temporary locations.

• At home, the At home, the method of accessing the Internetmethod of accessing the Internet has has quickly moved from temporary modem dialup service to quickly moved from temporary modem dialup service to dedicated DSL or cable service. dedicated DSL or cable service.

Why Use Wireless?Why Use Wireless?

CCNA3-6 Chapter 7-1


• Early communication relied on face-to-face conversations.Early communication relied on face-to-face conversations.• The telephone was used for voice and the post office The telephone was used for voice and the post office

delivered most of the written communications. delivered most of the written communications. • Video communication was one-way using the television.Video communication was one-way using the television.

CCNA3-7 Chapter 7-1


• Early networks were limited to character based information.Early networks were limited to character based information.• Communications between computers was not easy and Communications between computers was not easy and

required a host (no pun intended) of resources to accomplish required a host (no pun intended) of resources to accomplish the simplest data transfer.the simplest data transfer.

CCNA3-8 Chapter 7-1


• Today’s networks carry multiple types of information through Today’s networks carry multiple types of information through many types of devices - many types of devices - SIMULTANEOUSLYSIMULTANEOUSLY..

• People expect immediate response wherever they are People expect immediate response wherever they are located.located.

Silver and Diamond Cell Phone $1.3Million

Wind Energy Cell Phone Charger

CCNA3-9 Chapter 7-1

• In addition to the flexibility that WLANs offer, another In addition to the flexibility that WLANs offer, another important benefit is important benefit is reduced costsreduced costs..

• Moving persons within a building with a wireless Moving persons within a building with a wireless infrastructure.infrastructure.

• Moving into a new building with no wired infrastructure.Moving into a new building with no wired infrastructure.

Wireless vs WiredWireless vs Wired

Wired NetworkWired Network Wireless NetworkWireless Network

ComponentComponent QtyQty CostCost TotalTotal QtyQty CostCost TotalTotal

Switches, Switches, cabinets, etc.cabinets, etc. 167167 3,3503,350 559,450559,450 2525 4,4044,404 110,100110,100

CablingCabling 7,5007,500 4545 337,500337,500 430430 7575 61,92061,920

Network AdaptersNetwork Adapters 2,5002,500 5757 142,500142,500 2,5002,500 7777 192,500192,500

Wireless Access Wireless Access PointsPoints 250250 1,0341,034 258,500258,500

POE AdaptersPOE Adapters 4040 6767 2,6802,680

TotalTotal 1,039,4501,039,450 364,520364,520

Note: Values are estimates and do not reflect actual pricing.Note: Values are estimates and do not reflect actual pricing.Note: Values are estimates and do not reflect actual pricing.Note: Values are estimates and do not reflect actual pricing.

CCNA3-10 Chapter 7-1

• Most current business networks rely on switch-based LANs Most current business networks rely on switch-based LANs for day-to-day operation inside the office.for day-to-day operation inside the office.

• Workers are becoming more mobile and want to Workers are becoming more mobile and want to maintain maintain access to their business LAN resourcesaccess to their business LAN resources from locations other from locations other than their desks.than their desks.

Wireless LANsWireless LANs


• The Wireless LAN, then, is an extension of the Ethernet LAN.The Wireless LAN, then, is an extension of the Ethernet LAN.

Wireless LANsWireless LANs


Comparing a WLAN to a LANComparing a WLAN to a LAN

Network Architecture StandardsNetwork Architecture StandardsNetwork Architecture StandardsNetwork Architecture Standards

Physical MediaPhysical MediaPhysical MediaPhysical Media


Comparing a WLAN to a LANComparing a WLAN to a LAN

Wireless Access Points (AP) Wireless Access Points (AP) instead of a switch.instead of a switch.

Wireless Access Points (AP) Wireless Access Points (AP) instead of a switch.instead of a switch.

Privacy Privacy IssuesIssuesPrivacy Privacy IssuesIssues


• Additional components and protocolsAdditional components and protocols are used for 802.11 are used for 802.11 wireless connections to extend the 802.3 Ethernet LAN. wireless connections to extend the 802.3 Ethernet LAN.

Wireless LAN ComponentsWireless LAN Components

Wireless Access Wireless Access Point (AP)Point (AP)

Wireless Access Wireless Access Point (AP)Point (AP)


• 802.11 wireless LAN802.11 wireless LAN::• An IEEE standard that defines how radio frequency (RF) An IEEE standard that defines how radio frequency (RF)

in the unlicensed industrial, scientific, and medical in the unlicensed industrial, scientific, and medical (ISM) (ISM) frequency bands is used for the frequency bands is used for the Physical layerPhysical layer and the and the MAC sub-layerMAC sub-layer of wireless links. of wireless links.

• Typically, the choice of which standard to use is based on Typically, the choice of which standard to use is based on data ratedata rate. .

Wireless LAN StandardsWireless LAN Standards

Final ratification Final ratification expected in expected in

November, 2009November, 2009

Final ratification Final ratification expected in expected in

November, 2009November, 2009


• Data Rates are affected by modulation technique:Data Rates are affected by modulation technique:• Direct Sequence Spread SpectrumDirect Sequence Spread Spectrum (DSSS) (DSSS)::

• Simpler of the two methods.Simpler of the two methods.• Less expensive to implement.Less expensive to implement.• 802.11b and 802.11g.802.11b and 802.11g.

• Orthogonal Frequency Division Multiplexing Orthogonal Frequency Division Multiplexing (OFDM)(OFDM)::• Faster data rates than DSSS.Faster data rates than DSSS.• 802.11a, 802.11g, 802.11n.802.11a, 802.11g, 802.11n.



