25 - Terms - Wireless Fundamentals
Ad Hoc network: device actions
1st station defines the radio parameters and group name 2nd station only needs to detect the group name and adjust its radio parameters to match
IEEE 802.11: MAC frame format (9 fields)
2 bytes - Frame Control (FC) 2 bytes - Duration (DUR) 6 bytes - Address 1 (ADD1) 6 bytes - Address 2 (ADD2) 6 bytes - Address 3 (ADD3) 2 bytes - Sequence (SEQ) 6 bytes - Address 4 (ADD4) x bytes - Data 4 bytes - Frame Check Sequence (FCS)
WiFi Channels: 2.4Ghz vs. 5GHz
2.4GHz Pros: better range and propagation through obstacles 2.4GHz Cons: significant interference due to crowded spectrum, limited # of non-overlapping channels
IEEE 802.11: how many address fields can be expected in a frame sent from a wireless station to a wired host?
3 address fields (ADD1, ADD2, ADD3) contain the source, destination, and BSSID ADD4 is only present for frames passing from one AP to another
IEEE 802.11: how many address fields can be expected in a frame sent from an AP to another AP?
4 address fields (ADD1, ADD2, ADD3, ADD4) ADD4 is only present for frames passing from one AP to another (not between clients)
WiFi Channels: 5GHz band range
5 GHz Unlicensed National Info Infrastructure (UNII) band is subdivided UNII-1 = 5.15 - 5.25 UNII-2 = 5.25 - 5.35 UNII-2 Extended = 5.47 - 5.725 UNII-3 = 5.725 - 5.825 (ISM) 20 MHz channel section spacing Capable of channel bonding
WLC: max # of WLAN configs supported
512 WLAN configs only 16 can be active at a time
WiFi Channels: 2.4GHz Standards
802.11 (1-2 Mbps) 802.11b (1-11 Mbps) 802.11g (1-54 Mbps) 802.11n (<600 Mbps) - also for 5GHz
WLC: 6 functions of MAC
802.11 authentication 802.11 association and reassociation (roaming) 802.11 frame translation and bridging to non-801.11 networks, such as 802.3 Radio frequency (RF) management Security management QoS management
WiFi Channels: 5GHz Standards
802.11a (6-54 Mbps) 802.ac (<3500 Mbps) 802.11n (<600Mbps) - also for 2.4GHz
Access Points: Embedded
AP connected to a Cisco WLC that is embedded within a switch stack
Access Points: cloud-based
AP connected to a Cisco WLC that is housed in a cloud-based system Managed through cloud-based dashboard ex. Cisco Meraki Cloud
Access Points: Layer 2 addressing
AP's can address and direct WiFi traffic based on MAC addresses Uses the specific Layer 2 addressing scheme of the wireless frames to forward the upper-layer info to the network backbone or back to the wireless space toward another wireless client
Access Points: SSID's
AP's must share the same network name (SSID) to allow roaming configured on both AP and the client stations that wish to join with this AP AP associates a MAC address to the SSID
WLC: which interface controls Layer 3 comm between a lightweight AP and WLC
AP-manager interface
IEEE 802.11: Ad Hoc management frame
ATIM - Announcement Traffic Indication Message
3 wireless topologies
WPAN - Wireless Personal Area Network WLAN - Wireless Local Area Network WMAN - Wireless Metro Area Network
WiFi Direct: WiFi Protected Setup (WPS)
makes it easy to set up a connection and enable security protections
WLC: 4 types of static interfaces
management AP-manager virtual service port can also have up to 512 dynamic interfaces
Access Points: beacon
management frame that advertises all the non-hidden SSID's also contains timestamp, authentication info, data transfer speed, vendor-specific info can be disabled to hide a wireless network tools, like NetStumbler, can be used to identify networks even if beacon frames are disabled
Access Points: de-authentications
management frames send by either clients or AP's to terminate the connection
Access Points: probe requests
management frames sent by clients to request network info from any AP in the transmission range probe response is sent back after the AP processes the request to provide info about the wireless network
WLC: which interface is used for Layer 2 LWAPP communications between a lightweight AP and WLC?
