1 © 2000, Cisco Systems, Inc. Wireless LAN Roadmap: Performance and Hardware Features 1.

Slides:



Advertisements
Similar presentations
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
Advertisements

Faculty of Computer Science & Engineering
Wireless Technology.
CAPWAP Architecture draft-mani-ietf-capwap-arch-00 Mahalingam Mani Avaya Bob O’Hara Airespace Lily Yang Intel.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
USRobotics Professional Access Point  Yosi Rafael.
Wireless Design for Voice Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
Network Access and 802.1X Klaas Wierenga SURFnet
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
D-Link Unified Access Point
750Mbps ac Wireless Broadband Router WDRT-750AC.
1 © 2000, Cisco Systems, Inc. Cisco Company Confidential - Do not distributeSE Meeting – November 16th 2000 Security for Next Generation Wireless LANs.
300Mbps Dual Band Wireless VDSL2 Router VDR-300NU.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
Wireless Networks: Personal, Local, Metropolitan Speedups, Security, Power John Schafer University of Michigan Ann Arbor CSG 10 May 2000
Windows 2003 and 802.1x Secure Wireless Deployments.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Clinic Security and Policy Enforcement in Windows Server 2008.
Network Security Wireless LAN. Network Security About WLAN  IEEE standard  Use wireless transmission medium such as radio, microwave, infrared.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
1 © 2000, Cisco Systems, Inc. Wireless LAN Solution & Deployment Tjie Seng, Njauw.
Wireless Infrastructures Wireless. Wireless Infrastructures Wireless LAN Predominantly IEEE A, B, G, N Wireless MAN WiMax and its.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
1999 Cabletron Systems. Wireless Networking RoamAbout Introduction to Wireless Networking Overview of the Wireless functionality Applications for Wireless.
The world is going to wireless …
Cisco Systems Wireless LANs and Enterprise Mobility
Wireless Networking.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Wireless. New Ideas New Opportunities Wireless Growth By 2003, 20% of B2B traffic and 25% of B2C traffic will be wireless “ ” Meta Group Research.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
70-411: Administering Windows Server 2012
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Wireless LANs Configuring Cisco WLAN Clients. Cisco a/b/g WLAN Client Adapters a/b/g dual-band client adapters Supports all three current.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Lecture 11 Wireless security
© Aastra – 2012 SIP-DECT 4.0 RFP 43 WLAN June 2012.
Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.
MAHARANA PRATAP COLLEGE OF TECHNOLOGY, GWALIOR
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.
Cisco Aironet Wireless LAN Products. Cisco Aironet 350 Series Product Family 2.4 GHZ DS 11 Mbps (802.11b) Access Points Client Adapters Wireless Bridges.
1350 TAC Training © 2000, Cisco Systems, Inc. Cisco Aironet 350 Series Product and Software Update WNBU Technical Marketing.
Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Doc.: IEEE /035 Submission March 2000 Bernard Aboba, Tim Moore, MicrosoftSlide 1 IEEE 802.1X For Wireless LANs Bernard Aboba, Tim Moore, Microsoft.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Mohammed F & Aya. Peer-to-peer network are usually common in homes and small businesses and are not necessarily expensive. On a peer-to-peer network each.
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
Cisco Aironet 350 Series: The Right Choice for the Enterprise.
Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.
Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,
Wireless LAN Requirements (1) Same as any LAN – High capacity, short distances, full connectivity, broadcast capability Throughput: – efficient use wireless.
IEEE Wireless LAN Standard
Port Based Network Access Control
Wireless Ethernet Programming
Module 9: Configuring Network Access
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
Chapter 4: Wireless LANs
On and Off Premise Secure Access
Wireless LAN Security 4.3 Wireless LAN Security.
Presentation transcript:

1 © 2000, Cisco Systems, Inc. Wireless LAN Roadmap: Performance and Hardware Features 1

