Section 15: Wireless Networking

802.11n

Frequency: 2.4GHz Spectrum: OFDM (QAM) Speed: 100+ Mbps Range: ~300' Backward Compatibility: 802.11b/g Legacy mode: Only non 802.11n devices connected. Mixed mode: Also called high-throughput or 802.11a-ht/802.11g-ht. The WAP sends special packets that support the older standards yet also can improve the speed of those standards via 802.11n's wider bandwidth. Greenfield mode: Only 802.11n devices connected.

Troubleshooting Wi-FI: Signal/Power Levels

If your WAP lacks enough signal power you have five choices: get closer to the WAP, avoid physical issues (concrete walls, studs, etc), turn up the power, use a better antenna, or upgrade to a newer 802.11 version.

Lightweight Access Point Protocol (LWAPP)

Protocol used in wireless networks that enables interoperability between thin and thick clients and WAPS

Omnidirectional Antenna

Radiates the signal outward from the WAP in all directions. The standard straight-wire antennas that provide the most omnidirectional function are called Dipole Antennas. Can replace antenna on WAP to increase gain up to 11.

Infrastructure mode

A wireless configuration that uses one or more WAPs to connect wireless workstations to the cable backbone. Similar to a star topology of a wired network. This creates a wireless local area network (WLAN)

802.11i

A wireless standard that added security features.

Patch Antenna

Flat, plate-shaped antennas that generate a half-sphere beam. Patch antennas are always placed on walls. The half-sphere is is perfect for indoor offices where you want to fill the room with a strong signal but not broadcast to the room behind the patch.

802.11-1997

Frequency: 2.4 GHz Spectrum: DSSS Speed: 2 Mbps Range: ~300' Compatibility: 802.11

802.11g

Frequency: 2.4 GHz Spectrum: OFDM Speed: 54 Mbps Range: ~300' Backward Compatibility: 802.11b Native mode: Only 802.11g devices connected. 54 Mbps. Mixed mode: 802.11b device connected. 11 Mbps

Thin client

A WAP that can only be configured by a wireless controller

VLAN Pooling

A feature on wireless controllers that groups multiple VLANs into a single VLAN group, or pool, and then dynamically assigns wireless clients to each successive VLAN in the pool.

Transmit Beamforming

A multiple-antenna technology in 802.11n WAPs that helps get rid of dead spots.

Service Set Identifier (SSID)

A network name that wireless routers use to identify themselves. The network name is a 32-bit identification string that's inserted into the header of each frame processed by a WAP. Every Wi-Fi device must share the same SSID to communicate in a single network. By default, a WAP advertises its existance by sending out a continuous SSID broadcast. It's the SSID broadcast that lets you see the wireless networks that are available on your wireless device.

802.1X

A port-based authentication network access control mechanism for networks. In other words, it's a complete authentication standard designed to force devices to go through a full AAA process to get anywhere past the interface on a gateway system. Can be used for Wired and Wireless networks but only wireless networking broadly adopted 802.1X.

Extended Service Set (ESS)

A single wireless access point servicing a given area that has been extended by adding more access points.

Orthogonal Frequency Division Multiplexing (OFDM)

A spread-spectrum broadcasting method that combines the multiple frequencies of DSSS with FHSS's hopping capability.

Wi-Fi Protected Setup (WPS)

A standard included on many WAPs and clients to make secure connections easier to configure. Popular with non-PC devices such as printers, scanners and speakers. Push Button mode: Press button on one device and then press button on other. Now connected through an encrypted connection. PIN method. Press button on WAP. Locate the SSID on your device and then enter an eight digit PIN number. WPS is not considered a secure connection.

Unidirectional Antenna

A type of antenna that issues wireless signals along a single direction, or path. Also called a directional antenna.

WPA2-Enterprise

An authentication scheme for Wi-Fi networks that combines WPA2 with RADIUS.

Thick client

Any WAP that you can access directly and configure singularly via its own interface

Wireless analyzer (Wi-Fi analyzer)

Any device that looks for and documents all existing wireless networks in the area.