management interface
WLC: 3 types of WLANs that can be created using WLC GUI
normal WLAN guest WLAN remote WLAN (for wired ports on the WLC)
Ad Hoc Network: Independent Basic Service Set (IBSS)
A basic unit of organization in wireless networks formed by two or more wireless nodes communicating in ad hoc mode. Contains a limited # of devices because of collision and organization issues
Wireless LAN controller (WLC)
A device that cooperates with wireless lightweight access points (LWAP) to create a wireless LAN by performing some control functions for each LWAP and forwarding data between each LWAP and the wired LAN.
Service Set Identifiers (SSID)
A network name that wireless routers & AP's use to identify themselves. SSID's have as many as 32 American Standard Code for Information Interchange (ASCII) characters SSID may require authorization to determine which station has the right to connect WLAN is often used to define both the SSID and the associate parameters (VLAN, security, QoS, etc.)
Mesh Network
A network that uses multiple connections between network devices.
Cisco Identity Services Engine (Cisco ISE)
AAA Server that uses role-based access control policies
Access Points: SSID MAC addresses
AP associates a MAC address to the SSID Because each AP has a different radio MAC address, the derived MAC address is different on each AP for the same SSID name This config allows a station that stays in the overlapping area to hear one SSID name and still understand that the SSID is offered by 2 AP's The MAC address, usually derived from the radio MAC address, associated with an SSID is the BSSID
AP and WLC: Command Line Interface (CLI)
Accomplished via the console port and CLI, or via the web interface Available via Telnet (unsecured), SSH (secured), or the console port 9600 baud 8 data bits 1 stop bit no parity and no hardware flow control Cisco WLC does not have a default config, so a setup wizard must be run PC softwares to communicate include any communications software (i.e. HyperTerminal, PuTTY, etc.)
Encryption option for WPA2
Advanced Standard Encryption (AES) Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Encryption options for WPA3
Advanced Standard Encryption (AES) Galois/Counter Mode Protocol (GCMP)
CAPWAP: tunnel
After the AP discovers the WLC, a CAPWAP tunnel is formed between the WLC and AP Once an AP joins a WLC, the AP's will download any new software or config changes This CAPWAP tunnel can be on IPv4 or IPv6, and only supports Layer 3 WLC discovery
"Stations"
All wireless-capable devices = stations
Access Points: DNS
An AP can use DNS during the boot process as a mechanism to discover WLCs that it can join CISCO-CAPWAP-CONTROLLER-localdomain The localdomain entry represents the domain name that is passed to the AP in DHCP Option 15
Access Points: Workgroup Bridge (WGB)
An AP that is configured to bridge between a wired device and a wireless network. The WGB acts as a wireless client and provides a wireless connection to devices connected to its Ethernet port natural way to provide access to the network, but devices might only have an Ethernet connection, not a slot for a WiFi card
Access Points: Lightweight Access Points (LWAP) (aka "Split MAC")
An access point that does not contain the management and configuration functions that are found in autonomous access points. AP manages real-time MAC functionality WLC manages items that are not time-sensitive Centralized tunneling of user traffic to the WLC (data and control planes) System-wide coordination for wireless channel and power assignment, rogue AP detection, security attacks, interference, and roaming architecture for the Control and Provisioning of Wireless Access Points (CAPWAP) protocol defines in RFC 5415 Responsible for prioritizing packets and responding to beacon/probe requests
Multiple Basic SSID (MBSSID)
An admin can create several SSID' on the same AP (guest, internal, etc.) MBSSID's are basically virtual AP's AP's can often generate several values that allows the AP to support several SSID's in a single cell Only way to differentiate the traffic that reaches the AP
Configuration for switch connected to autonomous AP
An autonomous AP connects to a trunk port On the trunk a native (untagged) VLAN is required for management of the AP
Access Points: 4 deployment types
Autonomous Lightweight ("split MAC") Embedded Cloud-based
Access Points: co-channel interference
Better to ensure that the AP's do not work on the same frequency (channel) so that the client affects communication of both cells Problem occurs because WiFi is half duplex
SSID-to-VLAN mapping
By associating each SSID to a different VLAN, users can be grouped on the Ethernet segment the same way that they were grouped in the WLAN Groups can also be isolated from one another, in the same way that they were isolated on the WLAN
CAPWAP: messages
CAPWAP control messages are exchanged between the WLC and AP across an encrypted tunnel
Control and Provisioning of Wireless Access Points (CAPWAP)
