Quản trị mạng - Chapter 7: Basic wireless concepts and configuration
Ensure that access points are not mounted closer than 7.9 inches (20
cm) from the body of all persons.
• Do not mount the access point within 3 feet (91.4 cm) of metal
obstructions.
• Install the access point away from microwave ovens. Microwave ovens
operate on the same frequency as the access point and can cause
signal interference.
• Always mount the access point vertically (standing up or hanging
down).
• Do not mount the access point outside of buildings.
• Do not mount the access point on building perimeter walls, unless
outside coverage is desired.
• When mounting an access point in the corner of a right-angle hallway
intersection, mount it at a 45-degree angle to the two hallways. The
access point internal antennas are not omnidirectional and cover a
larger area when mounted this way
97 trang |
Chia sẻ: nguyenlam99 | Lượt xem: 840 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Quản trị mạng - Chapter 7: Basic wireless concepts and configuration, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
1Chapter 7: Basic Wireless
Concepts and Configuration
CCNA Exploration 4.0
Học viện mạng Bach Khoa - Website: www.bkacad.com 2
Objectives
• Describe the components and operations of basic
wireless LAN topologies.
• Describe the components and operations of basic
wireless LAN security.
• Configure and verify basic wireless LAN access.
• Configure and troubleshoot wireless client access.
Học viện mạng Bach Khoa - Website: www.bkacad.com 3
The Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 4
Why Use Wireless?
• Business networks today are evolving to support people who are on
the move.
• Mobility environment: where people can take their connection to the
network along with them on the road.
• There are many different infrastructures (wired LAN, service provider
networks) that allow mobility like this to happen, but in a business
environment, the most important is the WLAN.
• People now expect to be connected at any time and place
What is WLAN RF Technology?
Học viện mạng Bach Khoa - Website: www.bkacad.com 5
Học viện mạng Bach Khoa - Website: www.bkacad.com 6
Benefits of WLANs
Học viện mạng Bach Khoa - Website: www.bkacad.com 7
Wireless Technologies
Học viện mạng Bach Khoa - Website: www.bkacad.com 8
Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 9
Comparing a WLAN to a LAN
• In an 802.3 Ethernet LAN, each client has a cable that connects the client NIC
to a switch. The switch is the point where the client gains access to the network.
• In a wireless LAN, each client uses a wireless adapter to gain access to the
network through a wireless device such as a wireless router or access point.
Học viện mạng Bach Khoa - Website: www.bkacad.com 10
Comparing a WLAN to a LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 11
Wireless standards
Học viện mạng Bach Khoa - Website: www.bkacad.com 12
Wireless standards
Học viện mạng Bach Khoa - Website: www.bkacad.com 13
Wi-Fi Certification
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 14
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 15
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 16
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 17
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 18
Extra: Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 19
802.11a Uses OFDM Modulation
Học viện mạng Bach Khoa - Website: www.bkacad.com 20
802.11a 5-GHz Frequency Bands
Học viện mạng Bach Khoa - Website: www.bkacad.com 21
802.11b Access Point Coverage
Học viện mạng Bach Khoa - Website: www.bkacad.com 22
802.11b Scalability
Học viện mạng Bach Khoa - Website: www.bkacad.com 23
802.11a Access Point Coverage
Học viện mạng Bach Khoa - Website: www.bkacad.com 24
802.11a Scalability (Indoor UNII-1 and UNII-2)
Học viện mạng Bach Khoa - Website: www.bkacad.com 25
Học viện mạng Bach Khoa - Website: www.bkacad.com 26
Wireless Infrastructure Components
Học viện mạng Bach Khoa - Website: www.bkacad.com 27
Extra: Wireless LAN Frame
Học viện mạng Bach Khoa - Website: www.bkacad.com 28
Wireless Access Points
Học viện mạng Bach Khoa - Website: www.bkacad.com 29
Carrier Sense Multiple Access with Collision Avoidance
(CSMA/CA)
Học viện mạng Bach Khoa - Website: www.bkacad.com 30
RTS/CTS
Học viện mạng Bach Khoa - Website: www.bkacad.com 31
Extra: RTS/CTS
• The optional request-to-send and clear-to-send (RTS/CTS) function
allows the access point to control use of the medium for stations
activating RTS/CTS.
• With most radio NICs, users can set a maximum frame-length
threshold for when the radio NIC activates RTS/CTS.
