1. Explaining WLAN Technology and Standards
Wireless LANs
Explaining WLAN Technology and Standards

2. Unlicensed Frequency Bands
There are three unlicensed bands: 900 MHz, 2.4 GHz, and 5.7 GHz. The 900-MHz and 2.4-GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5-GHz band is commonly referred to as the Unlicensed National Information Infrastructure (UNII) band.
Frequencies for these bands are as follows:
900-MHz band: 902. to 928. MHz
2.4-GHz band: to GHz (in Japan extends to GHz)
5-GHz band: to MHz, to MHz, with some countries supporting middle bands between and MHz. The number of countries that permit a and the available spectrum varies widely, and the list change quickly.
The focus of this module is on 2.4 and 5 GHz bands. Cisco Aironet ® products utilize these bands today as well as adhere to the Institute of Electrical and Electronics Engineers (IEEE) a, b and g standards.
ISM: Industry, scientific, and medical frequency band（用于工业医疗科学）
No license required(不需要许可)
No exclusive use
Best effort
Interference possible（有冲突的可能）

3. Radio Frequency Transmission(无线电波的发送)
Radio frequencies are radiated into the air via an antenna, creating radio waves.（使用天线空气传播）
Radio waves are absorbed when they are propagated through objects (e.g., walls).
Radio waves are reflected by objects (e.g., metal surfaces).
This absorption and reflection can cause areas of low signal strength or low signal quality.
（无线信号可以反射，折射，吸收，散射，衍射）
Radio frequencies are radiated into the air via an antenna creating radio waves
Radio waves are absorbed when propagating through objects (e.g. walls)
Radio waves are and reflected by objects (e.g. metal surfaces)
This can cause areas of low signal strength or low signal quality

4. Radio Frequency Transmission
Higher data rates have a shorter transmission range.
The receiver needs more signal strength and better SNR to retrieve information.
Higher transmit power results in greater distance.
Higher frequencies allow higher data rates.（高频率有高速度）
Higher frequencies have a shorter transmission range.（高频率传输距离短）
Radio frequencies are radiated into the air via an antenna creating radio waves
Radio waves are absorbed when propagating through objects (e.g. walls)
Radio waves are and reflected by objects (e.g. metal surfaces)
This can cause areas of low signal strength or low signal quality

5. WLAN Regulation and Standardization
Regulatory agencies
FCC (United States)
ETSI (Europe)
Standardization
IEEE
Certfication of equipment
Wi-Fi Alliance certifies interoperability between products.
Certifications include a, b, g, dual-band products, and security testing.
Certified products can be found at
Wi-Fi offers certification for interoperability between vendors products. This certification provides a comfort zone for the users purchasing the products. It also helps to market the WLAN technology, by promoting interoperability between vendors. Certification includes all three RF technologies as well as Wi-Fi Protected Access, a security model that follows model i security task group work.

6. 802.11b
© 2005 Cisco Systems, Inc. All rights reserved.

7. 802.11b Standard Standard was ratified in September 1999
Operates in the 2.4-GHz band
Specifies direct sequence spread spectrum (DSSS)
Specifies four data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
Provides specifications for vendor interoperability (over the air)
Defines basic security, encryption, and authentication for the wireless link
Is the most commonly deployed WLAN standard
802.11b was ratified in 1999, and products were actually introduced into the market before the standard was ratified. It became the defacto standard for wireless and adoption grew rapidly.
It operates in the worldwide available 2.4 GHz ISM band.
Only one RF transmissions was specified:
Direct Sequence Spread Spectrum (DSSS)
It provides 4 Data rates up to 11 Mbps
1, 2, 5.5, 11 Mbps
It is based on standard and the most common Wireless LAN standard
Virtually approved for worldwide use

