CSNT 180 Wireless Networking Chapter 7 WLAN Terminology and Technology Norman McEntire norman.mcentire@servin.com Founder, Servin Corporation, http://servin.com Technology Training for Technology Professionals TM Copyright (c) 2010 Servin Corporation. http://servin.com 1
Legal Info Servin is a trademark of Servin Corporation. Wi-Fi is a trademark of the Wi-Fi Alliance Copyright (c) 2010 Servin Corporation 2
This chapter will cover... WLANS may be configured in two major modes Ad Hoc Mode Intrastructure Mode Copyright (c) 2010 Servin Corporation 3
This chapter will cover... Naming of WLANs Copyright (c) 2010 Servin Corporation 4
This chapter will cover... Identifying devices through Layer 2 MAC addressing
This chapter will cover... Scanning Passive Scanning Active Scanning
This chapter will cover... Distribution System Allows APs to communicate with each other Gives connected wireless devices the capability to roam between APs and maintain connection Copyright (c) 2010 Servin Corporation 7
This chapter will cover... Data Rate vs Throughput Chapter will cover why WLAN Throughput is typically less than half the maximum data rate Copyright (c) 2010 Servin Corporation 8
Wireless LAN Modes of Operation Copyright (c) 2010 Servin Corporation 9
Two Modes, Three Configurations Two Modes Ad Hoc Infrastructure Three Configurations IBSS Independent Basic Service Set BSS Basic Service Set ESS Extended Service Set Copyright (c) 2010 Servin Corporation 10
IBSS Independent Basic Service Set Peer-to-Peer Connection No AP (access point) No centralized control No managed security Figure 7.1 and Figure 7.2 Requirements Same SSID, Same Frequency, Same Security Copyright (c) 2010 Servin Corporation 11
SSID SSID - Service Set Identifier Sometimes called Network Name The name used to identify the network Used by devices to join a given network Used for device segmentation Different devices on different networks Used in all WLANs configurations IBSS, BSS, ESS Copyright (c) 2010 Servin Corporation 12
SSID Case Sensitive Max of 32 characters How the SSID set Infrastructure AP device Manually set at the AP Client Device Option 1: Manually set by client setup software Option 2: Automatically received from network broadcast Called Open Network Copyright (c) 2010 Servin Corporation 13
SSID SSID Hiding Option to not broadcast but rather hide the SSID Closed Network Copyright (c) 2010 Servin Corporation 14
Radio Frequency Channel IBSS configuration requires user to set the specific RF channel Option 1: Manual setup by client utility software Option 2: Client software auto sets channel Figure 7.4 Copyright (c) 2010 Servin Corporation 15
IBSS Security Independent Basic Service Set No centralized control No security management Security left up to the individual user or device Hence, Enterprise policy my prohibit IBSS Copyright (c) 2010 Servin Corporation 16
IBSS Terms Depending on vendor, different terms are used to identify IBSS IBSS Independent Basic Service Set Ad Hoc Peer-to-Peer GameKit (iphone) Copyright (c) 2010 Servin Corporation 17
IBSS Advantages Independent Basic Service Set Advantages Easy to configure No need for AP Copyright (c) 2010 Servin Corporation 18
IBSS Disadvantages Limited Radio Frequency Range All devices must be in two-way communication No Centralized Administration Hence may be against corporate policy Not scalable Difficult to secure Users may inadvertently share sensitive info Hence may be against corporate policy Copyright (c) 2010 Servin Corporation 19
IBSS and Corporate Policy Corporate Policy may prevent IBSS No centralized administration Difficult to secure A corporation may use a Wireless Intrusion Prevention system to detect and shut down IBSS networks Copyright (c) 2010 Servin Corporation 20
BSS Basic Service Set AP connected to network infrastructure Network Infrastructure also known as Distribution System (DS) The foundation of the WLAN Figure 7.5 BSA Basic Service Area The RF area of coverage Copyright (c) 2010 Servin Corporation 21
BSS Configuration Basic Service Set Configurartion SSID (Network Name) RF Channel Copyright (c) 2010 Servin Corporation 22
BSS Advantages Basic Service Set Advantages APs with large feature set, reliability, and security Useful in Home, SOHO, Small Business, and Enterprise Scalable Add more APs Centralized Admin and Control Security Copyright (c) 2010 Servin Corporation 23
BSS Disadvantages Requires purchase of one or more APs (Compared to IBSS, which does not require AP) Usually requires a Site Survey to determine coverage Must be connected to Network Infrastructure Remember: Network Infrastructure also called Distribution System (DS) Requires more setup/configuration Copyright (c) 2010 Servin Corporation 24
