Wireless Networking 802.11 based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
topics Standards Technical Concepts Implementation Troubleshooting
802.11 timeline source: Anandtech
Standards 1997: 802.11 specifies overall characteristics of wireless networks 2Mbps maximum operating speed 1999: 802.11b operation at up to 11Mbps Frequency contention w/ microwave ovens, Bluetooth, baby monitors, cordless phones 1999-2001: 802.11a up to 54Mbps incompatible with 802.11b, more expensive 2003: 802.11g 54Mbps top speed compatible with 802.11b Same frequency-contention issues
Standards 2009: 802.11n 100Mbps-600Mbps top speeds Multiple-In, Multiple Out (MIMO) uses 2 4 antennas 802.11a/b-compatible dual-band implementations Transmit beamforming APs can adjust transmitted signals to optimize reception by clients 2014 (January): 802.11ac top speed 1Gbps Multi-user MIMO (MU-MIMO) uses 8 antennas 5GHz frequency band 80MHz, 160Mhz bandwidth per channel versus 40MHz for 802.11n, 20-22MHz for 802.11a/b/g Not backwards compatible
802.11 Versions version frequency band spectrum usage speed * range * compatibility 802.11 2.4GHz DSSS, FHSS 2Mbps, 11Mbps 300' 802.11 802.11b 2.4GHz DSSS 11Mbps 300' 802.11b 802.11a 5GHz OFDM 54Mbps 150' 802.11a 802.11g 2.4GHz OFDM, DSSS 54Mbps 300' 802.11b/g 802.11n 2.4GHz, 5GHz OFDM 100/300 /600Mbps 300' 802.11g/n, 802.11a/g/n 802.11ac 5Ghz OFDM 3.6(1.73) Gbps? 802.11ac * speed and range values are maximum values speed decreases rapidly with distance
802.11 Client Hardware Wireless NIC compatible w/ 802.2 LLC sublayer MAC sublayer puts bits onto radio spectrum instead of wires 802.11n uses 2 4 antennas Most portable gear includes built-in antenna
Wireless Access Point Wireless hub operates at OSI physical layer and Datalink layer Provides connection to wired Ethernet LAN Often packaged with router, Ethernet switch, software to form a SOHO Wireless router Also called Access Point, WAP, or just AP
Software WAP Configuration
WAP Configuration choosing the version
Network Modes How do multiple computers communicate with each other? directly: peer-to-peer via intermediary node: managed Peer-to-peer mode known as Ad Hoc Mode Managed mode known as Infrastructure Mode Shared radio frequency band results in physical bus topology protocol needed to share medium
Ad Hoc Mode Nodes advertise presence, send transmissions directly point-to-point Logical Mesh topology Nodes must be in range of each other Nodes form an Independent Basic Service Set, or IBSS like Windows Workgroup Internet access only if one participant runs Internet Connection Sharing
Infrastructure Mode Most common mode of WLAN operation Logical star topology Access Point manages connections in the star AP plus connected nodes form a Basic Service Set or BSS Multiple APs can connect multiple stars, and form an Extended Basic Service Set, or EBSS (or just ESS) APs connect over a Distribution System, or DS
BSS, ESS (EBSS), and DS
BSSIDs, SSIDs, ESSIDs The Service Set Identifier (SSID) acts as a network name BSSID (Basic Service Set Identifier) can be arbitrary often chosen to be the MAC address of the managing AP of the BSS ESSID, Extended Service Set Identifier for multiple APs/nodes in an EBSS (ESS) SSID often refers to the ESSID IBSS ad hoc node generate their own BSSIDs shared SSID must be defined for nodes to connect distinct from BSSID(s)
Roaming Roaming occurs when a wireless client moves about within a wireless network Client connects to different APs as they come into / go out of range Each AP has its own BSS Roaming occurs within a single ESS
Roaming from http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_packets/printable#wp1000913
Managed Access and Collision Avoidance the Hidden Node problem:
Sharing the Bus Topology: Ethernet versus Wireless Carrier-Sense Multiple Access (CSMA) Both technologies depend on listening for quiet medium before transmission Ethernet: CSMA/CD Collision Detection (CD) causes transmitting nodes to back off, retry transmission Exponential backoff employed Wireless: CSMA/CA Collision Avoidance (CA) acts to avoid collisions before they happen Waiting before transmissions
CSMA/CA: Collision Avoidance Distributed Coordination Function (DCF) is used to avoid data collisions The DCF of choice is CSMA/CA Collision Avoidance (CA) Node first listens for busy medium (prior transmission) If busy medium detected, keep listening until quiet Then wait for random time, check whether medium stays quiet If medium stays quiet, transmit Receiver sends ACK frame if transmission is successful
