Download Exploration_LAN_Switching_Chapter7

Configure a Wireless
Router
LAN Switching and Wireless – Chapter 7
ITE I Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
1
Objectives

Describe the components and operations of basic
wireless LAN topologies.

Describe the components and operations of basic
wireless LAN security.

Configure and verify basic wireless LAN access.

Configure and troubleshoot wireless client access.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
2
Introducing WLAN
 Introducing Wireless LANs
 802.11 wireless LANs extend the 802.3 Ethernet LAN
infrastructures to provide additional connectivity
options.
 However, additional components and protocols are
used to complete wireless connections.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
Basic Wireless Technologies
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
4
Wireless LAN Standards
 802.11 wireless LAN is an IEEE standard that defines how radio
frequency (RF) in the unlicensed industrial, scientific, and medical
(ISM) frequency bands is used for the Physical layer and the MAC
sub-layer of wireless links.
 802.11
 802.11b
 802.11a
 802.11g
 802.11n
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Wireless LAN Standards
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
6
Band
802.11a
802.11b
802.11g
802.11n
5.7 GHz
2.4 GHz
2.4 GHz
Unconfirmed
Possibly 2.4
and 5 GHz
bands
Channels*
Up to 23
3
3
Modulation
OFDM
DSSS
DSSS
OFDM
~150 feet or
35 meters
Fast, good
range, not
easily
obstructed
Data Rates Up to 54 Mbps Up to 11
Mbps
Pros
Fast, less
Low cost,
prone to
good range
interference
Cons
ITE 1 Chapter 6
Higher cost,
shorter range
© 2006 Cisco Systems, Inc. All rights reserved.
Slow, prone
to
interference
Cisco Public
MIMOOFDM
~230 feet or
70 meters
Very good
data rates,
improved
range
Prone to
interference from
appliances
operating on 2.4
7
OFDM and DSSS
 Short for Orthogonal Frequency Division Multiplexing, an FDM
modulation technique for transmitting large amounts of digital data
over a radio wave. OFDM works by splitting the radio signal into
multiple smaller sub-signals that are then transmitted
simultaneously at different frequencies to the receiver.
 Acronym for direct-sequence spread spectrum .DSSS is a
transmission technology used in LAWN transmissions where a
data signal at the sending station is combined with a higher data
rate bit sequence
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
8
Components and Operations of Basic
Wireless LAN Topologies
 components of a 802.11-based wireless infrastructure
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
9
Compairing WLAN and LAN
Characteristic
802.11 WLAN
802.3 Ethernet
Physical Layer
Radio Frequency
(RF)
Cable
Media Access
Collision Avoidance
Collision Detection
Availability
Anyone with a radio
NIC in range of an
access point
Yes
Cable connection
required
Additional regulation
by local authorities
IEEE standard
dictates
Signal Interference
Regulation
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
Inconsequential
10
Standards
 Wi-Fi Certification
 Wi-Fi certification is provided by the Wi-Fi Alliance (http://www.wi-fi.org), a
global, nonprofit, industry trade association devoted to promoting the
growth and acceptance of WLANs.
 Standards ensure interoperability between devices made by different
manufacturers. Internationally, the three key organizations influencing
WLAN standards are:
 ITU-R:The ITU-R regulates the allocation of the RF spectrum and satellite
orbits.
 IEEE:The IEEE developed and maintains the standards for local and
metropolitan area networks with the IEEE 802 LAN/MAN family of
standards.
 Wi-Fi Alliance:The Wi-Fi Alliance is an association of vendors whose
objective is to improve the interoperability of products that are based on
the 802.11 standard by certifying vendors
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
11
802.11 Topologies
 Add hoc
Wireless networks can operate without access points; this is called an ad
hoc topology.
 Basic Service Sets
Access points provide an infrastructure that adds services and improves
the range for clients.
 Extended Service Sets
When a single BSS provides insufficient RF coverage, one or more can be
joined through a common distribution system into an extended service set
(ESS)
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
12
Client and Access Point Association
 A key part of the 802.11 process is discovering a WLAN and subsequently
connecting to it. The primary components of this process are as follows:
 Beacons - Frames used by the WLAN network to advertise its
presence.
 Probes - Frames used by WLAN clients to find their networks.
 Authentication
 Association - The process for establishing the data link between an
access point and a WLAN client.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
Wireless Router
 Wireless Routers
