Wireless LANs Chapter 5 Panko’s Business Data Networks and Telecommunications, 5th edition Copyright 2005 Prentice-Hall

Wireless LANs The Big Thing in local area networking today Gives mobility to users within the corporate premises New technology, so difficult to implement well Not a competitor for the main wired Ethernet LAN today; extends the wired LAN’s resources to mobile users Self-explanatory.

Figure 5-1: Wireless LAN (WLAN) Access Point Large Wired Ethernet LAN Command Message Access Point Ethernet Switch UTP Radio Transmission Laptop Mobile Client Router Server Access point controls wireless stations (transmission power, etc.) Self-explanatory. Internet

Figure 5-1: Wireless LAN (WLAN) Access Point, Continued Large Wired Ethernet LAN Access Point Ethernet Switch UTP Radio Transmission Laptop Mobile Client Router Communication Server Access point bridges wireless stations to resources on wired LAN—servers and routers for Internet access Self-explanatory. Internet

Figure 5-2: Access Point (Photo) Courtesy: D-Link Self-explanatory. Two antennas to reduce multipath interference (discussed later)

Figure 5-3: Radio Wave Characteristics Amplitude Amplitude Radio transmissions consist of waves. The amplitude is the intensity of the wave. Repeated from Chapter 3.

Figure 5-3: Radio Wave Characteristics, Continued Wavelength Wavelength The wavelength is the distance between comparable spots on successive waves Repeat from Chapter 3.

Figure 5-3: Radio Wave Characteristics, Continued Frequency is the number of complete cycles per second 1 Second Repeat from Chapter 3. Two cycles in 1 second, so frequency is two Hertz (Hz).

Figure 5-3: Radio Wave Characteristics, Continued Radio waves are described in terms of frequency Hertz = one cycle per second In increasing orders of 1,000… Kilohertz (kHz) Megahertz (MHz) Gigahertz (GHz) Self-explanatory.

Figure 5-3: Radio Wave Characteristics, Continued Wavelength Wavelength 1 Second Wavelength and frequency can be computed from the other. Two cycles in 1 second, so frequency is two Hertz (Hz). Wavelength x Frequency = Speed of Propagation (Near Light Speed)

Figure 5-3: Radio Wave Characteristics, Continued Wavelength Recap Amplitude Amplitude Wavelength 1 Second Recap Two cycles in 1 second, so frequency is two Hertz (Hz). Wavelength x Frequency = Speed of Propagation (Near Light Speed)

Figure 5-4: Omnidirectional and Dish Antennas Concentrates incoming and outgoing signals in a narrow range ----- Must point at receiver Good for fixed subscribers Omnidirectional Antenna Signal spreads as a sphere Rapid signal attenuation ----- No need to point at receiver Good for mobile subscribers Self-explanatory.

Figure 5-5: Wireless Propagation Problems 2. Electromagnetic Interference (EMI) from Other stations, Microwave ovens, etc. 1. Attenuation: signal gets weaker with distance Blocking Object 3. Shadow Zone (Dead Spot) Direct Signal Laptop 4. Multipath Interference Self-explanatory. On Point 4, signals may bounce off floors or buildings, interfering with direct signals. In television, this happens in large cities, where TV signals bounce off buildings. In television, this products “ghosting” in which faint images appear slightly displaced from the original. In data transmission, these ghosts produce errors. Reflected Signal Direct and reflected signals may cancel out

Figure 5-5: Wireless Propagation Problems, Continued Inverse square law attenuation To compare relative power at two distances Divide the longer distance by the shorter distance Square the result; this is the relative power ratio Examples 100 mW (milliwatts) at 10 meters At 20 meters, 100 / (20/10)2 = 100 mW / 4 = 25 mW At 30 meters, 100 / (30/10)2 = 100 mW / 9 = 11 mW Self-explanatory.

