Chapter 10-Wireless Devices WLAN Client Devices Progression of WLAN architecture Specialty WLAN infrastructure
Exam Essentials Know the major radio card formats. The 802.11 standard does not mandate what type of format can be used by an 802.11 radio. 802.11 radios exist in multiple formats. Understand the need for client adapters to have an operating system interface and a user interface. A client adapter requires a special driver to communicate with the operating system and a software client utility for user configuration. Identify the four major types of client utilities. The four types of client utilities are Soho, enterprise, integrated, and third party. Explain the progression of WLAN architecture. Be able to explain the differences and similarities of autonomous AP solutions and WLAN controller solutions. Identify the capabilities of all WLAN legacy infrastructure devices. Understand the capabilities of autonomous APs. Explain the differences between autonomous APs and lightweight APs.
Exam Essentials Identify the capabilities of a WLAN controller solution. Understand all the features and functionality that a WLAN controller solution provides. Be able to explain IP tunneling, split MAC architecture, virtual BSSIDs, WLAN profiles, and dynamic RF. Be able to explain the various ways that a WLAN controller solution can be scaled. explain the concept of distributed data forwarding. Explain the role and configuration of WLAN bridges and workgroup bridges. The CWNA test covers bridging quite extensively. know all of the different types of bridges and the difference between root and nonroot bridges. Be able to explain the differences between point-to-point and point-to-multipoint bridging. understand bridging problems such as ACk time-out, and study other bridging consideration that are covered in other chapters, such as the Fresnel zone and system operating margin
Exam Essentials Define WLAN mesh networking. Be able to explain that WLAN mesh routers use self-healing and self-forming methods and proprietary layer 2 routing protocols. understand the difference between single-band and dual-band mesh networks. Explain other WLAN specialty infrastructure. Be able to explain how EEG solutions, RTLS solutions, and VoWiFi solutions can all be integrated with a WLAN. explain other nontraditional WLAN solutions such as WLAN arrays, virtual APs, and cooperative control APs.
Wireless LAN Client Devices Half-duplex radio receiver Many hardware formats and chipsets Need a software driver for the OS to use When buying, make sure drivers exist for your OS Pg 320
Radio Card Formats Radio cards in both APs and client adapters Mostly focused on client adapters Form Factors How it fits into your device PCMCIA/PC Card ExpressCard Secure Digital/CompactFlash PDAs PCI Often a PCMCIA slot for PCI Bad location for wireless USB Pg 320
Form Factors
Form Factors
Radio Card Formats Not just in PDA, PC, Laptop Also in handheld devices Bar code scanner Wireless POS systems VoWiFi phones Stereo Gaming Systems Video/camera Pg 324
Radio Card Chipsets Support specific frequencies/technology 2.4 Ghz If support both, often an a/b/g card Common today 802.11n are different Pg 325
Client Utilities End User tool for configuring the wireless card Create connection profiles Configure settings for connections SSID, passkey, etc Four major types, or categories, of client utilities exist: Small office, home office (Soho) client utilities enterprise-class client utilities Integrated operating system client utilities Third-party client utilities Pg 326
Client Utilities End User tool for configuring the wireless card Create connection profiles Configure settings for connections SSID, passkey, etc Look for networks (site survey) Signal Strength measurements Four major types, or categories, of client utilities exist: Small office, home office (Soho) client utilities enterprise-class client utilities Integrated operating system client utilities Third-party client utilities Pg 326
Client Utilities Different types for different jobs Enterprise usually have more features than SOHO Windows Wireless Zero Configuration Service (WZC) Very common Third Party Becoming more common for enterprise deployments Pg 326
Client Utilities Pg 326
Progression of WLAN architecture General purpose of 802.11 is to provide a portal to the wired network Pg 328
Intelligent Edge-Autonomous AP Traditional APs had the brains Edge intelligence Autonomous Fat, stand-alone, etc. Configuration and management done on the device At the access level, not core or distribution Distribution System Service and Integration Service on the AP Pg 329
Intelligent Edge-Autonomous AP Not Quite the same as the APs for home use Older ones were similar Usually two physical interfaces bridged together Wireless Wired Bridged Virtual Interface has the IP address Pg 329