CSMA/CA - Basic Timing Delay: Distributed Interframe Space (DIFS) required time preceding a transmission SIFS - Short Interframe Space time between transmission and acknowledgement
Collision Avoidance RTS/CTS Algorithm Node with data to send must 1. listen for quiet media 2. send short Request To Send (RTS) packet, wait for a Clear To Send (CTS) response if no response, keep waiting and sending RTS 3. After receiving CTS, send Data and wait for ACK if no ACK, repeat sending Data and waiting for ACK RTS, CTS include data-length information other nodes can learn how long to wait for a turn at transmitting
RTS/CTS Timing DIFS Distributed Inter-Frame Spacing SIFS Short Inter-Frame Spacing NAV Network Allocation Vector
CSMA/CA, for exam purposes: Know what the acronym stands for Know how collision avoidance works What DIFS, SIFS, Ack are used for Know what RTS, CTS are
Aspects of Wireless Security MAC address filtering Limit what hosts can associate with the AP Wireless authentication Control who can connect to and access network resources Data Encryption Protect data from eavesdropping
MAC Address Filtering AP can be set to accept associations only from "accepted users", based on MAC addresses Clumsy for large and transient networks Can be defeated by MAC spoofing Can be eavesdropped This permits accepted MAC addresses to be discovered and then spoofed
Security - Authentication Open authentication Just specify the correct SSID Not secure at all Pre-Shared Key authentication Client has a secret key WEP, WPA, WPAv2 EAP authentication Centralized security database contains authorizeduser credentials e.g., Active Directory
Pre-Shared Key (PSK) authentication WEP - Wired Equivalent Privacy Client must know the key Poor RC4 encryption allows key to be cracked WPA - Wi-Fi Protected Access TKIP with RC4 encryption is stronger than WEP WPA2-Personal IEEE 802.11i standard AES (AES-CCMP) encryption, stronger than TKIP
Authentication - IEEE 802.1X WPA/WPA2 Enterprise Defines authentication via RADIUS server Supplicant a node wanting access contacts a Network Access Server (a wireless access point) NAS looks for supplicant in Radius server's database, checks user name and password Connection protected by IPsec Passwords encrypted with Extensible Authentication Protocol (EAP) Radius server returns Access-Accept code with Authenticator section
RADIUS-EAP from: http://windowsdevcenter.com/pub/a/windows/2007/06/26/windows-wireless-lan-security-primer.html
Security Encryption Wireless traffic can be sniffed by software on wireless hosts Kismet Open Source sniffer for Linux, OSX, Windows, BSD Data encryption needed for transmissions WEP (Wired Equivalent Privacy) weak implementation of RC4 cipher outdated, should not be used WPA (Wi-Fi Protected Access) improved WEP WPA2 (Wi-Fi Protected Access 2) per 802.1X WPA2 plus RADIUS-EAP server is WPA2-Enterprise
WEP Wired Equivalent Privacy first wireless encryption in use 64-bit or 128-bit RC4 encryption algorithm Single encryption key, shared by all users Can be cracked in < 1 minute not so good
WPA, WPA2 Wi-Fi Protected Access (WPA) meant to replace WEP Dynamic encryption keys generated for each user and session TKIP (Temporal Key Integrity Protocol) added to WEP algorithm WPA2 replaced WEP s RC4 with AES (Advanced Encryption Standard) 128-bit block cipher Much harder algorithm to crack than RC4 PSK Pre-shared Key
RADIO FREQUENCIES
Carrying Data On Radio Waves AM and FM Radio Amplitude Modulation: Uses single frequency in channel Intensity represents data Frequency Modulation: Uses all frequencies in channel Frequency change represents data
Carrying Data On Radio Waves Spread Spectrum Data in binary form modulates pseudorandom bit sequence Pseudorandom bit sequence uses all frequencies in channel
Spread Spectrum Wifi NIC broadcasts over all frequencies in a channel Use of multiple frequencies improves throughput and noise tolerance noise spread spectrum narrowband
Spread Spectrum Broadcasting Direct-Sequence Spread Spectrum DSSS each transmission is spread over entire bandwidth of frequencies, simultaneously high throughput but susceptible to interference Frequency-Hopping Spread Spectrum FHSS transmissions hop from one frequency to another, avoid interference better than DSSS Orthogonal Frequency-Division Multiplexing OFDM combination of DSSS and FHSS multiple DSSSlike behavior over sub-bands robust but complex; used in newer gear
802.11 Transmission Bands 802.11 uses frequency bands 2.4 GHz ISM band (Industrial, Scientific, and Medical) 84.5 MHz wide 5 GHz U-NII band (Unlicensed National Info. Infrastructure) ~340 MHz wide 60GHz for high-speed standard 802.11ad
