CCNA Complete Course: wireless

Showing posts with label wireless. Show all posts

Sunday, 27 October 2019

Wireless LAN Configuration, Setup and Setting

This is article is about the Wireless LAN Configuration and you will learn you can setup your wireless network. I will share the wireless router configurations with detailed examples. In next steps we will be brief about how to configure the clients for wireless network. So it is a complete artilcle on Wireless LAN Configuration, Setup and Setting and in the end you will learn some wireless troubleshooting methods.

Configuration of a wireless router

Modern wireless routers offer a variety of features, and most are designed to work without any additional configuration apart from the default configuration. However, it is advisable to change the initial default settings .
Wireless home routers are configured through a GUI web interface.
A basic approach to wireless implementation, as in any basic network work, is to configure and test progressively. For example, before deploying a wireless device, verify that the existing wired network works and that wired hosts can access Internet services.
Once the operation of the wired network is confirmed, the implementation plan consists of the following:

Step 1 . Begin the WLAN implementation process with a single AP and a single wireless client, without enabling wireless security.
Step 2 . Verify that the client received a DHCP IP address and can ping the local default router connected by cable, and then explore external Internet.
Step 3. Configure wireless security with WPA2 / WPA Mixed Personal. Never use WEP, unless there are no other options.
Step 4 . Make a backup copy of the configuration.

Wireless Router Configuration Example

Before installing a wireless router, consider the following settings:

SSID Name : WLAN network name.
Network password (if required): if requested by the system, this is the password required to associate and access the SSID.
Router password : this is the router administration password, equivalent to the enable secret password of the privileged EXEC mode.
Name of the SSID of the guest network : for security reasons, guests can be isolated with a different SSID.
Guest network password : this is the password to access the guest SSID.
Linksys Smart Wi-Fi username : Internet account required to access the router remotely via the Internet.
Linksys Smart Wi-Fi password: password to access the router remotely.

The table in the illustration describes the configuration example used to configure the Linksys EA6500 wireless router.

Parameters and administration settings to take into account.
Administration Parameters	Setting
Network Name (SSID)	Home network
Network password	cisco123
Router password	class123
Guest Network Name (SSID)	Red-guests-home
Guest network password	cisco
Linksys Smart Wi-Fi username	My name
Linksys Smart Wi-Fi password	class12345

To configure and install the Linksys EA6500 router software, follow these steps:

Step 1 . Insert the CD into the CD or DVD drive, and the installation should start automatically. If the installation CD is not available, download the installation program from http://Linksys.com/support .
Step 2 . Click Next to start the installation. The program starts the installation and shows a status window. During this time, the installation program tries to configure and enable the Internet connection. In the example, the Internet connection is not available and, after some requests to connect to the Internet, the option to skip this step is shown.

The Linksys router configuration window is displayed. This is where the SSID, wireless password and administrative password are configured.

Step 3 . Click Next to display the router configuration summary screen. Register this setting if the initial table was not previously completed.
Step 4 . Click Next to display the Linksys Smart Wi-Fi account settings window.

This window allows you to manage the router remotely over the Internet. In this example, the Linksys Smart Wi-Fi account is not set up because there is no Internet access.

Step 5 . Click Continue to display the Sign In window. Because the Internet connection was not configured, the router's administrative password is required.
Step 6. After entering the password, click Log In to display the Linksys Smart Wi-Fi home page.

Linksys Smart Wi-Fi homepage settings

The Linksys Smart Wi-Fi homepage is divided into the following three main sections:

Router Settings : Use this section to modify connectivity settings, troubleshooting, wireless technology and security.
Smart Wi-Fi Tools : Use this section to see who is currently connected to the network, create a separate network for guests, configure parental control to protect your children, prioritize bandwidth For specific applications and devices, test the speed of the Internet connection and control access to shared files.
Smart Wi-Fi Widgets : Provides a quick summary of the Smart Wi-Fi Tools section.

Smart Wi-Fi settings.

Smart Wi-Fi settings allow you to do the following:

Configure the basic router parameters for the local network . This tool can be used to configure a DHCP reservation, change the router administration password, change the Linksys router IP address, configure Linksys routers with a static route, configure the router with a cable Internet service and configure the MTU parameters of the Linksys router.
Diagnose and solve network connectivity problems . It contains the current status of the router and connected devices. It can also be used to perform a ping and traceroute test, back up and restore the current router configuration, check the WAN IP address, reset and reset the router to factory default settings, and maintain the router status
Protect and customize the wireless network . It can also be used to enable and configure the wireless MAC filter and connect devices easily using WPS.
Keep the network protected against Internet threats by configuring the DMZ feature.
View the computers and devices connected in the network, and configure port forwarding.

Smart Wi-Fi Tools

Smart Wi-Fi tools provide additional services that include the following:

Device List : See who is connected to the WLAN.
Guest Access : Create a separate network for up to 50 guests at home and, at the same time, protect network files with the Guest Access tool.
Parental Controls : Protect children and family members by restricting access to potentially harmful websites.
Media Prioritization : Prioritize bandwidth for specific applications and devices.
Speed Test : This tool is used to test the upload and download speed of the Internet link. It is useful for establishing the baseline.
USB Storage : controls access to shared files. Configure how users can access shared files.

