Chapter 10-Wireless Devices

1
Chapter 10-Wireless Devices

• WLAN Client Devices
• Progression of WLAN architecture
• Specialty WLAN infrastructure

2
Exam Essentials

• Know the major radio card formats.
• The 802.11 standard does not mandate what type of
  format can be used by an 802.11 radio. 802.11
  radios exist in multiple formats.
• Understand the need for client adapters to have
  an operating system interface and a user
  interface.
• A client adapter requires a special driver to
  communicate with the operating system and a
  software client utility for user configuration.
• Identify the four major types of client
  utilities.
• The four types of client utilities are Soho,
  enterprise, integrated, and third party.
• Explain the progression of WLAN architecture.
• Be able to explain the differences and
  similarities of autonomous AP solutions and WLAN
  controller solutions.
• Identify the capabilities of all WLAN legacy
  infrastructure devices.
• Understand the capabilities of autonomous APs.
  Explain the differences between autonomous APs
  and lightweight APs.

3
Exam Essentials

• Identify the capabilities of a WLAN controller
  solution.
• Understand all the features and functionality
  that a WLAN controller solution provides. Be able
  to explain IP tunneling, split MAC architecture,
  virtual BSSIDs, WLAN profiles, and dynamic RF. Be
  able to explain the various ways that a WLAN
  controller solution can be scaled. explain the
  concept of distributed data forwarding.
• Explain the role and configuration of WLAN
  bridges and workgroup bridges.
• The CWNA test covers bridging quite extensively.
  know all of the different types of bridges and
  the difference between root and nonroot bridges.
  Be able to explain the differences between
  point-to-point and point-to-multipoint bridging.
  understand bridging problems such as ACk
  time-out, and study other bridging consideration
  that are covered in other chapters, such as the
  Fresnel zone and system operating margin

4
Exam Essentials

• Define WLAN mesh networking.
• Be able to explain that WLAN mesh routers use
  self-healing and self-forming methods and
  proprietary layer 2 routing protocols. understand
  the difference between single-band and dual-band
  mesh networks.
• Explain other WLAN specialty infrastructure.
• Be able to explain how EEG solutions, RTLS
  solutions, and VoWiFi solutions can all be
  integrated with a WLAN. explain other
  nontraditional WLAN solutions such as WLAN
  arrays, virtual APs, and cooperative control APs.

5
Wireless LAN Client Devices

• Half-duplex radio receiver
• Many hardware formats and chipsets
• Need a software driver for the OS to use
• When buying, make sure drivers exist for your OS

Pg 320
6
Radio Card Formats

• Radio cards in both APs and client adapters
• Mostly focused on client adapters
• Form Factors
• How it fits into your device
• PCMCIA/PC Card
• ExpressCard
• Secure Digital/CompactFlash
• PDAs
• PCI
• Often a PCMCIA slot for PCI
• Bad location for wireless
• USB

Pg 320
7
Form Factors
8
Form Factors
9
Radio Card Formats

• Not just in PDA, PC, Laptop
• Also in handheld devices
• Bar code scanner
• Wireless POS systems
• VoWiFi phones
• Stereo
• Gaming Systems
• Video/camera

Pg 324
10
Radio Card Chipsets

• Support specific frequencies/technology
• 2.4 Ghz
• 5 Ghz
• If support both, often an a/b/g card
• Common today
• 802.11n are different

Pg 325
11
Client Utilities

• End User tool for configuring the wireless card
• Create connection profiles
• Configure settings for connections
• SSID, passkey, etc
• Four major types, or categories, of client
  utilities exist
• Small office, home office (Soho) client utilities
• enterprise-class client utilities
• Integrated operating system client utilities
• Third-party client utilities

Pg 326
12
Client Utilities

• End User tool for configuring the wireless card
• Create connection profiles
• Configure settings for connections
• SSID, passkey, etc
• Look for networks (site survey)
• Signal Strength measurements
• Four major types, or categories, of client
  utilities exist
• Small office, home office (Soho) client utilities
• enterprise-class client utilities
• Integrated operating system client utilities
• Third-party client utilities

