Slide 1

advertisement
Chapter 10-Wireless Devices
• WLAN Client Devices
• Progression of WLAN architecture
• Specialty WLAN infrastructure
Exam Essentials
• Know the major radio card formats.
– The 802.11 standard does not mandate what type of format can be used
by an 802.11 radio. 802.11 radios exist in multiple formats.
• Understand the need for client adapters to have an operating
system interface and a user interface.
– A client adapter requires a special driver to communicate with the
operating system and a software client utility for user configuration.
• Identify the four major types of client utilities.
– The four types of client utilities are Soho, enterprise, integrated, and
third party.
• Explain the progression of WLAN architecture.
– Be able to explain the differences and similarities of autonomous AP
solutions and WLAN controller solutions.
• Identify the capabilities of all WLAN legacy infrastructure devices.
– Understand the capabilities of autonomous APs. Explain the differences
between autonomous APs and lightweight APs.
Exam Essentials
• Identify the capabilities of a WLAN controller solution.
– Understand all the features and functionality that a WLAN
controller solution provides. Be able to explain IP tunneling, split
MAC architecture, virtual BSSIDs, WLAN profiles, and dynamic
RF. Be able to explain the various ways that a WLAN controller
solution can be scaled. explain the concept of distributed data
forwarding.
• Explain the role and configuration of WLAN bridges and
workgroup bridges.
– The CWNA test covers bridging quite extensively. know all of the
different types of bridges and the difference between root and
nonroot bridges. Be able to explain the differences between
point-to-point and point-to-multipoint bridging. understand
bridging problems such as ACk time-out, and study other
bridging consideration that are covered in other chapters, such
as the Fresnel zone and system operating margin
Exam Essentials
• Define WLAN mesh networking.
– Be able to explain that WLAN mesh routers use selfhealing and self-forming methods and proprietary
layer 2 routing protocols. understand the difference
between single-band and dual-band mesh networks.
• Explain other WLAN specialty infrastructure.
– Be able to explain how EEG solutions, RTLS
solutions, and VoWiFi solutions can all be integrated
with a WLAN. explain other nontraditional WLAN
solutions such as WLAN arrays, virtual APs, and
cooperative control APs.
Wireless LAN Client Devices
• Half-duplex radio receiver
– Many hardware formats and chipsets
• Need a software driver for the OS to use
– When buying, make sure drivers exist for your
OS
Pg 320
Radio Card Formats
• Radio cards in both APs and client adapters
– Mostly focused on client adapters
• Form Factors
– How it fits into your device
• PCMCIA/PC Card
• ExpressCard
• Secure Digital/CompactFlash
– PDAs
• PCI
– Often a PCMCIA slot for PCI
• Bad location for wireless
• USB
Pg 320
Form Factors
Form Factors
Radio Card Formats
• Not just in PDA, PC, Laptop
• Also in handheld devices
– Bar code scanner
– Wireless POS systems
– VoWiFi phones
– Stereo
– Gaming Systems
– Video/camera
Pg 324
Radio Card Chipsets
•
•
•
•
Support specific frequencies/technology
2.4 Ghz
5 Ghz
If support both, often an a/b/g card
– Common today
• 802.11n are different
Pg 325
Client Utilities
• End User tool for configuring the wireless card
– Create connection profiles
• Configure settings for connections
– SSID, passkey, etc
• Four major types, or categories, of client utilities
exist:
–
–
–
–
Small office, home office (Soho) client utilities
enterprise-class client utilities
Integrated operating system client utilities
Third-party client utilities
Pg 326
Client Utilities
• End User tool for configuring the wireless card
– Create connection profiles
• Configure settings for connections
– SSID, passkey, etc
– Look for networks (site survey)
– Signal Strength measurements
• Four major types, or categories, of client utilities
exist:
–
–
–
–
Small office, home office (Soho) client utilities
enterprise-class client utilities
Integrated operating system client utilities
Third-party client utilities
Pg 326
Client Utilities
• Different types for different jobs
• Enterprise usually have more features
than SOHO
• Windows Wireless Zero Configuration
Service (WZC)
– Very common
• Third Party
– Becoming more common for enterprise
deployments
Pg 326
Client Utilities
Pg 326
Progression of WLAN architecture
• General purpose of 802.11 is to provide a
portal to the wired network
Pg 328
Intelligent Edge-Autonomous AP
• Traditional APs had the brains
– Edge intelligence
• Autonomous
– Fat, stand-alone, etc.
