2.0 Network Implementations

icon picker
2.4 Given a scenario, install and configure the appropriate wireless standards and technologies

Last edited 401 days ago by Makiel [Muh-Keel]

Wireless Internet Standards

Wireless networking has its own 802 standards group—remember 802.11a, 802.11b, 802.11g, 802.11n, 802.11ac, 802.11ax.
Why Wi-Fi Speeds are a Tall-Tell.
As with many network performance specs, the actual Wi-Fi speed achieved will likely not approach the top theoretical speeds. Variations in hardware, network architecture, applications used, and even the composition of office walls can have huge effects on Wi-Fi performance.
Explain Frequencies and Range.
The FCC has released three unlicensed bands for public use: 900 MHz, 2.4 GHz, and 5 GHz. The 900 MHz and 2.4 GHz bands are referred to as the Industrial, Scientific, and Medical (ISM) bands, and the 5 GHz band is known as the Unlicensed National Information Infrastructure (U-NII) band. Figure 12.1 shows where the unlicensed bands sit within the RF spectrum.
Anything Wi-Fi related will be found in either 2.4GHz or 5GHz.
image.png
Explain 802.11 Channel Bandwidth.
Instead of having to remember the exact frequency number in the 2.5GHz or 5GHz frequency range, all of the different frequencies have been grouped together in Channels. This makes it easier to assign the correct frequency to a wireless device instead of having to remember the exact frequency number, it’s in a grouped range.
If you want to make sure that multiple access points can communicate, you want to choose channels that don’t overlap in frequency ranges.
image.png
image.png
The diagram below shows all channels for 2.4GHz and 5GHz and available bandwidths.
image.png
802.11a - One of the original wireless standards. Operating in the 5 GHz radio band, 802.11a is also immune to interference from devices that operate in the 2.4 GHz band, like microwave ovens, cordless phones, and Bluetooth devices.
802.11a isn't backward compatible with 802.11b because they are different frequencies
802.11a is similar to 802.11b in that it can work in the same physical environment without interference from 802.11b users.
Operates in 5Ghz range, transits 54Mbit/s, Channel Bandwidth of 20MHz
Not Commonly seen today.
Has 12 non-overlapping channels
802.11b - It was the most widely deployed wireless standard, and it operates in the 2.4 GHz unlicensed radio band that delivers a maximum data rate of 11 Mbps.
Operates in the 2.4 GHz range at 11 megabits per second (Mbit/s), Channel Bandwidth of 22MHz
Better range than 802.11a with less absorption problems.
Had more frequency conflict problems; devices operating on the same RF tended to interfere with Wi-Fi signals (Baby monitors, cordless phones, microwave ovens, Bluetooth).
Not commonly seen today.
Uses Direct Sequence Spread Spectrum (DSSS) as modulation technique
802.11g - A direct “upgrade” to 802.11b - June 2003. It operates the 2.4 GHz range and at 54 megabits per second (Mbit/s)
Backwards-compatible with 802.11b
Same 2.4 GHz frequency conflict problems as 802.11b
Operates in 2.4 GHz range, transmits 54Mbit/s, Channel Bandwidth 20MHz
Susceptible to EMI from cordless phones and microwaves.
802.11n (Wi-Fi 4) - Considered the update to 802.11g, 802.11b, and 802.11a, debuted in October 2009. It operates at 2.5GHz and/or 5GHz and has a throughput of 600 megabits/per second.
Direct upgrade to 802.11g, 802.11b, and 802.11a.
Operates in 2.5GHz and/or 5GHz, throughput of 600Mbits/s, Channel Bandwidth of two 20MHz or 40MHz
First Wi-Fi standard to use MIMO (multiple-input, multiple-output) which employs multiple transmitters and receiver antennas to increase data throughput, Basically means you can send multiple streams of information over the same frequencies at the same time. Dependent on the number of antennas you have on an access point.
image.png
image.png