Direct Sequence Spread Spectrum (DSSS)Direct Sequence Spread Spectrum (DSSS)

• Each bit represented by multiple bits using spreading codeEach bit represented by multiple bits using spreading code• Spreading code spreads signal across wider frequency bandSpreading code spreads signal across wider frequency band

• In proportion to number of bits usedIn proportion to number of bits used• 10 bit spreading code spreads signal across 10 times bandwidth of 1 10 bit spreading code spreads signal across 10 times bandwidth of 1

bit codebit code

• One method:One method:• Combine input with spreading code using XORCombine input with spreading code using XOR• Input bit 1 inverts spreading code bitInput bit 1 inverts spreading code bit• Input zero bit doesn’t alter spreading code bitInput zero bit doesn’t alter spreading code bit• Data rate equal to original spreading codeData rate equal to original spreading code

• Performance similar to FHSS (frequency hopping spread Performance similar to FHSS (frequency hopping spread spectrum)spectrum)


Direct Sequence Spread Spectrum ExampleDirect Sequence Spread Spectrum Example


OFDMOFDM

• Dividing transmission bandwidth into many sub-channels Dividing transmission bandwidth into many sub-channels which are transmitted in parallelwhich are transmitted in parallel


2200

General OFDM Modulation and DemodulationGeneral OFDM Modulation and Demodulation

SymbolMapping S/

P

IFF

T

P/S Add

Guardbits

PSK or QAM

RF

RFRemoveGuard S

/P

FF

T

P/S

FrequencyDomain

Equalizer

SymbolDe-

Mapping

bits

PSK or QAM

frequency

Complete OFDM ModulationComplete OFDM Modulation


• 802.11a Standard:802.11a Standard:• OFDMOFDM modulation and uses the modulation and uses the 5 GHz band5 GHz band..

• Less likely to experience interferenceLess likely to experience interference than devices than devices that operate in the 2.4 GHz band because there are that operate in the 2.4 GHz band because there are fewer consumer devices that use the 5 GHz band.fewer consumer devices that use the 5 GHz band.



• 802.11a Standard:802.11a Standard:• DisadvantagesDisadvantages to using the 5GHz band. to using the 5GHz band.

• More easily absorbed by walls (obstructions).More easily absorbed by walls (obstructions).• Slightly poorer range than 802.11g.Slightly poorer range than 802.11g.• Some countries prohibit use.Some countries prohibit use.



• 802.11b and 802.11g Standard:802.11b and 802.11g Standard:• Both use the 2.4 GHz band.Both use the 2.4 GHz band.

• 802.11b:802.11b:• Up to Up to 1111 Mb/s using Mb/s using DSSSDSSS..

• 802.11g:802.11g:• Up to Up to 5454 Mb/s using Mb/s using OFDMOFDM..• Backward compatible. Backward compatible.



• 2.4 GHz band:2.4 GHz band:• Advantage:Advantage:

• Better range than the 5GHz band since devices are Better range than the 5GHz band since devices are not as easily obstructed.not as easily obstructed.

• Disadvantage:Disadvantage:• Many other devices use this band so it is prone to Many other devices use this band so it is prone to

interference (microwave ovens, baby monitors, interference (microwave ovens, baby monitors, BluetoothBluetooth, cordless phones)., cordless phones).



• 802.11n: (November 2009)802.11n: (November 2009)• Intended to improve WLAN data rates and range without Intended to improve WLAN data rates and range without

requiring additional power or RF band allocation.requiring additional power or RF band allocation.• UsesUses multiple radios and antennae at endpoints multiple radios and antennae at endpoints, each , each

broadcasting on the same frequency to establish multiple broadcasting on the same frequency to establish multiple streams.streams.• Multiple Input / Multiple OutputMultiple Input / Multiple Output (MIMO) and OFDM (MIMO) and OFDM..• Theoretical maximum of 248 Mb/s.Theoretical maximum of 248 Mb/s.



• Wi-Fi Alliance:Wi-Fi Alliance:• March, 2000.March, 2000.• A global, nonprofit, industry tradeA global, nonprofit, industry trade

association devoted to promoting theassociation devoted to promoting thegrowth and acceptance of WLANs.growth and acceptance of WLANs.

• The Wi-Fi Alliance’s testing and certification programs The Wi-Fi Alliance’s testing and certification programs help ensure the interoperability of WLAN products based help ensure the interoperability of WLAN products based on the IEEE 802.11 specification.on the IEEE 802.11 specification.

• More than 4,000 products certified.More than 4,000 products certified.

WI-FI CertificationWI-FI Certification


• Three key organizationsThree key organizations that influence that influenceWLAN standards:WLAN standards:

• International Telecommunications UnionInternational Telecommunications UnionRadiocommunication Sector Radiocommunication Sector (ITU-R)(ITU-R)::• Regulates the allocation of the RF spectrum.Regulates the allocation of the RF spectrum.

• Institute of Electrical and Electronic Engineers Institute of Electrical and Electronic Engineers (IEEE)(IEEE)::• Specifies how RF is modulated to carry the Specifies how RF is modulated to carry the

information. (802.3 Ethernet, 802.11 Wireless LAN).information. (802.3 Ethernet, 802.11 Wireless LAN).• Wi-Fi Alliance:Wi-Fi Alliance:

• Ensures that devices are inter-operable.Ensures that devices are inter-operable.

WI-FI CertificationWI-FI Certification


• Wireless NICs:Wireless NICs:• The device that makes a client station capable of sending The device that makes a client station capable of sending

and receiving RF signals is the wireless NIC.and receiving RF signals is the wireless NIC.• Like an Ethernet NIC, the wireless NIC, using the Like an Ethernet NIC, the wireless NIC, using the

modulation technique it is configured to use, modulation technique it is configured to use, encodes a encodes a data stream onto an RF signaldata stream onto an RF signal. .

• Wireless NICs are most often associated with mobile Wireless NICs are most often associated with mobile devices, such as laptop computers.devices, such as laptop computers.