Cisco Aironet 340 Series Wireless LAN Solution PC Card/PCI Client Adapters Access Points Line-of-Sight Bridge Products Antennas & Accessories The Cisco Aironet 340 Series of b compliant high speed wireless solutions offers the best performance, manageability, scalability and security for both in-building and building to building wireless applications Editors’ Choice: Wireless LANs (PC Magazine, March 20000) ”Cisco Aironet Beats Rivals--With Ease” (Network Computing, Editors’ Choice July 2000)

WLAN Vision: Client Options Workgroup Bridges –Plug and play wireless for single or multiple clients USB –Easy to install NIC alternative Multi-function and embedded client devices –In partnership with Xircom Client Drivers/Services –Macintosh/Linux drivers –Automated country radio localization –Improved diagnostics tools

WLAN Vision: Performance  IEEE a/b Ratified Radio Network Speed Mbps Superset 5 GHz 6-54 Mbps.11a Std 22 Mbps.11b Ext. 900 MHz 11Mbps 2.4 GHz b Standard  Small, Medium and Large Enterprises  High power and performance  Telecommuter  Cost and Manageability 2002

WLAN Vision: Infrastructure Options W/C Cisco Access Point 925 In-line pwr capable switch Office applications –Simplify and reduce installations costs In-line power Warehouse (extreme applications) –Extended temperature

Telecommuter Base Station compliant Fully managed Simplified configuration Embedded Modem and Ethernet Designed for the WLAN Telecommuter

7 © 2000, Cisco Systems, Inc. Wireless LANs Services Directions 7

Cisco’s Services Vision Security –Centralized device authentication –Future flexible user authentication services Management –Enhanced auto-configuration and enforcement for client/infrastructure Policy –Enhanced PCF services for enterprise quality QoS Mobility –Scale L2/L3 roaming services Cisco Access Point 925

Security Services Current capabilities –No Encryption –40-Bit Encryption –128-Bit Encryption –Hardware based encryption Negligible performance impact (<3%) –Mac-based exclusion filtering Encryption Choices (defined at Access Point) –No Encryption –Allow client to specify (optional) –Forced (Required)

Security Directions Summary Utilize HW-based encryption –Best price/performance –Minimizes impact on client and network 1st phase (Committed): Device authentication –Cell phone security analogy –Supports all client device types 2nd phase: User authentication (in development) –Universal user authentication through 802.1x Extensible Authentication Protocols (EAP)

Security Directions Summary (cont.) Centralized Authentication –Phase1: Enhanced RADIUS servers CiscoSecure Authentication Server Directory services integration through LDAP/X.500 –Phase 2: EAP support Kerberos & PKI support Dynamic Key Generation/Distribution –Unique 128 bit key per user per session –Roaming Pre-authentication

Centralized User-Based Authentication Authenticator (e.g. Access Point, Catalyst Switch) Supplicant Semi-Public Network / Enterprise Edge Authentication Server such as ACS2000 v2.6 RADIUSRADIUS EAP Over Wireless/LAN (EAPOW/EAPOL) EAP Over RADIUS Extended Enterprise (Branch Office, Home, etc.) Enterprise Intranet

Dynamic WEP Key Management EAPOL-Start EAP-Request/Identity EAP-Response/Identity EAP-Request Radius-Access-Request Radius-Access-Challenge EAP-Response (credential) Radius-Access-Request EAP-Success Access blocked Radius-Access-Accept RADIUS EAPOW Associate Access allowed EAPW-Key (WEP) Laptop computer RADIUSRADIUS Fast Ethernet

Services in Development Rogue AP detection requirement –Only IT installed/configured devices deliver infrastructure access –Authenticated clients learn trusted APs in area –Untrusted APs are detected, reported and, if possible, isolated and shut down Investigating best way to control non-Cisco APs AP Authentication

Wireless QoS Vision SpectraLink Voice Prioritization (SVP) –Prioritizes IP voice traffic in AP queue –User configurable beacon period helps determine voice quality Committed Services

Wireless QoS Vision (cont.) Extend existing QoS services –Utilize and enhance Point Coordination Function (PCF) Standards-based Backwards compatibility, investment protection Time-to-market Integration with existing IETF & IEEE standards Integrated Services over Specific Link Layers (ISSLL) 802.1(p) priorities Services in Process