Netgear WGR614v9 BSS Firmware Update Copyright (c) 2010 Servin Corporation 25
Netgear WGR614v9 BSS Basic Settings Does your Internet Connection Require a Login? No (default) If Yes: Account Name, Domain Name IP Address Get Dynamic from ISP (default) DNS Address Get from ISP (default) Copyright (c) 2010 Servin Corporation 26
Netgear WGR614v9 BSS Wireless Settings - General Wireless Network Name (SSID) Channel Choices Auto 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11 Mode b and g g only Copyright (c) 2010 Servin Corporation 27
Netgear WGR614v9 BSS Wireless Settings - Security Security Options None WEP Wired Equivalent Privacy WPA-PSK (TKIP) Wi-Fi Protected Access, Pre-Shared Key, TKIP encrypt WPA2-PSK (AES) Wi-Fi Protected Access, Pre-Shared Key, AES encrypt WPA-PSK (TKIP) + WPA2-PSK(AES) Passphrase (8 63 characters or 64 hex digits) Copyright (c) 2010 Servin Corporation 28
Netgear WGR614v9 BSS Wireless Settings - Advanced Enable Wireless Radio ON by default Enable SSID Broadcast ON by default Enable WMM ON by default Wireless Multimedia 802.11e WLAN MAC Filtering Enter MAC address to prevent access to AP Enable Wireless Repeater OFF by default If on, enter MAC address of other AP Copyright (c) 2010 Servin Corporation 29
ESS Extended Service Set Two or more BSSs connected together to from a common Distribution System To quote from IEEE 802.11 spec a set of one or more interconnected BSSs that appears as a single BSS to the LLC (logical link control) layer Figure 7.7 Copyright (c) 2010 Servin Corporation 30
SSID vs ESSID vs BSSID SSID Service Set Identifier ESSID Extended Service Set Identifier BSSID Basic Service Set Identifier Copyright (c) 2010 Servin Corporation 31
Know Your Abbreviations! SSID Service Set Identifier The Name and Segmentation of the network ESSID Extended Service Set Identifier Some vendors use this name instead of SSID to imply multiple APs with the same SSID BSSID - xx:xx:xx:yy:yy:yy The MAC of the radio in the AP Copyright (c) 2010 Servin Corporation 32
Connecting to a Wireless Network Copyright (c) 2010 Servin Corporation 33
Connecting to a Wireless Network To connect to a WLAN, several frame exchanges must occur RF waves carry data in frames Frames to perform these functions Authentication Association Reserving the medium Exchanging data Power save Copyright (c) 2010 Servin Corporation 34
Frame Types Management Frames Manage the network Control Frames Control access to WLAN and acknowledge data Data Frames Data payload NOTE: Deep details of frame types not covered by book only high-level summary info Copyright (c) 2010 Servin Corporation 35
Management Frames Manage the network Advertising the capabilities of the WLAN Authentication Association Example Management Frames Beacon Probe Request Copyright (c) 2010 Servin Corporation 36
Management Frames - Examples Example Management Frames Beacon Probe Request Probe Response Authentication Association Request Association Response Copyright (c) 2010 Servin Corporation 37
Control Frames Control access to WLAN medium Example control frames RTS Request to Send CTS Clear to send ACK - Acknowledge Copyright (c) 2010 Servin Corporation 38
Data Frames Data frames carry the data payload null function frame Used to implement power save Variant of null frame QoS null frame Copyright (c) 2010 Servin Corporation 39
Passive Scanning The first part of 802.11 discovery phase is passive scanning, i.e., scanning for info Beacon Frame An advertisement of the WLAN network By default, sent 10 times a second Includes the following info: SSID, RF Channel, Available Data Rates, etc. Figure 7.8 Passive Scanning Figure 7.9 Packet Analyzer Copyright (c) 2010 Servin Corporation 40
Active Scanning Another part of WLAN discovery phase WLAN device sends out a Probe Request Frame APs constantly listen for Probe Request Frames Figure 7.10 Probe Request Frame Figure 7.11 Packet Analyzer Tip: 802.11 standard states that APs must respond to a null or blank SSID Do not confuse this with disable of SSID broadcast Copyright (c) 2010 Servin Corporation 41
Frames used for Active Scanning During active scanning, two frames are exchanged between device and AP 1. WLAN client sends Broadcast Probe Request Frame 2. AP (or multiple Aps) send a Probe Response If multiple APs respond, WLAN client can select AP with best signal strength, signal quality, etc. Copyright (c) 2010 Servin Corporation 42
Authentication Authentication Verifying or confirming an identity 802.11 devices use device authentication to access WLAN resources To repeat: this is device authentication, not user (username/password) authentication 802.11 has two types of authentication Open System Authentication Shared Key Authentication Copyright (c) 2010 Servin Corporation 43
