1 / 40

WLAN Infrastructure

WLAN Infrastructure. 802.11 Products. Spread. Spread. Spectrum. Spectrum. Wireless. Wireless. LANs. LANs. Wireless. 54. Mbps. 10. Mbps. 4. Mbps. Wireless Data. Infrared. Infrared. 2. Mbps. Wireless. Wireless. Networks. LANs. LANs. Data Rates. 1. Mbps. Broadband.

prem
Download Presentation

WLAN Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WLAN Infrastructure

  2. 802.11 Products Spread Spread Spectrum Spectrum Wireless Wireless LANs LANs Wireless 54 Mbps 10 Mbps 4 Mbps Wireless Data Infrared Infrared 2 Mbps Wireless Wireless Networks LANs LANs Data Rates 1 Mbps Broadband PCS Broadband PCS 56 Kbps Metricom Metricom Circuit & Packet Data Circuit & Packet Data 19.6 Kbps Cellular, CDPD, RAM, ARDIS Cellular, CDPD, RAM, ARDIS Satellite Satellite 9.6 Kbps Narrow Band Narrow Band Narrowband PCS Narrowband PCS Wireless LANs Wireless LANs Local Coverage Area Wide

  3. 2.4 – 2.4835 GHz 83.5 MHz (IEEE 802.11B) 902-928 MHz 26 MHz 5 GHz (IEEE 802.11A) HyperLAN HyperLAN2 Future Technology Older Product License Free ISM Band Short Wave Radio FM Broadcast Infrared wireless LAN AM Broadcast Television Audio Cellular (840MHz) NPCS (1.9GHz) Extremely Low Very Low Low Medium High Very High Ultra High Super High Infrared Visible Light Ultra- violet X-Rays Notes: Very little spectrum is for unlicensed use. Current Product

  4. 6 7 9 3 10 5 11 1 4 8 2 2483 2400 Channels- 802.11b Spectrum: 83MHz Channels: Three 22MHz stationary channels. Only 3 non-overlapping. Speeds: 1, 2, 5.5, and 11 Mbps data rate

  5. Coverage 1 Mbps DSSS 2 Mbps DSSS 5.5 Mbps DSSS 11 Mbps DSSS

  6. Bandwidth Blue= 11Mb Total Bandwidth=33MB Green=11Mb Red=11Mb

  7. Channel 1 Channel 11 Channel 6 Channel 11 Channel 6 Channel 6 Channel 1 Channel 11 Channel 1 Channel 11 Site Survey Channel Mapping

  8. 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 11 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 5.5 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps 2 Mbps Site Survey Bandwidth Layout

  9. 30mW Cell Size Comparison 11 Mbps DSSS 80-100 feet radius 5.5 Mbps DSSS 100-200 feet radius 2 Mbps DSSS 200-275 feet radius 30 milli-Watt client and Access Point range capabilities

  10. Cell Size Comparison, Cont. • Full Antenna Power – 30mW • 3 Access Points 1 1 6 11 2 • Reduce Antenna power - 5mW • 18 Access Points • Fewer users per access point 1 11 6 1 11 6 6 1 11 6 1 11 11 6 1 11 6 1

  11. Antennas • Antennas extend range by changing the shape of the signal • Different applications call for different antennas • Measurements given in “gain” – dBI • Cable type/length greatly affects “gain”

  12. Antennas, Cont. Maximum Coverage Autorate Negotiation Wireless for Students DiPole Indoor, Patch Outdoor AP’s on Isolated LAN with PIX 11 1 6 Class 1 Class 2 Class 3 Class 4 850’ Hallway Class 8 Class 9 Class 10 Class 11 1 6 1 Courtyard Building 1000’ 1000’

  13. Antennas, Cont. Maximum Coverage Autorate Negotiation Cabling Only Available at Store Front Yagi Antennas and DiPole 1 11 6 850’ 11 6 1 2000’

  14. Products Evolving • Better radios – better reception, improved bandwidth • Better management • Easier to deploy (in-line power) • More security • New standards

  15. Inline Power

  16. 100mW Cell Size Comparison 11 Mbps DSSS 100-150 feet radius 5.5 Mbps DSSS 150-250 feet radius 2 Mbps DSSS 250-350 feet radius 100 milli-Watt client and Access Point range capabilities

  17. 802.11a (fall?) Spectrum (US*): 50mW from 5.150 – 5.250 GHz 250mW from 5.250 - 5.350 GHz 1W from 5.725 – 5.825 GHz Speeds: 6, 12, and 24Mbps for compliances 54Mbps+ expected Channels: 20 MHz channels Vendors? 8 - 15

  18. Wired or Wireless… • Wireless pilots encouraged, but would not invest heavily – technology changing • Wireless is not a replacement for wired networks at this time

  19. Some Problems

  20. Other Frequency Hopping 802.11b Bluetooth HomeRF Cordless Phone Interference potential

  21. Colliding channel allocations? How to implement authentication (WEP)? Coordination between autonomous departments? Interference with other devices? On different subnets? Different accesses policies? Dueling Access Points? Signal leakage between buildings? Building codes? Problems with just plugging it in Building A Building B • You are not in control.