Backing up a configuration

In the same way that the IOS of a Cisco router must have a backup in case of failure, the configuration of a home router must also have it.

Making a configuration backup is easy with the Linksys EA6500 wireless router.

Step 1 . Log in to the Smart Wi-Fi homepage. Click on the Troubleshoot icon to display the Status window for troubleshooting.
Step 2 . Click on the Diagnostics tab to open the Diagnostics window of the Troubleshooting section
Step 3 . Under the heading Router configuration, click Backup and save the file in an appropriate folder.

Note : To upload a previously saved backup, click Restore, locate the file and begin the restoration process.

Connection of wireless clients

Once the AP or wireless router is configured, the wireless NIC on the client must be configured to allow it to connect to the WLAN.

The user must also verify that the client has successfully connected to the corresponding wireless network, especially since there are likely to be many available WLANs to which it can connect.

WLAN troubleshooting

The resolution of any type of network problems must follow a systematic method. Logical models of network technology, such as OSI and TCP / IP models , divide network functionality into modular layers.

When troubleshooting is done, these layered models can be applied to the physical network to isolate network problems. For example, if the symptoms suggest a physical connection problem, the network technician can focus on troubleshooting the circuit that works in the physical layer. If that circuit works correctly, the technician looks at the areas in another layer that could be causing the problem.

There are three main troubleshooting methods to solve the problems of a network:

Ascending: start with layer 1 and continue upwards
Descending: start in the upper layer and continue downwards
Divide and conquer: ping the destination. If the pings fail, check the lower layers. If the pings are done correctly, check the upper layers

Connectivity issue

When troubleshooting a WLAN, a removal process is recommended .

In the illustration, a wireless client does not connect to the WLAN. If there is no connectivity, check the following:

Confirm the network configuration on the computer using the ipconfig command . Verify that the PC received an IP address through DHCP or is configured with a static IP address.
Confirm that the device can connect to a wired network. Connect the device to the wired LAN and ping a known IP address.
If necessary, reload the drivers for the client, as appropriate. It may be necessary to try a different wireless NIC.
If the wireless NIC of the client works, check the security mode and encryption settings on the client. If the security settings do not match, the client cannot access the WLAN.

Connection failure of a wireless client

Now, if the computer works but the wireless connection works poorly, check the following:

How far is the AP computer? Is the computer outside the planned coverage area (BSA)?
Check the channel settings on the wireless client. The client software must detect the appropriate channel as long as the SSID is correct.
Also check the presence of other devices in the area that may interfere with the 2.4 GHz band.

Examples of these devices are cordless phones, baby monitors, microwave ovens, wireless security systems and potentially unauthorized APs. Data from these devices can cause interference in the WLAN and intermittent connection problems between the wireless client and the AP.

Next, make sure all devices are really in place. Consider a possible physical security problem. Is there power for all devices, and these are turned on?

Finally, inspect the links between wired devices to detect defective or damaged connectors or missing cables. If the physical plant is in place, ping the devices, including the AP, to verify the wired LAN. If connectivity continues to fail at this time, there may be some error in the AP or its configuration.

When the user's computer is discarded as the source of the problem and the physical condition of the devices is confirmed, begin to investigate the AP's performance. Check the power status of the AP.

Troubleshooting for a slow wireless network

To optimize and increase the bandwidth of dual band 802.11n / ac routers, do the following:

Update your wireless clients : devices older than 802.11b and even 802.11g can make the entire WLAN slower. To achieve the best performance, all wireless devices must support the same highest acceptable standard.
Divide traffic : The easiest way to improve wireless performance is to divide wireless traffic between the 2.4 GHz and 5 GHz 802.11n bands. Therefore, IEEE 802.11n (or higher) can use the two bands as Two separate wireless networks to help manage traffic.

For example, use the 2.4 GHz network for basic Internet tasks, such as web browsing, email and downloads, and use the 5 GHz band for multimedia streaming, as shown in Figure 1 .

Traffic division

There are several reasons to use a traffic division method:

The 2.4 GHz band may be suitable for basic Internet traffic that does not depend on the time factor.
Bandwidth can still be shared with other nearby WLANs.
The 5 GHz band is much less populated than the 2.4 GHz band, ideal for multimedia streaming.
The 5 GHz band has more channels; therefore, it is more likely that the channel chosen will not have interference.

By default, dual band routers use the same network name in the 2.4 GHz and 5 GHz bands. The simplest way to segment traffic is to change the name of one of the wireless networks. With a descriptive and separate name, it is easier to connect to the correct network.

To improve the reach of a wireless network, make sure that the physical location of the wireless router is free from obstructions, such as furniture, fixed items and tall appliances. These block the signal, which reduces the reach of the WLAN.

If this does not solve the problem, a Wi-Fi range extender or wireless network technology can be used.

