1 / 30

Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen

Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen. Presentation Overview. WLAN Intro, Site Survey, Hardware – Stephen Choi WLAN Bridging, Antennas – Kevin Todd WLAN Security Features – Stanley Yen. Presentation References:.

abdul-conrad
Télécharger la présentation

Enterprise Wireless LAN CIS 585 Stephen Choi | Kevin Todd | Stanley Yen

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Wireless LANCIS 585Stephen Choi | Kevin Todd | Stanley Yen

  2. Presentation Overview • WLAN Intro, Site Survey, Hardware – Stephen Choi • WLAN Bridging, Antennas – Kevin Todd • WLAN Security Features – Stanley Yen Presentation References: Permission granted for reproduction and modification to Dr. Ganesan for educational purposes.

  3. Wireless in a Wired World • Wireless LAN growth and trends • Mobility, Costs Savings • Disaster Recovery Solution • Embedded Devices • Wireless Standards – WECA 802.11b, 802.11a, 802.11g • Wireless more common in public spaces – Airports, Universities, Hotels, Cafes, etc.

  4. Cisco 2600 Catalyst 3500 XL Catalyst 2924 LRE Catalyst LRE 3524 PWR XL POTS Splitter LRE 48 Catalyst 2924 XL PSTN Network CPE CPE LRE LRE LRE LRE VPN Room 1 Room 2 Example Project : Hilton Hotel / SG External Network BBSM Other Services Internet and VPN Internal Network Credit Card Server RADIUS Server CAT5 Cable • Video Servers • Local Content UBR7xxx Coax Cable CAT5 Cable PBX Aironet 350 Conference Room / Lounge / Pool 10/100 Ethernet Existing Telephone Pairs Cable Wireless Connections

  5. Hilton Hotel – Wireless WAN The Hilton/SG utilizes wireless LAN technology inside and outside the building. Hilton/SG will connect to corporate intranet and Internet resources via wireless bridges from Hilton/PAS, which is approximately 4 miles apart.

  6. Cisco Packet Magazine • Current Issue / 2nd Quarter 2002 • Also online: http://www.cisco.com/go/packet • Welcome to the Wireless Enterprise • WLAN How-to series • Part 1: Preparing for wireless LANs • Part 2: How to Build a Secure WLAN • The Once and Future WLAN

  7. Access Points What are Access Points? • Acts as a wireless hub for wireless devices • Extends the range of coverage for a wireless LAN • Access points can accommodate a maximum number of wireless users • Access points can get expensive so a site survey is always recommended

  8. Wireless Site Survey What is a site survey? • Ensure Coverage and VPN Connectivity/Subnets • Interference, absorption, noise • SNR and Packet retry count (<10%) • “Outside In” approach for Access Points • Reduce Cost • Understand the application • A good site survey can cost thousands! Packet Magazine, 2nd Quarter, 2002 http://www.cisco.com/go/packet

  9. Roaming / Port Hopping Port Hopping • Allows a WLAN user to seamlessly move from one access point to another without having to reauthenticate or experience interrupted service. • Deployed in a typical Cisco BBSM (Building Broadband Service Manager) application – Hotel, Apartment users can roam throughout network and stay connected.

  10. In-Line Power In-Line Power: • Makes installation easier • Reduces the number of power outlets • Works for most wireless devices – including access points, bridges, IP phones, etc.

  11. Bridges / Workgroup Bridges • Wireless Bridge- connects a LAN to another LAN that uses the same protocol over a high-speed wireless connection at a range from 1 to 25 miles. • Workgroup Bridge- A bridge that is used in a WLAN to provide a link between remote workgroups, satellite offices, and mobile users to an Access Point or Wireless Bridge. Wireless Bridge Access Points Workgroup Bridge

  12. Wireless Bridge Features • Enables outdoor links between buildings up to 25 miles. • Ideal for harsh environments and installations subject to plenum rating. Temperature ranges from -20° to 55°C with a NEMA enclosure. • Supports Point to Point (PTP) and Point to Multipoint (PTMP) configurations. • Broad ranges of supported antennas. • Connect hard to wire sites, noncontiguous floors, satellites offices, temporary networks, and warehouses with Inline power.