Figure 5-5: Wireless Propagation Problems, Continued Some problems are Frequency-Dependent Higher-frequency signals attenuate faster Absorbed more rapidly by water in the air Higher-frequency signals blocked more by obstacles At lower frequencies, signals refract (bend) around obstacles like an ocean wave hitting a buoy At higher frequencies, signals do not refract; leave a complete shadow behind obstacles Self-explanatory.

Figure 5-6: The Frequency Spectrum, Service Bands, and Channels 1. Frequency Spectrum (0 Hz to Infinity) 4. Signals in different channels do not interfere with one another 3. Multiple Channels within a Service Band; each Channel carries a different signal Channel 5, Signal A 2. Service Band (FM Radio, Cellular Telephony, etc.) Channel 4, Signal D Channel 3, Signal B Self-explanatory. Channel 2, No Signal Channel 1, Signal E 0 Hz

Figure 5-7: Channel Bandwidth and Transmission Speed Signal Bandwidth Figure 5-3 shows a wave operating at a single frequency However, most signals are spread over a range of frequencies The range between the highest and lowest frequencies in the channel is the signal’s bandwidth Self-explanatory. Lowest Frequency Highest Frequency Bandwidth

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued An 88.0 MHz to 88.2 MHz channel (FM radio) has a bandwidth of 0.2 MHz (200 kHz) Higher-speed signals need wider bandwidths Amplitude 88.0 MHz 88.2 MHz Self-explanatory. Frequency Bandwidth = 0.2 MHz = 200 kHz

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued Shannon Equation C=B Log2 (1+S/N) C = Maximum possible transmission speed in the channel (bps) B = Bandwidth (Hz) (Like thickness of a hose) S/N = Signal-to-Noise Ratio Note that doubling the bandwidth (B) doubles the maximum possible transmission speed More generally, increasing the bandwidth by X increases the maximum possible speed by X Self-explanatory.

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued Shannon Equation C=B Log2 (1+S/N) C = Maximum possible transmission speed in the channel (bps) B = Bandwidth (Hz) S/N = Signal-to-Noise Ratio Wide bandwidth is the key to fast transmission Increasing S/N helps slightly but usually cannot be done to any significant extent Self-explanatory.

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued Broadband and Narrowband Channels Broadband means wide channel bandwidth and therefore high speed Narrowband means narrow channel bandwidth and therefore low speed Narrowband is below 100 kbps Broadband is above 100 kbps Self-explanatory. The 100 Mbps corresponds to ITU-T standards for 3G cellular systems. Many sources begin broadband transmission at 200 Mbps or even higher.

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued Channel Bandwidth and Spectrum Scarcity Why not make all channels broadband? There is a limited amount of spectrum in desirable frequencies Making each channel broader than needed would mean having fewer channels or widening the service band Service band design requires trade-offs between speed requirements, channel bandwidth, and service band size Self-explanatory.

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued The Golden Zone Most organizational radio technologies operate in the “golden zone” High megahertz to low gigahertz range At higher frequencies, there is more available bandwidth At lower frequencies, signals propagate better Continued… Self-explanatory.

Figure 5-7: Channel Bandwidth and Transmission Speed, Continued The Golden Zone Frequencies are high enough for there to be large total bandwidth Frequencies are low enough to allow fairly good propagation characteristics Self-explanatory.

Figure 5-8: Normal Radio Transmission and Spread Spectrum Transmission Note: Height of Box Indicates Bandwidth of Channel Channel Bandwidth Required for Signal Speed Normal Radio: Bandwidth is No Wider than Required Self-explanatory. To conserve spectrum channel, bandwidths usually are set to be only as wide as signals in the service band need based on their speed

Note: Height of Box Indicates Figure 5-8: Normal Radio Transmission and Spread Spectrum Transmission, Continued Note: Height of Box Indicates Bandwidth of Channel Channel Bandwidth Required for Signal Speed Spread Spectrum Transmission: Channel Bandwidth is Much Wider than Needed Self-explanatory. However, spread spectrum transmission uses much wider channels than the signal requires, which seems wasteful

Why Spread Spectrum Transmission? Figure 5-8: Normal Radio Transmission and Spread Spectrum Transmission, Continued Why Spread Spectrum Transmission? Commercial spread spectrum transmission reduces certain propagation effects (multipath interference and narrowband EMI); These typically occur over a narrow range of frequencies With spread spectrum transmission, most of the signal will get through Does not provide security as in military spread spectrum systems (common misconception) Self-explanatory.