CAPWAP is an open protocol that enables a WLC to manage a collection of wireless AP's UDP 5246 for control plane UDP 5247 for data plane CAPWAP includes the WLC discovery and join process, AP configuration and firmware push from the WLC ,and statistics gathering and wireless security enforcement
IEEE 802.11: 2 categories of data frames
CF - contention free contention-based this constitutes most wireless networks
Used to provide MIC's in WPA2
Cipher Block Chaining Message Authentication Code Protocol (CCMP) MIC = message integrity check
Digital Network Architecture (DNA) Center
Cisco DNA Center is a complete software-based network automation and assurance solution and is the dashboard for control and management of Cisco's intent-based networking system: Cisco DNA. Using the Cisco DNA network controller and APIs, Cisco DNA Center is also open and extensible
Access Points: FlexConnect mode
Cisco wireless solution for branch and remote office deployments Eliminates the need for WLC on each location Client traffic may be switched locally on the AP instead of tunneled to the WLC enables failsafe for lightweight AP if its connection to the WLC (thru CAPWAP tunnel) goes down Does not provide BSS
2 WLAN architecture devices
Clients with wireless adapter AP's
SSID: Non-broadcast / Hidden SSID security risk
Considered a security risk because the client may advertise networks that it connects to from home and/or work, which then can then be broadcasted by a hacker entice the client to join the hacker network and then exploit the client (connect to the client device or get the user to provide security credentials)
IEEE 802.11 data frames: contention-based infrastructure
DCF - Distributed Coordination Function relies on RTS and CTS to manage interference does not provide QoS
Distribution System Port
Data port that connects to a switch in IEEE 802.1q trunk mode (default) forms a trunk between WLC distribution system port and the switch to which it is connected
Access Points: Local mode
Default operational mode when connected to the Cisco WLC All user traffic is tunneled to the WLC, where VLANs are defined provides BSS
Access Points: 3 considerations for DHCP
Different subnets will be needed for each to break up broadcast domain and segment for security and routing Eliminates contention between wired and wireless clients Client VLANs can also have different subnets and DHCP servers from each other
WiFi Channels: Non-802.11 Radio Interferers
Does not send IEEE 802.11 frames, but can still cause interference for WiFi networks Examples: microwaves (~ 1000 W) wireless camera (~100 mW) fluorescent lights (AC-power switching on/off many times per second with conductive gas reflecting RF) motion detectors wireless headsets wireless game controllers
WiFi Channels: access points
Each AP operates in 1 channel Goal is that neighboring APs do not use the same channel (non-overlapping channels) Using overlapping channels could lead to: Slowing; co-channel interference (same channel) Disruptions: adjacent channel interference (nearby channel)
"Client Stations"
End devices = client stations
WiFi Channels
Every WIFI network communicates on a channel, a portion of the spectrum available. Based on IEEE 802.11 Standard and operate in the 2.4 GHz and 5 GHz spectrum Allocated for Industrial, Scientific, Medical (ISM) usage Each amendment to the standard are backward compatible with the other amendments that operate at the same frequency
2 characteristics of WMAN
Exists across buildings (>100 meters) Used for point-to-point or point-to-multipoint backbone
3 characteristics of WLAN
Exists in a building (<100 meters) Used to connect devices to backbone network IEEE 802.11 standard (WiFi networks) IEEE 802.3 standard (wired media)
3 characteristics of WPAN
Exists in a room (5-10 meters) Used to connect devices to each other Mostly Bluetooth
Access Points: 8 functions of real-time MAC
Frame exchange handshake between client and AP when connecting to a wireless network Frame exchange handshake between client and AP when transferring a frame Transmission of beacon frames, which advertise all the non-hidden SSID's Buffering and transmission of frames for clients in a power-save operation Providing real-time signal quality info to WLC with every received frame Monitoring all radio channels for noise, interference, and other WLANs Monitoring for the presence of other AP's Wireless encryption and decryption of 802.11 frames
GCMP vs. CCMP
Galois/Counter Mode Protocol (GCMP) for WPA3 is stronger than Cipher Block Chaining Message Authentication Code Protocol (CCMP) for WPA2 used to provide message integrity checks (MIC)
IEEE Standard: WPA2
IEEE 802.11i Uses AES + CCMP
Basic Service Set (BSS)
In wireless networking, a single access point servicing a given area. area within which a computer can be reach through its wireless connection
4 modes of Access Points
Local mode Bridge mode FlexConnect mode Sniffer mode
What provides AAA functionality?