• Configuration and management done on
the device
– At the access level, not core or distribution
• Distribution System Service and
Integration Service on the AP
Pg 329
Intelligent Edge-Autonomous AP
• Not Quite the same as the APs for home
use
– Older ones were similar
• Usually two physical interfaces bridged
together
– Wireless
– Wired
• Bridged Virtual Interface has the IP
address
Pg 329
Intelligent Edge-Autonomous AP
• Multiple management interfaces, such as command line, web GuI,
and SNMP
• WeP, WPA, and WPA2 security capabilities
• WMM quality-of-service capabilities
• Fixed or detachable antennas
• Filtering options, such as MAC and protocol
• Connectivity modes, such as root, repeater, bridge, and scanner
• Removable radio cards
• Multiple radio card and dual-frequency capability: 2.4 Ghz and 5
Ghz
• Adjustable transmit power, which is used mostly for cell sizing
• VLAN support (VLANs are created on a managed wired switch.)
• Ieee standards support
• 802.3-2005, clause 33, Power over ethernet (Poe) support
Pg 329
Intelligent Edge-Autonomous AP
• Are being replaced by lightweight APs with
a WLAN switch/controller
– More centralized administration and access
Pg 330
Wireless Network Management System
• Centralizing of the administrative tasks
• Make configuration on WLAN controller
– Controller sends configs to APs
• Hardware or software solution
• Usually allows for additional functionality
–
–
–
–
RF spectrum Planning and management
Check alarms
Reporting
Management consoles
• Some security functions
– Not a Wireless Intrusion Detection System (WIDS)
• Not part of data path
Pg 330
Wireless Network Management System
Pg 331
Wireless Network Management System
• Must be sure they can control APs in use
• Purpose is to provide centralized
management
– Being replaced by WLAN controllers
• Can also be used to control WLAN
controllers and Autonomous APs
Pg 330
Centralized WLAN architecture
• WLAn controller that is in the core of the
network
• Autonomous APs replaced by lightweight
APs or thin APs
– Less intelligence at the AP
– Most logic handled by the WLAN controlled
• WLAn controller handles the DSS and IS
– Encryption may still be on the AP
Pg 332
Lightweight APs
• Somewhat limited software
– Designed to be controlled/configured by
WLAn controller
• Can have dual 2.4 and 5 Ghz radios
• Also have software defined radios (SDR)
– Support multiple frequency bands
• Not at same time
• Some APs can be either lightweight or
Autonomous
Pg 332
WLAN controller
• Also called wireless switches
– Similar functionality to ethernet LAN switch
– Make traffic management decisions based on
layer 2 addresses
Pg 334
WLAN controller
• AP management-As mentioned earlier, the majority of
the lightweight access point functions such as power,
channels, and supported data rates are configured on
the WLAN controller. This allows for centralized
management and configuration of lightweight APs.
• 802.11 traffic tunneling-A key feature of most WLAN
controllers is that the integration service (IS) and
distribution system service (DSS) operate within the
WLAN controller. All 802.11 traffic that is destined for
wired-side network resources must first pass through the
controller and be translated into 802.3 traffic by the
integration service before being sent to the wired
destination.
Pg 334
WLAN controller
• 802.11 Frame is passed from AP to WLAN
controller using an IP tunnel
– Generic Routing Encapsulation (GRE)
• Adds a new IP header to frame to pass it to WLAN
controller
• Lightweight APs often use POE
– Tunnel frames to WLAN controller
Pg 335
WLAN controller
Pg 335
WLAN controller
• Although often at core, may also be at
distribution, or access
– Depends on vendor solution and network
architecture
• Can also have multiple WLAN controllers
Pg 335
WLAN controller
•
AP group profile defines the configuration settings for a single AP or group
of access points.