Intelligent Edge-Autonomous AP Multiple management interfaces, such as command line, web GuI, and SNMP WeP, WPA, and WPA2 security capabilities WMM quality-of-service capabilities Fixed or detachable antennas Filtering options, such as MAC and protocol Connectivity modes, such as root, repeater, bridge, and scanner Removable radio cards Multiple radio card and dual-frequency capability: 2.4 Ghz and 5 Ghz Adjustable transmit power, which is used mostly for cell sizing VLAN support (VLANs are created on a managed wired switch.) Ieee standards support 802.3-2005, clause 33, Power over ethernet (Poe) support Pg 329
Intelligent Edge-Autonomous AP Are being replaced by lightweight APs with a WLAN switch/controller More centralized administration and access Pg 330
Wireless Network Management System Centralizing of the administrative tasks Make configuration on WLAN controller Controller sends configs to APs Hardware or software solution Usually allows for additional functionality RF spectrum Planning and management Check alarms Reporting Management consoles Some security functions Not a Wireless Intrusion Detection System (WIDS) Not part of data path Pg 330
Wireless Network Management System Pg 331
Wireless Network Management System Must be sure they can control APs in use Purpose is to provide centralized management Being replaced by WLAN controllers Can also be used to control WLAN controllers and Autonomous APs Pg 330
Centralized WLAN architecture WLAn controller that is in the core of the network Autonomous APs replaced by lightweight APs or thin APs Less intelligence at the AP Most logic handled by the WLAN controlled WLAn controller handles the DSS and IS Encryption may still be on the AP Pg 332
Lightweight APs Somewhat limited software Designed to be controlled/configured by WLAn controller Can have dual 2.4 and 5 Ghz radios Also have software defined radios (SDR) Support multiple frequency bands Not at same time Some APs can be either lightweight or Autonomous Pg 332
WLAN controller Also called wireless switches Similar functionality to ethernet LAN switch Make traffic management decisions based on layer 2 addresses Pg 334
WLAN controller AP management-As mentioned earlier, the majority of the lightweight access point functions such as power, channels, and supported data rates are configured on the WLAN controller. This allows for centralized management and configuration of lightweight APs. 802.11 traffic tunneling-A key feature of most WLAN controllers is that the integration service (IS) and distribution system service (DSS) operate within the WLAN controller. All 802.11 traffic that is destined for wired-side network resources must first pass through the controller and be translated into 802.3 traffic by the integration service before being sent to the wired destination. Pg 334
WLAN controller 802.11 Frame is passed from AP to WLAN controller using an IP tunnel Generic Routing Encapsulation (GRE) Adds a new IP header to frame to pass it to WLAN controller Lightweight APs often use POE Tunnel frames to WLAN controller Pg 335
WLAN controller Pg 335
WLAN controller Although often at core, may also be at distribution, or access Depends on vendor solution and network architecture Can also have multiple WLAN controllers Pg 335
WLAN controller AP group profile defines the configuration settings for a single AP or group of access points. channel, transmit power, and supported data rates Virtual WLANs, often called WLAN profiles Different groups of 802.11 clients exist in a virtual WLAN. Set of configuration parameters that are configured on the WLAN controller. The profile parameters can include the WLAN logical name (SSID), WLAN security settings, VLAN assignment, and quality-of-service (QoS) parameters. WLAN profiles often work together with role-based access control (RBAC) mechanisms. When a user connects to a virtual WLAN, users are assigned to specific roles. Do not confuse the WLAN profile with an AP group profile. Multiple WLAN profiles can be supported by a single AP; however, an AP can alone belong to one AP group. Virtual BSSIDs-the BSSID is typically the MAC address of the access point’s radio card. WLAN controllers have the capability of creating multiple virtual BSSIDs. Each Virtual WLAN needs a unique logical identifier (SSID) that is also assigned to a specific VLAN. Pg 336
Virtual WLAN Pg 338
WLAN controller VLANs WLAN controllers fully support the creation of VLANs and 802.1Q VLAN tagging. Multiple wireless user VLANs can be created on the WLAN controller. The ability to create user VLANs is one of the main benefits of a WLAN controller, because they can provide for segmentation and security. VLANs may be assigned statically to WLAN profiles or may be assigned using a RADIuS attribute. A more detailed discussion of wireless VLANs can be found in Chapter 13, “802.11 Network Security Architecture.” User management WLAN controllers usually provide the ability to control the who, when, and where in terms of using role-based access control (RBAC) mechanisms. A more detailed discussion of RBAC can be found in Chapter 13. Layer 2 security support WLAN controllers fully support layer 2 WeP, WPA, and WPA2 encryption. Authentication capabilities include internal databases as well as full integration with RADIuS and LDAP servers. Pg 339
