© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Wireless LANs Explaining WLAN Technology and Standards

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Unlicensed Frequency Bands ISM: Industry, scientific, and medical frequency band No license required No exclusive use Best effort Interference possible

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Radio Frequency Transmission Radio frequencies are radiated into the air via an antenna, creating radio waves. Radio waves are absorbed when they are propagated through objects (e.g., walls). Radio waves are reflected by objects (e.g., metal surfaces). This absorption and reflection can cause areas of low signal strength or low signal quality.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Radio Frequency Transmission Higher data rates have a shorter transmission range. –The receiver needs more signal strength and better SNR to retrieve information. Higher transmit power results in greater distance. Higher frequencies allow higher data rates. Higher frequencies have a shorter transmission range.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WLAN Regulation and Standardization Regulatory agencies FCC (United States) ETSI (Europe) Standardization IEEE Certfication of equipment Wi-Fi Alliance certifies interoperability between products. Certifications include a, b, g, dual-band products, and security testing. Certified products can be found at

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v © 2005 Cisco Systems, Inc. All rights reserved b

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v b Standard Standard was ratified in September 1999 Operates in the 2.4-GHz band Specifies direct sequence spread spectrum (DSSS) Specifies four data rates up to 11 Mbps –1, 2, 5.5, 11 Mbps Provides specifications for vendor interoperability (over the air) Defines basic security, encryption, and authentication for the wireless link Is the most commonly deployed WLAN standard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Channel Identifier Channel Center Frequency Channel Frequency Range [MHz] Regulatory Domain Americas Europe, Middle East, and Asia Japan MHz2401 – 2423XXX MHz2406 – 2428XXX MHz2411 – 2433XXX MHz2416 – 2438XXX MHz2421 – 2443XXX MHz2426 – 2448XXX MHz2431 – 2453XXX MHz2436 – 2458XXX MHz2441 – 2463XXX MHz2446 – 2468XXX MHz2451 – 2473XXX MHz2466 – 2478XX MHz2471 – 2483XX MHz2473 – 2495 X 2.4-GHz Channels

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v GHz Channel Use Each channel is 22 MHz wide. North America: 11 channels. Europe: 13 channels. There are three nonoverlapping channels: 1, 6, 11. Using any other channels will cause interference. Three access points can occupy the same area.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v b/g (2.4 GHz) Channel Reuse

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v b Access Point Coverage

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v © 2005 Cisco Systems, Inc. All rights reserved a

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v a Standard Standard was ratified September 1999 Operates in the 5-GHz band Uses orthogonal frequency-division multiplexing (OFDM) Uses eight data rates of up to 54 Mbps –6, 9, 12, 18, 24, 36, 48, 54 Mbps Has from 12 to 23 nonoverlapping channels (FCC) Has up to 19 nonoverlapping channels (ETSI) Regulations different across countries –Transmit (Tx) power control and dynamic frequency selection required (802.11h)

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v h implements TPC and DFS. With h in February 2004, the FCC added 11 channels. –23 channels in the United States (FCC) –19 channels in Europe (ETSI) –UNII-3 band currently not allowed in most of Europe 5-GHz Channels with h

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v a Channel Reuse h DFS not available Manual channel assignment required h DFS implemented Channel assignment done by Dynamic Frequency Selection (DFS) Only frequency bands can be selected

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v © 2005 Cisco Systems, Inc. All rights reserved g

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v g Standard Standard was ratified June 2003 Operates in the 2.4-GHz band as b –Same three nonoverlapping channels: 1, 6, 11 DSSS (CCK) and OFDM transmission 12 data rates of up to 54 Mbps –1, 2, 5.5, 11 Mbps (DSSS / b) –6, 9, 12, 18, 24, 36, 48, 54 Mbps (OFDM) Full backward compatiblity to b standard

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v g Protection Mechanism Problem: b stations cannot decode g radio signals b/g access point communicates with b clients with max. 11 Mbps b/g access point communicates with g clients with max. 54 Mbps b/g access point activates RTS/CTS to avoid collisions when b clients are present b client learns from CTS frame the duration of the g transmission. Reduced throughput is caused by additional overhead.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v © 2005 Cisco Systems, Inc. All rights reserved Standards Comparison

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v RF Comparison b – 2.4 GHz802.11g – 2.4 GHz802.11a – 5 GHz Pro Most commonly deployed WLAN standard Higher throughput OFDM technology reduces multipath issues Highest throughput OFDM technology reduces multipath issues Provides up to 23 nonoverlapping channels Con Interference and noise from other services in the 2.4-GHz band Only 3 nonoverlapping channels Distance limited by multipath issues Interference and noise from other services in the 2.4-GHz band Only three nonoverlapping channels Throughput degraded in the presence of b clients Lower market penetration