Firmware update

The IOS of the Linksys EA6500 router is called “ firmware ”. You may need to update the firmware if there is a problem with the device or if a new feature is included in the new firmware update. Regardless of the reason, most modern wireless home routers offer upgradeable firmware.

You can easily update the Linksys EA6500 Smart Wi-Fi router firmware using the following steps:

Step 1 . Access the Linksys Smart Wi-Fi home page.
Step 2 . Click on the Connectivity icon to open the Connectivity window
Step 3 . Under the Firmware Update tab, click Check for Updates.

The router responds No updates found or requests that the new firmware be downloaded and installed.

All About Wireless LAN Network Security

Wireless LAN Network Security

This is the most important article about the Wireless LAN Network Security, threats for wireless LANs are also explained. If you are the network professional you must read this full in order to understand the about the wireless LAN security. Also the security mechanisms of a wireless LAN are also described. For securing your Wireless LAN Network, you must aware with the wireless network threats. So first we will see some of the most common WLAN threats.

WLAN Security Threats

The difficulties of keeping a wired network secure are multiplied with a wireless network. Security must be a priority for anyone who uses or manages networks.
A WLAN is open to anyone within the scope of an AP with the corresponding credentials to associate with it. With a wireless NIC and knowledge of decoding techniques, an attacker will not have to physically enter the workspace to gain access to a WLAN.
People outside the company, dissatisfied employees and even other employees may involuntarily generate the attacks. Wireless networks are specifically vulnerable to several threats, including the following:

Wireless intruders
Unauthorized Applications
Data interception
DoS attacks

There are other threats, such as MAC address impersonation attacks from an AP or wireless client, decoding attacks and infrastructure attacks.

DoS attack

Wireless DoS attacks can be the result of the following:

Misconfigured devices : configuration errors can disable WLAN. For example, an administrator may accidentally modify a configuration and disable the network, or an intruder with administrator privileges may intentionally disable a WLAN.
A malicious user intentionally interferes with wireless communication: his goal is to disable the wireless network completely or to the point that no legitimate device can access the medium.
Accidental interference : WLANs operate in the unlicensed frequency bands and, therefore, all wireless networks, regardless of security features, may suffer interference from other wireless devices.

Accidental interference can come from devices such as microwave ovens, cordless phones, baby monitors, among others. The 2.4 GHz band is more prone to interference than the 5 GHz band.
To minimize the risk of a DoS attack due to mis-configured devices or malicious attacks, protect all devices and passwords, create backup copies and ensure that all configuration changes are incorporated outside of operating hours.

Accidental interference only occurs when another wireless device is added.
The best solution is to control the WLAN to detect any interference problem and address it when it appears. Because the 2.4 GHz band is more prone to interference, the 5 GHz band could be used in areas with a tendency to interference.
The illustration shows how a cordless phone or even a microwave can interfere with WLAN communication.
Cisco CleanAir technology allows devices to identify and locate sources of interference that are not 802.11. Create a network that has the ability to automatically adjust to changes in the environment.

DoS attacks on administration frames

While unlikely, a malicious user could intentionally initiate a DoS attack using RF blockers that cause accidental interference .

They are more likely to try to manipulate management frames to consume AP resources and keep channels too busy to support legitimate user traffic.
Administration frames can be manipulated to create various types of DoS attack. The two types of attacks common to administration frames include the following:

A supplanted disconnection attack : this occurs when an attacker sends a series of "disassociation" commands to wireless clients within a BSS.

These commands cause all clients to disconnect. Upon disconnection, wireless clients immediately attempt to re-associate, which creates a traffic burst. The attacker continues to send disassociation frames, and the cycle repeats.

A saturation with CTS : this occurs when an attacker takes advantage of the CSMA / CA contention method to monopolize bandwidth and deny all other wireless clients access to the AP. To achieve this, the attacker repeatedly saturates the BSS with Ready to send (CTS) frames to a false STA. All other wireless clients that share the RF medium receive the CTS and retain their transmissions until the attacker stops transmitting the CTS frames.

In following figure, it is shown how a wireless client and an AP use CSMA / CA normally to access the medium.

In Image, it is shown how an attacker saturates with CTS by sending this type of frames to a fake wireless client.

All other clients must now wait for the duration specified in the CTS frame. However, the attacker continues to send CTS frames; Therefore, other customers wait indefinitely. The attacker now controls the medium.

Solutions

To mitigate many of these attacks, Cisco developed a variety of solutions, including Cisco's Administration Frame Protection (MFP) feature, which also provides proactive and complete protection against impersonation of frames and devices.
The Cisco Adaptive Wireless IPS contributes to this solution through an early detection system that compares the attacker's signatures.
The IEEE 802.11 committee also released two standards regarding wireless security.

The 802.11i standard , which is based on the Cisco MFP feature, specifies security mechanisms for wireless networks.
The 802.11w administration frame protection standard addresses the problem of handling these frames.

Unauthorized Access Points

An unauthorized AP is an AP or a wireless router that:

It was connected to a business network without explicit authorization or against company policy.