WLAN controller Layer 3 and 7 VPN concentrators Some WLAN controller vendors also offer VPN server capabilities within the controller. The controller can act as a VPN concentrator or end point for PPTP, IPSec, or SSL VPN tunnels. Captive portal WLAN controllers have captive portal features that can be used with guest WLANs and guest WLAN profiles. Because the captive portal authenticates users but has very limited encryption capabilities, it is rarely used for anything other than guest access. Automatic failover and load balancing WLAN controllers usually provide support for Virtual Router Redundancy Protocol (VRRP) for redundancy purposes. Most vendors also offer proprietary capabilities to load-balance wireless clients between multiple lightweight APs. Internal Wireless Intrusion Detection Systems Some WLAN controllers have integrated WIDS capabilities for security monitoring. A more detailed discussion on WIDS can be found in Chapter 14, “Wireless Attacks, Intrusion Monitoring, and Policy.” Pg 339
WLAN controller Dynamic RF spectrum management. WLAN controllers can use the RF information gathered from the lightweight access points to make changes to channel assignments and power levels for the APs. Often called radio frequency spectrum management (RFSM) RFSM provides automatic cell sizing, automatic monitoring, troubleshooting, and optimization of the RF environment Self-organizing and self-healing wireless LAN Bandwidth management Bandwidth pipes can be restricted upstream or downstream. Firewall capabilities Stateful packet inspection is available with an internal firewall in some WLAN controllers. Layer 3 roaming support Capabilities to allow seamless roaming across layer 3 routed boundaries are fully supported. A more detailed discussion on layer 3 roaming and the Mobile IP standard can be found in Chapter 12, “WLAN Troubleshooting.” Pg 339
WLAN controller 802.3-2005, clause 33—Power over Ethernet (PoE) When deployed at the access layer, WLAN controllers can provide direct power to lightweight APs via Poe. however, most lightweight APs are powered by third-party edge switches. Management interfaces Many WLAN controllers offer full support for common management interfaces such as GuI, CLI, SSh, and so forth. Pg 339
WLAN controller Key Features: Possible problems: AP Management User management Dynamic RF VLAN segmentation Roaming Possible problems: WLAN controlled can be bottleneck Complexity Pg 340
Split MAC Some MAC services managed at the WLAN controlled, some at the AP WMM at the controller Encryption at the AP WLAN controller becomes the gateway for 802.11 to 802.3 networking All AP frames are tunneled to the WLAN controller Many control and management frames go from AP to client No need for controller to be involved Beacon, probe responses, ACKs Pg 340
Remote Office WLAN controller Access layer WLAN controller deployment Often less processing power than full WLAN controller Smaller office support Communicate to main system over WAN Often use VPN tunnel over WAN Possibly support NAT and DHCP for remote office Pg 341
Distributed WLAN Architecture Larger deployments need more than one WLAN controller Each controller can only support a limited number of APs Add more controllers at core or distribution layer Usually parent and child controllers Set up a hierarchy WNMS might be used as well. Pg 341
Distributed WLAN Architecture Can also help manage data flow Distributed Data Forwarding Pg 341
Distributed WLAN Hybrid Managing fat/thin APs Hybrid APs QoS and forwarding handled at the edge APs are mananged centrally Pg 343
Unified WLAN Hybrid Integrate WLAN controller capabilities into wired devices Switches and routers Create multifunction devices Pg 343
Specialty WLAN Infrastructure Wireless Workgroup Bridges Wireless LAN bridge Enterprise Wireless Gateway Residential Wireless Gateway VPN Wireless Router Wireless LAN Mesh AP Enterprise Encryption Gateway WLAN Array Real Time Location Systems Pg 343
Wireless Workgroup Bridge Provide Wireless connectivity for wired infrastructure devices that do not have radio cards WGB card joins that BSS as a client Connect the wired devices Does not provide wireless access to other stations!! Less need due to commonness of wireless cards Pg 343
Wireless Workgroup Bridge Pg 343
Wireless LAN Bridge Bridge two or more wired networks Backbone between buildings Can be root or non-root Root is parent Non-root is child Point to Point or Point to Multipoint Bridge Modes: AP mode-Converts a bridge into an access point WGB mode-Converts a bridge into a workgroup bridge Repeater mode-Repeats the cell of a root bridge to a nonroot bridge Root with clients-Root bridge that also allows clients to associate Nonroot with clients-Nonroot bridge that also allows clients to associate Pg 344