Wireless Infrastructure ComponentsWireless Infrastructure Components



• Wireless Access Points:Wireless Access Points:• An access point is a Layer 2 device that functions like an An access point is a Layer 2 device that functions like an

802.3 Ethernet hub.802.3 Ethernet hub.• Connects wireless clients (or stations) to the wired LAN.Connects wireless clients (or stations) to the wired LAN.• Client devices communicate with the AP – not each other.Client devices communicate with the AP – not each other.• Converts the TCP/IP data packets from their 802.11 Converts the TCP/IP data packets from their 802.11

frame encapsulation to the 802.3 Ethernet frame format.frame encapsulation to the 802.3 Ethernet frame format.• Clients must Clients must associateassociate with an access point to obtain with an access point to obtain

network services.network services.• Association:Association:

• The process by which a client joins an 802.11 The process by which a client joins an 802.11 network. It is similar to plugging into a wired LAN.network. It is similar to plugging into a wired LAN.



• CSMA/CA:CSMA/CA:• CCarrier arrier SSense ense MMultiple ultiple AAccess with ccess with CCollision ollision AAvoidance.voidance.

• This simply means that devices on a WLAN must This simply means that devices on a WLAN must sense the medium for energysense the medium for energy (RF stimulation above a (RF stimulation above a certain threshold) certain threshold) and waitand wait until the medium is free until the medium is free before sending.before sending.

• If an access point receives data from a client station, it If an access point receives data from a client station, it sends an sends an acknowledgementacknowledgement to the client that the data to the client that the data has been received.has been received.

• This This acknowledgementacknowledgement keeps the client from keeps the client from assuming that a collision occurred and assuming that a collision occurred and prevents a prevents a data retransmissiondata retransmission by the client. by the client.



• CSMA/CA:CSMA/CA:• RF signals RF signals attenuateattenuate..

• That means that they That means that they lose their energylose their energy as they move as they move away from their point of origin.away from their point of origin.

• Hidden Node/Station Problem:Hidden Node/Station Problem:• Two client stations that both connect to the access Two client stations that both connect to the access

point, point, but are at opposite sides of its reach.but are at opposite sides of its reach.• If they are at the maximum range to reach the access If they are at the maximum range to reach the access

point, they will not be able to reach each other.point, they will not be able to reach each other.• Neither of those stations sense the other on the Neither of those stations sense the other on the

medium, and they may end up transmitting medium, and they may end up transmitting simultaneously.simultaneously.



• CSMA/CA:CSMA/CA:• One means of resolving theOne means of resolving the

hidden node problem is ahidden node problem is afeature called request tofeature called request tosend/clear to sendsend/clear to send(RTS/CTS)(RTS/CTS). .

• When RTS/CTS is enabledWhen RTS/CTS is enabledin a network,in a network, access points access pointsallocate the medium to the requesting station for as long allocate the medium to the requesting station for as long as is required to complete the transmissionas is required to complete the transmission. .

• When the transmission is complete, other stations can When the transmission is complete, other stations can request the channelrequest the channel in a similar fashion. in a similar fashion.

Remember, stations actually Remember, stations actually communicate through the Access communicate through the Access

Point. The access point has a Point. The access point has a single channel for all traffic.single channel for all traffic.

Remember, stations actually Remember, stations actually communicate through the Access communicate through the Access

Point. The access point has a Point. The access point has a single channel for all traffic.single channel for all traffic.



• Wireless Routers:Wireless Routers:• Wireless routers perform the role of access point, Wireless routers perform the role of access point,

Ethernet switch, and router.Ethernet switch, and router.• The Linksys WRT54GL is most commonly used as a The Linksys WRT54GL is most commonly used as a

small business or residential wireless access device. small business or residential wireless access device. • The expected load on the device is low enough that it The expected load on the device is low enough that it

should be able to manage the provision of WLAN, 802.3 should be able to manage the provision of WLAN, 802.3 Ethernet, and connect to an ISP.Ethernet, and connect to an ISP.


Wireless OperationWireless Operation

• Configurable Wireless Parameters:Configurable Wireless Parameters:

802.11g is 802.11g is backward backward compatiblecompatible with 802.11.b. with 802.11.b.

MixedMixed mode supports both. mode supports both.

802.11g is 802.11g is backward backward compatiblecompatible with 802.11.b. with 802.11.b.

MixedMixed mode supports both. mode supports both.




A A shared service set identifier (SSID)shared service set identifier (SSID) is a unique is a unique identifier that client devices use to distinguish between identifier that client devices use to distinguish between

multiple wireless networks in the same vicinity. multiple wireless networks in the same vicinity.

A A shared service set identifier (SSID)shared service set identifier (SSID) is a unique is a unique identifier that client devices use to distinguish between identifier that client devices use to distinguish between

multiple wireless networks in the same vicinity. multiple wireless networks in the same vicinity.

Several access points Several access points can share an SSID.can share an SSID.

Several access points Several access points can share an SSID.can share an SSID.

Alphanumeric, case-sensitive, Alphanumeric, case-sensitive, from 2 to 32 characters.from 2 to 32 characters.

Alphanumeric, case-sensitive, Alphanumeric, case-sensitive, from 2 to 32 characters.from 2 to 32 characters.




The IEEE 802.11 standard establishes theThe IEEE 802.11 standard establishes thechannelization schemechannelization scheme for the use for the use

of the unlicensed of the unlicensed ISM RF bandsISM RF bands in WLANs. in WLANs.

The The 2.4 GHz2.4 GHz band is broken down into band is broken down into11 channels11 channels for North America for North Americaand and 13 channels13 channels for Europe. for Europe.

The IEEE 802.11 standard establishes theThe IEEE 802.11 standard establishes thechannelization schemechannelization scheme for the use for the use

of the unlicensed of the unlicensed ISM RF bandsISM RF bands in WLANs. in WLANs.

The The 2.4 GHz2.4 GHz band is broken down into band is broken down into11 channels11 channels for North America for North Americaand and 13 channels13 channels for Europe. for Europe.

