Wireless Networking - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Wireless Networking

Description:

Wireless net uses separate physical and logical network. ... Do-It-Yourself Options ... Network Address Translation (NAT -- often provided by 'DSL/wireless routers' ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 21
Provided by: itssnet
Category:

less

Transcript and Presenter's Notes

Title: Wireless Networking


1
Wireless Networking
  • TGIF, April 18th, 2003
  • Alvin Chew (alchew_at_stanford.edu)
  • Kent Reuber (reuber_at_stanford.edu)

2
Outline
  • Wireless technology overview
  • ITSS Wireless Net
  • Department wireless nets
  • Home wireless nets
  • Questions

3
Wireless Technology Overview
4
Why Wireless?
  • () No wires. Convenience, flexible. But
  • (-) Relatively slow speeds, typically 5 Mbps with
    802.11b. Nowhere near the 100 Mbps of typical
    wired connection.
  • (-) Wireless access points are hubs, not
    switches. Bandwidth is shared among wireless
    users. Think of it as phone party lines.
  • (-) Data is freely available in the air.
  • Traffic is easily sniffed.
  • Data is not encrypted unless the protocol is
    encrypted (e.g., SSL and Kerberos).
  • Stanford does not use WEP, because it can be
    cracked.

5
Wireless Terms
  • Access Point (or AP) device that sends and
    receives wireless signals. Usually directly
    connected to the wired net.
  • ITSS uses Cisco Aironet 350 APs.
  • SSID the network name that Access Points
    broadcast.
  • ITSS uses Stanford.
  • Departments and home users may want to use other
    names.
  • Users can roam between access points with the
    same SSID.
  • Channel radio frequency used by APs.
  • APs near one another should use different
    channels to minimize noise.
  • 802.11b Channels 1, 6, and 11 dont overlap.
    Channels 1, 4, 8, and 11 have only a little bit
    of overlap

6
Wireless Alphabet Soup
  • 802.11b
  • Most common wireless protocol. Uses 2.4GHz
    frequency, with 11 Mbps bandwidth. (5 Mbps is
    more typical). ITSS wireless net and most other
    campus wireless is based on this.
  • 802.11a
  • Uses 5.5GHz range, 54 Mbps bandwidth (20 Mbps is
    typical performance). Produces to much radio
    power to be certified in medical areas. Unlikely
    to become a standard at Stanford.
  • 802.11g
  • Uses 2.4GHz band and is compatible with 802.11b.
    Also 54 Mbps bandwidth (20 Mbps typical). An
    emerging standard, but likely to grow in the
    future.

7
ITSS Wireless Net
8
ITSS Wireless NetOverview
  • Coverage map at http//wirelessnet.stanford.edu
  • Wireless net uses separate physical and logical
    network. (Separate switches, fiber, and address
    space.)
  • Prevents layer 2 attacks (e.g., broadcasts,
    IP/MAC spoofing) on wired net
  • Prevents wired broadcasts/multicasts from
    saturating wireless bandwidth
  • Dont have to dedicate department roaming IPs
    for wireless users
  • You still have to register wireless cards in
    NetDB.
  • provide the hardware address of the wireless card
  • enable DHCP and roaming.
  • Wireless card recommendations
  • Recommend Cisco and Apple cards which are
    available at the Bookstore.
  • Any WiFi certified card should work.

9
ITSS Wireless NetSecurity
  • Wireless networks are inherently insecure
  • Even with encryption, the data between client and
    APs are available for anyone to capture.
  • Most corporate wireless nets lie outside of
    firewalls.
  • ITSS Wireless doesnt use WEP
  • Consumes client resources
  • Well-known security vulnerabilities
  • Other methods of wireless encryption are
    vendor-specific.
  • Stanford uses wireless authentication to protect
    campus resources.

10
ITSS Wireless NetAuthentication
  • Protects the institution, not the user
  • S/ident integration
  • If you have PC/Mac-Leland, youre all set
  • First net activity should bring up PC/Mac-Leland
    automatically
  • Web-based authentication backup
  • First web page you get is the authentication page
  • Automatically redirects you to your requested
    page after login
  • Future Guest Login feature
  • Any SUNet ID user will be able to sponsor a guest
    wireless account

11
Department Wireless
12
My Department Wants Wireless!
  • Net-to-jack clients are eligible for 1 AP for
    every 16 wired ports.
  • Wireless net-to-jack For non-net-to-jack
    clients, ITSS will do a survey, install, monitor,
    maintain, and upgrade your wireless network.
    Price is 31/month per AP.
  • Or.

13
Do-It-Yourself Options
  • Option 1 ITSS can place a wireless entrance
    switch in your building and that carries the ITSS
    Wireless net.
  • Option 2 Departments can put their wireless
    devices on their existing building net.
  • Both options require departments to purchase APs
    and switches. ITSS can recommend equipment, but
    departments will need to do their own survey and
    place access points.

14
Department Wireless Setup
  • ITSS Wireless net always uses Stanford as the
    SSID.
  • APs plugged into the building net shouldnt use
    Stanford
  • This has caused problems when users roam between
    access points.
  • Putting the department/group/lab name as the SSID
    makes it clear to users who to call in case of
    trouble.

15
Recommended Cards and APs
  • 802.11b cards
  • Apple Airport card, Cisco Aironet 350 PC Card
  • In principle, any card that adhere to the WiFi
    certification should work.
  • Access Points
  • Cisco Aironet 350 APs for departments.

16
Home Wireless Nets
17
Keeping Your Neighbors Out
  • The range of wireless means that its very
    possible that your neighbors can use your
    wireless net too. And see all your traffic
  • Precautions
  • Most APs have MAC address filters so that only
    specific cards can associate. This is the most
    important thing to enable!
  • Most APs can also be set to not broadcast the
    SSID. (e.g., Apple Airports call this Create a
    closed network) That way, people have to know
    the name of your network in order to join.
  • Definitely want to use encrypted protocols
    whenever possible.
  • If available, consider turning down the power of
    your AP to restrict the range.

18
Setup 1 Stanford DSL and Stanford West
  • In both cases, you can request multiple IP
    addresses for home machines. You dont need a
    DSL router.
  • We suggest that you purchase access points that
    do bridging, where traffic is simply forwarded
    between the wired and wireless sides of the
    access point without alteration.
  • Examples Cisco Aironet 350, Linksys WAP11,
    Apple Airport.
  • Weve seen a number of people on the campus or
    Stanford West who have installed Airport base
    stations with DHCP enabled on the Ethernet side,
    disrupting DHCP service.
  • Breaks DHCP for other users.
  • We shut down their connections

19
Setup 2 Non-Stanford DSL or Cable Modem
  • In many cases, you only get one IP address.
  • Network Address Translation (NAT -- often
    provided by DSL/wireless routers) can be used
    to hide a network behind a single IP address
  • Some wireless units do this by default. E.g.,
    Apple Airport.
  • Note that NAT disrupts some Stanford services,
    especially WebAuth.
  • Also interferes with some VPN setups.

20
Questions???
Write a Comment
User Comments (0)
About PowerShow.com