First Wi-Fi standard to be able to use two different frequency ranges at the same time. 802.11n can use 2.5GHz and 5GHz simultaneously using channel bonding.
Channel Bonding is a practice commonly used in IEEE 802.11 implementations in which two adjacent channels within a given frequency band are combined to increase throughput between two or more wireless devices.
802.11ac (Wi-Fi 5) - Made significant improvements over 802.11n; It was approved in January 2014. It operates only in the 5GHz range (Less crowded and more Frequency w/ up to 160MHz bandwidth).
Operates only in 5GHz range and has a throughput of 867Mbits/s, but when using MU-MIMO max throughput can be 7GBits/s, Channel Bandwidth of 40 MHz for 802.11n stations, 80 MHz required for 802.11ac stations and 160 MHz optional (contiguous channels or non-contiguous bonded channels)
Increased channel bonding - Larger bandwidth usage is available because of this.
First Wi-Fi standard to utilize MU-MIMO (Multiuser Multiple-Input, Multiple-Output) which is an enhancement over the original MIMO technology. It allows antennas to be spread over a multitude of independent access points. Overall, because MU-MIMO allows multiple devices to transmit at once, it makes more efficient use of channels.
image.png
802.11ax (Wi-Fi 6) - Approved in February 2021 and was a successor to 802.11ac. It operates in the 2GHz and 5GHz range.
Operates in both 2GHz and 5GHz range with a throughput of 1200Mbits/s, but when using MU-MIMO max throughput can be 9.6GBits/s, Channel Bandwidth of 40MHz, 80MHz, and 160MHz.
Can have eight bi-directional MU-MIMO streams
Orthogonal frequency-division multiple access (OFDMA) based scheduling to reduce overhead and latency.
image.png

What is Service Set Identifier (SSID)?

The Service Set Identifier (SSID) refers to the unique 32-character identifier that represents a particular wireless network and defines the basic service set. All devices involved in a particular wireless network must be configured with the same SSID.
The term Basic Service Set Identifier (BSSID) is the MAC of the Access Point (AP).
Extended Service Set (ESS) occurs whenever you configure two APs with the same name or SSID. They become one wireless network at that point and covers more ground than if you just had one AP with that SSID name.
image.png

Ad-Hoc: Independent Basic Service Set is the easiest way to install wireless 802.11 devices. In this mode, the wireless NICs (or other devices) can communicate directly without the need for an AP. A good example of this is two laptops with wireless NICs installed.
If both NIC cards were set up to operate in ad hoc mode, they could connect and transfer files as long as the other network settings, like protocols, were set up to enable this as well. Once each PC is configured to be in Ad Hoc mode, all you've got to do is bring the computers within range (90–100 m) of each other, and voilà—they'll “see” each other and be able to connect to each other.
This network doesn’t scale very well due to collisions. Not recommended in corporate settings.
image.png
Roaming is the process by which a client device or wireless device moves and shifts its connection from one access point to another as it moves throughout a facility or across a campus.
Going across a campus or building and connecting from AP-1 to AP-2 is called roaming. For example, let's say you have 3 APs spread across a facility, as the end-user or wireless device moves from one side of that facility to the other it hands-off from AP 1 to AP 2 to AP 3 seamlessly.

Types of Antennas

Wireless antennas act as both transmitters and receivers. There are two broad classes of antennas on the market today: Omni directional (or point-to-multipoint) and directional, or Yagi (point-to-point).
Directional Antennas or Yagi antennas usually provide a greater range than Omni antennas. Why? Because directional antennas focus all their power in a single direction, whereas Omnis must disperse the same amount of power in all directions at the same time. A downside to using a directional antenna is that you've got to be much more precise when aligning communication points. This is why a Yagi is really only a good choice for point-to-point bridging of access points.

Omnidirectional Antennas radiates and receives the RF energy equally, providing a 360 degree radiation pattern which allows connectivity in all directions. This makes it the obvious choice for APs.
AKA Dipole Antennas.