Each arc represents 1 channel.Each arc represents 1 channel.Each arc represents 1 channel.Each arc represents 1 channel.

5 MHz overlap5 MHz overlap5 MHz overlap5 MHz overlap

Best practices for WLANs that require Best practices for WLANs that require multiple access points are set to use multiple access points are set to use

non-overlapping channelsnon-overlapping channels. .

Best practices for WLANs that require Best practices for WLANs that require multiple access points are set to use multiple access points are set to use

non-overlapping channelsnon-overlapping channels. .

3 Access Points3 Access Points3 Access Points3 Access PointsMany access points can automatically select a Many access points can automatically select a

channel based on adjacent channel use.channel based on adjacent channel use.Some products continuously monitor the radio space Some products continuously monitor the radio space

to adjust the channel settings dynamically in response to adjust the channel settings dynamically in response to environmental changes.to environmental changes.

Many access points can automatically select a Many access points can automatically select a channel based on adjacent channel use.channel based on adjacent channel use.

Some products continuously monitor the radio space Some products continuously monitor the radio space to adjust the channel settings dynamically in response to adjust the channel settings dynamically in response

to environmental changes.to environmental changes.


Wireless TopologiesWireless Topologies

• WLANs can accommodate various network topologies.WLANs can accommodate various network topologies.• When describing these topologies, the When describing these topologies, the fundamental fundamental

building blockbuilding block of the IEEE 802.11 WLAN architecture is of the IEEE 802.11 WLAN architecture is thethe basic service set basic service set (BSS). (BSS).• BSS:BSS:

• A group of stations that communicate with each A group of stations that communicate with each other.other.

• Three Types:Three Types:• Ad Hoc (Independent Basic Service Set –Ad Hoc (Independent Basic Service Set – IBSS IBSS))• Basic Service Set (Basic Service Set (BSSBSS))• Extended Service Set (Extended Service Set (ESSESS))



• Ad Hoc:Ad Hoc:• Wireless networks can operate without access points.Wireless networks can operate without access points.• Client stations which are configured to operate in ad hoc Client stations which are configured to operate in ad hoc

mode mode configure the wireless parameters between configure the wireless parameters between themselvesthemselves. .



• Basic Service Sets (BSS):Basic Service Sets (BSS):• Access points provide an infrastructure that adds services Access points provide an infrastructure that adds services

and improves the range for clients.and improves the range for clients.• A single access point in infrastructure mode manages the A single access point in infrastructure mode manages the

wireless parameters and the topology is simply a BSS.wireless parameters and the topology is simply a BSS.• The coverage area forThe coverage area for both an IBSS or a BSS both an IBSS or a BSS is the is the

basic service area (BSA)basic service area (BSA). .

Basic Service AreaBasic Service AreaBasic Service AreaBasic Service Area



• Extended Service Sets (ESS):Extended Service Sets (ESS):• When a single BSS provides insufficient RF coverage, When a single BSS provides insufficient RF coverage,

one or more can be joined through a common distribution one or more can be joined through a common distribution system into an extended service set (ESS).system into an extended service set (ESS).

• One BSS is differentiated from another by the One BSS is differentiated from another by the BSS BSS identifier (BSSID)identifier (BSSID)..• The MAC address of the access point.The MAC address of the access point.

• The coverage area is the The coverage area is the extended service area (ESA)extended service area (ESA)..

Different MAC AddressesDifferent MAC Addresses= different BSSIDs.= different BSSIDs.

Different MAC AddressesDifferent MAC Addresses= different BSSIDs.= different BSSIDs.



• Common Distribution System:Common Distribution System:• Allows Allows multiple access pointsmultiple access points in an ESS to appear to be a in an ESS to appear to be a

single BSSsingle BSS..• An ESS generally includes a An ESS generally includes a common SSIDcommon SSID to allow a to allow a

user touser to roam roam from access point to access point. from access point to access point.• Cells Cells represent the coverage area provided by a single represent the coverage area provided by a single

channel. channel. • An ESS should have 10 to 15 percent overlap An ESS should have 10 to 15 percent overlap

between cells.between cells.• Roaming capability created by using non-overlapping Roaming capability created by using non-overlapping

channels (e.g. one cell on channel 1 and the other on channels (e.g. one cell on channel 1 and the other on channel 6).channel 6).


Wireless AssociationWireless Association

• Key part of the 802.11 process is discovering a WLAN and Key part of the 802.11 process is discovering a WLAN and connecting to it.connecting to it.

• The primary components:The primary components:• Beacons:Beacons: Frames used by the WLAN network to Frames used by the WLAN network to

advertise its presence.advertise its presence.• Probes:Probes: Frames used by WLAN clients to find their Frames used by WLAN clients to find their

networks.networks.• Authentication:Authentication: Left over from the original 802.11 Left over from the original 802.11

standard, but still required.standard, but still required.• Association:Association: Establishing the data link between an Establishing the data link between an

access point and a WLAN client.access point and a WLAN client.



• Beacons:Beacons:• Frames used by the WLAN network to advertise its Frames used by the WLAN network to advertise its

presence.presence.

The only part of the process that The only part of the process that may be broadcast on a regular may be broadcast on a regular basis. basis. Not necessarily enabled.Not necessarily enabled.

The only part of the process that The only part of the process that may be broadcast on a regular may be broadcast on a regular basis. basis. Not necessarily enabled.Not necessarily enabled.



• Before an 802.11 client can send data over a WLAN network, Before an 802.11 client can send data over a WLAN network, it goes through the following it goes through the following three-stagethree-stage process: process:

• Step 1:Step 1: 802.11 Probing.802.11 Probing.• Step 2:Step 2: Authentication.Authentication.• Step 3:Step 3: Association.Association.