– channel, transmit power, and supported data rates
•
Virtual WLANs, often called WLAN profiles
– Different groups of 802.11 clients exist in a virtual WLAN. Set of configuration
parameters that are configured on the WLAN controller.
– The profile parameters can include the WLAN logical name (SSID), WLAN
security settings, VLAN assignment, and quality-of-service (QoS) parameters.
– WLAN profiles often work together with role-based access control (RBAC)
mechanisms. When a user connects to a virtual WLAN, users are assigned to
specific roles. Do not confuse the WLAN profile with an AP group profile.
Multiple WLAN profiles can be supported by a single AP; however, an AP can
alone belong to one AP group.
•
Virtual BSSIDs-the BSSID is typically the MAC address of the access
point’s radio card.
– WLAN controllers have the capability of creating multiple virtual BSSIDs. Each
Virtual WLAN needs a unique logical identifier (SSID) that is also assigned to a
specific VLAN.
Pg 336
Virtual WLAN
Pg 338
WLAN controller
• VLANs WLAN controllers fully support the creation of VLANs and
802.1Q VLAN tagging. Multiple wireless user VLANs can be created
on the WLAN controller. The ability to create user VLANs is one of
the main benefits of a WLAN controller, because they can provide
for segmentation and security. VLANs may be assigned statically to
WLAN profiles or may be assigned using a RADIuS attribute. A more
detailed discussion of wireless VLANs can be found in Chapter 13,
“802.11 Network Security Architecture.”
• User management WLAN controllers usually provide the ability to
control the who, when, and where in terms of using role-based
access control (RBAC) mechanisms. A more detailed discussion of
RBAC can be found in Chapter 13.
• Layer 2 security support WLAN controllers fully support layer 2
WeP, WPA, and WPA2 encryption. Authentication capabilities
include internal databases as well as full integration with RADIuS
and LDAP servers.
Pg 339
WLAN controller
• Layer 3 and 7 VPN concentrators Some WLAN controller vendors
also offer VPN server capabilities within the controller. The controller
can act as a VPN concentrator or end point for PPTP, IPSec, or SSL
VPN tunnels.
• Captive portal WLAN controllers have captive portal features that
can be used with guest WLANs and guest WLAN profiles. Because
the captive portal authenticates users but has very limited encryption
capabilities, it is rarely used for anything other than guest access.
• Automatic failover and load balancing WLAN controllers usually
provide support for Virtual Router Redundancy Protocol (VRRP) for
redundancy purposes. Most vendors also offer proprietary
capabilities to load-balance wireless clients between multiple
lightweight APs.
• Internal Wireless Intrusion Detection Systems Some WLAN
controllers have integrated WIDS capabilities for security monitoring.
A more detailed discussion on WIDS can be found in Chapter 14,
“Wireless Attacks, Intrusion Monitoring, and Policy.”
Pg 339
WLAN controller
• Dynamic RF spectrum management. WLAN controllers can use the
RF information gathered from the lightweight access points to make
changes to channel assignments and power levels for the APs.
– Often called radio frequency spectrum management (RFSM)
– RFSM provides automatic cell sizing, automatic monitoring,
troubleshooting, and optimization of the RF environment
• Self-organizing and self-healing wireless LAN
• Bandwidth management Bandwidth pipes can be restricted
upstream or downstream.
• Firewall capabilities Stateful packet inspection is available with an
internal firewall in some WLAN controllers.
• Layer 3 roaming support Capabilities to allow seamless roaming
across layer 3 routed boundaries are fully supported. A more
detailed discussion on layer 3 roaming and the Mobile IP standard
can be found in Chapter 12, “WLAN Troubleshooting.”
