Date post: | 22-Dec-2015 |
Category: |
Documents |
Upload: | sheryl-hunter |
View: | 221 times |
Download: | 0 times |
1CIS 585 v1 © 2002, Sapium Inc., Cisco Systems, Inc.
Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.
Enterprise Wireless LANEnterprise Wireless LANCIS 585CIS 585
Stephen Choi | Kevin Todd | Stanley YenStephen Choi | Kevin Todd | Stanley Yen
Enterprise Wireless LANEnterprise Wireless LANCIS 585CIS 585
Stephen Choi | Kevin Todd | Stanley YenStephen Choi | Kevin Todd | Stanley Yen
2© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Presentation OverviewPresentation Overview
• WLAN Intro, Site Survey, Hardware – Stephen Choi
• WLAN Bridging, Antennas – Kevin Todd
• WLAN Security Features – Stanley Yen
Presentation References:
Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.
3© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Wireless in a Wired WorldWireless in a Wired World
• Wireless LAN growth and trends
- Mobility, Costs Savings
- Disaster Recovery Solution
- Embedded Devices
• Wireless Standards – WECA 802.11b, 802.11a, 802.11g
• Wireless more common in public spaces – Airports, Universities, Hotels, Cafes, etc.
4© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Example Project : Hilton Hotel / SGExample Project : Hilton Hotel / SG
POTSSplitterLRE 48
Catalyst 2924 LRE
Catalyst 3500 XL
LRE
Catalyst3524 PWR XL
- Video Servers- Local Content
Conference Room /Lounge / Pool
Aironet 350
CPELRELRELRELRE
Room 1
CPE
Room 2
VPN
PSTN
NetworkPBX
BBSM
Cisco 2600
Other Services
CAT5Cable
ExistingTelephone Pairs
Internet andVPN
RADIUSServer
Credit CardServer
Wireless Connections
Internal Network
ExternalNetwork
CAT5Cable
Catalyst 2924 XL
10/100Ethernet
Coax Cable
UBR7xxx
Cable
5© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Hilton Hotel – Wireless WANHilton Hotel – Wireless WAN
The Hilton/SG utilizes wireless LAN technology inside and outside the building. Hilton/SG will connect to corporate intranet and Internet resources via wireless bridges from
Hilton/PAS, which is approximately 4 miles apart.
HILTON / PASHILTON / SG
Distance 4+ miles, DLOS
Frame RelayPMS12.HILTONWORLD
WIDE.COM
6© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Cisco Packet MagazineCisco Packet Magazine
• Current Issue / 2nd Quarter 2002
• Also online: http://www.cisco.com/go/packet
• Welcome to the Wireless Enterprise
• WLAN How-to series
Part 1: Preparing for wireless LANs
Part 2: How to Build a Secure WLAN
• The Once and Future WLAN
7© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Access PointsAccess Points
What are Access Points?
Acts as a wireless hub for wireless devices
Extends the range of coverage for a wireless LAN
Access points can accommodate a maximum number of wireless users
Access points can get expensive so a site survey is always recommended
8© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Wireless Site SurveyWireless Site Survey
What is a site survey?
Ensure Coverage and VPN Connectivity/Subnets
Interference, absorption, noise
SNR and Packet retry count (<10%)
“Outside In” approach for Access Points
Reduce Cost
Understand the application
A good site survey can cost thousands!
Packet Magazine, 2nd Quarter, 2002
http://www.cisco.com/go/packet
9© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Roaming / Port HoppingRoaming / Port Hopping
Port Hopping
Allows a WLAN user to seamlessly move from one access point to another without having to reauthenticate or experience interrupted service.
Deployed in a typical Cisco BBSM (Building Broadband Service Manager) application – Hotel, Apartment users can roam throughout network and stay connected.
10© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
In-Line PowerIn-Line Power
In-Line Power:
• Makes installation easier
• Reduces the number of power outlets
• Works for most wireless devices – including access points, bridges, IP phones, etc.
11© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Bridges / Workgroup BridgesBridges / Workgroup Bridges
Wireless Bridge- connects a LAN to another LAN that uses the same protocol over a high-speed wireless connection at a range from 1 to 25 miles.
Workgroup Bridge- A bridge that is used in a WLAN to provide a link between remote workgroups, satellite offices, and mobile users to an Access Point or Wireless Bridge.
Access Points
WirelessBridge
Workgroup
Bridge
12© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Wireless Bridge FeaturesWireless Bridge Features
Enables outdoor links between buildings up to 25 miles. Ideal for harsh environments and installations subject to
plenum rating. Temperature ranges from -20° to 55°C with a NEMA enclosure.
Supports Point to Point (PTP) and Point to Multipoint (PTMP) configurations.
Broad ranges of supported antennas. Connect hard to wire sites, noncontiguous floors, satellites
offices, temporary networks, and warehouses with Inline power.
13© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Workgroup Bridge ExampleWorkgroup Bridge Example
14© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Point to Point (PTP) / Point to Multi-Point (PTMP) Bridges
PTP bridges Connect a LAN in one building to a LAN in another building.
Composed of a pair of bridges and directional antennae.
Antennae must have a line of sight with each other.
Cable is run from the antenna to its bridge which is connected to the network.
Comply with IEEE 802.11b wireless standard (allows for interoperability) or proprietary (faster speeds up to 100Mbps).
PTMP bridges can bring networks of multiple buildings together and require omni-directional antennae.
15© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Point to Point / Point to Multi-Point
Point-to-Point Wireless Bridge Solution
Point-to-Multipoint Wireless Bridge Solution
16© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AntennasAntennas
Most antennas are Omni-directional or Directional.