Figure 5-9: Spread Spectrum Transmission Methods Frequency Hopping Spread Spectrum (FHSS) Signal only uses its normal bandwidth, but it jumps around within a much wider channel If there are propagation problems at specific frequencies, most of the transmission will still get through Limited to low speeds; used by Bluetooth (later discussion) Self-explanatory.

Figure 5-9: Spread Spectrum Transmission Methods, Continued Wideband but Low-Intensity Signal Direct Sequence Spread Spectrum (DSSS) Signal is spread over the entire bandwidth of the wideband channel The power per hertz at any frequency is very low Interference will harm some of the signal, but most of the signal will still get through and will be readable Used in 802.11b (11 Mbps), which is discussed later Self-explanatory.

Figure 5-9: Spread Spectrum Transmission Methods, Continued Orthogonal Frequency Division Multiplexing (OFDM) Subcarrier 1 Subcarrier 2 Subcarrier 3 OFDM divides the broadband channel into subcarriers Sends part of the signal in each subcarrier The subcarrier transmissions are redundant so that if some are lost, the entire signal will still get through Used in 802.11a and g at 54 Mbps (discussed later) Self-explanatory.

Figure 5-10: Typical 802.11 Wireless LAN Operation with Access Points Ethernet Switch 802.3 Frame 802.11 Frame UTP Radio Transmission Access Point A Laptop 802.3 Frame Access point bridges the networks (translates between the 802.11 wireless frame and the Ethernet 802.3 frame used within the LAN) Client PC Server Self-explanatory. Large Wired LAN

Figure 5-10: Typical 802.11 Wireless LAN Operation with Access Points, Continued Ethernet Switch UTP Access Point A 802.3 Frame Laptop 802.11 Frame Handoff (if mobile computer moves to another access point, it switches service to that access point) Client PC Access Point B Server Self-explanatory. Large Wired LAN

Figure 5-11: 802. 11 Wireless Access Point and Wireless PC Card NIC Figure 5-11: 802.11 Wireless Access Point and Wireless PC Card NIC. Courtesy SMC Communications Access Point Wireless NIC Self-explanatory.

Wireless NICs PC Card NICs USB NICs Fit into PC Card slot on mobile PC or PDA. USB NICs External. Plug into USB port. Self-explanatory.

Media Access Control All stations and the access points share a single channel If two devices (stations or access points) transmit at the same time, their signals will be scrambled Self-explanatory.

Media Access Control Only one station or the access point can transmit at a time To control access (transmission), two methods can be used CSMA/CD+ACK (mandatory) RTS/CTS (optional unless 802.11b and g stations share an 802.11g access point) Self-explanatory.

Figure 5-12: CSMA/CA+ACK in 802.11 Wireless LANs CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) If there has been no traffic for a sufficiently long time, the danger of a collision is small, so that station or access point may send immediately. Self-explanatory.

Figure 5-12: CSMA/CA+ACK in 802.11 Wireless LANs, Continued CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) If there is current traffic or recent traffic then a collision is certain or likely The station sets a random timer If there is no traffic when the timer finishes, may send Self-explanatory.

Figure 5-12: CSMA/CA+ACK in 802.11 Wireless LANs, Continued ACK (Acknowledgement) Receiver immediately sends back an acknowledgement when it receives a frame Does not wait to send an ACK This ACK will take place during the DIFS period and so will not interfere with other stations If sender does not receive the acknowledgement, retransmits using CSMA/CA Self-explanatory.