– For example, a frame length of 1,000 bytes triggers RTS/CTS for all
frames larger than 1,000 bytes.
• If the radio NIC activates RTS/CTS, it first sends an RTS frame to an
access point before sending a data frame. The access point then
responds with a CTS frame, indicating that the radio NIC can send the
data frame.
• With the CTS frame, the access point provides a value in the duration
field of the frame header that holds off other stations from transmitting
until after the radio NIC initiating the RTS can send its data frame. This
avoids collisions between hidden nodes.
• The RTS/CTS handshake continues for each frame, as long as the
frame size exceeds the threshold set in the corresponding radio NIC.
Học viện mạng Bach Khoa - Website: www.bkacad.com 32
Extra: RTS/CTS
Học viện mạng Bach Khoa - Website: www.bkacad.com 33
802.11 Frame Format
Học viện mạng Bach Khoa - Website: www.bkacad.com 34
802.11 Frames Type (cont)
Học viện mạng Bach Khoa - Website: www.bkacad.com 35
Configurable Parameters for Wireless Endpoints
Học viện mạng Bach Khoa - Website: www.bkacad.com 36
Configurable Parameters for Wireless Endpoints
2.4-GHz Channel Sets
Học viện mạng Bach Khoa - Website: www.bkacad.com 37
Học viện mạng Bach Khoa - Website: www.bkacad.com 38
802.11 Topologies: Ad hoc Network
Học viện mạng Bach Khoa - Website: www.bkacad.com 39
802.11 Topologies: Infrastructure
• Basic Service Sets
Học viện mạng Bach Khoa - Website: www.bkacad.com 40
802.11 Topologies: Infrastructure
• Extended Service Sets
Học viện mạng Bach Khoa - Website: www.bkacad.com 41
Extra: Roaming
Học viện mạng Bach Khoa - Website: www.bkacad.com 42
Extra: Roaming
Học viện mạng Bach Khoa - Website: www.bkacad.com 43
Extra: Scanning
• The 802.11 standard defines both passive and active scanning,
whereby a radio NIC searches for access points.
• Passive scanning is mandatory where each NIC scans individual
channels to find the best access-point signal. Periodically, access
points broadcast a beacon, and the radio NIC receives these beacons
while scanning and takes note of the corresponding signal strengths.
The beacons contain information about the access point, including
SSID and supported data rates. The radio NIC can use this information
along with the signal strength to compare access points and decide on
which one to use.
• Active scanning is similar, except the radio NIC initiates the process
by broadcasting a probe frame, and all access points within range
respond with a probe response. Active scanning enables a radio NIC to
receive immediate response from access points, without waiting for a
beacon transmission. The issue, however, is that active scanning
imposes additional overhead on the network because of the
transmission of probe and corresponding response frames.
Học viện mạng Bach Khoa - Website: www.bkacad.com 44
Client and Access Point Association
• Beacon
Học viện mạng Bach Khoa - Website: www.bkacad.com 45
Client and Access Point Association
Học viện mạng Bach Khoa - Website: www.bkacad.com 46
Client and Access Point Association
Step 3 - 802.11 Association
Học viện mạng Bach Khoa - Website: www.bkacad.com 47
Extra: Authentication and Association
• Open Authentication and Shared Key Authentication are the two methods
that the 802.11 standard defines for clients to connect to an access point.
• The association process can be broken down into three elements:
1. Probe
2. Authentication
3. Association.
Học viện mạng Bach Khoa - Website: www.bkacad.com 48
Extra: Open Authentication
• The Open Authentication method performs the entire authentication
process in clear text.
• Open Authentication is basically a null authentication, which means
there is no verification of the user or machine.
• Open Authentication is usually tied to a WEP key. A client can
associate to the access point with an incorrect WEP key or even no
WEP key. A client with the wrong WEP key will be unable to send or
receive data, since the packet payload will be encrypted.
• Keep in mind that the header is not encrypted by WEP. Only the
payload or data is encrypted.
Học viện mạng Bach Khoa - Website: www.bkacad.com 49
Extra: Shared Key Authentication
• Shared Key Authentication works similarly to Open Authentication,
except that it uses WEP encryption for one step.
• Shared key requires the client and the access point to have the same
WEP key.