Anyone with access to the facilities can install (maliciously or unintentionally) an inexpensive wireless router that can allow access to protected network resources.

An attacker connected or enabled it to capture client data, such as client MAC addresses (wireless and wired), or to capture and camouflage data packets, gain access to network resources or initiate a man-in- attack. the-middle (middleman).

To avoid installing unauthorized APs, organizations must use monitoring software to actively monitor the radio spectrum for unauthorized APs . In the example of the screenshot of the Cisco Prime Infrastructure network management software in the illustration, an RF map is shown in which the location of an intruder with an impersonated MAC address is identified.

Cisco Prime is a network management software that works with other management software to provide a common look and central location of all network information. Normally, it is implemented in very large organizations.

Man in-the-middle Attack

One of the most sophisticated attacks that a malicious user can use is called "a man-in-the-middle taque " (MITM, intermediary). There are several ways to create a MITM attack.
A popular wireless MITM attack is called an " intrusive network AP attack ", in which an attacker enters an unauthorized AP and configures it with the same SSID as that of a legitimate AP. The locations that offer free Wi-Fi, such as airports, cafes and restaurants, are hotbeds for this type of attack, due to open authentication.

Clients that connect to a wireless network would see two APs that offer wireless access.
Those near the unauthorized AP detect the strongest signal and are more likely to associate with this intrusive network AP.
User traffic is now sent to the unauthorized AP, which in turn captures the data and forwards it to the legitimate AP.
The return traffic of the legitimate AP is sent to the unauthorized AP, captured and forwarded to the unsuspecting STA.
The attacker can steal the user's password and personal information, gain access to the network and compromise the user's system.

For example, in Image, a malicious user is in Juan's Cafeteria and wants to capture the traffic of unsuspecting wireless clients. The attacker launches software that allows his laptop to become an intrusive network AP with the same SSID and the same channel as the legitimate wireless router.
A user sees two available wireless connections, but chooses the unauthorized AP and associates with it. The attacker captures user data and forwards it to the legitimate AP, which in turn directs return traffic to the intrusive network AP. The intrusive network AP captures return traffic and forwards the information to the unsuspecting user.

Coping with a MITM attack

Beating an MITM attack depends on the sophistication of the WLAN infrastructure and the monitoring of network monitoring activity. The process begins with the identification of legitimate devices in the WLAN.
To do this, users must be authenticated. Once all legitimate devices are known, the network can be monitored for abnormal devices or traffic.
WLANs from companies that use advanced technology WLAN devices provide tools to administrators who work together as a wireless intrusion prevention (IPS) system.
These tools include scanners that identify ad hoc networks and unauthorized APs , as well as radio resource management (RRM), which controls the RF band to monitor AP activity and load. An AP that is busier than usual warns the administrator about possible unauthorized traffic.

WLAN Protection Authentication & Encryption

Without strict security measures, installing a WLAN is equivalent to placing Ethernet ports everywhere, even outdoors.
To address threats related to keeping wireless intruders away and protecting data, two security features were initially used:

SSID concealment : APs and some wireless routers allow the SSID signal frame to be disabled. Wireless clients must manually identify the SSID to connect to the network.
MAC address filtering : An administrator can allow or deny wireless access to clients manually based on the physical hardware MAC address.
While these two features can deter most users, the reality is that neither SSID concealment nor MAC address filtering could deter a skilled intruder.

SSIDs are easily discovered, even if APs do not broadcast them, and MAC addresses can be supplanted. The best way to protect a wireless network is to use authentication and encryption systems.
Two types of authentication were introduced with the original 802.11 standard:

Open system authentication : any wireless client should be able to connect easily, and this method should only be used in situations where security is not a concern, such as in places that provide free Internet access, such as cafes, hotels and remote areas.
Authentication via shared key : provides mechanisms such as WEP, WPA or WPA2 to authenticate and encrypt data between a wireless client and AP. However, the password must be previously shared between the two parties for them to connect.

Authentication methods using shared key for Wireless LAN Network Security

As shown in above Image, there are three authentication techniques using a shared key:

Privacy comparable to wired networks (WEP)
Wi-Fi Protected Access (WPA)
IEEE 802.11i / WPA2

WEP is no longer recommended . It was found that the shared WEP keys have errors and, therefore, should never be used. To counteract the weakness of shared WEP keys, the first approach of companies was to test techniques, such as concealment of SSIDs and filtering of MAC addresses. It was found that these techniques are also too weak.
After the weaknesses of a WEP-based security, there was a period of interim security measures. Providers such as Cisco, who want to respond to the demand for better security, developed their own systems and, at the same time, helped with the evolution of the 802.11i standard . On the road to 802.11i, the TKIP encryption algorithm was created , which joined the Wi-Fi Alliance WPA security method.
Modern wireless networks should always use the 802.11i / WPA2 standard. WPA2 is the Wi-Fi version of 802.11i and, therefore, the terms WPA2 and 802.11i are often used interchangeably.
Since 2006, any device that has the Wi-Fi Certified logo is WPA2 certified.