Troubleshooting Wi-FI: Physical Issues

Any physical item placed on or near the straight-line path between a WAP and a wireless client can cause problems with a wireless signal. Absorption: Non-metallic building materials such as brick, sheetrock and wood absorb radio signals Relfection: Metallic materials like pipes, radiators, metals doors and windows frames will reflect (or bounce) radio waves. Refraction: Glass is notorious for bending radio waves as the waves pass through them. The result of these physical problems is attenuation, the progressive loss of radio signal strength as the radio waves passes through different mediums.

Spread-spectrum Radio Waves

Broadcasts data in small, discrete chunks over the different frequencies available with a certain frequency range.

Wireless Controller

Central controlling device for thin client WAPs.

Troubleshooting Wi-FI: Channel Problems

Channel Overlap: where 2.4 GHz channels overlap with their nearest channel neighbors. For example, channel 3 overlaps with channels 1, 2, 4, and 5. Always try to stick to channels 1, 6 and 11 only. Frequency mismatch: where you set the SSID information correctly but a device is using a different channel than the WAP. Automatic channel selection is the norm now so this issue is rare.

Setting up an Ad Hoc Network

Configuring NICS for ad hoc mode networking requires you to address four things: SSID, IP addresses, channel and sharing.

Ad hoc mode

Decentralized wireless network mode, otherwise known as peer-to-peer mode, where each wireless node is in meshed contact with every other node.

Basic Service Set Identifier (BSSID)

Defines the most basic infrastructure mode network. The BSSID is the same as the MAC address for the WAP.

War Driving

Deliberately searching for Wi-Fi signals while driving by in a vehicle

Wi-Fi Protected Access (WPA)

Designed to address the problems with WEP and to provide proper authentication. Works by providing an extra layer of security, called the Temporal Key Integrity Protocol (TKIP), around the WEP encryption scheme.

Extensible Authentication Protocol (EAP)

Developed to create a single standard to allow two devices to authenticate. Not a protocol in a classic sense, but rather it is a PPP wrapper that EAP-compliant applications can use to accept one of many types of authentication. EAP-PSK: Preshared Key Most popular form of authentication used in wireless. Nothing more than a shared secret code that's stored on both the wireless access point and the wireless client. EAP-TLS: EAP with Transport Layer Security defines the use of a RADIUS server as well as mutual authentication, requiring certificates on both the server and every client. EAP-TTLS: Similar to EAP-TLS but only uses a single server-side certificate. EAP-MS-CHAPv2: More commonly known as Protected EAP (PEAP). Uses a password function based on MS-CHAPv2 with the addition of an encrypted TLS tunnel. Most common implementation of EAP. EAP-MD5: Only uses MD5 hashes for transfer of authentication credentials. Least used version of EAP. LEAP: Lightweight EAP used almost exclusively by Cisco wireless products. Combination of MS-CHAP authentication between a wireless client and a RADIUS server EAT-FAST: EAP Flexible Authentication via Secure Tunneling is Cisco's replacement for LEAP.

Troubleshooting Wi-FI: Overworked WAPs

Device saturation: Attaching too many devices to a single SSID Jitter: the loss of packets due to an overworked WAP. Shows up as choppy conversations over a video call, jumps in an online game - pretty much anything that feels like the network has missed some data. Latency is when data stops moving for a moment due to a WAP unable to do the work.

Troubleshooting Wi-FI: Security Type Mismatch

Either you've connected manually to a wireless network and have set up the incorrect encryption type (rare), or you've automatically accessed a particular SSID and entered the wrong passphrase. Symptoms: not on network, continual prompting for password, APIPA/zeroconf address Solution: Enter the correct password

Encryption

Electronically scrambles data packets and locks them with an encryption key before transmitting them onto the wireless network.

Beacon

Essentially a timing frame sent from the WAP at regular intervals. The beacon frame enables Wi-FI networks to function. These makeup a major percentage of network traffic because most WAPs have beacons set to go off every 100 ms.

Troubleshooting Wi-FI: Slow Connection

In general you can trace the cause of this slowness to one of three issues: either you have too many devices overworking your WAPs; there are physical problems with signals going between you WAP and your clients: or there is too much RFI on the network.

Enterprise WAP vs SOHO WAP

In general, an enterprise wireless device differs from a SOHO device in five areas: robust device construction, centralized management, VLAN pooling, Power over Ethernet, and bringing personal wireless devices into the enterprise environment.

