1cis 585 v1 © 2002, sapium inc., cisco systems, inc. permission granted for reproduction and...

1CIS 585 v1 © 2002, Sapium Inc., Cisco Systems, Inc.

Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.

Enterprise Wireless LANEnterprise Wireless LANCIS 585CIS 585

Stephen Choi | Kevin Todd | Stanley YenStephen Choi | Kevin Todd | Stanley Yen

Enterprise Wireless LANEnterprise Wireless LANCIS 585CIS 585

Stephen Choi | Kevin Todd | Stanley YenStephen Choi | Kevin Todd | Stanley Yen

2© 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com

Presentation OverviewPresentation Overview

• WLAN Intro, Site Survey, Hardware – Stephen Choi

• WLAN Bridging, Antennas – Kevin Todd

• WLAN Security Features – Stanley Yen

Presentation References:

Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.


Wireless in a Wired WorldWireless in a Wired World

• Wireless LAN growth and trends

- Mobility, Costs Savings

- Disaster Recovery Solution

- Embedded Devices

• Wireless Standards – WECA 802.11b, 802.11a, 802.11g

• Wireless more common in public spaces – Airports, Universities, Hotels, Cafes, etc.


Example Project : Hilton Hotel / SGExample Project : Hilton Hotel / SG

POTSSplitterLRE 48

Catalyst 2924 LRE

Catalyst 3500 XL

LRE

Catalyst3524 PWR XL

- Video Servers- Local Content

Conference Room /Lounge / Pool

Aironet 350

CPELRELRELRELRE

Room 1

CPE

Room 2

VPN

PSTN

NetworkPBX

BBSM

Cisco 2600

Other Services

CAT5Cable

ExistingTelephone Pairs

Internet andVPN

RADIUSServer

Credit CardServer

Wireless Connections

Internal Network

ExternalNetwork

CAT5Cable

Catalyst 2924 XL

10/100Ethernet

Coax Cable

UBR7xxx

Cable


Hilton Hotel – Wireless WANHilton Hotel – Wireless WAN

The Hilton/SG utilizes wireless LAN technology inside and outside the building. Hilton/SG will connect to corporate intranet and Internet resources via wireless bridges from

Hilton/PAS, which is approximately 4 miles apart.

HILTON / PASHILTON / SG

Distance 4+ miles, DLOS

Frame RelayPMS12.HILTONWORLD

WIDE.COM


Cisco Packet MagazineCisco Packet Magazine

• Current Issue / 2nd Quarter 2002

• Also online: http://www.cisco.com/go/packet

• Welcome to the Wireless Enterprise

• WLAN How-to series

Part 1: Preparing for wireless LANs

Part 2: How to Build a Secure WLAN

• The Once and Future WLAN


Access PointsAccess Points

What are Access Points?

Acts as a wireless hub for wireless devices

Extends the range of coverage for a wireless LAN

Access points can accommodate a maximum number of wireless users

Access points can get expensive so a site survey is always recommended


Wireless Site SurveyWireless Site Survey

What is a site survey?

Ensure Coverage and VPN Connectivity/Subnets

Interference, absorption, noise

SNR and Packet retry count (<10%)

“Outside In” approach for Access Points

Reduce Cost

Understand the application

A good site survey can cost thousands!

Packet Magazine, 2nd Quarter, 2002

http://www.cisco.com/go/packet


Roaming / Port HoppingRoaming / Port Hopping

Port Hopping

Allows a WLAN user to seamlessly move from one access point to another without having to reauthenticate or experience interrupted service.

Deployed in a typical Cisco BBSM (Building Broadband Service Manager) application – Hotel, Apartment users can roam throughout network and stay connected.


In-Line PowerIn-Line Power

In-Line Power:

• Makes installation easier

• Reduces the number of power outlets

• Works for most wireless devices – including access points, bridges, IP phones, etc.


Bridges / Workgroup BridgesBridges / Workgroup Bridges

Wireless Bridge- connects a LAN to another LAN that uses the same protocol over a high-speed wireless connection at a range from 1 to 25 miles.

Workgroup Bridge- A bridge that is used in a WLAN to provide a link between remote workgroups, satellite offices, and mobile users to an Access Point or Wireless Bridge.

Access Points

WirelessBridge

Workgroup

Bridge


Wireless Bridge FeaturesWireless Bridge Features

Enables outdoor links between buildings up to 25 miles. Ideal for harsh environments and installations subject to

plenum rating. Temperature ranges from -20° to 55°C with a NEMA enclosure.

Supports Point to Point (PTP) and Point to Multipoint (PTMP) configurations.

Broad ranges of supported antennas. Connect hard to wire sites, noncontiguous floors, satellites

offices, temporary networks, and warehouses with Inline power.


Workgroup Bridge ExampleWorkgroup Bridge Example


Point to Point (PTP) / Point to Multi-Point (PTMP) Bridges

PTP bridges Connect a LAN in one building to a LAN in another building.

Composed of a pair of bridges and directional antennae.

Antennae must have a line of sight with each other.

Cable is run from the antenna to its bridge which is connected to the network.

Comply with IEEE 802.11b wireless standard (allows for interoperability) or proprietary (faster speeds up to 100Mbps).

PTMP bridges can bring networks of multiple buildings together and require omni-directional antennae.


Point to Point / Point to Multi-Point

Point-to-Point Wireless Bridge Solution

Point-to-Multipoint Wireless Bridge Solution


AntennasAntennas

Most antennas are Omni-directional or Directional.

Each bridge has a radio built in or modular.

Each radio is composed of the transmitter and the receiver.