Encryption methods For Wireless Sercurity

Encryption is used to protect data. If an intruder captures encrypted data, you cannot decrypt it for a reasonable period.
The IEEE 802.11i standard and the Wi-Fi Alliance WPA and WPA2 standards use the following encryption protocols:

Temporary Key Integrity Protocol (TKIP) : is the encryption method used by WPA.

Provides support for legacy WLAN equipment that addresses the original failures associated with the 802.11 WEP encryption method. Use WEP, but encrypt layer 2 content using TKIP and perform a message integrity check (MIC) on the encrypted package to ensure that the message was not altered.

Advanced Encryption Standard (AES) : is the encryption method used by WPA2.

It is the preferred method, as it aligns with the IEEE 802.11i industry standard. AES performs the same functions as TKIP, but it is a more secure encryption method. It uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) protocol, which allows target hosts to recognize whether the encrypted and unencrypted bits were altered.
Due to the vulnerability of WPA2, the WiFi Alliance announced that in 2018 WPA 3 will be launched. You can read about some WLAN improvements on this link .

Authentication of a Home User

WPA and WPA2 support two types of authentication:

Personnel : designed for home or small office networks; Users are authenticated using a previously shared key (PSK). Wireless clients authenticate with the AP using a previously shared password. No special authentication server is required.
Enterprise (Enterprise) : designed for enterprise networks, but requires a remote user telephone authentication service (RADIUS) server.

While its configuration is more complicated, it provides additional security. The RADIUS server must authenticate the device and then users must authenticate using the 802.1X standard, which uses the Extensible Authentication Protocol (EAP).

Authentication in the company Wireless LAN Network Security

On networks that have more stringent security requirements, additional authentication or login is required to grant access to wireless clients.
Enterprise security mode options require a RADIUS server with authentication, authorization and accounting (AAA).
These fields are necessary to provide the AP with the information required to contact the AAA server:

IP address of the RADIUS server : this is the address of the RADIUS server that can be reached.
UDP port numbers: The officially assigned UDP port numbers are 1812 for RADIUS authentication and 1813 for RADIUS accounting, but they can also work through UDP port numbers 1645 and 1646.
Shared key : used to authenticate the AP with the RADIUS server.

The shared key is not a parameter that must be configured in a STA. It is only required on the AP to authenticate with the RADIUS server.

Note : no password field is indicated, because authentication and user authorization itself are handled by the 802.1X standard, which provides end-users with centralized server-based authentication.

The 802.1X login process uses EAP to communicate with the AP and the RADIUS server . The EAP is a structure to authenticate access to the network. You can provide a secure authentication mechanism and negotiate a secure private key that can then be used for a wireless encryption session using TKIP or AES encryption.

Wireless Channel Management In WLAN

this is a brief article on Wireless Channel Management In WLAN. Wireless LAN devices have transmitters and receivers tuned to specific frequencies of radio waves to communicate.
It is usual to assign frequencies as ranges. These ranges are then divided into smaller ranges called "channels."
This article is series of following previous article you can go through these for better understanding:

Wireless Frequency Channel Saturation

If the demand for a specific channel is too high, it is likely that that channel will be oversaturated . The saturation of a wireless medium deteriorates the quality of communication. Over the years, a number of techniques were created to improve wireless communication and relieve saturation. The techniques listed below mitigate channel saturation by using channels more efficiently:

Direct sequence spread spectrum (DSSS)

This is a spread spectrum modulation technique. The spread spectrum is designed to spread the signal across a wider frequency band, which makes it more resistant to interference.

With DSSS, the signal is multiplied by a "manufactured noise" known as " extension code ". Because the receiver knows about the extension code and when it was added, you can remove it mathematically and reconstruct the original signal.
In effect, this creates redundancy in the transmitted signal in an effort to counteract the loss of quality in the wireless medium. The 802.11b standard uses DSSS. Cordless phones that operate in the 900 MHz, 2.4 GHz and 5.8 GHz bands, mobile phone networks with CDMA and GPS networks also use it. (Image 13).

Frequency jump spread spectrum (FHSS)

This also depends on the spread spectrum methods to communicate.
It is similar to DSSS, but transmits radio signals by quickly switching a carrier signal between many frequency channels.

With FHSS, the sender and receiver must be synchronized to "know" which channel to skip. This process of skipping channels allows more efficient use of the channels, which decreases the congestion of the channel. Walkie-talkies and 900 MHz cordless phones also use FHSS, and Bluetooth uses a variant of FHSS. The original 802.11 standard also uses FHSS. (Image 14).

Orthogonal Frequency Division Multiplexing (OFDM)

It is a subset of frequency division multiplexing in which a single channel uses several subchannels at adjacent frequencies.
The subchannels in an OFDM system are precisely orthogonal to each other, which allows the subchannels to overlap without interfering. As a result, OFDM systems can maximize spectral efficiency without causing interference in adjacent channels.

In effect, this makes it easier for the receiving station to "hear" the signal. Because OFDM uses subchannels, the use of channels is very effective. A number of communication systems, including 802.11a / g / n / ac standards, use OFDM. (Image 15).