• Step 1:Step 1: 802.11 Probing802.11 Probing• Clients search for a Clients search for a specific specific network by:network by:

• Sending a Sending a probe request out on multiple channelsprobe request out on multiple channels..• Specifies the network name Specifies the network name (SSID)(SSID) and bit rates. and bit rates.• A typical WLAN client is configured with a desired A typical WLAN client is configured with a desired

SSID. SSID. • Client is simply trying to Client is simply trying to discoverdiscover available WLANs: available WLANs:

• Sends out a probe request with Sends out a probe request with no SSIDno SSID..• All access points that are All access points that are configured to respondconfigured to respond to this to this

type of query respond.type of query respond.• WLANs with the WLANs with the broadcast SSID feature disabledbroadcast SSID feature disabled do do

not respond.not respond.



• Step 2:Step 2: AuthenticationAuthentication• 802.11 was originally developed with two authentication 802.11 was originally developed with two authentication

mechanisms.mechanisms.• Open Authentication:Open Authentication:

• A NULL authenticationA NULL authentication• The client says "authenticate me“.The client says "authenticate me“.• The access point responds with "yes“.The access point responds with "yes“.• This is the mechanism used in almost all 802.11 This is the mechanism used in almost all 802.11

deployments.deployments.



• Step 2:Step 2: AuthenticationAuthentication• 802.11 was originally developed with two authentication 802.11 was originally developed with two authentication

mechanisms.mechanisms.• Shared Key Authentication:Shared Key Authentication:

• Based on a key that is shared between the client Based on a key that is shared between the client station and the access point called the Wired station and the access point called the Wired Equivalency Protection Equivalency Protection (WEP)(WEP) key. key.

• The idea of the shared WEP key is that it gives a The idea of the shared WEP key is that it gives a wireless link the equivalent privacy of a wired link, wireless link the equivalent privacy of a wired link, but the original implementation was flawed. but the original implementation was flawed.

• WEP needs to be included in client and access WEP needs to be included in client and access point implementations for standards compliance point implementations for standards compliance but it is but it is not used or recommendednot used or recommended..



• Step 3:Step 3: 802.11 Association802.11 Association• Finalizes the Finalizes the security and bit rate optionssecurity and bit rate options..• Establishes the data linkEstablishes the data link between the WLAN client and between the WLAN client and

the access point.the access point.• The client learns theThe client learns the BSSID (MAC Address) BSSID (MAC Address) of the access of the access

point.point.• Access point maps a logical port known as the Access point maps a logical port known as the

association identifier (AID) association identifier (AID) to the WLAN client.to the WLAN client.• AID is equivalent to a port on a switch.AID is equivalent to a port on a switch.• Association allows the infrastructure switch to keep Association allows the infrastructure switch to keep

track of frames destined for the WLAN client so that track of frames destined for the WLAN client so that they can be forwarded.they can be forwarded.




Planning the Wireless LANPlanning the Wireless LAN

• There needs to be a well-documented plan before a wireless There needs to be a well-documented plan before a wireless network can be implemented.network can be implemented.

• Number of Users:Number of Users:• Not a straightforward calculation. Not a straightforward calculation. • Depends on the geographical layout of your facility (how Depends on the geographical layout of your facility (how

many bodies and devices fit in a space), many bodies and devices fit in a space), • Data Rates:Data Rates:

• RF is a shared medium and the more users there are the RF is a shared medium and the more users there are the greater the contention for RF. greater the contention for RF.

• Use non-overlapping channels in an ESS.Use non-overlapping channels in an ESS.• You will have sufficient wireless support for your clients if you You will have sufficient wireless support for your clients if you

plan your network for proper RF coverage in an ESS.plan your network for proper RF coverage in an ESS.



• Location of Access Points:Location of Access Points:• You may not be able to simply draw coverage area You may not be able to simply draw coverage area

circles and drop them over a plan.circles and drop them over a plan.• Do access points use existing wiring?Do access points use existing wiring?• Position access points:Position access points:

• Above obstructions.Above obstructions.• Vertically near the ceiling in the center of each Vertically near the ceiling in the center of each

coverage area, if possible.coverage area, if possible.• In locations where users are expected to work. For In locations where users are expected to work. For

example, conference rooms are typically a better example, conference rooms are typically a better location for access points than a hallway.location for access points than a hallway.



• Coverage Area of Access Points:Coverage Area of Access Points:• Estimate the expected coverage area of an access point.Estimate the expected coverage area of an access point.• This value varies depending on: This value varies depending on:

• The WLAN standard or mix of standards that you are The WLAN standard or mix of standards that you are deploying. deploying.

• The nature of the facility. The nature of the facility. • The transmit power that the access point. The transmit power that the access point.

• Based on your plan, place access points on the floor plan so Based on your plan, place access points on the floor plan so that coverage circles are overlapping.that coverage circles are overlapping.


Number of Access PointsNumber of Access PointsNumber of Access PointsNumber of Access Points


20,000 Sq. Ft.20,000 Sq. Ft.(1860 Sq. Meters)(1860 Sq. Meters)

20,000 Sq. Ft.20,000 Sq. Ft.(1860 Sq. Meters)(1860 Sq. Meters)

Minimum of Minimum of 6 Mbps 6 Mbps 802.11b throughput802.11b throughput for for

each Basic Service each Basic Service Area (BSA)Area (BSA)

Minimum of Minimum of 6 Mbps 6 Mbps 802.11b throughput802.11b throughput for for

each Basic Service each Basic Service Area (BSA)Area (BSA)

Can be achieved with a Can be achieved with a coverage area of coverage area of 5,000 Sq. Ft. 5,000 Sq. Ft.

(465 Sq. Meters)(465 Sq. Meters)

Can be achieved with a Can be achieved with a coverage area of coverage area of 5,000 Sq. Ft. 5,000 Sq. Ft.