• An access point using Shared Key Authentication sends a challenge
text packet to the client. If the client has the wrong key or no key, it will
fail this portion of the authentication process. The client will not be
allowed to associate to the AP.
• Shared key is vulnerable to a man-in-the-middle attack, so it is not
recommended.
Học viện mạng Bach Khoa - Website: www.bkacad.com 50
Extra: ARS
• When a source node sends a frame, the receiving node returns a
positive acknowledgment (ACK).
– This can cause consumption of 50% of the available bandwidth.
• This overhead when combined with the collision avoidance protocol
overhead reduces the actual data throughput to a maximum of 5.0 to
5.5 Mbps on an 802.11b wireless LAN rated at 11 Mbps.
• Performance of the network will also be affected by signal strength and
degradation in signal quality due to distance or interference.
• As the signal becomes weaker, Adaptive Rate Selection (ARS) may
be invoked and the transmitting unit will drop the data rate from 11
Mbps to 5.5 Mbps, from 5.5 Mbps to 2 Mbps or 2 Mbps to 1 Mbps.
Học viện mạng Bach Khoa - Website: www.bkacad.com 51
Planning the Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 52
Planning the Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 53
Planning the Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 54
Planning the Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 55
Activity 7.1.5.2
Học viện mạng Bach Khoa - Website: www.bkacad.com 56
Activity 7.1.5.2
Học viện mạng Bach Khoa - Website: www.bkacad.com 57
Wireless LAN Security
Học viện mạng Bach Khoa - Website: www.bkacad.com 58
Wireless LAN Security Threats
Unauthorized Access
Học viện mạng Bach Khoa - Website: www.bkacad.com 59
Wireless LAN Security Threats
Học viện mạng Bach Khoa - Website: www.bkacad.com 60
Wireless LAN Security Threats
• Denial of Service
Học viện mạng Bach Khoa - Website: www.bkacad.com 61
Extra: Securing a WLAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 62
Extra: SSID
• Most access points have options like ‘SSID broadcast’ and ‘allow any
SSID.’ These features are usually enabled by default and make it easy
to set up a wireless network.
– Using the ‘allow any SSID’ option lets the access point allow
access to a client with a blank SSID.
– The ‘SSID broadcast’ sends beacon packets, which advertise the
SSID.
• Disabling these two options do not secure the network, since a
wireless sniffer can easily capture a valid SSID from normal WLAN
traffic.
• SSIDs should not be considered a security feature.
Học viện mạng Bach Khoa - Website: www.bkacad.com 63
Wireless Security Protocols
Học viện mạng Bach Khoa - Website: www.bkacad.com 64
Extra: Wireless Security Protocols
Học viện mạng Bach Khoa - Website: www.bkacad.com 65
Extra: Encryption Methods
• Many encryption methods, such as the 802.11 Wired Equivalent Privacy
(WEP), are symmetric—that is, the same key that does the encryption is also
the one that performs the decryption.
• If a user activates WEP, the NIC encrypts the payload (frame body and cyclic
redundancy check [CRC]) of each 802.11 frame before transmission using an
RC4 stream cipher provided by RSA security. The receiving station, such as an
access point or another radio NIC, performs decryption upon arrival of the
frame. As a result, 802.11 WEP only encrypts data between 802.11 stations.
Once the frame enters the wired side of the network, such as between access
points, WEP no longer applies.
Học viện mạng Bach Khoa - Website: www.bkacad.com 66
Extra: Encryption Methods
• Wi-Fi Protected Access
– The Wi-Fi Protocol Access (WPA) standard provided by the Wi-Fi
Alliance provides an upgrade to WEP that offers dynamic key
encryption and mutual authentication.
– Most wireless vendors now support WPA. WPA clients utilize
different encryption keys that change periodically. This makes it
more difficult to crack the encryption.
