CISCO CCNA BOOTCAMP

Wireless LAN
 Why have Wireless LANs Become so Popular?

• In 2005, more Wi-Fi-enabled mobile laptops were purchased than fixed-

location desktops.
• Business networks today are evolving to support people who are on the
move.
–Productivity is no longer restricted to a fixed work location or a defined time
period.
–People now expect to be connected at any time and place, from the office to the
airport or even the home.
–Now employees can check e-mail, voice mail, and the status of products on
personal digital assistants (PDAs) while at many temporary locations.
–At home, the method of accessing the Internet has quickly moved from
temporary modem dialup service to dedicated DSL or cable service.
• In addition to the flexibility that WLANs offer, another important benefit is
reduced costs.
–For example, with a wireless infrastructure already in place, savings are realized
when moving a person within a building, reorganizing a lab, or moving to
temporary locations or project sites.
–Another example is when a company moves into a new building that does not
have any wired infrastructure. In this case, the savings resulting from using
WLANs can be even more noticeable, because the cost of running cables through
walls, ceilings, and floors is largely avoided.
Internetworking 2
 Wireless LANs
• Most current business networks rely on switch-
based LANs for day-to-day operation inside the
office.
• However, workers are becoming more mobile
and want to maintain access to their business
LAN resources from locations other than their
desks.
–Workers in the office want to take their
laptops to meetings or to a co-worker's office.
–You can see portability and mobility in
everything from cordless keyboards and
headsets, to satellite phones and global
positioning systems (GPS).
• You can see that the WLAN is an extension of
the Ethernet LAN.

Internetworking 3
 Comparing a WLAN to a LAN
• WLANs use radio frequencies (RF) instead of cables at the
physical layer and MAC sub-layer of the data link layer.
–RF does not have boundaries, such as the limits of a wire.
–RF is unprotected from outside signals.
–RF transmission is subject to the same challenges inherent in
any wave-based technology. For example, as you get further away
from the source, eventually you may lose the signal all together.
–RF bands are regulated differently in various countries.
• WLANs connect clients to the network through a wireless
access point (AP) instead of an Ethernet switch.
• WLANs connect mobile devices that are often battery
powered.
–Wireless NICs tend to reduce the battery life of a mobile device.
• WLANs support hosts that contend for access on the RF
media (frequency bands).
–802.11 prescribes collision-avoidance instead of collision-
detection for media access to proactively avoid collisions within
the media.
• WLANs use a different frame format than wired Ethernet
LANs.
–WLANs require additional information in the Layer 2 header.
• WLANs raise more privacy issues
–because radio frequencies can reach outside the facility.
Internetworking 4
 Introducing Wireless LANs

• 802.11 wireless LANs extend the 802.3 Ethernet

LAN infrastructures to provide additional
connectivity options.
–In an 802.3 Ethernet LAN, each client has a cable
that connects the client NIC to a switch.
• The switch is the point where the client gains access
to the network.
–In a wireless LAN, each client uses a wireless
adapter to gain access to the network through a
wireless device such as a wireless router or
access point.
• The wireless adapter in the client communicates with
the wireless router or access point using RF signals.
• Once connected to the network, wireless clients can
access network resources just as if they were wired
to the network.

Internetworking 5
 Wi-Fi Certification

• The 3 key organizations influencing WLAN standards are:

–ITU-R
• ITU-R regulates allocation of RF bands.
• The ITU-R regulates the allocation of the RF spectrum.
–IEEE
• IEEE specifies how RF is modulated to carry information.
• The IEEE developed and maintains the standards for local
and metropolitan area networks. The dominant standards
in the IEEE 802 are 802.3 Ethernet, and 802.11 Wireless
LAN.
–Wi-Fi Alliance (www.wi-fi.org)
• Wi-Fi ensures that vendors make devices that are
interoperable.
• The Wi-Fi Alliance is to improve the interoperability of
products by certifying vendors for conformance to
industry norms and adherence to standards.