  13. Workgroup Bridge Example

  14. Point to Point (PTP) / Point to Multi-Point (PTMP) Bridges • PTP bridges Connect a LAN in one building to a LAN in another building. • Composed of a pair of bridges and directional antennae. • Antennae must have a line of sight with each other. • Cable is run from the antenna to its bridge which is connected to the network. • Comply with IEEE 802.11b wireless standard (allows for interoperability) or proprietary (faster speeds up to 100Mbps). • PTMP bridges can bring networks of multiple buildings together and require omni-directional antennae.

  15. Point to Point / Point to Multi-Point • Point-to-Point Wireless Bridge Solution • Point-to-Multipoint Wireless Bridge Solution

  16. Antennas • Most antennas are Omni-directional or Directional. • Each bridge has a radio built in or modular. • Each radio is composed of the transmitter and the receiver. • The transmitter encodes data from the LAN into the specified frequency spectrum and then transmits in through the antenna. • The receiver does the opposite, by decoding the frequencies from the antenna into data to be placed on the LAN. • Most wireless network products operate in the Industrial, Scientific, and Medical (ISM) bands (2.4- 2.4835 GHz – IEEE 802.11a)

  17. Antennas • Omni-directional Antenna • Directional Antenna (Yagi)

  18. Omni-directional Antennas Ceiling Mounted Antenna Mast Mounted Antenna

  19. Directional Antennas Dish Antenna Yagi Antenna

  20. Antennas • Fresnel Zone- the elliptical area immediately surrounding the visual path. It varies depending on the length of the signal path and the frequency of the signal. • As the distance between buildings grow, the curve of the earth (earth bulge) affects installation and requires antennas to be placed at higher elevations.

  21. Antennas

  22. Antennas

  23. Wireless LAN Security Wireless LAN Security • Components of Wireless LAN Security • SSID and WEP • Encryption, Decryption, and Ciphers • Authentication • Mutual Authentication via RADIUS • Controversy Over Strong Encryption

  24. Components of Wireless LAN Security What is wireless LAN security? • Access control ensures that sensitive data can be accessed only by authorized users. • Access to wired LAN’s is physical access to LAN ports while wireless LAN’s place “ports” everywhere within a certain radius of the access point. • Privacy ensures that transmitted data can be received and understood only by the intended audience. • Data transmitted on a wired LAN is directed to a particular destination while data on a wireless LAN is broadcasted over radio waves within a certain radius of the access point. • Security breach on a wired LAN is possible only if the LAN is physically compromised while a security breach on a wireless LAN can be performed from anywhere within the operating distance of the wireless LAN.

  25. SSID and WEP IEEE 802.11b standard defines two mechanisms for providing access control and privacy. • SSID (Service Set Identifiers) • Rudimentary level of access control. • Common network name for the devices in a wireless LAN. • WEP (Wired Equivalent Privacy) • Prevent unauthorized users, who lack a correct WEP key, from gaining access to the network. • Protects wireless LAN data streams by encryption and allowing decryption only by users with the correct WEP keys. • Static WEP Keys vs. Dynamic WEP Keys.

  26. Encryption, Decryption, and Ciphers Encryption • Conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption • Process of converting encrypted data back into its original form, so it can be understood. Ciphers • Sophisticated computer algorithms that rearrange the data bits in digital signals.

  27. Authentication IEEE 802.11b standard defines two types of authentication methods. • Open Authentication • Authentication process is in clear-text and a client can associate with an access point even without supplying the correct WEP key. • Shared Key Authentication • Access point sends the client a challenge text packet that the client must encrypt with the correct WEP key and return to the access point. Authentication by MAC (Media Access Control) address • Access point will allow association by a client only if that client’s MAC address matches an address in an authentication table used by the access point.

  28. Mutual Authentication via RADIUS Why Mutual Authentication? • Shared key authentication is only one-way. • Rogue access points can be placed on a wireless LAN. How Mutual Authentication Works:

  29. Controversy Over Strong Encryption Strong Encryption • Ciphers that are essentially unbreakable without the decryption keys. • Companies and consumers view strong encryption as means to keep secrets, minimize fraud, and protect privacy. • Governments view strong encryption as potential vehicles by which criminals and terrorists might evade authorities. • Key-Escrow concept being debated.

  30. Conclusion • Any Questions and Answers

More Related