The transmitter encodes data from the LAN into the specified frequency spectrum and then transmits in through the antenna.

The receiver does the opposite, by decoding the frequencies from the antenna into data to be placed on the LAN.

Most wireless network products operate in the Industrial, Scientific, and Medical (ISM) bands (2.4- 2.4835 GHz – IEEE 802.11a)


AntennasAntennas

Omni-directional Antenna

Directional Antenna (Yagi)


Omni-directional AntennasOmni-directional Antennas

Ceiling MountedAntenna

Mast MountedAntenna


Directional AntennasDirectional Antennas

Yagi Antenna

DishAntenna


AntennasAntennas

Fresnel Zone- the elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal.

As the distance between buildings grow, the curve of the earth (earth bulge) affects installation and requires antennas to be placed at higher elevations.


AntennasAntennas

Wireless Link Distance (miles)

Approximate 60% of

Fresnel Zone (ft. at 2.4 GHz)

Approximate Earth Curvature

(ft.)

Mounting Height (ft. with

no obstructions)

1 10 3 13

5 30 5 35

10 44 13 57

15 55 28 83

20 65 50 115

25 72 78 150


AntennasAntennasCompanyProduct Name/Model

List Price

Wireless

speed

Max. range @ max data

rate

802.11

LAN Speed

Temp. PTMPRadio used

Antenna

distance from bridge

Band

Cisco Systems

Cisco Aironet

350

11 Mbps

18 miles Yes10/100 Mbps

Min -20 C Max +55 C

Yes Internal100 feet

ISM

Lucent Technologies WCND

ORiNOCO AP-1000 Access Points

$995 11

Mbs12 miles Yes

10/100 Mbps

Min 0 C Max +40 C

Yes PC Card75

feetISM

Proxim Stratum

$19,950

20 Mbps

7 miles No10/100 Mbps

Min -30 C Max +55 C

No Internal1000 feet

UNll

Proxim Stratum 100

$32,950

100 Mbps

7 miles No10/100 Mbps

Min -30 C Max +55 C

No Internal 1000 UNll

Proxim Stratum MP

$2,195 10

Mbps12 miles No 10 Mbps

Min -15 C Max +40 C

Yes Internal200 feet

ISM

Western Multiplex

Tsunami 100 5.3/5.8 GHz

$17,995

100 MBps

5 miles No100

Mbps

Min -30 C Max +65 C

No Internal>300 feet

UNll

Western Multiplex

Tsunami 45 5.8GHz

$11,095

45 Mbps full

duplex

15 miles No100

Mbps

Min -30 C Max +65 C

No Internal>300 feet

UNll


Wireless LAN SecurityWireless LAN Security

Wireless LAN Security

Components of Wireless LAN Security

SSID and WEP

Encryption, Decryption, and Ciphers

Authentication

Mutual Authentication via RADIUS

Controversy Over Strong Encryption


Components of Wireless LAN Components of Wireless LAN SecuritySecurity

What is wireless LAN security?

• Access control ensures that sensitive data can be accessed only by authorized users.

• Access to wired LAN’s is physical access to LAN ports while wireless LAN’s place “ports” everywhere within a certain radius of the access point.

• Privacy ensures that transmitted data can be received and understood only by the intended audience.

• Data transmitted on a wired LAN is directed to a particular destination while data on a wireless LAN is broadcasted over radio waves within a certain radius of the access point.

• Security breach on a wired LAN is possible only if the LAN is physically compromised while a security breach on a wireless LAN can be performed from anywhere within the operating distance of the wireless LAN.


SSID and WEPSSID and WEP

IEEE 802.11b standard defines two mechanisms for providing access control and privacy.

1. SSID (Service Set Identifiers)

• Rudimentary level of access control.

• Common network name for the devices in a wireless LAN.

2. WEP (Wired Equivalent Privacy)

• Prevent unauthorized users, who lack a correct WEP key, from gaining access to the network.

• Protects wireless LAN data streams by encryption and allowing decryption only by users with the correct WEP keys.

• Static WEP Keys vs. Dynamic WEP Keys.


Encryption, Decryption, and CiphersEncryption, Decryption, and Ciphers

Encryption• Conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people.

Decryption• Process of converting encrypted data back into its

original form, so it can be understood.

Ciphers• Sophisticated computer algorithms that rearrange the data bits in digital signals.


AuthenticationAuthentication

IEEE 802.11b standard defines two types of authentication methods.

1. Open Authentication

• Authentication process is in clear-text and a client can associate with an access point even without supplying the correct WEP key.

2. Shared Key Authentication

• Access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point.

Authentication by MAC (Media Access Control) address

• Access point will allow association by a client only if that client’s MAC address matches an address in an authentication table used by the access point.


Mutual Authentication via RADIUSMutual Authentication via RADIUS

Why Mutual Authentication?

• Shared key authentication is only one-way.

• Rogue access points can be placed on a wireless LAN.

How Mutual Authentication Works:


Controversy Over Strong EncryptionControversy Over Strong Encryption

Strong Encryption

• Ciphers that are essentially unbreakable without the decryption keys.

• Companies and consumers view strong encryption as means to keep secrets, minimize fraud, and protect privacy.

• Governments view strong encryption as potential vehicles by which criminals and terrorists might evade authorities.

• Key-Escrow concept being debated.


ConclusionConclusion

• Any Questions and Answers

1cis 585 v1 © 2002, sapium inc., cisco systems, inc. permission granted for reproduction and...

Documents

wireless devices

g wireless

wireless bridges

wireless hub

wireless lans

wireless site survey

wireless lan access

wireless lan technology