8. Channel Frequency Range [MHz] Europe, Middle East, and Asia
2.4-GHz Channels
Channel Identifier
Channel Center
Frequency
Channel Frequency Range [MHz]
Regulatory Domain
Americas
Europe, Middle East, and Asia
Japan 1
2412 MHz
2401 – 2423 X 2
2417 MHz
2406 – 2428 3
2422 MHz
2411 – 2433 4
2427 MHz
2416 – 2438 5
2432 MHz
2421 – 2443 6
2437 MHz
2426 – 2448 7
2442 MHz
2431 – 2453 8
2447 MHz
2436 – 2458 9
2452 MHz
2441 – 2463 10
2457 MHz
2446 – 2468 11
2462 MHz
2451 – 2473 12
2467 MHz
2466 – 2478 13
2472 MHz
2471 – 2483 14
2484 MHz
2473 – 2495
There are a total of 11 channels available in the US, however, there are only 3 of these channels that are non-overlapping. In the ETSI domains, there are 13 available channels, but again there are only 3 non-overlapping channels. In Japan, there is an additional channel located at the top end of the ban, and it is possible to utilize this along with 3 other channels for a total of 4 non-overlapping channels.
11 U.S. channels
13 European Telecommunications Standards Institute (ETSI) channels
14 Japanese channels
Different countries have different regulatory bodies and may have as many as 14 channel sets available. In some countries, this may mean that the number of non-overlapping channels is reduced to one, and an aggregate data rate of 33 Mbps may not be possible.
The following list the countries that belong to each regulatory domain. Regulatory Domain information is subject to change. An up-to-date listing of the countries that correspond to theses Regulatory Domains is available at: //

9. 2.4-GHz Channel Use Each channel is 22 MHz wide.
2.4GHz b/g has three non-overlapping channels do not share any frequency. This means that 3 access points (AP’s) could operate in the same cell area without sharing the media. An AP on channel 1 does not share time with an AP on channel 6, because they do not have any common frequencies. There is no degradation in throughput when three AP’s are in the same cell area if the AP’s are each on a non-overlapping channel. Three AP’s in the same cell on three non-overlapping channels provide an aggregated data rate for the cell of 33Mbps with an aggregated throughput of 18.6Mbps. If the same three AP’s shared the same channel the aggregate data rate would still be 33Mbps but the aggregated throughput be more like 7 Mbps.
List the channels. 1=2412, 2=2417, 3=2422, 4=2427, 5=2432, 6=2437, 7=2442, 8=2447, 9=2452, 10=2457, 11=2462, 12=2467, 13=2472, and 14=2477. Channels are known by their center frequency.
802.11g standard ratified in June, Operates in the same 2.4 GHz band as b and uses the same three non-overlapping channels.
Full backward compatibility with b g uses OFDM modulation for g data rates, CCK modulation for b data rates. The g data rates are 54, 48, 36, 24, 18, 12, 9 and 6 Mbps. The b data rates are 11, 5.5, 2 and 1 Mbps.
Each channel is 22 MHz wide.
North America: 11 channels.
Europe: 13 channels.
There are three nonoverlapping channels: 1, 6, 11.
Using any other channels will cause interference.
Three access points can occupy the same area.

10. 802.11b/g (2.4 GHz) Channel Reuse
This particular diagram indicates the 3 non-overlapping channels that are available within b/g.
The goal of access point/cell placement is to reduce the overlapping of cells that are on the same channel.
You can correlate this concept to the placement of FM radio stations throughout the country. You will never see two radio stations in the same geographic area on the exact same channel. The same concept exists in this particular case.

11. 802.11b Access Point Coverage
Wireless LAN clients have the ability to data rate shift while moving, allowing the same person operating at 11 Mbps, to shift to 5.5 Mbps, 2 Mbps, and finally still communicate at the outside ring at 1 Mbps. This rate shifting happens without losing connection, and without any interaction from the user. Rate shifting also happens on a transmission by transmission basis, therefore the access point has the ability to support multiple clients at multiple speeds depending upon the location of each client.
Higher data rates require stronger signals at the receiver. Therefore lower data rates have a greater range.
Wireless clients will always try to communicate with the highest possible data rate.
Only if transmission errors and transmission retries occur, the client with reduce the data rate.
This provides the highest total throughput of the wireless network.

12. 802.11a
© 2005 Cisco Systems, Inc. All rights reserved.

13. 802.11a Standard Standard was ratified September 1999
Operates in the 5-GHz band
Uses orthogonal frequency-division multiplexing (OFDM)
Uses eight data rates of up to 54 Mbps
6, 9, 12, 18, 24, 36, 48, 54 Mbps
Has from 12 to 23 nonoverlapping channels (FCC)
Has up to 19 nonoverlapping channels (ETSI)
Regulations different across countries
Transmit (Tx) power control and dynamic frequency selection required (802.11h)
The a standard was ratified at the same time as b. However, because of limited supplies of silicon and other components, products did not start to appear in the market until late The technology provides up to a 54-Mbps data rate, and in most countries provides eight channels of indoor WLAN usage. However, the regulations vary widely across countries and are in constant change at present.