Wireless Channel Selection

The IEEE 802.11b / g / n standards operate at the microwave frequencies of the radio spectrum. The IEEE 802.11b / g / n standards operate in the 2.4 GHZ at 2.5 GHz spectrum, while the 802.11a / n / ac standards operate in the 5 GHz band, which is regulated to a greater extent.

In above figure, it is highlighted which 802.11 standard operates in the 2.4 GHz, 5 GHz and 60 GHz bands. Each spectrum is subdivided into channels with a central frequency and bandwidth, similar to the way in which subdivide the radio bands.
The 2.4 GHz band is subdivided into several channels. The combined overall bandwidth is 22 MHz, and each channel is separated by 5 MHz. The 802.11b standard identifies 11 channels for North America .

The 22 MHz bandwidth, in combination with the 5 MHz separation between the frequencies, produces an overlap between the successive channels, as shown in above figure.

The interference occurs when an unwanted signal is superimposed on a reserved channel for a desired signal, causing possible distortion. The solution to interference is to use channels that do not overlap. Specifically, channels 1, 6 and 11 are non-overlapping 802.11b channels, as shown in following image.

For WLANs that require multiple APs, it is recommended to use non-overlapping channels. If there are three adjacent APs, use channels 1, 6 and 11. If there are only two, select those two that are separated by five channels, such as channels 5 and 10.
As enterprise WLANs migrate to 802.11n, they can use channels in a larger and less populated 5 GHz band, which reduces accidental "denial of service (DoS)." For example, the 802.11n standard uses OFDM and can support four non-overlapping channels.
The 802.11n standard can also use channel linking, which combines two 20 MHz channels into 40 MHz channels. Channel linking increases performance, since it uses two channels at the same time to deliver data.
The most modern APs can automatically adjust the channels to avoid interference.

Planning a WLAN implementation

Implementing a WLAN that makes the best use of resources and delivers the best service may require careful planning.

WLANs can range from relatively simple installations to intricate and very complex designs. Before a wireless network can be implemented, a well-documented plan must exist.

The number of users that a WLAN can support is not a simple calculation. The number of users depends on the geographical layout of the installation, including the number of people and devices that can fit in a space, the data speeds that users expect, the use of non-overlapping channels by several APs in an ESS and transmission power settings.

You can review floor plan in above figure. When planning the location of the APs, the administrator cannot simply draw circles from the coverage area and throw them on a plane. The approximate circular coverage area is important, but there are some additional recommendations:

If APs must use existing wiring or if there are locations where APs cannot be placed, mark these locations on the map.
Position the APs above the obstructions.
If possible, position the APs vertically, near the ceiling, in the center of each coverage area.
Place APs in locations where users are expected to be. For example, conference rooms are, in general, a better location for APs than a hallway.

Wireless Coverage area

Once these points are addressed, calculate the expected coverage area of an AP . This value varies according to the WLAN standard or the combination of standards that are implemented, the nature of the installation, the transmission power that is configured in the AP, and so on. Always check the specifications for the AP when planning coverage areas.
BSAs represent the coverage area provided by a single channel. In an ESS, there should be a 10% to 15% overlap between BSAs. With a 15% overlap between BSAs, an SSID and non-overlapping channels (that is, one cell in channel 1 and the other in channel 6), mobile capacity can be created.

In above figure, an example of how BSAs could be superimposed is provided.

Other factors include site surveys, which are detailed analyzes of where to locate the different PAs.

CSMA / CA & Wireless Network Operation

This article is about CSMA / CA & Wireless Network Operation serial of wireless WLAN, in previous article was about 802.11 Frame Structure Wireless. Remember that the media contention method is the method by which devices determine how and when to access the media when traffic is to be forwarded through the network. IEEE 802.11 WLANs use the CSMA / CA MAC protocol . While the name is similar to that of the Ethernet Carrier Sense Multiple Access with Collision Avoidance CSMA / CD method, the operational concept is completely different.

CSMA / CA Carrier Sense Multiple Access with Collision Avoidance

Wi-Fi systems are half-duplex shared media configurations; therefore, wireless clients can transmit and receive on the same radio channel.
This creates a problem, since a wireless client cannot hear while sending; therefore, it is not possible to detect a collision. To address this problem, IEEE developed an additional mechanism for collision prevention called “ distributed coordination function ” (DCF).
Through DCF, a wireless client transmits only if the channel is free. All transmissions are confirmed; Therefore, if a wireless client does not receive an acknowledgment, it assumes that a collision occurred and tries again after a random waiting interval.
Wireless clients and APs use the RTS and CTS control frames to facilitate the transfer of data itself.

As shown in above figure, when a wireless client sends data, it first evaluates the means to determine if other devices are using them to transmit.
Otherwise, it sends an RTS frame to the AP.
This frame is used to request dedicated access to the RF medium during a specific period.
The AP receives the frame and, if available, grants the wireless client access to the RF medium by sending a CTS frame of the same duration.
All other wireless devices that observe the CTS frame transfer the media to the transmitting node for transmission.
The CTS control frame includes the period during which it is allowed to transmit to the transmitting node. Other wireless clients retain transmissions for at least the specified period.

