P. 1
CWTS Certified Wireless Technology Specialist Study Guide

CWTS Certified Wireless Technology Specialist Study Guide

|Views: 1,552|Likes:
Published by Medusin Worker

More info:

Published by: Medusin Worker on Jan 09, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less






  • History of Wireless Communications
  • Wireless Applications
  • Network Extension
  • Building-to-Building
  • Public Wireless Hotspots
  • Classrooms
  • Industrial Sites
  • Healthcare
  • Municipal and Law Enforcement
  • Corporate Data Access and End-User Mobility
  • Last Mile Delivery: Wireless ISP
  • Transportation Networks
  • Personal Area Networks
  • Voice over Wireless LAN
  • Wireless Organizations
  • IEEE
  • Wi-Fi Alliance
  • Regulatory Domain Governing Bodies
  • Wireless Standards and Product Certifications
  • Wi-Fi Multimedia (WMM) Certification
  • WMM Power Save (WMM-PS) Certification
  • Wi-Fi Protected Setup (WPS) Certification
  • Wi-Fi Protected Access (WPA/WPA2) Certification
  • Important Foundational Networking Concepts
  • RF Defined
  • RF Range and Speed Factors
  • Line of Sight
  • Environmental Factors and Interference
  • RF Signal Characteristics
  • Understanding Gain and Loss
  • RF Behavior
  • Basic RF Mathematics
  • Milliwatts and Decibels
  • dBm vs. dBi
  • SNR: Signal-to-Noise Ratio
  • RF Physical Layer Technologies
  • DSSS and HR/DSSS
  • OFDM
  • FHSS
  • Infrared
  • MIMO
  • Wi-Fi Features and Functionality
  • Characteristics of Wi-Fi Technology
  • Range, Coverage, and Capacity
  • Frequencies and Channels
  • Channel Reuse and Colocation
  • Personal Area Network Integration
  • Data Rates and Throughput
  • Operational Modes
  • Naming the Network: the SSID
  • Active and Passive Scanning
  • Authentication and Association
  • Distribution System and Roaming
  • Power Saving Modes
  • RF and Spread Spectrum Functionality
  • OFDM and HR/DSSS Colocation
  • Adjacent Channel and Co-Channel Interference
  • CSMA/CA Operations
  • Wireless Network Components
  • ■ Access points
  • Access Points
  • Wireless Routers
  • Wireless Bridges
  • Wireless Repeaters
  • Wireless Controllers/Switches
  • Wireless Media Gateways
  • Power over Ethernet Devices
  • Enterprise-Class Devices
  • Antenna Types
  • Antenna Functionality
  • Three Antenna Categories
  • Antenna and RF Accessories
  • Connectors
  • Cables
  • Lightning Arrestors
  • Mounting Kits
  • Antenna Placement
  • Pole or Mast Mounts
  • Ceiling Mounts
  • Wall Mounts
  • Mounting Recommendations
  • Wireless Client Devices
  • WLAN Client Device Internals
  • Client Devices and Software
  • PCI and MiniPCI
  • SDIO
  • Compact Flash
  • CardBus PC Cards
  • USB Devices
  • Client Drivers
  • Client Software
  • Wireless IP Phones
  • Gaming Adapters and IP Cameras
  • Wireless Presentation Gateway
  • Wireless Print Servers
  • Hotspot Gateways
  • Workgroup Bridges
  • Planning the Wireless LAN
  • Understand and Describe the Requirements
  • Gathering Requirements
  • Gather Documentation
  • Site Survey Types
  • Manual Site Surveys
  • Predictive Site Surveys
  • Manual Site Survey Types
  • Active Surveys
  • Passive Surveys
  • Using Protocol Analyzers
  • Identifying WLANs
  • Assessing WLANs
  • Using Spectrum Analyzers
  • Identifying Interference Sources
  • Using Antennas in Site Surveys
  • Omnidirectional Antennas
  • Semidirectional and Highly Directional Antennas
  • Documenting Recommendations
  • Recommendation Sheets
  • Project Plans
  • Installing and Troubleshooting a Wireless LAN
  • Installation and Configuration Procedures
  • Deployment Types
  • Wi-Fi Installation Walkthrough
  • Hardware Placement
  • Dealing with Difficulties
  • Common Problems and Solutions
  • ■ Decreased throughput
  • Decreased Throughput
  • Connectivity Issues
  • Weak Signal Strength
  • Performing Device Upgrades
  • ■ Applying firmware
  • Applying Firmware
  • Administering and Optimizing a Wireless LAN
  • Administration Guidelines
  • Procedures for Optimizing Wireless Networks
  • Infrastructure Hardware
  • Addressing Interference Issues
  • Client Load Balancing
  • Infrastructure Capacity and Utilization Analysis
  • Resolving Multipath and Hidden Node Problems
  • General Troubleshooting Tips
  • OSI Model
  • Hardware/Software Model
  • Symptom, Diagnosis, and Solution
  • Systems Thinking
  • Security Analysis
  • Identify and Describe WLAN Security Techniques
  • Identifying and Preventing WLAN Security Attacks
  • Eavesdropping
  • Know Your Enemy
  • General Security Principles
  • Security Tools and Solutions
  • Security Fundamentals
  • ■ Security-related terminology
  • Security-Related Terminology
  • Security Principles
  • SSID Hiding
  • Legacy Security
  • Push-Button Security
  • Understanding Encryption
  • Advanced Wireless Security Solutions
  • Regulatory Compliance
  • PCI Compliance
  • HIPAA Compliance
  • Using WIPS to Enforce Compliance
  • Network Security Policy Basics
  • General Security Policy Elements
  • Functional Security Policy Elements
  • Security Policy Recommendations
  • Wi-Fi Security Myths
  • ■ MAC filtering
  • MAC Filtering
  • All Modern Equipment Uses “Better WEP”
  • WLANs Can’t Be Secured
  • Define WLAN Architectures
  • WLAN Architecture Evolution
  • Multiple-Channel Architecture
  • Single-Channel Architecture
  • MCA and SCA Compared
  • Cooperative Control
  • Wireless Mesh Access Layers
  • Mesh Wireless Versus Traditional Wireless
  • Mesh Wireless Traditional Wireless
  • WLAN Power Management Features
  • Active Mode
  • Power Save Mode
  • WMM Power Save (U-APSD)
  • Wireless LAN Case Studies
  • Performing a SOHO Implementation
  • The Problem
  • The Solution
  • The Implementation
  • Extending an Existing Network
  • Creating a Building-to-Building Link
  • About the CD
  • System Requirements
  • Installing and Running MasterExam
  • MasterExam
  • CertCam Video Training
  • Electronic Book
  • Help
  • Removing Installation(s)
  • Technical Support
  • LearnKey Technical Support
  • Glossary

CWTS Certified Wireless Technology Specialist Study Guide

(Exam PW0-070)
Tom Carpenter
McGraw-Hill is an independent entity from Planet3 Wireless, Inc., and is not affiliated with Planet3 Wireless in any manner. This publication may be used in assisting students to prepare for the CWTS exam. Neither Planet3 Wireless, Inc., nor McGraw-Hill warrant that use of this publication will ensure passing any exam. CWTS, CWNA, and CWNP are registered trademarks of Planet3 Wireless in the United States and/or other countries.

New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

Copyright © 2010 by The McGraw-Hill Companies. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. ISBN: 978-0-07-161535-8 MHID: 0-07-161535-0 The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-161534-1, MHID: 0-07-161534-2. All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. To contact a representative please e-mail us at bulksales@mcgraw-hill.com. Information has been obtained by McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill, or others, McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise.

Disclaimer: This eBook does not include the ancillary media that was packaged with the original printed version of the book.

I dedicate this book to the many professionals seeking to improve their technical abilities, their lives, and the lives of those around them. You all inspire me.


About the Author
Tom Carpenter is a technical experts’ expert. He teaches in-depth courses on Microsoft technologies, wireless networking, VoIP, and security, and professional development skills such as project management, team leadership, and communication skills for technology professionals. Tom holds CWNA, CWSP, and CWTS certifications with the CWNP program and is also a Microsoft Certified Partner. He is married to his lovely wife, Tracy, and lives with her and their four children, Faith, Rachel, Thomas, and Sarah, in central Ohio.

About the Technical Editor
Henry Chou is a Solutions Architect working for Cisco Advanced Services Wireless Practice. Currently, he is responsible for strategic and technical design of large and complex wireless LAN networks and development of advanced mobility solutions. Henry specializes in multivendor design, implementations, and architectures of network technologies such as routers, switches, wireless security, and wireless LAN networks. Beyond network design and engineering, Henry has conducted technical and design trainings, webinars, and webtv sessions to Fortune 100 customers, Cisco field sales and services engineers, and Cisco channel partners. Henry has bachelor and master of science degrees in General Engineering and an MBA from the University of Illinois at Urbana-Champaign. He also holds numerous technical certifications, including CCIE R & S, CCSP, CCNP, CCIP, CCNA, CCDA, CWNA, CWAP, and CWSP.

About LearnKey
LearnKey provides self-paced learning content and multimedia delivery solutions to enhance personal skills and business productivity. LearnKey claims the largest library of rich streaming-media training content that engages learners in dynamic media-rich instruction, complete with video clips, audio, full motion graphics, and animated illustrations. LearnKey can be found on the Web at www.LearnKey.com.


1 2 3 4 5 6 7 8 9 10 11 A B

The Wireless World Radio Frequency Basics

.................................... .................................. ........................... .............................

1 49 85 125 191 223 267 313 351 391 447 473 487 491 507

Wi-Fi Features and Functionality Wireless Networking Devices Wireless Client Devices

................................. ............................... ................ ................

Planning the Wireless LAN

Installing and Troubleshooting a Wireless LAN Administering and Optimizing a Wireless LAN Security Analysis

...................................... .............................. ...........................

Security Tools and Solutions

Advanced Wireless LAN Models Wireless LAN Case Studies About the CD Glossary Index



............................................. ...............................................


This page intentionally left blank


About the Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

iv xv xvi xvii xxi


The Wireless World


2 4 5 6 7 8 9 10 11 12 12 12 13 14 14 15 16 16 18 19 24 25 30 30 30

History of Wireless Communications . . . . . . . . . . . . . . . . . . . . . . . . Wireless Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Small Office, Home Office . . . . . . . . . . . . . . . . . . . . . . . . . Network Extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Building-to-Building . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Public Wireless Hotspots . . . . . . . . . . . . . . . . . . . . . . . . . . . Mobile Offices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Classrooms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Industrial Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Healthcare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Municipal and Law Enforcement . . . . . . . . . . . . . . . . . . . . . Corporate Data Access and End-User Mobility .......... Last Mile Delivery: Wireless ISP . . . . . . . . . . . . . . . . . . . . . Transportation Networks . . . . . . . . . . . . . . . . . . . . . . . . . . Personal Area Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . Voice over Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Organizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IEEE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wi-Fi Alliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Regulatory Domain Governing Bodies . . . . . . . . . . . . . . . . . Wireless Standards and Product Certifications . . . . . . . . . . . . . . . . . Wi-Fi Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wi-Fi Multimedia (WMM) Certification . . . . . . . . . . . . . . . WMM Power Save (WMM-PS) Certification . . . . . . . . . . . Wi-Fi Protected Setup (WPS) Certification . . . . . . . . . . . . .



CWTS Certified Wireless Technology Specialist Study Guide

Wi-Fi Protected Access (WPA/WPA2) Certification . . . . . . Important Foundational Networking Concepts .......... ✓ Two-Minute Drill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lab Question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Self Test Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lab Answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31 31 39 40 42 43 47


Radio Frequency Basics


50 53 53 54 59 59 62 67 68 70 71 72 72 73 73 74 74 75 77 79 80 84

RF Defined .......................................... RF Range and Speed Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Line of Sight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Environmental Factors and Interference . . . . . . . . . . . . . . . RF Signal Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Understanding Gain and Loss ...................... RF Behavior ................................... Basic RF Mathematics .................................. Milliwatts and Decibels ........................... dBm vs. dBi ................................... SNR: Signal-to-Noise Ratio . . . . . . . . . . . . . . . . . . . . . . . . RF Physical Layer Technologies ........................... DSSS and HR/DSSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OFDM ....................................... FHSS ........................................ Infrared ...................................... MIMO ....................................... ✓ Two-Minute Drill ............................... Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lab Question .................................. Self Test Answers ............................... Lab Answer ...................................


Wi-Fi Features and Functionality


87 87 88 93 97 97

Characteristics of Wi-Fi Technology ........................ Range, Coverage, and Capacity ..................... Frequencies and Channels ......................... Channel Reuse and Colocation ..................... Personal Area Network Integration .................. Data Rates and Throughput . . . . . . . . . . . . . . . . . . . . . . . .


100 102 105 107 109 111 113 113 114 115 117 118 120 121 124

Operational Modes .............................. Naming the Network: the SSID . . . . . . . . . . . . . . . . . . . . . Active and Passive Scanning ....................... Authentication and Association .................... Distribution System and Roaming ................... Power Saving Modes ............................. RF and Spread Spectrum Functionality . . . . . . . . . . . . . . . . . . . . . . OFDM and HR/DSSS Colocation ................... Adjacent Channel and Co-Channel Interference ........ CSMA/CA Operations ........................... ✓ Two-Minute Drill ............................... Q&A Self Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lab Question .................................. Self Test Answers ............................... Lab Answer ...................................


Wireless Networking Devices

. . . . . . . . . . . . . . . . . . 125
127 127 144 151 153 155 157 161 165 167 168 172 175 175 176 177 177 178 178 178 178 179

Wireless Network Components ........................... Access Points .................................. Wireless Routers ................................ Wireless Bridges ................................ Wireless Repeaters .............................. Wireless Controllers/Switches ...................... Wireless Media Gateways ......................... Power over Ethernet Devices ....................... Enterprise-Class Devices .......................... Antenna Types ....................................... Antenna Functionality ........................... Three Antenna Categories ........................ Antenna and RF Accessories ............................. Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cables ....................................... Lightning Arrestors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Amplifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mounting Kits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Antenna Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Pole or Mast Mounts ............................. Ceiling Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wall Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . ..... ..... .... . . .. ... . Wireless Print Servers ... . . ..... ...... .. ... . . . . .. ........ .............. .. .. .. . . CardBus PC Cards . ... .. .. . . .. . .............. ......... . . .. . .. .. . . ...... .... ..... ... .... ... ........ ... ..... . ... ...... ....... .. . .. ... ... ..... .... .. .. ......... . ... .. Workgroup Bridges ....... . .. . ........................ . ............. .... .. ......... .. .... .. .. .......... ..... 191 192 193 193 195 195 196 198 199 203 205 207 210 211 212 213 214 215 217 218 221 WLAN Client Device Internals . .. .. . . ..... . . . .. ... ..... . Site Survey Types ....... Manual Site Survey Types ...... ... Lab Answer ........... ....... . . . ... ......... . .... . . ... .. Client Drivers ..... .... .. . Self Test Answers . . .. ....... . ....... . ........... .... .. . Manual Site Surveys . 223 224 225 234 237 237 237 239 239 241 Understand and Describe the Requirements ........ Gather Documentation . ....... .... . . . .... .. . .. ...... . Q&A Self Test ... . SDIO .... .. ....... ... Passive Surveys ...... . .. . ............ ..... .. ..... ..... ... .. . ......... ....... ... . . ..... ...... . .. .. .. .......... .. .... ... ........... Predictive Site Surveys .. . ...... .... ... ....... .... .... Client Software . . .. ......... .. .. ... . .... .. . .. ..... ... .. . ... . Q&A Self Test ..... ..... Gathering Requirements . Wireless Presentation Gateway .. . . Lab Question .... 6 Planning the Wireless LAN ... . Compact Flash .. .. Lab Question .. USB Devices ... ........ ..... .. ...... ......x CWTS Certified Wireless Technology Specialist Study Guide Mounting Recommendations . ... . ........ . ......... .. ............. .. PCI and MiniPCI ... . ... . . . .... .. .. . ........... ✓ Two-Minute Drill . ... . ........ . .... . ...... ... ........ .. ....... .. .................... Wireless IP Phones .. .. .. .... .... . ..... ...... .. Hotspot Gateways ..... ..... .. ..... .... ... ... Client Devices and Software . ... .. ..... ... Self Test Answers .. . Lab Answer . 179 181 183 185 186 190 5 Wireless Client Devices ... . . .. . ..... . Active Surveys . .... .. .. .. ✓ Two-Minute Drill ....... .... . . .. .. ... ........... . .. . . .... .... .. ........ .. ......... ... Gaming Adapters and IP Cameras . ... .. . ........ . .... ... ....... .. . .. . . .. ........ . .. . ... .

......... . .... . ... Weak Signal Strength .. Lab Answer .. . .... . ... ... ... .......... Applying Firmware ... .. ........ .. .. . .. Project Plans . .. . . . . ..... ..... . . 267 268 268 272 293 293 295 295 296 297 298 298 299 302 304 306 307 312 Installation and Configuration Procedures . . .... . . .. ... Lab Answer ... . . .... ....... ...... ... . . .. . ... .. .... . . .. ........ .. . Lab Question ......... ... .. Q&A Self Test .... ........ .. .. . .. ... .. Semidirectional and Highly Directional Antennas .. .. .... . .. ... .. . .. .. ........ . . .... . Using Antennas in Site Surveys . ..... ..... .... ......... .... Documenting Recommendations ... . . Identifying WLANs ..... .. .. ....... . .... . . .. . . .. ........ .. .. .... ... ... . . . . .. ... .. Self Test Answers .. .... ..... . . ... ...... ... .... .... Using Spectrum Analyzers . Q&A Self Test . . . .. ... ... . . ..... ... . ... .. . . . Assessing WLANs ............ . .. . . .... ... .... . . . ... .... .... ... . ....... . . .. ... ...... Self Test Answers ........ ... .. Hardware Placement . .. . . ........... . . ... .. . . . ... ...... .. .. ... .... . .... . .. Common Problems and Solutions . Exercise 7-1: Using NetStumbler ... . ......... ......... ........... . ..... .. .... .. ... ... ........ . ... Recommendation Sheets . . .... . ..... Deployment Types ... Omnidirectional Antennas ... .. . .. .. . .. .. ... ..... Dealing with Difficulties ... ....... .. ... ... . .. ✓ Two-Minute Drill .Contents xi 241 242 242 242 244 244 247 247 247 248 249 249 255 257 260 261 266 Using Protocol Analyzers .. ... ...... ..... . .. . ..... .. ..... . .... . ..... .. . . .. .. .. .. ..... .. .. . ... . 7 Installing and Troubleshooting a Wireless LAN ..... .. .......... ✓ Two-Minute Drill . Performing Device Upgrades . ... ... .. . ...... . Wi-Fi Installation Walkthrough .. .. ...... ...... . ... Identifying Interference Sources ..... . .... .. ...... . .. . Exercise 6-1: Using NetStumbler ..... . .......... . . . ... ... .. ... Connectivity Issues ... ..... . . . .. ..... . . ... . . . ........ Decreased Throughput . ...... . .. . . ...... . ... . ... ... Lab Question . .... ...... .. . . . .. ... .. ... .. .. .. .. . ...... . ... . . .... ..... ... .. .... ... .... ..

.. .. .. ... .. . . . ... .. . .... ✓ Two-Minute Drill ...... . ....... . . . . . ......... .. . .. Exercise 9-1: Disabling Web Management Interfaces . .. ... . ....... ... . . ... ...... .. ... . Exercise 8-1: Analyzing Network Bandwidth . .... .. . .... . . . . . .. .. . .. . . .. ...... .... . 9 Security Analysis . .... . Hardware/Software Model .. ... . .. .......... . .. .... . .. . . .... . . .. .. .... Security-Related Terminology . . .... . .. . Infrastructure Hardware . Systems Thinking ... . . . .. . . . .... . .. .. .. ...... .. . . Diagnosis... .. . ... . . ... ... . . . General Security Principles .... .. .. . .. . . . ...... .. . . ... . .. ..... . ...... . .. .. . ........ ... . .. ... .... .. ....... .... ... . . . . .. . ..... .. .. ......... .. . ... . . . ... . ........ . .. . . ... .... Eavesdropping .. . Q&A Self Test . ......... . . .. . . .xii CWTS Certified Wireless Technology Specialist Study Guide 8 Administering and Optimizing a Wireless LAN . ........ . .. . . . .. ... 10 Security Tools and Solutions .. .. .. . . . ......... ... . . .. ... . Q&A Self Test ... . .... .... Lab Question . ......... .. .. .... . .. ....... Lab Answer .. . Procedures for Optimizing Wireless Networks . ... . ........ ..... .... .. . . General Troubleshooting Tips .... ....... . .. .... 351 352 352 354 364 374 376 381 382 384 385 389 Identify and Describe WLAN Security Techniques ... ....... .. ... . Lab Answer .. . . . .. ..... ... . .. . ... ... Lab Question ... . . . .. . ... .... .. .. . Identifying and Preventing WLAN Security Attacks ..... 391 392 392 Security Fundamentals . . ..... . .. .. . Addressing Interference Issues .. Self Test Answers .. .. . ..... . . . .. .. ... Know Your Enemy .. .... . ... .. . ... OSI Model .. .. . ..... .. .. ..... . .. . . . .. .. ... .... .. Resolving Multipath and Hidden Node Problems . . ... . . .. . ... . .. .... . . Self Test Answers ... .. .. .. . . ..... ..... .. ... .. .. .. ..... ...... .. . .. . .. Client Load Balancing .. . .. . 313 314 317 317 320 322 322 326 327 331 331 335 337 338 339 341 342 344 345 350 Administration Guidelines . .. . .. . . . . . ... . .. . .. . ... .. . .. .... ... . .. .. . .. . ... . .. . ... Symptom. . ... . REACT ... .. . .... ..... ✓ Two-Minute Drill ... and Solution . . . . .. ...... ... .... . Infrastructure Capacity and Utilization Analysis .. ... ..... ...

.. . . ...... . . ... ... . .. ... 11 Advanced Wireless LAN Models . .. . .... . . ... .. . . . . .... .... . . HIPAA Compliance .. ...... ......... . . .. . ... . . .. . .. ........ .......... . ... . . .. ... ... ..... ... Q&A Self Test . .. Cooperative Control .... .. ..ORG Policy Template ... ..... . Exercise 10-1: Customizing a SANS. ... . .. ... . ....... . .... .. . .. . . . . .. ... ... . . .. . ...... . .... Lab Answer . 447 448 449 451 454 456 456 457 459 Define WLAN Architectures .. . .... .. . ... .. ........ . . ... ... .. . . . .. .. . .... .. ..... .. .. . ....... ... ...... .. .... . . .... . . . ... ........... ... ...... .... . . . . Self Test Answers . Functional Security Policy Elements ... . ... . .... . . . ....... Advanced Wireless Security Solutions .. . ..... .. .. ... . . . . . .. .. . . ..... . . .. .... .. ......... ... ... . ... .. .. . . . . .... ... . .. . .. .. ... Network Security Policy Basics .. .. ...... . . . . .. . ...... .. .. . .. . .... MAC Filtering .... ..... .. .. . Wi-Fi Security Myths . .. .. . . .... . ..... Regulatory Compliance .. . ... ...Contents xiii 393 395 401 401 403 403 404 418 423 423 425 426 427 428 428 429 431 432 432 433 433 434 435 437 440 441 446 Security Principles . .. WLAN Architecture Evolution .. .. ✓ Two-Minute Drill . .... . . .. .. ....... ....... Identify and Describe WLAN Security Techniques .. . .. .... ................ ... .. ... . . . .. .. .. . .. Lab Question . . .... . . . .. .. . Security Analysis .... . ...... Push-Button Security . .... ..... .. . ..... Understanding Encryption . . . .. . PCI Compliance ... .. .. SSID Hiding ..... .. Multiple-Channel Architecture . ... .... All Modern Equipment Uses “Better WEP” ... .. .... . . .... . . .. . ...... ... . . ... . . ......... . .. . General Security Policy Elements . . . . . . .. ... Wireless Mesh Access Layers . ..... . . . . .... ... .. . .... . . ......... . . . WLANs Can’t Be Secured . . ..... .. .... . ... ... . . . . ... .. Legacy Security ..... . Security Policy Recommendations ..... ... .. . .... ... . . SSID Hiding ... .... .. . .. .. . Single-Channel Architecture ..... . .. . ... .. Using WIPS to Enforce Compliance ... . ... ... .... . . Mesh Wireless Versus Traditional Wireless . . .. ... . .... . . ... MCA and SCA Compared .. .. ...... . . . ..... .... . .. . .... ...... ........ ...... . . . ... . . .. .... .. .. . . .. . . ... .... .. ....

........ Q&A Self Test .... ...... .... ......... .. ..... . . . .. . ............. . . . . . . .... . .. ..... . .. ... . ........ Help . ...... ... 491 . ........ . .... .. .... .. . .. ... . .... . . ... . . . ... .. . CertCam Video Training . . .... .. . . . .... . LearnKey Technical Support ... .. . .... . ... ... .... .. .. .... .. ... . Electronic Book . .... .. ... ... ... . The Solution . .... ... . . .. .. . ..... ... . .. .. . . Glossary Index ........... . . . . . ..... ... .... . . .... .. .... Installing and Running MasterExam . . ... ... . . . ...... . ... ........ .. . . ......... ... . ... . .. . . .. . . ... .... . ..xiv CWTS Certified Wireless Technology Specialist Study Guide WLAN Power Management Features . . The Problem . .... . .... .. . .. ... . .. ... ..... .. .. . .. .. .. . ..... ... . .... .. ✓ Two-Minute Drill . .. . . ... Extending an Existing Network . 460 460 460 461 461 464 465 467 468 472 A Wireless LAN Case Studies . ..... .. . ...... .... Lab Answer .... The Implementation . ..... ..... . .. ... . . Power Save Mode ... ... .. . . ..... .. .. .. .... .. .... .. .. . . . .. The Solution . The Implementation . . Creating a Building-to-Building Link ....... .. .. .. . . ... . ... .. . . ..... . . .. . MasterExam ... . . .. . . . . .... . ... ..... .... . ........ . .. . ... .. . .... .. .. .... ...... . . WMM Power Save (U-APSD) ..... ... . . .. .. .. .... . . ... Self Test Answers .. ..... ........ . ... ... . Technical Support ... ... . .. . .......... ...... . .... . Lab Question ......... .. . .. . . . Removing Installation(s) .. . .. The Solution ... . .. . .. ... ..... . ... .... ... .. ... . .. ... . . . . ... ...... . .. .... . .. . . 507 ... . . . . ... ...... .. . The Problem .. .. . .. ... . ..... .. . . .. . . .. ..... . . . ..... . .. .. .... ...... .. .. .. ........... .... .... .. . .. . ..... . . .... ...... .. ..... .. ... . ..... . . .. .. ....... . ... TIM/DTIM/ATIM . . ..... . ... ...... ..... . .. The Problem .. . ...... .... . . .. ... . .. ... B About the CD . . .... 487 488 488 488 489 489 489 489 489 490 System Requirements . . . .. ... ...... .. The Implementation .... . ...... ...... . . .. .... .. .. ... .. . Active Mode . ..... .. ... ........ . . . .. . ...... ... .. .. ... . . ......... 473 474 475 476 477 481 481 482 482 484 484 484 485 Performing a SOHO Implementation ... .. ...... .....


would like to acknowledge the helpful staff at McGraw-Hill for their guidance throughout this project. Tim Green and Meghan Riley were tremendously helpful, and understanding, along the way. I would also like to thank Devin Akin and Kevin Sandlin at Planet3 Wireless, the home of the CWNP program, for their insights and assistance along the way. Devin, as always, was willing and helpful at any time day or night.




CWTS Certified Wireless Technology Specialist Study Guide

Belkin® product shots reproduced with permission of Belkin International, Inc., ©Belkin International, Inc. Buffalo® product shots reproduced with permission of Buffalo, Inc., ©Buffalo, Inc. Cisco® product shots reproduced with permission of Cisco Systems, Inc., ©Cisco Systems, Inc. D-Link® product shots reproduced with permission of D-Link Systems, Inc., ©D-Link Systems, Inc. Linksys® product shots reproduced with permission of Cisco Systems, Inc., ©Cisco Systems, Inc. NETGEAR® product shots reproduced with permission of NETGEAR, Inc., ©NETGEAR, Inc. Proxim® Wireless product shots reproduced with permission of Proxim Wireless Corporation, ©Proxim Wireless Corporation.



his book is organized in such a way as to serve as an in-depth review for the CWTS™ Certified Wireless Technology Specialist exam (exam PW0-070) for both experienced wireless technology professionals and newcomers to wireless technologies. Each chapter covers a major aspect of the exam, with an emphasis on the “why” as well as the “how to” of working with and supporting wireless technologies.

On the CD
For more information on the CD-ROM, please see Appendix B, “About the CD,” at the back of the book.

Exam Readiness Checklist
At the end of the Introduction you will find an Exam Readiness Checklist. This table has been constructed to allow you to cross-reference the official exam objectives with the objectives as they are presented and covered in this book. The checklist also allows you to gauge your level of expertise on each objective at the outset of your studies. This should allow you to check your progress and make sure you spend the time you need on more difficult or unfamiliar sections. References have been provided for the objective exactly as the vendor presents it, the section of the study guide that covers that objective, and a chapter and page reference.

In Every Chapter
We’ve created a set of chapter components that call your attention to important items, reinforce important points, and provide helpful exam-taking hints. Take a look at what you’ll find in every chapter:
■ Every chapter begins with Certification Objectives—what you need to know

in order to pass the section on the exam dealing with the chapter topic. The Objective headings identify the objectives within the chapter, so you’ll always know an objective when you see it!



CWTS Certified Wireless Technology Specialist Study Guide

■ Exam Watch notes call attention to

Motors, wireless devices, and weather can all interfere with WLAN communications.These items should be considered during a site survey, and you should remember them for the exam.

information about, and potential pitfalls in, the exam. These helpful hints are written by authors who have taken the exams and received their certification—who better to tell you what to worry about? They know what you’re about to go through!

■ Step-by-Step Exercises are interspersed throughout the chapters. These are

typically designed as hands-on exercises that allow you to get a feel for the real-world experience you need in order to pass the exams. They help you master skills that are likely to be an area of focus on the exam. Don’t just read through the exercises; they are hands-on practice that you should be comfortable completing. Learning by doing is an effective way to increase your competency with a product.
■ On the Job notes describe the issues that come up most often in real-world

settings. They provide a valuable perspective on certification- and productrelated topics. They point out common mistakes and address questions that have arisen from on-the-job discussions and experience.
■ Inside the Exam sidebars highlight some of the most common and confusing

problems that students encounter when taking a live exam. Designed to anticipate what the exam will emphasize, getting inside the exam will help ensure you know what you need to know to pass the exam. You can get a leg up on how to respond to those difficult-to-understand questions by focusing extra attention on these sidebars.
■ Scenario & Solution sections lay out potential problems and solutions in a

quick-to-read format.

You want to ensure that the data received is the data that was originally transmitted. Do you need confidentiality or integrity? Data integrity is used to ensure that the data received is the same as the data that was transmitted. It is used to prevent unauthorized data modification.



■ The Certification Summary is a succinct review of the chapter and


a restatement of salient points regarding the exam.
■ The Two-Minute Drill at the end of every chapter is a checklist of the main

points of the chapter. It can be used for last-minute review.
■ The Self Test offers questions similar to those found on the certification

exam. The answers to these questions, as well as explanations of the answers, can be found at the end of each chapter. By taking the Self Test after completing each chapter, you’ll reinforce what you’ve learned from that chapter while becoming familiar with the structure of the exam questions.
■ The Lab Question at the end of the Self Test section offers a unique and

challenging question format that requires the reader to understand multiple chapter concepts to answer correctly. These questions are more complex and more comprehensive than the other questions, as they test your ability to take all the knowledge you have gained from reading the chapter and apply it to complicated, real-world situations. These questions are aimed to be more difficult than what you will find on the exam. If you can answer these questions, you have proven that you know the subject!

Some Pointers
Once you’ve finished reading this book, set aside some time to do a thorough review. You might want to return to the book several times and make use of all the methods it offers for reviewing the material: 1. Re-read all the Two-Minute Drills, or have someone quiz you. You also can use the drills as a way to do a quick cram before the exam. You might want to make some flash cards out of 3 × 5 index cards that have the Two-Minute Drill material on them. 2. Re-read all the Exam Watch notes and Inside the Exam elements. Remember that these notes are written by authors who have taken the exam and passed. They know what you should expect—and what you should be on the lookout for. 3. Review all the Scenario & Solution sections for quick problem solving. 4. Retake the Self Tests. Taking the tests right after you’ve read the chapter is a good idea, because the questions help reinforce what you’ve just learned. However, it’s an even better idea to go back later and do all the questions in


CWTS Certified Wireless Technology Specialist Study Guide

the book in one sitting. Pretend that you’re taking the live exam. When you go through the questions the first time, you should mark your answers on a separate piece of paper. That way, you can run through the questions as many times as you need to until you feel comfortable with the material. 5. Complete the Exercises. Did you do the exercises when you read through each chapter? If not, do them! These exercises are designed to cover exam topics, and there’s no better way to get to know this material than by practicing. Be sure you understand why you are performing each step in each exercise. If there is something you are not clear on, re-read that section in the chapter.



he CWTSTM Certified Wireless Technology Specialist Study Guide is intended to help you understand the basics of wireless LAN technologies and to prepare you to pass the CWTS certification exam (PW0-070). The CWTS certification is an entrylevel certification that prepares the candidate to implement, troubleshoot, and maintain small and medium-sized wireless networks. The certification covers the following major wireless technologies:

■ 802.11 wireless LANs ■ Bluetooth from the perspective of interoperability ■ VoWLAN from the perspective of roaming and handover

If you are new to wireless networking, or networking in general, this is the place to start. When you accomplish the level of expertise needed for the CWTS exam and certification, you will find it much easier to move on to more advanced certifications such as the CWNA (Certified Wireless Network Administrator), CWSP (Certified Wireless Security Professional), and CWNE (Certified Wireless Network Engineer). You will also find it much easier to understand the material and concepts included in vendor-specific wireless certifications. If you have been working in the wireless LAN industry for awhile, but haven’t had the opportunity to gain a formal education in all things 802.11, this is the place for you to start as well. You will fill any gaps in your knowledge and gain a well-rounded perspective of wireless network installation and maintenance. Should you have any questions along your journey, as always feel free to email me at carpenter@sysedco.com.