Internetworking 6
 Wireless NICs
• The device that makes a client station capable of
sending and receiving RF signals is the wireless NIC.
–Like an Ethernet NIC, the wireless NIC, using the
modulation technique it is configured to use,
encodes a data stream onto an RF signal.
–Wireless NICs are most often associated with
mobile devices, such as laptop computers.
–In the 1990s , wireless NICs for laptops were
cards that slipped into the PCMCIA slot.
• PCMCIA wireless NICs are still common, but
many manufacturers have begun building the
wireless NIC right into the laptop.
• Unlike 802.3 Ethernet interfaces built into PCs,
the wireless NIC is not visible, because there is
no requirement to connect a cable to it.

Internetworking 7
 Wireless Access Points

• An access point connects wireless clients (or

stations) to the wired LAN.
–An access point is a Layer 2 device that
functions like an 802.3 Ethernet hub.
–Client devices do not typically communicate
directly with each other; they communicate
with the AP.
–In essence, an access point converts the
TCP/IP data packets from their 802.11 frame
encapsulation format in the air to the 802.3
Ethernet frame format on the wired Ethernet
network.

Internetworking 8
 CSMA/CA
• Access points oversee a distributed coordination
function (DCF) called Carrier Sense Multiple Access
with Collision Avoidance (CSMA/CA).
• This simply means that devices on a WLAN must
sense the medium for energy (RF stimulation above a
certain threshold) and wait until the medium is free
before sending.
–If an access point receives data from a client station, it
sends an acknowledgement to the client that the data has
been received.
–This acknowledgement keeps the client from assuming
that a collision occurred and prevents a data
retransmission by the client.
–Imagine two client stations that both connect to the
access point, but are at opposite sides of its reach. If they
are at the maximum range to reach the access point, they
will not be able to reach each other. So neither of those
stations sense the other on the medium, and they may
end up transmitting simultaneously. This is known as the
hidden node (or station) problem.
Internetworking 9
 Wireless Routers

• Wireless routers perform the role of access

point, Ethernet switch, and router.
–For example, the Linksys WRT300N used is
really three devices in one box.
• First, there is the wireless access point, which
performs the typical functions of an access point.
• A built-in four-port, full-duplex, 10/100 switch
provides connectivity to wired devices.
• Finally, the router function provides a gateway for
connecting to other network infrastructures.
• The WRT300N is most commonly used as a
small business or residential wireless access
device.
–The expected load on the device is low
enough that it should be able to manage the
provision of WLAN, 802.3 Ethernet, and
connect to an ISP.
Internetworking 10
 Configurable Parameters for Wireless Endpoints

• The figure shows the initial screen for

wireless configuration on a Linksys
wireless router.
• wireless network mode: The wireless
network mode refers to the WLAN
protocols: 802.11a, b, g, or n.
–Because 802.11g is backward
compatible with 802.11b, access points
support both standards.
–Remember that if all the clients connect
to an access point with 802.11g, they all
enjoy the better data rates provided.
When 802.11b clients associate with the
access point all the faster clients
contending for the channel have to wait
on 802.11b clients to clear the channel
before transmitting.
–When a Linksys access point is
configured to allow both 802.11b and
802.11g clients, it is operating in mixed
mode.
–For an access point to support 802.11a
as well as 802.11b and g, it must have a
second radio to operate in the different
RF band. Internetworking 11
 Configurable Parameters for Wireless Endpoints

• service set identifier (SSID): SSID is a unique identifier

that client devices use to distinguish between wireless
networks.
–Several access points on a network can share an
SSID.
–SSID can be any alphanumeric, case-sensitive entry
from 2 to 32 characters long.
–all Linksys AP's are set to the network name of
'linksys', Cisco AP's are initially set to 'tsunami'.
• wireless channel: The 2.4 GHz band is broken down into
11 channels for North America and 13 channels for
Europe.
–These channels have a center frequency separation
of only 5 MHz and an overall channel bandwidth (or
frequency occupation) of 22 MHz.
–The 22 MHz channel bandwidth combined with the 5
MHz separation between center frequencies means
there is an overlap between successive channels.
–Best practices for WLANs that require multiple
access points are set to use non-overlapping
channels.
• If there are three adjacent access points, use
channels 1, 6, and 11.
• If there are just two, select any two that are five
channels apart, such as channels 5 and 10.
Internetworking 12
 802.11 Topologies