Association of access points and wireless clients

For wireless devices to communicate over a network, they must first be associated with an AP or a wireless router. An important part of the 802.11 process is to discover a WLAN and connect to it.

Wireless devices use management frames to complete the following three-stage process:

Discover new wireless APs.
Authenticate with the AP.
Join the AP.

To associate, a wireless client and an AP must agree on specific parameters. To allow the negotiation of these processes, the parameters must be configured in the AP and later in the client.

Association Parameters of Wireless Network

Common configurable wireless parameters include the following:

SSID : An SSID is a unique identifier that wireless clients use to distinguish between several wireless networks in the same area.
The name of the SSID appears in the list of wireless networks available on a client. Depending on the network configuration, several APs in a network can share an SSID. In general, names have a length of 2 to 32 characters.
Password : The wireless client needs it to authenticate with the AP. Passwords are sometimes called a "security key." Prevents intruders and other unwanted users from accessing the wireless network.
Network mode : refers to the WLAN 802.11a / b / g / n / ac / ad standards. APs and wireless routers can operate in Mixed mode, which means they can use several standards at once.
Security mode : refers to the configuration of security parameters, such as WEP, WPA or WPA2. Always enable the highest level of security that is supported.
Channel settings : refers to the frequency bands used to transmit wireless data. Routers and wireless APs can choose the channel configuration, or it can be set manually if there is interference with another AP or wireless device.

Note : All routers and wireless APs must be protected with the highest available configuration. The None (WEP) or WEP options should be avoided, which should only be used in situations where security is not a cause for concern.

AP detection

Wireless devices must detect an AP or a wireless router and connect to it. Wireless clients connect to the AP through an analysis (polling) process. This process can be done in the following ways:

Passive mode : The AP openly announces its service by periodically sending broadcast signal frames containing the SSID, supported standards and security settings.

The main purpose of the signal is to allow wireless clients to discover which networks and which APs exist in a given area, so that they can choose which network and which AP to use.

Active mode : Wireless clients must know the name of the SSID. The wireless client starts the process by broadcasting a polling request frame on several channels. The polling request includes the name of the SSID and the supported standards.

If an AP or a wireless router is configured to not broadcast the signal frames, the active mode may be required.

How Active Mode AP works

Above figure shows how the passive mode works with the AP that broadcasts a signal frame with a certain frequency.

Above Image shows how active mode works with a wireless client that broadcasts a polling request for a specific SSID. The AP with that SSID responds with a polling response frame.
To discover nearby WLAN networks, a wireless client could also send a polling request without an SSID name .
APs configured to broadcast broadcast signal frames would respond to the wireless client with a polling response and provide the name of the SSID. The APs with the broadcast feature of the broadcast SSID disabled do not respond.

Authentication

The 802.11 standard was originally developed with two authentication mechanisms:

Open authentication : fundamentally, a NULL authentication where the wireless client says “authenticate me” and the AP answers “yes”. Open authentication provides wireless connectivity to any wireless device and should be used only in situations where security is not a concern.
Shared key authentication : a technique that is based on a previously shared key between the client and the AP.

Wireless Authentication process

In above Image, a simple overview of the authentication process is provided. However, in most installations with shared key authentication, the exchange is as follows:

The wireless client sends an authentication frame to the AP.
The AP responds with a challenge text to the client.
The client encrypts the message using the shared key and returns the encrypted text to the AP.
Next, the AP decrypts the encrypted text using the shared key.
If the decrypted text matches the challenge text, the AP authenticates the client. If the messages do not match the challenge text, the wireless client is not authenticated and wireless access is denied.

Wireless Association process

Once a wireless client was authenticated, the AP continues with the association stage. As shown in Image 12, the association stage completes the configuration and establishes the data link between the wireless client and the AP.

As part of this stage:

The wireless client forwards an association request frame that includes its MAC address.
The AP responds with an association response that includes the BSSID of the AP, which is the MAC address of the AP.
The AP assigns a logical port known as "association identifier" (AID) to the wireless client. The AID is equivalent to a port on a switch and allows the infrastructure switch to keep a record of the frames intended for the wireless client to resend.
Once a wireless client is associated with an AP, traffic between the client and the AP can flow.

Next Related Post: Wireless Channel Management.

802.11 Frame Structure Wireless LAN

802.11 Frame Structure Wireless LAN Operations

This section is intended to describe the 802.11 frame structure. Describe the method of media access used by wireless technology. And finally, describe the management of channels on a WLAN.

802.11 Frame Structures

All Layer 2 frames consist of an FCS header, content and section, as shown in Image 1. The 802.11 frame format is similar to the Ethernet frame format, with the exception that it contains more fields .