Wireless LAN Bridge Generally don’t want clients connecting to bridge Security risk Traffic and bandwidth management Considerations: Fresnel zone, earth bulge, free space path loss, link budget, and fade margin. IR and eIRP power regulations as defined by the regulatory body of your country. On longer links, you have to manage ACK times Connections between building-Height Pg 346
Wireless LAN Bridge Pg 344
Enterprise Gateway Older device to segment wireless network Provides VPN/router/firewall functionality Used when there was less security on wireless networks Some functionality of WLAN controller Moving the IS and DSS to central device Not as common Pg 347
Residential Gateway Home wireless mutlifunction device Configurable 802.11 radio card Support for simple routing protocols such as RIP Network Address Translation (NAT) Port Address Translation (PAT) Port forwarding Firewall L2 security support (WeP or WPA-Personal or WPA2-Personal) DhCP server Multiport ethernet switch for connecting wired clients Pg 347
VPN Wireless Router Similar to SOHO devices but provide VPN connections Used in remote offices to provide VPN connection and wireless to branch Pg 348
Mesh Access Point APs that interconnect to provide self-healing, self-forming infrastructure Mesh networks route data between APs to find connection to DS Allow for re-routing as well No standard yet Can be part of core, distribution or access layer Depends on where and what connections it has Pg 348
Enterprise Encryption Gateway Middleware device to provide segmentation and encryption Provides encryption overlay Pg 349
WLAN Array Combine a WLAn controller and multiple APs in a single device Multiple APs are multiple radios Sector antennas Simplify physical arrangements Pg 350
Cooperative Control Proprietary solution Cooperative control protocols that let APs provide WLAN controller like functionality without a WLAN controller Like a mesh Pg 351
Virtual AP system Different way of setting up ESS All APs use the same BSSID (MAC Address) Clients can’t tell which AP they are connected to Also requires single channel architecture (SCA) All APs use same channel/frequency Needs WLAN controller/switch to handle intelligence Pg 352
Real Time Location Systems WLAN controllers and WIDs can track 802.11 clients by using APs as sensors Some vendors provide real time locations systems Track the client radio or RFID like tag to find a mobile device Pg 353
VoWiFi VoIP over WiFi Data and voice on mobile wireless devices VoWiFi phones Like a cell phone, but with 802.11 radio 802.11 APs and contorllers Need to support QoS to get good services PBX Link VoWiFi phones to PSTN QoS server Manages QoS for network/Voice Pg 354
Exam Essentials Know the major radio card formats. The 802.11 standard does not mandate what type of format can be used by an 802.11 radio. 802.11 radios exist in multiple formats. Understand the need for client adapters to have an operating system interface and a user interface. A client adapter requires a special driver to communicate with the operating system and a software client utility for user configuration. Identify the four major types of client utilities. The four types of client utilities are Soho, enterprise, integrated, and third party. Explain the progression of WLAN architecture. Be able to explain the differences and similarities of autonomous AP solutions and WLAN controller solutions. Identify the capabilities of all WLAN legacy infrastructure devices. Understand the capabilities of autonomous APs. Explain the differences between autonomous APs and lightweight APs.
Exam Essentials Identify the capabilities of a WLAN controller solution. Understand all the features and functionality that a WLAN controller solution provides. Be able to explain IP tunneling, split MAC architecture, virtual BSSIDs, WLAN profiles, and dynamic RF. Be able to explain the various ways that a WLAN controller solution can be scaled. explain the concept of distributed data forwarding. Explain the role and configuration of WLAN bridges and workgroup bridges. The CWNA test covers bridging quite extensively. know all of the different types of bridges and the difference between root and nonroot bridges. Be able to explain the differences between point-to-point and point-to-multipoint bridging. understand bridging problems such as ACk time-out, and study other bridging consideration that are covered in other chapters, such as the Fresnel zone and system operating margin
Exam Essentials Define WLAN mesh networking. Be able to explain that WLAN mesh routers use self-healing and self-forming methods and proprietary layer 2 routing protocols. understand the difference between single-band and dual-band mesh networks. Explain other WLAN specialty infrastructure. Be able to explain how EEG solutions, RTLS solutions, and VoWiFi solutions can all be integrated with a WLAN. explain other nontraditional WLAN solutions such as WLAN arrays, virtual APs, and cooperative control APs.