CWTS Certified Wireless Technology Specialist Study Guide



Exam Readiness Checklist
Official Objective Study Guide Coverage Ch # Pg #

Wireless Technologies Standard and Certifications Define the roles of the following organizations in providing direction and accountability within the wireless networking industry. Define basic characteristics of Wi-Fi technology. Summarize the basic attributes and advantages of the following WLAN standards, amendments, and product certifications. Hardware and Software Identify the purpose, features, and functions of the following wireless network components. Choose the appropriate installation or configuration steps in a given scenario. Identify the purpose, features, and functions of the following client devices. Choose the appropriate installation or configuration steps in a given scenario. Identify the purpose, features, and functions of and the appropriate installation or configuration steps for the following types of antennas. Radio Frequency Fundamentals Define the basic units of RF measurements. Identify factors that affect the range and speed of RF transmissions. Define and differentiate between the following physical layer wireless technologies. Define concepts that make up the functionality of RF and spread spectrum technology. Basic RF Mathematics RF Range and Speed Factors RF Physical Layer Technologies RF and Spread Spectrum Functionality 2 2 2 3 67 53 72 113 Wireless Network Components 4 127 Wireless Organizations 1 16

Characteristics of Wi-Fi Technology Wireless Standards and Product Certifications

3 1

87 24

Client Devices and Software



Antenna Types








Exam Readiness Checklist
Official Objective Study Guide Coverage Ch # Pg #

Identify RF signal characteristics and the applications of basic RF antenna concepts. Describe the proper locations and methods for installing RF antennas. Identify the use of the following WLAN accessories and explain how to select and install them for optimal performance and regulatory domain compliance. Site Surveying and Installation Understand and describe the requirements to gather information prior to the site survey and do reporting after the site survey. Define and differentiate between the following WLAN system architectures and understand site survey concepts related to each architecture. Identify and explain best practices for access point placement and density. Define the need for and the use of a manual site survey tool and differentiate between the following manual site survey types. Differentiate between manual and predictive site surveys. Define the need for and use of a protocol analyzer in a manual site survey as it relates to the following. Differentiate between site surveys involving networks with and without a mesh access layer. Define the need for and use of a spectrum analyzer in a manual site survey. Identify limitations on hardware placement.

RF Signal Characteristics Antenna Placement Antenna and RF Accessories

2 4 4

59 178 175

Understand and Describe the Requirements Define WLAN Architectures





Manual Site Survey Types



Site Survey Types Using Protocol Analyzers

6 6

237 241

Wireless Mesh Access Layers Using Spectrum Analyzers Hardware Placement



6 7

244 293



CWTS Certified Wireless Technology Specialist Study Guide



Exam Readiness Checklist
Official Objective Study Guide Coverage Ch # Pg #

Understand industry best practices for optimal use of directional and omnidirectional antennas in site surveys. Applications, Support, and Troubleshooting Identify deployment scenarios for common WLAN network types. Recognize common problems associated with wireless networks and their symptoms, and identify steps to isolate and troubleshoot the problem. Given a problem situation, interpret the symptoms and the most likely cause. Identify procedures to optimize wireless networks in specific situations. Security and Compliance Identify and describe the following WLAN security techniques. Regulatory compliance.

Using Antennas in Site Surveys



Wireless Applications, Installation and Configuration Procedures Common Problems and Solutions

1, 7

4, 268 295


Procedures for Optimizing Wireless Networks Identify and Describe WLAN Security Techniques Regulatory Compliance



9, 10

352, 401 223



01 1.02 1.03 Wireless Applications Wireless Organizations Wireless Standards and Product Certifications ✓ Q&A Two-Minute Drill Self Test .1 The Wireless World CERTIFICATION OBJECTIVES 1.

To understand where we are today. so now the question becomes. we begin by investigating the relevant discoveries related to infrared light and radio waves. . If you haven’t been swept up by the waves yet. Wireless networking is popular and growing. Finally. These cityprovided networks are often called “muni” networks because they are provided by municipalities.16). Wireless networking and longer battery life (particularly in PDAs and mobile phones) mean more on-the-go computing than ever before. “How did we get here?” In this chapter. the two wireless-based technologies can certainly cooperate to bring wireless Internet and other services to needed areas. For this reason. I begin by providing the answer to this question through a discussion of the history of wireless communications in brief.11) and WiMAX (802. has freed us to experiment with new business models and social structures. W History of Wireless Communications You might be tempted to think the journey to mass wireless network usage has been a short one. Then you will learn about the common uses of wireless technologies today and the various wireless organizations and standards. many municipalities are considering the provision of wireless Internet for their citizens and businesses. you will review the networking basics needed to understand and make use of the ideas covered in the rest of this book. In recent times. The ability to communicate electronically with people around the globe. and with the introduction of WiMAX and similar technologies. You can connect to wireless networks in nearly every major city. Wireless networking is now practically ubiquitous and it’s here to stay. many have started to question the job security provided by an Information Technology career. Today’s wireless networks use light or radio waves to carry data through the apparently invisible medium of air. but in reality it has been a long journey covering many milestones and centuries of time. While there is a big difference between Wi-Fi (802. without the need for cables and attachments. you are sure to be soon. it is helpful to discover the historical developments that have led to modern wireless networks. but with infrastructure-based technologies—such as wireless—you can rest assured that people skilled in the wireless craft will continue to be needed. Many private organizations are providing wireless access as well.2 Chapter 1: The Wireless World e’re living the dream.

you’ve seen the concept of disturbance-based wave forms. Infrared light includes the portion of the electromagnetic spectrum that reaches from just below the visible red light range to the microwave range. you are using electromagnetic waves. While living a short life. Sir William’s discovery was even greater than he realized because he had actually discovered another portion of the electromagnetic spectrum (the infrared spectrum) beyond that of visible light—a fact that remained unknown for another 30 years. . watch broadcast TV. founded on the research of Faraday and Ampère (an early researcher in the field of electromagnetism) coming before him. This infrared range is used by so many wireless technologies that it was included as a possible physical layer (PHY) technology in the IEEE 802. If you have ever seen a wave in the ocean or a ripple effect in a pond. and many other implementations supporting specifications put forth by the Infrared Data Association (IrDA). Born in 1831. but his most influential discovery related to wireless technology was made in 1800.History of Wireless Communications 3 Infrared Discovery Sir William Herschel was a musician and an astronomer. infrared light. His discoveries and theories related to astronomy. Today. laptop computers. Maxwell’s discoveries related to electromagnetism. Any time you listen to the radio. In much the same way. Maxwell took the concepts of Faraday (the creator of the electromagnetic field concept). of just 48 years. Today. remote controls. the electromagnetic spectrum includes visible light. radio waves. theorized that these electromagnetic waves traveled at roughly the speed of light. and physics. cook your dinner in a microwave oven. the infrared PHY was never implemented and is not covered in the CWTS examination or this book. and proposed that light itself was a form of electromagnetic disturbance. mathematics. provided us with the formulas and theories to begin testing various wireless systems. Electromagnetic waves carry information without wires and are used in most major wireless communications today. However. infrared light is used to create one form of wireless communications and is included in PDAs. which proved to be correct. These waves were explored in depth by James Maxwell. Electromagnetic Waves The next big discovery leading to wireless capabilities was that of electromagnetic wave theory. when he discovered what is now called infrared and the concept of light that is invisible to the human eye. James Clerk Maxwell had a tremendous impact on the scientific world.11 standard. or communicate on a Wi-Fi network. to the next level. and Herschel (the discoverer of infrared radiation) to a lesser degree. and more. He codified electromagnetism as a series of mathematical formulas. electric and magnetic fields join to create a disturbance known as an electromagnetic wave. by today’s standards.

4 Chapter 1: The Wireless World Heinrich Hertz. which resulted in greater security through lack of availability. This honorary naming is where we get terms such as kilohertz and megahertz. Because of his discoveries. In Chapter 2. As the hardware became more readily available in the 1970s. security was provided by the lack of available hardware needed to interpret the radio frequency signals. the cost decreased. These discoveries and efforts brought us to the point where we could begin to transmit signals without physical connections. wireless communications were of great interest to the military and there was very little focus on the subject in the private sector. The telegraph amazed many. use outside the military was not feasible for many years. The advantages to the military were many. CERTIFICATION OBJECTIVE 1. . the term used to measure radio and electrical frequencies was named after him. just remember that you could not use the wireless communications you do today without these exceptional discoveries. Unique encoding techniques could also be used. a German physicist destined to an even briefer life than Maxwell of just 37 years. since these systems were so expensive. including carrying messages to the front lines and using satellite or long-distance communications for global coordination. you’ll learn more about electromagnetic waves in greater detail as you read about radio frequency fundamentals and behavior. but the ability to communicate without wires was about to change everything. you can almost always reduce costs overall. Military Use From 1920 to 1980. This cost reduction is an excellent benefit of wireless networks. For now. Maxwell revealed that these invisible forces can be calculated and theorized about. and Hertz empowered us to develop radio technologies by discovering that electromagnetic waves could carry electricity. Sir William showed us that there are invisible forces around us.01 Wireless Applications There are many benefits of wireless technology for small and large organizations today. would build on the discoveries of Maxwell by proving that electromagnetic waves actually travel at approximately the speed of light and that electricity can be carried on these waves. In these early days. When you can reduce hardware costs or time requirements. but the cost of the wireless equipment was prohibitive in and of itself. However. and this resulted in greater use in the private sector.

planes. While early wireless technologies were very feature limited. . and automobiles) ■ Personal area networks ■ Voice over Wireless LAN The primary focus of this book is on basic WLAN technologies. and wireless equipment. Home Office One of the most beneficial uses of wireless networking technology. and certainly an early adoption group. 802.Wireless Applications 5 A second area of benefit is mobility. Inexpensive wireless devices now include the latest security capabilities and radios that are as powerful and stable as those in the most expensive devices of the past. The CWTS certification tests your knowledge on the fundamentals of radio frequency.11 standards. but newer technologies make roaming seamless and accurate. more important. Popular areas of wireless use today include the following: ■ Small office. modern wireless solutions are feature rich. limited space and technical capability. In the early days. home office (SOHO) space. As the price of wireless hardware has decreased. giving most organizations an excellent return on investment. Small Office. The ability to be mobile and remain connected to the network is an efficiency gain as well as a convenience for those who must move around to do their jobs. the number of features has increased. home office ■ Network extension ■ Building-to-building ■ Public wireless hotspots ■ Mobile offices ■ Classrooms ■ Industrial sites ■ Healthcare ■ Municipal and law enforcement connectivity ■ Corporate data access and end-user mobility ■ Last mile delivery: Wireless ISP ■ Transportation networks (trains. moving often meant losing your wireless connection and having to reassociate. SOHOs have limited budgets and. is in the small office.

all of this hassle is eliminated. and/or floors. This hardware requires space. you may be able to provide adequate coverage to the systems. Depending on the needed coverage. Now. and these networks serve their needs exceptionally well. The benefits of wireless to SOHO organizations include the following: ■ Reduced implementation costs over wired networks ■ Shorter implementation times than wired networks ■ Less space required for equipment and cabling Implementation costs are reduced because it doesn’t take as much time to implement a wireless network as it does to implement a wired network.6 Chapter 1: The Wireless World Because of this. ceilings. they want to use PDAs and Tablet PCs to perform inventory management and tracking. costs are greatly reduced as well. . By installing one or more wireless access points in the new area. which is a valuable commodity to the average SOHO. For this reason. as networking was not expected at the time of construction. the cost of running cables and power can be expensive. but they need to extend their existing network throughout the warehouse. which means they must pay moderate to high consulting fees to install and use most technologies. If current wireless standards provide you with the needed bandwidth and response times. However. To prevent this cost explosion. Network Extension Many organizations have existing wired networks. wireless networking will save you the additional costs of running cables and power to the points of access. tremendous benefits come from implementing wireless networking in these environments. Wireless networking may provide an exceptional solution in this situation. you could place access points in strategic locations with omnidirectional antennas to provide complete coverage for the warehouse or you could install semidirectional antennas aimed down corridors. Most SOHO companies have no technical professionals on staff. Either way. You have to install hubs or switches in the closets or in work areas. Imagine the scenario where an organization built a warehouse on their property more than 30 years ago. you must also install cabling in the walls. By reducing the implementation time. the SOHO market has often led the way in wireless implementations. if coverage is adequate when using this model. Another situation demanding network extension is new technology implementation. They have no cables running throughout the building. wireless networking may be utilized. When you install standard wired networking. if a company’s current facilities are expanded.

usually. Building-to-Building Another expensive networking connection point is the connection between buildings. When creating a PTP connection. These connections can reach across the street or across the town. In either case. FIGURE 1-1 Point-to-point and point-tomultipoint Site 1 Point-to-Point (PTP) Site 2 Site 2 Point-to-Multipoint (PTMP) Site 1 Site 3 . you need to use semidirectional or highly directional antennas. you have to run the cable at a later time. wireless line-of-sight (LOS) must exist and communication frequencies must be available. Point-to-Point There are two ways to implement building-to-building connections (also known as bridging). depending on the technology used. at greater expense. Figure 1-1 demonstrates a PTP connection. antennas aimed toward each other are installed on each building. With wireless networking. In this scenario. The first type is called point-to-point (PTP).Wireless Applications 7 You will also get the added bonus of mobility for the inventory-management workers as they roam throughout the warehouse with their PDAs or Tablet PCs. In order to use this solution. If the buildings are far apart. If the cable is not placed during initial construction. leased lines might be required. costs or maintenance will be a continuing burden. This provides a connection between the two buildings but does not provide for connections with more than two buildings or locations. an organization can install equipment to bridge the networks quickly and easily. incurring ongoing monthly costs for the organization.

if not most. These devices are often called hotspot gateways. In a scenario where you have a PTP connection from a first building to a second building and then another PTP connection from the second building to a third building. of these are inadvertently giving wireless Internet access.8 Chapter 1: The Wireless World Omnidirectional antennas may also be used to form a PTP connection. while others are free and secured. or a mixture of these. PTMP implementation is similar to that of a star topology on a wired network. and even government installations that are not properly secured. Public Wireless Hotspots A Wi-Fi hotspot provides wireless Internet access in public areas. Examples of these inadvertent networks include homes. When implementing PTMP connections. you use one omnidirectional antenna with multiple semidirectional or highly directional antennas. this does not mean you have a PTMP building-tobuilding configuration. from coffee shops to libraries to public parks. . Point-to-Multipoint The second choice in building-to-building connectivity is point-to-multipoint (PTMP). pay-as-you-go. authenticate users. This is true regardless of how you might route the data on the network. businesses. because you do not have a single omnidirectional antenna receiving communications from each of the other buildings. These hotspots are found everywhere. Specialty devices exist that can print receipts. For example. There are many locations where you can connect to a wireless network. they all fall into one of these two categories. you still have a structure consisting of multiple PTP connections. however. About 75 percent of the energy will be propagated in the wrong directions. you may configure the routing tables to allow systems at the first building to communicate with systems at the third building. Yet other hotspots are subscription-based. It is important to remember that a hotspot is defined as a wireless network that is intended to give wireless Internet access either free or for a fee. PDAs and laptops are usually the devices used to connect to hotspots. Some hotspots are free and open to anyone. with the omnidirectional antenna acting as the hub or central point of communication similar to that depicted in Figure 1-1. and even disconnect users after time limits expire. but they will not allow for links covering as great a distance as directional antennas. but many. Although there are many possible implementations of building-to-building wireless connections.

These sites will pay a fee in order to be in the walled garden. be very cautious and ethical. in disaster zones. I know I love this model when I encounter it in my travels. In the United States. etc. and you should. I am actually referring to those providers (libraries. . If you access a network that is open but not intended for your use. Mobile offices are used during construction. municipalities. This is very common today in airports. with the exception that it is usually temporary. and other items to the individuals who come to the hotspot location for Internet access. you may be breaching local or regional laws. and in other such scenarios where you need to have network access with little installation time or complexity. Starbucks is probably the most well-known enterprise using this model. NOTE: I am not referring to stealing network access. The fees are distributed among the participating hotspots according to the amount of traffic the various hotspots generate. anyway. for instance. on hunting trips and vacations (am I the only one?). airports. music. This model profits from both the fee for access and the sale of items in the area where access is provided. therefore. the SonicWall TZ190 supports wireless WAN PC cards so that you can route a local network out to the wireless WAN Internet connection. though I’m happy to say that my local Columbus. This model assumes that people will love you for giving them free Internet access and that love is reward enough. airport is providing free wireless Internet access (the philanthropist model)—for now.) that really are intending to provide you with network access. This model profits from the sales of items like coffee. ■ Traffic generation ■ Walled garden model ■ Mixed ■ Philanthropist model Mobile Offices The mobile office installation is similar to a SOHO installation. The concept is to allow connected devices to browse a select group of Internet sites. Following are a few examples: ■ Paid access This model profits from the fees for access to the Internet. Interesting devices are on the market that can assist in these mobile office installations.Wireless Applications 9 There are many business models associated with the implementation of a hotspot. books. Ohio. This is currently being implemented by many hotels and retail outlets.

Classrooms Educational organizations were among the first to begin wireless LAN (WLAN) implementations.or 8-port switch. WLANs have become an expected benefit. (The really exciting moment will occur when computer projectors are able to run for hours from small. you could connect a wireless access point to the LAN port on the SonicWall TZ190 and have wireless connectivity on both sides: a wireless LAN routed to a wireless WAN installed in minutes. battery-based power supplies. The future looks even brighter with the newer batteries and lower power consuming laptops giving us four to six hours of battery life. as laptops become more power efficient and batteries become more enduring. schools can allow their teachers to work from anywhere and not be locked to their desks. but it requires carrying along a few extra batteries. On college campuses. when I teach a class. I can just share my presentation folder on the ad hoc WLAN that I’ve created with my students. It will not be long until you can attend a training class that lasts two or three days and use your laptop every day without ever plugging it in to recharge the batteries. I can do that now. The students take whatever slides or documents they desire and then display them on their laptops. Today. so you can actually install a wireless LAN as well as a wired LAN and have both routed to the wireless WAN ISP in less than ten minutes—assuming you’ve preconfigured the device. Students can access both the Internet and intranet sites in order to do research or submit assignments. Once a WLAN is implemented.11g .10 Chapter 1: The Wireless World Using a device like the SonicWall TZ190 as the gateway to a wireless WAN ISP means that you can set up a LAN that has access to the Internet in a very short time window. This SonicWall TZ190 is just one example of the newer devices that are making mobile office setup much faster and easier.11b or 802. Laptops can be taken to auditoriums where Internet demonstrations can occur on large projected screens without the need for Ethernet cabling. These devices usually come equipped with a built-in 4. I remember teaching classes in the 1990s (it seems so long ago) and having to provide presentation slides and handouts to attendees in either printed form or using previously developed CD-ROMs. it means that we can use wireless technologies for even longer periods of time. Many colleges publish maps that show the coverage areas of the WLAN so that students and faculty can be sure they plan to have a meeting or personal time in a covered area.) Of course. Additionally. Many schools now require students to have a laptop with an 802.

which includes the CWTS. The cart includes the needed wireless AP or router to connect to the wired network and a collection of laptops that can be used by the staff and students. and they often have the ability to install and configure SOHO-class wireless routers such as the popular Linksys WRT-54G. Those who request it may be asked to sign agreements that they will not install certain type of devices.11b. For this reason. Of course. In K–12 educational institutions. These environments have often existed for many years and lack the proper cabling to reach even the speeds that wireless LANs can currently provide. When the students install these routers. Many students never request that one be enabled. it is also common to have a point-of-presence (POP) cart. I will remind you of this so that you are well prepared for the exam. such as wireless routers. For example. Enterprise-class rogue detection systems can also be used when the budget provides for them. The CWNP program.Throughout this book. is moving away from using the common industry terms for the different standards. Industrial Sites Warehouses and manufacturing environments are excellent applications of WLAN solutions. This configuration provides mobility and ease of access. and that they will be subject to dismissal if they breach the agreement.11 standard. which is HR/DSSS. A difficulty in college and university environments is controlling the rogue WLANs. since they have access to the authorized WLAN. Many students are entering college today with an advanced knowledge of computers. and CWNE certifications. At the . CWSP. The Ethernet ports are often left in a disabled state until the student requests for them to be enabled. these wireless routers don’t really benefit the students if there is no wired Internet connection to which the router can be connected. instead of referencing the HR/DSSS physical layer as 802. while others require it only for students taking computer-related or computer-dependent classes. many schools are implementing strict rules in relation to the enabling of Ethernet ports in dorm rooms. the routers can cause interference problems with the school’s authorized WLAN. you are more likely to see the exam referencing the actual name of the physical layer as stated in the 802.Wireless Applications 11 network card. CWNA. This can be successful in deterring many would-be rogue WLANs.

emergency networks and WLANs located in headquarters buildings can still take advantage of license-free standard WLAN technology. but they also improve the healthcare provided by the hospital. wireless abilities provide tremendous opportunities. so newer equipment supporting the more recent security provisions will be needed. so an effective site survey is essential. Healthcare Hospitals can benefit from wireless LAN technology in order to have roaming access to patient records as well as pharmacy inventory information. however. A doctor can prescribe medicines and send the hospital pharmacy instant notification of that prescription. Wireless LANs still have a long way to go to catch up to the speed of wired LANs. A nurse can report on a patient’s condition from his or her room to a centralized database without having to physically connect to the network. There are many scenarios in which the mobility provided by wireless networking is advantageous. In the world of healthcare. Corporate Data Access and End-User Mobility The speeds of wired networking technologies have increased over the past two decades to the point that having gigabits of bandwidth is not unusual. and nurses can give instant digital feedback using PDAs as they make their rounds throughout the hospital. Of equal importance. they provide an exceptional advantage in mobility. however. Medical prescriptions can be sent to the hospital pharmacy directly from the patient’s rooms. motors and equipment used in these environments can cause interference problems. Imagine being able to enter items into inventory from any location in a warehouse facility. Storage racks and other materials in and around these types of environments can also be problematic. Of course. Can you imagine moving around your facility and plugging a cable into a port every time you need to access the network? This would be both frustrating and time consuming. Municipal and Law Enforcement Municipalities and law enforcement communications usually take place in licensed or reserved frequencies. .12 Chapter 1: The Wireless World same time. security will be a top priority in healthcare installations. These capabilities not only improve efficiency. you can make provisions to remove items from inventory in an automated fashion such that no human need be involved.

11 use different frequencies (if the 802. and it will be up to the subscribers whether they wish to use IEEE 802.11 technologies within their house or business.16). assuming proper wireless coverage has been provided. WISPs may use IEEE 802. from the operations center to the delivery area and then use IEEE 802. These are just a few of the many mobility benefits introduced with wireless networking. without wireless. It can be very expensive and.11 devices use the 2. or they may use other wireless technologies. Figure 1-2 demonstrates the benefit of wireless mobility in an inventory-management scenario. Often these WISPs will also lease bandwidth to businesses that require Internet access but are too far from DSL stations and have no other options. . there should be no conflicts or interference. You can roam throughout the building with full network capabilities from any location. Some WISPs will use WiMAX all the way to the end destination.11 technologies for the entire delivery. like WiMAX (IEEE 802.4 GHz spectrum). Wireless Access Point Inventory Worker These advancements allow for reduced costs and greater accuracy in inventory management. sometimes impractical.11 technologies within the delivery area. you can move your laptop from your office to a conference room—no cables needed. WISPs often fulfill the need at the last mile. Have you ever been in a meeting and wished you could connect to the network and retrieve that file you forgot to bring along? With a wireless network.Wireless Applications 13 FIGURE 1-2 Wireless mobility in an inventorymanagement scenario Inventory Management Server W ire dL AN Uses a wireless PDA for inventory management. Last mile refers to the last section that must be spanned to reach remote customers. Because WiMAX and IEEE 802. Last Mile Delivery: Wireless ISP A wireless Internet service provider (WISP) is an Internet service provider (ISP) that is accessed using wireless technologies.

Wireless technologies provide an excellent solution to the problem of last-mile delivery of Internet access.14 Chapter 1: The Wireless World To help you understand last-mile delivery. and many automobile manufacturers are looking for ways to utilize WLAN technology in their vehicles. A PAN is a computer network consisting of various computers and devices generally used by one individual. so the applicability is limited to personal devices. including the master device. When using Bluetooth. We lived on a very old country road (the road was named Thomas Run Road. The most obvious example of a last-mile WISP is Verizon EVDO (though this service may be better classified as a carrier service). Personal Area Networks Short-distance devices. It’s no different for the Internet today than it was for electricity then. It was not paved. and Infrared.15. The electric company required that he pay the fee. this PAN is called a piconet. hence the concept of personal area networks. allow for communications between PDAs and computers as well as various other devices. usually referred to as personal area network (PAN) devices.5 miles from the nearest paved road. These devices . I’ve been in very remote country areas where this service was available. Transportation Networks Business commuters are expecting more from their travel providers. We lived in the last house on the road. Among the PAN standards are Bluetooth. Commuter trains already have Internet. but it was named after a creek that ran alongside it and not after the fact that I ran along it). A piconet is limited to eight devices. which is the first device in the piconet. Using the existing towers for cell phone access. consider the home where I grew up in West Virginia. since there were no other houses close to ours. when I was 12 years old. it was a gravel road. This is an example of the problems related to last-mile delivery. organizations such as Verizon Wireless can implement wireless Internet connections in some of the most remote areas imaginable. Can you imagine pulling out of your garage only to have your car detect that you have only a half gallon of milk available? Furthermore. I remember that my father had to pay a large fee just to get electricity to the house. 802. Airlines are implementing WLAN Internet access in-flight. which was approximately 2. but the potential is very real. The distance of most PANs is only a few meters. can you picture how this car may detect that you are passing by a store that has milk on sale? This concept is not in use today.

You should also know that VoIP is often called IP telephony or Voice and Data Convergence. Another problem with VoIP in wireless networks is that of roaming.11e standard provides the much-needed Quality of Service (QoS) specifications that allow for packet prioritization and. without the installation of special telephone wiring. speakers. so QoS management is a must-have feature in VoWLAN implementations. and other generally small and locally used devices. The 802. headsets. The creation of wireless networks combines with VoIP to create what is being called Voice over Wireless LAN or VoWLAN. While you could. highly directional antennas utilizing the appropriate 802. MP3 players. The degradation can exceed that of cellular technology. this is not the common implementation or suggested use of Bluetooth technology. The handoff from one access point to another must happen quickly to avoid interrupting communications. While many users have become accustomed to lesser-quality voice communications because of cellular technology. this would be beyond the intention of the designers. people can collaborate no matter where they happen to be because of the convergence of two modern technologies: Voice over IP (VoIP) and wireless networking. In both cases.11 standards are more effective by today’s standards. VoWLAN quality can degrade rapidly when many people are using the service at the same time. For long-distance connections such as this. The 802. With the introduction of VoIP. was made possible. . Some organizations are referring to this as wVoIP for wireless Voice over IP instead of VoWLAN. improved quality for VoWLAN. which gives you the ability to communicate with anyone from anywhere. the same concept is being implemented. which will allow for smooth roaming around a wireless network. While long-distance connections of more than a half mile have been demonstrated. theoretically. Voice over Wireless LAN Today. the ability to communicate internally with anyone. therefore. create a peer-to-peer network using Bluetooth.11r amendment provides standardization of Fast Transitions. joysticks (such as Nintendo Wii controllers).Wireless Applications 15 include PDAs.

In the United States. standardizing. and the organization developed more than 900 active standards utilized in these areas of study. directed toward the advancement of the theory and practice of electrical. and computer engineering. Remember. The constitution of the IEEE defines the purpose of the organization as scientific and educational. electronics. some are in the private sector. The IEEE produces approximately 30 percent of the world’s literature in the electrical and electronics and computer science fields. it defines the technology you will utilize to build a wireless network based on FCC regulations or rules. as well as computer science. that there should be a number of organizations aimed at improving.02 Wireless Organizations Organization provides the logical structure to get things done. The organization divides a given technology into many working groups. communications. For example. and the related arts and sciences. the allied branches of engineering. The IEEE defines the standards that help you work within the rules set by the FCC. These working groups are commissioned to develop operational standards for effective use of the technology under consideration. the IEEE does not define the rules. It is fitting. the 802. this is the realm of the FCC. then. and others combine various organizations public and private. These organizations include the ■ IEEE ■ Wi-Fi Alliance ■ Regulatory domain governing bodies IEEE The Institute of Electrical and Electronics Engineers (IEEE—pronounced eye-triple-e) creates standards for many technologies to operate within the regulatory guidelines of the countries in which the standards will be applied.11e working group is focused on implementing QoS features needed in certain wireless networking technologies such as VoWLAN and streaming multimedia. .11 specification for wireless networking.16 Chapter 1: The Wireless World CERTIFICATION OBJECTIVE 1. Some of these organizations are governmental operations. The IEEE creates and manages the popular 802. and advancing the use of wireless technologies.

The reason most hardware vendors list the amendment rather than the PHY is twofold.11a task group. This brings us to the answer to our question: What are all those letters? The letters represent a working group (or task group) that was or is responsible for the development of amendments to the standard.4 GHz spectrum. For example. The 802. it means that the device supports the HT (high-throughput) PHY introduced in that amendment. consider the 802.11. Many of the changes are indeed made to improve clarity or accuracy.11 standard so beautiful from an engineering perspective. This amendment added information to sections outside of clause 18. If another device says it is compatible with 802. This extreme variance is what makes the 802. many changes or additions also completely change the possible behavior of the devices operating according to the standard.Wireless Organizations 17 INSIDE THE EXAM What Are All Those Letters? The IEEE develops standards and documents these standards in published book-length electronic and printed documents. Even though the PHY was specified in clause 18. An amendment may add completely new sections to the standard. which was the clause that specified the high rate/direct sequence spread spectrum (HR/DSSS) physical layer (PHY).11-1997.11b amendment that was released in 1999.” Do you see the difference? The latter phrase brings both clarity and accuracy to the statement. however. many amendments have been released. a device may state that it is 802. As a simple example. which means that it supports the ERP (extended rate physical layer) PHY. in section 9. The first edition of the 802. but it may—and usually does—change existing sections as well.11 standard was released in 1997 and is often called IEEE 802.11b task group delivered an 11 Mbps data rate in the 2. Since then. Many devices will list the amendment letter instead of the PHY supported by the device.2 the phrase “All STAs shall receive all the data rates” was changed to “All STAs shall be able to receive and transmit at all the data rates.11g task group delivered a 54 Mbps data rate in the 2. To be able to adapt to different data rates and encoding methods while continuing to support older hardware is a true thing of beauty. (continued) .11a task group was charged with providing a 54 Mbps data rate in the 5 GHz spectrum.11n. The 802.11g compatible. The standard that defines the Wi-Fi networking technologies is 802.4 GHz spectrum by borrowing from the modulation schemes used by the 802. and the 802. changes had to be made to other clauses to make the existing standard compatible with both the original DSSS and the new HR/DSSS. For example.

The 802. It certifies equipment as amendment (for instance. As you prepare for the CWTS exam. Instead.11r amendment specifies new roaming procedures for Fast Basic Service Set Transition (FT).11i and 802. The Wi-Fi Alliance does not acknowledge such a meaning. 802.11b. Examples of this include 802.11a) certified. formerly known as the Wireless Ethernet Compatibility Alliance. should you choose to go on to the CWNA certification.11 standard. While an in-depth understanding is not required to pass the CWTS exam. and 802.11a. you will need to master the features and functions of the full 802. which does include these many different letters. the Wi-Fi Alliance promotes the freedom of networking without wires and the confidence of doing it by purchasing equipment with the Wi-Fi logo. Also. The term Wi-Fi itself is often said to be short for wireless fidelity. and second.11g devices. The name is simply the name. amendments may add features other than new PHYs.11 standard. These two amendments are among the most important added to the 802.11i amendment specifies new security procedures that replace the weak WEP encryption suggested by the original 802. This 802. The Wi-Fi Alliance. various organizations have been created to do just that. the knowledge gained will be priceless as you begin to purchase new hardware and software for your environment. Products meeting certain interoperability requirements set forth by the Wi-Fi Alliance may place a logo on their packaging indicating such. the Wi-Fi Alliance does not certify equipment as ERP certified. Additionally. 802. was formed to promote and test for the interoperability of 802.18 Chapter 1: The Wireless World INSIDE THE EXAM First. . The 802.11 standard. Wi-Fi Alliance Because the IEEE defines standards but does not evaluate hardware or software to verify compliance with the standards. amendments change more than just the PHYs.11r.11r amendment allows for roaming speeds that are compatible with the demands of VoIP networks. pay close attention to the new technologies introduced by the newer amendments.

(2) to promote and market these technologies to consumers in the home. and enterprise markets. and wire.11-based technologies. The Federal Communications Commission is an independent United States government agency. and country levels within the United States. governments exist with similar hierarchies or with a single level of authority at the top level of the country. directly responsible to Congress. as a term.11 technologies in their wireless networking products. Wi-Fi should not be considered a catch-all term for all things wireless. it is the Office of Communications. this organization is the Federal Communications Commission. county. there are governing bodies at the city. Regulatory Domain Governing Bodies A regulatory domain can be defined as a bounded area that is controlled by a set of laws or policies. The following sections outline just four of these governing bodies and the roles they play in the wireless networking industry of their respective regulatory domains. The FCC is a government body within the United States that is responsible for overseeing and regulating the use of communications technology. and last but certainly not least. Wi-Fi. Currently. (3) to test and certify Wi-Fi product interoperability. In the UK.S. state. SOHO. possessions such as the Virgin Islands and Guam. The FCC was established by the Communications Act of 1934 and is charged with regulating interstate .11-based systems only and not other technologies such as WiMAX.Wireless Organizations 19 The Wi-Fi Alliance formally states their purpose as being threefold: (1) to promote Wi-Fi worldwide by encouraging manufacturers to use standardized 802.gov. Charged with the regulation of interstate and international communications by radio. The regulatory domain covered by the FCC includes all 50 of the United States as well as the District of Columbia and other U. In Australia. should be used to reference 802. satellite. According to their web site at www. cable. these governments have assigned the responsibility of managing communications to a specific organization that is responsible to the government. In many cases. it is the Australian Communications and Media Authority. the FCC has a large body of responsibility. FCC The Federal Communications Commission (FCC) was born out of the Communications Act of 1934. In other countries. television.FCC. or IrDA. Bluetooth. The intention of the Wi-Fi Alliance is to support and promote 802. In the United States.