Open System Authentication Defined in 802.11 Two-Way Handshake (Two Authentication Frames) 1. WLAN Client sends frame to AP Can I be part of the network 2. AP sends frame to WLAN client Sure, come on in Does not provide any type of data encryption Figure 7.12 Figure 7.13 Copyright (c) 2010 Servin Corporation 44
Shared Key Authentication Four-way Handshake Requires use of WEP for BOTH device authentication AND data encryption WEP = Wired Equivalent Privacy Should be avoided whenever possible Why: Encryption method used could be captured by an intruder Many vendors no longer provide this option Figure 7.14, 7.15, 7.16 Copyright (c) 2010 Servin Corporation 45
Open System Authentication vs Shared Key Open System Authentication is considered more secure than Shared Key Authentication when WEP is used with Open System WEP with Open System used only to encrypt the data WEP with Shared Key used for both authentication and data Copyright (c) 2010 Servin Corporation 46
Association Association The final step to becoming part of a BSS Recall BSS = Basic Service Set (AP connected to DS, i.e. access point connected to distribution system Association takes place after authentication A device MUST be authenticated before before it can be associated Association allows device to pass traffic across the AP to the network infrastructure Figure 7.16, Figure 7.17 Copyright (c) 2010 Servin Corporation 47
Deauthentication and Disassociation Deauthentication When existing authentication no longer valid Examples WLAN device logging off WLAN device roams to different BSS Disassociation Access point is terminated Example Figure 7.18 WLAN device roams to different BSS Copyright (c) 2010 Servin Corporation 48
Intrusion Tools and DoS DoS = Denial of Service Some intrusion tools can continuously send deauthentication frames Result is a DoS More in Chapter 10 Copyright (c) 2010 Servin Corporation 49
DS Distribution System Copyright (c) 2010 Servin Corporation 50
Distribution System Distribution System (DS) The common infrastructure to which APs connect The network segment that consists of one or more BSS (basic service sets) In most cases, APs connect to Ethernet AP acts like a Layer 2 Translational Bridge A Translational Bridge connects two or more dissimilar LANs together Figure 7.19 Example: 802.11 (wireless) to 802.3 (Ethernet) Copyright (c) 2010 Servin Corporation 51
Wireless Distribution System - WDS Wireless Distribution System WDS Connects BSS using WLAN instead of Ethernet Use one Frequency Band (e.g. 2.4 GHz) for APs and another Frequency Band (e.g. 5 GHz) for the WDS Figure 7.20 Copyright (c) 2010 Servin Corporation 52
Data Rates Copyright (c) 2010 Servin Corporation 53
Data Rates Data Rate = the speed devices exchange data Figure 7.1 shows common data rates 802.11 FHSS 1 and 2 Mbps 802.11 DSSS 1 and 2 Mbps 802.11b HR/DSSS 5.5 and 11 Mbps 802.11a OFDM 6, 9, 12, 18, 24, 36, 48, 54 802.11g ERP-OFDM 6, 9, 12, 18, 24, 36, 48, 54 802.11n HT-OFDM Up to 300 Mbps Copyright (c) 2010 Servin Corporation 54
Throughput Copyright (c) 2010 Servin Corporation 55
Throughput Throughput = actual amount of data transmitted/received What affects Throughput Type of Spread Spectrum technology in use RF interference Number of users Figure 7.22 802.11g has max data rate of 54 Mbps Single user may get throughput of 20 Mbps Copyright (c) 2010 Servin Corporation 56
Lab Exercise How To Measure Throughput See Exercise 7.1 How to Measure Throughput lperf software from www.sourceforge.net Copyright (c) 2010 Servin Corporation 57
DRS Dynamic Rate Switching Copyright (c) 2010 Servin Corporation 58
Dynamic Rate Switching - DRS Data Rates decrease as the distance from AP increases DRS is typically accomplished through proprietary methods Figure 7.23 Copyright (c) 2010 Servin Corporation 59
WLAN Roaming Copyright (c) 2010 Servin Corporation 60
WLAN Roaming Roaming what happens when a device moves from one BSS to another BSS = Basic Service Set Roaming not addressed by IEEE 802.11 Result is vendor proprietary methods How Roaming works WLAN device receives signal from original AP and second AP WLAN device makes decision: stay or more to second AP (see criteria next slide) Copyright (c) 2010 Servin Corporation 61
WLAN Roaming Criteria These criteria used by vendor proprietary software to implement roaming Signal Strength Signal to Noise Ratio Error Rate Number of associated devices The above info passed to/from the APs using the wired network, or DS (Distribution System) See Figure 7.24 Copyright (c) 2010 Servin Corporation 62
Frames used for Reassociation (Roaming) A reassociation frame is used to implement roaming (moving from one AP to another AP) Figure 7.25 Copyright (c) 2010 Servin Corporation 63