Proposal for Enhanced Wireless QoS Better to approach it as an integrated system Address queue management in the infrastructure devices –Contention-free period can only be sustained if the queues on the access point or stations are adequately managed Address medium access limitations to ensure access –Chicken-egg problem; polling to manage medium access – potential contention to get on polling list Address unlicensed band regulations –Some regulatory domains do not allow constant occupancy by one device Maximize investment protection –While also acknowledging that some legacy devices may require an enhanced DCF Systems always spend some time in the DCF

Wireless QoS Summary Simple but efficient –Easy to implement –Good support for legacy stations –Inline with what is standardized by other workgroups and standardization bodies Simulations will prove concept Some ‘loose-ends’ need to be worked out

Additional Network Services: Load Balancing AP’s configured for load sharing use different RF channels in coverage area Policy based on number of users, bit error rate, or signal strength Channel 1 Channel 6

Additional Network Services: Hot Standby AP’s co-located for hot standby use SAME RF channel in coverage area Standby AP acts as probe for monitoring and management ActiveStandby Channel X

Summary: Vision for Mobile Connectivity Channels Products Solutions Partners Offer key services to accommodate wireless data, voice and video that is: –Secure –Manageable –Scalable –Delivers improved Price/Performance Preserve customers investment in existing WLAN infrastructure Partner to enhance wireless hardware and software solutions for customers

Additional Committed Services: L3 Roaming Currently support fast subnet roaming through Inter Access Point Protocol (IAPP) L3 client upgrade into Access Point Supports DHCP and static addresses, does not interrupt real time voice or messaging applications Enterprise Intranet L2 Roaming Services X Y L2 Roaming Services X Y L3 Roaming Services Proxy Client X Proxy Client X L3 Roaming Services Proxy Client X Proxy Client X

802.1X Security Architecture Controlled port: Data traffic Open port: Authentication traffic User Client/Supplicant Authentication Server Authentication Client/Control Point Pieces of the system.

EAP Architecture EAPLayer MethodLayer EAPEAP TLSTLS MediaLayer NDISAPIs EAPAPIs PPP IKEIKEGSS_APIGSS_API

802.1X Security Services SupplicantAuthentication ServerAuthentication client/control point Cisco/ Microsoft Cisco/ Microsoft, etc. Cisco Device Mini-certificate (MD5/PAP-CHAP) Future supplicant for Win2K/WinCE 3.0 (User authentication options) Radius server available from Cisco Future enhanced servers available from others Non-IP communications until device authenticated

Authentication Process Normal Data Authentication traffic Wireless laptopRadius ServerAccess Point Authentication traffic Radius traffic Wireless client assoc. at layer. Data blocked by AP. Access Point blocks everything except authentication traffic. The authentication traffic is allowed to flow. The Access point relays authentication traffic.

Authentication Process cont. Normal Data Authentication traffic Wireless laptopRadius ServerAccess Point Radius traffic Wireless client mutually authenticates with Radius Server Client receives grant WEP key. Client stack is initiated. DHCP request and subsequent traffic is encrypted with session key Authentication traffic Radius server authenticates client and creates a WEP key. AP receives grant and key. Key is installed in data base and normal data is forwarded to client

Authentication Process cont. Normal Data Authentication traffic Wireless laptopAccess Point trafficIP traffic Wireless client and AP use WEP key. AP allows traffic to flow. AP pre-authenticates client for intra subnet roaming Secure traffic. No performance impact Enterprise Intranet

Future User Authentication for non- EAP/802.1x Clients Options under consideration –Device level authentication w/passwords Create APIs to pass username and password to LEAP For generic support, statically assign username and password into card. –This becomes device security.

Pre-Authentication for Roaming APs multicast keys of authenticated clients as part of Inter Access Point Protocol (IAPP) Pre-authentication m-casts encrypted APs cache pre-authenticated clients (1000s of entries).

Pre-Authentication and Roaming Roam from AP1 to AP2 AP2 AP1 Disassociation Pre- auth When roam occurs, AP1 sends a disassociation notice. AP2 associates client, cached key and retrieves queued data from AP1.