Pg 339
WLAN controller
• 802.3-2005, clause 33—Power over
Ethernet (PoE) When deployed at the
access layer, WLAN controllers can
provide direct power to lightweight APs via
Poe. however, most lightweight APs are
powered by third-party edge switches.
• Management interfaces Many WLAN
controllers offer full support for common
management interfaces such as GuI, CLI,
SSh, and so forth.
Pg 339
WLAN controller
• Key Features:
– AP Management
– User management
– Dynamic RF
– VLAN segmentation
– Roaming
• Possible problems:
– WLAN controlled can be bottleneck
– Complexity
Pg 340
Split MAC
• Some MAC services managed at the WLAN
controlled, some at the AP
– WMM at the controller
– Encryption at the AP
• WLAN controller becomes the gateway for
802.11 to 802.3 networking
– All AP frames are tunneled to the WLAN controller
• Many control and management frames go from
AP to client
– No need for controller to be involved
– Beacon, probe responses, ACKs
Pg 340
Remote Office WLAN controller
• Access layer WLAN controller deployment
• Often less processing power than full
WLAN controller
– Smaller office support
– Communicate to main system over WAN
• Often use VPN tunnel over WAN
– Possibly support NAT and DHCP for remote
office
Pg 341
Distributed WLAN Architecture
• Larger deployments need more than one
WLAN controller
– Each controller can only support a limited
number of APs
– Add more controllers at core or distribution
layer
• Usually parent and child controllers
– Set up a hierarchy
• WNMS might be used as well.
Pg 341
Distributed WLAN Architecture
• Can also help manage data flow
• Distributed Data Forwarding
Pg 341
Distributed WLAN Hybrid
• Managing fat/thin APs
– Hybrid APs
• QoS and forwarding handled at the edge
– APs are mananged centrally
Pg 343
Unified WLAN Hybrid
• Integrate WLAN controller capabilities into
wired devices
– Switches and routers
• Create multifunction devices
Pg 343
Specialty WLAN Infrastructure
•
•
•
•
•
•
•
•
•
Wireless Workgroup Bridges
Wireless LAN bridge
Enterprise Wireless Gateway
Residential Wireless Gateway
VPN Wireless Router
Wireless LAN Mesh AP
Enterprise Encryption Gateway
WLAN Array
Real Time Location Systems
Pg 343
Wireless Workgroup Bridge
• Provide Wireless connectivity for wired
infrastructure devices that do not have
radio cards
• WGB card joins that BSS as a client
– Connect the wired devices
– Does not provide wireless access to other
stations!!
• Less need due to commonness of wireless
cards
Pg 343
Wireless Workgroup Bridge
Pg 343
Wireless LAN Bridge
• Bridge two or more wired networks
– Backbone between buildings
• Can be root or non-root
– Root is parent
– Non-root is child
• Point to Point or Point to Multipoint
• Bridge Modes:
– AP mode-Converts a bridge into an access point
– WGB mode-Converts a bridge into a workgroup bridge
– Repeater mode-Repeats the cell of a root bridge to a nonroot
bridge
– Root with clients-Root bridge that also allows clients to associate
– Nonroot with clients-Nonroot bridge that also allows clients to
associate
Pg 344
Wireless LAN Bridge
• Generally don’t want clients connecting to bridge
– Security risk
– Traffic and bandwidth management
• Considerations:
– Fresnel zone, earth bulge, free space path loss, link
budget, and fade margin.
– IR and eIRP power regulations as defined by the
regulatory body of your country.