Figure 5-13: Request to Send/Clear to Send (RTS/CTS) Switch RTS Radio Link Access Point B Laptop Client PC Server 1. Device that wishes to transmit may send a Request-to-Send message Self-explanatory. Large Wired LAN

Figure 5-13: Request to Send/Clear to Send (RTS/CTS), Continued Switch CTS Radio Link Access Point B Laptop Client PC Server Self-explanatory. 2. Access point broadcasts a Clear-to-Send message. Station that sent the RTS may transmit unimpeded. Other stations hearing the CTS must wait Large Wired LAN

Recap CSMA/CA+ACK is mandatory RTS/CTS is optional Self-explanatory.

Figure 5-14: 802.11 Wireless LAN Standards (Table) if 802.11g access point serves an 802.11b station Unlicensed Band 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz Crowded Band? Yes No Yes Yes Self-explanatory. Attenuation Lower Higher Lower Lower Note: 802.11b reached market before 802.11a

Figure 5-14: 802.11 Wireless LAN Standards (Table), Continued if 802.11g access point serves an 802.11b station 802.11a, operating at a higher frequency, has more attenuation Than 802.11b Rated Speed 11 Mbps 54 Mbps 54 Mbps Not Specified Actual Throughput, 3 m 6 Mbps 25 Mbps 25 Mbps 12 Mbps Self-explanatory. Actual Throughput, 30 m 6 Mbps 12 Mbps 20 Mbps 11 Mbps

Figure 5-14: 802.11 Wireless LAN Standards (Table), Continued if 802.11g access point serves an 802.11b station Actual Throughput, 30 m 6 Mbps 12 Mbps 20 Mbps 11 Mbps Are These Aggregate Or Individual Throughputs? Self-explanatory. Aggregate throughputs; Individual throughputs are lower

Figure 5-14: 802.11 Wireless LAN Standards (Table), Continued if 802.11g access point serves an 802.11b station Unlicensed Band 2.4 GHz 5 GHz 2.4 GHz 2.4 GHz Number of Non- Overlapping Channels 3 8 to 14 In future, 19 to 24 3 3 Self-explanatory. 2.4 GHz non-overlapping channels are 1, 6, and 11

Figure 5-15: Using Different Channels in Nearby Access Points Point A Channel 1 Access Point B Channel 6 Access Point C Channel 6 OK Interference OK Interference OK If two nearby access points use the same channel, they will interfere with each other. With only three channels, 802.11b and 802.11g access points cannot be set up in 3-dimensional buildings so that they do not interfere. Interference OK Access Point D Channel 6 Access Point E Channel 6 Access Point F Channel 11

Market Realities 802.11b 802.11g dominates sales today Dominates the installed base but not for sale much longer because of 802.11g 802.11g dominates sales today 802.11a is not thriving in the market 802.11n is under development 100 Mbps or more in the 5 GHz band Fast enough for video Self-explanatory.

Figure 5-16: 802.11 Security Automated Drive-By Hacking Can read traffic from outside the corporate walls Can also send malicious traffic into the network Self-explanatory.

Figure 5-16: 802.11 Security, Continued Default - No Security In older products, the installation default was to have no security at all Self-explanatory. No Security No Security

Figure 5-16: 802.11 Security, Continued Wired Equivalent Privacy (WEP) Initial flawed security method developed by the 802.11 Working Group for 802.11 devices All stations share the same encryption key with the access point This key is rarely changed because of the difficulty of coordinating the many users sharing it This is a shared static key Self-explanatory.

Figure 5-16: 802.11 Security, Continued Wired Equivalent Privacy (WEP) Shared static keys means that a large volume of traffic is encrypted with the same key With so much traffic generated with one unchanging key, cryptanalysts can crack the key by collecting data for a few days Once the key is cracked, the attacker can read all messages and send attack messages into the network without going through a firewall filter Self-explanatory.

Figure 5-16: 802.11 Security, Continued Wired Equivalent Privacy (WEP) Software that automates the hacking process is widely available Locate vulnerable access points by driving around (war driving) Collect traffic and crack the key Self-explanatory.