 Wireless routers perform the role of access point, Ethernet switch, and
router.
 For example, the Linksys WRT300N used is really three devices in one
box.
 First, there is the wireless access point, which performs the typical
functions of an access point.
 A built-in four-port, full-duplex, 10/100 switch provides connectivity to
wired devices.
 Finally, the router function provides a gateway for connecting to other
network infrastructures.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Planning the WLAN
 Position access points above obstructions (barriers).
 Position access points vertically near the ceiling in the center of each
coverage area, if possible.
 Position access points in locations where users are expected to be. For
example, conference rooms are typically a better location for access
points than a hallway.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
15
Conti…
 Network requirements specify that there must be a minimum of 6 Mb/s
802.11b throughput in each BSA.
 Because there is a wireless voice over WLAN implementation overlaid on
this network.
 With access points, 6 Mbps can be achieved in open areas like those on
the map, with a coverage area of 5,000 square feet in many environments.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
17
Planning
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
18
Threats in Wireless Security
 Unauthorized Access:-A WLAN is open to anyone within range of an
access point and the appropriate credentials to associate to it. With a
wireless NIC and knowledge of cracking techniques, an attacker may not
have to physically enter the workplace to gain access to a WLAN.
 There are three major categories of threat that lead to unauthorized
access:
War drivers (scanners)
Hackers (Crackers)
Employees
 Unauthorized Access:-A rogue access point is an access point placed on
a WLAN that is used to interfere with normal network operation.
 Man-in-the-Middle Attacks: Denial of Service:-A rogue access point is an access point placed on a
WLAN that is used to interfere with normal network operation.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Wireless Threats
 Man-in-the-middle and DoS
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
20
Wireless Security Protocols
 Two types of authentication were introduced with the original 802.11
standard: open and shared WEP key authentication.
 While open authentication is really "no authentication," (a client requests
authentication and the access point grants it)
 WEP authentication was supposed to provide privacy to a link, making it
like a cable connecting a PC to an Ethernet wall-jack.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
21
Basic Wireless LAN Security
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
22
Conti…
 Encrytpion:-Two enterprise-level encryption mechanisms specified by
802.11i are certified as WPA and WPA2 by the Wi-Fi Alliance:
Temporal Key Integrity Protocol (TKIP) :-TKIP has two primary functions:
It encrypts the Layer 2 payload
It carries out a message integrity check (MIC) in the encrypted packet.
This helps ensure against a message being tampered with.
 Advanced Encryption Standard (AES):-
AES has the same functions as TKIP, but it uses additional data from the
MAC header that allows destination hosts to recognize if the nonencrypted bits have been tampered with.
It also adds a sequence number to the encrypted data header.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
Controlling Access to the Wireless LAN
 SSID cloaking - Disable SSID broadcasts from access points
 MAC address filtering - Tables are manually constructed on the access
point to allow or disallow clients based on their physical hardware address
 WLAN security implementation - WPA or WPA2
 Note: Neither SSID cloaking nor MAC address filtering are considered a valid
means of securing a WLAN for the following reasons:
 MAC addresses are easily spoofed.
 SSIDs are easily discovered even if access points do not broadcast them.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
24
Configuring the Wireless Access Point
 Step 1: Verify local wired operation—DHCP and Internet access
 Step 2: Install the access point
 Step 3: Configure the access point—SSID
 Step 4: Install one wireless client Step 5: Verify wireless network operation
 Step 6: Configure wireless security—WPA2 with PSK
 Step 7: Verify wireless network operation
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
AP Configuration
 For a basic network setup
 Setup - Enter your basic network settings (IP address).
 Management - Click the Administration tab and then select the
Management screen.
 The default password is admin.
 To secure the access point, change the password from its default.
 Wireless - Change the default SSID in the Basic Wireless Settings tab.
 Select the level of security in the Wireless Security tab and complete the