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Standards Comparison b802.11g802.11a Ratified Frequency band2.4 GHz 5 GHz No of channels33Up to 23 TransmissionDSSS OFDM Data rates [Mbps]1, 2, 5.5, 11 6, 9, 12, 18, 24, 36, 48, 54 Throughput [Mbps] Up to 6Up to 22Up to 28

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Range Comparisons

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Ratified IEEE Standards : WLAN 1 and 2 Mbps at 2.4 GHz a: WLAN 54-Mbps at 5 GHz b: WLAN 11-Mbps at 2.4 GHz d: Multiple regulatory domains e: Quality of service f: Inter-Access Point Protocol (IAPP) g: WLAN 54-Mbps at 2.4 GHz h: Dynamic Frequency Selection (DFS) Transmit Power Control (TPC) at 5 GHz i: Security j: 5-GHz channels for Japan

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Worldwide Availability

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v General Office WLAN Design Eight g access points deployed 7 users per access point with no conference rooms provides 3.8 Mbps throughput per user 7 users + 1 conference room (10 users) = 17 total users, provides 1.5 Mbps throughput per user 54 Cubes4 Conference Rooms 95 Feet Conference Room 120 Feet Reception Conference Room

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WLAN as a Shared Medium: Best Practices 2.4-GHz b bandwidth calculations 25 users per cell; general office maximum users limited by bandwidth Peak true throughput 6.8 Mbps –6.8 Mbps * 1024/25 = kbps per user 2.4-GHz g bandwidth calculations 20 users per cell; general office maximum users limited by bandwidth Peak true throughput 32 Mbps –32 Mbps * 1024/20 = 1683 kbps per user 5-GHz a bandwidth calculations 15 users per cell; general office users limited by coverage, not bandwidth Peak true throughput 32 Mbps –32 Mbps * 1024/15 = 2188 kbps per user

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v © 2005 Cisco Systems, Inc. All rights reserved. WLAN Security

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Why WLAN Security? Wide availability and low cost of IEEE wireless equipment standard ease of use and deployment Availability of sniffers Statistics on WLAN security Media hype about hot spots, WLAN hacking, war driving Nonoptimal implementation of encryption in standard Wired Equivalent Privacy (WEP) encryption Authentication vulnerability

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WLAN Security Threats

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Mitigating the Threats Control and Integrity Privacy and Confidentiality Protection and Availability AuthenticationEncryption Intrusion Detection System (IDS) Ensure that legitimate clients associate with trusted access points. Protect data as it is transmitted and received. Track and mitigate unauthorized access and network attacks.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Evolution of WLAN Security No strong authentication Static, breakable keys Not scalable Initial (1997) Encryption (WEP) Interim (2001) 802.1x EAP Dynamic keys Improved encryption User authentication 802.1x EAP (LEAP, PEAP) RADIUS Interim (2003) Wi-Fi Protected Access (WPA) Standardized Improved encryption Strong, user authentication (e.g., LEAP, PEAP, EAP- FAST) Present Wireless IDS IEEE i WPA2 (2004) Identification and protection against attacks, DoS AES strong encryption Authentication Dynamic key management

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Wireless Client Association Access points send out beacons announcing SSID, data rates, and other information. Client scans all channels. Client listens for beacons and responses from access points. Client associates to access point with strongest signal. Client will repeat scan if signal becomes low to reassociate to another access point (roaming). During association SSID, MAC address and security settings are sent from the client to the access point and checked by the access point.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WPA and WPA2 Authentication

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WPA and WPA2 Encryption

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WLAN Security Summary WPA Passphrase WEP Encryption 802.1x EAP Mutual Authentication TKIP Encryption WPA / WPA i Security

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Security Evaluation Evaluate effectiveness of encrypted WLAN statistics. Focus on proper planning and implementation. Estimate potential security threats and the level of security needed. Evaluate amount of WLAN traffic being sent when selecting security methods. Evaluate tools and options applicable to WLAN design.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Summary The 2.4-GHz and 5-GHz frequency bands are used by WLAN standards. The throughput per user depends on the data rate and the number of users per wireless cell b has data rates of up to 11 Mbps at 2.4 GHz a has data rates of up to 54 Mbps at 5 GHz g has data rates of up to 54 Mbps at 2.4 GHz a has a shorter range than g. For maximum efficiency, limit the number of users per cell. Different WLAN security types with authentication and encryption satisfy the security requirements of enterprise and home users.

© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v WLAN Lab