Figure 5-16: 802.11 Security, Continued Virtual Private Network (VPN) VPNs protect transmission over the untrusted Internet (Chapter 1) VPNs can also be used to protect transmission over the untrusted WLAN Effective but complex and therefore expensive to set up Self-explanatory.

Figure 5-16: 802.11 Security, Continued One solution Access points are all placed on a single VLAN Users must connect to a specific device on the VLAN to log in and be admitted to the rest of the LAN Self-explanatory.

Figure 5-16: 802.11 Security, Continued 802.11i Security Later, 802.11 Working Group introduced strong security 802.11i 802.11i specifies the Temporal Key Integrity Protocol (TKIP) Each station gets a separate key for confidentiality This key is changed frequently Self-explanatory.

Figure 5-16: 802.11 Security, Continued 802.11i Security 802.11i Specifies the Extensible Authentication Protocol (EAP) Authentication involves a device proving its identity to another device Authenticate with an authentication server (Figure 5-17) Self-explanatory.

Figure 5-17: Extensible Authentication Protocol (EAP) 1. Switch EAP Data Access Point A Notebook Client PC This figure illustrates client authentication to an access point. Self-explanatory. Authentication Server Large Wired LAN

Figure 5-17: Extensible Authentication Protocol (EAP), Continued 2. Notebook Access Point A EAP Data Switch 3. EAP Data Authentication is stored on an authentication server, not in access points This simplifies access points, making them cheaper Central authentication data is easier to manage and change Client PC Self-explanatory. Authentication Server Large Wired Ethernet LAN

Figure 5-17: Extensible Authentication Protocol (EAP), Continued 4. Notebook Access Point A Switch OK Accept OK If an OK is sent back, the access point may accept an association request from the client If a bad report is sent back, the access point may decline an association request from the client 4. Client PC Authentication Server Self-explanatory. Large Wired Ethernet LAN

Figure 5-17: Extensible Authentication Protocol (EAP), Continued Mutual Authentication Client authentication Clients authenticate themselves to access points This thwarts spurious clients Access point authentication Access point authenticates itself to clients This thwarts spurious access points seeking to associate with legitimate clients Self-explanatory.

Figure 5-16: 802.11 Security, Continued EAP Authentication Methods EAP standardizes authentication communication between stations, access points, and the authentication server Companies also need to choose a specific authentication method Several exist, offering different degrees of authentication strength MD5, TTLS, and PEAP are the main choices Companies must balance authentication strength against difficulty of implementation Self-explanatory.

Figure 5-16: 802.11 Security, Continued 802.11i Security Products started becoming available in late 2003 Wireless Protected Access (WPA) Stopgap security method introduced before full 802.11i security could be developed Introduced some parts of 802.11i in 2002 and 2003 It was often possible to upgrade older WEP products to WPA Self-explanatory.

Figure 5-16: 802.11 Security, Continued The Transition to Strong Security We will soon have a mix of no security, WEP, 802.11i, WPA, and other security protocols Only as strong as the weakest link Legacy equipment that cannot be upgraded to 802.11i will have to be discarded (802.11i is sometimes called WPA2) Self-explanatory.

Figure 5-16: 802.11 Security, Continued Rogue Access Points Unauthorized access points set up by department or individual Often have very poor security, leaving a big opening for hackers Often operate at high power, attracting many clients to these access points with weak security Self-explanatory.

Bluetooth Wireless standard for personal area networks (PANs) Replace wired connections A few devices that a person carries A few devices on a user’s desktop Self-explanatory. BTW: Bluetooth is named after Scandinavian King Harald Bluetooth. Bluetooth was initially developed in Sweden.