Frequency Bands and Standards 802.11b/g/n use frequencies in 2.4GHz band US: 11 usable channels Europe: 12 usable channels 802.11a/n use frequencies in 5GHz band 802.11n is dual-band 802.11ac uses frequencies in 5GHz band
Transmission Frequencies Each band is divided into channels Adjacent 2.4GHz channels overlap Each channel spans a range of frequencies 802.11b 22MHz-wide channels 802.11g 20MHz used out of each 22MHz channel 802.11n 20MHz, 40MHz wide (channel-bonding of two 802.11g channels) Nearby WAPs need non-overlapping channels to avoid interfering with each other e.g. channels 1, 6, 11 for a 3-WAP ESS using 802.11g
802.11b Channels Overlap
Channel Widths
5GHz Sub-bands and Channels U-NII-2 is for combined indoor/outdoor use Extra channels are also used by military, weather radars Not all equipment uses U-NII-2 Wi-fi must not interfere
Radio frequencies, for exam purposes: Know what spread spectrum is Know what kind of spread spectrum - DSSS, OFDM - each standard uses Know what band each standard uses Know how wide channels are Know what to do about overlapping channels
DETAILS FRAME FORMATS
802.11 Wireless Network Frames Three kinds of frame Management frame Control frame Data frame Control frames used for CSMA/CA Management frames used to advertise network, join STAs (hosts) to network, etc. Can be the most common frame type
802.11 Data Frame Headers
802.11 http frame in PPI showing LLC, IPv4, TCP, HTTP contents
IMPLEMENTING, TROUBLESHOOTING
Implementation Considerations obstacles site survey to locate interference, identify pre-existing (and conflicting) APs Eliminate dead spots choose different standard 802.11n versus 802.11g? 5GHz versus 2.4GHz? Multiple APs?
Power Over Ethernet (PoE) IEEE 802.3af-2003, IEEE 802.3at-2005 Provides up to 25W over Ethernet cable Good for awkward AP installations ceilings, roofs, etc. A typical 8-port, 10/100Mbps PoE switch costs $50 - $100
Twisted-Pair Wiring for PoE
Ad Hoc Setup Issues Choose a shared SSID Select suitable channel Use APIPA or other scheme to generate IP addresses Enable file and printer sharing
Infrastructure Setup Issues AP placement Omni-directional antenna? Centered location? High-gain antenna? APs near each other must not use overlapping channels Example: Use channels 1, 6, 11 within ESS to avoid interference between APs
Infrastructure Setup Issues AP configuration (often a webpage interface) ESSID to broadcast or not to broadcast? whether tis nobler in the mind s eye Beacon timing tradeoff between overhead traffic and client synchronization default is 100ms, not always settable MAC address filtering? Can you change your wireless router s beacon interval? Does it offer MAC filtering? Encryption use WPA2 if available
example AP configuration DD-WRT
Extending the WLAN Add another AP connect via Ethernet (wired) connection for good performance Configure new AP for same ESSID, encryption as first AP Choose non-overlapping channel
Access Points as Wireless Bridges Wireless bridge connects multiple Network segments / ESSIDs point-to-point Connects between two or more wireless networks (ESSIDs)
DD-WRT can be reconfigured as an AP, a Bridge, or a Repeater
Troubleshooting Problems First determine the scope of your problem: Who is affected? What sort of problem is it? What service(s), etc. When did it start? Was something changed? Hardware look for the usual signs of hardware failure, e.g. Windows Device Manager Software make sure firmware and drivers are up to date
Initial-Installation Issues Is the radio enabled on both the access point and client for the correct RF (2.4 GHz ISM or 5 GHz UNII)? ISM Industrial, Scientific, Medical band Is an external antenna connected and facing the correct direction (straight upward for dipole)? Is the antenna location too high or too low relative to wireless clients (within 20 vertical feet)? Is the AP the client is attempting to reach at too great of a distance? From http://www.ciscopress.com/articles/article.asp?p=1156068&seqnum=4
Signal Reflections Are there walls, or metal objects in the room, that reflect RF and diminish performance? Some MIMO APs can compensate for reflections
Configuration Problems Check things like SSID Channel Authentication type Encryption type MAC filtering
Connectivity Problems Signal strength and interference Most wireless-network utilities report signal strength Host AP distance may be too great Relocate AP, or add another AP to network Walls, other devices may be causing interference Relocate host to a different position? Add another AP? Overlapping signals from multiple APs Configure APs to use different channels Make sure host uses correct SSID