Because WLAN devices use radio wave communications. wire. you should be familiar with the regulations and limitations imposed when you implement any wireless technology.4 GHz. satellite and cable. For now. you must abide by the regulations set forth by the FCC. and there are indeed a limited number of frequencies. The FCC regulates where on the radio frequency spectrum wireless LANs can operate. the transmission technologies they can use.S. but you should know the constraints they impose. The need for an organization such as the FCC becomes obvious when you consider two factors: shared air space and limited frequencies. they fall under the regulatory control of the FCC. an organization such as the FCC disallows the use of certain frequencies without a license (legal and official allowance for use). because it will be a communication by radio. The unlicensed space is.20 Chapter 1: The Wireless World and international communications by radio. and 5. Lower. just as its name implies. what power level they can utilize. While you will not be tested on your knowledge of the FCC as an organization as part of the CWTS examination. They have identified two basic license-free sets of bands that are identified as the Industrial Scientific Medical (ISM) set of bands (915 MHz. 2. wide open for use by anyone. it is enough to know that a radio frequency is referenced . possessions. as no official governing body licenses this space. and how and in what locations different wireless LAN hardware can be implemented. You do not have to be a master of the FCC. and Upper). Middle.8 GHz) and the Unlicensed National Information Infrastructure (U-NII—pronounced you-nee) set of bands (5 GHz. the District of Columbia. and U. We all share the same air space. is simple: When implementing a wireless technology in the United States. The FCC’s jurisdiction covers the 50 states. The factors regulated by the FCC include ■ Radio frequencies available ■ Output power levels ■ Indoor and outdoor usage Radio Frequencies Available You will learn more about radio frequencies in Chapters 2 and 3. What this means. To guarantee certain frequencies for governmental and emergency services usage. which means we have to work with other networks close to us to ensure there are no conflicts preventing effective operations. television. in a nutshell.

You may have a WLAN installed for years only to have a nearby organization install a WLAN on the same frequencies you’ve been using.25–5.825 GHz Total Bandwidth 100 MHz 100 MHz 100 MHz 255 MHz 100 MHz License-Free Band ISM U-NII U-NII U-NII U-NII Unlicensed (License-Free) Bands Used by IEEE 802. but it is not. Hertz is the measurement of wave cycles per second. there is very little that can be done aside from some careful negotiations on wireless device placement and channel usage. Currently. This means that you can buy FCC-authorized equipment and install it in your environment without any required permits or fees. as long as this neighboring network is within FCC regulations.412 gigahertz (GHz) cycles 2.412. The reality is that.4 GHz is used by IEEE 802. as mentioned.11.Wireless Organizations 21 in hertz. there are eleven ISM bands at various frequencies throughout the RF spectrum. which can cause major contention on your network. TABLE 1-1 Frequency Band 2400–2500 MHz 5. The FCC regulates which frequencies may be used within the regulatory domain it manages.470–5. but only the one starting at 2.25 GHz 5. These license-free bands provide both a benefit and a disadvantage. Table 1-1 provides a summary of the ISM and U-NII license-free bands used by IEEE 802.725–5. The benefit comes from the fact that you are not required to obtain a license to communicate within these license-free bands.000 times per second.000.725 GHz 5.11 . I will provide more information about this in Chapter 6. therefore.35 GHz 5. It would be nice if we could even say that the use of the license-free bands is on a “first-come-first-serve” basis.15–5.11 and it is the frequency band most familiar to WLAN users. the disadvantage of using license-free bands is that others can also use them. This means you will have to deal with contention and interference issues and ensure that you have the bandwidth available for your intended purpose in the environment where you will be implementing the WLAN. The four U-NII bands exist in the 5 GHz frequency range and are all used by IEEE 802. the FCC provides two types of license-free bands for radio communications: the Industrial Scientific Medical (ISM) bands and the Unlicensed National Information Infrastructure (U-NII—usually pronounced you-nee) bands. However. a radio frequency of 2.11. For example.

4 GHz ISM band may be used indoors or outdoors. the 5. The regulations put forth by the Ofcom are based on standards developed by the European Telecommunications Standards Institute (ETSI). For now. TABLE 1-2 Band U-NII 5. However. The other U-NII bands can be used indoors or outdoors.25–5. the output power levels. Ofcom and ETSI The Office of Communications (Ofcom) is charged with ensuring optimal use of the electromagnetic spectrum. These two organizations work together in much the same way the FCC and IEEE do in the United States. within the UK.725–5. Table 1-2 gives a brief summary of the output power limits imposed by the FCC. Indoor and Outdoor Usage Finally. the output power is usually well under 1 Watt and generally resides in a range from 30 to 300 milliwatts.825 band is especially well suited for outdoor operations. The Ofcom provides documentation of and forums for discussion of valid frequency usage in radio communications. however. the FCC limits the 5.15–5.825 GHz Power Output Limits 40 mW 200 mW 200 mW 800 mW Area Usage Restricted to indoor operations Indoor/outdoor Indoor/outdoor Higher output power assumes outdoor operations Output Power Limits on the 5 GHz Frequencies . for radio communications. ARIB is responsible for regulating which frequencies can be used and such factors as power output levels.22 Chapter 1: The Wireless World Output Power Levels The FCC also regulates the output power levels of radio frequency devices within these license-free bands.725–5. The 2. The area usage of the U-NII bands is summarized in Table 1-2. you will want to remember that in the United States the FCC regulates the frequencies used. For indoor devices.470–5.25 U-NII band to indoor-only usage. In the end. and the indoor/outdoor usage limitations.25 GHz U-NII 5. I’ll cover output power concepts and regulations in more detail in Chapter 2. the Ministry of Internal Affairs and Communications (MIC) is the governing body over radio communications.15–5.725 GHz U-NII 5. the Association of Radio Industries and Businesses (ARIB) was appointed to manage the efficient utilization of the radio spectrum by the MIC. MIC and ARIB In Japan. and the output power at the intentional radiator cannot exceed 1 Watt.35 GHz U-NII 5.

1947. with a view to improving the efficiency of telecommunication services.Wireless Organizations 23 ACMA The Australian Communications and Media Authority (ACMA) replaced the Australian Communications Authority in July 2005 as the governing body over the regulatory domain of Australia for radio communications management. and financial resources needed to improve access to telecommunications services in such countries ■ To promote the development of technical facilities and their most efficient operation. and also to promote the mobilization of the material. increasing their usefulness. generally available to the public ■ To promote the extension of the benefits of new telecommunication technologies to all the world’s inhabitants ■ To promote the use of telecommunication services with the objective of facilitating peaceful relations ■ To harmonize the actions of Member States and promote fruitful and constructive cooperation and partnership between Member States and Sector Members in the attainment of those ends . The constitution of the ITU declares its purposes as ■ To maintain and extend international cooperation between all its Member States for the improvement and rational use of telecommunications of all kinds ■ To promote and enhance participation of entities and organizations in the activities of the Union. was designated as a United Nations specialized agency on October 15. and making them. and to foster fruitful cooperation and partnership between them and Member States for the fulfillment of the overall objectives embodied in the purposes of the Union ■ To promote and offer technical assistance to developing countries in the field of telecommunications. The ITU. so far as possible. ITU-R The International Telecommunication Union Radiocommunication Sector (ITU-R) is a Sector of the International Telecommunication Union (ITU). This is done by limiting output power on license-free frequencies and by requiring licenses on some frequencies. human. the ACMA is charged with managing the electromagnetic spectrum in order to minimize interference. Like the FCC in the United States. after an evolving history.

000 terrestrial frequency assignments. The ITU-R. there are many other standards you must be familiar with if you are to be an effective wireless network technician. specifically. the most important collection of standards providing wireless communications in local area networks (LANs) is the 802.11 specification put forth by the IEEE. the adoption of a broader approach to the issues of telecommunications in the global information economy and society. Ultimately. maintains a database of the frequency assignments worldwide and helps coordinate electromagnetic spectrum management through five administrative regions. CERTIFICATION OBJECTIVE 1.24 Chapter 1: The Wireless World ■ To promote. by cooperating with other world and regional intergovernmental organizations and those nongovernmental organizations concerned with telecommunication. These five regions are ■ Region A: The Americas ■ Region B: Western Europe ■ Region C: Eastern Europe ■ Region D: Africa ■ Region E: Asia and Australia Each region has one or more local regulatory groups such as the FCC in Region A for the United States or the ACMA in Region E for Australia. However.11g ■ 802. At a minimum you will want to know about the following standards and certifications: ■ Wi-Fi certifications ■ 802. at the international level.11b ■ 802.03 Wireless Standards and Product Certifications Without question. the ITU-R provides the service of maintaining the Master International Frequency Register of 1.11n .265.11a ■ 802.

It is important to remember that these systems can either run in 802.11 standard at 1 or 2 Mbps.This change is due to the fact that new 802.11 base standard is seldom seen alone in newer hardware. This original 802. When in 802. When operating at any other speed.11-compliant mode. that refers to them. These FHSS systems are known as clause 14 systems for the same reason DSSS is known as clause 15—it is the clause in the standard that refers to the FHSS systems.11-compliant mode or 802. . they are not in 802. including the CWTS certification. they are operating at 1 or 2 Mbps.11-based FHSS hardware is almost nonexistent and organizations are no longer implementing it as a new technology.11 working groups or amendments are based. FHSS systems are similar in that hardware vendors have created FHSS-based systems that communicate at more than 1 or 2 Mbps. Sometimes the DSSS systems are called clause 15 systems because this is the clause.Wireless Standards and Product Certifications 25 ■ Wi-Fi Multimedia (WMM) certification ■ WMM Power Save (WMM-PS) certification ■ Wi-Fi Protected Setup (WPS) certification ■ Push-button ■ PIN-based ■ Wi-Fi Protected Access (WPA/WPA2) certification ■ Enterprise ■ Personal Wi-Fi Certifications While the 802.11 standard also included specifications for infrared physical layers.11 standard. in the 802. but these systems should not be expected to operate well with standards-based FHSS systems.11-compliant mode.11-compliant if it can operate according to the 802. This original 802. A DSSS system is said to be 802. This is true even if the system can communicate at higher speeds such as 11 Mbps or 54 Mbps. You will not need to understand the details of the FHSS PHY for the newer CWNP certifications. it is the foundation on which the various 802.11-noncompliant mode.11 standard described direct sequence spread spectrum (DSSS) and frequency hopping spread spectrum (FHSS) systems that operated at 1 Mbps or 2 Mbps only.

11 standards. data rates may be lowered to 5. This supplement to the 802.11b standard.26 Chapter 1: The Wireless World There are many amendments or working groups for the 802.11g ■ 802.4 GHz ISM band frequency shared by 802. it is possible to use the 802. The 802.11n ■ 802.and medium-size businesses include ■ 802. In noisy environments.11 standard specified the use of a collision management technique known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/ CA).11b device. the actual throughput is generally somewhere around 6 Mbps for an 802.11b or HR/DSSS connections.11b The 802.11a ■ 802. and 802. Because of this.11b implementations are access-based in that there is a centralized antenna that connects and bridges multiple client devices within a confined space to a wired LAN or the Internet. or 1 Mbps.11 standard provides for up to 54 Mbps data rates. and they fall back to this functionality in situations that demand it.11g supplement detailed later) provide backward compatibility with the 802.11b supplement was ratified in 1999 and provides for data rates up to 11 Mbps using DSSS.11r ■ 802.11i ■ 802. 802. As I write this in early 2009. The most important of these to small. Because CSMA/CA generates overhead communications (sometimes called management traffic). 802. 2.11b today.11k 802.11b devices came to market quickly and saturated the wireless space. many environments still support.11b and .11b standard to implement point-to-point or point-to-multipoint buildingto-building networks.11b.11e ■ 802. however.11a was completed in 1999.11b still uses the same method. The original 802.11a Like 802. Most newer wireless devices (such as those based on the 802. With high-gain antennas. or require. Most 802. 802.5.11b ■ 802. but it uses the 5 GHz U-NII band frequency as opposed to the 2. many hotels still support only 802.

11a networks have communications overhead.11g uses OFDM instead of the DSSS used by 802. (ERP stands for extended rate physical layer. . clause 19 defines it as ERP-DSSS as opposed to ERP-OFDM.11a standard are 54. which is used when backward compatibility is not required. The benefit of this difference in frequency is that you can actually operate multiple wireless networks in the same air space.11 standard came in June 2003.11b/g support. 24.11a devices. When the DSSS modulation is used. an ERP PHY implementation must support DSSS for backward compatibility. therefore. but ERP-OFDM is actually a subclause within the clause that defines ERP in the amendment (clause 19).Wireless Standards and Product Certifications 27 802. 48.11g The ratification of the 802.11g has become much more popular than 802. 36. The data rates specified by the 802. 18.11b uses DSSS.11b: 802.11a. Data rates can also be reduced to accommodate noisy environments or communications over greater distances.) Many early books referenced the 802. 802.11b equipment and the two are not compatible.11a.11a standard did not begin shipping until 2001.11a uses orthogonal frequency division multiplexing (OFDM). However. Also similar to 802. which caused resistance to implementation based on the fact that many environments were already utilizing 802.11a networks will use the 5 GHz frequency space.11b/g or 802. is backwardly compatible with 802.4 GHz frequency and. 9. For example. Like 802. or around the mid 20s. Unlike 802. The 802.11a in one device. 802. The 802. many access points can run two radios to provide both 802.11g supports a 54 Mbps data rate with actual throughput being about half that. thereby supporting both client types.11b.11g PHY as ERP-OFDM. 802.11g uses the 2. The problem with this decision is the lack of backward compatibility with 802. 802.11b is the fact that 802. ERP provides the higher throughput due.11b/g devices cannot communicate directly with 802. Whereas 802. Devices incorporating the 802. This was not necessarily a fault of the standard or capabilities of 802.4 GHz frequency space. to better interference handling. 802.11a.11g. as there was an extended delay in the production of 5 GHz components needed to build the products. in large part. which means that actual throughput is in the mid 20s (approximately 24 to 28 Mbps). but they might be able to communicate through some bridging technique.11a. 802. and 6 Mbps. Like 802. You should realize that these clients cannot talk with each other directly. Many client devices also support multiple standards such as 802.11g PHY is technically called the ERP PHY.11. and the 802.11g supplement to the 802.11a in general use. Because of this backward compatibility.11a and 802.11b/g networks will use the 2.11b or the FHSS used by 802.

Only a ratified standard or amendment can be considered stable. For example. The time between the original 802.11n amendment has been long in the making. however. you might configure FTP access as a low-priority class and streaming media as a high-priority class. which are used to give priority to specific data types. The HT PHY takes advantage of a phenomenon in wireless communications called multipath.11n amendment. brilliant engineers and scientists have developed ways. The data is modulated and 802. It has already been nearly six years and the 802. The standard is specifically aimed at 802. DSSS. and HT in Chapter 2. modulation scheme. however.11n The 802. 802. ERP.11b and the ratification of 802.11b amendment operating at a maximum of 11 Mbps was just about two years.11 Wi-Fi networks and is intended to provide greater support for time-sensitive applications such as streaming media and VoWLAN. This PHY provides for up to 600 Mbps data rates with enough radios and antennas.11b. it is important that you also space or the 5 GHz frequency space.11g was about four years.11n amendment is still in its draft form. The 802. The 802.11n amendment introduces the High Throughput (HT) PHY.11 actual modulation employed is the OFDM specification: 802. 802.11n. HT devices may use the 2. 802. They understand the basic differences between may use from one to four antennas. to You will learn more about turn this disadvantage into an advantage. A draft amendment has not been ratified and may be changed before it is ratified. the maximum data rate supported is 600 Mbps.11e As a draft standard. organizations such as the Wi-Fi Alliance have been working on certifications and implementations that allow us to utilize the technologies introduced in the draft of the 802. OFDM. The these four core supplements to the 802. The time between 802. onto either 20 MHz of bandwidth or 40 MHz of bandwidth using up to four spatial streams (four communicating antennas on each end of the connection). When 40 MHz channels are used. .28 Chapter 1: The Wireless World 802. or MIMO). using multiple antennas (multiple-input/multiple-output.11n amendment is expected to be ratified in 2009 or early 2010.11g.11 standard operating at a maximum of 2 Mbps and the 802.11e specifies techniques for providing Quality of Service (QoS) in LANs. This QoS is provided through the definition of traffic classes (TCs). 802.4 GHz frequency however. Multipath was considered to be a problem in wireless networks for many years.11a.

When you implement an AP. This is an extremely important supplement because it provides a standard that can be followed going forward instead of having every vendor implement security in a different way. Stated technically.11i specification. ratified in 2008. you implement a BSS.11r amendment is to reduce the amount of time wherein data communications with the distribution system (DS) are lost during a transition caused by mobility. and the second. also called STAs. as WPA2. In order to reduce confusion. 802. FT provides fast transition from one basic service set (BSS) in an ESS to another BSS within the same ESS. or other changes in the environment. The first reason is that it is my birthday. to analyze and understand the radio environment . and most likely more important to you.11i was completed. In the past. This solution allows for very fast roaming from one access point (AP) in an extended service set (ESS) to another AP in the same ESS. The 802. A mobility domain is simply a set of BSSs that are within the same ESS and share a common mobility domain identifier (MDID). These radio measurements allow stations (any 802.11k As a WLAN engineer and enthusiast. For example.11k amendment specifies standards for WLAN radio measurement.Wireless Standards and Product Certifications 29 802. 802.11i draft standard was ratified by the IEEE. Any APs within the same mobility domain allow for FT with other APs in that mobility domain. making it official. she may be transitioned from one AP to another. The primary goal of the 802.11i June 24 is an important day for two reasons.11r amendment changes this by allowing for a form of pre-authentication to take place. as a user walks through a building.11 device supporting the amendment). provides for Fast Basic Service Set Transition (FT). in their certifications. Because of the great need for security solutions in wireless networks. interference. this transition took too long to maintain a perceived consistent connection with the DS (the network behind and within the AP). the Wi-Fi Alliance refers to the full implementation of 802.11 Wi-Fi worlds.11i. is that on this day in 2004 the 802.11r The 802.11r amendment. This new standard is intended to replace the weak Wired Equivalent Privacy (WEP) security protocol. The 802. I find this document to be one of my favorite recent amendments. WPA is a subset of the 802. The intent of this supplement is to provide security standards to the 802. the Wi-Fi Alliance released the Wi-Fi Protected Access (WPA) standard before 802.

WMM Power Save (WMM-PS) Certification The WMM Power Save (WMM-PS) certification verifies that a device is compliant with certain power management features. Wi-Fi Protected Setup (WPS) Certification WPS was previously called Wi-Fi Simple Config. since the measurement data may be passed up to the upper layers of the network stack.11 specification. With the ratification of 802.11e standard for VoIP or multimedia streaming services. vendors can begin to implement standard methods for all of these demands. allowing for improvements in VoIP communications. The Wi-Fi Alliance may certify that a device is 802.11 Documents Wi-Fi certified hardware or software is certified to meet the specifications set forth by IEEE standards.11b. All of these technologies were best implemented with proprietary solutions in the past. This means that the device should be able to communicate with any other device offering the same Wi-Fi Alliance certification. it means that it provides QoS features in line with the 802. Wi-Fi Multimedia (WMM) Certification WMM or Wi-Fi Multimedia is a certification using a subset of the 802. video over IP. and location-based applications. A device can be Wi-Fi certified for one standard or for many. If a product has this certification.11e draft standard. Wi-Fi Certifications and the 802.11k.30 Chapter 1: The Wireless World in which they operate. The Wi-Fi Alliance is responsible for certifying products in this way. The applications of this technology are theoretically limitless. The concept is simple: allow a user to press a button on an AP and then click a button in the device driver configuration interface on the client and the two devices become synchronized in . WMM-PS is designed for applications that are latency or time sensitive such as VoIP or video over IP.11e standard and enhances the power management of the original 802. An STA may measure statistics related to a link or the environment.11a-compliant. radio environment management (consider the possibility of dynamically changing output power levels of a group of radios so that they can operate together). and an STA may even request that another STA gather measurements and send them to the requesting STA so that analysis can be performed with that data. WMM-PS is based on portions of the 802.or 802.

However. this section will be very beneficial. The WPA certification verifies that a device or software meets the demands of the Wi-Fi Alliance WPA certification. Many vendors implement this in a way that does not clearly differentiate between the two subsets of the WPA certification. and if you are new to the networking world. this is a term trademarked by the Wi-Fi Alliance only. the user must enter a PIN into the client software that enables a configuration mode that establishes security parameters. more secure. WPA-Enterprise can use certificates and other more secure authentication and encryption mechanisms. Among these concepts. leading to a confused perspective in the marketplace that says all WPA implementations are the same. you will need to understand some basic networking terms. Wi-Fi Protected Access (WPA/WPA2) Certification Another certification managed by the Wi-Fi Alliance is the WPA/WPA2 certification. The WPA2 certification is a verification of compliance with the 802. and networking models. In a push-button configuration. Important Foundational Networking Concepts If you want to get the most out of this book.11i standard and provides for encryption on wireless networks. networking communications.Wireless Standards and Product Certifications 31 relation to negotiated security parameters for authentication and encryption. This difference in terms between the standards and the certifications often leads to confusion in the marketplace. A perfect example of this is the WPA-Personal and WPA-Enterprise technologies. The IEEE does not refer to 802. including networking terminology. In a PIN-based configuration. WPA-Personal is a subset of the WPA certification that uses a passphrase or shared key to secure communications.11i as WPA2. there is a button on the AP or wireless router and the client device either has a button on the physical unit or within the software. uses the same passphrase until it is changed manually. making it easier to manage centrally and. WPS supports two methods: push-button or PIN-based. WPAPersonal. which is based on a subset of the 802. WPA-Enterprise is the subset that requires an authentication server.11i standard. . The button is usually pressed on the AP first and then on the client. Nothing could be further from reality. If you are already familiar with basic networking terms and concepts. in most cases. you may choose to skip ahead to the summary section of this chapter. when implemented properly. a review may be helpful even for those savvy in basic networking. several important items stand out.

bandwidth is a reference to the amount of data . This—the extra overhead—is why an 11 Mbps wireless connection provides only 5 to 6 Mbps of actual throughput.32 Chapter 1: The Wireless World Networking Terminology As you learn about wireless networking technologies. It is also important to understand how many documents and technical books use the term bandwidth. errorcontrol data. Bandwidth refers to the information carrying capacity of a network. throughput is generally somewhat lower—and sometimes much lower—than the stated bandwidth of the network. the data is split into multiple packets as it is sent. broadcasts. All networks consume a certain amount of the available bandwidth because of overhead issues such as error-control. and collisions. and the message being sent from the source to the destination device or devices. To some. It is also important to understand throughput and how it differs from bandwidth. Because of this. Packets usually include sending and receiving device information. Bandwidth is usually measured in kilobits per second (Kbps) or megabits per second (Mbps). you have to understand some basic networking terms: ■ Packet ■ Bandwidth ■ Throughput ■ Latency ■ Authentication ■ Broadcast ■ Node ■ Host ■ Server ■ Client/Workstation ■ Protocol ■ Network ■ LAN ■ WAN A packet or datagram is the basic unit of information used in modern computer networks. When sending large data files across the network. Throughput is generally used to reference the actual amount of “real” data that can be sent across the network.

When a device connects to a secure network. VoIP communications are very sensitive to latency and calls can even be dropped if the delay becomes too great. These security measures are covered in more detail in Chapter 10. the default authentication type is an open authentication model. A particular type of packet used in network discovery and communications is a broadcast. For example. Broadcasts are used to discover network services such as DHCP servers and devices such as wireless access points. This delay is known as latency.4 to 5 GHz). the only way to increase the data rate would be to increase the transmitting and receiving frequency range. it must be validated. bandwidth is bandwidth. bandwidth is a reference to the electromagnetic frequency space used in the communications link. electromagnetic waves are sent down the wires to transfer the data. we can increase the data rate using the same frequency range while changing the encoding technique and/or the modulation scheme. This validation is called authentication. consider the statement. Even on a wired link. Sometimes communications between devices on a network are delayed because of the distance from one device to the other or the speed of the connecting devices. Latency can have a significant impact on network communications because the actual speed of communications is dependent on the combined bandwidth and latency. as each node (device connected or point of connection to the network) must evaluate the packet because no specific node is identified in the broadcast message. The point is simply this: with the same encoding and modulation scheme. regardless of whether you are discussing the electromagnetic frequency range or the data rate. “My wireless link is using 22 MHz of bandwidth.” This latter statement is referencing the channel width of the wireless link. Broadcasts can cause decreased performance on wired networks. For example. As on a wireless link. consider the statement. with some further thought. these electromagnetic waves are bound within a frequency range. such as routers. “My network connection provides 10 Mbps of bandwidth. These measures might include WPA/WPA2 or VPN tunnels to encrypt the wireless traffic and EAP-type authentication mechanisms. Alternatively.” To others. and in the most secure environments. The wired links usually operate in the kilohertz to hertz ranges. Both people and devices can be authenticated. and you should use additional security measures. both are authenticated using a secure mechanism. Assuming we use the exact same encoding and modulation technique. . it is possible to resolve the apparent conflict between these two ways of thinking. whereas the wireless links operate in the gigahertz range (from 2. For example. In wireless networks. However.Wireless Standards and Product Certifications 33 that can be pushed through a connection.

you could apply the term protocol to Ethernet or token-ring technologies that operate at a much lower level. A LAN is usually defined as a network confined to a single location. This node can be a server. a client. A client or workstation is a host that utilizes the services of the network. Examples of servers include e-mail servers. Computers work with data. In its most basic sense. defined the term. and thus you have a WLAN or WWAN. In most cases. a protocol is a standardized set of instructions for communications between nodes on a network. or data. the term protocol refers to higher-level communications such as TCP/IP (from the Internet world) or IPX/SPX (from the Novell world). I have used the term network throughout this section many times. The server is a specific kind of host that is intended for data storage. A computer network is an arrangement of interconnected devices utilizing a shared protocol (or a set of shared protocols) for communications. For all the hosts on a network to communicate with one another. Networking Communications To fully understand any form of computer networking. In effect. There are two other terms you should know that are used frequently in the networking world: LAN and WAN. you must understand the basics of computer operations and data communications. a text document or a picture is just a bunch of 1s and 0s to your computer.34 Chapter 1: The Wireless World A host is a type of node connected to the network. A WAN is usually the combination of two or more LANs separated by some significant distance. however. Knowing this is of fundamental importance if you are to truly understand everything else about computers. or any device hosting services. service provision. and Internet access servers. When using wireless networking technology. file and print servers. Trying to learn how wireless networking operates without knowing how computers and networks work in general is like trying to learn calculus without first . and various centralized computing purposes. these terms—LAN and WAN—are usually combined with a W to represent wireless. peripherals. all data is numeric. this location can be a single building or a campus with multiple buildings. they must speak a common language. Sometimes the term workstation is used to refer to a powerful desktop computer whether it is connected to a network or not. a WAN can span a city or the globe. A LAN is a local area network and a WAN is a wide area network. These standard methods of digital communication are known as protocols. and the instructions can apply to the physical level or the application level of the communications process. in effect. and through this use I have. and from the perspective of the computers. telnet servers.

it knows to use orange. so this communication works perfectly within computer systems. While modern networks are more complicated than this. and when it sees 10. as it uses binary data (1s and 0s). This process continues until the last person on the “house wire” gets to inspect the mail. Of course. There are billions of possible state combinations resulting in all the capabilities of the processor. this may seem odd or confusing.Wireless Standards and Product Certifications 35 learning addition and subtraction. at the most basic level. goes out to the mailbox and gets all the mail. This data communications model could be called binary communications. The point is that your application determines the meaning of the data. and the computer just stores a bunch of 1s and 0s. however. when your application sees 00. or binary thinking. Wireless networking works similarly only the information is in the air instead of on the wire and the wireless client listens for specific messages from the network telling it when it can communicate. you need to be able to represent only two things to communicate across wires on a network. Each device connected to the wire looks at each packet to determine if the packet is intended for itself or another device. at its most basic. Consider that a computer processor is. for example. say the following: ■ 00 = Blue ■ 01 = Red ■ 11 = Green ■ 10 = Orange Now. These signals are sent on the wire in the form of packets. . leaving the rest. the children. She then looks to see what is for her. This works much the same way mail processing works at my house. Digital data is much the same. She takes hers and leaves ours on the counter. a conglomerate of many on-and-off switches or toggles. You could. this ability is the basic minimum requirement for communications to take place. it simply ignores the packet internally. If the packet is intended for another device. computers think only in 1s and 0s. Tracy. this is exactly true. Because this is the case. When I say that all data is a bunch of 1s and 0s to a computer. it knows to use blue. My wife. and me. You need a signal to represent a 1 and a signal to represent a 0. Then I come to the counter and take my mail. True understanding comes through constructive techniques or layers of knowledge. The greater complexities of communications in the wireless world will be introduced in Chapter 2 and detailed throughout the remaining chapters.

networking systems use it to exactness— that is exactly how you should think of it—theoretically. Due to frequent references to the OSI model in networking books. if it is provided. The OSI Model The OSI model came too late. white papers. or subprotocols. However. Each layer represents different networking functions and responsibilities. use. today’s most commonly used protocol. it is often called layer 7.36 Chapter 1: The Wireless World Networking Models A networking model provides a mechanism for consistent communications between individuals and technologies. already existed when the OSI model was released. which is what a networking model provides. TCP/IP. “L2TP is a layer two protocol providing for tunneled communications between two devices on a public network. The OSI model provides a great theoretical tool for learning how networking works.” The phrase layer two is a reference to the OSI model. This layer also breaks long messages when necessary into small packets for transmission and then rebuilds the packets into the original message on the receiving end. This layer represents the services that directly support applications such as FTP for file transfer or SMTP for e-mail. If you have read much in the field of computers or networking. The fundamental networking model is the Open Systems Interconnection (OSI) model. This fact is the reality. also known as layer 4. 4. a basic understanding is a must. as depicted in Figure 1-3. and even by user software before data is sent to the protocol for transmission. if any. Communications travel down the model on the sending computer and up the model on the receiving computer. handles error recognition and recovery. There is good reason for this. and end a session. This layer is layer 5. and 5. Having a shared mental construct and language. these services can also take place at layers 3. This layer often manages security issues by providing services such as data encryption and compression. Because few. The model provided by the OSI is a seven-layer model. you have encountered statements such as. daemons. allows for simpler communications and standards development. The Session layer allows two applications on different computers to establish. An example of this would be the management of a session when a user visits a web site on the Internet. The Application layer represents the level at which applications access various network services. The Presentation layer translates data from the Application layer into an intermediary format and is layer 6. The Transport layer. and yet the OSI model is the most referenced model in networking. The receiving Transport layer also sends receipt . and RFCs (Requests for Comments).

Layer 3 is the Network layer. defines how the cable is attached to the network adapter and what transmission technique is used to send data over the cable. This layer is referenced as layer 2. as it packages raw bits from the Physical layer into frames (logical. it defines how the connection to the network occurs and how the medium (air) will be managed and utilized. Inbound Communications Layer 5: Session .Wireless Standards and Product Certifications 37 FIGURE 1-3 Layer 7: Application The OSI model Layer 6: Presentation Outbound Communications Layer 4: Transport Layer 3: Network Layer 2: Data Link Layer 1: Physical acknowledgments. if using TCP. This layer is responsible for transferring frames from one computer to another. You should know that UDP operates at this layer. layer 1. Routers function at this level and provide for segmentation and QoS management when applicable. it addresses messages and translates logical addresses and names into physical addresses. without errors. structured packets for data). The Physical layer transmits bits from one computer to another and regulates the transmission of a stream of bits over a physical medium. or in the case of wireless networking. The Data Link layer is an extremely important layer in wireless networking. and it is a connectionless protocol. This layer.

including the discovery of infrared by Herschel and the codification and understanding of electromagnetic waves by Maxwell and Hertz. Fourth Edition. Understanding the various 802.38 Chapter 1: The Wireless World Understanding the basics of the OSI model will help you in your studies related to the CWTS certification as well as your continued education for certifications and day-to-day applications. You will not be required to understand and communicate the OSI model in order to pass the CWTS exam. Clarke (2009).11 standards and supplements. and the benefits that they provide. . You should also have an awareness of the different organizations supporting standards and certifications related to wireless networking. and the foundational networking information provided in this chapter will help you understand and master the information in succeeding chapters.This information is provided to give you a basic understanding of the model’s purpose and use in network-related education. such as IEEE and the Wi-Fi Alliance. CERTIFICATION SUMMARY You can now chart the path that led us to where we are today in the field of wireless communications. you are on your way to selecting the best technologies for any given situation. by Glen E. You can find more in-depth information about the OSI model in the McGraw-Hill book entitled Network+ Certification Study Guide.

coverage in noncovered areas. including simplified installation. ❑ The Wi-Fi Protected Access (WPA/WPA2) certifications ensure that devices are compliant with security standards. These specifications may be sourced from standard documents. ❑ The 802.11b amendment provides data rates up to 11 Mbps. . ❑ License-free WLAN technology is seldom used for emergency communications by law enforcement. Connecting two otherwise disconnected buildings within an acceptable range is very easy. ❑ A WLAN can provide the mobility needed by modern information workers. ❑ The WPS certification provides simplified setup and configuration of wireless security using push-button or PIN-based implementations.11a amendment provides data rates up to 54 Mbps. since it is often difficult to run cabling through stone walls and older building structures. ❑ WLAN solutions can assist in network extension.11-1997 standard provides data rates up to 2 Mbps. ❑ The 802.11 wireless standards. and reduced hardware costs.11n amendment provides data rates up to 600 Mbps. ❑ The FCC regulates the used of electromagnetic frequency space in the United States.Two-Minute Drill 39 ✓ TWO-MINUTE DRILL Wireless Applications ❑ The Small Office/Home Office (SOHO) environment can reap many rewards from wireless technology.11-1997 standard. Wireless Standards and Product Certifications ❑ The 802. ❑ The WMM-PS certification provides improved power management over the original or legacy power management in the 802. ❑ The IEEE develops and maintains the 802. but it is commonly used at law enforcement headquarters and to establish temporary mobile offices in disaster response scenarios. Wireless Organizations ❑ The Wi-Fi Alliance does not develop standards but rather certifies that hardware is compliant with selected specifications. ❑ Older buildings can benefit from WLAN technology. ❑ The 802.