Signal Degradation

Something that's really important to consider when installing a wireless network is Signal Degradation. Because the 802.11 wireless protocols use radio frequencies, the signal strength varies according to many factors. The weaker the signal, the less reliable the network connection will be and so the less usable as well. (Think dropped calls!) There are several key factors that affect signal strength:
Distance This one is definitely on the obvious side—the farther away from the WAP you get, the weaker the signal you get. Most APs have a very limited maximum range that equals less than 100 meters for most systems. You can extend this range to some degree using amplifiers or repeaters, or even by using different antennas.
Walls and Other Barriers Also easy to imagine is the fact that the more walls and other office barriers a wireless signal has to pass through, the more attenuated (reduced) the signal becomes. Also, the thicker the wall, the more it interrupts the signal. So in an indoor office area with lots of walls, the range of your wireless network could be as low as 25 feet! You really have to be careful where you place your APs!
Protocols Used This one isn't so apparent, but it certainly is a factor that affects, and can even determine, the range of a wireless LAN. The various wireless 802.11 protocols have different maximum ranges. As discussed earlier and illustrated in Figure 12.7, the maximum effective range varies quite a bit depending on the 802.11 protocol used. For example, if you have a client running the 802.11ac protocol but it connects to an AP running only the 802.11n protocol, you'll only get a throughput of 600 Mbps to the client.
Interference The final factor that affects wireless performance is outside interference. Because 802.11 wireless protocols operate in the 900 MHz, 2.4 GHz, and 5 GHz ranges, interference can come from many sources. These include wireless devices like Bluetooth, cordless telephones, cell phones, other wireless LANs, and any other device that transmits a radio frequency (RF) near the frequency bands that 802.11 protocols use.

Cellular Technologies

As part of implementing the appropriate cellular and mobile wireless technologies and configurations, consider the following options:
GSM Global System Mobile (GSM) is a type of cell phone that contains a SIM (subscriber identity module) card. These chips contain all the information about the subscriber and must be present in the phone for it to function. One of the dangers with these phones is cell phone cloning, a process where copies of the SIM chip are made, allowing another user to make calls as the original user. Secret key cryptography is used (using a common secret key) when authentication is performed between the phone and the network.
FDMA Frequency-division multiple access (FDMA) is one of the modulation techniques used in cellular wireless networks. It divides the frequency range into bands and assigns a band to each subscriber. This was used in 1G cellular networks.
CDMA Code division multiple access (CDMA) assigns a unique code to each call or transmission and spreads the data across the spectrum, allowing a call to make use of all frequencies.
3G This third generation (3G) of cellular data networks was really a game changer at 1G and 2G and allowed the basics to get smartphones working and achieving usable data speeds (sort of), but 2 Mbps was a lot of bandwidth in the 1990s and really provided us with the start of smartphone applications, which lead to more research and technologies and of course the plethora of applications we now have.
When 3G connectivity arrived, a number of larger data formats became much more accessible, such as HTML pages, videos, and music, and there was no going back!
Bandwidth improvement allowed new functionality – GPS, mobile television, video on demand, video conferencing
4G The term 4G stands for fourth generation of speed and connection standards for cellular data networks. The speeds really helped push smartphones to customers as it provided from 100 Mbps up to 1 Gbps, but you'd have to be in a 4G mobile hotspot to achieve the maximum speed.
Improved significantly on 3G’s capabilities.
LTE Most of 4G networks were called Long-Term Evolution (LTE), which was also called 4G LTE. Although 5G has taken over and 6G is probably here to stay, LTE is still prevalent in many markets, and I still see it on my phones at times. The reality is that in the 2000s your phone would display “4G,” but it couldn't really provide what the standard mandated.
5G This stands for “fifth generation” of cellular technology and is a standard for mobile telecommunications service that is significantly faster than today's 4G technology, up to 100xs faster. Since this technology has been out for years, you know you can upload or download videos and use data-intensive apps or other applications much more quickly and smoothly than what we had in the past with 3G and 4G.
This is because 5G technology utilizes a higher-frequency band of the wireless spectrum called millimeter wave that allows data to be transferred much more rapidly than the lower-frequency band dedicated to 4G.
However, the millimeter wave signals don't travel as far so you need more antennas spaced closer together than the previous wireless 3G and 4G.
Significant performance improvements – At higher frequencies – Eventually 10 gigabits per second – Slower speeds from 100-900 Mbit/s • Significant IoT impact – Bandwidth becomes less of a constraint – Larger data transfers – Faster monitoring and notification • Additional cloud processing