(465 Sq. Meters)(465 Sq. Meters)

20,000 Sq. Ft. with a 20,000 Sq. Ft. with a coverage of 5,000 Sq. Ft. coverage of 5,000 Sq. Ft.

results in results in 4 Access 4 Access PointsPoints. .

20,000 Sq. Ft. with a 20,000 Sq. Ft. with a coverage of 5,000 Sq. Ft. coverage of 5,000 Sq. Ft.

results in results in 4 Access 4 Access PointsPoints. .



50 foot (15 Meter) Radius50 foot (15 Meter) Radius50 foot (15 Meter) Radius50 foot (15 Meter) Radius

71 foot (22 Meter) Square71 foot (22 Meter) Square71 foot (22 Meter) Square71 foot (22 Meter) Square

Dimension of Coverage AreaDimension of Coverage AreaDimension of Coverage AreaDimension of Coverage Area



Location of Access PointsLocation of Access PointsLocation of Access PointsLocation of Access Points



Wireless LAN SecurityWireless LAN Security

War DriversWar DriversWar DriversWar Drivers

Hackers/CrackersHackers/CrackersHackers/CrackersHackers/Crackers

EmployeesEmployeesEmployeesEmployees

Consumer DevicesConsumer DevicesConsumer DevicesConsumer Devices


Wireless LAN SecurityWireless LAN Security

• Three Three Major Categories of Security Threats:Major Categories of Security Threats:• War Drivers:War Drivers:

• War driving means driving around a neighborhood War driving means driving around a neighborhood with a wireless laptop and looking for an unsecured with a wireless laptop and looking for an unsecured 802.11b/g system.802.11b/g system.

• Hackers/Crackers:Hackers/Crackers:• Malicious intruders who enter systems as criminals Malicious intruders who enter systems as criminals

and steal data or deliberately harm systems.and steal data or deliberately harm systems.• Employees:Employees:

• Set up and use Set up and use Rogue Access PointsRogue Access Points without without authorization. Either interfere with or compromise authorization. Either interfere with or compromise servers and files.servers and files.


Threats to Wireless SecurityThreats to Wireless Security

• War Drivers:War Drivers:• "War driving" originally referred to using a scanning "War driving" originally referred to using a scanning

device to find cellular phone numbers to exploit.device to find cellular phone numbers to exploit.• War driving now also means driving around a War driving now also means driving around a

neighborhood with a laptop and an 802.11b/g client neighborhood with a laptop and an 802.11b/g client card looking for an unsecured 802.11b/g system to card looking for an unsecured 802.11b/g system to exploit.exploit.

• Software is readily available.Software is readily available.Totally and completely ILLEGAL!!!!!!!!Totally and completely ILLEGAL!!!!!!!!Totally and completely ILLEGAL!!!!!!!!Totally and completely ILLEGAL!!!!!!!!



• Man-in-the-Middle Attacks:Man-in-the-Middle Attacks:• Attackers select a host as a target and position Attackers select a host as a target and position

themselves logically between the target and the router of themselves logically between the target and the router of the target. the target.

• In a wired LANIn a wired LAN, the attacker needs to be able to , the attacker needs to be able to physically access the LAN to insert a device logically into physically access the LAN to insert a device logically into the topology. the topology.

• With a WLAN, the radio waves emitted by access points With a WLAN, the radio waves emitted by access points can provide the connection.can provide the connection.

• Because access points act like Ethernet hubs, each NIC Because access points act like Ethernet hubs, each NIC in a BSS hears all the traffic. in a BSS hears all the traffic.

• Attackers can modify the NIC of their laptop with special Attackers can modify the NIC of their laptop with special software so that it accepts all traffic. software so that it accepts all traffic.

In effect, the NIC has In effect, the NIC has been modified to act as been modified to act as

an Access Point.an Access Point.

In effect, the NIC has In effect, the NIC has been modified to act as been modified to act as

an Access Point.an Access Point.



• Denial of Service (DoS):Denial of Service (DoS):• 802.11b/g WLANs802.11b/g WLANs

use the unlicenseduse the unlicensed2.4 GHz band.2.4 GHz band.

• This is the same bandThis is the same bandused by most babyused by most babymonitors, cordlessmonitors, cordlessphones, andphones, andmicrowave ovens.microwave ovens.

• With these devicesWith these devicescrowding the RF band,crowding the RF band,attackers can create noise on all the channels in the band attackers can create noise on all the channels in the band with commonly available devices. with commonly available devices.



• Denial of Service (DoS):Denial of Service (DoS):• An attacker can turn a NIC into an access point.An attacker can turn a NIC into an access point.• The attacker, using a PC as an AP, can The attacker, using a PC as an AP, can floodflood the BSS the BSS

with with clear-to-send (CTS)clear-to-send (CTS) messages, which messages, which defeat the defeat the CSMA/CACSMA/CA function used by the stations. function used by the stations.

• The actualThe actualAP, floods theAP, floods theBSS withBSS withsimultaneoussimultaneoustraffic, causingtraffic, causinga constanta constantstream ofstream ofcollisions.collisions.



• Denial of Service (DoS):Denial of Service (DoS):

• Another DoS attack that can be launched in a BSS is when Another DoS attack that can be launched in a BSS is when an attacker sends a an attacker sends a series of disassociate commandsseries of disassociate commands that that cause all stations to disconnect. cause all stations to disconnect.

• When the stations are disconnected, they immediately try When the stations are disconnected, they immediately try to reassociate,to reassociate,which createswhich createsa burst ofa burst oftraffic. traffic.

• The attackerThe attackersends anothersends anotherdisassociatedisassociateand the cycleand the cyclerepeats itself.repeats itself.


Wireless Security ProtocolsWireless Security Protocols


Authenticating to the Wireless LANAuthenticating to the Wireless LAN

• In an open network, such as a home network, association In an open network, such as a home network, association may be all that is required to grant a client access to devices may be all that is required to grant a client access to devices and services on the WLAN.and services on the WLAN.