14. 5-GHz Channels with 802.11h 802.11h implements TPC and DFS.
With h in February 2004, the FCC added 11 channels.
23 channels in the United States (FCC)
19 channels in Europe (ETSI)
UNII-3 band currently not allowed in most of Europe
Note: In order to use the 11 new channels, however, radios must comply with two features that are part of the h specification-Transmitter Power Control (TPS) and Dynamic Frequency Selection (DFS) DFS dynamically instructs a transmitter to switch to another channel whenever a particular condition (such as the presence of a radar signal) is met. Prior to transmitting, a device's DFS mechanism monitors its available operating spectrum, listening for a radar signal. If a signal is detected, the channel associated with the radar signal will be vacated or flagged as unavailable for use by the transmitter. The transmitting device will continuously monitor the environment for the presence of radar, both prior to and during operation.
Portions of the 5 GHz band are allocated to radar systems; this allows WLANs to avoid interference with incumbent radar users in instances where they are co-located. Such features can simplify enterprise installations, because the devices themselves can (theoretically) automatically optimize their channel reuse patterns.
TPC technology has been used in the cellular telephone industry for many years. Setting the transmit power of the access point and the client adapter can be useful to allow for different coverage area sizes and, in the case of the client, to conserve battery life. In devices that have the ability to set power levels, the settings are usually static and independent of each other (access point and clients). For example, an access point can be set to a low 5mW transmit power to minimize cell size, which is useful in areas with high user density. The clients will, however, be transmitting at their previously assigned transmit power settings, which is likely more transmit power than is required to maintain association with the access point. This results in unnecessary RF energy transmitting from the clients, creating a higher level than is necessary of RF energy outside the access point's intended coverage area. With TPC, the client and access point exchange information, then the client device dynamically adjusts its transmit power such that it uses only enough energy to maintain association to the access point at a given data rate. The end result is that the client contributes less to adjacent cell interference, allowing for more densely deployed high-performance WLANs. As a secondary benefit, the lower power on the client provides longer battery life-less power is used by the radio.
The FCC has yet to define a test method for testing compliance to DFS requirements. As a consequence the 11 new channels are not yet available.
Today, the Cisco® Aironet® RM21A and RM22A 5 GHz radio modules for Cisco Aironet 1130AG Series, 1200 Series, and 1230AG Series access points support the 12 channels made up of the UNII-1, UNII-2, and UNII-3 bands. These devices have the hardware capability to support the new 11 channels; however, until the FCC releases a test program, the firmware will not provide the availability to access the additional channels.

15. 802.11a Channel Reuse 802.11h DFS not available
Manual channel assignment required
802.11h DFS implemented
Channel assignment done by Dynamic Frequency Selection (DFS)
Only frequency bands can be selected
This particular diagram illustrates the channel deployment of a products throughout a given area. As you can see the cells are easier to deploy due to there being 8 different channels to work with. It is recommended for neighboring cells not be places on neighboring frequencies.
Channel scheme for a UNII 1 and UNII 2:
Channel Frequency
802.11h Dynamic Channel Selection (DFS) replaces manual channel assignment
Only frequency bands can be selected
12 / 23 channels are available in the US
Up to 19 channels are available in Europe if 5 GHz frequency bands are allowed

16. 802.11g
© 2005 Cisco Systems, Inc. All rights reserved.

