Module 12

Module Objectives

• WLAN Concepts: Explain how WLANs enable network connectivity.
  • Introduction to Wireless: Describe WLAN technology and standards.
  • Components of WLANs: Describe the components of a WLAN infrastructure.
  • WLAN Operation: Explain how wireless technology enables WLAN operation.
  • CAPWAP Operation: Explain how a WLC uses CAPWAP to manage multiple APs.
  • Channel Management: Describe channel management in a WLAN.
  • WLAN Threats: Describe threats to WLANs.
  • Secure WLANs: Describe WLAN security mechanisms.

Introduction to Wireless

• Benefits of Wireless:
  • WLANs provide mobility in homes and businesses.
  • Adapt to changing needs and technologies.

Types of Wireless Networks

• Wireless Personal-Area Network (WPAN):

  • Range: 20-30 feet (6-9 meters)
  • Based on IEEE 802.15; frequency: 2.4 GHz.
  • Examples: Bluetooth, Zigbee.

• Wireless LAN (WLAN):

  • Range: Up to 300 feet; based on IEEE 802.11; frequencies: 2.4 or 5.0 GHz.

• Wireless MAN (WMAN):

  • Covers large geographic areas; specific licensed frequencies.

• Wireless WAN (WWAN):

  • National/global communication; uses specific licensed frequencies.

Wireless Technologies

• Bluetooth:

  • Range up to 300 ft (100m); embodies WPAN standard.

• WiMAX (Worldwide Interoperability for Microwave Access):

  • Broadband connectivity; operates up to 30 miles (50 km).

• Cellular Broadband:

  • Used by mobile devices; includes GSM and CDMA standards.

• Satellite Broadband:

  • Requires clear line of sight; typically used in rural areas.

802.11 Standards Overview

Operating Frequencies

• 2.4 GHz (UHF): Used by 802.11b/g/n/ax
• 5 GHz (SHF): Used by 802.11a/n/ac/ax

Wireless Standards Organizations

• ITU (International Telecommunication Union): Regulates radio spectrum allocation.
• IEEE (Institute of Electrical and Electronics Engineers): Specifies modulation standards.
• Wi-Fi Alliance: Promotes WLAN interoperability among vendors.

WLAN Components

Essential WLAN Components

• Wireless NICs: Allow devices to communicate wirelessly.
• Wireless Router: Serves as an access point, router, and switch.
• Access Points (APs): Discoverable by wireless clients for connectivity.
  • Autonomous APs: Configured manually; operates independently.
  • Controller-based APs: Managed by a Wireless LAN Controller (WLC).

Antenna Types

• Omnidirectional: 360-degree coverage;
• Directional: Focus signal in one direction (e.g., Yagi, parabolic dish);
• MIMO: Multiple Input Multiple Output - uses multiple antennas for increased bandwidth.

WLAN Operation

Topology Modes

• Ad hoc Mode: Peer-to-peer connection without AP;
• Infrastructure Mode: Connects clients via AP;
• Tethering: Allows devices to share cellular data.

Basic and Extended Service Sets

• Basic Service Set (BSS): Single AP for interconnecting clients (clients on different BSSs cannot communicate);
• Extended Service Set (ESS): Multiple BSSs interconnected via wired network, allowing communication between clients.

802.11 Frame Structure

• The 802.11 frame format extends the Ethernet frame format with additional fields.

Collision Avoidance Framework

• CSMA/CA: Wireless clients proactively manage data transmission to avoid collisions:
  • Listens for idle channels;
  • Sends RTS message to acquire channel;
  • Waits for CTS before transmission.

CAPWAP Operation

Overview of CAPWAP

• CAPWAP: IEEE protocol enabling a WLC to manage multiple APs.
  • Utilizes Datagram Transport Layer Security (DTLS) for security.
  • Operates over both IPv4 and IPv6.

Split MAC Architecture

• Distributes AP functions between AP MAC and WLC MAC:
  • AP: Manages beacons, authentication, and client associations;
  • WLC: Handles packet prioritization, encryption, and traffic termination.

DTLS Security

• DTLS: Secures control and management traffic between AP and WLC.

Flex Connect AP Modes

• Connected Mode: WLC managed;
• Standalone Mode: AP can manage local client traffic when disconnected from WLC.

Channel Management

Frequency Channels

• 2.4 GHz Band: Non-overlapping channels recommended: 1, 6, 11;
• 5 GHz Band: Non-overlapping channels 36, 48, 60.

Channel Saturation Mitigation Techniques

• DSSS: Spreads signal over wider bandwidth to prevent interference;
• FHSS: Quick transitions between frequency channels;
• OFDM: Uses multiple adjacent frequencies for better signal quality.

WLAN Threats

Common Threats to WLANs

• Interception of Data: Unauthorized access to data transmitted over the network;
• Wireless Intruders: Attackers gaining illegitimate access to the network;
• DoS Attacks: Disruption of the network service;
• Rogue APs: Unauthorized access points connected to the network.

Rogue APs and Man-in-the-Middle Attacks

• Rogue AP: Threat from APs connected without approval;
• MITM Attack: Attackers intercept data between two entities by mimicking legitimate devices.

Secure WLANs

Security Mechanisms

• SSID Cloaking: Hides the SSID to prevent unauthorized access;
• MAC Address Filtering: Controls access based on device MAC addresses.

Authentication Methods

• Open Authentication: No password required (e.g., public Wi-Fi);
• Shared Key Authentication: Requires a pre-shared key for data security.

Key Security Protocols

• WEP: Early and insecure; deprecated;
• WPA: Uses TKIP for enhanced security;
• WPA2: Uses AES for strong encryption;
• WPA3: Introduces further security advancements required to boost overall security.

Authentication Options in Home Networks

• WPA/WPA2 Personal: Pre-shared keys for authentication;
• WPA2 Enterprise: Requires a RADIUS server for authentication (use of 802.1X).