• Wireless LANs can accommodate various

network topologies.
• Ad hoc Networks
–Wireless networks can operate without
access points; this is called an ad hoc
topology.
–Client stations which are configured to
operate in ad hoc mode configure the
wireless parameters between themselves.
–The IEEE 802.11 standard refers to an ad
hoc network as an independent BSS (IBSS).
• Basic Service Sets
–Access points provide an infrastructure that
adds services and improves the range for
clients.
–A single access point in infrastructure mode
manages the wireless parameters and the
topology is simply a BSS.

Internetworking 13
 Client and Access Point
Association
• A key part of the 802.11 process is discovering a
WLAN and subsequently connecting to it.
• The primary components of this process are as
follows:
–Beacons - Frames used by the WLAN
network to advertise its presence.
• The primary purpose of the beacon is to
allow WLAN clients to learn which
networks and access points are available
in a given area, thereby allowing them to
choose which network and access point
to use. Access points may broadcast
beacons periodically.
–Probes - Frames used by WLAN clients to
find their networks.
–Authentication - A process which is an
artifact from the original 802.11 standard, but
still required by the standard.
–Association - The process for establishing
the data link between an access point and a
WLAN client.
Internetworking 14
 Threats to Wireless Security: Unauthorized Access
• A WLAN is open to anyone within range of an access point and the
appropriate credentials to associate to it.
• 3 major threat that lead to unauthorized access:
1. War drivers
• War driving means driving around a neighborhood with a wireless
laptop and looking for an unsecured 802.11b/g system.
2. Hackers (Crackers)
• Today, the terms hacker and cracker have come to mean malicious
intruders who enter systems as criminals and steal data or
deliberately harm systems.
• Tools with a legitimate purpose, such as wireless sniffers can be
used by intruders to exploit security weaknesses.
• Rogue Access Points
–A rogue access point is an access point placed on a WLAN that
is used to interfere with normal network operation.
–A rogue access point also could be configured to provide
unauthorized users access.
3. Employees
• A simple and common version of a rogue access point is one
installed by employees without authorization.
–These access points typically do not have the necessary
security configuration, so the network ends up with a security
hole.

Internetworking 15
 Threats to Wireless Security: Man-in-the-Middle Attacks

• One of the more sophisticated attacks an unauthorized is called a man-

in-the-middle (MITM) attack.
–Attackers select a host as a target and position themselves
logically between the target and the router of the target.
–In a wired LAN, the attacker needs to be able to physically access
the LAN to insert a device logically into the topology.
–With a WLAN, the radio waves emitted by access points can
provide the connection.
• Because access points act like Ethernet hubs, each NIC in a
BSS hears all the traffic.
• Attackers can modify the NIC of their laptop with special
software so that it accepts all traffic.
• Defeating an attack like a MITM attack, depends on the sophistication of
your WLAN infrastructure and your vigilance in monitoring activity on
the network.
–The process begins with identifying legitimate devices on your
WLAN.
–To do this, you must authenticate users on your WLAN.
–When all users are known, you then monitor the network for
devices and traffic that is not supposed to be there.

Internetworking 16
 Threats to Wireless Security: Denial of Service

• 802.11b and g WLANs use the unlicensed 2.4 GHz

band. This is the same band used by most baby
monitors, cordless phones, and microwave ovens.
–With these devices, attackers can create noise on all
the channels in the band.
• An attacker can turn a NIC into an access point.
That trick can also be used to create a DoS attack.
–The attacker, using a PC as an AP, can flood the
BSS with clear-to-send (CTS) messages, which
defeat the CSMA/CA function used by the stations.
–The AP, in turn, flood the BSS with simultaneous
traffic, causing a constant stream of collisions.
• Another DoS attack that can be launched in a BSS
is when an attacker sends a series of disassociate
commands that cause all stations to disconnect.
–When the stations are disconnected, they
immediately try to reassociate, which creates a burst
of traffic.
–The attacker sends another disassociate command
and the cycle repeats itself. Internetworking 17
 Encrytpion