Mobile office D. Reduced installation time C. Increased mobility for users 4. Wireless Applications 1. She said that it is not acceptable to drill through the walls. Walled garden 3. Which of the following are valid benefits of WLAN solutions for SOHO implementations? (Choose all that apply. An IT administrator for a local school district has asked for your advice. Choose all correct answers for each question. Last-mile delivery B. She wants to install the network as inexpensively as possible. Cable runs are not needed throughout the facility D. Install a wired Ethernet network. and there are no security constraints related to the technology chosen. Install an Ethernet over Powerline network. What will you recommend? A. Paid access C. Zero implementation cost B. What hotspot model is being employed? A. B. Philanthropist model B. The owner indicates that he wants customers to be able to connect to the hotspot without a charge and that he does not want to restrict the Internet web sites that may be accessed in any way. You have been contracted by a local coffee shop to implement a public wireless hotspot for its customers. She indicates that she needs to implement a network in an old school building with all stone and brick walls for the interior and exterior walls. Network extension C. Traffic generation D.) A.40 Chapter 1: The Wireless World SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. You are implementing a wireless link into a remote area of a warehouse. Read all the choices carefully because there might be more than one correct answer. What kind of application is this? A. Public wireless hotspot 2. . She also needs to have bandwidth greater than 20 Mbps.

11 network B.11n (High Throughput) WLAN. IEEE B. You do not have to license an 802. D. You are implementing an 802. Which organization defines constraints in the United States according to which standards must be developed? A. Wi-Fi Alliance D. Wikipedia 7. FBI .Self Test 41 C. IEEE Wireless Organizations 6. With what governing body should you license the channel? A. Wi-Fi Alliance D. FCC B. 5. IETF D. IEEE C. IEEE C. IETF D. IETF 9. Wikipedia 8. Wi-Fi Alliance C. What organization certifies wireless equipment to ensure interoperability? A. FCC C. What organization enforces the FCC regulations through the definition of standards that comply with those regulations? A. FCC B.11g network. FCC B. Which organization develops standards for the networking and engineering communities? A.11b network. Install an 802. Install an 802. Wi-Fi Alliance D. IEEE C.

Which of the following IEEE amendments to the 802. 802.11r D.11a B. 802. 802.11i 11.4 GHz frequency band due to the existing use of 5 GHz devices.11n LAB QUESTION SysEdCo.) A. Each building is a single floor and includes 2000 square feet. what technologies would you suggest that Tom implement? At this time. Assuming there are no major interference problems and no other constraints. There will be approximately 15 employees working in each building. Tom. LLC is implementing a new WLAN. Which amendment provides the fastest data rates among those listed? A. 802.11b B. 802. The installation site includes two buildings that are approximately 100 feet apart. and all employees will be provided with Internet access that is provisioned through just one of the buildings. 802. You work in an organization that is on the cutting edge of technology. The hardware that can connect to the wireless network must be readily available in most laptop computers.11 standard will provide the needed capabilities? (Choose two. the two buildings must be connected by a wireless bridge link. Finally.11a D. but the devices must be based on a developed or developing standard. the owner.11g C.42 Chapter 1: The Wireless World Wireless Standards and Product Certifications 10. The wireless devices must operate in the 2. . 802.11g C. do not be concerned about the number of needed APs or the locations of those APs. The director wants all laptops to support the fastest wireless links available. has indicated that he wants users to be able to connect at minimum data rates of 15–20 Mbps. You have been asked to implement a wireless technology that supports data rates of at least 10 Mbps. 802.

What hotspot model is being employed? A. Last-mile delivery B. What kind of application is this? A. ® A. Which of the following are valid benefits of WLAN solutions for SOHO implementations? (Choose all that apply. You have been contracted by a local coffee shop to implement a public wireless hotspot for its customers. Reduced installation time . 3. this implementation would fall into the philanthropist model. Traffic generation D. This is not a last-mile application. Since there are no restrictions on what can be accessed and there is no charge. Mobile office D. This is not a mobile office application. Walled garden ✓ ® A is correct. Public wireless hotspot ✓ ® B is correct. ® B.Self Test Answers 43 SELF TEST ANSWERS Wireless Applications 1. as the network will not be torn down and reestablished at varied locations. as network access is not ˚ being provided to a consumer or customer. since the users are not being directed to specific web sites. ˚ The traffic generation model does not apply. Zero implementation cost B. and D are incorrect. This is not a public wireless hotspot. since it is not intended to provide access to unknown or authenticated wireless customers. Paid access C. C. This is a network extension application. 2.) A. Philanthropist model B. The paid access model does not apply. as the network is being extended into the warehouse. You are implementing a wireless link into a remote area of a warehouse. The owner indicates that he wants customers to be able to connect to the hotspot without a charge and that he does not want to restrict the Internet web sites that may be accessed in any way. The walled garden model does not apply. Network extension C. since there is no charge. C. since access is not being restricted to specific web sites. and D are incorrect.

C. IEEE ✓ ® A is correct. since the wireless network may be utilized from varied locations. B. The IEEE develops engineering standards such as 802. All networks have some cost for implementation. 5.11n is a license-free technology.44 Chapter 1: The Wireless World C. Installing a WLAN will save on cost and will not require drilling.11n. She wants to install the network as inexpensively as possible. She said that it is not acceptable to drill through the walls. A wired network would require drilling and would most likely ˚ be more expensive. Users may take advantage of mobility options. An 802. The FCC regulates the use of the electromagnetic spectrum and ˚ develops constraints in which standards must operate.11g or 802. D. Increased mobility for users ✓ ® B. and C are incorrect. IETF D. An Ethernet over Powerline network would not be fast enough. and there are no security constraints related to the technology chosen.11n (High Throughput) WLAN. The IETF develops Internet standards.11b network would not be fast enough. ® B. She also needs to have bandwidth greater than 20 Mbps. Install an 802. ✓ ® D is correct. C. . 802. An IT administrator for a local school district has asked for your advice.11b network.11n is license free. B. Installation time is lowered because cable runs are not needed to every end node. ® A is incorrect. C.11n in order to provide the minimum required data rate. Install an 802. The WLAN must be 802. Install an Ethernet over Powerline network. With what governing body should you license the channel? A. ˚ 4. and D are correct. and D are incorrect. ® A.11 network B. She indicates that she needs to implement a network in an old school building with all stone and brick walls for the interior and exterior walls. but 802. Cable runs are not needed throughout the facility D.11g network. Install a wired Ethernet network. What will you recommend? A. You are implementing an 802. You do not have to license an 802. FCC C.

Self Test Answers 45 Wireless Organizations 6. FCC B. Wi-Fi Alliance D. community-developed encyclopedia on the Internet. The Wikipedia is a free. ® A. The IEEE develops standards. IEEE C. IEEE C. The Wi-Fi Alliance certifies that equipment is compliant with specified standards or portions of those standards. B. The FCC regulates the use of the electromagnetic spectrum and develops constraints in which standards must operate. The Wi-Fi Alliance certifies that equipment is compliant with specified standards or portions of those standards. and D are incorrect. ® A. The Wi-Fi Alliance certifies that ˚ equipment is compliant with specified standards or portions of those standards. and D are incorrect. IEEE C. 7. . The Wikipedia is a free. Wikipedia ✓ ® A is correct. IETF ✓ ® C is correct. C. community-developed encyclopedia on the Internet. Wi-Fi Alliance D. Which organization develops standards for the networking and engineering communities? A. The IETF develops Internet standards. The FCC regulates the use of the electromagnetic spectrum and ˚ develops constraints in which standards must operate. and D are incorrect. Wikipedia ✓ ® B is correct. C. FCC B. FCC B. The IEEE develops standards. ® B. The FCC regulates the use of the electromagnetic spectrum and ˚ develops constraints in which standards must operate. 8. The IEEE develops standards. Which organization defines constraints in the United States according to which standards must be developed? A. What organization certifies wireless equipment to ensure interoperability? A. Wi-Fi Alliance D.

® C and D are incorrect.11a operates in the 5 GHz frequency space. ® B. 802. 802. 802. FBI ✓ ® A is correct. Which amendment provides the fastest data rates among those listed? A.11i ✓ ® A and B are correct. The hardware that can connect to the wireless network must be readily available in most laptop computers.11b B. 11.11 standard will provide the needed capabilities? (Choose two.11g C. 802. The director wants all laptops to support the fastest wireless links available. 802. You have been asked to implement a wireless technology that supports data rates of at least 10 Mbps.) A.11g meet all of the requirements.11r D.11a B. IETF D.11b and 802.11a D.11n . What organization enforces the FCC regulations through the definition of standards that comply with those regulations? A. Wi-Fi Alliance C. 802. The wireless devices must operate in the 2.4 GHz frequency band due to the existing use of 5 GHz devices. but the devices must be based on a developed or developing standard.46 Chapter 1: The Wireless World 9. The IETF does not enforce FCC regulations but does define Internet standards. You work in an organization that is on the cutting edge of technology. Wireless Standards and Product Certifications 10.11i is a security ˚ amendment and is not related to the stated requirements. 802. C. 802. The FBI enforces many things. The FCC regulations are enforced by the IEEE standards. The Wi-Fi Alliance ensures interoperability but does not enforce ˚ regulations. Which of the following IEEE amendments to the 802. 802. 802. but not FCC regulations. 802.11g C. and D are incorrect. IEEE B.

11a is more than ten years old and does not provide the ˚ fastest data rates of any existing standards or standards in development. LLC is implementing a new WLAN. at a maximum of 600 Mbps. B. what technologies would you suggest that Tom implement? At this time. 802. There will be approximately 15 employees working in each building. Since Internet access is provided in only one of the buildings. The following represents one possible solution to the lab.Lab Answer 47 ✓ ® D is correct. LAB ANSWER SysEdCo.11n link will allow for more of the users to gain access to the other building or the Internet as needed. Assuming there are no major interference problems and no other constraints. Tom. Finally. The faster 802. it may be beneficial to use an 802. LLC implement a WLAN consisting of multiple 802. 802. ® A.11n standard once ratified) bridge link instead of the 802. and all employees will be provided with Internet access that is provisioned through just one of the buildings. You may recommend that SysEdCo.Your answer may vary. do not be concerned about the number of needed APs or the locations of those APs. Each building is a single floor and includes 2000 square feet. as of 2009. 802. The installation site includes two buildings that are approximately 100 feet apart.11g bridge link.11g is more than six years old and does not provide the fastest data rates of any existing standards or standards in development. and provides the fastest data rates. allowing for acceptable individual bandwidth for each node. has indicated that he wants users to be able to connect at minimum data rates of 15–20 Mbps. the two buildings must be connected by a wireless bridge link. .11g (ERP) access points in each building and a wireless bridge PTP link between the buildings.11n is the latest standard in development. The internal communications within the building will be provisioned by multiple 54 Mbps data rate APs. the owner. and C are incorrect.11r provides for fast BSS transitions. 802.11n-draft (or 802.

This page intentionally left blank .

2 Radio Frequency Basics CERTIFICATION OBJECTIVES 2.04 RF Physical Layer Technologies Two-Minute Drill Self Test ✓ Q&A .01 2.03 RF Range and Speed Factors RF Signal Characteristics Basic RF Mathematics 2.02 2.

Bluetooth. The wave’s intensity decreases to some minimum point (point B) and then returns .000 times per second (1 GHz = 1 billion cycles per second and 1 MHz = 1 million cycles per second). you will also understand the environmental impact on RF capabilities and communications.50 Chapter 2: Radio Frequency Basics very communication’s technology must have a medium to travel along in order to pass information between two devices. Technically. Wireless networks. The frequency is what distinguishes one RF channel from another. there is a third word that also needs to be defined to fully understand RF. you will learn about RF. specifically Wi-Fi. the number of times per second the signal cycles or repeats a particular waveform is the source of the frequency identification. As time passes. and the old cup-and-string technique uses the string as the medium for transfer. There are two general categories of signals: digital and analog. Electric energy can be made to vary over time. In this chapter. This variance in electrical energy is known as a signal. The playground communication toys that so many children enjoy talking into use tubes running through the ground. the intensity of the sine wave increases to some maximum point (point A) and then returns to the baseline (point 0).4 GHz frequency is cycling 2. and WiMAX. RFID. including its behavior and functionality. Ethernet networks pass this information along coaxial cable or some other cable such as UTP. These three words are ■ Radio ■ Frequency ■ Signal The radio is the device that generates and receives the signal known as an RF signal. When you are finished. This definition means that a signal operating at the 2. and this signal is transmitted on a specific frequency. The sine wave is an example of an analog signal. and IrDA-based communications use another electromagnetic technology known as infrared. Figure 2-1 illustrates a sine wave. E RF Defined It should be immediately clear that there are at least two important words related to RF that need to be defined.400. You will learn about the methods used to measure RF waves and the various languages spoken on an RF-based network.000. however. use radio frequency (RF) waves as the medium. Traditional analog telephone networks use wiring.

but it is encoded (carried) on analog signals in an RF-based network connection. Figure 2-1 represents two cycles of the wave. Modulation has been utilized for decades. one well-known example is the modem. By adjusting the number of cycles (going from point 0 to A to 0 to B to 0) in a given window of time. The information being carried by the RF waves may be digital or analog. Digital signals are used to communicate and relay information within computer networks. as was demonstrated in Figure 2-1. Only analog signals are used as carriers of information in RF networks. This carrying of an information signal on a carrier signal is known as modulation. and the dem stands for demodulator. and the analog signal varies gradually. The sending of this signal from the radio out through the antenna is known as radiation. an RF radio modulates data onto the RF medium and demodulates data received through the medium. This process continues over time. Much as a modem modulates and demodulates information traveling on a telephone wire. Digital signals differ from analog signals in that the digital signal varies abruptly between two electrical values as depicted in Figure 2-2. you adjust the frequency. The mod in modem stands for modulator. but they are not used as carriers of information in RF networks. FIGURE 2-2 Intensity of the Signal Digital signal Time .RF Defined 51 FIGURE 2-1 Intensity of the Signal A A The sine wave 0 0 0 0 0 Time B B to the baseline again. An analog carrier signal can carry data represented by analog or digital techniques.

. This means that data can be sent and received by modulating the data onto the waves. The first used sound waves. but it is manipulated in such a way that it carries binary data. a brief summary of carrier waves and why they are important is in order. and this does not include the newest 802.11 standard (as amended) alone. the frequency can be modified to represent a binary 1 or a binary 0. 2007) documents the many signaling techniques we as humans have used throughout the recent centuries. However. Tom Standage’s exceptional book The Victorian Internet (Walker & Company. the brothers successfully communicated over a distance of approximately ten miles. The wave is generated. As you can imagine. Wireless engineers and technicians must deal with many different wireless technologies. However.11n modulation techniques provided by the High Throughput PHY.52 Chapter 2: Radio Frequency Basics INSIDE THE EXAM Carrier Waves While the exact phrase carrier wave may not be referenced on the CWTS exam. so they developed a new system based on visual cues. For example. What did both of these communications devices have in common? They both used waves to carry a signal. Using a simple black-and-white two-sided panel (black on one side and white on the other) and a telescope. Therefore. you are dealing with four or more different modulation methods. and the second used light waves. respectively. Today’s carrier waves are almost always electromagnetic waves. The instrument of the human ear and the instrument of the human eye were used to interpret the data that was carried on the sound and light waves. scientists and engineers had to develop concepts and tools related to electricity. and this makes it a carrier wave. The signal was unary in nature in that there was only one signal: the clanging of a pot. Eventually. but it did allow for communications over a short distance. thus a message could be sent. the latter device worked much better and over greater distances. it is an important concept in wireless communications. the listening (receiving) brother knew to translate the number 12 into the appropriate message. the brothers had synchronized their clocks so that a clang was linked to a second on the clock and each number was linked to a letter. the book documents how Claude Chappe and his brother communicated over great distances with time-bound audio signals. this system would not allow for rapid communications. In the 802. a dilemma remained. Both of these early devices required a human interpreter on the other end at all times. If the transmitting brother clanged the pot when the second hand was pointing to 12. Mechanical devices can be formed that transmit the waves and also receive the waves. the brothers realized that sound waves were not good carriers of signals (since they attenuate so quickly and they take so long to arrive at the destination). Since light waves travel much faster than sound waves. For example. In order to send information without a human interpreter.

energy is lost due to the broadening of the wave front. in fact. Stronger signals result in increased data rates. This is also called the visual line of sight. The analog or digital signals carried across the RF signals from device to device on a wireless network provide this variance. Stand directly in front of a mirror and note what you can see in the mirror. The LOS is a seemingly straight line because. the signal will be weakened. if you step to your right. and weaker signals result in decreased data rates. At some point. and standard RF behavior become very important when setting up a wireless network.01 RF Range and Speed Factors To effectively implement an RF-based network. In addition to the factors covered in this section. CERTIFICATION OBJECTIVE 2. Now take a step to your right or left and note what you can see. light waves travel in a similar fashion to RF waves. all that is needed to represent digital data is some form of variance between two states. The result is a weakened signal at a given detection point. interference devices. you’ll now see more items that are actually located to your left and vice versa. Of course. You should see more objects or information in the opposite direction of the move. Issues such as line of sight. the speed of the communications must be considered as well. . Light waves can bounce off objects and be redirected.RF Range and Speed Factors 53 As discussed in Chapter 1. the signal will become so weak that it is unusable. Line of Sight Line of sight (LOS) is the seemingly straight line from the object in view (the transmitter) to the observer’s eye (the receiver). As the signal travels along the free space path. A mirror demonstrates this well. When a receiver is located farther from the transmitter. For example. This natural behavior is known as free space path loss. the factors that impact the distance or range of RF signals must be understood. the wireless technology specialist must always remember that RF signals weaken as they travel. first Fresnel zone clearance.

as you can see in Figure 2-3. The mirror is then reflecting the light according to the directionality of the strike against the mirror. RF links require RF line of sight. RF devices must have LOS with each other in order to communicate. For this reason. While you might not be able to see the receiver to which you are transmitting due to the interference of other light waves reflecting off of other surfaces.54 Chapter 2: Radio Frequency Basics Why does this phenomenon occur? The light waves are bouncing off the objects and soaring toward the mirror. Stated differently. and yet your laptop can detect its signal. and refract around others.” Environmental Factors and Interference When an engineer implements a WLAN. visual LOS must be in place. you can therefore see the objects. For example. This is particularly true for indoor communications and is the reason LOS concerns are more relevant to outside connections than they are to inside communications. the space between the transmitter and the receiver (or two transceivers) must be mostly clear to allow for the RF energy to pass through free space without increased weakening through absorption. reflect. These factors may include physical objects that can FIGURE 2-3 Line of sight and reflection . but this reflection actually results in a “visible” signal. and you will learn more about it in the later section titled “Fresnel Zones. as the RF waves can pass through some objects and diffract. RF devices do not always need to have direct visual LOS. In a similar way. This space is referred to as the Fresnel zones. the RF receiver must be able to detect the RF signal. visual line of sight is not always required. If you position your eyes in the path of this reflected light. she must consider many factors in the intended environment. you may not be able to see an AP with your eyes. When creating building-to-building connections. The RF signal may reflect off many objects before reaching the receiver. As this example demonstrates.

You might say that the receiver cannot see enough of the RF signal. The first environmental factors that will be considered relate to outdoor links and the needed RF line of sight for communications to occur. 60 percent of the first Fresnel zone should remain unblocked by objects such as trees and buildings. These Fresnel zones come about because an antenna does not transmit RF waves in a laser-type beam. but rather the RF waves propagate (or spread) as they travel through the air. you should err on the side of caution and make sure no more than 20 percent of the first Fresnel zone is blocked—or that at least 80 percent is clear.RF Range and Speed Factors 55 weaken or redirect the RF signals. To be safe. For effective RF communications. RF LOS is unavailable or blocked. Fresnel Zones The first Fresnel (pronounced fra-nel) zones are areas centered on the visible LOS between the transmitting and receiving antennas and were discovered by AugustinJean Fresnel of France. It is better to discover that a tree is growing or that a new building is being constructed in the first Fresnel zone before blockage occurs so that you can deal with it effectively. the larger the first Fresnel zone becomes. Engineers should review the environment between building-to-building links periodically. For very long-distance links. but rather one that is ellipse shaped. the longer the link. while you might still have visual LOS. and they may include other devices that can interfere with intentional radio transmissions. the Fresnel zones are narrower toward the antennas and wider in the middle. This is because the earth is round and the center LOS within the first Fresnel zone is a straight line. When and if this blockage occurs depends on the height of the antennas FIGURE 2-4 Fresnel Zone The Fresnel zones LOS . the earth itself may intrude upon the first Fresnel zone. They do not form a square area. As Figure 2-4 shows. When this occurs too much. Also. Trees and buildings in the first Fresnel zone will absorb some of the RF energy (see Figure 2-5) or reflect it off the intended path.

but you should be aware of its impact as a wireless technician or sales professional. or mounting locations. When the distance is greater than seven miles. While there are formulas available for calculating the clearance needed for Fresnel zones. when creating building-to-building links. see my CWNA Certified Wireless Network Administrator Official Study Guide. devices can cause interference by generating RF noise or signals. Environmental Interference In addition to the interference caused by objects in the environment where RF communications are taking place. For example.56 Chapter 2: Radio Frequency Basics FIGURE 2-5 Fresnel Zone First Fresnel zone blockage LOS Tree Tree being used to radiate the RF signals. published by McGraw-Hill Professional (2008). You will not be tested on the concept of earth bulge either.To learn more.5 feet of height for the antenna towers. Many objects use RF technology as a form of communications. Fourth Edition. Generally. to accommodate earth bulge. you will not need to know them for the CWTS exam or for basic wireless installation and support. you will not have to worry about earth-based interference (usually called earth bulge) unless the distance between the communicating antennas is greater than seven miles. and . you should plan on an additional 12. you can calculate the additional antenna height needed using the following formula: H = D2 ÷ 8 where H equals the height of earth bulge in feet and D equals the distance between the antennas in miles. if the distance between antennas is 10 miles.

If you see the term Fresnel zone instead of the explicit declaration of first Fresnel zone. The first Fresnel zone. There are even formulas for calculating the widest point in the Fresnel zone so that you can ensure the blockage is not beyond acceptable levels. While it may be the intention of most WLAN administrators to reference the first Fresnel zone when they speak of only the Fresnel zone. is the most important one for wireless engineers creating outdoor links. what I call 1FZ. an American football-shaped area. as Fresnel zones continue out in layers to a theoretical ever-weakening infinity. others use RF energy for alternative purposes or generate RF energy as a side effect. If we say that the Fresnel zones must be blocked at a rate no higher than 20 percent. you should understand that the first Fresnel zone should not be blocked by more than 40 percent and most use a conservative rule of 20 percent. Why the big deal about zones versus zone? There are actually multiple Fresnel zones in layers surrounding the visual LOS. and even a Zeppelin-shaped area.RF Range and Speed Factors 57 INSIDE THE EXAM Fresnel Zones Many WLAN administrators refer to the Fresnel zone when it is more proper to refer to the first Fresnel zones according to the science of Physics. The Fresnel zones have been described as an ellipsoid-shaped area. then we have asked for the impossible. The most common of these include the following: ■ Microwave ovens ■ Elevator motors ■ Baby monitors ■ Spread spectrum phones ■ Bright sunlight . For this reason. assume that the topic in question is indeed the first Fresnel zone. While you will not need to know the formulas for the CWTS exam. it is important that you understand the difference. The first Fresnel zone is the zone with the greatest impact on a WLAN link in most scenarios. it is best to think of the first Fresnel zone only as you design your links.

Baby monitors and spread spectrum phones. RF energy can be absorbed by raindrops falling through the RF link path.These items should be extreme one. this noise can prevent devices from transmitting information intended for delivery as an intelligent message. and this is why liquid objects get hot when placed in the microwave. . You can often resolve interference issues by changing channels on your wireless networking devices. that is trying to “hear” what the RF transmitter (the monitor in the baby’s room) is sending to it while a microwave oven is screaming (transmitting unintentional RF waves) in the background. it won’t heat up.58 Chapter 2: Radio Frequency Basics Microwave ovens and elevators generate what is called RF noise.This is because the dry paper is not a good absorber of RF energy like a bowl of soup is. receiver and possibly lower it enough to disrupt and weather can all interfere with WLAN communications. This same problem is faced by the RF receiver. can also cause interference as they are generating RF signals intentionally in the environment. though this scenario is an communications. and you six inches of rainfall per hour for links of less should remember them for the exam. A final source of interference is the weather. likely requiring more than five to considered during a site survey. a baby monitor in the kitchen. and severe stormy weather can also cause problems. than two to three miles. will you still be able to hear your friend? You’ll probably miss all or part of what your friend is saying. Think of it like this: If you are in a room talking with a friend and suddenly fifty people come into the room and start yelling at each other. it is converted to heat. as they are not designed with the intention of transmitting information. for example. Just as the RF energy is absorbed into water in a microwave oven. Rain can reduce the signal strength at the Motors. such as a 2. wireless devices. you are about to find out.4 GHz cordless phone. Bright sunlight (light is a part of the complete electromagnetic spectrum) can cause reduced bandwidth or communications capabilities. Use the wrong devices in the wrong places and you could get a meltdown— seriously. However. If you have ever wondered how a microwave oven heats food.This is the same reason you must use the right cabling and connectors when building a wireless network. Water is a great absorber of RF energy.Try placing a dry piece of paper in the microwave. When RF energy is absorbed into an object.

All-band interference. Without this understanding. In order to make the WLAN work.” The result is a nonrectangular coverage area. Passive gain was impacted by the use of appropriate antennas. I had to understand how building materials in walls attenuate (cause loss to) the RF signals. like those mentioned previously. In order to configure the access points correctly. As an example. on the other hand. and these various environments introduce problems and advantages for the RF signals. Understanding Gain and Loss As a wireless technician. Narrowband interference.02 RF Signal Characteristics Radio frequency communications occur within many different environments. could be categorized as narrowband interference or all-band interference. interferes with a small part of the spectrum. requires using more extreme measures such as changing wireless technologies.11b/g device. I installed a small WLAN in a church recently. and the design of the church was that of a “T” structure. This scenario occurs commonly in shared office spaces such as malls and leased office buildings. as the name implies. . These sections form the top of the “T. Drawing on my understanding of RF propagation.11a device instead of an 802. and you can usually solve the problem by changing channels within the wireless devices.4 GHz spectrum is being used by others. For example. you will be unable to effectively plan a WLAN. It is important to understand these two concepts if you are to appreciate the full impact of the RF behavior in any given environment.RF Signal Characteristics 59 Interference types. CERTIFICATION OBJECTIVE 2. The front of the church includes the entry foyer in the center with hallways leading to Sunday School rooms and administrative offices to the right and the left. it is very important to understand gains and losses in RFbased communications. Active gain was impacted by the adjustment of output power levels in the access points.” The sanctuary and fellowship hall form the leg of the “T. if the entire 2. you might need to switch to an 802. I needed to understand passive and active gain. What is generally considered an advantage in RF communications is called gain and that which is usually seen as a problem is called loss.

” Loss When signal strength is weakened. This behavior results in a stronger signal at receiving points in the intended direction than would be available with a lower-gain antenna. If you let the water flow out of the end of the hose without focusing it. The next two sections will explain gains and losses so that you can eventually do the same. A directional antenna focuses the beamwidth toward a specific location in the same way. Gain is either active or passive. This is much like the voltage level in an electrical signal. Loss is a decrease in the amplitude of the signal. however. and the radiating antenna. An increase in amplitude of the RF signal is known as gain. The result is that more energy is focused in a particular direction and the signal is stronger in that direction. Imagine the water volume is equivalent to the RF signal strength. Once the signal leaves the antenna and is propagated through the air in the form of RF waves. it may spray for a few feet. the water will spray many times farther. Active gain is achieved by adding an amplifier (you will learn about these devices in Chapter 4) in-line between the RF signal generator. Note that you have not increased the volume (understood as RF energy in this analogy). Adding an amplifier increases the signal strength in a literal way in that the signal is actually strengthened before it reaches the antenna. I was able to intuit the best locations for the access points in this very small installation without advanced site survey procedures. think of water spraying out of a water hose. if you focus the volume of water by putting your thumb over a portion of the hose end. including connectors and cabling. Gain Amplitude is a measurement of the change in RF energy caused by a passing RF wave. we refer to it as loss. Signal loss can occur within the cabling of the wireless . such as a wireless access point. All devices. Passive gain does not actually increase the signal strength but directs it. To understand passive gain.60 Chapter 2: Radio Frequency Basics gains. and losses. in the path of the RF signal leading up to the antenna have the potential to either increase the strength (amplify) or decrease the strength (attenuate) of the signal. A signal that is transmitted at higher amplitude is more likely to provide a strong signal at the receiver. it will experience only a weakening in strength until it arrives at the receiving antenna because of various environmental behavior factors discussed shortly in “RF Behavior. Passive gain is achieved by using semidirectional or highly directional antennas to focus the energy of the signal in a more specific direction. but you have increased the distance that same volume is traveling.

In fact an omnidirectional antenna will usually have a beamwidth of somewhere around 50 to 60 degrees. If you shine the light on a wall. as some has been reflected backward. you will see a very bright center beam surrounded by ever-dimming rings of light. These flashlights usually allow you to turn a dial and focus the beam to become broader or narrower. If the impedance of the cables and connectors does not match. and this . Less energy can be transmitted forward. When this loss occurs in the cabling and connectors. The AC electrical signal is absorbed as it travels on the wire (the signal travels the wire as an AC electrical signal and is converted to an RF wave by the antenna) because of resistance. Cables and connectors can cause loss because of the resistance they impose. This understanding of beamwidths will help you on the CWTS exam.RF Signal Characteristics 61 INSIDE THE EXAM Beamwidth The preceding section mentioned the term beamwidth. the temperature of the cables will usually increase. Do you see the difference? The antenna that focuses the energy more is used in long-distance links (the parabolic dish) and the antenna that focuses the energy less is used for indoor and area coverage WLANs (omnidirectional). To help you understand this. you have an impedance mismatch that causes power to be reflected back toward the source. different antennas offer different beamwidths. consider the analogy of a flashlight beam. Of course. You may have used flashlights with adjustable beams. The beamwidth of an antenna is defined as a measurement from the center of the RF signal to the points on the vertical and horizontal axes where the signal strength decreases by three decibels. or half power. the circles of light stretch outward and inward. devices and infrastructure and when the antenna sends the signal through the air as RF waves. but it will also help you as you select the appropriate antennas for a given installation scenario. Omnidirectional antennas radiate signals out in all directions around the antenna very evenly and they radiate these signals in a fairly high vertical swath as well. This behavior is similar to the concept of beamwidths. As you make adjustments to the beam. A parabolic dish or grid antenna (both of which look similar to a satellite dish) may have a beamwidth as low as 4 degrees and rarely higher than 20 degrees.

A signal leaving an antenna without the needed strength demanded by the receiver. SCENARIO & SOLUTION You are transmitting an RF signal and are concerned about the weakening signal strength. and the environment will not reach its intended destination with sufficient signal strength. The most damaging environmental objects are generally those with high moisture levels— water is an excellent absorbent of RF energy. through humans (yes. The signal must pass through many feet of cabling and connectors before reaching the radiating antenna. Natural losses occur due to the normal behaviors of RF signals as they travel over wires and through space.62 Chapter 2: Radio Frequency Basics creates a loss in signal amplitude. some of its energy will be lost because of absorption and other RF behaviors. it is called loss. the distance. this reflection can even damage equipment. many behavioral factors influence the results achieved. RF Behavior After RF waves leave the antenna and begin to travel through the environment in which communications must occur. Understanding the behavior of RF waves is essential to configuring a working wireless network in small or large environments. it is called gain. Loss may be intentional or natural. As the RF wave travels through the environment. you must account for gains and losses. Remembering that light is part of the electromagnetic spectrum and has a similar behavior to RF will help you understand these behaviors. What is the phenomenon called? This is called loss. Signal strength is reduced before radiation using an RF attenuator. as they are similar to what you have learned through experience with light. . When the signal strength is weakened. you may need to reduce the signal strength intentionally before it leaves the antenna. Because the FCC regulates the power output of RF signals from your antenna. through walls. they pass right through you) and animals. and even through the air. Because receivers have a sensitivity threshold. Most of these behaviors will be easy for you to understand. When the signal strength is increased. Intentional losses are created by inserting an attenuator between the RF generation device and the radiating antenna. Loss can also occur intentionally. The result is a weakening of the signal strength. In worst-case scenarios.

it is represented in Figure 2-6. The amount of reflection. as it takes advantage of the multiple paths using multiple antennas and radios. and other obstacles in the path of the RF wave. In a wireless LAN. As Figure 2-6 suggests. like metal. As materials go. Multipath can degrade or even cancel out a signal. Objects that cause reflections include the earth’s surface. and this can cause gaps in the RF coverage you achieve.RF Signal Characteristics 63 Remember that light and infrared do not behave exactly like RF in that they are more easily absorbed into objects. more of the RF signal will remain intact as it is reflected. Watch out for metal roofs. reflection usually occurs in a direction related to the pre-reflection direction of the RF signal. as opposed to absorption. Reflection Reflection. occurs when an RF wave strikes an object with large dimensions in comparison to the wavelength of the propagating wave. If an object is smoother. FIGURE 2-6 Incoming RF Signal (Pre-Reflection) Reflection Reflected RF Signal . reflection can cause a problem known as multipath. however.11n implementations. large buildings. metal blinds. as the name indicates. At the same time. know that multipath is considered an advantage in 802. The signal will be reflected or bounced back from the reflecting object much like a beam of light reflects off a mirror. and metal doors in the environment as they can cause reflection and multipath to occur. Multipath occurs when the main signal is reflected off many objects in the area of the transmission. they do reflect and refract and even scatter in similar ways. metal reflects more than concrete and water absorbs more than concrete. that occurs depends on two basic things: the frequency of the RF signal and the material of the object. walls.