Pg 326
13
Client Utilities

• Different types for different jobs
• Enterprise usually have more features than SOHO
• Windows Wireless Zero Configuration Service (WZC)
• Very common
• Third Party
• Becoming more common for enterprise deployments

Pg 326
14
Client Utilities
Pg 326
15
Progression of WLAN architecture

• General purpose of 802.11 is to provide a portal
  to the wired network

Pg 328
16
Intelligent Edge-Autonomous AP

• Traditional APs had the brains
• Edge intelligence
• Autonomous
• Fat, stand-alone, etc.
• Configuration and management done on the device
• At the access level, not core or distribution
• Distribution System Service and Integration
  Service on the AP

Pg 329
17
Intelligent Edge-Autonomous AP

• Not Quite the same as the APs for home use
• Older ones were similar
• Usually two physical interfaces bridged together
• Wireless
• Wired
• Bridged Virtual Interface has the IP address

Pg 329
18
Intelligent Edge-Autonomous AP

• Multiple management interfaces, such as command
  line, web GuI, and SNMP
• WeP, WPA, and WPA2 security capabilities
• WMM quality-of-service capabilities
• Fixed or detachable antennas
• Filtering options, such as MAC and protocol
• Connectivity modes, such as root, repeater,
  bridge, and scanner
• Removable radio cards
• Multiple radio card and dual-frequency
  capability 2.4 Ghz and 5 Ghz
• Adjustable transmit power, which is used mostly
  for cell sizing
• VLAN support (VLANs are created on a managed
  wired switch.)
• Ieee standards support
• 802.3-2005, clause 33, Power over ethernet (Poe)
  support

Pg 329
19
Intelligent Edge-Autonomous AP

• Are being replaced by lightweight APs with a WLAN
  switch/controller
• More centralized administration and access

Pg 330
20
Wireless Network Management System

• Centralizing of the administrative tasks
• Make configuration on WLAN controller
• Controller sends configs to APs
• Hardware or software solution
• Usually allows for additional functionality
• RF spectrum Planning and management
• Check alarms
• Reporting
• Management consoles
• Some security functions
• Not a Wireless Intrusion Detection System (WIDS)
• Not part of data path

Pg 330
21
Wireless Network Management System
Pg 331
22
Wireless Network Management System

• Must be sure they can control APs in use
• Purpose is to provide centralized management
• Being replaced by WLAN controllers
• Can also be used to control WLAN controllers and
  Autonomous APs

Pg 330
23
Centralized WLAN architecture

• WLAn controller that is in the core of the
  network
• Autonomous APs replaced by lightweight APs or
  thin APs
• Less intelligence at the AP
• Most logic handled by the WLAN controlled
• WLAn controller handles the DSS and IS
• Encryption may still be on the AP

Pg 332
24
Lightweight APs

• Somewhat limited software
• Designed to be controlled/configured by WLAn
  controller
• Can have dual 2.4 and 5 Ghz radios
• Also have software defined radios (SDR)
• Support multiple frequency bands
• Not at same time
• Some APs can be either lightweight or Autonomous

Pg 332
25
WLAN controller

• Also called wireless switches
• Similar functionality to ethernet LAN switch
• Make traffic management decisions based on layer
  2 addresses

Pg 334
26
WLAN controller

• AP management-As mentioned earlier, the majority
  of the lightweight access point functions such as
  power, channels, and supported data rates are
  configured on the WLAN controller. This allows
  for centralized management and configuration of
  lightweight APs.
• 802.11 traffic tunneling-A key feature of most
  WLAN controllers is that the integration service
  (IS) and distribution system service (DSS)
  operate within the WLAN controller. All 802.11
  traffic that is destined for wired-side network
  resources must first pass through the controller
  and be translated into 802.3 traffic by the
  integration service before being sent to the
  wired destination.

