An understanding of the regulations and standards that apply to wireless technology will ensure that deployed networks will be interoperable and in compliance. Just as in cabled networks, IEEE is the prime issuer of standards for wireless networks. The standards have been created within the framework of the regulations created by the Federal Communications Commission (FCC).
A key technology contained within the 802.11 standard is Direct Sequence Spread Spectrum (DSSS). DSSS applies to wireless devices operating within a 1 to 2 Mbps range. A DSSS system may operate at up to 11 Mbps but will not be considered compliant above 2 Mbps. The next standard approved was 802.11b, which increased transmission capabilities to 11 Mbps. Even though DSSS WLANs were able to interoperate with the Frequency Hopping Spread Spectrum (FHSS) WLANs, problems developed prompting design changes by the manufacturers. In this case, IEEE’s task was simply to create a standard that matched the manufacturer’s solution.
802.11b may also be called Wi-Fi™ or high-speed wireless and refers to DSSS systems that operate at 1, 2, 5.5 and 11 Mbps. All 802.11b systems are backward compliant in that they also support 802.11 for 1 and 2 Mbps data rates for DSSS only. This backward compatibility is extremely important as it allows upgrading of the wireless network without replacing the NICs or access points.
802.11b devices achieve the higher data throughput rate by using a different coding technique from 802.11, allowing for a greater amount of data to be transferred in the same time frame. The majority of 802.11b devices still fail to match the 11 Mbps throughput and generally function in the 2 to 4 Mbps range.
802.11a covers WLAN devices operating in the 5 GHZ transmission band. Using the 5 GHZ range disallows interoperability of 802.11b devices as they operate within 2.4 GHZ. 802.11a is capable of supplying data throughput of 54 Mbps and with proprietary technology known as "rate doubling" has achieved 108 Mbps. In production networks, a more standard rating is 20-26 Mbps.
802.11g provides the same throughout as 802.11a but with backwards compatibility for 802.11b devices using Othogonal Frequency Division Multiplexing (OFDM) modulation technology. Cisco has developed an access point that permits 802.11b and 802.11a devices to coexist on the same WLAN. The access point supplies ‘gateway’ services allowing these otherwise incompatible devices to communicate.
Wireless devices and topologies
A wireless network may consist of as few as two devices. The nodes could simply be desktop workstations or notebook computers. Equipped with wireless NICs, an ‘ad hoc’ network could be established which compares to a peer-to-peer wired network. Both devices act as servers and clients in this environment. Although it does provide connectivity, security is at a minimum along with throughput. Another problem with this type of network is compatibility. Many times NICs from different manufacturers are not compatible.
To solve the problem of compatibility, an access point (AP) is commonly installed to act as a central hub for the WLAN "infrastructure mode". The AP is hard wired to the cabled LAN to provide Internet access and connectivity to the wired network. APs are equipped with antennae and provide wireless connectivity over a specified area referred to as a cell. Depending on the structural composition of the location in which the AP is installed and the size and gain of the antennae, the size of the cell could greatly vary. Most commonly, the range will be from 91.44 to 152.4 meters (300 to 500 feet). To service larger areas, multiple access points may be installed with a degree of overlap. The overlap permits "roaming" between cells. This is very similar to the services provided by cellular phone companies. Overlap, on multiple AP networks, is critical to allow for movement of devices within the WLAN. Although not addressed in the IEEE standards, a 20-30% overlap is desirable. This rate of overlap will permit roaming between cells, allowing for the disconnect and reconnect activity to occur seamlessly without service interruption.
When a client is activated within the WLAN, it will start "listening" for a compatible device with which to "associate". This is referred to as "scanning" and may be active or passive.
Active scanning causes a probe request to be sent from the wireless node seeking to join the network. The probe request will contain the Service Set Identifier (SSID) of the network it wishes to join. When an AP with the same SSID is found, the AP will issue a probe response. The authentication and association steps are completed.