Học viện mạng Bach Khoa - Website: www.bkacad.com 67
Wireless Security Protocols
Học viện mạng Bach Khoa - Website: www.bkacad.com 68
Wireless Security Protocols
Học viện mạng Bach Khoa - Website: www.bkacad.com 69
Wireless Security Protocols
• Encryption
Học viện mạng Bach Khoa - Website: www.bkacad.com 70
Securing a Wireless LAN
Học viện mạng Bach Khoa - Website: www.bkacad.com 71
Configure Wireless LAN Access
Học viện mạng Bach Khoa - Website: www.bkacad.com 72
Configuring the Wireless Access Point
Học viện mạng Bach Khoa - Website: www.bkacad.com 73
Setup: Basic Setup
Học viện mạng Bach Khoa - Website: www.bkacad.com 74
Administration: Management
Học viện mạng Bach Khoa - Website: www.bkacad.com 75
Configuring Basic Wireless Settings
Học viện mạng Bach Khoa - Website: www.bkacad.com 76
Security Mode
• Select the mode you want to use: PSK-Personal, PSK2-
Personal, PSK-Enterprise, PSK2-Enterprise, RADIUS, or
WEP.
Học viện mạng Bach Khoa - Website: www.bkacad.com 77
Mode Parameters
• Enterprise modes are not configured in this chapter
Học viện mạng Bach Khoa - Website: www.bkacad.com 78
Configure Encryption and Key
Học viện mạng Bach Khoa - Website: www.bkacad.com 79
Configure a wireless NIC: Scan SSID
Học viện mạng Bach Khoa - Website: www.bkacad.com 80
Configure a wireless NIC: Scan SSID
Học viện mạng Bach Khoa - Website: www.bkacad.com 81
Select the Wireless Security Protocol
• Practice: 7.3.2.4
Học viện mạng Bach Khoa - Website: www.bkacad.com 82
Troubleshooting
Simple WLAN Problems
Học viện mạng Bach Khoa - Website: www.bkacad.com 83
Systematic Approach to WLAN Troubleshooting
• Step 1 - Eliminate the client device as the source of the
problem.
• Step 2 - Confirm the physical status of WLAN devices.
• Step 3 - Inspect wired links.
Học viện mạng Bach Khoa - Website: www.bkacad.com 84
Updating the Access Point Firmware
Học viện mạng Bach Khoa - Website: www.bkacad.com 85
Incorrect Channel Settings
Học viện mạng Bach Khoa - Website: www.bkacad.com 86
Incorrect Channel Settings: Solution
Học viện mạng Bach Khoa - Website: www.bkacad.com 87
Solving RF Interference
Học viện mạng Bach Khoa - Website: www.bkacad.com 88
Solving RF Interference
• Site Surveys
Học viện mạng Bach Khoa - Website: www.bkacad.com 89
Site Survey
• Two categories: Manual and utility assisted.
• Manual site surveys can include a site evaluation to be followed by a more thorough
utility-assisted site survey. A site evaluation involves inspecting the area with the goal of
identifying potential issues that could impact the network. Specifically, look for the
presence of multiple WLANs, unique building structures, such as open floors and
atriums, and high client usage variances, such as those caused by differences in day or
night shift staffing levels.
• Note: you do not conduct site surveys as part of this course
Học viện mạng Bach Khoa - Website: www.bkacad.com 90
Access Point Misplacement
Học viện mạng Bach Khoa - Website: www.bkacad.com 91
Access Point Misplacement: Solution
Học viện mạng Bach Khoa - Website: www.bkacad.com 92
Access Point Misplacement: Solution
• Ensure that access points are not mounted closer than 7.9 inches (20
cm) from the body of all persons.
• Do not mount the access point within 3 feet (91.4 cm) of metal
obstructions.
• Install the access point away from microwave ovens. Microwave ovens
operate on the same frequency as the access point and can cause
signal interference.
• Always mount the access point vertically (standing up or hanging
down).
• Do not mount the access point outside of buildings.
• Do not mount the access point on building perimeter walls, unless
outside coverage is desired.
• When mounting an access point in the corner of a right-angle hallway
intersection, mount it at a 45-degree angle to the two hallways. The
access point internal antennas are not omnidirectional and cover a
larger area when mounted this way.
Học viện mạng Bach Khoa - Website: www.bkacad.com 93
Problems with Authentication and Encrytion
Học viện mạng Bach Khoa - Website: www.bkacad.com 94
Problems with Authentication and Encrytion
Học viện mạng Bach Khoa - Website: www.bkacad.com 95
Problems with Authentication and Encrytion
Học viện mạng Bach Khoa - Website: www.bkacad.com 96
Summary
Học viện mạng Bach Khoa - Website: www.bkacad.com 97
Các file đính kèm theo tài liệu này:
- ccna_exp3_chapter07_basic_wireless_concepts_and_configuration_2867_0981.pdf