Power Saving Operation Copyright (c) 2010 Servin Corporation 64
Power Saving Operation Many WLAN devices are portable and utilize battery power ipod Touch, iphone, ipad, Androids, etc. Original 802.11 standard addressed two power save modes Active Mode AM Power Save Mode PS In some cases, PS mode considered legacy 802.11e included QoS and PS Copyright (c) 2010 Servin Corporation 65
Null Function Frame A null function frame is used with power management Does not carry any data Copyright (c) 2010 Servin Corporation 66
AM Active Mode WLAN device can receive frames at any time Is always in awake state Does not reply on battery power NOTE: Some manufactures call this Continuos Aware Mode - CAM Copyright (c) 2010 Servin Corporation 67
PS Power Save Mode WLAN device will doze or enter lower power state for short periods of time At specific time intervals, device will listen for beacons The beacon contains info for the device regarding power save May case some amount of overhead and hence less performance with PS Figure 7.26 Copyright (c) 2010 Servin Corporation 68
APSD Automatic Power Save Delivery Added with IEEE 802.11e QoS Uses a trigger frame to wake device to receive data APSD is more efficient at performing PS compared to original 802.11 APSD works with time-bound apps like VOIP VOIP = Voice Over IP Copyright (c) 2010 Servin Corporation 69
Protection Mechanisms Copyright (c) 2010 Servin Corporation 70
Protection Mechanisms Protection Mechanisms provide backward compatibility 802.11g and 802.11n communicate with older, slower devices using protection mechanisms Two broad categories of Protection Mechanisms ERP Extended Rate Physical HT High Throughput Copyright (c) 2010 Servin Corporation 71
ERP Protection Mechanism Extended Rate Physical Allows 802.11g and 802.11b to coexist Three modes 802.11b only mode DSSS and HR/DSSS DSSS = 1 and 2 Mbps HR/DSSS = 5.5 and 11 Mbps 802.11g only mode ERP-OFDM ERP-OFDM Up to 54 Mbps 802.11b/g mixed mode See next slide Copyright (c) 2010 Servin Corporation 72
802.11b/g Mixed Mode and Control Frames 802.11 b/g mixed mode uses control frames to reserve the RF medium RTS/CTS Request to Send, Clear to Send CTS to Self Clear to Send Less overhead thatn RTS/CTS Copyright (c) 2010 Servin Corporation 73
HT Protection Mechanism High Throughput 802.11n uses this Backward compatibility for 802.11a/b/g Set of rules WLAN devices and APs follow Mode 0 Greenfield Mode Mode 1 HT Non-Member Protection Mode Mode 2 HT 20 MHz protection mode Mode 3 HT Mixed Mode Copyright (c) 2010 Servin Corporation 74
Mode 0 Greenfield Mode Allows HT (High Throughput) devices only All devices must support same functionality Support 20 or 24/40MHz channels Does not allow 802.11a/b/g devices using same channel 802.11a/b/g will not be able to access AP Copyright (c) 2010 Servin Corporation 75
Mode 1 HT Non-member Protected Mode Used when non HT device within hearing range e.g. when 802.11 a/b/g device in range Copyright (c) 2010 Servin Corporation 76
Mode 2 HT 20 Mhz Protection Mode Operation built upon 802.11n devices can use 20 MHz or 40 MHz wide channels Mode 2 means at least one 20 MHz HT station associated And AP provides compatibility for 20 MHz devices Copyright (c) 2010 Servin Corporation 77
Mode 3 HT Mixed Mode Used when one or more non-ht stations are associated with BSS BSS = Basic Service Set For backwards compatibility with non-802.11n devices Copyright (c) 2010 Servin Corporation 78
Additional HT Protection Modes Two additional modes 1. Dual CTS A new Layer 2 protection mechanism used for backward compatibility between HT and 802.11 a/b/g devices 2. PCO Optional BSS mode with alternating 20 MHz and 40 MHz phases controlled by PCO capable AP Copyright (c) 2010 Servin Corporation 79
Summary Copyright (c) 2010 Servin Corporation 80
Summary WLANs operate in tow modes Ad Hoc (no APs) Intrastructure (use APs) Three configurations for WLANs IBSS BSS ESS Copyright (c) 2010 Servin Corporation 81
Summary Many Abbreviations SSID Service Set Identifier (name of network) ESSID BSSID MAC address of the AP IBSS BSS ESS Copyright (c) 2010 Servin Corporation 82
Summary Process WLAN devices use to connect to and become part of the WLAN Passive Scanning Active Scanning Authentication Association Copyright (c) 2010 Servin Corporation 83
Summary Additional 802.11 terminology DS Distribution System WDS Wireless Distribution System Data Rate Throughput Dynamic Rate Switching Protection Mechanism ERP and HT Active Mode, Power Save Mode, Automatic Power Save Delivery (APSD) Copyright (c) 2010 Servin Corporation 84
Questions Copyright (c) 2010 Servin Corporation 85