The water causes similar behaviors as glass panes.64 Chapter 2: Radio Frequency Basics Refraction Refraction. Now. it might be helpful to think of a rock dropping into a pool of water and the ripples created by this action. Imagine placing a large piece of plywood in front of the ripples propagating out from the entry point of the rock into the water. This analogy also helps you to understand that diffraction cannot occur if the impeding object is too large. A pane of glass can also cause refraction. Refraction causes problems for long-distance RF links because changes in the weather or atmosphere can cause a significant portion of the RF signal to be redirected away from the intended target. Notice how the waves diffract around the stick. This action is similar to what happens with RF waves that are diffracted around an object. Cold air is an example of an “object” that might cause refraction. describes what happens when part of the RF signal is reflected and another portion bends through an object. In much the same FIGURE 2-7 Incoming RF Signal (Pre-Refraction) Refraction Reflected RF Signal . and so much energy may be lost that the receiver cannot effectively detect the signal. Weather problems that cause refraction do so because of the water in the weather system. Diffraction Diffraction describes a wave bending around an obstacle as indicated in Figure 2-8. To understand diffraction. the waves are not strong enough to diffract around the object and they are simply blocked by the plywood—the energy of the waves is absorbed. Now imagine placing a stick in the water in a perpendicular fashion in the path of the waves. which result in the bending of the RF wave path. Think of the ripples as propagating RF waves. depicted in Figure 2-7.

stronger RF waves are more likely to diffract around larger obstacles. Scattering Scattering is what happens when the medium the RF wave is traveling through contains objects with dimensions that are small in comparison to the wavelength of the RF signal. Look closely behind the 2 × 4 (or the building shown in Figure 2-8) and you will notice a space where no waves exist. small objects. the RF shadow. you cannot see the shadow created. One final reality revealed by this analogy of the plywood is the concept of RF shadow. or irregularities . Much like stronger water waves are more likely to diffract around larger obstacles. Imagine placing a 2 × 4 in the water instead of the stick or plywood. Scattering is produced by rough surfaces. or on wireless networks. You will not get acceptable wireless reception in this space. This space is the wave shadow. but not too large—as the plywood is—to block the wave.RF Signal Characteristics 65 FIGURE 2-8 Diffraction Old Wavefront Direction RF Shadow Building Antenna New Wavefront Direction way. but the 2 × 4 is large enough to reveal the shadow. RF waves might not be able to diffract around large obstructions. When you place the stick in the water.

4 GHz range is generally used by microwave ovens. . huh?) because we are mostly water. Figure 2-9 shows that scattering is a lot like many little reflections. many portions of the signal are reflected (scattered) in different directions. but not as significantly as the 2. Water is also an excellent signal absorber above the 2 GHz range. absorption is what makes microwaves work and your wireless signal degrade. This is why the 2. eventually. microwave ovens operate in the 2.4 GHz spectrum. RF signals can be absorbed by many different objects.66 Chapter 2: Radio Frequency Basics FIGURE 2-9 Incoming RF Signal (Pre-Scattering) Scattering Reflected RF Signals in the signal path. the more of the RF signal that will be absorbed. the vast majority of the signal is reflected in the same direction. For this same reason. the signal is lost or undetectable. and therefore. Therefore. Absorption The final important RF behavior that you must understand is absorption.4 GHz spectrum. the 2. and when referred to as scattering. Keep this in mind for large convention spaces with low ceilings and large rooms. The 5 GHz spectrum is impacted by water-based life forms as well. heavily forested areas are prime spots for weakened signals in the 2. This weakening of signal strength as it travels through space is known as free space path loss. In fact. causing a reduction in signal strength until. the more humans in a space. it is important to remember that most living things have a large saturation of water. It is important to remember that humans are basically moving food (not a pleasant thought. water molecules cannot vibrate fast enough to keep up with the RF waves and so they absorb the energy instead.4 GHz waves are absorbed most easily by water.4 GHz spectrum for this very reason. While the RF waves can move through food well. including plants and animals. As noted earlier. including the air through which the signals pass. When referred to as reflection.

.03 Basic RF Mathematics To successfully implement and manage an RF-based network. and this can result in performance problems. the polarization of antennas does not have as great an impact as it does with outdoor links. Sometimes a tilted antenna is best. though you can actually position the antenna at any angle. The polarization of an antenna may be defined as vertical or horizontal. the proper polarization of the antennas can make or break the connection. may even be lost. A horizontally polarized antenna is one that is positioned in a horizontal or “fallen over” position. The first is a concept known as polarization. A vertically polarized antenna is one that is positioned in a vertically upright position. MIMO diversity is often used to reference the active use of all antennas at the same time. due to indoor reflections. Diversity helps to solve problems created by multipath. Multipath occurs when the same signal arrives at the receiver after traveling different paths. Simple diversity refers to an implementation of antenna diversity wherein the wireless station simply chooses the best antenna for communications. However. and horizontal polarization results in vertical radiation. CERTIFICATION OBJECTIVE 2. your connectivity will be less stable and. if you have an access point with the antennas positioned vertically (vertical polarization) and you have a USB client adapter with the antenna down (horizontal polarization). Vertical polarization results in horizontal radiation. engineers have developed concepts and technologies that can help to improve communications in WLANs. of an RF signal at the point of radiation as well as the point of reception. The signal may be out of phase. The impact of polarization is seen when antennas are not polarized in the same way. Read that last sentence again because it is accurate and very important to remember. RF math provides us with a standardized way to communicate the strength.Basic RF Mathematics 67 Polarization and Diversity Due to the nature of RF propagation. at greater distances. The second concept or technology engineers have developed is antenna diversity. in most cases. For example. or weakness. you must understand the power levels of the RF signal. In outdoor links.

The pressure on the water line can be compared to the voltage in an electric circuit.” As an analogy. you must employ a method to measure the power. Some receivers measure increases and decreases in signal are sensitive enough to RF signals that they can strength in a manner that is easy to grasp receive a signal as small as 0. When you document the power levels needed to provide the required communication signal strength. think of a water hose with water passing through it. think of that seven-watt nightlight. .68 Chapter 2: Radio Frequency Basics You must understand milliwatts and decibels and then move on to learn about dBm and dBi in order to come to grips with RF math. for administrators. this light could be seen up to 50 miles in all directions. however. On a clear night. Because a small amount of power is required. require a different measurement method than a watt. In order to ensure the power levels are high enough for operations. wireless clients. in wireless networking. So 100 mW of output is the same as 1/10 of a watt of output. another measurement is needed in addition to the watt. This is also said as “one watt is equal to an ampere multiplied by a volt. numbers. and the flow of the water can be compared to the amperes (or current).000000001 watts. A milliwatt (represented by “mW”) is 1/1000 of a watt. The watt is a standard measure of power used in most engineering applications. a four-watt signal can be sent for miles. the decibel is used to measure these levels of strength. technicians. because lower power levels are used. RF antennas require a certain power level to receive signals. a common nightlight uses about seven watts of power. Finally. A watt is technically defined as one ampere (A) of current at one volt (V). As with that seven-watt nightlight. and users Because of the difficulty in grasping such small alike.4 GHz band to just four watts. In perspective. Milliwatts and Decibels In much the same way that our ears need a certain volume level to hear sounds. therefore. you use milliwatts or decibels in most cases. we use the term milliwatt to measure most wireless communication power levels. You may be wondering why wireless networks use such low power levels and. Standard access points. so you will learn about this as well. To answer that question. you can’t work with wireless technology for very long without encountering the phrase signal-to-noise ratio. This is why the FCC limits RF signal output in the 2. and wireless network devices have output power levels that are commonly between 1 and 100 milliwatts. A decibel is used to represent extremely small Decibels are used to numbers in a manageable way.

What is 7 from 10? The answer is 3. However. You now subtract 3 dB from the 600 mW and arrive at 300 mW of EIRP. you can usually calculate the output or input power levels of any wireless system. We had 9 dB of gain . We had 3 dB of loss in the first cable. you arrive at 600 mW. because dB calculations are additive. including calculations of the intentional radiator and any antenna gains or losses. but not including. the output antenna in an RF system) or when determining the actual equivalent isotropically radiated power (EIRP) output. Another way to perform the same calculation is to add up all the dB gains and losses and then recalculate the signal strength just once. The last calculation of 60 mW + 7 dB might have seemed impossible. Follow me on this. In other words. You use this most frequently when calculating gains and losses based on equipment used to form an intentional radiator (all of the equipment. Here’s how it works: –3 dB = half the power in mW +3 dB = double the power in mW –10 dB = one tenth the power in mW +10 dB = ten times the power in mW Using creative combinations of 10s and 3s. The most important thing for you to remember is the rule of 10s and 3s in RF math.Basic RF Mathematics 69 Decibels (dB) are based on a logarithmic relationship to the literal or linear power measurement of a watt. What is the actual output power (EIRP) of this system? The answer can be found by using the 10s and 3s of RF math as follows: 30 mW – 3 dB for the cable = 15 mW (divide × 2 one time) 15 mW + 9 dB for the amplifier = 120 mW (multiply × 2 three times) 120 mW – 3 dB for the second cable = 60 mW (divide × 2 one time) 60 mW + 7 dB for the antenna = 300 mW This is where the creative use of the 10s and 3s comes into play. +7 dB is the same as +10 dB/–3dB. This trick allows you to calculate more complex power level scenarios more easily. As an example. imagine you have a wireless access point with 30 mW of output power connected to a cable with 3 dB of loss and feeding into an amplifier with 9 dB of gain and then into another cable with 3 dB of loss and finally output through an antenna with 7 dB of gain. which is the actual output from an antenna. This is a complex way of saying that decibels allow you to represent large (and small) numbers with numbers you can wrap your mind around. and that gives us a negative 3. cables. by multiplying the 60 mW times 10 (60 mW + 10 dB). and connectors leading up to.

again. What is 30 mW × 10? The answer is the same as we reached with the step-by-step mW calculations earlier: 300 mW. No such antenna exists. and that gives us a positive 6. The same pressure is being applied. An isotropic radiator is a theoretical transmitter that propagates RF energy exactly equally in all directions. it means that it quadruples (remember. or 100 mW. The m in dBm simply stands for milliwatts. The reference point that relates the logarithmic dB scale to the linear watt scale is 1 mW = 0 dBm. but the possible “direction” of the pressure is reduced. . +3 dB + 3 dB = × 2 × 2) the output power in the direction of the antenna. is used to reference the increase in power in a certain direction by an antenna. Likewise. the output power is estimated at 400 mW in the direction of the antenna. a 9 dBm product would be equal to 1 mW × 2 × 2 ×2. which results in a gain in the output power according to the directionality of the antenna. If 100 mW of power is fed into the antenna. The second term. as all antennas propagate more of their energy in one or more directions than in others. dBi. Because dBm is linked to the linear milliwatts scale. dBm is a reference to the relationship between decibels and linear watts. causing the water to spray farther. dBi Other common measurements you will see in the area of wireless technology include dBm and dBi. Here is a method for representation of this calculation: –3 dB + 9 dB + –3 dB + 7 dB = 10 dB 30 mW + 10 dB = 30 mW × 10 30 mW × 10 = 300 mW dBm vs. and that gives us a positive 3. Remember that 1 mW is equal to 0 dBm. This means that when wireless product packaging states that a device provides up to 20 dBm of output power. and this gives us a positive 10. it is promising a specific level of output power (in this case it is promising approximately 100 mW of output power). as placing your thumb over a portion of the opening of a water hose. it is an absolute reference of power. The i in dBi stands for isotropic.70 Chapter 2: Radio Frequency Basics in the amplifier. so a 20 dBm product would be equal to 1 mW × 10 × 10. Think of this. This simply means that the change in power provided by the antenna is calculated against what an isotropic radiator would produce. Finally we had 7 dB of passive gain in the antenna. If an antenna is referenced as a 6 dBi antenna. We had another 3 dB of loss in the second cable. or 8 mW.

One of the most commonly used tools is NetStumbler. Determining the SNR in areas of desired coverage is an important part of wireless network implementation. a signal power level of –55 dBm and a noise power level of –97 dBm gives you an SNR of 42. which is shown in Figure 2-10. calculate the difference between the power levels of the signal and the power levels of the noise. A higher SNR indicates a better signal. FIGURE 2-10 Signal-tonoise ratio in NetStumbler . For example. another person could whisper to you and you could hear her easily. but it is used to measure the signal power compared to the power of the noise in the environment. Returning to the human hearing analogy. The same basic concepts apply to wireless networking. the person will have to shout for you to hear her over the noise. Many programs give you the ability to view the SNR in your environment. The RF noise in the environment is often referred to as the noise floor. which is the result of the same noise level with a signal level of –80 dBm. as the signal is much “louder” than the noise. The SNR does not measure the power of the signal by itself in absolute or relative terms like dB or dBm does. in a football stadium watching the Super Bowl. This is better than an SNR of 17. However. if you are in a quiet room. To calculate the signal-to-noise ratio.Basic RF Mathematics 71 SNR: Signal-to-Noise Ratio One final measurement used to determine the strength and quality of an RF signal is the signal-to-noise ratio (SNR or S/N ratio).

Because backward compatibility is provided. 2. 2. The original PHY (remember.5. The 802.4 GHz spectrum of RF frequencies.11b channel is 22 MHz wide. The original 802. .11 standard specified DSSS to operate in the 2. These technologies include the following: ■ DSSS ■ HR/DSSS ■ OFDM ■ FHSS ■ Infrared ■ MIMO DSSS and HR/DSSS Direct sequence spread spectrum (DSSS) is the technology used in 802.11b devices. or 11 Mbps. 802. physical layer) is known as the DSSS PHY.11 devices running at 1 or 2 Mbps. and FHSS—a brief overview will be helpful here. Unlike frequency hopping spread spectrum systems. these devices are limited to the speed of the slower device in the link. DSSS systems are configured to use the same frequencies permanently.11 and 802. The 802.4 GHz spectrum at data rates of 1 or 2 Mbps. OFDM.11b amendment specified High Rate/DSSS (HR/DSSS) to operate in the 2.4 GHz spectrum at data rates of 1.11b standards specify that DSSS is to be used in the 2. 5.11b amendment introduced the HR/DSSS PHY. These channels are blocks of frequency space or frequency ranges.5.5 or 11 Mbps can communicate with 802. providing data rates of 1.72 Chapter 2: Radio Frequency Basics CERTIFICATION OBJECTIVE 2.11 and 802. 5.04 RF Physical Layer Technologies There are many different technologies that utilize RF communications. An 802. and the 802. DSSS systems use assigned channels for communications. While more information about each technology is provided in the next chapter— specifically DSSS. The major differences among them are the frequencies and encoding techniques they use.11b devices operating at 5. and 11 Mbps. Of course. so frequencies do not change during communications.

as implemented in 802.” OFDM divides a channel into subcarriers or subchannels and sends data streams on these “separate pipes.4 GHz spectrum.11 specification.11b and 802. OFDM is also used in 802. are 22 MHz wide in order to maintain backward compatibility with HR/DSSS and DSSS.4 GHz spectrum and this may result in interference issues. ERP channels. As you might guess by the name. but it is a widely used technology due to the large number of Bluetooth devices.11a operates in the 5 GHz spectrum. the vast majority of installations are using HR/DSSS or higher today.Thankfully.11 HR/DSSS and DSSS respectively. but they communicate in the 2. as implemented in 802. are 20 MHz wide and are nonoverlapping. Unlike DSSS.11a is technically known as OFDM. such as DSSS.” This provides for greater resistance to multipath interference and allows for greater bandwidth. OFDM 802. OFDM channels.11 devices and Bluetooth devices as well as some RFID units. and the PHY introduced by 802.11g. but it is good to know about and understand.11g with modifications for backward compatibility with 802. 802.11g is technically known as ERP.11g operates in the 2.11a. since you may encounter these devices in existing installations. and 802. or OFDM to avoid the mouthful. FHSS is limited to 1 or 2 Mbps in the 802. FHSS is no longer covered on the CWTS exam. The PHY introduced by 802. which uses the full channel as a single “pipe. FHSS Frequency hopping spread spectrum (FHSS) is another spread spectrum technology. This helps to avoid the problems caused by narrow-band interference. FHSS systems hop from one frequency to another during communications.RF Physical Layer Technologies 73 You are not likely to be tested on details related to the original DSSS. that is used by older 802. .11a utilizes a different technology for communications known as orthogonal frequency division multiplexing.11. Bluetooth devices are not compatible with 802.

11n amendment is technically called the High Throughput (HT) PHY. . You also learned how to calculate and measure the signal strength of wireless links. MIMO Multiple input/multiple output (MIMO. MIMO is part of the new 802. pronounced “my-moe”) devices allow the use of more than one antenna at the same time by using multiple data streams in the same channel via “smart antennas.” MIMO-based networks can help in overcoming multipath problems (the result of the signal being reflected off different objects in the environment) and increasing the speed of communications. You might question this if you have a laptop or PDA that uses an infrared port.11n.11 PHY standard. Finally. Cisco. you reviewed the basic features of the different Physical layer technologies used in WLANs. you must use 40 MHz channels and you must use 4 × 4 configurations (four transmit and receive radio chains at each end of the link). However.11 standard includes a PHY (physical layer) specification for infrared communications. You will learn many more details about these Physical layers in Chapter 3. CERTIFICATION SUMMARY This chapter introduced concepts related to RF-based communications. You learned about the factors that impact the range and speed of WLANs. This PHY may operate in the 2. but that port is most likely designed according to standards set forth by the Infrared Data Association (IrDA) and not the 802. 802. this layer has not been implemented.11n standard for high-throughput communications.4 GHz spectrum. and others provide this technology. or both. The 802. Many devices by such companies as Belkin. In order to achieve the highest rates offered by 802. The PHY introduced by the 802.74 Chapter 2: Radio Frequency Basics Infrared The 802.11n task group that was formed in January 2004 aimed at creating a wireless standard with theoretical throughputs of up to 540 Mbps.11n uses a combination of MIMO and OFDM technologies and actually ended up providing a maximum data rate of 600 Mbps with four antennas on each end of the link and 40 MHz channels. because of lack of interest. the 5 GHz spectrum. and it may use either 20 or 40 MHz channels. The CWTS exam does not test your knowledge of the nonimplemented Infrared PHY. including polarization and simple diversity. Basic RF antenna concepts were also introduced.

❑ A mW is 1/1000 of a watt. connectors. ❑ When the strength of a signal decreases. ❑ Attenuation causes loss. ❑ Motors and other electric devices may generate unintentional RF noise. ❑ RF LOS must factor in the first Fresnel zone and ensure that at least 60 percent of this zone is clear. ❑ Wires. and microwaves may cause interfer- ence with WLANs operating in the 2. ❑ An increase of 10 dB multiplies the signal strength in mW by a factor of 10. ❑ Free space path loss occurs as RF waves travel through the air. spread spectrum phones. ❑ For improved stability and reduced maintenance. ❑ A decrease of 10 dB divides the signal strength in mW by a factor of 10. this is called gain. this is called loss.4 GHz spectrum. ❑ Baby monitors. Basic RF Mathematics ❑ An increase of 3 dB doubles the signal strength in mW.4 GHz spectrum.Two-Minute Drill 75 ✓ TWO-MINUTE DRILL RF Range and Speed Factors ❑ Line of sight (LOS) is most important for outdoor long-distance links. and devices in the path from the RF generator to the antenna may cause loss. many engineers choose to ensure an 80 percent clearance of the first Fresnel zone. ❑ A decrease of 3 dB halves the signal strength in mW. RF Signal Characteristics ❑ When the strength of a signal increases. ❑ Amplification causes gain. RF Physical Layer Technologies ❑ HR/DSSS is a PHY that provides up to 11 Mbps and operates in the 2. .

4 GHz spectrum or the 5 GHz spectrum or both. ❑ HT is a PHY that provides up to 600 Mbps and operates in either the 2.76 Chapter 2: Radio Frequency Basics ❑ OFDM is a PHY that provides up to 54 Mbps and operates in the 5 GHz spectrum. .4 GHz spectrum. ❑ ERP is a PHY that provides up to 54 Mbps and operates in the 2.

Which one of the following devices is not likely to cause interference when implementing a new 802. Baby monitors C. Choose all correct answers for each question. RF Range and Speed Factors 1. D. The building is less than 2000 square feet. Close proximity 802.4 GHz WLANs? (Choose all that apply. You are implementing a WLAN within a building. 80 percent B. C. Televisions 2. Cell phones B. B.11g (ERP) WLAN? A. Close proximity 802.11a WLANs C. How much of the first Fresnel zone should have clearance for this network to operate smoothly? A. Eighty percent of the first Fresnel zone should be clear. 60 percent C. Microwave ovens D. Baby monitors D. Which of the following devices are likely to cause RF interference for 2. 20 percent D. Microwave ovens 3.11b WLANs B. and there are very few internal walls. .) A. The Fresnel zones are not as important for indoor networks due to the propagation behaviors of WLAN signals.Self Test 77 SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. What is the maximum allowed percentage of the first Fresnel zone that may be blocked while still maintaining communications? A. Sixty percent of the first Fresnel zone should be clear. 40 percent 4. One hundred percent of the first Fresnel zone must be clear for indoor WLANs. Read all the choices carefully because there might be more than one correct answer.

The width of the transmitting RF beam at the point of half power RF Signal Characteristics 6. Reflection 7. 125 mW . Augmentation D. in the direction of the intended propagation? A. Diffraction B. Amplification B. Aggravation 8. The space between the buildings is completely free of objects. An access point is generating 50 mW of output power. The cables and connectors leading up the antenna cause 13 dB of loss. Which of the following is a valid definition of Fresnel zones? A. What is the difference between the original signal power level and the resulting power level called when the signal is weakened? A. The signal strength has weakened. The cables and connectors leading up to the antenna introduce 6 dB of loss. What is the signal strength. Absorption Basic RF Mathematics 9. The antennas are mounted high enough that the first Fresnel zone has zero blockage. in mW. 80 mW B. Reflection C. Free space path loss D.78 Chapter 2: Radio Frequency Basics 5. Gain B. The antenna introduces 12 dB of gain. Attenuation C. Loss C. The donut-shaped area around an antenna that provides WLAN coverage D. What causes loss? A. The link still loses power between the transmitting and receiving antenna. An access point generates a 100 mW signal. Impedance D. You have implemented a WLAN link between two buildings that are about 180 feet apart. Parallel lines that run along the visual line of sight in an RF link C. What is causing this? A. Ellipse-shaped areas around the visual line of sight in an RF link B.

HR/DSSS with 20 MHz channels B.11b amendment and what is the channel width used by this PHY? A. 802. Surrounding businesses already have WLANs. 802. HR/DSSS with 22 MHz channels D. check e-mail. OFDM was first implemented in the 802. HT D. 100 mW D. OFDM LAB QUESTION You are implementing a WLAN for a small business.) A. and store standard office documents on a file server. The company leases space in an office building. Which PHYs utilize the 2. and they will browse the Internet. OFDM with 25 MHz channels 11.Lab Question 79 C.11g D. 802. 802.4 GHz spectrum.4 GHz license-free ISM bands? (Choose all that apply.11n 12.11b C. HR/DSSS C.11a B. OFDM with 16 MHz channels C. Your client will have only five users on the network. print documents.11 standard as part of what amendment? A. ERP B. but she also wants the latest and greatest solution. and they are consuming all of the channels in the 2. Which technology will you implement for your client and why? . Which PHY was introduced in the 802. The owner says that she wants to play nicely with her neighbors. 5 mW RF Physical Layer Technologies 10.

What is the maximum allowed percentage of the first Fresnel zone that may be blocked while still maintaining communications? A. Microwave ovens ✓ ® B is correct. 2.11g (ERP) WLAN? A. Microwave ovens D. ® A. Televisions ✓ ® B and C are correct.11a WLANs use the 5 GHz bands and will not interfere with 802. and televisions do not ˚ usually generate RF noise or signals in the 2.11a WLANs C. 3. 20 percent D. Which one of the following devices is not likely to cause interference when implementing a new 802.) A. C.11b WLANs B. Baby monitors C. Close proximity 802. ® A and D are incorrect.11g WLANs. Baby monitors and microwave ovens may cause interference as well. 60 percent C. Cell phones operate in licensed frequencies.4 GHz WLANs? (Choose all that apply.11b WLANs operate in the same 2. 802. Cell phones B. 40 percent . Baby monitors D. and D are incorrect.4 GHz signals or noise and may cause interference with a WLAN.11g WLANs.4 GHz spectrum with enough intensity to cause interference.4 GHz band and may ˚ interfere with 802. 80 percent B.80 Chapter 2: Radio Frequency Basics SELF TEST ANSWERS RF Range and Speed Factors 1. Close proximity 802. 802. Which of the following devices are likely to cause RF interference for 2. Both the baby monitors and the microwave ovens are likely to generate 2.

B. C. The donut-shaped area around an antenna that provides WLAN coverage D. How much of the first Fresnel zone should have clearance for this network to operate smoothly? A.Self Test Answers 81 ✓ ® D is correct. Ideally only 20 percent of the first Fresnel zone will be blocked. The Fresnel zones are not as important for indoor networks due to the propagation behaviors of WLAN signals. ® B. B. You are implementing a WLAN within a building. 40 percent may be blocked. ˚ connections will be impossible or unstable. What is the difference between the original signal power level and the resulting power level called when the signal is weakened? A. since reflection. Ellipse-shaped areas around the visual line of sight in an RF link B. Eighty percent of the first Fresnel zone should be clear. Sixty percent of the first Fresnel zone should be clear. Loss . and diffraction help the signals to propagate to many areas of the indoor facility. and there are very few internal walls. ˚ RF Signal Characteristics 6. A Fresnel zone. Gain B. but the question asked for the maximum allowed percentage of blockage. Indoor WLANs are not as impacted by first Fresnel zone issues. The width of the transmitting RF beam at the point of half power ✓ ® A is correct. 5. Parallel lines that run along the visual line of sight in an RF link C. Which of the following is a valid definition of Fresnel zones? A. ✓ ® B is correct. If 80 or 60 percent of the first Fresnel zone is blocked. since the Fresnel zones are ˚ not usually considered for coverage-based WLANs as opposed to bridge links. C. named for physicist Augustin-Jean Fresnel. The building is less than 2000 square feet. C. and C are incorrect. D. and D are incorrect. ® A. Since 60 percent must be clear. The cables and connectors leading up to the antenna introduce 6 dB of loss. 4. One hundred percent of the first Fresnel zone must be clear for indoor WLANs. The signal strength has weakened. An access point is generating 50 mW of output power. ® A. The key to the question is that it asks for the percentage that may be blocked and not that which must be clear. and D are incorrect. refraction. is one of a (theoretically infinite) number of concentric ellipsoids that define volumes in the radiation pattern of an RF link. These definitions are not proper definitions of Fresnel zones. All of these answers are incorrect.

Augmentation may cause gain. You have implemented a WLAN link between two buildings that are about 180 feet apart. Significant precipitation levels would be needed to absorb measurable RF energy in this short link. The antennas are mounted high enough that the first Fresnel zone has zero blockage. Reflection C. Free space path loss occurs more because of the spreading of the wave front than the absorption of energy by the moisture in the air. Augmentation D. well.82 Chapter 2: Radio Frequency Basics C. Absorption ✓ ® C is correct. ® A. and D are incorrect. and D are incorrect. Amplification causes gain. Reflection ✓ ® B is correct. The link still loses power between the transmitting and receiving antenna. Impedance is a reference to the resistance imposed by a cable or connector. Aggravation just causes. ® A. The space between the buildings is completely free of objects. There are no materials between the transmitter and the receiver that could absorb significant RF energy. C. Attenuation C. no diffractions or reflections should have an impact on the signal strength at the receiver. aggravation. Free space path loss D. Amplification B. Impedance D. but it ˚ is not the normal term. B. The impedances of different cables and connectors in a system should match. ® A. The difference is known as gain when the resulting signal is ˚ stronger than the original signal. and D are incorrect. What is causing this? A. Attenuation causes loss. 8. . C. Since the path between the two antennas has zero Fresnel zone ˚ blockage. This difference in signal strength is called loss when the resulting signal is weaker than the original signal. Aggravation ✓ ® B is correct. Free space path loss impacts any link regardless of Fresnel zone clearance. What causes loss? A. 7. Diffraction B. Reflection is what occurs when RF waves hit large smooth surfaces.

OFDM was introduced in 802. ® B. 802. . 100 mW D. 11. C. 802. OFDM with 25 MHz channels ✓ ® C is correct. What is the signal strength. While 802.11b and it uses 22 MHz channels. 80 mW B. 802. Which PHY was introduced in the 802.Self Test Answers 83 Basic RF Mathematics 9. OFDM with 16 MHz channels C. B and D are incorrect. Next we multiply by 2 three times (10 – 3 × 3 = 1. These values are simply incorrect. the PHY is called either ERP or ERP-OFDM and not simply OFDM.11b.11b amendment and what is the channel width used by this PHY? A. The cables and connectors leading up the antenna cause 13 dB of loss. HR/DSSS is the PHY that was introduced in 802.11g implements OFDM. 125 mW C.11a B. but it is called HT in the 11n amendment. ˚ RF Physical Layer Technologies 10.11b introduced the HR/DSSS PHY. OFDM was first implemented in the 802.11n ✓ ® A is correct.11g introduced the ˚ ERP PHY. HR/DSSS with 20 MHz channels B.11n implements OFDM. C. The antenna introduces 12 dB of gain. HR/DSSS with 22 MHz channels D. 802.11b C. in mW. While HR/DSSS was the PHY introduced in 802. 13 dB of loss plus 12 dB of gain equals 1 dB of loss. 802. 802. and D are incorrect. ® B. it uses 22 ˚ MHz channels instead of 20 MHz channels. and D are incorrect. we’re using the rule of 10s and 3s) to get 80 mW. ® A. in the direction of the intended propagation? A.11a and uses 20 MHz channels. 802.11 standard as part of what amendment? A. 5 mW ✓ ® A is correct. we take the original 100 mW and divide by 10 to get 10 mW. To calculate this. and 11n was not the first amendment to introduce OFDM.11g D. An access point generates a 100 mW signal.

this scenario demands the implementation of 802. and they are consuming all of the channels in the 2. and they will browse the Internet. Your client will have only five users on the network. ® D is incorrect. HT D. HR/DSSS.11n (the HT PHY). Which technology will you implement for your client and why? The following represents one possible solution to the lab. check e-mail. The company leases space in an office building.4 GHz license-free ISM bands? (Choose all that apply.11a) operates only in the 5 GHz U-NII bands. B. and C are correct. and store standard office documents on a file server.4 GHz bands. Surrounding businesses already have WLANs. HR/DSSS C. .4 GHz spectrum.Your answer may vary. HT PHYs may also operate in the 5 GHz U-NII bands. Since the client wants the latest and greatest solution. The owner says that she wants to play nicely with her neighbors. ERP. You will need to select HT devices that can operate in the 5 GHz spectrum. This decision will allow the client to play nicely with the neighboring businesses. ˚ LAB ANSWER You are implementing a WLAN for a small business. OFDM ✓ ® A. A single 802. ERP B. but it will also allow the network to perform at the highest level available today. Which PHYs utilize the 2.84 Chapter 2: Radio Frequency Basics 12.11n access point or wireless router should easily serve the needs referenced for the five users of the network. print documents.) A. OFDM (802. but she also wants the latest and greatest solution. and HT PHYs may all operate in the 2.

3 Wi-Fi Features and Functionality CERTIFICATION OBJECTIVES 3.02 Characteristics of Wi-Fi Technology RF and Spread Spectrum Functionality ✓ Q&A Two-Minute Drill Self Test .01 3.

In this chapter. 802. Without question. you will learn about the different Wi-Fi standards in greater detail than in previous chapters. Finally.11a. like the one shown in Figure 3-1. The Wi-Fi Alliance certifies wireless equipment to operate according to IEEE standards such as 802.11b. As for Wi-Fi equipment. and the fundamentals of RF networks covered in the last chapter have provided the foundation for understanding the details presented in this chapter. FIGURE 3-1 Wi-Fi certification logo for a b/gcompliant device . that will be covered in detail in Chapters 4 and 5. You will also gain an in-depth understanding of the real issues surrounding communication speeds (bandwidth and throughput) and how to get the most out of your wireless network. indicating the standards with which the equipment is in compliance. This equipment will then be assigned the appropriate Wi-Fi certification logo. You will discover the range (or distance covered) of wireless technologies and the methods used for large and small areas alike. you’ll study roaming and wireless infrastructures so that you can support the mobile workforce effectively. and 802. Wi-Fi is both an organization and a certification.86 Chapter 3: Wi-Fi Features and Functionality M any technologies utilize RF-based communications. the major RF-based LAN technology in production today is Wi-Fi.11g.