Locally by a Cisco WLC Globally by a AAA server Must be IP reachability between the WLC and the AAA server, because it will need to authenticate itself and pass client credentials as well (i.e Cisco Identity Service Engine (ISE))
Extended Service Set (ESS)
Made up of two or more Basic Service Set networks when the distribution system links 2 AP's/cells Common for most WiFi networks because it allows WiFi stations in 2 separate areas of the network (and with proper design, permits roaming) Modern networks often use Cisco WLC's that contain parameters of all the AP's and the credentials of connected users
3 types of VLAN's required for WLAN
Management AP Data
Access Points: Mesh
Mesh APs connect to the network using wireless. Using 1 radio, each mesh AP can provide wireless coverage for client devices within its area, while backhauling traffic through the 2nd radio 1 AP radio is used to serve clients 1 AP radio is used to backhaul traffic Usually, network access to users is delivered over the 2.4 GHz frequency and the 5 GHz band is used to backhaul traffic
WiFi Direct: 3 types of services
Miracast connections - allow a device to display photos, files, and videos on an external monitor Digital Living Network Alliance (DLNA) - allow devices to stream music and video between each other Print - allows users to print directly from a smartphone, tablet, or personal computer
WLC: Authentication, Authorization, Accounting (AAA)
Most secure way for users to authenticate is for each user to have its own identity, which can be achieved using IEEE 802.1X authentication With IEEE 802.1X, an AAA server defines conditions by which access to the network is granted or refused Conditions can range from group membership, to the VLAN origin, to the time of day An AAA server does not need to contain all the info, rather it can point to an external resource i.e. matched against Active Directory (in group membership)
WLC: Layer 3 security settings for WLAN
None VPN Passthrough IPsec
WLC: Layer 2 security setting options
None WPA + WPA2 802.1X = uses Extensible Authentication Protocol (EAP) and WEP Static WEP Static WEP + 802.1X = uses EAP and WEP CKIP = uses Cisco Key Integrity Protocol (CKIP) None + EAP Passthrough = uses EAP
WLC: Layer 3 security settings for guest LAN
None Web authentication = user/pass required Web Passthrough = no user/pass required
WLAN VLANs: Inter-VLAN Routing
On the switch, the VLANs must first be created to support the VLAN management, APs, and wireless clients: Layer 3 switch or router will be needed to perform inter-VLAN routing Layer 3 mode is the dominant mode today, where the AP's interfaces are on a different subnet than the WLC management interface
IEEE 802.11 data frames: CF infrastructure
PCF - Point Coordination Function to control access to the medium provides QoS thru APs
WLC: Layer 2 authentication key management options (for WPA2)
PSK = uses hex format 802.1X = uses port-based access control (WEP key) CCKM = uses roaming without WLC intervention 802.1X + CCKM = uses port-based & roaming
Access Points (AP)
Primary function is to bridge 802.11 WLAN traffic to 802.3 Ethernet traffic Creates Basic Service Area (BSA) or "wireless cell" Can be standalone (autonomous) or centralized Centralized AP's are managed by a Cisco WLC
Encryption option for WEP
RC4 = stream cipher encryption algorithm 128 bits key length Less secure than AES used for WPA2 & WPA3
IEEE 802.11: 4 types of control frames
RTS - ready to send CTS - clear to send ACK - acknowledgement PS - power save
WiFi Channels: 2.4GHz band range