Passive scanning nodes listen for beacon management frames (beacons), which are transmitted by the AP (infrastructure mode) or peer nodes (ad hoc). When a node receives a beacon that contains the SSID of the network it is trying to join, an attempt is made to join the network. Passive scanning is a continuous process and nodes may associate or disassociate with APs as signal strength changes.
How wireless LANs communicate
| After establishing connectivity to the WLAN, a node will pass frames in the same manner as on any other 802.x network. WLANs do not use a standard 802.3 frame. Therefore, using the term wireless Ethernet is misleading. There are three types of frames: control, management, and data. Only the data frame type is similar to 802.3 frames. The payload of wireless and 802.3 frames is 1500 bytes; however, an Ether frame may not exceed 1518 bytes whereas a wireless frame could be as large as 2346 bytes. Usually the WLAN frame size will be limited to 1518 bytes as it is most commonly connected to a wired Ethernet network. Since radio frequency (RF) is a shared medium, collisions can occur just as they do on wired shared medium. The major difference is that there is no method by which the source node is able to detect that a collision occurred. For that reason WLANs use Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA). This is somewhat like Ethernet CSMA/CD. When a source node sends a frame, the receiving node returns a positive acknowledgment (ACK). This can cause consumption of 50% of the available bandwidth. This overhead when combined with the collision avoidance protocol overhead reduces the actual data throughput to a maximum of 5.0 to 5.5 Mbps on an 802.11b wireless LAN rated at 11 Mbps. Performance of the network will also be affected by signal strength and degradation in signal quality due to distance or interference. As the signal becomes weaker, Adaptive Rate Selection (ARS) may be invoked. The transmitting unit will drop the data rate from 11 Mbps to 5.5 Mbps, from 5.5 Mbps to 2 Mbps or 2 Mbps to 1 Mbps |
| WLAN authentication occurs at Layer 2. It is the process of authenticating the device not the user. This is a critical point to remember when considering WLAN security, troubleshooting and overall management. Authentication may be a null process, as in the case of a new AP and NIC with default configurations in place. The client will send an authentication request frame to the AP and the frame will be accepted or rejected by the AP. The client is notified of the response via an authentication response frame. The AP may also be configured to hand off the authentication task to an authentication server, which would perform a more thorough credentialing process. Association, performed after authentication, is the state that permits a client to use the services of the AP to transfer data. Authentication and Association types
Methods of authentication The first authentication process is the open system. This is an open connectivity standard in which only the SSID must match. This may be used in a secure or non-secure environment although the ability of low level network ‘sniffers’ to discover the SSID of the WLAN is high. The second process is the shared key. This process requires the use of Wireless Equivalency Protocol (WEP) encryption. WEP is a fairly simple algorithm using 64 and 128 bit keys. The AP is configured with an encrypted key and nodes attempting to access the network through the AP must have a matching key. Statically assigned WEP keys provide a higher level of security than the open system but are definitely not hack proof. The problem of unauthorized entry into WLANs is being addressed by a number of new security solution technologies. |
Computers send data signals electronically. Radio transmitters convert these electrical signals to radio waves. Changing electric currents in the antenna of a transmitter generates the radio waves. These radio waves radiate out in straight lines from the antenna.
However, radio waves attenuate as they move out from the transmitting antenna. In a WLAN, a radio signal measured at a distance of just 10 meters (30 feet) from the transmitting antenna would be only 1/100th of its original strength. Like light, radio waves can be absorbed by some materials and reflected by others. When passing from one material, like air, into another material, like a plaster wall, radio waves are refracted. Radio waves are also scattered and absorbed by water droplets in the air. 
These qualities of radio waves are important to remember when a WLAN is being planned for a building or for a campus. The process of evaluating a location for the installation of a WLAN is called making a Site Survey.
Because radio signals weaken as they travel away from the transmitter, the receiver must also be equipped with an antenna. When radio waves hit the antenna of a receiver, weak electric currents are generated in that antenna. These electric currents, caused by the received radio waves, are equal to the currents that originally generated the radio waves in the antenna of the transmitter. The receiver amplifies the strength of these weak electrical signals.