For this reason. a WLAN with ten clients each streaming video and performing other data-intensive tasks will not have .01 Characteristics of Wi-Fi Technology Since Wi-Fi technology uses RF signals for communications.Characteristics of Wi-Fi Technology 87 CERTIFICATION OBJECTIVE 3. For example. and Capacity Just as Ethernet cabling is limited by the length of various cable types. The capacity of the WLAN is impacted by the type of communications and the number of clients. the issues presented in Chapter 2 all apply. Coverage. Many factors impact the usable distance an RF signal can be transmitted and the actual throughput for data on that signal. Products often list a wireless range that cannot be realized in actual environments because the range estimate assumes completely open space with no weather interference. wireless networks cannot pass a receivable signal to infinity. a WLAN with ten clients using only e-mail can probably grow to a capacity of twenty or more clients. and capacity ■ Frequencies and channels ■ Channel reuse and colocation ■ Personal area network integration ■ Data rates and throughput ■ Dynamic rate switching ■ Operational modes ■ Naming the network ■ Active and passive scanning ■ Authentication and association ■ Distribution system and roaming ■ Power saving modes Range. Additional areas of concern include ■ Range. however. coverage. you must test products in actual implementations to determine the true range (understood as distance) and coverage (understood as availability and usability within the true range) provided by the device.

the others in the Fellowship of the Ring did not know where he was. If you attempt to install a wireless network using PDAs throughout a warehouse for inventory management. These items are considered during the site survey and project planning phases.88 Chapter 3: Wi-Fi Features and Functionality the needed capacity for continued growth. and so on). In Chapter 7. an area may be “within range” of the wireless device and still lack coverage if the area is in RF shadow.11b or 802. you must configure the device so that it knows which signal to monitor. As you learned in Chapter 2. therefore. because of diffraction and other RF behaviors. it was as if he wasn’t there. and a channel is generally a portion of the entire frequency space assigned to a specific technology such as 802. in the section “Frequencies. During this time. you might remember when Gandalf fell into shadow. Assuring coverage in all areas of your building or wireless network campus can usually be accomplished through the creative use of wireless channels and the strategic positioning of wireless base stations or access points and routers.11a. First. While one 802. and then the network is implemented to meet the discovered requirements. which is discussed shortly in this chapter. You do this using frequencies and channels. The range of your wireless network depends in part on the frequencies used and. Range and coverage issues are important to the success of your wireless implementation. Users would have to move from one place to another just to enter data and. in addition to this.11b devices. Frequencies and Channels For a device to determine the difference between RF noise and intentional RF signals. This is also what happens when your wireless client is in an RF shadow area even though the area is within the stated range of the wireless server (access point.11b devices can communicate with other 802.” You don’t have to know the frequencies used—necessarily— as long as you know you are using all 802. If you are a Lord of the Rings fan. reassociation procedures would slow down the entire process. .11 standard you choose. The frequency is what distinguishes one RF signal from another.11b devices because they all use the same total frequency range. you wouldn’t want areas to exist without proper RF coverage. the 802. it may not provide the needed range. Most modern devices hide the frequency information from you in two ways. router. Choosing the appropriate technology for each scenario is essential. 802. you will learn the basic techniques used to overcome RF shadow and other common wireless networking problems.11 standard might provide greater bandwidth capabilities.

4 GHz frequency spectrum.5000 GHz).4 GHz band (starting at 2. Most access points. enterpriseclass wireless devices from Cisco and other vendors reveal this information frequently.4 GHz devices use DSSS. these access points make no reference to the actual frequencies used by these channels.725 GHz and going to 5. It’s easier to remember that all your devices should be communicating on channel 11 and using 802. While the full range from 2.4000 to 2. Scientific.462 GHz (or worse. the IP address for SYSEDCO. Would you rather remember hundreds of numbers like this or domain names that actually have meaning? If you’re like me. For example. though it is seldom needed for effective operation.4000 GHz and going to 2. a 2.29. The lower U-NII band goes from 5. HR/DSSS. The ISM band includes a 900 MHz band (starting at 902 MHz and going to 928 MHz). . you opted for the second choice. so you don’t have to memorize the IP address.14.150 to 5. and upper bands. Of course. Whereas the 2. DNS provides a simple naming system for Internet locations. the 5 GHz 802.4 GHz ISM (Industrial.com may be 204.4000 to 2. middle. and each contains four non-overlapping channels. the analogy holds true from the perspective of simplicity alone.4835 GHz because the FCC has provided power output specifications for this range of frequencies only.5000 GHz is included in the designated band.11b.11 channels are precise and static compared to the different implementations of DNS.451 to 2. These bands use a frequency range 100 MHz wide. Frequencies Two major frequencies are used in Wi-Fi networks at this time: the 2. provide an easy-to-use drop-down box that lists the available channels. and a 5.250 or as 5150 to 5250. and Medical) band and the 5 GHz U-NII (Unlicensed National Information Infrastructure—pronounced “you-knee”) band. that they must all use the frequency range from 2. wireless networks use only the range from 2. Hiding the frequencies provides a similar benefit. for example. and 802.11a devices use OFDM. The 5 GHz U-NII band is used for 802. 802.Characteristics of Wi-Fi Technology 89 The second method of hiding the frequency information is through the use of simple channel assignments.11b than to remember that all devices should use the center frequency of 2.15 to 5. and ERP.4 GHz band is used for 802.106.11. The 2.473 GHz) within the total 2.11a devices and is divided into three bands known as the lower. This concept is similar to the way the Domain Name System (DNS) works on the Internet.875 GHz). Often.25 GHz (this is sometimes referenced as 5.11g devices. While the 802. though you will not need to know this for the CWTS certification exam) and has an FCC-imposed limit of 50 mW of maximum output power.8 GHz band (starting at 5.

The middle U-NII band goes from 5. instead. A new band was released as unlicensed space by the FCC that is sometimes just called the U-NII New Band. In most cases. In fact.4 GHz band. is from 2. and FHSS. they should not interfere with each other.401 to 2. OFDM Channels Each of the U-NII bands (lower. These frequency ranges form the channels that are used for actual communications. The third band.423 GHz. . This new band goes from 5. The channels available differ depending on the technology used.825 GHz with a total allowed output power of 1 watt. or the entire frequency range. for a single link between two devices.401 to 2. and upper) provides four channels for communications in an 802. you choose a single channel to use for communications.473 GHz in the United States. The New Band actually includes 11 channels itself.11a network with the exception of the New Band.725 to 5.11 standards and assigned by the FCC are further divided into smaller frequency ranges by the IEEE.412 GHz.The end result is that the IEEE standard uses the range from 2. indoor coverage is usually provided by a maximum of eight different channels. middle.The used range. goes from 5.90 Chapter 3: Wi-Fi Features and Functionality It is only important that you remember the used range for the ISM 2.35 GHz and is limited to 250 mW of output power. known as the upper band.This is because the FCC allows only the use of channels 1 to 11 within the ISM band. Channels The frequency ranges used in the various 802.25 to 5. You do not generally use all channels.470 to 5. Because these channels are separated with no overlapping. which means that it uses the range from 2. as the channels are 22 MHz wide. based on FCC power allowances and the IEEE standard. channel 1 is centered on 2.4000 to 2. the lower and middle bands are used indoors and the upper band is used outdoors.725 GHz and introduces 11 new channels for the 5 GHz U-NII devices operating according the IEEE 802. DSSS. These technologies include OFDM.4835 GHz.11 as amended. For this reason.

think back to the early days of 900 MHz cordless phones. however. a channel is nothing more than a range of frequencies.11a and OFDM in wireless networks in the Americas on the lower and middle U-NII bands. while Japan allows the use of all 14 channels.11a OFDM Channels .Characteristics of Wi-Fi Technology 91 To better understand channel interference. as listed in Table 3-2.11 b/g channels do overlap. provide 11 channels in the United States and up to 14 channels in other countries. such as 802. DSSS and HR/DSSS Channels The DSSS-based technologies. different locations have different rules. two access points on channels 1 and 2.18 GHz 5. you cannot operate two wireless networks in the same general area using the same channel—remember. but you understand the point. These bands are used by consumer-grade and indoor wireless technologies. 802.22 GHz 5.32 GHz Lower (L)/Middle (M) L L L L M M M M 802. using channels 1 and 11 would be fine. In the United States.30 GHz 5. Unlike 802. you can use only channels 1 to 11.11b. In much the same way.28 GHz 5. Channel 36 40 44 48 52 56 60 64 TABLE 3-1 Center Frequency 5. maybe it wasn’t that bad. As you can see from Table 3-2. For example. Remember turning on the phone only to hear your neighbor’s conversation? You would press the channel button on the phone to change to a different channel and then you’d be listening to the other neighbor’s conversation.26 GHz 5. This overlap can cause what is sometimes called channel fading or co-channel interference.11a OFDM channels. Each channel is 20 MHz wide surrounding the center frequency. Table 3-1 provides a quick reference of the channels used by 802. you would not want to use. in the same general area.20 GHz 5. Well. These rules are important to consider when creating and implementing wireless networks.24 GHz 5.

In the end. During communications.462 2.11g DSSS Channels Channel Identifier 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Frequency in GHz 2.484 Regulatory Domains Americas X X X X X X X X X X X — — — EMEA X X X X X X X X X X X X X — Israel — — X X X X X X X — — — — — China X X X X X X X X X X X — — — Japan X X X X X X X X X X X X X X It is also important to remember that the frequencies listed in Table 3-2 are center frequencies. This hopping sequence—or pattern—is defined as the channel.412 2. Instead.472 2.401 to 2. and then they loop back through that pattern continually. The FCC regulates FHSS systems in areas of dwell time. FHSS systems hop from frequency to frequency using a pseudorandom hopping sequence. and the amount of time it takes to move from one frequency to the next is known as hop time. channel 1 uses the range from 2. This means the channel uses the center frequency +/–11 MHz. For example. frequencies used. The amount of time spent on a particular frequency is known as dwell time.452 2.447 2.432 2.423 GHz and is centered on 2.457 2.467 2. and output power.412 GHz.427 2.442 2.11/802. the radios in each device change from one frequency to another in a pseudorandomly generated pattern.417 2.422 2.437 2. each channel uses a 22 MHz–wide frequency range. These regulations restrict the available bandwidth because of dwell . FHSS Hopping Sequences A frequency hopping spread spectrum system does not use channels in the same way as DSSS and OFDM.11b/ 802.92 Chapter 3: Wi-Fi Features and Functionality TABLE 3-2 802.

The concept of colocation allows for the strategic placement of wireless access points. Bluetooth devices are extremely popular today in PDAs.11 when you take the CWTS exam. bridges. DSSS 300 feet 802. 36. 802. There is. 9. The materials of which the TABLE 3-3 802. and laptop computers.Characteristics of Wi-Fi Technology 93 time limits and the number of channels because of frequency limits. and routers based on channels within the unlicensed frequency bands. of course. 48. or both. You will not be tested on the FHSS physical layer of 802.11 Frequency Data Rate(s) Modulation Advertised Range 2. For example.11b 2.5. You are unlikely to encounter it frequently as you support and implement wireless networks. it might not provide sufficient speeds for the needs of the user. 2 Mbps FHSS.11g vs. therefore. 11 Mbps DSSS 300 feet 802. 79 total channels (frequency hop patterns) are available and provide for many colocated systems.11g 2. However. However. you must also understand channel interference and the potential problems created by personal area network devices. 48. 24. one major exception to the ever-decreasing use of FHSS. Colocation To provide proper coverage in any facility. 54 Mbps OFDM 225 feet 802. Channel Reuse and Colocation By this time. Table 3-3 provides a listing of the various wireless LAN standards and advertised ranges. While an access point might be able to service a client that is 100 feet away. cell phones. 18. you may be wondering why you need to know all this information about frequencies and channels. and that is Bluetooth. 54 Mbps OFDM 300 feet Standards and Advertised Ranges . 12. 24. 2.4 GHz 6. 36. you need to strike a balance between bandwidth and range. Remember these are advertised ranges and will seldom be seen in production environments. 9. FHSS equipment is becoming more and more difficult to find and. you can provide the needed coverage in most facilities.11a 5 GHz 5. it is not uncommon to lose 20 feet (or more) of distance for every internal wall the signal has to pass through. is not covered in extensive detail on the exam.4 GHz 1.4 GHz 1. 12.11a). 5. 15. The answer is simple: By using channels effectively. In order to implement colocated systems effectively. different standards (802.

11g devices. However.11b/g networks. you could provide adequate coverage in the facility using six access points located as shown in Figure 3-3. Imagine you are installing a wireless network in a facility with the dimensions represented in Figure 3-2. you can accomplish the needed coverage through colocation without much channel interference. which you will learn about later in this chapter. Let’s also assume you have tested the signal ranges within the building and determined that you can achieve an average range of between 100 to 150 feet. and other objects in the RF space. channel interference is an important concept to understand with 802. Drawing on this information. In this scenario. This is a general rule and is applied through dynamic rate switching or dynamic rate selection.94 Chapter 3: Wi-Fi Features and Functionality wall is made absorb large amounts of the RF energy.11b/g. For now. the slower your connection becomes. You should also remember that the farther you get from the access point. the real range will probably be closer to 120 to 200 feet indoors with walls. While the advertised range is 300 feet. and this topic will be discussed next. Using these channels. You should note that 802.11n provides coverage ranges even greater than 802. but also if you have needed coverage (bandwidth) in all of those areas. we’ll assume you are using 802. FIGURE 3-2 420 feet Facility dimensions 300 feet . filing cabinets. just remember to consider not only if you have coverage in all necessary areas. Note the channels used by the different access points.

. Cisco suggests a range of 20 to 75 feet for 802.11b. results in overlapping channels. This overlap means that adjacent channels actually use some of the same frequency space for communications. while others will tell you to use 75 feet or less in your estimates. This type of interference is known as adjacent channel interference. you can use these estimates for preliminary planning.This testing is a key component of the site survey. For example. Some will tell you to use the figure of 100 feet for your estimates with 802. while the channel is 22 MHz wide.11b/g.Characteristics of Wi-Fi Technology 95 FIGURE 3-3 420 feet Facility coverage Channel 1 Channel 6 Channel 1 300 feet Channel 11 Channel 1 Channel 11 Range estimates vary greatly by vendor. Channel Interference The fact that DSSS channels are centered on frequencies separated by 5 MHz. In the real world. but you must test range and coverage in the live environment to ensure accurate results. Throughput can suffer greatly and possibly disappear altogether if you attempt to build a wireless network using adjacent channels in the same space.11a and 100 to 150 feet for 802.

If client devices are not in need of roaming capabilities (the ability to move around and transfer from one access point to another automatically). which means a channel arrangement of 3 and 8 or 5 and 10 would also be acceptable.11a. consider using channels 1 and 11. 6. Instances such as these are about the only time you would want to break the “5 channels of separation” rule. While these two wireless standards do not differ as much as verbal communications and sign language FIGURE 3-4 2. This best practice assumes you need three channels. If you are installing a wireless network that will be serviced exceptionally well with two access points. and 11 provide the best chance of having no overlap in an installation.11b and 802. While some have suggested using channels 1. For this reason. and 11. using channels 1. tests by various organizations show a loss in throughput of as much as 50 percent when using this latter configuration. and 11 is considered a best practice. channels 1. it seems as if they are not talking. Think of your verbal conversation like 802. another colocation solution is to use both 802. Two other friends are sitting behind you as well. Because they communicate on different frequencies.4 GHz Channel Numbers 1 2 3 4 5 6 7 8 9 10 11 12 13 2. Here is a great analogy to help you understand this. they do not interfere with each other.11a devices in the same space. When you turn and look at them.484 GHz Channel overlap with DSSS/ 802. In fact. as you do not hear a conversation.96 Chapter 3: Wi-Fi Features and Functionality Figure 3-4. 6.11b/g and their sign language conversation like 802. If the used channels are not sufficiently separated. 4. illustrates this problem. 8. you discover they are using sign language to converse. near-channel interference will be increased and the WLAN’s throughput will be greatly reduced due to retransmissions. while not an exact representation of signal overlap because of energy spreading beyond frequencies.11b/g and 802.11g . As you can see. The main thing is to separate the channels by a total of 5 channels or more. Using these channels is helpful if another network is using Wi-Fi technology on channels 1 or 11 at some distance away so that the interference is minimal on these close channels. but you are not interrupted by them at all. Imagine you are sitting in a room talking with a friend.

In one sense. and they are not interfered upon by the 802.11a networks cause no interference to 802.Characteristics of Wi-Fi Technology 97 communications. Data Rates and Throughput In the world of networking. as they use the 5 GHz U-NII band. “I’ve got a lot of bandwidth” is taken to mean you can transfer information very quickly. it can refer to the available bandwidth or data rates supported by the technology. Most packaging states the supported data rates of the device.4 GHz ISM band. remember that they transmit at a very low power and they hop across differing frequencies. in another sense. the focus has been on wireless networks known as wireless LANs or WLANs. The data rate bandwidth will be consumed partially by overhead operations. If it ended there. but the reality is that data rates can be a bit misleading if you don’t understand the difference between data rates and throughput. but provides no details about how much useful information can pass through the device.11b/g networks either. the phrase.11b/g networks. . Newer Bluetooth standards also implement algorithms that provide resistance to interference and that limit creation of interference with WLANs. For example. Personal Area Network Integration Up to this point. however.11a devices for the WLAN. wireless PANs (WPANs) also use similar technologies. bandwidth has become synonymous with speed. you should not experience interference problems if you use 802. For this reason. this analogy illustrates the fact that 802. you must understand the following essential topics: ■ Data rates ■ Throughput ■ Dynamic rate switching Data Rates The data rate of a device refers to the total data transfer rate the device can handle. Because FHSS systems operate in the 2. When considering the impact of Bluetooth devices. bandwidth can have a twofold meaning. In the world of Wi-Fi. the concept would be complex enough. bandwidth can refer to the width of the RF band (such as 22 MHz for DSSS channels). Bluetooth devices utilize FHSS for communications and their existence on the network is an important thing to know about. It is important to distinguish this from the actual data throughput discussed momentarily. In other words.

11g 6. 12. 24. 2 Mbps 802. 11 Mbps 802. or 18 wheeler) with a carrying capacity of 37 units of a certain product. 36. Throughput refers to the amount of actual data you can transfer across the network in a given amount of time. However. While some technologies have been created that allow for as much as 80 percent throughput.11b 1. As you can see.5 to 600 Mbps Wi-Fi Standards— Data Rates Table 3-4 provides a list of the data rates supported by the different Wi-Fi standards and will be a helpful reference as you plan and design wireless networks. 15. encryption.11n devices seem to provide much higher throughput rates.11 through 802. 48. power save mode information. and other management-type data.11n All data rates of all previous amendments. 18. new data rates range from 6. 48. you are required to use 10 percent of your available space for documentation related to the product and another 10 percent for security devices to protect the product during transit.11a 5. The 802. semi-truck. but they are all referring to the same thing. Some vendors may use differing terms such as dynamic rate shifting or dynamic rate selection. DRS works by adjusting the speed of the connection as the wireless LAN client moves farther away from the access point. 9. 54 Mbps 802.5. 2. 36.to 30-unit capacity is similar to the device’s throughput. As you can see. 9.11 Data Rate(s) 1. The 37-unit capacity is similar to a wireless device’s data rate and the 29. 12. Actual Throughput Testing has revealed you can usually estimate that approximately half the stated data rate will be available for data transfer or throughput with 802. these technologies are usually nonstandard and may not operate with the equipment of other vendors. It will also . 24. 5. your actual carrying capacity is only 29 to 30 units of the product. more than 20 percent (closer to 50 percent) of the data rate is consumed by overhead data related to association.98 Chapter 3: Wi-Fi Features and Functionality TABLE 3-4 802. Dynamic Rate Switching Dynamic rate switching (DRS) is the term used to refer to a method of dynamically adjusting the speed of wireless LAN client devices.11g devices. 54 Mbps 802. Think of it like this: Imagine you have a big rig (also known as a tractor trailer.

Figure 3-5 represents the functionality of DRS. you must consider the impact of DRS on your wireless clients. you can use these FIGURE 3-5 Dynamic rate selection 54 Mbps 48 Mbps 36 Mbps 24 Mbps . This reduced signal strength results in a data rate adjustment when the decrease is significant. This will. in the end. lowering the retransmissions of data from clients who are farther away “frees the air waves” for the closer clients. Remember. you must ensure that the clients are close enough to the access points and interference is low enough to allow for this. if you determine that you need a minimum data rate of 36 Mbps for an estimated throughput of 18 Mbps.Characteristics of Wi-Fi Technology 99 dynamically adjust the speed if increased interference occurs. When a client moves farther away from the access point. For example. to achieve a higher data rate. in addition. As you plan your wireless LAN. Though the concentric circles are not meant to represent absolute distances in this diagram. you can achieve greater throughput at a lower data rate because there are fewer retransmissions of data (retransmissions are caused by data corruption). the signal strength is reduced at the client location. you must shorten the distance between you and the access point. Generally speaking. In the end. data is more likely to be corrupted at higher data rates. Theoretically. This is the reason for lowering the data rate. provide greater throughput to those clients that are closer to the access point as well. Not only can they communicate at a higher data rate but. you can ensure the needed data rates exist at each location only through testing. when a client is positioned farther from the access point.

Understanding these operational modes and their benefits will help in your decision making during installations and provide you with the knowledge you need to troubleshoot existing wireless implementations. For example.4 GHz 2.4 GHz 2. The figures in Table 3-5 are intended to represent ideal situations and cannot be assumed true in every implementation.4 GHz Power 40 mW 40 mW 40 mW 40 mW 40 mW 40 mW 40 mW 40 mW 100 mW 100 mW 100 mW 100 mW DRS Rate Adjustment Estimates estimates to perform preliminary planning. Operational Modes Wireless networks can function in one of two basic modes: ad hoc or infrastructure. .5 Mbps 2 Mbps 1 Mbps Distance (in feet) 60 80 100 120 130 140 150 170 140 180 250 350 Frequency 5 GHz 5 GHz 5 GHz 5 GHz 5 GHz 5 GHz 5 GHz 5 GHz 2.4 GHz 2. when operating in ad hoc mode. wireless devices communicate with each other directly. you can estimate that DRS will shift from 54 to 48 Mbps at approximately 80 feet. Ad Hoc As with peer-to-peer networking in the traditional wired networking world. The next shift is likely to occur at around 100 feet when DRS shifts the rate to 36 Mbps. The estimates are also based on open space without walls or other interfering elements. Table 3-5 provides estimates of rate-adjustment ranges based on differing frequencies and power levels.100 Chapter 3: Wi-Fi Features and Functionality TABLE 3-5 Rate 54 Mbps 48 Mbps 36 Mbps 24 Mbps 18 Mbps 12 Mbps 9 Mbps 6 Mbps 11 Mbps 5.

In this case. . There are no routers.Characteristics of Wi-Fi Technology 101 FIGURE 3-6 Ad hoc mode AD-HOC MODE There is no central server. Using infrastructure mode generally costs more because of the need for access points. and they can all communicate with each other. the access point acts as the server and the wireless client devices are the clients. Each device is a node on the network. Figure 3-6 illustrates ad hoc mode. Figure 3-7 depicts infrastructure mode. but are difficult to manage among many clients) ■ Limited in size because of bandwidth consumption just as in Ethernet peer-to-peer networks Infrastructure Infrastructure mode provides centralized control and is more like the client-server model used in traditional networks. but you can manage it more easily and provide access to the Internet or your existing network infrastructure. Benefits of ad hoc mode include ■ No access point needed ■ Can be formed dynamically ■ Supported by most wireless hardware ■ Simple to set up and operate Problems with ad hoc mode include ■ No access to the Internet or network infrastructures ■ No centralization of management ■ More difficult to secure (WEP keys can be used.

For example. then these devices are said to form a network.102 Chapter 3: Wi-Fi Features and Functionality FIGURE 3-7 INFRASTRUCTURE MODE Infrastructure mode The benefits of infrastructure mode include ■ Centralized management ■ Greater security control ■ Access to the Internet or network infrastructures ■ High bandwidth availability with proper implementation Problems with infrastructure mode include ■ Greater cost ■ Longer and more complex implementations ■ Less dynamic than ad hoc mode ■ Requires one or more access points Naming the Network: the SSID The network your device participates on is determined by the name of the network. but too many “netgear” names in an area make things confusing. older Cisco access points used the name tsunami. If your device has the same name as other devices.11b/g or 802. . and Netgear devices generally use the name Netgear. It is generally considered a best practice to change the name to something other than the default. If you are broadcasting the name. and all the devices using the same networking technology (802. clients will still be able to see it. Most access points come with a default name.11a) are within range of each other through some communications channel. For this reason. you should make it standard practice to change these names.

another network type is needed. we were live and transferring information between our machines. a friend and I both pulled out our laptops. the reality is that they are not the best configuration for small and large business networks that must exist on a more permanent basis. In less than five minutes. An SSID is a service set identifier. One primary example is the small group meeting. For the IBSS or ad hoc network to function. or the name (identity) of the service set. This ability is particularly useful if the meeting takes place outside your facility in a rented conference space or library. An IBSS has no access point and is created dynamically based on all the connecting client devices sharing a consistent SSID. The answer is that it determines your service set’s SSID. You can also create an ad hoc network for personal or family gatherings. and configuring them with the same SSID. We then configured our IP addresses to the same network and enabled sharing on the folders with data in them that we wanted to share. you can create an IBSS for temporary communications. placed them in ad hoc mode (this is how an IBSS is referenced in most configuration interfaces). you can create a temporary IBSS for data exchange during your meeting. you will learn about it next. Though you do not have control of the infrastructure in this remote facility. “the middle of nowhere. At a recent meeting. routers.) sharing the same name (SSID) and technology. A service set is a group of devices (access points. all the devices must be in earshot of each other so that they can communicate. multiple instances where this configuration could prove helpful.Characteristics of Wi-Fi Technology 103 You are probably beginning to wonder what this name does for your network. While IBSS networks work great in these kinds of scenarios. For this reason. There are three types of service sets: ■ Independent basic service set ■ Basic service set ■ Extended service set Independent Basic Service Set (IBSS) The independent basic service set (IBSS) is also known as an ad hoc network. client stations. There are. Certain consistency problems with Windows clients and ad hoc networks can wreak havoc on a business network. since there is no access point. etc. . however. IBSS networks are useful only for smaller networks in confined spaces. and you all have laptop computers with wireless devices supporting ad hoc mode.” That’s the beauty of ad hoc networks and battery-powered laptops. If you are meeting with five other individuals. The best part of this scenario is the fact that we were in a place we West Virginians call. Because of this restriction.

Association means the wireless client requests and is then granted permission to join the service set. The infrastructure BSS is much more common than the IBSS. Extended Service Set (ESS) You might guess that an ESS is another kind of service set. This is important because any given area can have multiple access points and the client must know with which access point to communicate.104 Chapter 3: Wi-Fi Features and Functionality Basic Service Set (BSS) The basic service set (BSS) is also known as an infrastructure basic service set. When an access point does not connect to a physical network infrastructure. it forwards frames (information or data) from the wireless clients to the wired devices and back. is one or more BSSs that share the same network name or SSID and are connected to the same distribution system. Because we have already used the acronym IBSS for an independent basic service set. The access point acts as the connection point to the infrastructure or forms the infrastructure itself. In a wireless network. both IBSS and BSS. A BSS does utilize an access point. and therefore it makes sense to grant the base acronym to this mode. something else is needed. This is determined by the SSID configured on the client and the access point. and some vendor’s access points will . When an access point connects to a physical network infrastructure. The concept of the ESS allows users to roam around (physically) on the network and still connect to the same network with the same name. Instead they communicate with the access point in a hub-and-spoke fashion as depicted in Figure 3-7. When you connect a physical patch cable to an Ethernet network. when a user moves from an area (sometimes called a cell) covered by one access point to an area covered by another. The distribution system may be wired or wireless. that user should be able to roam. you are connected to the network. Ignoring possible security hindrances. In the first scenario an existing infrastructure is extended. which is why it is called an infrastructure BSS. client devices do not communicate with each other directly. Roaming is not perfect. or ESS. In this mode. Since cables aren’t used in wireless networks. such as Ethernet. but it is shared by all access points participating in an ESS. we simply call the infrastructure service set a BSS. it forwards frames from one wireless client device to another and back. An extended service set. and in the second an infrastructure is created. the concept of association is analogous to plugging in the patch cable. and you are right.

The vendors often allow their access points to be configured so that they ignore wildcard SSIDs. it is important to remember that the beacon frames have the SSID in them by default. In an ad hoc wireless network. formerly called the broadcast SSID). There are two general methods that can be used by a client station to find the WLAN.Characteristics of Wi-Fi Technology 105 not properly pass the user off to other vendor’s access points. all access points that are configured with a matching SSID should respond. The client uses these probe response frames in order to choose the best access point with which to connect based on data rates and standards supported. There are also times when no station will respond to a probe request. While this is a nonstandard configuration. The first is to specify the SSID of the network being sought and the second is to seek any BSS that may be able to hear and respond to the probe request. This ignoring of probe requests is sometimes thought to provide a more secure environment. however. If the SSID is specified in the probe request frame transmitted by the requesting station (the client wireless computer). make sure you buy the same access point for each cell coverage area. the station that last transmitted the beacon frame (the beacon frame is a periodic frame transmitted by access points and ad hoc devices in order to update all members of the network on the status of the network) will respond to probe requests. Unless this SSID broadcasting is turned off. which was completed in 2008. It is certainly possible that a set of access points using the same SSID could cover an area large enough that all of the access points will not receive the probe request transmitted from a specific location in that area.11r.11 standard requires that all access points respond with a probe response when a probe request is received matching the access point’s configured SSID or when the probe request contains a wildcard SSID (an SSID of zero length. This happens when vendors provide a feature to disable probe responses. but it is getting better and should improve with the ratification of 802. If you want the best odds of implementing functional roaming capabilities. assuming they receive the probe request frame. as long as the WLAN administrator has configured all valid clients to specify the SSID. even though the 802. it should not cause problems within the WLAN for these clients. The response from the access points that hear the probe request is a probe response frame. Active and Passive Scanning Active scanning uses probe request and probe response frames to find a WLAN to join. those wishing to penetrate your network can easily discover the SSID with WLAN analysis . which is a network without an access point.

This is done by receiving beacon frames and using them to find the access point for the basic service set to be joined. the station will determine the access point with the best signal (as determined by RSSI) and attempt to authenticate and associate with that access point. Even if you disable both the response to wildcard SSID probe requests and the broadcasting of your SSID in the beacon frames. the SSID should not be considered a factor in security management unless you are only concerned with casual Wi-Fi war drivers who lack any WLAN technical skills. When multiple access points transmit beacon frames that are received by the passive scanning station. active scanning involves channel switching and scanning each channel in a station’s channel list. Any devices that do not respond in this way are operating in a nonstandard way as mentioned previously. there is no WLAN on this channel. and I don’t recommend you take it that lightly in a home setting either. The basic process is outlined here. In fact. b. wait until MaxChannelTime has expired and then process any probe response frames. If the ProbeDelay timer expires. though you will not need to memorize it for the CWTS exam: 1. Instead of transmitting to find the access points. Switch to a channel. a. 3. all access points that receive the probe request will respond with a probe response containing their SSIDs. Wait for the MinChannelTime to pass. This is the standard behavior. Move to the next channel. The passive scanning process is a much different process. If a probe request is transmitted onto the wireless medium having a wildcard SSID (a null value for the SSID). the client station listens (receives) in order to find the access points. Wait for an incoming frame or for the ProbeDelay timer to expire. The exact details of the active scanning process are a bit more complex than the simple overview presented up to now. the intruders can patiently wait until a frame is transmitted onto the wireless medium that contains the SSID and then use this information to configure their client stations. You are not likely to take your wireless security so lightly in any business setting.106 Chapter 3: Wi-Fi Features and Functionality software and then configure their clients with the appropriate settings. 2. Ultimately. . 4. use DCF (distributes coordination function) for access to the wireless medium and send a probe request frame. If the wireless medium was never busy. If the wireless medium was busy.

This involves being authenticated by the access point or WLAN controller and then determining the PHY. or more specifically. an access point. only authentication and association request frames will be processed by the access point. The distinction is important. and other parameters within which the association must operate. Authentication frames can be sent to the access points. which are the second and third stages of connectivity. which is the first stage of station connectivity. Some vendors may report that a client that has not completed the authentication process or is unauthenticated and other vendors may simply not show the client in the association table view.Characteristics of Wi-Fi Technology 107 Authentication and Association Once a station has located the WLAN to which it seeks to connect. Vendors report the stage of the station’s state machine differently. First.11 State Machine The state machine of the 802. The first step is authentication and the second is association and each step is covered in sequence in this section. . Access points. data rate. a client station is completely disconnected from the WLAN. keep a list known as the association table. It cannot pass frames of any type through the access points to other stations on the WLAN or the wired infrastructure. it must go through the authentication and association processes. we’ll look at the IEEE concept of the state machine. or WLAN controllers. until the final stage is reached. These frames are not sent through the access points (with the exception of a split MAC implementation where a WLAN controller performs the authentication) but are sent to the access point. The 802. Frames must be transmitted to the access point in order to eventually reach the authenticated and associated stage. however. Unauthenticated/Unassociated In the initial state.11 standard can be in one of three states: ■ Unauthenticated/Unassociated ■ Authenticated/Unassociated ■ Authenticated/Associated These states represent the status of a given WLAN client in relation to a specific WLAN.

the station is capable of authenticating with multiple access points so that it can roam more quickly when the need arises. The access point to which the station is associated must be a single entity in order for other devices on the network to be able to reach that station.108 Chapter 3: Wi-Fi Features and Functionality Authenticated/Unassociated The second state of the state machine is the authenticated and unassociated state. Authenticated/Associated The third and final state is the authenticated and associated state. Second. For the sake of the CWTS exam. other 802.11 frame types are not allowed. however. the access point responds with an acknowledgment frame. To move from the first state to the second. The only exception to this is what is sometimes called “pre-authentication. you will not see client stations in this state very often. Since the interval between reaching the authenticated and unassociated stage and moving on to the authenticated and associated stage is very small (usually a matter of milliseconds). . The client sends an acknowledgment frame as the fourth and final step. the client station must perform some kind of valid authentication. the client station can issue association request frames to be processed by the access point. the association table will now show “authenticated” for the client station. If the third step resulted in an approval of the association request. remember that you are first authenticated and then associated. In order for a station to be in this state. This feature is particularly useful for VoWLAN implementations. it must have first been authenticated and then associated. In some systems. In most cases. but it can be associated with only one access point at a time. In most access points. The key point is to realize that you cannot transmit data frames for processing until you’ve been associated and you cannot transmit association frames for processing until you’ve been authenticated. the access point sends an association response frame either allowing or disallowing the association. The process of moving from state two (authenticated and unassociated) to this state is a simple four-frame transaction. the client station has now reached the authenticated and associated state and may communicate on the WLAN or through the WLAN to the wired network. you will either see “unauthenticated” or nothing for the first state and associated for the third state. This is accomplished with authentication frames. Once this second state is reached.” A station can authenticate with any number of access points. Next. The client station first sends an association request frame to an access point to which it has been authenticated.

there were no standards dictating how the access points communicate the hand-off of the user from the old access point to the new one until the ratification of 802.11 networks. a client device that has determined it needs to reassociate begins what appears to be a two-step process to the client but is actually a four-step process in total. The four-step process includes the following: 1. The access points hand the client off from one to another. These two access points should be connected to a shared distribution system. the user should be able to move seamlessly (without user awareness) from one BSS to another without losing his network connection (IP configuration settings) and his membership in the ESS. and the client should be oblivious to the background details. Certain standards define the basics of communications on 802. and there are even standards that define how a client communicates to an access point to which it is roaming.Characteristics of Wi-Fi Technology 109 Distribution System and Roaming This concept of roaming is important to understand as you work with medium and large WLANs. The wireless client sends a reassociation request to the new access point with which it desires to connect. In 802. .11r through firmware updates and out-of-the-box in late 2009 and early 2010. This is why different vendors’ devices did not always work with other vendors’ devices when it came to roaming transfers. Devices should begin supporting 802. Reassociation Client devices use various parameters to determine when they should attempt to reassociate with a different access point than the one they are currently associated with. The new access point notifies the old access point that a reassociation request has been made.11r. Depending on the access point and client devices. 2.11. In order to be called “true” roaming. the client requests reassociation with a different access point and the two access points perform the hand-off. these can include ■ Data rate ■ Number of connected stations ■ Average throughput Whatever parameters they use. however. The client determines if the received signals are getting too weak in relation to an access point the user is moving away from and requests reassociation with another closer and stronger access point in the same ESS. In the end.