Authenticating to the Wireless LANAuthenticating to the Wireless LAN

• In networks that have stricter security requirements, an In networks that have stricter security requirements, an additional authentication or login is required to grant clients additional authentication or login is required to grant clients such access.such access.

• This login process is managed by the Extensible This login process is managed by the Extensible Authentication Protocol Authentication Protocol (EAP)(EAP). .

A central repository of User IDs A central repository of User IDs and Passwords. Used by all and Passwords. Used by all

network login processes.network login processes.

A central repository of User IDs A central repository of User IDs and Passwords. Used by all and Passwords. Used by all

network login processes.network login processes.


Wireless EncryptionWireless Encryption

• Two Encryption Mechanisms:Two Encryption Mechanisms:

• TKIP is the encryption method certified as Wi-Fi Protected TKIP is the encryption method certified as Wi-Fi Protected Access Access (WPA)(WPA). .

• Provides support for legacy WLAN equipment by Provides support for legacy WLAN equipment by addressing the original flaws associated with the 802.11 addressing the original flaws associated with the 802.11 WEP encryption method. WEP encryption method.

• Encrypts the Layer 2 payload.Encrypts the Layer 2 payload.• Message integrity check Message integrity check (MIC)(MIC) in the encrypted packet in the encrypted packet

that helps ensure against a message tampering.that helps ensure against a message tampering.



• Two Encryption Mechanisms:Two Encryption Mechanisms:

• The The AES AES encryption ofencryption of WPA2 WPA2 is the preferred method. is the preferred method.• WLAN encryption standards used in IEEE 802.11i.WLAN encryption standards used in IEEE 802.11i.• Same functionsSame functions as TKIP. as TKIP.• Uses Uses additional data from the MAC headeradditional data from the MAC header that allows that allows

destination hosts to recognize if the non-encrypted bits destination hosts to recognize if the non-encrypted bits have been tampered with. have been tampered with.

• Also adds a Also adds a sequence numbersequence number to the encrypted data to the encrypted data header. header.



• When you configure Linksys access points or wireless When you configure Linksys access points or wireless routers you routers you may not see WPA or WPA2may not see WPA or WPA2..

• Instead you may see references to something calledInstead you may see references to something calledpre-shared key (PSK)pre-shared key (PSK)..

• Types of PSKs:Types of PSKs:• PSK or PSK2 with TKIP is the same as WPA.PSK or PSK2 with TKIP is the same as WPA.• PSK or PSK2 with AES is the same as WPA2.PSK or PSK2 with AES is the same as WPA2.• PSK2, without an encryption method specified, is the PSK2, without an encryption method specified, is the

same as WPA2.same as WPA2.


Controlling Access to the Wireless LANControlling Access to the Wireless LAN

• When controlling access, the concept of When controlling access, the concept of depthdepth means having means having multiple solutions available.multiple solutions available.

• Three step approach:Three step approach:• SSID cloaking:SSID cloaking:

• Disable SSID broadcasts from access points.Disable SSID broadcasts from access points.• MAC address filtering:MAC address filtering:

• Tables are Tables are manually constructed on the access manually constructed on the access pointpoint to allow or disallow clients based on their to allow or disallow clients based on their physical hardware address.physical hardware address.

• WLAN Security:WLAN Security:• Implement WPA or WPA2. Implement WPA or WPA2.



SSID CloakingSSID CloakingSSID CloakingSSID Cloaking



• An additional consideration is to configure An additional consideration is to configure access pointsaccess points that that are are near outside wallsnear outside walls of buildings to transmit on a of buildings to transmit on a lower lower power settingpower setting than other access points closer to the middle of than other access points closer to the middle of the building.the building.

• This is to merely This is to merely reduce the RF signaturereduce the RF signature on the on the outsideoutside of of the building.the building.

• Anyone running an application such as Netstumbler, Anyone running an application such as Netstumbler, Wireshark, or even Windows XP can map WLANs.Wireshark, or even Windows XP can map WLANs.



Configuring Wireless LAN AccessConfiguring Wireless LAN Access


Configuring the Wireless Access PointConfiguring the Wireless Access Point

• In this topic, you will learn:In this topic, you will learn: • How to configure a wireless access point. How to configure a wireless access point.

• How to How to set the SSIDset the SSID..• How to How to enable securityenable security..• How to How to configure the channelconfigure the channel..• How to How to adjust the power settingsadjust the power settings. . • How to How to back up and restore the configurationback up and restore the configuration..


Configuring the Wireless Access PointConfiguring the Wireless Access Point

• The basic approach to wireless implementation, as with any The basic approach to wireless implementation, as with any basic networking, is to basic networking, is to configure and test incrementallyconfigure and test incrementally. .

• Verify the existing networkVerify the existing network and Internet access for the and Internet access for the wired hosts. wired hosts.

• Start the WLAN implementation process with a Start the WLAN implementation process with a single single access point and a single clientaccess point and a single client, without enabling wireless , without enabling wireless security. security.

• Verify that the wireless Verify that the wireless client has received a DHCP IP client has received a DHCP IP address address and can ping the local wired default router and and can ping the local wired default router and then browse to the external Internet. then browse to the external Internet.

• Finally, Finally, configure wireless security with WPA2configure wireless security with WPA2..• Use WEP only if the hardware does not support WPA.Use WEP only if the hardware does not support WPA.



Troubleshooting SimpleTroubleshooting SimpleWLAN ProblemsWLAN Problems


A Systematic ApproachA Systematic Approach

Eliminate the User’s PC as Eliminate the User’s PC as the source of the problem.the source of the problem.Eliminate the User’s PC as Eliminate the User’s PC as the source of the problem.the source of the problem.

Network configuration.Network configuration.Can it connect to a wired network?Can it connect to a wired network?Is the NIC O.K?Is the NIC O.K?Are the proper drivers loaded?Are the proper drivers loaded?Do the security settings match?Do the security settings match?