17. 802.11g Standard Standard was ratified June 2003
Operates in the 2.4-GHz band as b
Same three nonoverlapping channels: 1, 6, 11
DSSS (CCK) and OFDM transmission
12 data rates of up to 54 Mbps
1, 2, 5.5, 11 Mbps (DSSS / b)
6, 9, 12, 18, 24, 36, 48, 54 Mbps (OFDM)
Full backward compatiblity to b standard
802.11g was ratified in June The speeds of g promised to be similar to a, and because it uses the exact same frequencies as b, it has full backward compatibility to b.
Equipment complying with g operates in the same modulation as b for 11-, 5.5-, 2-, and 1-Mbps data rates.
Equipment complying with g operates in the same modulation as a for 54-, 48-, 36-, 24-, 18-, 12-, 9- and 6-Mbps data rates.
Equipment complying with g operates in the same bandwidth as b for 22-MHz-wide channels.
The aim was to provide higher data rates than the b standard.
By using the 2.4 GHz band backward compatibility was possible with existing b Wireless LANs.
Same three non-overlapping channels 1, 6, 11
11- N/A;13- ETSI; 14- Japan
DSSS (CCK) and OFDM transmission
12 Data rates of up to 54 Mbps
1, 2, 5.5, 11 Mbps (DSSS / b)
6, 9, 12, 18, 24, 36, 48, 54 Mbps (OFDM)
Same transmission as b for:
11, 5.5, 2 and 1 Mbps data rates
Same transmission as a for:
54, 48, 36, 24, 18, 12, 9 and 6 Mbps data rates
Same bandwidth as b
22MHz wide channels
Full backward compatiblity to b standard

18. 802.11g Protection Mechanism
Problem: b stations cannot decode g radio signals.
802.11b/g access point communicates with b clients with max. 11 Mbps.
802.11b/g access point communicates with g clients with max. 54 Mbps.
802.11b/g access point activates RTS/CTS to avoid collisions when b clients are present.
802.11b client learns from CTS frame the duration of the g transmission.
Reduced throughput is caused by additional overhead.
Problem: b stations cannot decode g radio signals
802.11b/g AP communicates with b Clients with max. 11Mbps
802.11b/g AP communicates with g Clients with max. 54 Mbps
802.11b/g AP activates RTS/CTS to avoid collisions when b clients are present
802.11b client learns from CTS frame the duration of the g transmission
802.11g protection mode results in reduced total throughput caused by the additional overhead

19. Standards Comparison
© 2005 Cisco Systems, Inc. All rights reserved.

20. 802.11 RF Comparison 802.11b – 2.4 GHz 802.11g – 2.4 GHz
802.11a – 5 GHz
Pro
Most commonly deployed WLAN standard
Higher throughput
OFDM technology reduces multipath issues
Highest throughput
Provides up to 23 nonoverlapping channels
Con
Interference and noise from other services in the 2.4-GHz band
Only 3 nonoverlapping channels
Distance limited by multipath issues
Throughput degraded in the presence of b clients
Lower market penetration
2.4 GHz (802.11b)
The b standard, the most widely deployed wireless standard, operates in the 2.4-GHz unlicensed radio band and delivers a maximum data rate of 11 Mbps. The b standard has been widely adopted by vendors and customers who find its 11-Mbps data rate more than adequate for most applications. Interoperability between many of the products on the market is ensured through the Wi-Fi Alliance™ certification program. Therefore, if your network requirements include supporting a wide variety of devices from different vendors, b is probably your best choice.
2.4 GHz (802.11g)
The g standard was ratified in June The g standard delivers the same 54-Mbps maximum data rate as a, yet it offers an additional and compelling advantage— backward compatibility with b equipment. This means that b client cards will work with g access points and that g client cards will work with b access points. Because g and b operate in the same 2.4-GHz unlicensed band, migrating to g is an affordable choice for organizations with existing b wireless infrastructures. Note that b products cannot be “software upgraded” to g. This limitation is due to the fact that g radios use a different chipset in order to deliver the higher data rate. However, much like Ethernet and Fast Ethernet, g products can be commingled with b products in the same network. Both g and b operate in the same unlicensed band. As a result, they share the same three channels that can limit wireless capacity and scalability.
5 GHz (802.11a)
The IEEE also ratified the a standard in 1999, but the first a-compliant products did not begin appearing on the market until December The a standard delivers a maximum data rate of 54 Mbps and twelve nonoverlapping frequency channels—resulting in increased network capacity, improved scalability, and the ability to create microcellular deployments without interference from adjacent cells. Operating in the unlicensed portion of the 5 GHz-radio band, a is also immune to interference from devices that operate in the 2.4-GHz band, such as microwave ovens, cordless phones, and Bluetooth devices (a short-range, low-speed, point-to-point, personal area network [PAN] wireless standard).
The a standard is not, however, compatible with existing b-compliant wireless devices. Organizations with b equipment that want the extra channels and network speed supported by a technology must upgrade to a product that supports the technology.
Some product support dual-band operation, and it is important to note that 2.4- and 5-GHz equipment can operate in the same physical environment without interference.