The old access point acknowledges that this reassociation is about to occur. The initial reassociation request sent to the new access point contains the BSSID of the old access point. The protocols used by the access point to communicate during steps 1 and 2 may be proprietary to the vendor and require that you use the same vendor’s equipment for all access points. you will discover other problems as well because the access points generally have to be on the same IP subnet for users to roam between them. Notice that the client does not have to disassociate with the old access point. In these scenarios. . the client receives a rejection from the new access point and continues using its association with the old access point. Fault-Tolerance and Load Balancing Installing multiple access points in the same coverage area can provide fault-tolerance and load balancing. Every network interface has a unique address or identity known as a MAC address. If this occurs (you are receiving phone calls from users complaining that they can no longer roam to a certain area known to be covered by a particular access point). In most cases. the goal is not to provide mobility as a user roams. which is the MAC address of the access point. This could happen because of a failed device between the two access points or some other unforeseen issue. For various reasons.110 Chapter 3: Wi-Fi Features and Functionality 3. The new access point sends a reassociation response frame to the wireless client. how the new access point knows which of the other access points holds the current client association. This concept is known as fault-tolerance or fail-over response. and this is how the new access point discovers the old access point for reassociation notification. Remember that each BSS has one access point and a BSSID. Disassociation is handled by the access points themselves. It is important to note that reassociation can also fail because the new access point was unable to communicate with the old access point. You might be wondering. 4. The answer to this is found in the initial reassociation frame sent from the client to the new access point. if you have more than two access points. This can be accomplished manually in smaller environments or automatically in large enterprise environments. access points can become unavailable. check the connections between the access points. the client can move to another available access point when one fails. but in this case. This concept is similar to roaming. the goal with fault-tolerance or load balancing is to provide availability as the user remains stationary. If you have more than one access point in a given area.

PDAs. Because the client cannot receive frames when it is dozing. Because more power is consumed while in this mode—even when you are not connected to a network—you should consider changing to power save mode on laptop computers when using batteries. it alternates between dozing and awake based on its need to send and receive frames. Power Saving Modes If you have many wireless client devices. If you are operating the client in ad hoc mode. or the client is a desktop machine. also known also Continuous Aware Mode (CAM) by some vendors. If you place two wireless access points in the same coverage area and configure one to use channel 1 and the other to use channel 11. Just remember to use different SSIDs in this scenario because your goal is not to provide roaming or fault-tolerance. Bluetooth devices. you have probably noticed that most of them are powered by battery. but rather to provide increased bandwidth. Because communication speeds are higher while in active mode. means that the wireless client is awake 100 percent of the time. you may need to increase the bandwidth available to users. when the laptop is connected to an electrical power supply. the normal communications process must be altered. Active Mode Active mode. This new communications process differs.Characteristics of Wi-Fi Technology 111 In other situations. Power Save Mode When a wireless device is in power save mode. and more require batteries. Of course. For this reason the IEEE has specified power management standards for wireless devices. most wireless client devices default to this mode. so an access point can send information to the client any time. you can provide greater bandwidth to the average user in that coverage area. then other clients can send information to the client at any time. Laptops. there is no reason to use power save mode and the device should remain in active mode. They have defined two modes of operation known as active mode and power save mode. of course. need to configure some of the clients to use the access point on channel 1 and the others to use the access point on channel 11. depending on whether the machine is part of an ad hoc or infrastructure network. You will. .

If the data to be transferred requires more multiple ATIM windows of time. known as the ATIM (ad hoc traffic indication message) window. as it just needs to know if it should buffer (temporarily hold) frames for the client or transmit them to the client. When the access point receives a frame from a client indicating that it is in power save mode. the sending client sends another data notification message to the receiving client during each ATIM window. the wireless clients all calculate when a particular window of time. Each client has a unique identifier that the access point tracks known as an association identifier (AID). One bit in this frame determines the mode the client is in. Infrastructure Power Save Mode An infrastructure network is impacted in the same way as to bandwidth. in infrastructure mode. The machines that need to communicate will stay awake for data transfer and will remain awake until the next ATIM window. it sees from this information in . As you can imagine. this causes extra management traffic and can reduce the total throughput of your network. when an access point receives a frame indicating that the client is in active mode. power save mode should be used only when it is truly beneficial for power management purposes. but the methods used for power management are very different. In every frame they send to the access point. the access point plays a large role in power management. In other words. Access points handle power save mode clients through their beacon frames. When clients are transmitting data between ATIM windows. A beacon frame is a periodic frame sent out from the access point containing management information. will occur. it will treat the client as being fully awake regardless of what previous frames indicated.112 Chapter 3: Wi-Fi Features and Functionality Ad Hoc Power Save Mode When in an ad hoc network. Unlike ad hoc mode. The clients that do not need to transfer any data will return to dozing mode until the next ATIM window. all wireless clients are awake and any client that needs to send information to another client will notify that client while the window is open. client devices inform the access point whether they are in active mode or power save mode. and others must be configured through the client utilities. This information includes a traffic indication map (TIM) that contains the AIDs of any clients with data waiting at the access point. they communicate as if they were in active mode. Some client devices can switch modes dynamically. they simply communicate as standard wireless clients in an ad hoc network. Likewise. where there is no access point. it will treat that client as a power save client regardless of what previous frames had indicated. During this window. though this is not relevant to the access point. For this reason. When the client comes out of dozing state.

11g and 802. it’s helpful to understand the basics of how a WLAN client gains access to the wireless medium for transmission of data and management frames. These latter two amendments simply implement OFDM in the 2.RF and Spread Spectrum Functionality 113 the TIM of the beacon frames that there is data waiting at the access point.11a. they think of 802. The last data frame contains information informing the client that all the data has been delivered. so the client knows to stay awake until it has received all the data frames. For example. Why is this important? It is important because there are specific issues that must be considered when implementing ERP-OFDM (ERP for short) in an environment where 802.02 RF and Spread Spectrum Functionality In addition to the features and functionality of RF and Wi-Fi networks that have been introduced thus far.11b devices. and the client then sends a special request to the access point asking it to send the data. When in infrastructure mode. The difference between ad hoc and infrastructure power management functions is very important.4 GHz band. you might consider it a best practice to avoid power save mode as much as possible in business networks where throughput is valuable. OFDM and HR/DSSS Colocation When many engineers see OFDM. and facts that you should know about the functionality of WLANs.11g and that ERP implements OFDM in the 2. For this reason. Finally.11n.11n also use OFDM. the access point can be impacted tremendously by too many clients running in power save mode. tricks. You also need to understand the difference between adjacent channel interference and co-channel interference. . there are specific factors you will need to understand related to the colocation of 802. the access point notifies the client of this in the initially sent data frame. there are a few specific tips. If the data at the access point consists of more than one frame.11g and 802. and then the client can return to a dozing state.4 GHz spectrum or both as is the case with 802. CERTIFICATION OBJECTIVE 3.11b (HR/ DSSS) devices exist. however. 802. You may remember that ERP is the PHY introduced in 802.

an adjacent channel is a non-overlapping channel. In this latter case. the bleeding increases as well. Essentially. This implementation provides for a CTS-to-self. there is some bleedover into the surrounding frequencies. you may still experience interference—this is co-channel interference. Adjacent Channel and Co-Channel Interference According to the CWNP program and suggestions in the 802. adjust the output power levels. if you implement just one 802. Protection Mechanisms The clear to send (CTS) mechanism is found in the IEEE 802. the station with the ERP PHY will transmit a CTS frame that was not preceded by an RTS frame. So you might wonder how these channels could interfere with each other.11b.11g standard.11n network and then introducing an 802. Even with the distance. . for example).11g amendment for the ERP PHY. multiple CTS packets are sent to deal with the multiple layers of backward compatibility (802.11b device in the area where the 802. In fact.11 standard. In order for these stations to coexist. the station using the ERP PHY can communicate using OFDM and faster data rates than older stations such as those using the HR/DSSS PHY.114 Chapter 3: Wi-Fi Features and Functionality As long as all of your devices are 802. Similar results occur when installing an 802. During this silent period. Even though the transmitters attempt to rein in the signal so that it stays within the 22 MHz of allotted frequency space.” The answer is simple.11g device in that area. Those stations will go silent as they honor the duration value in the CTS frame. 802. since they are “nonoverlapping. if that is not an option. This means that channel 1 and channel 5.11b or 802.11g as well as 802.11g network is operating. You may install an AP on channel 1 in an area of your facility and then install another AP on channel 1 many hundreds of feet away.11g devices. would be adjacent channels. The only solution is to change the channels or. you will introduce the issue of protection mechanisms.11n devices support similar protection mechanisms using dual CTS protection. there will be no issues. In a similar way. This is why adjacent channel interference is usually solved by reducing the output power levels of the devices. the ERP-based station will transmit its OFDM modulated signal without further concern for the non-ERP PHYs. co-channel interference can cause problems. This frame will be transmitted using modulation that can be understood by the stations with the non-ERP PHYs. However. in the 802. when the output power of an AP is increased.

There was indeed silence. Under these circumstances there is much value in collision avoidance and there is much of it in the IEEE 802. there is a good chance that one of you will be able to communicate the next time. The full name of the physical media access management used in wireless networks is carrier sense multiple access/ collision avoidance. Since the cause of the failure and the exact point in the frame where the failure occurred cannot be known. not a part of the protocol. The carrier sense in CSMA means that the devices will attempt to sense whether the physical medium is available before communicating. This process helps to recover from collisions and to avoid another collision. but both devices broke the silence at the same moment. In a CSMA/CD implementation.RF and Spread Spectrum Functionality 115 CSMA/CA Operations Ethernet networks (IEEE 802. or CSMA/CA. When you both started speaking at the same time. you will both stop speaking for some amount of time and then one of you will start speaking again. “Listen. you’ve probably experienced a communications collision. therefore. The multiple access indicates that multiple devices will be accessing the physical medium. which were wired networks that were common to Apple devices.3) use a form of collision management known as collision detection (CD). Listening for evidence of a collision while transmitting is not possible and. collisions occur because devices can begin communicating at the same time even though they both listened for “silence” on the physical medium. Collisions are only one possible explanation for failure to receive an immediate acknowledgment after transmitting a frame in its entirety. when a collision is detected. both devices go silent for a pseudo-random period of time. neither of you could hear the other effectively. they are not likely to try communicating at the same time again. Transmissions cannot be aborted early. Since the time that both of you choose to wait is slightly different. Usually. for the next few . The essence of CSMA/CA is that collisions can happen in many places on the medium. and likely cannot be detected by the transmitter at its location.11 protocols. at any time during a transmission. Collision avoidance is achieved by signaling to the other devices that one device is about to communicate. Since the time period is different for each device. the frame must be retransmitted completely. and it was also used in early Apple LocalTalk networks. This would be like saying. In a CD implementation of CSMA. This would be similar to collision detection. CSMA/CA is used in wireless networks. If you’ve ever had a conversation with another person on the telephone. Wireless networks use a different form of collision management known as collision avoidance (CA).

give you the ability to allow roaming on your network without the loss of network connection as long as client hand-off is handled effectively. or BSS. The independent basic service set. When you know which of these two is more important.116 Chapter 3: Wi-Fi Features and Functionality minutes. CSMA/CA is not perfect due to hidden node problems. Finally.11a and 802. also known as ESSs. . Understanding the channel structure of the various wireless technologies and colocation issues allows you to provide the needed coverage in areas both large and small. allows for centralized administration and greater control over who can access your network. because I will be talking” in a telephone conversation. or IBSS. which will be covered in Chapter 7.11b/g devices helps you determine the right technology for the right situation. CERTIFICATION SUMMARY With the knowledge provided in this chapter. but it provides a more efficient usage of a medium like RF than would CSMA/CD. Extended service sets. provides an exceptional solution for small dynamic networks where centralized administration is not required. Knowing the different ranges of communications you can expect from 802. understanding the difference between active mode and power save mode for power management allows you to make the right decision when it comes to battery-powered devices on your network. An infrastructure basic service set. You are avoiding the collision by announcing that you are going to be communicating for some time interval. you are beginning your preparation to plan and implement real-world wireless networks. but active mode reduces battery life. you’ll be able to make the right choice in any situation. Remember that power save mode reduces throughput.

❑ All 802. ❑ An extended service set (ESS) is one or more BSSs that share a distribution system and operate on the same SSID. ❑ An independent BSS (IBSS) is an ad hoc wireless network that uses no central access point. 5. ❑ HR/DSSS systems use 22 MHz wide channels. ❑ The range of a wireless network is related to the frequencies used (lower frequencies tend to have a longer range) and the output power of the devices.11a OFDM channels are non-overlapping. and channels 1. ❑ Protection mechanisms may reduce the throughput of your WLAN. . protection mechanisms are used. RF and Spread Spectrum Functionality ❑ Adjacent channel interference occurs when non-overlapping channels interfere with each other due to high output power levels. and 11 are considered non-overlapping. ❑ Co-channel interference occurs when two access points are operating on the same channel within close proximity of each other or with high output power levels. ❑ ERP systems use 22 MHz wide channels.Two-Minute Drill 117 ✓ TWO-MINUTE DRILL Characteristics of Wi-Fi Technology ❑ The range of a wireless network is a reference to the distance from the network origination within which acceptable communications can occur. and 11 are considered non-overlapping. and channels 1. ❑ When ERP and HR/DSSS systems are colocated and using the same channel. 5. ❑ A basic service set (BSS) is a wireless network with which client stations may associate.

11a networks for indoor use? A. 3 5. 13 C. Make every other access point an 802.11a access point. How many non-overlapping channels are generally available for 802. When an area is within the range of the RF signal but does not receive coverage this is known as what? A. RF shadow C. Invisibility D. 8 B. All access points are configured to use channel 6 and are approximately 50 feet from each other. Read all the choices carefully because there might be more than one correct answer.11g network? A. 802. 4 C. Characteristics of Wi-Fi Technology 1.11g network with five access points. 3 4.118 Chapter 3: Wi-Fi Features and Functionality SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. You notice that throughput is suffering and you cannot seem to accomplish more than 1 to 2 Mbps.11 access points using FHSS technology. 802. Choose all correct answers for each question. RF oversight B.11a? (Choose all that apply. 11 D. What should you do to resolve this issue? A. Original 802. Noncoverage 2.11b B. B.11g C. Which IEEE standards have a range longer than 802.11n D. 12 D. How many channels are supported for use in the United States with an 802. Make the three middle access points 802. You have installed an 802.11 3. 802. 14 B.) A. .

Performance rate adjustment D.11g network? A. Nothing 9. You have implemented a WLAN that includes two APs within 100 feet of each other. and the second AP is on channel 6. D. 25 MHz D. The first AP is on channel 1. Dynamic rate switching C. As you move. Co-channel interference B. 22 MHz C. 20 MHz B.11g network? A. Enable channel overlap algorithms on all access points to resolve channel conflicts automatically. What will occur if you implement 802. How wide are the channels in an 802. Dynamic rate adjustment B. 18 MHz RF and Spread Spectrum Functionality 7. What is the name of the technology that handles this rate adjustment for you? A. Dynamic performance selection 8. Use channels 1. Decreased performance C. you’ve noticed that the declared rate is sometimes 54. Set the access points to alternating channels so that no access point is on a channel within five channels of the access points next to it. sometimes 36. You have been monitoring your wireless connection as you move your laptop around to different locations in your building. and 11 to accomplish this. Increased performance B. 6. Noise-based interference C. Adjacent channel interference D. Complete interruption of service D. and sometimes other numbers. What kind of interference is occurring? A. The APs are still interfering with each other.11b devices in an 802. Non-overlapping interference . 6.Self Test 119 C.

Send a post-communications alert. They were able to begin using the devices on the WLAN without any changes to the wireless infrastructure. What does a WLAN client using CSMA/CA do before attempting to transmit on the wireless network? A. At that time. Detect activity on the network.11b wireless support built in.120 Chapter 3: Wi-Fi Features and Functionality 10. LAB QUESTION Larry implemented a WLAN approximately two years ago. B. Detect IP address conflicts on the network. C. D. his tests revealed that most users accomplished a connection with a 54 Mbps data rate. users have been complaining that the WLAN is not performing well. Last month all of the users were given Pocket PCs with 802. What suggestions would you give Larry in relation to his sudden performance problem? . Recently. Send a pre-communications alert.

The IEEE has specified 11 channels in order to comply with FCC limitations. 802. 802. B. ˚ Invisibility would be a great feature during an argument with your spouse. RF oversight is not a phrase used in WLAN engineering. Which IEEE standards have a range longer than 802. All of these standard amendments have a greater range than 802. 11 D. B. but it’s not addressed in WLAN engineering. and no known regulatory domain supports all 14 channels. 3 ✓ ® C is correct. 2. 13 C. ® A. While noncoverage seems to be a truth in this scenario. would be called an RF shadow.11a in most implementations. and D are incorrect. this is known as what? A. Original 802. and D are incorrect. C. and D are correct.11 ✓ ® A.11b B.11g C. . ˚ 3. This area. within the overall coverage area. 802. ® A. How many channels are supported for use in the United States with an 802. RF oversight B.11n D.11g network? A. C.) A. ˚ Three channels are far too few. ® None are incorrect. RF shadow C. 14 B. it is not the proper term for the phenomenon. Noncoverage ✓ ® B is correct. When an area is within the range of the RF signal but does not receive coverage. Invisibility D.Self Test Answers 121 SELF TEST ANSWERS Characteristics of Wi-Fi Technology 1.11a? (Choose all that apply. Thirteen channels are available in some other regulatory domains.

122 Chapter 3: Wi-Fi Features and Functionality 4. C. ✓ ® D is correct. 6. C. 8 channels are available. and D are incorrect. 25 MHz D. Make every other access point an 802. you can cover the space without interference.11b). Use channels 1. 3 ✓ ® A is correct. These numbers are incorrect. 4 C. Enable channel overlap algorithms on all access points to resolve channel conflicts automatically. 8 B. How many non-overlapping channels are generally available for 802. ˚ . How wide are the channels in an 802.11 access points using FHSS technology. Make the three middle access points 802. Set the access points to alternating channels so that no access point is on a channel within five channels of the access points next to it. 22 MHz C. C. 20 MHz B. B. These options either do not best solve the problem or would not ˚ solve it in any way. You have installed an 802.11a access point. ERP (802. These answers are all incorrect. By using these guidelines.11g network? A.11g network with five access points. 18 MHz ✓ ® B is correct. ® A. and D are incorrect. and 11 to accomplish this. All access points are configured to use channel 6 and are approximately 50 feet from each other. ˚ 5. Because most devices use the lower and middle bands for indoor networks. You notice that throughput is suffering and you cannot seem to accomplish more than 1 to 2 Mbps. D. B. What should you do to resolve this issue? A. and C are incorrect. ® A. ® B. 12 D. 6.11a networks for indoor use? A.11g) uses 22 MHz channels to be compatible with HR/DSSS (802.

performance will be decreased. Adjacent channel interference D. Complete interruption of service D. Increased performance B. Adjacent channel interference occurs when non-overlapping channels interfere with each other. Due to the need for protection mechanisms. Noise-based interference C. Dynamic rate adjustment. Co-channel interference B. The APs are still interfering with each other. you’ve noticed that the declared rate is sometimes 54. B. and D are incorrect. C. 8. You have implemented a WLAN that includes two APs within 100 feet of each other. performance rate adjustment. Non-overlapping interference ✓ ® C is correct. What kind of interference is occurring? A. Noise-based interference is interference caused by electric motors. and sometimes other numbers.Self Test Answers 123 RF and Spread Spectrum Functionality 7.11g network? A. . Performance rate adjustment D. ˚ 9. and D are incorrect. What is the name of the technology that handles this rate adjustment for you? A. and other non-communicating devices. microwave ovens. Dynamic rate adjustment B. Dynamic performance selection ✓ ® B is correct. ® A. and the second AP is on channel 6. elevators. Co-channel interference occurs when APs are placed on the ˚ same channel within close proximity of each other. and ˚ dynamic performance selection are not standard terms for WLAN engineering. Nothing ✓ ® B is correct. The CWNP term is dynamic rate switching.11b devices in an 802. and D are incorrect. These answers are all incorrect. Decreased performance C. sometimes 36. C. ® A. You have been monitoring your wireless connection as you move your laptop around to different locations in your building. Non-overlapping interference is not a common phrase in WLAN engineering. As you move. ® A. What will occur if you implement 802. The first AP is on channel 1. Dynamic rate switching C.

˚ LAB ANSWER Larry implemented a WLAN approximately two years ago. users have been complaining that the WLAN is not performing well. C. network performance may be suffering because of congestion. What does a WLAN client using CSMA/CA do before attempting to transmit on the wireless network? A. They were able to begin using the devices on the WLAN without any changes to the wireless infrastructure. and D are incorrect. D. Last month all of the users were given Pocket PCs with 802.Your answer may vary. Send a pre-communications alert. Detect IP address conflicts on the network. Detect activity on the network. These answers are all incorrect. his tests revealed that most users accomplished a connection with a 54 Mbps data rate.11g network through the use of protection mechanisms. the Pocket PCs could be the straw that broke the camel’s back. The client first attempts to sense or detect activity on the wireless network.11b wireless support built in.11b. B. they are dragging down the 802. You may suggest that Larry install a new WLAN just for the mobile devices. In addition to the protection mechanisms. Send a post-communications alert. What suggestions would you give Larry in relation to his sudden performance problem? The following represents one possible solution to the lab.124 Chapter 3: Wi-Fi Features and Functionality 10. At that time. . Recently. The CS in CSMA stands for carrier sense. C. ® B. Since they support only 802. While the existing WLAN may have provided the needed performance before. ✓ ® A is correct.

04 Antenna Placement Two-Minute Drill Self Test ✓ Q&A .02 4.03 Wireless Network Components Antenna Types Antenna and RF Accessories 4.4 Wireless Networking Devices CERTIFICATION OBJECTIVES 4.01 4.

First. All of these problems can be resolved by implementing an infrastructure-based (infrastructure mode) network that provides immediate wireless access to the central server while the worker is in the shipping and receiving area. she has to synchronize with an application running on her desktop PC. the worker returns to her work area and synchronizes the data with a centralized server. As she enters the data in her PDA or laptop. The worker’s time is being used more effectively. The result is the loss of a sale even though the products had been received in the shipping department. By placing access points in the warehouse that are connected to the server-based system through the wired (or wireless) network infrastructure. because a human is involved in more than just data entry. and there is less opportunity for human error. tablet PC. For this reason. The problems with this scenario are many. In another part of the company. Using only client devices. these simple networks will not provide the necessary functionality for many business purposes. it is entered into the server automatically and is available to the sales representatives immediately. However. she has to plug in the Ethernet cable and then import the data into the serverbased system. A . She has to take all these extra steps because the wireless network uses client devices exclusively and has no connection to the wired infrastructure. there are more opportunities for errors or forgetfulness. for gaming sessions.126 Chapter 4: Wireless Networking Devices very simple wireless network may contain wireless network client devices communicating in ad hoc mode and nothing more. you have simplified the entire inventory management process. A worker goes to the receiving area and inventories all the new shipments on a wireless device such as a laptop PC. She becomes sidetracked and forgets about synchronizing the data. the worker’s time is being consumed by extra tasks such as synchronizing data and taking multiple steps to complete a process. Ad hoc networks may be used during meetings. a scenario such as the following occurs. Second. A perfect example of the disadvantages of using only wireless client devices is in an inventory management application. If she used a PDA. After entering all the items into the device. or PDA. Using a laptop or tablet PC. a sales representative checks inventory through the server-based system for the items received that day and shows no items in inventory. and to share files. at training events. the many different types of wireless networking devices that provide infrastructure solutions must be understood. Imagine the worker returns to her office only to find her manager waiting with a list of tasks to perform.

Although the CWTS exam does not cover these devices and they will not be discussed in detail here. including the basic functions of an antenna in a wireless network. you seldom see this kind of implementation. though wireless print servers are becoming more common in small business and SOHO installations. you will learn about antennas. it is important that you know they are available and where you get more information about enterprise-class hardware when you need it. the various types and uses of antennas. Access Points The access point (AP) is the fundamental building block of an infrastructure mode network. and strategies for determining the best location for antennas in different installation configurations.01 Wireless Network Components The simplest infrastructure mode network contains one or more access points and some number of client devices. Finally. In this chapter.Wireless Network Components 127 CERTIFICATION OBJECTIVE 4. You then use APs to connect . bridges. Because of stability and throughput issues. and gateways to the wired network. including ■ Access points ■ Wireless routers ■ Wireless bridges ■ Wireless repeaters ■ Wireless controllers/switches ■ Wireless media gateways ■ Power over Ethernet devices A brief overview of enterprise-class wireless devices is also provided. connecting all infrastructure devices such as routers. You usually connect servers and printers directly to the wired network as well. One or more APs working together can form an entire network infrastructure for inside use with just one connection to the outside world (such as the Internet) if desired. you still implement a wired infrastructure. you will learn about the most important infrastructure devices. Most of the time. switches. More complex configurations require other wireless devices.

For this reason. Inc. Sometimes APs are referred to as wireless access points (WAPs). This device includes a built-in AP so that you can access it through the Ethernet port or by using an 802.128 Chapter 4: Wireless Networking Devices wireless clients to this wired infrastructure. FIGURE 4-1 Wireless network storage device with built-in AP (Photo Courtesy of D-Link Systems. When implementing APs for client access to the infrastructure. provides access to one IDE hard drive and two external USB hard drives at the same time. it allows the storage device to be connected to a WLAN as a client. you are using the WLAN in the access role. I’ll discuss the different applications or uses of APs. With so many kinds of APs available on the market. I recommend avoiding this term. things can get confusing very quickly. Figure 4-2 shows the configuration interface for enabling the wireless radio in either the AP mode or client mode. Once connected as a wireless client. as it’s easily confused with the Wireless Application Protocol (WAP) used for wireless phones and other mobile devices. The purpose of the WLAN is to provide access for client devices. Access points can be stand-alone devices. however. I run one on my network with a 400GB IDE hard drive and two 300GB external USB drives providing a terabyte of storage to my network. I cover their common features and then some of the more advanced features of a select few. and finally the different configuration interfaces and methods provided. When used in client mode.11b/g device. shown in Figure 4-1. or they can be included in other devices. other devices may communicate with the storage device over the wireless connection. This device. The D-Link DSM-G600 is a perfect example of a non-AP wireless device with AP functionality built in.) .

11n devices.11b. there is yet another letter introduced into the WLAN alphabet soup. Some devices support only 802. while others support 802. With the introduction of 802. These common features include ■ Compatibility ■ Upgradeability ■ Security features Compatibility To increase sales and customer buy-in. most APs are compatible with industry standards. It is not uncommon for the device to support either 802. but not both concurrently. will be backwardly compatible with 802.11a/b/g can support all three at the same time. in the consumer and SOHO market space. Be cautious.11a as well. . Most 802. be sure to read the vendor’s data sheet closely. You should select APs that are compatible with the wireless standard you need to support. If you need a single device that does support both standards simultaneously. Some are compatible with 802.11a and still others support 802. but be sure to study the specifications before making a buying decision.11b/g. others support 802.11n. however—not all devices advertised as supporting 802.11b.11a or 802.11a/ b/g.11b/g.11g and 802.Wireless Network Components 129 FIGURE 4-2 The DSM-G600 AP-enabling interface Common Features Most APs share certain features.

The data link protocol is stated as 802. The 802.11n. For example. some APs implement nonstandard capabilities to increase throughput or provide QoS and security features. . Instead.130 Chapter 4: Wireless Networking Devices Because vendors sometimes want to move more quickly than the standards groups are moving.11g. For this reason.11 HR/DSSS (high rate DSSS) – 802.11i standard. make sure the nonstandard feature can be disabled. you will notice that it is backward compatible with IEEE 802. PHYs. However. In some cases. Many older APs cannot be upgraded to support it because the newer standards require more processor power than the old APs provide. you would be asked about ERP versus HT. The CWNP program would state that the WAP54G is backward compatible with HR/DSSS devices. you can upgrade the AP to support the actual standards when they are finalized. and CWNE certifications) references the physical layers (PHYs) by their proper names instead of the amendments that introduced them. you are far more likely to see the amendments mentioned instead of the PHYs.11b OFDM (orthogonal frequency division multiplexing) – 802. CWSP.11g HT (high throughput) – 802. Keep this in mind when you purchase equipment that has implemented a standard that is “not yet a standard” because it has not been ratified. At a minimum.11b and 802. model WAP54G.11a In your day-to-day work with WLANs.11i amendment is the newer IEEE standard for implementing a secure wireless network using what the Wi-Fi Alliance calls WPA2.11n DSSS (direct sequence spread spectrum) – 802. and the data link protocols would be referenced as HR/DSSS and ERP. CWNA. This fact is very important to remember on exam day. it’s important to memorize the following list: ■ ■ ■ ■ ■ ERP (extended rate PHY) – 802. You are not likely to be asked about 802. when looking at the specs on Amazon.com for the consumer/SOHO AP from Linksys. and the CWNP Program The CWNP program (which encompasses the CWTS. INSIDE THE EXAM Amendments.11b devices at 11 Mbps. it is important to remember the lessons learned with the 802.11g versus 802.

11n device must be able to communicate using the HT PHY and the ERP or OFDM PHYs.11g amendment without referencing the 802. For this reason. Since FHSS used a completely different modulation technique (not just different coding and spacing algorithms.5 and 11 Mbps are covered in the previous PHY (HR/DSSS) documented in clause 18.11n device must be backward compatible with 802. the CWNP program focuses on the PHYs and not the amendments in which they were ratified. but future editions of this book would be far too large as new backward-compatible PHYs are developed. it is sufficient to know that an HT PHY device communicating in the 2.Wireless Network Components 131 INSIDE THE EXAM So why is this difference forced upon us by the CWNP program? The answer is a bit complex. right? This fact means that an 802.11-2007 standard includes the ERP. HR/DSSS. .11a devices when operating in the 5 GHz band.11g devices when operating in the 2.11g device is backward compatible with an 802. Now.11b amendment. In the end.4 GHz band.” This statement means that the rates of 5. An 802.4 GHz band must be backward compatible all the way back to the original DSSS PHY in the 802.4. backward compatibility with this PHY is not usually implemented.11-1997 standard.6. For now. Now. and FHSS PHYs without reference to some irrelevant amendment letter. DSSS.11n device communicating with the HT PHY in the 2. can you see how it is important to understand the PHYs themselves rather than just the amendments that introduced them? Each successive PHY will reference the previous PHYs.11b device. In fact.11g amendment. The 802. the IEEE performs rollups occasionally—as they did in 2007—that result in a new base standard without reference to amendments. An 802. it is stated that. “The rates of 5. you cannot fully understand the 802.4 GHz band must be backward compatible with the ERP PHY of the 802. in clause 19 of the 802. This action trickles all the way back to the original standard. an 802. but literally a different way to manipulate the carrier signals). which results in a demand for the HT PHY to be further backward compatible with the HR/DSSS PHY of the 802.11n device must be backward compatible with 802.5 and 11 Mbits/s are described in 18. For example.6. but it is important to understand the CliffsNotes version. I could carry this compatibility chain on.11 standard as amended (this clause is the ERP PHY clause). depending on the band utilized by the HT PHY. What these facts really mean is simple: an 802.11b amendment.