options for the selected security mode.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
26
Configure and Verify Basic Wireless LAN
Access
 Configure a wireless access point
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
27
Conti…
 To configure security, do the following:
 Security Mode
 Encryption
 Pre-shared Key
 Key Renewal
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
28
Configuring Wireless NIC
 Step 1. On the Microsoft Windows XP toolbar system tray, find the network
connection icon
 Step 2. Click the View Wireless Networks button in the dialog box.
 Step 3. Observe the wireless networks that your wireless NIC has been
able to detect.
 Note:-If you have a WLAN that is not showing up on the list of networks,
you may have disabled SSID broadcast on the access point. If this is the
case, you must enter the SSID manually.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Conti…
 Select the Wireless Security Protocol
 Step 1. Double-click the network connections icon in the Microsoft
Windows XP system tray.
 Step 2. Click the Properties button in the Wireless Network Connections
Status dialog box.
 Step 3. In the Properties dialog box, click the Wireless Networks tab.
 Step 4. In the Wireless Networks tab, click the Add button. Also, you can
save multiple wireless profiles with different security parameters allowing
you to quickly connect to the WLANs you may use regularly.
 Step 5. In the Wireless Network Properties dialog box, enter the SSID of
the WLAN you wish to configure.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
30
Conti…
 Step 6. In the Wireless network key box, select your preferred
authentication method from the Network Authentication drop-down menu.
WPA2 and PSK2 are preferred because of their strength.
 Step 7. Select the Data encryption method from the drop-down menu.
Recall that AES is a stronger cipher than TKIP, but you should match the
configuration from your access point here on your PC.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
31
A Systematic Approach to WLAN
Troubleshooting
 A Systematic Approach to WLAN Troubleshooting
 Step 2 - Confirm the physical status of devices.
 Step 2 - Confirm the physical status of devices.
If the PC of the user is operational but is performing poorly, check the
following:
 How far is the PC from an access point
 Check for the presence of other devices in the area that operate on the
2.4 GHz band.
 Examples of other devices are cordless phones, baby monitors,
 microwave ovens, wireless security systems, and potentially rogue
access points.
 Note:-You may try to install new radio drivers and firmware
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Firmware Upgrade
 Step 1. Download the firmware from the web. For a Linksys WTR300N, go
to http://www.linksys.com.
 Click the Select Firmware to Install button in the figure.
 Step 2. Extract the firmware file on your computer.
 Step 3. Open the web-based utility, and click the Administration tab.
 Step 4. Select the Firmware Upgrade tab.
 Step 5. Enter the location of the firmware file, or click the Browse button to
find the file.
 Click the Run Firmware Upgrade button in the figure.
 Step 6. Click the Start to Upgrade button and follow the instructions.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
33
Site Survey
 Manual and Utility assisted.
Example of Utility based is Airmagnet
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
34
Additional Details about AP
 Some additional specific details concerning access point and antenna
placement are as follows
 Ensure that access points are not mounted closer than 7.9 inches (20 cm)
from the body of all persons.
 Do not mount the access point within 3 feet (91.4 cm) of metal
obstructions.
 Install the access point away from microwave ovens. Microwave ovens
operate on the same frequency as the access point and can cause signal
interference.
 Always mount the access point vertically (standing up or hanging down).
 Do not mount the access point outside of buildings.
 Do not mount the access point on building perimeter walls, unless outside
coverage is desired.
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
35
Summary
 Wireless LANs use standards such as
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
 Basic Service set
–Mobile clients use a single access point for connectivity
 Extended service set
–Multiple access point that share an SSID
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
36
Summary
 WLAN security practices/methods include
–MAC address filtering
–SSID making
–Implementing WPA2
 Configuration of wireless NIC and access point
–Configure both of them the same way
•SSID
–Ensure that the latest firmware is installed
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
37
ITE 1 Chapter 6
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Public
38