In a transmitter, the electrical (data) signals from a computer or a LAN are not sent directly into the antenna of the transmitter. Rather, these data signals are used to alter a second, strong signal called the carrier signal.
The process of altering the carrier signal that will enter the antenna of the transmitter is called modulation. There are three basic ways in which a radio carrier signal can be modulated. For example, Amplitude Modulated (AM) radio stations modulate the height (amplitude) of the carrier signal. Frequency Modulated (FM) radio stations modulate the frequency of the carrier signal as determined by the electrical signal from the microphone. In WLANs, a third type of modulation called phase modulation is used to superimpose the data signal onto the carrier signal that is broadcast by the transmitter.
In this type of modulation, the data bits in the electrical signal change the phase of the carrier signal.
A receiver demodulates the carrier signal that arrives from its antenna. The receiver interprets the phase changes of the carrier signal and reconstructs from it the original electrical data signal.
Signals and noise on a WLAN
On a wired Ethernet network, it is usually a simple process to diagnose the cause of interference. When using RF technology many kinds of interference must be taken into consideration.
Narrowband is the opposite of spread spectrum technology. As the name implies narrowband does not affect the entire frequency spectrum of the wireless signal. One solution to a narrowband interference problem could be simply changing the channel that the AP is using. Actually diagnosing the cause of narrowband interference can be a costly and time-consuming experience. To identify the source requires a spectrum analyzer and even a low cost model is relatively expensive.
All band interference affects the entire spectrum range. Bluetooth™ technologies hops across the entire 2.4 GHz many times per second and can cause significant interference on an 802.11b network. It is not uncommon to see signs in facilities that use wireless networks requesting that all Bluetooth™ devices be shut down before entering. In homes and offices, a device that is often overlooked as causing interference is the standard microwave oven. Leakage from a microwave of as little as one watt into the RF spectrum can cause major network disruption. Wireless phones operating in the 2.4GHZ spectrum can also cause network disorder.
Generally the RF signal will not be affected by even the most extreme weather conditions. However, fog or very high moisture conditions can and do affect wireless networks. Lightning can also charge the atmosphere and alter the path of a transmitted signal.
The first and most obvious source of a signal problem is the transmitting station and antenna type. A higher output station will transmit the signal further and a parabolic dish antenna that concentrates the signal will increase the transmission range.
In a SOHO environment most access points will utilize twin omnidirectional antennae that transmit the signal in all directions thereby reducing the range of communication.
Wireless security
As previously discussed in this chapter, wireless security can be difficult to achieve. Where wireless networks exist there is little security. This has been a problem from the earliest days of WLANs. Currently, many administrators are weak in implementing effective security practices.
A number of new security solutions and protocols, such as Virtual Private Networking (VPN) and Extensible Authentication Protocol (EAP) are emerging. With EAP, the access point does not provide authentication to the client, but passes the duties to a more sophisticated device, possibly a dedicated server, designed for that purpose. Using an integrated server VPN technology creates a tunnel on top of an existing protocol such as IP. This is a Layer 3 connection as opposed to the Layer 2 connection between the AP and the sending node.
- EAP-MD5 Challenge – Extensible Authentication Protocol is the earliest authentication type, which is very similar to CHAP password protection on a wired network.
- LEAP (Cisco) – Lightweight Extensible Authentication Protocol is the type primarily used on Cisco WLAN access points. LEAP provides security during credential exchange, encrypts using dynamic WEP keys, and supports mutual authentication.
- User authentication – Allows only authorized users to connect, send and receive data over the wireless network.
- Encryption – Provides encryption services further protecting the data from intruders.
- Data authentication – Ensures the integrity of the data, authenticating source and destination devices.
VPN technology effectively closes the wireless network since an unrestricted WLAN will automatically forward traffic between nodes that appear to be on the same wireless network. WLANs often extend outside the perimeter of the home or office in which they are installed and without security intruders may infiltrate the network with little effort. Conversely it takes minimal effort on the part of the network administrator to provide low-level security to the WLAN.
Cisco Systems, Inc.
0 comments:
Post a Comment