Range = 2.4 - 2.4835 (ISM) Available channels in the: US = 11 Europe = 13 Japan = 14 Require 5 MHz of separation from each other 22 MHz wide channels Results in only 4 non-overlapping channels (1, 6, 11, 14) 14 can only be used in 802.11b networks (Japan) 802.11n allow 40 MHz channels, but is only feasible in residential deployments
Access Points: Roaming
Roaming occurs when a station moves - leaving the coverage area of one AP and arriving at the BSA of another AP Station should detect the signal of the 2nd AP and jump to it before losing signal of the 1st AP Designer must ensure overlapping BSA's by 10-15%
SSID: Advertised (Broadcasted)
SSID's are advertised in WiFi packets that are sent from the client, and SSID's are advertised in WiFi responses that are sent by the AP's Readily available and visible to devices
WLC: 4 steps to configure WLAN using WLC GUI
Select WLAN type Set Profile Name Set SSID Set VLAN ID
WLC: management in small/mid-size and large business
Small-midsize business may use HTTPS access and manage their Csico WLCs directly through the GUI Larger business may use SNMP to view the status of the Cisco WLC, or to control it from a remote management station (i.e. one management station is Cisco Digital Network Architecture (DNA) Center)
SSID: Non-broadcast / Hidden SSID
Still detectable by sending a WiFi packet with the SSID from the device to the SSID it wishes to connect to
Used to provide MIC's in WPA
Temporal Key Integrity Protocol (TKIP) MIC = message integrity check
Access Points: 4 steps for DNS discovery option
The AP requests its IPv4 address from DHCP and includes Options 6 + 15 configured to get DNS info The IPv4 address of the DNS server is provided by the DHCP server from the DHCP Option 6 The AP will use this info to perform a hostname lookup using CISCO-CAPWAP-CONTROLLER.localdomain The AP will then be able to associate to responsive WLCs by sending packets to the provided address
Access Points: NTP
The WLC and AP should synchronize their time using NTP When an AP is joining a Cisco WLC, the WLC verifies the AP embedded certificate If the date and time that are configured on the WLC precede the creation and installation date of certificates on the AP, the AP fails to join the WLC
Configuration for switch connected to WLC
The WLC-based AP in local mode usually connects to an access port (non-trunking) The access VLAN is used for traffic to and from the WLC In a typical config, no traffic from or to a wireless client can transit directly through the AP without going to the WLC
Access Points: Basic Service Area (BSA)
The coverage area an access point provides in a wireless network. Provides the BSS (not IBSS since an AP is a dedicated device)
Switch Configurations with WLCs and APs
The switch interfaces must be configured appropriately and the switch must be configured with the appropriate VLAN's The config differs on interfaces depending on if the deployment is centralized (using a WLC) or autonomous (without a WLC) Standalone AP = trunk port Centralized AP = access port WLC = trunk port
3 similarities of WLAN &. LAN Infrastructure Design
There are DHCP servers, DNS servers, and management protocols like SNMP Provisioning services may be different, depending on whether the deployment is centralized or distributed Protocols that are used for management and operations must not be blocked by firewalls or security devices
WiFi Channels: Channel Bonding
Two channels that do not overlap are used together in an effort to double the physical data rate. (40 MHz, 80 MHz, 160 MHz, etc.)