Pg 334
27
WLAN controller

• 802.11 Frame is passed from AP to WLAN controller
  using an IP tunnel
• Generic Routing Encapsulation (GRE)
• Adds a new IP header to frame to pass it to WLAN
  controller
• Lightweight APs often use POE
• Tunnel frames to WLAN controller

Pg 335
28
WLAN controller
Pg 335
29
WLAN controller

• Although often at core, may also be at
  distribution, or access
• Depends on vendor solution and network
  architecture
• Can also have multiple WLAN controllers

Pg 335
30
WLAN controller

• AP group profile defines the configuration
  settings for a single AP or group of access
  points.
• channel, transmit power, and supported data rates
• Virtual WLANs, often called WLAN profiles
• Different groups of 802.11 clients exist in a
  virtual WLAN. Set of configuration parameters
  that are configured on the WLAN controller.
• The profile parameters can include the WLAN
  logical name (SSID), WLAN security settings, VLAN
  assignment, and quality-of-service (QoS)
  parameters.
• WLAN profiles often work together with role-based
  access control (RBAC) mechanisms. When a user
  connects to a virtual WLAN, users are assigned to
  specific roles. Do not confuse the WLAN profile
  with an AP group profile. Multiple WLAN profiles
  can be supported by a single AP however, an AP
  can alone belong to one AP group.
• Virtual BSSIDs-the BSSID is typically the MAC
  address of the access points radio card.
• WLAN controllers have the capability of creating
  multiple virtual BSSIDs. Each Virtual WLAN needs
  a unique logical identifier (SSID) that is also
  assigned to a specific VLAN.

Pg 336
31
Virtual WLAN
Pg 338
32
WLAN controller

• VLANs WLAN controllers fully support the
  creation of VLANs and 802.1Q VLAN tagging.
  Multiple wireless user VLANs can be created on
  the WLAN controller. The ability to create user
  VLANs is one of the main benefits of a WLAN
  controller, because they can provide for
  segmentation and security. VLANs may be assigned
  statically to WLAN profiles or may be assigned
  using a RADIuS attribute. A more detailed
  discussion of wireless VLANs can be found in
  Chapter 13, 802.11 Network Security
  Architecture.
• User management WLAN controllers usually
  provide the ability to control the who, when, and
  where in terms of using role-based access control
  (RBAC) mechanisms. A more detailed discussion of
  RBAC can be found in Chapter 13.
• Layer 2 security support WLAN controllers
  fully support layer 2 WeP, WPA, and WPA2
  encryption. Authentication capabilities include
  internal databases as well as full integration
  with RADIuS and LDAP servers.

Pg 339
33
WLAN controller

• Layer 3 and 7 VPN concentrators Some WLAN
  controller vendors also offer VPN server
  capabilities within the controller. The
  controller can act as a VPN concentrator or end
  point for PPTP, IPSec, or SSL VPN tunnels.
• Captive portal WLAN controllers have captive
  portal features that can be used with guest WLANs
  and guest WLAN profiles. Because the captive
  portal authenticates users but has very limited
  encryption capabilities, it is rarely used for
  anything other than guest access.
• Automatic failover and load balancing WLAN
  controllers usually provide support for Virtual
  Router Redundancy Protocol (VRRP) for redundancy
  purposes. Most vendors also offer proprietary
  capabilities to load-balance wireless clients
  between multiple lightweight APs.
• Internal Wireless Intrusion Detection Systems
  Some WLAN controllers have integrated WIDS
  capabilities for security monitoring. A more
  detailed discussion on WIDS can be found in
  Chapter 14, Wireless Attacks, Intrusion
  Monitoring, and Policy.

Pg 339
34
WLAN controller

• Dynamic RF spectrum management. WLAN controllers
  can use the RF information gathered from the
  lightweight access points to make changes to
  channel assignments and power levels for the APs.
  
• Often called radio frequency spectrum management
  (RFSM)
• RFSM provides automatic cell sizing, automatic
  monitoring, troubleshooting, and optimization of
  the RF environment
• Self-organizing and self-healing wireless LAN
• Bandwidth management Bandwidth pipes can be
  restricted upstream or downstream.
• Firewall capabilities Stateful packet
  inspection is available with an internal firewall
  in some WLAN controllers.
• Layer 3 roaming support Capabilities to allow
  seamless roaming across layer 3 routed boundaries
  are fully supported. A more detailed discussion
  on layer 3 roaming and the Mobile IP standard can
  be found in Chapter 12, WLAN Troubleshooting.