• On longer links, you have to manage ACK times
• Connections between building-Height
Pg 346
Wireless LAN Bridge
Pg 344
Enterprise Gateway
• Older device to segment wireless network
• Provides VPN/router/firewall functionality
• Used when there was less security on
wireless networks
• Some functionality of WLAN controller
– Moving the IS and DSS to central device
• Not as common
Pg 347
Residential Gateway
• Home wireless mutlifunction device
–
–
–
–
–
–
–
Configurable 802.11 radio card
Support for simple routing protocols such as RIP
Network Address Translation (NAT)
Port Address Translation (PAT)
Port forwarding
Firewall
L2 security support (WeP or WPA-Personal or WPA2Personal)
– DhCP server
– Multiport ethernet switch for connecting wired clients
Pg 347
VPN Wireless Router
• Similar to SOHO devices but provide VPN
connections
• Used in remote offices to provide VPN
connection and wireless to branch
Pg 348
Mesh Access Point
• APs that interconnect to provide self-healing,
self-forming infrastructure
• Mesh networks route data between APs to find
connection to DS
– Allow for re-routing as well
• No standard yet
• Can be part of core, distribution or access layer
– Depends on where and what connections it has
Pg 348
Enterprise Encryption Gateway
• Middleware device to provide
segmentation and encryption
• Provides encryption overlay
Pg 349
WLAN Array
• Combine a WLAn controller and multiple
APs in a single device
– Multiple APs are multiple radios
– Sector antennas
• Simplify physical arrangements
Pg 350
Cooperative Control
• Proprietary solution
• Cooperative control protocols that let APs
provide WLAN controller like functionality
without a WLAN controller
– Like a mesh
Pg 351
Virtual AP system
•
•
•
•
Different way of setting up ESS
All APs use the same BSSID (MAC Address)
Clients can’t tell which AP they are connected to
Also requires single channel architecture (SCA)
– All APs use same channel/frequency
• Needs WLAN controller/switch to handle
intelligence
Pg 352
Real Time Location Systems
• WLAN controllers and WIDs can track
802.11 clients by using APs as sensors
• Some vendors provide real time locations
systems
– Track the client radio or RFID like tag to find a
mobile device
Pg 353
VoWiFi
• VoIP over WiFi
• Data and voice on mobile wireless devices
• VoWiFi phones
– Like a cell phone, but with 802.11 radio
• 802.11 APs and contorllers
– Need to support QoS to get good services
• PBX
– Link VoWiFi phones to PSTN
• QoS server
– Manages QoS for network/Voice
Pg 354
Exam Essentials
• Know the major radio card formats.
– The 802.11 standard does not mandate what type of format can be used
by an 802.11 radio. 802.11 radios exist in multiple formats.
• Understand the need for client adapters to have an operating
system interface and a user interface.
– A client adapter requires a special driver to communicate with the
operating system and a software client utility for user configuration.
• Identify the four major types of client utilities.
– The four types of client utilities are Soho, enterprise, integrated, and
third party.
• Explain the progression of WLAN architecture.
– Be able to explain the differences and similarities of autonomous AP
solutions and WLAN controller solutions.
• Identify the capabilities of all WLAN legacy infrastructure devices.
– Understand the capabilities of autonomous APs. Explain the differences
between autonomous APs and lightweight APs.
Exam Essentials
• Identify the capabilities of a WLAN controller solution.
– Understand all the features and functionality that a WLAN
controller solution provides. Be able to explain IP tunneling, split
MAC architecture, virtual BSSIDs, WLAN profiles, and dynamic
RF. Be able to explain the various ways that a WLAN controller
solution can be scaled. explain the concept of distributed data
forwarding.
• Explain the role and configuration of WLAN bridges and
workgroup bridges.
– The CWNA test covers bridging quite extensively. know all of the
different types of bridges and the difference between root and
nonroot bridges. Be able to explain the differences between
point-to-point and point-to-multipoint bridging. understand
bridging problems such as ACk time-out, and study other
bridging consideration that are covered in other chapters, such
as the Fresnel zone and system operating margin
Exam Essentials
• Define WLAN mesh networking.
– Be able to explain that WLAN mesh routers use selfhealing and self-forming methods and proprietary
layer 2 routing protocols. understand the difference
between single-band and dual-band mesh networks.
• Explain other WLAN specialty infrastructure.
– Be able to explain how EEG solutions, RTLS
solutions, and VoWiFi solutions can all be integrated
with a WLAN. explain other nontraditional WLAN
solutions such as WLAN arrays, virtual APs, and
cooperative control APs.
Download