• Two encryption mechanisms:

–Temporal Key Integrity Protocol (TKIP)
• TKIP is the encryption method certified as WPA.
• It provides support for legacy WLAN equipment by addressing the
original flaws associated with the 802.11 WEP encryption method.
• TKIP has two primary functions:
–It encrypts the Layer 2 payload
–It carries out a message integrity check (MIC) in the encrypted
packet. This helps ensure against a message being tampered
with.
–Advanced Encryption Standard (AES).
• The AES encryption of WPA2 is the preferred method, because it is
WLAN encryption standards used in IEEE 802.11i.
• AES has the same functions as TKIP, but it uses additional data
from the MAC header that allows destination hosts to recognize if
the non-encrypted bits have been tampered with.
–It also adds a sequence number to the encrypted data header.

Internetworking 18
 Encryption

• When you configure Linksys

access points or wireless
routers, such as the
WRT300N, you may not see
WPA or WPA2, instead you
may see references to
something called pre-shared
key (PSK).

Internetworking 19
 Overview of Configuring the Wireless Access Point

• In this topic, you will learn

–how to configure a wireless access point.
–how to set the SSID,
–how to enable security,
–how to configure the channel,
–how to adjust the power settings of a wireless access point.
–how to back up and restore the configuration.
• The basic approach to wireless implementation, as with any basic networking, is to
configure and test incrementally.
–Before implementing any wireless devices, verify the existing network and
Internet access for the wired hosts.
–Start the WLAN implementation process with a single access point and a single
client, without enabling wireless security.
–Verify that the wireless client has received a DHCP IP address and can ping the
local wired default router and then browse to the external Internet.
–Finally, configure wireless security with WPA2. Use WEP only if the hardware
does not support WPA.
• Most access points have been designed to be functional right out of the box with the
default settings.
–It is good practice to change initial, default configurations.

Internetworking 20
 Overview of Configuring the Wireless Access Point

• The following example uses the Linksys WRT300N multifunction device.

This device includes an access point.
• Ensure your PC is connected to the AP via a wired connection, and access
the web utility with a web browser.
–To access the web-based utility of the access point, enter the
WRT300N default IP address, 192.168.1.1.
• A screen appears prompting for username and password.
–Leave the Username field blank.
–Enter admin in the Password field.
• For a basic network setup, use the following:
–Setup - Enter your basic network settings (IP address).
–Management - Click the Administration tab and then select the
Management screen.
• The default password is admin.
• To secure the access point, change the password.
–Wireless - Change the default SSID in the Basic Wireless Settings
tab. Select the level of security in the Wireless Security tab and
complete the options for the selected security mode.
• When you have finished making changes to a screen, click the Save
Settings button, or click the Cancel Changes button to undo your changes.

Internetworking 21
 Configuring Basic Wireless Settings

• The Basic Setup screen is the first screen you see when you
access the web-based utility.
–Click the Wireless tab and then select the Basic Wireless
Settings tab.
• Network Mode
–If you have Wireless-N, Wireless-G, and 802.11b devices in
your network, keep Mixed, the default setting.
–If you have Wireless-G and 802.11b devices, select BG-
Mixed.
–If you have only Wireless-N devices, select Wireless-N
Only.
–If you have only Wireless-G devices, select Wireless-G
Only.
–If you have only Wireless-B devices, select Wireless-B
Only.
–If you want to disable wireless networking, select Disable.
• Network Name (SSID) - The SSID is the network name shared
among all points in a wireless network.
–The SSID must be identical for all devices in the wireless
network.
–It is case-sensitive and must not exceed 32 characters
(use any of the characters on the keyboard).
–For added security, you should change the default SSID
(linksys) to a unique name.
Internetworking 22
Configuring Basic Wireless Settings