Pg 339
35
WLAN controller

• 802.3-2005, clause 33Power over Ethernet (PoE)
  When deployed at the access layer, WLAN
  controllers can provide direct power to
  lightweight APs via Poe. however, most
  lightweight APs are powered by third-party edge
  switches.
• Management interfaces Many WLAN controllers
  offer full support for common management
  interfaces such as GuI, CLI, SSh, and so forth.

Pg 339
36
WLAN controller

• Key Features
• AP Management
• User management
• Dynamic RF
• VLAN segmentation
• Roaming
• Possible problems
• WLAN controlled can be bottleneck
• Complexity

Pg 340
37
Split MAC

• Some MAC services managed at the WLAN controlled,
  some at the AP
• WMM at the controller
• Encryption at the AP
• WLAN controller becomes the gateway for 802.11 to
  802.3 networking
• All AP frames are tunneled to the WLAN controller
• Many control and management frames go from AP to
  client
• No need for controller to be involved
• Beacon, probe responses, ACKs

Pg 340
38
Remote Office WLAN controller

• Access layer WLAN controller deployment
• Often less processing power than full WLAN
  controller
• Smaller office support
• Communicate to main system over WAN
• Often use VPN tunnel over WAN
• Possibly support NAT and DHCP for remote office

Pg 341
39
Distributed WLAN Architecture

• Larger deployments need more than one WLAN
  controller
• Each controller can only support a limited number
  of APs
• Add more controllers at core or distribution
  layer
• Usually parent and child controllers
• Set up a hierarchy
• WNMS might be used as well.

Pg 341
40
Distributed WLAN Architecture

• Can also help manage data flow
• Distributed Data Forwarding

Pg 341
41
Distributed WLAN Hybrid

• Managing fat/thin APs
• Hybrid APs
• QoS and forwarding handled at the edge
• APs are mananged centrally

Pg 343
42
Unified WLAN Hybrid

• Integrate WLAN controller capabilities into wired
  devices
• Switches and routers
• Create multifunction devices

Pg 343
43
Specialty WLAN Infrastructure

• Wireless Workgroup Bridges
• Wireless LAN bridge
• Enterprise Wireless Gateway
• Residential Wireless Gateway
• VPN Wireless Router
• Wireless LAN Mesh AP
• Enterprise Encryption Gateway
• WLAN Array
• Real Time Location Systems

Pg 343
44
Wireless Workgroup Bridge

• Provide Wireless connectivity for wired
  infrastructure devices that do not have radio
  cards
• WGB card joins that BSS as a client
• Connect the wired devices
• Does not provide wireless access to other
  stations!!
• Less need due to commonness of wireless cards

Pg 343
45
Wireless Workgroup Bridge
Pg 343
46
Wireless LAN Bridge

• Bridge two or more wired networks
• Backbone between buildings
• Can be root or non-root
• Root is parent
• Non-root is child
• Point to Point or Point to Multipoint
• Bridge Modes
• AP mode-Converts a bridge into an access point
• WGB mode-Converts a bridge into a workgroup
  bridge
• Repeater mode-Repeats the cell of a root bridge
  to a nonroot bridge
• Root with clients-Root bridge that also allows
  clients to associate
• Nonroot with clients-Nonroot bridge that also
  allows clients to associate

Pg 344
47
Wireless LAN Bridge

• Generally dont want clients connecting to bridge
• Security risk
• Traffic and bandwidth management
• Considerations
• Fresnel zone, earth bulge, free space path loss,
  link budget, and fade margin.
• IR and eIRP power regulations as defined by the
  regulatory body of your country.
• On longer links, you have to manage ACK times
• Connections between building-Height

Pg 346
48
Wireless LAN Bridge
Pg 344
49
Enterprise Gateway

• Older device to segment wireless network
• Provides VPN/router/firewall functionality
• Used when there was less security on wireless
  networks
• Some functionality of WLAN controller
• Moving the IS and DSS to central device
• Not as common

Pg 347
50
Residential Gateway

• Home wireless mutlifunction device
• Configurable 802.11 radio card
• Support for simple routing protocols such as RIP
• Network Address Translation (NAT)
• Port Address Translation (PAT)
• Port forwarding
• Firewall
• L2 security support (WeP or WPA-Personal or
  WPA2-Personal)
• DhCP server
• Multiport ethernet switch for connecting wired
  clients

