CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
CCNA Exp3 - Chapter07 - Basic Wireless Concepts and Configuration
Objectives
Describe the components and operations of basic wireless LAN topologies. Describe the components and operations of basic wireless LAN security. Configure and verify basic wireless LAN access. Configure and troubleshoot wireless client access.
Benefits of WLANs
Wireless Technologies
Wireless LAN
Wireless standards
Wi-Fi Certification
10
11
12
13
Access points oversee a distributed coordination function (DCF) called Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). This simply means that devices on a WLAN must sense the medium for energy (RF stimulation above a certain threshold) and wait until the medium is free before sending.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 14
RTS/CTS
feature called request to send/clear to send (RTS/CTS). RTS/CTS was developed to allow a negotiation between a client and an access point.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 15
Extra: RTS/CTS
The optional request-to-send and clear-to-send (RTS/CTS) function
allows the access point to control use of the medium for stations activating RTS/CTS. With most radio NICs, users can set a maximum frame-length threshold for when the radio NIC activates RTS/CTS. For example, a frame length of 1,000 bytes triggers RTS/CTS for all frames larger than 1,000 bytes. If the radio NIC activates RTS/CTS, it first sends an RTS frame to an access point before sending a data frame. The access point then responds with a CTS frame, indicating that the radio NIC can send the data frame. With the CTS frame, the access point provides a value in the duration field of the frame header that holds off other stations from transmitting until after the radio NIC initiating the RTS can send its data frame. This avoids collisions between hidden nodes. The RTS/CTS handshake continues for each frame, as long as the frame size exceeds the threshold set in the corresponding radio NIC.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 16
Extra: RTS/CTS
17
18
19
20
21
22
Extra: Roaming
23
Extra: Roaming
24
Extra: Scanning
The 802.11 standard defines both passive and active scanning,
whereby a radio NIC searches for access points. Passive scanning is mandatory where each NIC scans individual channels to find the best access-point signal. Periodically, access points broadcast a beacon, and the radio NIC receives these beacons while scanning and takes note of the corresponding signal strengths. The beacons contain information about the access point, including SSID and supported data rates. The radio NIC can use this information along with the signal strength to compare access points and decide on which one to use. Active scanning is similar, except the radio NIC initiates the process by broadcasting a probe frame, and all access points within range respond with a probe response. Active scanning enables a radio NIC to receive immediate response from access points, without waiting for a beacon transmission. The issue, however, is that active scanning imposes additional overhead on the network because of the transmission of probe and corresponding response frames.
25
Beacon
26
27
28
Open Authentication and Shared Key Authentication are the two methods that the 802.11 standard defines for clients to connect to an access point. The association process can be broken down into three elements: 1. Probe 2. Authentication 3. Association.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 29
process in clear text. Open Authentication is basically a null authentication, which means there is no verification of the user or machine. Open Authentication is usually tied to a WEP key. A client can associate to the access point with an incorrect WEP key or even no WEP key. A client with the wrong WEP key will be unable to send or receive data, since the packet payload will be encrypted. Keep in mind that the header is not encrypted by WEP. Only the payload or data is encrypted.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 30
except that it uses WEP encryption for one step. Shared key requires the client and the access point to have the same WEP key. An access point using Shared Key Authentication sends a challenge text packet to the client. If the client has the wrong key or no key, it will fail this portion of the authentication process. The client will not be allowed to associate to the AP. Shared key is vulnerable to a man-in-the-middle attack, so it is not recommended.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 31
Extra: ARS
positive acknowledgment (ACK). This can cause consumption of 50% of the available bandwidth. This overhead when combined with the collision avoidance protocol overhead reduces the actual data throughput to a maximum of 5.0 to 5.5 Mbps on an 802.11b wireless LAN rated at 11 Mbps. Performance of the network will also be affected by signal strength and degradation in signal quality due to distance or interference. As the signal becomes weaker, Adaptive Rate Selection (ARS) may be invoked and the transmitting unit will drop the data rate from 11 Mbps to 5.5 Mbps, from 5.5 Mbps to 2 Mbps or 2 Mbps to 1 Mbps.
32
33
34
35
36
Activity 7.1.5.2
37
Activity 7.1.5.2
38
39
40
41
Denial of Service
42
43
Extra: SSID
Most access points have options like SSID broadcast and allow any
SSID. These features are usually enabled by default and make it easy to set up a wireless network. Using the allow any SSID option lets the access point allow access to a client with a blank SSID. The SSID broadcast sends beacon packets, which advertise the SSID. Disabling these two options do not secure the network, since a wireless sniffer can easily capture a valid SSID from normal WLAN traffic. SSIDs should not be considered a security feature.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 44
45
46
Many encryption methods, such as the 802.11 Wired Equivalent Privacy (WEP), are symmetricthat is, the same key that does the encryption is also the one that performs the decryption. If a user activates WEP, the NIC encrypts the payload (frame body and cyclic redundancy check [CRC]) of each 802.11 frame before transmission using an RC4 stream cipher provided by RSA security. The receiving station, such as an access point or another radio NIC, performs decryption upon arrival of the frame. As a result, 802.11 WEP only encrypts data between 802.11 stations. Once the frame enters the wired side of the network, such as between access points, WEP no longer applies.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 47
48
49
50
Encryption
51
52
53
54
55
Administration: Management
56
57
Security Mode
Select the mode you want to use: PSK-Personal, PSK2Personal, PSK-Enterprise, PSK2-Enterprise, RADIUS, or WEP.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 58
Mode Parameters
60
61
62
Practice: 7.3.2.4
H c vi n m ng Bach Khoa - Website: www.bkacad.com 63
64
Step 1 - Eliminate the client device as the source of the problem. Step 2 - Confirm the physical status of WLAN devices. Step 3 - Inspect wired links.
H c vi n m ng Bach Khoa - Website: www.bkacad.com 65
66
67
68
Solving RF Interference
69
Solving RF Interference
Site Surveys
70
Site Survey
Two categories: Manual and utility assisted. Manual site surveys can include a site evaluation to be followed by a more thorough utility-assisted site survey. A site evaluation involves inspecting the area with the goal of identifying potential issues that could impact the network. Specifically, look for the presence of multiple WLANs, unique building structures, such as open floors and atriums, and high client usage variances, such as those caused by differences in day or night shift staffing levels. Note: you do not conduct site surveys as part of this course
H c vi n m ng Bach Khoa - Website: www.bkacad.com 71
72
73
75
76
77
Summary
78
79