Upload
laureen-hubbard
View
217
Download
1
Embed Size (px)
Citation preview
Wireless Network Design Principles
Mobility
Addressing
Capacity
Security
Site Survey
Floor plans are a useful aid to surveying a new site
Help with the determination of coverage needs – this will show where communications is needed and therefore where APs will be installed
Site Survey
Walk-through permits visual confirmation of the actual site (desks, office location, etc)
Check for building construction
- wall construction (concrete & steel vs partition walls)
- hallways, open areas etc
Site Survey
Optimum location of APs
Coverage of APs once installed
Actual bit and error rates in selected locations
Number of APs
Site Survey
Measurements may consist of
frame error rates
interfering signal strengths (noise)
received signal strength
multipath signal interference
Site Survey
Antenna choices for coverage, diversity
Signal amplifiers (if necessary – remember increasing signal
power may cause interference to others and may increase the potential number of clients using the access point)
Site Survey
Channel Layout
APs will often overlap in coverage
Selection of non-overlapping channels (1 6 11)
Coverage must be in 3 dimensions if inside a building
Mobility
DHCP
Addressing - private addresses
- NAT
Mobile-IP
IP Addressing
Many security plans require the use of private addresses
- class A 10.x.x.x
- class B 172.16.x.x – 172.31.x.x
- class C 192.168.x.x
IP Addressing
Once a private address has been assigned, the network cannot access the external Internet
To permit connection to outside world, Network Address Translation is necessary
DHCP (Dynamic Host Configuration Protocol)
IP addresses offered by a server to hosts
Static – MAC addresses in a table are mapped to a fixed IP address
Dynamic – IP addresses are allocated from a pool (range of addresses)
DHCP
Permits central point of control for management of IP addresses
Allows efficient allocation of IP addresses
DHCP
MAC addresses may be checked against a list of “approved” clients
DHCP server may be local to client or may be centralised
Mobility
Even with DHCP, addresses will tend to be static
Since wireless devices can move about, fixed addresses may be unsuitable
Even in a small network, use of subnet addressing will not suit static addressing
Mobility
Mobile IP offers a more dynamic way of implementing an IP solution that can be used with wireless networks
Mobile stations are allocated to a home network and have a static address in that network
When the station operates in another foreign network it must use an address from that network
Mobility
The mobile station registers with a foreign agent (commonly a router)
Communications from and for the mobile station are carried between the foreign agent and a home agent using a care-of address given from the foreign network
Mobility
Mobile IP is implemented using three basic functions:
Discovery
Router advertisement (ICMP) messages contain extensions that support their identification as a mobile agent
Mobility Registration
A UDP-based registration process permits the mobile node to register with an available foreign agent (if none available, then a mobile node may become its “own” foreign agent)
The process usually requires authentication
Mobility Tunneling
Agents must carry the mobile node’s IP packets between the home and foreign networks
The traffic between networks must be carried over the global Internet and so must be encapsulated
This traffic should be secured by authentication and encryption
Mobility Tunneling
Encapsulation can be:
IP-within-IP encapsulation
Minimal Encapsulation (specifically identified IP packets)
GRE (Generic Router Encapsulation)
Capacity
No. of clients depends upon the amount of traffic that users generate
The capacity of an Access Point operating at 11 Mbps will be shared at around 6 Mbps
Contemporary users using web, email, file accesses will generate around 100-300 kbps each
Connection Rate Number of Clients @ 6Mbps
100 kbps 60
200 kbps 30
300 kbps 20
Sustained Throughput Compared with Number of Clients
Security
WEP -> WPA -> 11i
SSL
VPN