Pg 347
51
VPN Wireless Router

• Similar to SOHO devices but provide VPN
  connections
• Used in remote offices to provide VPN connection
  and wireless to branch

Pg 348
52
Mesh Access Point

• APs that interconnect to provide self-healing,
  self-forming infrastructure
• Mesh networks route data between APs to find
  connection to DS
• Allow for re-routing as well
• No standard yet
• Can be part of core, distribution or access layer
• Depends on where and what connections it has

Pg 348
53
Enterprise Encryption Gateway

• Middleware device to provide segmentation and
  encryption
• Provides encryption overlay

Pg 349
54
WLAN Array

• Combine a WLAn controller and multiple APs in a
  single device
• Multiple APs are multiple radios
• Sector antennas
• Simplify physical arrangements

Pg 350
55
Cooperative Control

• Proprietary solution
• Cooperative control protocols that let APs
  provide WLAN controller like functionality
  without a WLAN controller
• Like a mesh

Pg 351
56
Virtual AP system

• Different way of setting up ESS
• All APs use the same BSSID (MAC Address)
• Clients cant tell which AP they are connected to
• Also requires single channel architecture (SCA)
• All APs use same channel/frequency
• Needs WLAN controller/switch to handle
  intelligence

Pg 352
57
Real Time Location Systems

• WLAN controllers and WIDs can track 802.11
  clients by using APs as sensors
• Some vendors provide real time locations systems
• Track the client radio or RFID like tag to find a
  mobile device

Pg 353
58
VoWiFi

• VoIP over WiFi
• Data and voice on mobile wireless devices
• VoWiFi phones
• Like a cell phone, but with 802.11 radio
• 802.11 APs and contorllers
• Need to support QoS to get good services
• PBX
• Link VoWiFi phones to PSTN
• QoS server
• Manages QoS for network/Voice

Pg 354
59
Exam Essentials

• Know the major radio card formats.
• The 802.11 standard does not mandate what type of
  format can be used by an 802.11 radio. 802.11
  radios exist in multiple formats.
• Understand the need for client adapters to have
  an operating system interface and a user
  interface.
• A client adapter requires a special driver to
  communicate with the operating system and a
  software client utility for user configuration.
• Identify the four major types of client
  utilities.
• The four types of client utilities are Soho,
  enterprise, integrated, and third party.
• Explain the progression of WLAN architecture.
• Be able to explain the differences and
  similarities of autonomous AP solutions and WLAN
  controller solutions.
• Identify the capabilities of all WLAN legacy
  infrastructure devices.
• Understand the capabilities of autonomous APs.
  Explain the differences between autonomous APs
  and lightweight APs.

60
Exam Essentials

• Identify the capabilities of a WLAN controller
  solution.
• Understand all the features and functionality
  that a WLAN controller solution provides. Be able
  to explain IP tunneling, split MAC architecture,
  virtual BSSIDs, WLAN profiles, and dynamic RF. Be
  able to explain the various ways that a WLAN
  controller solution can be scaled. explain the
  concept of distributed data forwarding.
• Explain the role and configuration of WLAN
  bridges and workgroup bridges.
• The CWNA test covers bridging quite extensively.
  know all of the different types of bridges and
  the difference between root and nonroot bridges.
  Be able to explain the differences between
  point-to-point and point-to-multipoint bridging.
  understand bridging problems such as ACk
  time-out, and study other bridging consideration
  that are covered in other chapters, such as the
  Fresnel zone and system operating margin

61
Exam Essentials

• Define WLAN mesh networking.
• Be able to explain that WLAN mesh routers use
  self-healing and self-forming methods and
  proprietary layer 2 routing protocols. understand
  the difference between single-band and dual-band
  mesh networks.
• Explain other WLAN specialty infrastructure.
• Be able to explain how EEG solutions, RTLS
  solutions, and VoWiFi solutions can all be
  integrated with a WLAN. explain other
  nontraditional WLAN solutions such as WLAN
  arrays, virtual APs, and cooperative control APs.