Network configuration.Network configuration.Can it connect to a wired network?Can it connect to a wired network?Is the NIC O.K?Is the NIC O.K?Are the proper drivers loaded?Are the proper drivers loaded?Do the security settings match?Do the security settings match?

How far is the PC from the Access Point?How far is the PC from the Access Point?Check the channel settings.Check the channel settings.Any interference from other devices?Any interference from other devices?

How far is the PC from the Access Point?How far is the PC from the Access Point?Check the channel settings.Check the channel settings.Any interference from other devices?Any interference from other devices?




Confirm the physical Confirm the physical status of the devices.status of the devices.Confirm the physical Confirm the physical status of the devices.status of the devices.

Are all devices actually in place?Are all devices actually in place?Is there power to all the devices?Is there power to all the devices?Are all devices actually in place?Are all devices actually in place?Is there power to all the devices?Is there power to all the devices?




Confirm the physical Confirm the physical status of the devices.status of the devices.Confirm the physical Confirm the physical status of the devices.status of the devices.

Inspect the wired links.Inspect the wired links.Inspect the wired links.Inspect the wired links.

Cables damaged or missing?Cables damaged or missing?Can you ping the AP from a cabled device?Can you ping the AP from a cabled device?Cables damaged or missing?Cables damaged or missing?Can you ping the AP from a cabled device?Can you ping the AP from a cabled device?

If all of this fails, perhaps the AP is faulty or the If all of this fails, perhaps the AP is faulty or the configuration is in error. The AP may also configuration is in error. The AP may also

require a firmware upgrade.require a firmware upgrade.

If all of this fails, perhaps the AP is faulty or the If all of this fails, perhaps the AP is faulty or the configuration is in error. The AP may also configuration is in error. The AP may also

require a firmware upgrade.require a firmware upgrade.



Updating the Access PointUpdating the Access PointUpdating the Access PointUpdating the Access Point

DownloadDownloadSelect the FirmwareSelect the FirmwareRun the UpgradeRun the Upgrade

DownloadDownloadSelect the FirmwareSelect the FirmwareRun the UpgradeRun the Upgrade

DO NOT DO NOT upgrade the firmware unless you are upgrade the firmware unless you are experiencing problems with the access point or experiencing problems with the access point or the new firmware has a feature you want to use.the new firmware has a feature you want to use.

DO NOT DO NOT upgrade the firmware unless you are upgrade the firmware unless you are experiencing problems with the access point or experiencing problems with the access point or the new firmware has a feature you want to use.the new firmware has a feature you want to use.



Incorrect Channel SettingsIncorrect Channel SettingsIncorrect Channel SettingsIncorrect Channel Settings


RF Interference IssuesRF Interference Issues

Many other devices Many other devices operate on Channel 6.operate on Channel 6.

Many other devices Many other devices operate on Channel 6.operate on Channel 6.


RF Interference IssuesRF Interference Issues

• Site Survey:Site Survey:• ““How to” How to” not addressed in this course.not addressed in this course.• The The first thingfirst thing that should be done in the planning stage. that should be done in the planning stage.

• RF interference.RF interference.• Physical Interference (cabinets, walls with metal Physical Interference (cabinets, walls with metal

girders).girders).• Multiple WLANs.Multiple WLANs.• Variances in usage (day/night shifts).Variances in usage (day/night shifts).• Two Types:Two Types:

• Manual.Manual.• Utility Assisted.Utility Assisted.

With a utility assisted site Survey, you can obtain With a utility assisted site Survey, you can obtain RF band usage and make provisions for it.RF band usage and make provisions for it.

With a utility assisted site Survey, you can obtain With a utility assisted site Survey, you can obtain RF band usage and make provisions for it.RF band usage and make provisions for it.


Access Point PlacementAccess Point Placement

• A WLAN that just did not seem to perform like it should.A WLAN that just did not seem to perform like it should.• You keep losing association with an access pointYou keep losing association with an access point• Your data rates are much slower than they should be.Your data rates are much slower than they should be.


Access Point PlacementAccess Point Placement

• Some additional specific details:Some additional specific details:• Not mounted closer than 7.9 inches (20 cm) from the Not mounted closer than 7.9 inches (20 cm) from the

body of all persons.body of all persons.• Do not mount the access point within 3 feet (91.4 cm) of Do not mount the access point within 3 feet (91.4 cm) of

metal obstructions.metal obstructions.• Install the access point away from microwave ovens. Install the access point away from microwave ovens. • Always mount the access point vertically..Always mount the access point vertically..• Do not mount the access point outside of buildings.Do not mount the access point outside of buildings.• Do not mount the access point on building perimeter Do not mount the access point on building perimeter

walls, unless outside coverage is desired.walls, unless outside coverage is desired.• When mounting an access point in the corner of a right-When mounting an access point in the corner of a right-

angle hallway intersection, mount it at a 45-degree angle.angle hallway intersection, mount it at a 45-degree angle.


Authentication and EncryptionAuthentication and Encryption

• The WLAN authentication and encryption problems you are The WLAN authentication and encryption problems you are most likely to encounter, and that you will be able to solve, most likely to encounter, and that you will be able to solve, are caused by incorrect client settings. are caused by incorrect client settings.

Remember, Remember, all devices connecting to an all devices connecting to an access pointaccess point must use the same security type must use the same security type

as the one configured on the access point. as the one configured on the access point.

Remember, Remember, all devices connecting to an all devices connecting to an access pointaccess point must use the same security type must use the same security type

as the one configured on the access point. as the one configured on the access point.

Documents

CCNA3-1 Chapter 7-1 Make up Class Tugas hari ini (30 Mei 2012): Baca Chapter 7 CNAP Wireless LAN Baca Chapter 7 CNAP Wireless LAN