Encryption Standards

There are several encryption standards used for wireless networking.
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that offers us several security benefits: authorization, centralized access, and accounting supervision regarding the users and/or computers that connect to and access our networks' services.
Once RADIUS has authenticated the user, it allows us to specify the type of rights a user or workstation has, plus control what it, or they, can do within the network. It also creates a record of all access attempts and actions
The provision of authentication, authorization, and accounting is called AAA, which is pronounced just like the automobile insurance company, “triple A,” and it's part of the IEEE 802.1X security standard.
RADIUS has risen to stardom because of its AAA features and is often employed by ISPs, web servers, wireless networks, and APs as well as network ports—basically, by anybody who wants or needs a AAA server. And these servers are only becoming more critically important in large corporate environments, and that's because they offer security for wireless networks.
From the Linksys security screen shown earlier, you can see that RADIUS is an available option. If you choose it, you'll be asked for the IP address of the RADIUS server so the AP can send authentication packets.
image.png

WEP (Wired Equivalent Protocol) was the first wireless encryption protocol introduced. It was short lived due to it being horrible and containing significant security gaps.
Shared passphrases are used with Wired Equivalent Privacy (WEP).
WEP provides 64 or 128-bit encryption via the shared passphrase
This form of wireless security can be easily cracked with tools and is no longer considered secure.
WPA (Wi-Fi Protected Access) was the replacement for WEP due to all the cryptographic weaknesses in WEP. WPA uses RC4 with TKIP for some much needed added encryption protection. Every packet is sent across the wireless network had its own encryption key.
WPA used 256-bit encryption, vs the 64-bit & 128-bit keys used in WEP.
TKIP (Temporal Key Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol.
TKIP-RC4 was also used by WPA in conjunction with a 128-bit per packet key which is generated automatically for each packet.
TKIP is no longer considered secure.
WPA/WPA2 operates in two modes for security
Pre-shared Key (PSK), also called Personal Mode.
PSK is the most common mode because it can be easily configured with a password/passphrase.
Enterprise Mode, also called WPA-802.1x
Requires a certificate server infrastructure
User would use their own individual passwords to authenticate to the RADIUS server.
Uses the 802.1x protocol, RADIUS, and EAP
Extensible Authentication Protocol (EAP)—EAP allows WPA to synchronize keys with an external RADIUS server. The keys are updated periodically based on time or number of packets. Use EAP in larger, enterprise-like deployments where you have an existing RADIUS framework.
Used only in corporate environments
WPA2 (Wi-Fi Protected Access 2) is the successor to WPA, It was released in 2004. It uses an even better security technology than TKIP; It uses the superior CCMP Protocol.
CCMP (Counter Mode with Cipher Block Chaining) uses the AES (Advanced Encryption Standard) for even more superior encryption. WPA uses CCMP-AES for stronger encryption and data integrity.
WPS (Wi-fi Protected Setup) is still exploitable and should be turned off
WPA2 has a PSK brute-force problem! Its possible to listen to the four-way handshake.
Some methods can derive the PSK hash without the handshake and Capture the hash. With the hash, attackers can brute force the pre-shared key (PSK) can gain access to your personal WPA2 network!

Asymmetric Encryption The user of a public and private key pair in which both parties know the public key, but neither party knows each other’s private key.
TKIP-RC4 is used by WPA in conjunction with a 128-bit per packet key which is generated automatically for each packet.
PEAP encapsulates EAP inside a Transport Layer Security Tunnel.
TLS (Transport Layer Security) is a symmetric cryptographic protocol widely used to protect the privacy and integrity of web application data.
Pre-shared Key is an automatically generated symmetric secret code used by both sides of a data session to create a secure channel before data is sent.
AES (Advanced Encryption Standard) is a FIPS approved encryption standard that is a combo of substitution and permutation resulting in a fast, safe computation.
IPsec is an end-to-end networking protocol suite used by IPv6 natively to authenticate and encrypt packets in transit.

WAN Protocols

T1 is dedicated leased line technology allowing for 1.544Mbps.
T2 is dedicated leased line services delivering up to 45Mbps.
OC3 is optical signaling providing 155Mbps
PRI is similar to a T1 bandwidth, but can also use IDSN technology and requires more bandwidth to be dedicated to the signaling and control of the function
PPP is a WAN protocol that is non-propriety and capable of having encrypted authentication
SIP Trunk used to deliver a voice telephone service on the internet.
PPPoE encapsulates point-to-point protocol inside Ethernet frames



Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.