Presentation is loading. Please wait.

Presentation is loading. Please wait.

doc.: IEEE /xxxr0 Mike Moreton

Published byLeon Duane Watkins Modified over 6 years ago

Similar presentations

Presentation on theme: "doc.: IEEE /xxxr0 Mike Moreton"— Presentation transcript:

1 doc.: IEEE 802.11-02/xxxr0 Mike Moreton
Month 2002 doc.: IEEE /xxxr0 November 2003 802/802.1X/ Architecture Mike Moreton Mike Moreton, Synad Technologies John Doe, His Company

2 802.1Q Architectural Model November 2003
Mike Moreton, Synad Technologies

3 802.1Q – Position of LLC November 2003
Mike Moreton, Synad Technologies

4 SAPs in 802 (Not generally named in the standards)
November 2003 SAPs in 802 (Not generally named in the standards) ISS = Internal Sublayer Service Mike Moreton, Synad Technologies

5 802.1X Controlled and Uncontrolled Ports
November 2003 802.1X Controlled and Uncontrolled Ports There are two instances of LLC/SNAP per MAC entity, one for the controlled port, and one for the uncontrolled port. The MAC SAP always forwards a copy of each received frame to the uncontrolled LLC/SNAP entity. If the controlled port is authorised, then a copy is also sent to the controlled LLC/SNAP entity, and a further copy to the ISS SAP. When the controlled port is unauthorised, the MAC SAP will not pass frames for transmission received from the controlled LLC/SNAP entity, and the ISS SAP will not pass any frames for transmission. Mike Moreton, Synad Technologies

6 November 2003 802.1X Architecture Mike Moreton, Synad Technologies

7 Alternative 802.1X Port Architecture
November 2003 Alternative 802.1X Port Architecture The SNAP SAPs are split into controlled and uncontrolled. When the controlled port is authorised, traffic may pass via all SNAP SAPs and via the ISS SAP. When the controlled port is not authorised, traffic may only pass via the uncontrolled SNAP SAPs. Mike Moreton, Synad Technologies

8 Alternative 802.1X Controlled/Uncontrolled
November 2003 Alternative 802.1X Controlled/Uncontrolled Mike Moreton, Synad Technologies

9 802.11 in the 802.1 Architecture 802.11 is a shared access LAN
November 2003 in the Architecture is a shared access LAN Not suitable for Port-Based Access Control. 802.1X suggests associations can be used as “pseudo-ports”. But this requires isolation between STAs, which isn’t practical in TGi provides STA isolation by using a unique pairwise key for each one. But no isolation for group addresses. Only one copy is sent out, encrypted with a separate group key. TGi can not be modelled in the architecture purely as a set of pseudo-ports, one per association. Mike Moreton, Synad Technologies

10 802.11 in 802.1 – a Possible Solution
November 2003 in – a Possible Solution Each i association is modelled as a pseudo-port. However, the MAC entity for these ports is required to discard group addressed frames for transmission. Received group addressed frames are processed as normal. There is an additional permanent port used for transmitting group addressed frames The MAC entity for this port will only pass group addressed frames for transmission. All other frames (including received frames) are discarded. Is not controlled by 802.1X – always authorised. 802.11i will encrypt these frames, and may not send them if no STAs are associated. Mike Moreton, Synad Technologies

11 802.11 in 802.1 – The Diagram MAC Relay Entity EAPOL
November 2003 in – The Diagram EAPOL MAC Relay Entity Group Addressed Pseudo-Port STA 1 Pseudo-Port STA 2 Pseudo-Port STA 3 Pseudo-Port STA 4 Pseudo-Port STA 5 Pseudo-Port Mike Moreton, Synad Technologies

12 802.11 in 802.1 – Group Addressed Frame Flow
November 2003 in – Group Addressed Frame Flow The originating STA forwards the frame to the AP as a directed unicast frame This is the way has always done it It is received on the AP pseudo-port for that association. Assuming the associated controlled port is authorised, the frame is forwarded (with the recovered group address) to the Relay Agent. The Relay Agent distributes the frame to all ports other than the one it was received from. Each association pseudo port that receives the frame will discard it before transmission, as it does not have a unicast destination address. The multicast pseudo port will transmit the frame. All STAs will receive a single copy of the frame. The originating STA will discard the frame based on the source address. Again, this is the way has always done it. Mike Moreton, Synad Technologies