• SSID Broadcast - When wireless clients survey the

local area for wireless networks to associate with,
they detect the SSID broadcast by the access point.
–If you do not want to broadcast the SSID, select
Disabled.
• Radio Band - For best performance in a network using
Wireless-N, Wireless-G, and Wireless-B devices, keep
the default Auto.
–For Wireless-N devices only, select Wide - 40MHz
Channel.
–For Wireless-G and Wireless-B networking only,
select Standard - 20MHz Channel.
• Wide Channel - If you selected Wide - 40MHz Channel
for the Radio Band setting, this setting is available for
your primary Wireless-N channel.
• Standard Channel - Select the channel for Wireless-N,
Wireless-G, and Wireless-B.
–If you selected Wide - 40MHz Channel for the
Radio Band setting, the standard channel is a
secondary channel for Wireless-N.

Internetworking 23
 Scan for SSIDs
• When the access point has been configured, you need
to configure the wireless NIC on a client device to
allow it to connect to the wireless network.
–You also should verify that the wireless client has
successfully connected to the correct wireless network,
especially since there may be many WLANs available with
which to connect.
• The steps below are for using the View Wireless
Networks feature in Microsoft Windows XP.
–Step 1. On the Microsoft Windows XP toolbar system
tray, find the network connection icon that looks similar to
the one shown in the figure. Double-click the icon to open
the Network Connections dialog box.
–Step 2. Click the View Wireless Networks button in the
dialog box.
–Step 3. Observe the wireless networks that your wireless
NIC has been able to detect.
• If you have a WLAN that is not showing up on the list
of networks, you may have disabled SSID broadcast
on the access point.
–If this is the case, you must enter the SSID manually.

Internetworking 24
 Verify Connectivity to the Wireless Lan

• With configurations set for

both the access point and
the client, the next step is to
confirm connectivity.
–Try to ping a known IP
address for a device in the
network.
–In the figure, the IP
address is 192.168.1.254.
The ping was successful,
indicating a successful
connection. Internetworking 25
 A Systematic Approach to WLAN Troubleshooting

• Troubleshooting any sort of network problem should follow a

systematic approach, working up the TCP/IP stack from the physical
layer to the application layer. This helps to eliminate any issues that
you may be able to resolve yourself.
• Step 1 - Eliminate the user PC as the source of the problem.
–Confirm the network configuration on the PC using the ipconfig command.
• Verify that the PC has received an IP address via DHCP or is configured with a static
IP address.
–Confirm that the device can connect to the wired network.
• Connect the device to the wired LAN and ping a known IP address.
–It may be necessary to try a different wireless NIC.
• If necessary, reload drivers and firmware as appropriate for the client device.
–If the wireless NIC of the client is working, check the security mode and
encryption settings on the client.
• If the security settings do not match, the client cannot get access to the WLAN.
• If the PC of the user is operational but is performing poorly, check
the following:
–How far is the PC from an access point? Is the PC out of the planned
coverage area (BSA).
–Check the channel settings on the client. The client software should detect
the appropriate channel as long as the SSID is correct.
–Check for the presence of other devices in the area that operate on the 2.4
GHz band. Examples of other devices are cordless phones, baby monitors,
microwave ovens, wireless security systems, and potentially rogue access
points.

Internetworking 26
 A Systematic Approach to WLAN Troubleshooting

• Step 2 - Confirm the physical status of devices.

–Are all the devices actually in place? Consider a possible
physical security issue.
–Is there power to all devices, and are they powered on? (You
will check for inline power in Step 4.)
• Step 3 - Inspect links.
–Inspect links between cabled devices looking for bad
connectors or damaged or missing cables.
–If the physical plant is in place, use the wired LAN to see if you
can ping devices including the access point.
• If connectivity still fails at this point, perhaps something is wrong
with the access point or its configuration.
–As you troubleshoot a WLAN, a process of elimination is
recommended, working from physical possibilities to application-
related ones. When you have reached the point where you have
eliminated the user PC as the problem, and also confirmed the
physical status of devices, begin investigating the performance
of the access point. Check the power status of the access point.
–When the access point settings have been confirmed, if the
radio continues to fail, try to connect to a different access point.
You may try to install new radio drivers and firmware, which is
explained next.

Internetworking 27
-- End of presentation --

Internetworking 28