  22. Wireless Networks are Public • Public networks will be designed, installed, and managed by TIS on department’s behalf (and on departments funding) • Public networks must be authenticated • Installation will be professional, following UT building codes and practices • Spectrum will be allocated/adjudicated by TIS • Public interest will be considered over private interest in wireless conflicts • There are always exceptions

  23. Which Vendor?

  24. Authentication

  25. Authentication Schemes • SSIDs (Service Set Identifiers) • Broadcast in clear by unit and clients. Anyone can hear and insert. • WEP (Wired Equivalent Privacy) • Uses RC4, problems with exchanging keys. Either sent in clear or have to be manually configured and then exposed on client. • MAC (hardware address restrictions) • Restrict based on Ethernet hardware address. Hard to manage across all access points. Any card can pretend to be any MAC address.

  26. Authentication Schemes, Cont. • UTEID (home grown) • http://www.tis.utexas.edu/network/pubaccess/ • UT’s home grown digitally signed fat cookie application. Doesn’t provide encryption, but doesn’t require any custom software and is compatible with all OSes. • 802.1X / EAP / LEAP • Extended Authentication Protocol, Lightweight Extended Authentication Protocol • Solves authentication and key distribution problem. Evolving standard and isn’t supported on some OSes. LEAP doesn’t use same secured mechanisms as EAP-TLS. • VPN (Virtual Private Network) • Requires client software. All traffic has to go to VPN gateway and back – obviates local routing/switching.

  27. SSID - Broadcast in clear by AP and client, anyone can add to their client - Must be manually configured on all clients • Provides no encryption of signals • Provides no user authentication/accounting

  28. WEP + Provides some encryption (still vulnerable to same attack as wired networks ala dsniff) - Uses shared key which is exposed to other clients • Key must be manually configured on all clients (or sent in clear) • Has various crypto defects • Provides no user authentication/accounting

  29. MAC • Requires obtaining hardware addresses of all clients • MAC address can be duplicated by any client • Must be maintained on all APs (not scalable) • Provides no encryption • Provides no user authentication/accounting

  30. UT EID + Provides user authentication utilizing well known mechanism (already in use on wired ports) + Requires no additional software and is available on all platforms - Funnels all traffic through central gateway which obviates local switching/routing • No encryption provided • Home grown – unclear how to integrate with new offerings

  31. 802.1x/EAP Authentication

  32. EAP over LAN 802.1X Authenticator/Bridge Radius Server Ethernet Laptop computer Port connect Access blocked EAPOL EAPOL-Start RADIUS EAP-Request/Identity Radius-Access-Request EAP-Response/Identity Radius-Access-Challenge EAP-Request Radius-Access-Request EAP-Response (cred) Radius-Access-Accept EAP-Success Access allowed

  33. EAP over Wireless Wireless Access Point Radius Server Ethernet Laptop computer Association Access blocked 802.11 Associate 802.11 RADIUS EAPOL-Start EAPOW EAP-Request/Identity Radius-Access-Request EAP-Response/Identity Radius-Access-Challenge EAP-Request Radius-Access-Request EAP-Response (cred) Radius-Access-Accept EAP-Success EAPOW-Key (WEP) Access allowed

  34. Future EAP Client Work ? • Microsoft placing 802.11 EAP Native supplicant in, • Win2K, WinCE • What about other Microsoft OSes? • Win9x/WinNT (need LEAP) • What about other OSes? • Linux, MacOS (need LEAP)

  35. Access Point A Access Point B Adapter listens for beacons from APs. Adapter evaluates AP beacons, selects best AP. Adapter sends association request to selected AP (B). AP B confirms association and registers adapter. AP B informs AP A of re-association with AP B. AP A forwards buffered packets to AP B and de-registers adapter. Roaming from Access Point A to Access Point B Change AP Association Steps to Re-association:

  36. 802.1X/EAP/LEAP + Provides user authentication/accounting in scalable manner + Provides encryption (still vulnerable to same attack as wired networks ala dsniff) • Evolving standard • Requires client software not extant on all platforms • Network equipment more likely to be proprietary • Will require inve$tment in new authentication infrastructure • LEAP doesn’t support same encryption features

  37. VPN + Provides user authentication + Provides encryption • Requires software on all clients • Funnels all traffic through VPN gateway, obviates local switching/routing • Dedicated expen$ive VPN gateway hardware needed at high traffic rates, and new authentication infrastructure

  38. What about other devices?Handheld? • EAP (Extensible Authentication Protocol) • VPN (IP SEC) • PPP (PPTP, PPPOE) • LEAP (Lightweight & Efficient Application Protocol) – card drivers, only one time user/password authentication

  39. We don’t decide… UTEID: • Already deployed • Could transition to VPN from UTEID easily or run in parallel • 802.1x would mean flag day for any mechanism and isn’t ready for deployment …see what the industry decides

  40. Multicast Applications • Multicast Support is in WLAN infrastructure • Multicast has problems when Clients Roam • Router/L2 Switch is unaware of Client move • Router/Switch still sends multicast stream to original AP • Multicast stream terminated when Router/L2 timesout due to non-response to multicast query • No IGMP leave is sent by AP or Client

More Related