5-18: 802.11 Versus Bluetooth 802.11 Bluetooth Focus Local Area Network (LAN) Personal Area Network (PAN) Rated Speed (Actual Throughput Will Be Lower) 11 Mbps to 54 Mbps in both directions 722 kbps with back channel of 56 kbps. May increase. Distance 30 to 100 meters 10 meters Self-explanatory. Number of Devices Limited in practice only by bandwidth and traffic 10 piconets (PANs), each with up to 8 devices

5-18: 802.11 Versus Bluetooth, Continued Scalability Good because allows multiple access points Poor Cost Higher Lower Battery Drain Higher Lower Self-explanatory. Application Profiles No Yes

5-18: 802.11 Versus Bluetooth, Continued Bluetooth Application Profiles Devices with compatible application profiles (a printer and PC, for instance) can work together automatically Extremely useful; nothing like it in 802.11 However, few application profiles have been designed Also, most Bluetooth devices only implement a few application profiles Self-explanatory.

Figure 5-19: Emerging WLAN Technologies Wireless LAN Management Large firms must manage many access points Would like to be able to do this centrally for consistency and to reduce management labor costs Self-explanatory.

Figure 5-19: Emerging WLAN Technologies, Continued Wireless LAN Management Smart access points or WLAN switches (Figure 5-20) Smart access points can be managed directly WLAN switch can have the management intelligence for multiple inexpensive dumb access points Smart Access Point WLAN Switch Self-explanatory. Smart access points are also called fat access points. Dumb Access Point

Figure 5-20: Access Point Management Alternatives Expensive Directly-Manageable Smart Access Point Ethernet Switch Dumb Access Point WLAN switch has the management intelligence for multiple inexpensive dumb access points Management Console WLAN Switch Self-explanatory. Dumb Access Point

Figure 5-19: Emerging WLAN Technologies, Continued Wireless LAN Management Functions Notification of failures Constant QoS monitoring Signal strength, etc. Support remote access point adjustment Power, channels used, etc. Send software updates to all access points All of this should be as automatic as possible Self-explanatory.

Figure 5-19: Emerging WLAN Technologies, Continued Radio Frequency IDs (RFIDs) Chips that send out data in response to radio signals Like UPC codes on products but can be read from a short distance Reduced cost in checkout Constant inventory updating with “smart shelves” Real-time data for business Self-explanatory.

Figure 5-19: Emerging WLAN Technologies, Continued Ultrawideband (UWB) Spread spectrum bandwidths are a few megahertz Ultrawideband (UWB) uses channels as wide as several gigahertz 480 Mbps with a distance of about 10 meters Wireless TV transmission in homes Wireless communication within a telecommunications closet or server room Self-explanatory.

Figure 5-19: Emerging WLAN Technologies, Continued Fourth-Generation (4G) Stations Stations that can support multiple radio methods 802.11a, b, and g Bluetooth 3G cellular Etc. Choose the best mode for a situation E.g., 802.11g when in reach of WLAN (fast & cheap) Expensive 3G when nothing else is available Self-explanatory.

Mesh Networks Access points and wireless NICs self-organize Move frames to desired receiver peer-to-peer (P2P) Adjust signal power, etc. when an element fails or is turned off Self-explanatory.

Mesh Networks, Continued New Not in Book. New: Raise Many Questions Uncertain reliability if there is not a dense mesh Can an attacker feeding false information? Load on the devices? Self-explanatory.

Topics Covered Synergy between wireless and wired LANs Radio wave characteristics Speed and bandwidth Spread spectrum transmission to reduce propagation problems Access points control wireless clients and bridge the WLAN to the main wired LAN

Topics Covered CSMA/CA+ACK and CTS/RTS Specific 802.11 WLAN standards Need for multiple nonoverlapping channels for access point placement Security WEP is easily cracked by drive-by hackers WEP is often not turned on at all

Topics Covered Improved Security Bluetooth for personal area networks WPA is much better but somewhat limited 802.11i is needed for the future Each station gets a separate key that is frequently changed EAP authenticates the client and the access point Bluetooth for personal area networks

Topics Covered Advanced Topics WLAN management RFIDs UWB 4G clients Mesh Networks