21. 802.11 Standards Comparison 802.11b 802.11g 802.11a Ratified 1999 2003
Frequency band
2.4 GHz
5 GHz
No of channels 3
Up to 23
Transmission
DSSS
OFDM
Data rates [Mbps]
1, 2, 5.5, 11
6, 9, 12, 18, 24, 36, 48, 54
Throughput
[Mbps]
Up to 6
Up to 22
Up to 28
This table summarizes the features of the wireless LAN standards which were introduced earlier.

22. Range Comparisons
The 11b and 11g ranges are based on default power settings with 2.2 dBi 2.4 GHz antennas on the AP’s and 0 dBi antennas on the clients.
The 11a ranges are based on default power settings with 5dBi Omni on the AP and 6 dBi Omni on the client.
This slides compares the range of the different data rates and the different wires LAN standards in an open office environment.
Actual distances can be different due to absorption and reflection.
The size of a wireless cell depends on the data rate.
It is possible to limit the range by disabling lower data rates.
To limit the range to 150ft data rates of 5.5, 2, and 1 Mbps (802.1b/g) and 6, 9, 12, 18 Mbps (802.11g) could be disabled.

23. Ratified IEEE 802.11 Standards
802.11: WLAN 1 and 2 Mbps at 2.4 GHz
802.11a: WLAN 54-Mbps at 5 GHz
802.11b: WLAN 11-Mbps at 2.4 GHz
802.11d: Multiple regulatory domains
802.11e: Quality of service
802.11f: Inter-Access Point Protocol (IAPP)
802.11g: WLAN 54-Mbps at 2.4 GHz
802.11h: Dynamic Frequency Selection (DFS) Transmit Power Control (TPC) at 5 GHz
802.11i: Security
802.11j: 5-GHz channels for Japan
The a, b, and g specifications all relate to WLAN physical layer standards.
Cisco Aironet access points in this release support the d standard for world mode. World mode enables the access point to inform an d client device which radio setting the device should use to conform to local regulations.
The IEEE e standard is being developed to enhance the current MAC to expand support for applications with quality of service (QoS) requirements and improve the capabilities and efficiency of the protocol. This standard will assist with voice, video, and other time-sensitive applications. In March 2005, the IEEE will submit this standard to the Executive Committee for approval.
The IEEE F standard is a recommended practice guideline, defining a protocol for intercommunication between access points, to assist in roaming, and handoff of traffic. Most vendors have implemented their own proprietary Inter-Access Point Protocol (IAPP) for use with their access points.
The IEEE h standard is supplementary to the MAC layer to comply with European regulations for 5-GHz WLANs. Most European radio regulations for the 5-GHz band require products to have transmission power control (TPC) and dynamic frequency selection (DFS). TPC limits the transmitted power to the minimum needed to reach the farthest user. DFS selects the radio channel at the access point to minimize interference with other systems, particularly radar.
The IEEE i standard specifies the improved security, encryption and authentication for Wireless LANs and the enhancements to the current MAC to provide improvements in security.
The IEEE j standard is intended to enhance the standard and amendments, to add channel selection for 4.9 GHz and 5 GHz in Japan to conform to Japanese rules on operational mode, operational rate, radiated power, spurious emissions, and channel sense.

24. Worldwide Availability
In most parts of the world Cisco products can be deployed without a user license (that is, unlicensed). In most countries there is over 80 MHz of available spectrum. The 5-GHz WLAN technology is also gaining popularity worldwide as more products become available in the UNII-1, UNII-2, and UNII-3 frequency bands. The operating frequency range varies worldwide from GHz to GHz, as does the maximum power, which is determined by the local regulating country.
The Cisco Aironet products and the specific countries for which each product is currently certified for order and shipment are listed at If there is no “X” in the matrix box that corresponds to the country and product, then that product is not certified to ship to that country. Please take note of the Country SKU suffix in the column adjacent to your country. You will need this specific SKU suffix to ensure that you order the product with the proper power and channel settings required for each country. If you have any questions regarding this information, please contact your Cisco Account Manager or Cisco Reseller for more information. Each country has its own set of rules governing the installation and use of RF products. Be aware that these rules may affect which products you use and may require you to obtain a site-specific license.

