Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen CIS 585 v1 © 2002, Sapium Inc., Cisco Systems, Inc. Permission granted.
Download ReportTranscript Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen CIS 585 v1 © 2002, Sapium Inc., Cisco Systems, Inc. Permission granted.
Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen CIS 585 v1 © 2002, Sapium Inc., Cisco Systems, Inc. Permission granted for reproduction and modification to 1 Dr. Ganesan for educational purposes. Presentation Overview • WLAN Intro, Site Survey, Hardware – Stephen Choi • WLAN Bridging, Antennas – Kevin Todd • WLAN Security Features – Stanley Yen Presentation References: Permission granted for reproduction and modification to Dr. Ganesan for educational purposes. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 2 Wireless in a Wired World • Wireless LAN growth and trends - Mobility, Costs Savings - Disaster Recovery Solution - Embedded Devices • Wireless Standards – WECA 802.11b, 802.11a, 802.11g • Wireless more common in public spaces – Airports, Universities, Hotels, Cafes, etc. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 3 Example Project : Hilton Hotel / SG External Network BBSM Other Services Internet and VPN Internal Network Cisco 2600 Catalyst 3500 XL Credit Card RADIUS Server Server CAT5 Cable Catalyst 2924 LRE UBR7xxx LRE Catalyst 3524 PWR XL Aironet 350 CAT5 Cable Coax Cable - Video Servers - Local Content POTS Splitter LRE 48 PSTN PBX Network Catalyst 2924 XL CPE LRE LRE CPE VPN Conference Room / Lounge / Pool Wireless Connections © 2002, Cisco Systems, Inc., Sapium Inc. 10/100 Ethernet Room 1 Cable www.cisco.com | www.sapium.com Room 2 Existing Telephone Pairs 4 Hilton Hotel – Wireless WAN Frame Relay PMS12.HILTONWORLD WIDE.COM HILTON / PAS HILTON / SG Distance 4+ miles, DLOS The Hilton/SG utilizes wireless LAN technology inside and outside the building. Hilton/SG will connect to corporate intranet and Internet resources via wireless bridges from Hilton/PAS, which is approximately 4 miles apart. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 5 Cisco Packet Magazine • Current Issue / 2nd Quarter 2002 • Also online: http://www.cisco.com/go/packet • Welcome to the Wireless Enterprise • WLAN How-to series Part 1: Preparing for wireless LANs Part 2: How to Build a Secure WLAN • The Once and Future WLAN © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 6 Access Points What are Access Points? Acts as a wireless hub for wireless devices Extends the range of coverage for a wireless LAN Access points can accommodate a maximum number of wireless users Access points can get expensive so a site survey is always recommended © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 7 Wireless Site Survey What is a site survey? Ensure Coverage and VPN Connectivity/Subnets Interference, absorption, noise SNR and Packet retry count (<10%) “Outside In” approach for Access Points Reduce Cost Understand the application Packet Magazine, 2nd Quarter, 2002 A good site survey can cost thousands! © 2002, Cisco Systems, Inc., Sapium Inc. http://www.cisco.com/go/packet www.cisco.com | www.sapium.com 8 Roaming / Port Hopping Port Hopping Allows a WLAN user to seamlessly move from one access point to another without having to reauthenticate or experience interrupted service. Deployed in a typical Cisco BBSM (Building Broadband Service Manager) application – Hotel, Apartment users can roam throughout network and stay connected. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 9 In-Line Power In-Line Power: • Makes installation easier • Reduces the number of power outlets • Works for most wireless devices – including access points, bridges, IP phones, etc. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 10 Bridges / Workgroup Bridges Wireless Bridgeconnects a LAN to another LAN that uses the same protocol over a high-speed wireless connection at a range from 1 to 25 miles. Workgroup Bridge- A bridge that is used in a WLAN to provide a link between remote workgroups, satellite offices, and mobile users to an Access Point or Wireless Bridge. © 2002, Cisco Systems, Inc., Sapium Inc. Wireless Bridge Access Points Workgroup Bridge www.cisco.com | www.sapium.com 11 Wireless Bridge Features Enables outdoor links between buildings up to 25 miles. Ideal for harsh environments and installations subject to plenum rating. Temperature ranges from -20° to 55°C with a NEMA enclosure. Supports Point to Point (PTP) and Point to Multipoint (PTMP) configurations. Broad ranges of supported antennas. Connect hard to wire sites, noncontiguous floors, satellites offices, temporary networks, and warehouses with Inline power. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 12 Workgroup Bridge Example © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 13 Point to Point (PTP) / Point to Multi-Point (PTMP) Bridges PTP bridges Connect a LAN in one building to a LAN in another building. Composed of a pair of bridges and directional antennae. Antennae must have a line of sight with each other. Cable is run from the antenna to its bridge which is connected to the network. Comply with IEEE 802.11b wireless standard (allows for interoperability) or proprietary (faster speeds up to 100Mbps). PTMP bridges can bring networks of multiple buildings together and require omni-directional antennae. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 14 Point to Point / Point to Multi-Point Point-to-Point Wireless Bridge Solution Point-to-Multipoint Wireless Bridge Solution © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 15 Antennas Most antennas are Omni-directional or Directional. Each bridge has a radio built in or modular. Each radio is composed of the transmitter and the receiver. The transmitter encodes data from the LAN into the specified frequency spectrum and then transmits in through the antenna. The receiver does the opposite, by decoding the frequencies from the antenna into data to be placed on the LAN. Most wireless network products operate in the Industrial, Scientific, and Medical (ISM) bands (2.42.4835 GHz – IEEE 802.11a) © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 16 Antennas Omni-directional Antenna Directional Antenna (Yagi) © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 17 Omni-directional Antennas Ceiling Mounted Antenna © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com Mast Mounted Antenna 18 Directional Antennas Dish Antenna Yagi Antenna © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 19 Antennas Fresnel Zone- the elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal. As the distance between buildings grow, the curve of the earth (earth bulge) affects installation and requires antennas to be placed at higher elevations. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 20 Antennas Wireless Link Distance (miles) Approximate 60% of Fresnel Zone (ft. at 2.4 GHz) Approximate Earth Curvature (ft.) Mounting Height (ft. with no obstructions) 1 5 10 15 20 25 10 30 44 55 65 72 3 5 13 28 50 78 13 35 57 83 115 150 © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 21 Wirel ess spee d Company Product Name/ Model Cisco Systems Cisco Aironet 350 11 Mbps Lucent Technolo gies WCND ORiNOC O AP1000 Access Points $995 11 Mbs Proxim Stratu m $19,95 0 20 Mbps Proxim Stratu m 100 $32,95 0 100 Mbps Proxim Stratu m MP $2,195 10 Mbps Tsunam i 100 5.3/5.8 GHz $17,99 5 100 MBps $11,09 5 45 Mbps full duple x Western Multiplex Western Multiplex Tsunam i 45 5.8GHz List Price © 2002, Cisco Systems, Inc., Sapium Inc. 802. 11 LAN Speed Temp. PTMP Radio used Ante nna dista nce from brid ge Yes 10/100 Mbps Min -20 C Max +55 C Yes Internal 100 feet ISM Yes 10/100 Mbps Min 0 C Max +40 C Yes PC Card 75 feet ISM No 10/100 Mbps Min -30 C Max +55 C No Internal 1000 feet UNll No 10/100 Mbps Min -30 C Max +55 C No Internal 1000 UNll No 10 Mbps Min -15 C Max +40 C Yes Internal 200 feet ISM No 100 Mbps Min -30 C Max +65 C No Internal >300 feet UNll Min -30 C 100 Max +65 Mbps C www.cisco.com | www.sapium.com No Internal >300 feet UNll Max. range @ max data rate Antennas 18 miles 12 miles 7 miles 7 miles 12 miles 5 miles 15 miles No Band 22 Wireless LAN Security Wireless LAN Security Components of Wireless LAN Security SSID and WEP Encryption, Decryption, and Ciphers Authentication Mutual Authentication via RADIUS Controversy Over Strong Encryption © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 23 Components of Wireless LAN Security What is wireless LAN security? • Access control ensures that sensitive data can be accessed only by authorized users. • Access to wired LAN’s is physical access to LAN ports while wireless LAN’s place “ports” everywhere within a certain radius of the access point. • Privacy ensures that transmitted data can be received and understood only by the intended audience. • Data transmitted on a wired LAN is directed to a particular destination while data on a wireless LAN is broadcasted over radio waves within a certain radius of the access point. • Security breach on a wired LAN is possible only if the LAN is physically compromised while a security breach on a wireless LAN can be performed from anywhere within the operating distance of the wireless LAN. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 24 SSID and WEP IEEE 802.11b standard defines two mechanisms for providing access control and privacy. 1. SSID (Service Set Identifiers) • Rudimentary level of access control. • Common network name for the devices in a wireless LAN. 2. WEP (Wired Equivalent Privacy) • Prevent unauthorized users, who lack a correct WEP key, from gaining access to the network. • Protects wireless LAN data streams by encryption and allowing decryption only by users with the correct WEP keys. • Static WEP Keys vs. Dynamic WEP Keys. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 25 Encryption, Decryption, and Ciphers Encryption • Conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption • Process of converting encrypted data back into its original form, so it can be understood. Ciphers • Sophisticated computer algorithms that rearrange the data bits in digital signals. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 26 Authentication IEEE 802.11b standard defines two types of authentication methods. 1. Open Authentication • Authentication process is in clear-text and a client can associate with an access point even without supplying the correct WEP key. 2. Shared Key Authentication • Access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point. Authentication by MAC (Media Access Control) address • Access point will allow association by a client only if that client’s MAC address matches an address in an authentication table used by the access point. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 27 Mutual Authentication via RADIUS Why Mutual Authentication? • Shared key authentication is only one-way. • Rogue access points can be placed on a wireless LAN. How Mutual Authentication Works: © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 28 Controversy Over Strong Encryption Strong Encryption • Ciphers that are essentially unbreakable without the decryption keys. • Companies and consumers view strong encryption as means to keep secrets, minimize fraud, and protect privacy. • Governments view strong encryption as potential vehicles by which criminals and terrorists might evade authorities. • Key-Escrow concept being debated. © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 29 Conclusion • Any Questions and Answers © 2002, Cisco Systems, Inc., Sapium Inc. www.cisco.com | www.sapium.com 30