Access Points: 2 ways to implement DHCP
Use an internal DHCP server on the Cisco WLC (DHCP Option 43 is not supported on the WLC internal server, so AP must use DNS or local subnet broadcast) Using a switch or router as a DHCP server Internal DHCP on the WLC has some limitations, so using an external DHCP server (a switch or router) is the preferred solution (Ex. not having support for DHCP Option 43)
Ad Hoc network
Used among a small group of hosts: When wireless-capable devices are in range of each other, they need only share a common set of basic parameters (frequency, etc.) to communicate
Access Points: DHCP Option 43
Used to identify the vendor type and config of a DHCP client for mapping between AP and WLC Can be used to include the IP address of the Cisco WLC interface that the AP is attached to DHCPv6 Option 52 can be used for the same purpose (IPv6 only)
WLAN VLANs: Management
VLAN(s) are needed to map the client SSID to the WLC to support wireless clients For WLC management interface configured on the WLC APs that register to the WLC can use the same VLAN as the WLC management VLAN, or they can use a separate VLAN The AP's can use this VLAN to obtain IP addresses through DHCP and send their discover request to the WLC management interface using those IP addresses
SSID-to-VLAN mapping: WLC configuration
When configuring the Cisco WLC, the admin associates each SSID to a VLAN ID As a result, the Cisco WLC changes the 802.11 header into an 802.3 header, and adds the VLAN ID that is associated with the SSID. The frame is then sent on the wired trunk link with that VLAN ID
WiFi Direct
WiFi Direct is a way of allowing two devices to easily transfer data without the use of a router. Does not operate in IBSS mode Example of WPAN Operates as an extension to the infrastructure mode of operation Device can maintain a P2P connection to another device inside an infrastructure network (impossible in ad hoc mode)
"Infrastructure Devices"
access points = infrastructure devices
WLC: enabling LAG
all distribution system ports are bundled (up to 8 ports) by default
Access Points: sniffer mode
allows lightweight AP to capture wireless traffic and sends to analyzer Does not provide BSS
WLC: disallowed names of SSIDs using WLC GUI
cannot use reserved keywords, such as 's' (short for 'shutdown')
Wireless Domain Service (WDS)
component of Cisco autonomous WLAN solutions installed on APs to enable interaction with a Cisco WLSE
Access Points: 2 best practices when expanding an existing 802.11 wireless network?
configure each AP with the same SSID configure each AP with a unique, non-overlapping channel
Access Points: bridge mode
enables lightweight AP to act as dedicated connection between 2 networks collection of APs can be used to form a mesh network Does not provide BSS
Access Points: association requests
frame send from a client to the AP to request access step comes after the client has been authenticated association response is sent back after the AP processes the request
Access Points: Autonomous
function as a standalone element, without a Cisco WLC since there is no WLC, the AP supports all functionalities
Wireless Duplex
half duplex Only 1 device can communicate at a given time, sending its frame to the AP, which then relays the frame to its final destination
Basic Service Set Identifier (BSSID)
identifies the BSS that is determined by the AP coverage area Because of this, AP's can often generate several values that allows the AP to support several SSID's in a single cell (MBSSID - Multiple Basic SSID) An admin can create several SSID' on the same AP (guest, internal, etc.) MBSSID's are basically virtual AP's
WLC: which interface is used to recover the WLC if it fails?
service port
Cisco Wireless LAN Solution Engine (WLSE)
simplifies management and deployment of wireless access points (WAP) in a Cisco autonomous WLAN solution Provides dynamic RF management, network security, intrusion detection, self-healing capabilities, and monitoring/reporting services
WLC: service port interface
static physical interface used to recover the WLC in case of failure only interface available when booting
WLC: management interface
static used for Layer 2 Lightweight Access Point Protocol (LWAPP) communications between the controller and lightweight APs used to communicate with other WLCs on the network
WLC: 2 types of interfaces
static (4 interfaces dynamic (up to 512 interfaces)
Access Points: FlexConnect ACL's
supported on the native VLAN configured on lightweight AP's applied per AP and per VLAN, not per interface Cannot have per-rule direction. Configured as entire set of rules for ingress or egress support implicit deny
Cisco Wireless Services Module (WiSM)
used on Cisco Unified Wireless Networks and are not part of WLAN solutions
WLC: dynamic interfaces
user-defined typically used for client data up to 512 interfaces functions similarly to VLANs to segment traffic not necessary for other WLCs to reach it, since the management interface will handle that function
WLC: which interface is used to support roaming and client IP's?
virtual interface