Channels

In the US, a WAP using the 2.4-GHz band may only use channels 1 thru 11. WAPs use channels 1, 6, or 11 by default to avoid overlap The 5.0-GHz band offers around 40 different channels in the spectrum. 802.11 uses automatic channel switching, so from a setup standpoint we don't worry about channels here.

Basic Service Set (BSS)

In wireless networking, a single access point servicing a given area.

Captive Portal

Many public facilities like airports or Starbucks employ a captive portal to control access to their public Wi-Fi networks. A web browser that insists you follow the terms of service (acceptable use policy).

MAC address filtering

Method of limiting wireless network access based on the physical, hard-wired address of the wireless NIC of a computing device.

multiple-in/multiple-out (MIMO) technology

Multiple transmitters and receivers allow sending and receiving greater amounts of data than traditional networking devices.

802.11ac

Natural expansion of the 802.11n standard Frequency: 5 GHz Spectrum: OFDM (QAM) Speed: Up to 1 Gbps Range: ~300' Backward Compatibility: 802.11a

Radio Frequency Interference

Non-Wi-Fi sources: Lighting and low-power RF devices like Bluetooth, wireless phones and microwaves. 802.11-based interference: Other WAPs generating signals the interfere with ours.

CCMP-AES

Replaced TKIP-RC4 in 802.11. A much more robust 128-bit block cipher that's much tougher to crack.

Frequency Hopping Spread Spectrum (FHSS)

Sends data on one frequency at a time, constantly changing (or hopping) frequencies.

Direct Sequence Spread Spectrum (DSSS)

Sends data out on different frequencies at the same time

Wireless Channel Utilization

Software tools that give you metrics and report about nearby devices and which one is connected to which WAP. These tools enable you to discover overworked WAPs, satruated areas and so on.

802.11a

Superior to 802.11b, but never enjoyed the same level of popularity Frequency: 5.0 GHz Spectrum: OFDM Speed: 54 Mbps Range: ~150' Backward Compatibility: n/a

802.11

The IEEE standard for wireless networking.

WPA2

The current top security standard used on 802.11 networks. WPA2 is not hack-proof, but it definitely offers a much tougher encryption standard that stops the casual hacker cold.

802.11b

The first widely adopted Wi-Fi standard Frequency: 2.4 GHz Spectrum: DSSS Speed: 11 Mbps Range ~300' Backward compatibility: n/a

Broadcasting Frequency

The original 802.11 standards use either 2.4-GHz or 5.0-GHz radio frequencies.

Wireless Range

The ranges that are advertised are theoretical maximum ranges. In the real world, you'll achieve these ranges only under the most ideal circumstances. Cut the manufacturers listed range in half.

Gain

The ratio of signal increase is measured in decibels (dB). The gain from a typical WAP is 2 dB.

Site Survey

Will reveal any obstacles to creating the wireless network and will help determine the best possible location for your access points.

Enterprise WAP: Robust Device Construction

Typically made of metal instead of plastic. More configurable. Most enterprise WAPs enable you to swap out antennas and radios.

Wireless Bridge

Used to connect two wired networks together, or to join wireless and wired networks together in the same way that wired switches do.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)

Uses Distributed Coordination Function (DCF) method for collision avoidance. If a wireless network node detect that the network is busy, DCF defines a backoff period on top of the normal wait period before a node can try to access the network again. DCF also requires that receiving nodes send an acknowledgement (ACK) for every frame that they process.

Wired Equivalent Privacy (WEP)

Uses a 64- or 128-bit encryption algorithm to scramble data frames. Easily hacked and not usually an option in modern WAPs.

Power over Ethernet (PoE)

WAPs that are able to receive their power from the same Ethernet cables that transfer their data.

Roaming

With multiple WAPs in an ESS, clients will connect to whichever WAP has the strongest signal. As clients move through the space covered by the broadcast area, they will change WAP connections seamlessly

Wireless Access Point (WAP)

a device designed to interconnect wireless network nodes with wired networks

Heat Map

a graphical representation of the RF sources on the site (uses different colors to represent intensity of signal)