802.11 wireless frame

All 802.11 wireless frames contain the following fields:

Frame control : Identifies the type of wireless frame and contains subfields for the protocol version, frame type, address type, power management and security settings.
Duration : in general, it is used to indicate the remaining duration necessary to receive the next frame transmission.
Address 1 : Normally, it contains the MAC address of the wireless AP device or receiver.
Address 2 : Normally, it contains the MAC address of the wireless transmitter device or AP.
Address 3 : sometimes, it contains the MAC address of the destination, such as the router interface (default gateway) to which the AP connects.
Sequence control : contains the subfields Sequence number and Fragment number. The Sequence Number indicates the sequence number of each frame. The Fragment Number indicates the number of each frame that was sent from a fragmented frame.
Address 4 : usually missing, since it is used only in ad hoc mode.
Content : contains the data for transmission.
FCS : is the Frame Verification Sequence, used to control Layer 2 errors.

Frame control field

The Frame Control field contains several subfields, as shown in following figure.

Specifically, the Frame Control field contains the following subfields:

Protocol version : provides the current version of the 802.11 protocol used. Receiving devices use this value to determine if the protocol version of the received frame is supported.
Frame type and Frame subtype : determine the function of the frame. A wireless frame can be a control frame, a data frame or an administration frame.
A DS and DS : indicate whether the frame enters or leaves the DS, and is only used in the data frames of the wireless clients associated with an AP.
More fragments : indicates if there are more fragments of the frame to receive, whether of the type of data or administration.
Retry : indicates whether the frame is transmitted again or not, whether data frames or administration frames.
Power management : indicates whether the emitting device is in active mode or in energy saving mode.
More data : indicates to a device in power saving mode that the AP has more frames to send. It is also used for APs to indicate that there are additional broadcast and multicast frames.
Security : indicates whether encryption and authentication are used in the frame. It can be set for all data and administration frames that have the subtype set to authentication.
Reserved : You can indicate that all received data frames must be processed in order.

Wireless frame type

The Frame Type and Frame Subtype fields are used to identify the type of wireless transmission. As shown in the illustration, a wireless frame can be one of three types of frame:

Administration frame : it is used for the maintenance of communication, such as the detection of an AP, its authentication and the association with said AP.
Control frame: used to facilitate the exchange of data frames between wireless clients.
Data frame : used to transport content information, such as web pages and files.

Administration Frames

Administration frames are used exclusively to search for an AP, authenticate and associate with it.

In above figure, the field value of common administration frames is shown, including the following:

Association request frame: (0x00) is sent from a wireless client, allows the AP to allocate resources and synchronize. The frame carries information about the wireless connection, including the supported data rates and the SSID of the network to which the wireless client is to be associated. If the request is accepted, the AP reserves memory and establishes an association ID for the device.
Association response frame: (0x01) is sent from an AP to a wireless client, it contains the acceptance or rejection of the association request. If it is an acceptance, the frame contains information such as an association ID and the supported data rates.
Re-association request frame: (0x02) a device sends a re-association request when it goes out of the scope of the AP to which it is currently associated and finds another AP with a stronger signal. The new AP coordinates the forwarding of all the information that the previous AP buffer may still contain.
Re-association response frame: (0x03) is sent from an AP, it contains the acceptance or rejection of a re-association request frame of a device. The frame includes the information required for the association, such as the association ID and the supported data rates.
Polling request frame: (0x04) is sent from a wireless client when it requires information from another wireless client.
Polling response frame : (0x05) is sent from an AP after receiving a polling request frame and contains capacity information, such as supported data rates.
Signal frame: (0x08) is sent periodically from an AP to announce its presence and provide the SSID and other parameters configured previously.
Dissociation frame: (0x0A) is sent from a device that wishes to terminate a connection. Allows the AP to stop the memory allocation and remove the device from the association table.
Authentication frame : (0x0B) the sending device sends an authentication frame containing its identity to the AP.
Deauthentication frame: (0x0C) is sent from a wireless client that wishes to terminate the connection of another wireless client.

Note : Signals are the only administration frames that an AP can transmit on a regular basis. All other polling, authentication and association frames are used only during the association (or re-association) process.

Control frames

Control frames are used to manage the exchange of information between a wireless client and an AP. They help avoid collisions in a wireless medium.
The field value of common control frames, including the following:

Send Request Frame (RTS) : RTS and CTS frames provide an optional collision reduction scheme for APs with hidden wireless clients. A wireless client sends an RTS frame as the first step in the two-way link, which is required before sending data frames.
Ready to Send Frame (CTS) : A wireless AP responds to an RTS frame with a CTS frame. Provides authorization for the wireless client that made the request to send data frames. The CTS frame contributes to the management of collision control by including a time value. This delay minimizes the likelihood of other customers transmitting while the client who made the request does.
Acknowledgment (ACK) frame: After receiving a data frame, the receiving wireless client sends an ACK frame to the sending client if no errors are found. If the sending client does not receive an ACK frame within a predetermined period, it resends the frame.
Control frames are essential for wireless transmission and play an important role in the method of contention of the means used by wireless technologies, known as " multiple access by carrier detection and collision prevention " (CSMA / CA).

CSMA / CA Wireless network