25. General Office WLAN Design
Eight g access points deployed
7 users per access point with no conference rooms provides 3.8 Mbps throughput per user
7 users + 1 conference room (10 users) = 17 total users, provides 1.5 Mbps throughput per user
54 Cubes—4 Conference Rooms
Conference Room
Conference Room
120 Feet
In this general office design g products with a maximum data rate is 54 Mbps are deployed.
Throughput is data rate minus overhead. The Throughput is about 50% of the data rate.
7 users per access points with no conference rooms provides 3.8 Mbps throughput per users.
7 users + 1 conference room (10 users) = 17 total users provides 1.5 Mbps throughput per user.
Conference Room
Reception
Conference Room
95 Feet

26. WLAN as a Shared Medium: Best Practices
2.4-GHz b bandwidth calculations
25 users per cell; general office maximum users limited by bandwidth
Peak true throughput 6.8 Mbps
6.8 Mbps * 1024/25 = kbps per user
2.4-GHz g bandwidth calculations
20 users per cell; general office maximum users limited by bandwidth
Peak true throughput 32 Mbps
32 Mbps * 1024/20 = 1683 kbps per user
5-GHz a bandwidth calculations
15 users per cell; general office users limited by coverage, not bandwidth
32 Mbps * 1024/15 = 2188 kbps per user
Cisco’s WLAN solutions continue to lead the industry in addressing customers requirements for secure, manageable, and scale-able WLANs. Some of the major innovations include:
Security: delivering wire-line class security by offering the industry’s first, centralized user authentication and centralized management of encryption keys.
Performance: offering most powerful WLAN products to help ensure high data throughput, and offers better (and more cost effective) coverage than any other solution on the market
A scalable flexible management architecture where customers can manage wireless LANs through industry standard APIs (SNMP, Web) or through major enterprise management applications like Cisco Works 2000, Cisco stack manager, and Cisco resource manager.
A solution that mitigates the hidden installation and ongoing operation costs of wireless LAN deployments particularly in regards to power, safety and RF management issues relating to WLAN deployments.
Customers demand standards compliance to guarantee interoperability. In this area, the Wireless Ethernet Compatibility Alliance (WECA) plays a vital role because its Wi-Fi certification guarantees interoperability with other Wi-Fi certified products.

27. WLAN Security
© 2005 Cisco Systems, Inc. All rights reserved.

28. Why WLAN Security?
Wide availability and low cost of IEEE wireless equipment
standard ease of use and deployment
Availability of sniffers
Statistics on WLAN security
Media hype about hot spots, WLAN hacking, war driving
Nonoptimal implementation of encryption in standard Wired Equivalent Privacy (WEP) encryption
Authentication vulnerability
With the cost of b systems coming down it is inevitable that hackers will have a lot more unsecured WLANs to choose from.
802.11b “Sniffers” enable network engineers (and hackers) to passively capture data packets so they can be examined to correct system problems.
“War driving” is a phrase that describes someone who is using a cellular scanning device looking for cell phone numbers to exploit. Recently, the definition of war driving has been expanded to include someone driving around with their laptop and a b client card looking for an b system to exploit.
There have been vulnerabilities reported using numerous open source applications to collect & exploit vulnerabilities in the standard security mechanism, WEP.
With basic WEP encryption (or obviously with no encryption) enabled, it is possible to collect data and obtain sensitive network information such as user login information, account numbers, personnel records, etc. etc.

29. WLAN Security Threats The WLAN security threads are
War drivers trying to find open access points for free Internet access.
Hackers trying to exploit weak encryption to access sensitive data via tghe WLAN.
Employees install access points intended for home use without the necessary security configuration on the enterprize network causing a security risk for the network.

30. Mitigating the Threats
Control and Integrity
Privacy and Confidentiality
Protection and Availability
Authentication
Encryption
Intrusion Detection System (IDS)
Ensure that legitimate clients associate with trusted access points.
Protect data as it is transmitted and received.
Track and mitigate unauthorized access and network attacks.