13 November 2003 Attached Bridges Standard APs do not forward frames for unknown addresses Can’t attach an 802.1D bridge via Standard defines 4 address format that could be used to carry unknown frames, but doesn’t describe how to use it. Many suppliers use proprietary indications in the association message to indicate an attached bridge, so that unknown frames can be forwarded to it. Mike Moreton, Synad Technologies

14 802.11 Bridging Some Questions
November 2003 Bridging Some Questions How do you secure who can be a bridge? Can it be anyone? Should an Ethernet 802.1X switch also discard unknown frames? If so, maybe “bridge indication” should be in 802.1X. What happens when multiple bridges are associated? Perhaps use group address? Mike Moreton, Synad Technologies

Download ppt "doc.: IEEE /xxxr0 Mike Moreton"

Similar presentations

Doc.: IEEE 802.11-04/1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.

Doc.: IEEE /1191r5 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.
Doc.: IEEE 802.11-04/1191r4 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.

Doc.: IEEE /1191r4 Submission November 2004 Mike Moreton, STMicroelectronicsSlide 1 AP Architecture Thoughts Mike Moreton, STMicroelectronics.
Submission doc.: IEEE 11-13/0406-05-00ak July 2013 Finn and Hart, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date: 2013-07-14.

Submission doc.: IEEE 11-13/ ak July 2013 Finn and Hart, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date:
Submission doc.: IEEE 11-13/0938r1 August 2013 Norman Finn, Cisco SystemsSlide 1 Service mapping between the ISS and 802.11 Date: 2013-08-05 Authors:

Submission doc.: IEEE 11-13/0938r1 August 2013 Norman Finn, Cisco SystemsSlide 1 Service mapping between the ISS and Date: Authors:
“Internetworking” Bridges –Transparent bridges –Source Routing - Transparent Bridges Routers (Network Layer) Brouters 11 2 3 22 11.

“Internetworking” Bridges –Transparent bridges –Source Routing - Transparent Bridges Routers (Network Layer) Brouters
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
CS335 Networking & Network Administration Tuesday, April 13, 2010.

CS335 Networking & Network Administration Tuesday, April 13, 2010.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)

1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Introducing Basic Layer 2 Switching and Bridging Functions.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Introducing Basic Layer 2 Switching and Bridging Functions.
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic
IEEE 802.1q - VLANs Nick Poorman.

IEEE 802.1q - VLANs Nick Poorman.
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General 802.11 Links Date: 2012-05-08 Authors:

Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-13/0406-03-00ak May 2013 Norman Finn, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date: 2013-05-09 Authors:

Submission doc.: IEEE 11-13/ ak May 2013 Norman Finn, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date: Authors:
Submission doc.: IEEE 11/13-0139-00-00ak Jan 2013 Norman Finn, Cisco SystemsSlide 1 802.1Qbz–802.11ak Solutions: Architecture Issue Date: 2013-01-16 Authors:

Submission doc.: IEEE 11/ ak Jan 2013 Norman Finn, Cisco SystemsSlide Qbz–802.11ak Solutions: Architecture Issue Date: Authors:
Chapter 9 Hardware Addressing and Frame Type Identification 1.Delivering and sending packets 2.Hardware addressing: specifying a destination 3. Broadcasting.

Chapter 9 Hardware Addressing and Frame Type Identification 1.Delivering and sending packets 2.Hardware addressing: specifying a destination 3. Broadcasting.
1 Ch 9 Hardware Addressing and Frame Type Identification.

1 Ch 9 Hardware Addressing and Frame Type Identification.
Submission doc.: IEEE 11-13/0406-04-00ak May 2013 Finn and Hart, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date: 2013-05-09.

Submission doc.: IEEE 11-13/ ak May 2013 Finn and Hart, Cisco SystemsSlide 1 P802.1Qbz + P802.11ak Proposed Division of Work Date:
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 7 Spanning Tree Protocol.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 7 Spanning Tree Protocol.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.

Similar presentations

Ads by Google