Each bridge has a radio built in or modular.
Each radio is composed of the transmitter and the receiver.
The transmitter encodes data from the LAN into the specified frequency spectrum and then transmits in through the antenna.
The receiver does the opposite, by decoding the frequencies from the antenna into data to be placed on the LAN.
Most wireless network products operate in the Industrial, Scientific, and Medical (ISM) bands (2.4- 2.4835 GHz – IEEE 802.11a)
17© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AntennasAntennas
Omni-directional Antenna
Directional Antenna (Yagi)
18© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Omni-directional AntennasOmni-directional Antennas
Ceiling MountedAntenna
Mast MountedAntenna
19© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Directional AntennasDirectional Antennas
Yagi Antenna
DishAntenna
20© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AntennasAntennas
Fresnel Zone- the elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal.
As the distance between buildings grow, the curve of the earth (earth bulge) affects installation and requires antennas to be placed at higher elevations.
21© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AntennasAntennas
Wireless Link Distance (miles)
Approximate 60% of
Fresnel Zone (ft. at 2.4 GHz)
Approximate Earth Curvature
(ft.)
Mounting Height (ft. with
no obstructions)
1 10 3 13
5 30 5 35
10 44 13 57
15 55 28 83
20 65 50 115
25 72 78 150
22© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AntennasAntennasCompanyProduct Name/Model
List Price
Wireless
speed
Max. range @ max data
rate
802.11
LAN Speed
Temp. PTMPRadio used
Antenna
distance from bridge
Band
Cisco Systems
Cisco Aironet
350
11 Mbps
18 miles Yes10/100 Mbps
Min -20 C Max +55 C
Yes Internal100 feet
ISM
Lucent Technologies WCND
ORiNOCO AP-1000 Access Points
$995 11
Mbs12 miles Yes
10/100 Mbps
Min 0 C Max +40 C
Yes PC Card75
feetISM
Proxim Stratum
$19,950
20 Mbps
7 miles No10/100 Mbps
Min -30 C Max +55 C
No Internal1000 feet
UNll
Proxim Stratum 100
$32,950
100 Mbps
7 miles No10/100 Mbps
Min -30 C Max +55 C
No Internal 1000 UNll
Proxim Stratum MP
$2,195 10
Mbps12 miles No 10 Mbps
Min -15 C Max +40 C
Yes Internal200 feet
ISM
Western Multiplex
Tsunami 100 5.3/5.8 GHz
$17,995
100 MBps
5 miles No100
Mbps
Min -30 C Max +65 C
No Internal>300 feet
UNll
Western Multiplex
Tsunami 45 5.8GHz
$11,095
45 Mbps full
duplex
15 miles No100
Mbps
Min -30 C Max +65 C
No Internal>300 feet
UNll
23© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
Components of Wireless LAN Security
SSID and WEP
Encryption, Decryption, and Ciphers
Authentication
Mutual Authentication via RADIUS
Controversy Over Strong Encryption
24© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Components of Wireless LAN Components of Wireless LAN SecuritySecurity
What is wireless LAN security?
• Access control ensures that sensitive data can be accessed only by authorized users.
• Access to wired LAN’s is physical access to LAN ports while wireless LAN’s place “ports” everywhere within a certain radius of the access point.
• Privacy ensures that transmitted data can be received and understood only by the intended audience.
• Data transmitted on a wired LAN is directed to a particular destination while data on a wireless LAN is broadcasted over radio waves within a certain radius of the access point.
• Security breach on a wired LAN is possible only if the LAN is physically compromised while a security breach on a wireless LAN can be performed from anywhere within the operating distance of the wireless LAN.
25© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
SSID and WEPSSID and WEP
IEEE 802.11b standard defines two mechanisms for providing access control and privacy.
1. SSID (Service Set Identifiers)
• Rudimentary level of access control.
• Common network name for the devices in a wireless LAN.
2. WEP (Wired Equivalent Privacy)
• Prevent unauthorized users, who lack a correct WEP key, from gaining access to the network.
• Protects wireless LAN data streams by encryption and allowing decryption only by users with the correct WEP keys.
• Static WEP Keys vs. Dynamic WEP Keys.
26© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Encryption, Decryption, and CiphersEncryption, Decryption, and Ciphers
Encryption• Conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.
Decryption• Process of converting encrypted data back into its
original form, so it can be understood.
Ciphers• Sophisticated computer algorithms that rearrange the data bits in digital signals.
27© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
AuthenticationAuthentication
IEEE 802.11b standard defines two types of authentication methods.
1. Open Authentication
• Authentication process is in clear-text and a client can associate with an access point even without supplying the correct WEP key.
2. Shared Key Authentication
• Access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point.
Authentication by MAC (Media Access Control) address
• Access point will allow association by a client only if that client’s MAC address matches an address in an authentication table used by the access point.
28© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Mutual Authentication via RADIUSMutual Authentication via RADIUS
Why Mutual Authentication?
• Shared key authentication is only one-way.
• Rogue access points can be placed on a wireless LAN.
How Mutual Authentication Works:
29© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com
Controversy Over Strong EncryptionControversy Over Strong Encryption
Strong Encryption
• Ciphers that are essentially unbreakable without the decryption keys.
• Companies and consumers view strong encryption as means to keep secrets, minimize fraud, and protect privacy.
• Governments view strong encryption as potential vehicles by which criminals and terrorists might evade authorities.
• Key-Escrow concept being debated.