31. Evolution of WLAN Security
No strong authentication
Static, breakable keys
Not scalable
Initial (1997)
Encryption (WEP)
Interim (2001)
802.1x EAP
Dynamic keys
Improved encryption
User authentication
802.1x EAP (LEAP, PEAP)
RADIUS
Interim (2003)
Wi-Fi Protected Access (WPA)
Standardized
Improved encryption
Strong, user authentication (e.g., LEAP, PEAP, EAP-FAST)
Present
Wireless IDS
IEEE i
WPA2 (2004)
Identification and protection against attacks, DoS
AES strong encryption
Authentication
Dynamic key management
The figure shows the evolution of wireless LAN (WLAN) security.
Initially, IEEE security relied on static keys for both encryption and if used authentication. The authentication method was not strong and the keys were eventually compromised. Because the keys were administered statically, this method of security was not scalable to large enterprise environments.
Cisco introduced enhancements that allowed for the use of IEEE 802.1X authentication protocols and dynamic keys. Cisco also introduced methods to overcome the exploitations of the encryption keys.
The committee began the process of upgrading the security of the WLAN. The Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA) as an interim solution that was a subset of the expected i security standard for WLANs using 802.1X authentication and improvements to WEP encryption.
Today IEEE i has been ratified and Advanced Encryption Standard (AES) has replaced Wired Equivalent Privacy (WEP) as the latest and most secure method of encrypting data. Wireless intrusion detection systems are available to identify and protect the WLAN from attacks. The Wi-Fi Alliance certifies i devices under Wi-Fi Protected Access 2 (WPA2).

32. Wireless Client Association
Access points send out beacons announcing SSID, data rates, and other information.
Client scans all channels.
Client listens for beacons and responses from access points.
Client associates to access point with strongest signal.
Client will repeat scan if signal becomes low to reassociate to another access point (roaming).
During association SSID, MAC address and security settings are sent from the client to the access point and checked by the access point.
Access points send out beacons announcing SSID, data rates and other information
Client scans all channels
Client listens for beacons and responses from access points
Client associates to access point with strongest signal
Client will repeat scan if signal becomes low to re-associate to another access point (roaming)
During association SSID, MAC address and security settings are sent from the client to the AP and checked by the AP

33. WPA and WPA2 Authentication
The user authentication is done via the 802.1x protocol.
A supplicant for 802.1x / EAP is needed on the WLAN client.
The access point is the authenticator which communicates via Radius with the AAA server (Cisco ACS).
Lightweight access points communicate with the WLAN controller which acts as the authenticator.
The client and the authentication server implement the different version of EAP.
The EAP messages pass through the authenticator.

34. WPA and WPA2 Encryption
After authentication of the WLAN client the data is sent encrypted.
TKIP and AES are the strong encryption methods which replaced the weak RC4 encryption.

35. Mutual Authentication
WLAN Security Summary
802.1x EAP
Mutual Authentication
TKIP Encryption
WPA / WPA2
802.11i Security
WPA Passphrase
WEP Encryption
We find different requirements for security of WLANs.
For open access at hotspots no encryption with basic authentication is used.
For the home user at least basic security with WPA passphrase or preshared keys is recommended.
For enterprises enhanced security with 802.1x/EAP authentication and TKIP or AES encryption is recommended. This is standardized as WPA / WPA2 and i security.

36. Security Evaluation
Evaluate effectiveness of encrypted WLAN statistics.
Focus on proper planning and implementation.
Estimate potential security threats and the level of security needed.
Evaluate amount of WLAN traffic being sent when selecting security methods.
Evaluate tools and options applicable to WLAN design.
Security for WLAN is just like security for any other network.
Network security is a multi-layered solution, which requires common sense evaluation and implementation.
Obvious security fixes should be implemented first, such as limiting administrative access and disabling “open” access.
WLAN security is closely tied to the volume of traffic which traverses the network, so use of statistics to evaluate the network’s relative vulnerability is a valuable step towards assessing WLAN security.
Attackers more likely to attack unsecured WLANs
Proper planning and implementation required
Estimate potential security threats and the level of security needed
Evaluate amount of WLAN traffic being sent when deciding
Evaluate tools and options applicable to WLAN design

37. Summary
The 2.4-GHz and 5-GHz frequency bands are used by WLAN standards.
The throughput per user depends on the data rate and the number of users per wireless cell.
802.11b has data rates of up to 11 Mbps at 2.4 GHz.
802.11a has data rates of up to 54 Mbps at 5 GHz.
802.11g has data rates of up to 54 Mbps at 2.4 GHz.
802.11a has a shorter range than g.
For maximum efficiency, limit the number of users per cell.
Different WLAN security types with authentication and encryption satisfy the security requirements of enterprise and home users.

38. WLAN Lab