Access the configuration interface of your AP (this is usually browser-based). Check that your IP configuration is set properly so that you can access the AP and then launch your web browser and point it to the AP’s IP address to begin the upgrade. D-Link.. Inc. To upgrade the firmware for your APs. You generally find that enterprise-class equipment is upgraded more frequently than SOHO and personal equipment. Just unplug the Ethernet cable from the back of the AP and then plug a patch cable into the AP that is connected to a laptop (be sure that you have disabled wireless on this laptop and that you have downloaded the firmware to this machine). sells enterprise-class hardware under the Cisco brand and SOHO-grade hardware under the Linksys brand. Attempting to upgrade the firmware of an AP across the wireless network can corrupt the AP’s software.) If you don’t. It is best to apply firmware upgrades through the Ethernet port of the AP and not across the wireless connection. This software is stored in the device’s memory whether the power is on or off. (Sometimes this cable may need to be a crossover cable. Cisco Systems. While I don’t know of any devices released that cannot be upgraded. and others only once or twice after the device is placed on the market. 2. Firmware upgrades are easy to do if you have a computer on the Ethernet cable that does not utilize wireless. but does not provide security. Companies like NETGEAR. If the AP can provide the throughput needed and the technology standards you demand. you risk exposing . theoretically. it is still important to make sure the vendor supports this.132 Chapter 4: Wireless Networking Devices Upgradeability Be sure you can upgrade your AP. Some Cisco-branded devices are also used in SOHO implementations. according to some vendors. a standard patch cable should work just fine. Upgrading the AP is usually done by applying new firmware. Security Features One of the most important feature sets in any AP is the security capabilities it provides. Look for the place to apply the firmware. 4. and Proxim sell both consumer/ SOHO-grade equipment and enterprise equipment under the same brands. follow these steps: 1. though in most cases. 3. Firmware is just the software that the device runs to do its job. Go to the vendor’s web site and download the most recent firmware. Some vendors such as Cisco release firmware upgrades frequently. It can. this doesn’t mean that vendors release new firmware regularly. Just because a device can be upgraded. Select the firmware file you downloaded and apply it. also pose a security concern. you’ll have to take the AP offline to perform the upgrade.

you should ensure that it either supports SSH or provides a client to configure the device that does not send data as clear text on the network. Finally.11i or WPA2 support. an unsecured wireless network can lead to disastrous outcomes. Another security feature to consider is VPN pass-through functionality. VPN servers.Wireless Network Components 133 your data. but MAC filtering makes the attacker’s job that much more difficult. If you do not want to set up RADIUS servers (these are centralized authentication. This last statement should not be taken to mean that all small environments are at a low risk of attack. sends information “in the clear. MAC filtering should also be a consideration. Even WPA is susceptible to fast cracks in certain configurations. Telnet. hide the SSID. and other advanced security mechanisms. it hides your network from casual browsers who are looking for an easy way to get onto the Internet. If you want to be sure the device supports the most recent standards. it is even more important that you understand how they work for real-world implementations. While disabling the SSID broadcast feature does not secure your environment against an attacker. Some small businesses are at higher risk than some large multinational organizations. combining WPA-Personal and MAC address filtering can give you a level of comfort in a smaller environment without much security risk. authorization. and accounting or auditing servers). This functionality allows a client to connect to the AP and then create a VPN connection to the network for even greater security than that provided by authentication alone and disabling SSID broadcast. Some devices support only WEP. If the AP supports remote management through Telnet. Another is that a small company may work in an area of expertise other groups do not like. look for 802. and they are extremely important to understand for the CWTS exam. One reason is that they may provide an entry point to other larger organizations because of the services they provide to those organizations. These security features and more will be covered in greater detail in Chapter 10. However. remember to layer them. and WEP is not as secure as WPA or WPA2 because hacking tools have been created that break the security in short order. by default. enable WEP or WPA. they might be seen as an easier target because of their size. and use MAC filtering. though it is not a complete solution by itself. There are readily available tools that will allow an attacker to spoof (impersonate) a valid MAC address. When using older security technologies.” which means an attacker can monitor the data being transmitted and possibly intercept passwords or other sensitive information. For example. Using them all together deters casual attackers because they get through one layer only to find there is yet another barrier to overcome. .

to ensure that an upgrade antenna kit provides the correct connector type for your AP. which is the organization that certifies WMMcompatible equipment. The term cell size is used to reference the size of the area covered by wireless RF signals. you might need to increase power levels. more than 200 devices have been certified since 2004. Adjusting the power levels to lower settings reduces cell size.134 Chapter 4: Wireless Networking Devices Adjustable Power Levels APs that offer the ability to adjust power output levels give you greater control over cell size. For example. Both the clients and the infrastructure must support QoS and WMM in order to gain a benefit from it. In this case. you might have to give higher priority to streaming video traffic . you are not really focused on increasing the literal cell size (physical area covered). while raising them to higher power levels increases cell size. you might need to grant higher priority to Voice over IP traffic to maintain connections with acceptable quality. Power over Ethernet Support Devices that support Power over Ethernet (PoE) to power the AP when no local power outlet is available provide great flexibility. Attached antennas are nonreplaceable. but you are increasing the signal strength in the outer regions of the cell (and throughout the cell) and will effectively increase the cell size as well in this situation. According to the Wi-Fi Alliance. It’s not uncommon to upgrade antennas to stronger-gain antennas such as 7 dBi or 10 dBi. Antenna Types APs come with two basic types of antennas: attached and detachable. To maintain needed quality. which means you can use only the antenna that comes with the AP unless you want to solder a different antenna connection that could damage the equipment. you can ensure that the output power stays within the FCC’s regulatory boundaries. however. These applications allow you to define specific types of traffic that should be given higher priority. It is important. You might also need to increase or decrease the power level to ensure that you are getting the coverage needed beyond walls and other barriers. When purchasing an antenna kit from the same vendor that manufactured the wireless AP or router. Alternatively. You can install an AP in an area with no power outlet and then power . Quality of Service Features Quality of Service (QoS) features such as WMM (Wi-Fi Multimedia) for streaming video or VoIP applications are often available in APs. Other devices support detachable antennas that allow you to replace the factoryinstalled antennas with more powerful alternatives. if you need to provide wireless coverage to an area that is only 50 feet away but has three walls between it and the AP.

or outdoors where it may be difficult or impractical to install power outlets. FIGURE 4-3 D-Link DWLG730AP (Photo Courtesy of D-Link Systems. this device comes with a carrying case and can even be powered through USB. This feature allows you to place APs in ceilings. called such because it can literally fit in your pocket. Figure 4-4 shows a more common form factor for an AP. in this case with dual antennas. as depicted in Figure 4-3 and Figure 4-4. You can then attach the AP to the mounting plate for secure and stable positioning. For this reason. for example. The DWL-G730. Figure 4-3 shows a “pocket” or portable AP. Mounting Options APs often come with simple mounting kits that work for basic installations. they do not provide even the most basic mounting options in most cases. By fastening the AP with ties at a minimum. it does make it more time-consuming to steal and therefore deters the random thief. Access Point Form Factors APs come in many form factors. Because pocket APs are intended for temporary use. This particular model from D-Link supports WPA-PSK (also known as WPA-Personal) and WPA2-PSK with a firmware upgrade that is free at the web site. Permanent APs usually provide a mounting plate that you can fasten to a wall or beam with screws or ties. doesn’t even have holes to connect any kind of mounting device. As you can see. you reduce the likelihood of device theft. the only real mounting option is to use ties wrapped around the device. Inc. While the ties or screws do not guarantee the device won’t be stolen.Wireless Network Components 135 the AP through the Ethernet cable that is connected to a power injector somewhere down the line.) . closets. and pocket APs are usually placed flat on a desk or even on the floor.

The facility already had two APs and they are on channels 1 and 11. You can do this during your site survey. and 11 are non-overlapping channels. and then you can fasten the device using the more permanent and aesthetically pleasing mounting kit.136 Chapter 4: Wireless Networking Devices FIGURE 4-4 Linksys WAP54G (Photo Courtesy of Cisco Systems. interference may still occur. You placed your AP on channel 6. you might consider using zip-ties first to test the positioning of the AP. Even though channels 1. but it’s not uncommon to obtain different results at the time of implementation because of changes in the environment. Inc. with too much output power. you can reduce the output power on the new AP located on channel 6 and solve the problem. What can you do? You can reduce the output power on one or more of the APs.) If you are planning to use a mounting kit fastened with screws. . 6. Common Applications Wireless APs are used most frequently in one of three ways: ■ Single AP serving clients ■ Multiple APs serving different locations ■ Multiple APs serving the same location SCENARIO & SOLUTION You have installed a new AP in an office building. Most likely. A quick test of the AP fastened using zip-ties can verify that the location is still appropriate. but there still seems to be some interference with the other channels.

This implementation is accomplished by FIGURE 4-5 Internet Single AP serving clients . Figure 4-6 demonstrates both of these scenarios in one building. Notice that a portion of the clients has been configured to associate with the device on channel 1 and the remaining clients are associating with the device on channel 11. On the right. it is more common to implement multiple APs serving different locations. Figure 4-5 illustrates such a situation. In this case. The AP allows for communications between the clients as well as with the Internet. You can use the APs in addition to wired networking or to provide network access in areas of the building without wired networking. In Figure 4-7.11b/g device. a wireless AP provides networking access to a remote portion of the building where no Ethernet wires are available. you can see how this is done for load balancing. The AP labeled “marketing” is running on channel 1 and is an 802. You can install multiple APs in the same coverage areas. the AP serves as a connection point to a network infrastructure or as a hub for all the wireless clients. it is not uncommon to see a single wireless AP and multiple wireless clients.Wireless Network Components 137 As a single AP serving clients.11b/g device. the wireless AP is connected to a router that is connected to the Internet. When you have a medium or large existing wired network. you see an installation in which an existing wired infrastructure is available. The AP labeled “sales” is running on channel 11 and is also an 802. On the left. APs are commonly used to provide load balancing or fault tolerance. providing greater total throughput (load balancing) or high uptime rates (fault tolerance). In a small SOHO implementation. but it does not provide the roaming capabilities needed by users.

FIGURE 4-7 Multiple APs serving the same location SSID: marketing CHANNEL: 1 SSID: sales CHANNEL: 11 SSID: marketing CHANNEL: 1 SSID: sales CHANNEL: 11 SSID: marketing CHANNEL: 1 SSID: marketing CHANNEL: 1 SSID: sales CHANNEL: 11 SSID: sales CHANNEL: 11 . Enterprise-class APs often support automatic load balancing with configurations such as the latter.138 Chapter 4: Wireless Networking Devices FIGURE 4-6 Multiple APs serving different locations Wired Computers configuring each AP with a different channel and SSID to ensure that clients do not roam. The goal of the configuration represented in Figure 4-7 is to limit the number of clients connecting to each AP in the shared coverage area through manual configuration settings. You could also configure both APs to manage both SSIDs and allow clients to connect to either AP.

There is no need for the users to be limited to communications with wireless devices. Repeaters are covered in the section “Wireless Repeaters. root mode matches the default operations demanded by the IEEE standards.Wireless Network Components 139 Remember that colocated APs are APs that cover the same physical area. Routing of data between clients on the marketing AP and the sales AP will be handled by the existing wired infrastructure. This mode can be useful when you need to extend the wireless signal farther. For a temporary extension. Root Mode Root mode is used typically when an AP is connected to some kind of wired infrastructure through its wired interface. or they use different frequency bands in order to serve more clients in the same area. This mode is intended to connect a remote wired LAN to a local centralized LAN. With some wireless APs. The other two modes represent functionality that has been added by the vendors. but with the . Repeater Mode An application of wireless APs that was not covered by the three examples discussed in “Common Applications” would be using the AP as a repeater. Although many APs support repeater and bridge modes. you can achieve similar results as repeater mode through the creative use of AP client mode (not covered here in detail). A client associated with the sales AP can communicate through that AP to the router to the marketing AP and finally to a marketing AP client device. These three modes are ■ Root mode ■ Repeater mode ■ Bridge mode While the IEEE has not defined modes of operation for APs.They use different channels within the same frequency band. usually an Ethernet network with printers. they are configured to root mode as the default. Operational Modes All three of the scenarios discussed in the preceding section represent one of the three major modes (root mode) in which an AP can operate.” later in this chapter. servers. Root mode is also the default mode used when the AP is not connected to any wired network but is serving wireless clients in a “hub-type” mode. mini or pocket APs can work wonders. and other networking devices attached.

repeater. and bridge modes. which supports AP. client. it can effectively extend the wireless signal distance.140 Chapter 4: Wireless Networking Devices right configuration. it’s useful knowledge for those urgent situations that arise. If the signal from the “root” AP can be strengthened. consuming bandwidth twice. FIGURE 4-8 Linksys AP mode selection screen . Remember that repeater mode will reduce the overall bandwidth provided because the repeater must receive and retransmit the frames. You select the AP mode on this screen. it may be a better option. Wireless APs can perform the functions of a wireless bridge. To create a wireless bridge link. Bridging is covered in more detail in the “Bridges” section of this chapter. you need a minimum of two wireless APs or bridges. Figure 4-8 shows the configuration screen of a Linksys WAP54G AP. Bridge Mode Bridge mode performs the exact function its name implies. and this is a useful extra capability. It creates a bridge between two networks. While covered on the CWTS exam.

and it comes with the Windows operating systems. In the past. HyperTerminal usually works fine. If your AP does not support encrypted Telnet. however. are becoming more powerful. you should consider one of the other connection types. You also need client software such as HyperTerminal.” By public interface. . Procomm Plus. When the device supports only an Ethernet or wireless interface. I mean browser-based or client applications. Most APs block the Telnet port. This gives hackers an open window of opportunity to attack your network if you place the AP on the infrastructure before configuring it. You will be using a command-line interface (CLI) in this mode. come with open network settings as the default.Wireless Network Components 141 Configuration Methods APs are configured through various methods. These console ports often look like an Ethernet or token-ring connection. Console Enterprise-class APs usually come with a console connection port. even those from enterprise device vendors. or QModem Pro to connect through the serial port. so make sure your devices have Telnet disabled—particularly if you are connected to the Internet. you usually perform the initial configuration through this interface. and it must be enabled if it is supported. but you need a serial connector to use the port. Most APs. If the device supports a console connection. it is not worth the risk. Configure security parameters such as WPA before connecting the device to the network infrastructure and you greatly reduce the likelihood of an attack getting through. Modern SOHO and home devices. The most important recommendation I can make is to ensure that your common practice is to configure all infrastructure devices offline. be sure to encrypt the channel using IPSec VPN tunnels or SSH. including ■ Telnet ■ Console ■ Browser based ■ Client applications ■ Simple Network Management Protocol (SNMP) Telnet If you decide to use Telnet connections to configure your AP. While this window may be small. only enterprise-class systems have had support for Telnet. you should configure the device in a secure area using the provided browser-based interface. Do not connect them to the production network and then configure them through “public interfaces. The reason for this precaution is simple.

Cisco APs use standard Cisco IOS commands. You still use HyperTerminal or some other terminal program for connectivity. With these devices. Browser Based Browser-based configuration interfaces are useful once an AP is in production. all communications with the AP should be secured (encrypted) using HTTPS (SSL) so that it’s safe to configure various settings through the simpler interface. bridge. Figure 4-9 shows the browser-based (HTTP) interface to a Cisco 1200 series AP. You can usually configure the majority of the AP’s settings through this interface: ■ DHCP settings ■ VPN settings ■ Radios ■ Power levels ■ Data rates ■ LAN IP address ■ AP mode (root. These applications vary. repeater) ■ SSID and SSID broadcasting ■ MAC filtering ■ Authentication types ■ Administration passwords You can often view logs and connection status in this interface as well. The command-line interface (CLI) will usually look like some variant of Unix or Linux and generally contains fewer commands than a full operating system. Other vendors provide documentation for the commandline interface that their devices support. The commands used differ. you can view the association tables or the status of the AP interfaces using this graphical view. depending on the device. Client Applications A common trend occurring with SOHO and personal-use wireless devices of all kinds is the inclusion of custom configuration applications allowing localized secure setup for initial installation. For example. client. depending on the AP you are using.142 Chapter 4: Wireless Networking Devices Other devices use a standard 9-pin serial port. At this point. such as NETGEAR’s WG302 AP. which should be familiar if you have configured Cisco switches or routers. but . you need a standard RS-232C DB-9 male or female connector.

but it is not yet implemented in . You should note. Simple Network Management Protocol The Simple Network Management Protocol (SNMP) is a common management standard for managing networked devices from client computers to infrastructure devices such as APs. Figure 4-10 shows the custom client application for configuring a Linksys AP. that many security vulnerabilities have been discovered in SNMPv1 and there are some inherent issues in SNMPv2. Many SNMP management tools allow you to create a policy or configuration set and then push that one set down to hundreds of devices.Wireless Network Components 143 FIGURE 4-9 Cisco browser-based configuration interface it is common for these tools to launch from an autorun menu on the driver CD that comes with the device. This reduces administration time and overhead in large complex environments. you can manage multiple APs with single points of configuration centrally. When using SNMP. however. SNMPv3 provides for authenticated and secure management of devices. These interfaces are common on devices ranging from wireless network storage devices to wireless APs.

Wireless Routers A wireless AP is basically a bridging device in that the clients generally have IP addresses that are on the same network as the wired side of the AP. FIGURE 4-11 A NETGEAR wireless router . you can see that. Many vendors have released patches to help with security issues in older implementations of SNMP. externally. IP subnet). Figure 4-11 shows a wireless router. The wireless router routes data between the two networks. A wireless router is a device with a LAN connection on one network (IP subnet) and a wireless radio providing access to wireless clients on a different network (again.144 Chapter 4: Wireless Networking Devices FIGURE 4-10 Linksys custom configuration utility as many devices. the device looks just like an AP.

Common Features Many of the features of wireless routers are the same as those found in APs. Some autonomous APs can be converted to access ports or lightweight APs in order to work with controllers and switches. They can be configured independently. autonomous APs.Wireless Network Components 145 INSIDE THE EXAM Access Point Types Three types of AP exist. The AP provides the radio and possibly some basic WLAN functions. The key benefit of lightweight APs is seen mostly in enterprise implementations. Regardless of which AP a client associates with. also known as thick APs. One or more of the APs will be connected to a network infrastructure or the Internet. Mesh APs can often negotiate with each other for route information. however. and more. output power. and the WLAN controller or switch implements most of the layer 2 or Data Link layer functions. and mesh APs. You can manage hundreds of lightweight APs easily from a centralized location. Mesh APs are a different breed altogether. are the original full-featured AP devices. A lightweight AP is used in combination with a WLAN controller or switch. unique features available in routers include ■ Built-in switches or hubs ■ Firewalls . channel usage. You will need to understand each type for exam day. including routing through to the Internet or adding wireless clients to a full wired subnet. The mesh AP builds a network. Autonomous APs. Lightweight APs are also known as access ports or thin APs. which can be very useful in a number of scenarios.11 functionality built in to its firmware and hardware. the wireless clients can access devices on the other side of the wireless router. The types include lightweight APs. or they can be configured through a centralized management application. An autonomous AP has the full 802. with surrounding mesh APs. that client will have a route to the infrastructure or Internet. usually dynamic. Wireless clients use the IP address of the “LAN side” of the router as their default gateway generally. This way.

seven wired clients. When building single-point networks like this. your entire network is unavailable. Your wireless clients will not be able to connect to either wireless router to gain access to local resources and FIGURE 4-12 Wireless router port configuration Wireless Router w/4 Ports Uplink/4 3 2 1 Secondary Switch 1 2 3 4 5 . a single wireless router may serve your needs. The “WAN side” of both wireless routers will receive an IP address from the wired router.146 Chapter 4: Wireless Networking Devices ■ Port forwarding ■ Port triggering ■ Route definition Built-in Switches or Hubs If you are installing a small network with only four to eight devices. you can build a network with one printer. and multiple wireless clients through just one device. Figure 4-12 illustrates the port configuration of a four-port wireless router with uplink capabilities. In situations where you need fault tolerance. If the wireless router fails. remember that you have also created a single point of failure. you can achieve this easily in a small network with multiple wireless routers going through a single point of access to the Internet. With eight Ethernet ports and a WAN link for the Internet. Wireless routers usually support a range of four to eight Ethernet ports. Each wireless router will be connected to a wired router that is connected to the DSL or cable Internet service.

In its most basic form. but they are beyond the scope of the wireless technologies covered in this book. Internet service will no longer be available. The reason for paying extra attention to the vendor specifications is that many devices disable one of the built-in switch ports when the uplink port is used. Port Forwarding If you are using Network Address Translation (NAT) to provide private addresses on your internal network. if your wired router fails. Figure 4-13 demonstrates this concept. connecting a larger switch to this port provides access to a greater number of Ethernet devices. if you type www. Firewalls Protecting your network from Internet-based attacks is extremely important. These firewalls help prevent common denial of service (DoS) attacks. you can actually inform the router that it should allow all packets (data) to pass through if the packet is intended for a specific IP address on your network. an SPI firewall allows through only data that was requested initially by an internal client. For instance. Some devices have one WAN port for connecting to the Internet. While these firewalls are usually limited and should not replace more powerful firewalls. You will then need to implement appropriate security settings on that device. For this reason. but you will still be able to access internal printers and servers. they can provide sufficient security for small home networks and can be used in conjunction with more powerful firewalls in small business networks. It is also important to give proper attention to the specifications of the wireless router you select. In other words. This firewall also helps prevent other types of attacks from nonrequested machines on the Internet. you can use port forwarding to direct incoming requests to a specific device. More advanced DoS mitigation techniques are important to consider as well. . advanced packet filtering.McGrawHill. four switch ports. and an uplink port. When investigating the strength of the SPI feature of a given wireless router. and DMZ pass-through. For example. A DoS attack occurs when an attacker floods your network with so much data that your device is unable to provide service to valid clients. you can’t use the uplink port and all four switch ports at the same time. The most common type of firewall supported by wireless routers is the stateful packet inspection (SPI) firewall. look for logging support.com in your web browser. many wireless routers also provide built-in firewalls. IP packets from that location would be allowed to respond and enter your network. Allowing communications into the network only from previously requested locations helps prevent some DoS attacks to a large degree. With DMZ passthrough.Wireless Network Components 147 the network can still function if either wireless router goes down. These types of devices are often purchased for their expansion abilities through the uplink port. Of course.

x) on your internal network.10.x. When the actual web server responds to the router. it forwards the response to the client device at 201. In this case. A client device makes an outgoing connection using a port number that is defined in the port triggering table.13.x. 172. a client computer on the Internet (at address 201. Port Triggering Port triggering works a little differently than port forwarding.8.144. this is the IP address of a port forwarding router. which is on port 80 by default.75 web server.8. The NAT router lets clients browse the Internet.85) requests to view a web page (port 80 by default) at the IP address of 71. Client requests to view the web site at 71.144.12. and associates them with the client device. and its port forwarding feature lets Internet clients access internal services.85.75 In the diagram. Once port triggering is configured. The wireless router records this connection.144.x.x. You can still allow clients to access public addresses on the Internet by using a NAT router. the port is allowed by the router because of an internal request by a client.10.10. 71.16– 31.13. it operates as follows: 1.45 wireless router with port 80 forwarding pointing to 10. opens the incoming port or ports associated with this entry in the port triggering table.168.x.75. This kind of configuration allows the use of private addresses (10.8.10. . which responds to the Internet client. on port 80 responds to the wireless router. In actuality. 192.45. 2. The router sees that the client is trying to access port 80 and forwards the communication to the internal IP address of 10.148 Chapter 4: Wireless Networking Devices FIGURE 4-13 Port forwarding 10.x.

you can set the direction to “in only” when you want the wireless router to receive routes but not communicate its routes. Open Shortest Path First (OSPF). Most routers allow only one client device to use a particular port triggering configuration at a time.49. and Interior Gateway Routing Protocol (IGRP).27. Connecting to the Internet Figure 4-14 illustrates a configuration in which the wireless router connects a wireless network to the Internet. When creating connections such as this. You can also configure the direction of the routing protocol. This configuration allows for browsing of web pages and hosting of web services internally. there is also a wait time after a client device finishes communicating. Common Applications Wireless routers are used for two main applications: connecting an internal network to the Internet and connecting a wireless network to an existing network infrastructure. Border Gateway Protocol (BGP). For example. the router knows the IP address of the device that acts as the entry point to that network. 4. from having to configure static routes manually. These static routers are defined manually unless you configure them through an automated tool such as SNMP. This prevents you. if a device connected to a wireless router wants to reach an IP address of 192. as the administrator.Wireless Network Components 149 3. Static routes are definitions of IP addresses that can be used to reach specified locations. If port triggering were not used. Many wireless routers also support routing protocols such as Router Information Protocol (RIP). Route Definition Most wireless routers allow you to configure static routes. These protocols make announcements related to known routes so that routers can self-configure. Before a new session can be created. firewalls become very important. For example. the final response from the remote system would be treated as a new connection and be disallowed by the SPI firewall or handled by default port forwarding rules. The router matches the response to the previous request and forwards the response to the client device. The remote system receives the client device’s request and then responds using a different port number. This feature is useful if the wireless router is the single point of connection to the Internet.168. Automated attacks from worms and attack scripts try to attack any network they can .

For this reason. a wireless router is needed. and in others. you might choose to provide limited access to network resources at the router in order to provide protection from these unknown clients. but you can’t control these client devices and the security they have configured on their systems. In many cases. which means an attack does not have to be directed at you intentionally for it to damage your network. browser-based . an AP works perfectly. such as a firewall Perhaps you want to provide access to wireless clients visiting your organization. Telnet. Connecting to an Existing Network Infrastructure Sometimes you just need to connect some wireless clients to a wired network. Scenarios in which you should use a wireless router instead of an AP include the following: ■ Situations in which an insufficient supply of IP addresses is available on the existing wired subnet ■ Situations in which you want to place special limits on the wireless clients that are not usually available in wireless APs. script attacks. Configuration Methods The configuration interfaces supported by wireless routers are the same as those used by APs. Firewalls help prevent worm attacks. You can configure a router with a console connection.150 Chapter 4: Wireless Networking Devices FIGURE 4-14 Connecting to the Internet with a wireless router Internet Wireless Router find. and even attended attacks by skilled crackers.

Either way. applications. Wireless bridges can connect a remote building to a main building on a campus or to separate locations in a small town. bridges are usually APs that you run in bridge mode. are generally sold as bridges and configured to operate as such by default. you may also need to use GPS devices and consider issues such as antenna height. or SOHO. For this reason. Remember to configure the device offline with baseline security settings before connecting it to the network infrastructure. you want to achieve higher-gain output and not impact directionality. Wireless Bridges Wireless bridges connect two wired or wireless networks that would otherwise be unable to communicate with each other. For a bridge.Wireless Network Components 151 interface. or SNMP. and configuration options is essential. the more difficult it is to align the antennas. You can configure them as single connections (point-to-point) or multiple connections in a hub-and-spoke fashion (point-to-multipoint). When you replace antennas on APs. custom vendor applications. Common Features Bridges are basically APs configured to operate primarily in bridging mode. Features that are unique or important to wireless bridges include ■ Antenna alignment utilities ■ Detachable antennas Antenna Alignment Utilities A wireless bridge connects two otherwise disconnected networks. power output levels. With long-distance connections. The greater the distance between these two networks. the antenna you select depends on the mode of use. Consumer. understanding the features. So what is the difference between them? In most cases. However. the only difference is the intended use. the purpose of those antennas is usually very different from the antennas that come with bridges (except when running the AP in bridge mode). Enterprise-class bridges. many wireless bridges provide antenna alignment utilities such as range calculation tools. and possible object interference in the path of the RF signal. Detachable Antennas While APs often come with detachable antennas. however. you can configure even enterprise-class bridges to act as standard APs. If you are creating . gain of antennas.

file servers. Common Applications When configuring a wireless bridge link. You then align the antennas at each remote location so that they are aimed properly at the central omni antenna. . install a bridge with a semidirectional or highly directional antenna at each remote location. This configuration is a common one for short-distance WAN links and campus links that bridge just two locations. console and custom applications. This central antenna may be semidirectional in scenarios where the two remote locations are relatively close to each other and in the same basic direction away from the central network.11 network. Telnet. Internet access. a single wireless bridge forms a link between two wireless bridges. usually have only a browser-based interface. databases. SSH. however. choose an 802. you might have a main network where the majority of services are located (domain servers. and so on) and smaller networks with some localized services and access to the main network for other functions. Install an omnidirectional antenna and bridge at the central location. for example.152 Chapter 4: Wireless Networking Devices point-to-point connections. you use either omnidirectional or semidirectional antennas.) Configuration Methods Wireless bridges are configured through the same basic interfaces as APs. a point-to-multipoint setup works well.11. Point-to-Point In point-to-point mode. (See Figure 1-1 in Chapter 1 for a representation of point-to-point and point-to-multipoint connections. If you are creating point-to-multipoint connections. as well as SNMP. Point-to-Multipoint The use of bridges in a point-to-multipoint application allows for multiple bridging links to a central location. some of them use proprietary communications protocols other than 802. one of the bridges is in root mode and the other bridge or bridges are in nonroot mode. wireless gaming adapters. In this kind of situation. For instance. Many devices use other names but are actually wireless bridges. These devices are basically consumergrade bridges. Enterprise bridges are configurable through HTTP. you use semidirectional or highly directional antennas. To reduce the likelihood of interference with your 802. The two main wireless link types are point-topoint and point-to-multipoint. To configure a point-to-multipoint link. which are really APs.11-compliant device that you can configure to a different channel. Consumergrade bridges.

Other features include ■ No Ethernet connection ■ Lower cost No Ethernet Connection Most wireless repeaters provide an RJ-45 Ethernet port for initial configuration. Your neighbor repeats the comment loudly. The concept of the repeater goes all the way back to the telegraph system. but when acting as a repeater the device does not need to be plugged into an Ethernet port because the repeater receives RF signals and retransmits RF signals (or at least this is how it appears). This allows data to travel greater distances down the cable. you find that they support many of the basic features of an AP. the repeater is a client to another AP. In order to get electrical signals to travel many miles. dedicated repeaters are available. Because this is exactly what a repeater does. Eventually the message reaches the backyard of some individual 20 miles away. Remember. To understand this idea. When looking at the features of consumer-grade repeaters. In a wireless network. in effect. This is precisely what a repeater does for electromagnetic signals in a wireless network.Wireless Network Components 153 Wireless Repeaters Repeaters have been used in wired networks for many years. and your neighbor’s neighbor does the same thing. you had to repeat or replay the signal periodically. or even medium-sized business. is likely to use a standard AP as a repeater. however. an AP can actually function as a repeater or range extender. the repeater acts as an AP to the clients that are farther away. In other words. A wireless repeater is basically a bridge. the first AP is the root AP and the “repeater” AP is the nonroot AP. repeaters perform the same function. In reality. and it acts as an AP for wireless clients that cannot reach the distant AP. The person in your neighbor’s neighbor’s (that is a complicated one. isn’t it?) backyard can’t hear the comment very well. Common Features A SOHO. imagine a person in your backyard telling some information to your neighbor in a loud voice. Figure 4-15 shows a Linksys consumer-grade repeater. and they function with more complexity. . the name makes sense. A repeater receives the signal at one interface and amplifies it internally and then sends it back out the other interface. These consumer-grade repeaters are often called range extenders. except they receive and repeat RF signals.

. Some repeaters have custom client applications to perform the initial configuration as well. can give you coverage in those hard-to-reach places. A wireless repeater. the lower the price point. wireless repeaters can be used to “get around corners.” In other words. And the fewer the capabilities. Some repeaters do not provide an Ethernet interface. Repeaters provide a simple solution to coverage in new buildings and previously unused areas of your facility. usually. and you configure them through the wireless interface only. Configuration Methods Repeaters are generally configured through an Ethernet port initially and then through a browser-based interface on an ongoing basis. Because of the behavior of RF signals.154 Chapter 4: Wireless Networking Devices FIGURE 4-15 WRE54G Range Extender (Photo courtesy of Cisco Systems. Common Applications Wireless repeaters give you the ability to extend the wireless network into areas the APs connected to your wired infrastructure cannot reach. however. the structure of your facility and the objects it contains may block RF signals from traversing the environment completely. Inc. well placed.) Lower Cost Because a repeater needs less functionality than an AP and acts as a bridge. you don’t need features such as VPN pass-through and firewalls.

Said another way. a VLAN is a group . Some vendors refer to them as wireless controllers. you plug APs into the Ethernet ports and the switch manages them centrally. but seldom enterprise functionality such as QoS. and they can include many different feature sets such as VLANs (virtual LANs) and integrated SPI firewalls. whereas enterprise models can expand to 20 or more by default. not an AP in and of itself. These ports are for connecting APs to the network. The SOHO device is usually a simple switch (just like a standard Ethernet switch) that might support basic VLANs. you can use them to implement a virtual LAN (VLAN) easily. This device is an AP and switch all-in-one. A VLAN is a configuration set that dictates a particular Ethernet port will be on “one specified LAN” even though it may not connect directly to that LAN physically. Wireless switches provide wired and wireless networking solutions with most implementations. This distinction is an important one to make between SOHO wireless switch devices and enterprise wireless switches. Instead.Wireless Network Components 155 Wireless Controllers/Switches Wireless controllers and switches are the same thing. The enterprise wireless switch does not usually contain a radio and is. Virtual LANs Wireless switches provide a logical network infrastructure rather than a physical infrastructure. A wireless switch is usually far more powerful and functional than a standard Ethernet switch. They usually come with multiple Ethernet ports. and others call them wireless switches. Because of this distinction. therefore. Common Features The common wireless switch offers the following features: ■ Multiple access ports ■ Virtual LANs ■ SPI firewalls ■ Remote manageability ■ Power over Ethernet support ■ Per-user rules ■ Support for RADIUS servers Multiple Access Ports Wireless switches generally come with fewer than 12 Ethernet ports in consumer and SOHO models.

For example. Per-User Rules Per-user rule sets allow you to treat users in different ways on the network. SPI Firewalls SPI. Authorization. Power over Ethernet Support Many switches allow the pass-through of PoE power to APs via switched Ethernet ports. Support for RADIUS Servers If you are using AAA (Authentication. This mechanism is very useful in large enterprise installations but loses its benefit quickly in a smaller environment with just one or two APs. This is due to the fact that one or two access points can be configured. but only where they are needed instead of on the entire network. you can restrain certain users from routing through to the Internet while allowing others unrestrained access. Remote Manageability Remote management features allow you to configure not only the switch but also the APs connected to the switch. maintained. firewall functionality is often built in to wireless switches. or stateful packet inspection. Then you can power PoE-compliant APs through the switch instead of down the line from the switch. The nodes on the VLAN are generally unaware that the other devices are not literally on the same physical segment. For example. VLANs help to provide better roaming and also allow for great flexibility in configuration management. you can configure multiple VLANs in the switch and then require different security specifications for the various VLANs. VLANs are also used with just one physical network to create multiple logical broadcast domains. most wireless switches can pass off this authentication to a central Remote Access Dial-In User Service (RADIUS) server such as Microsoft’s . The most powerful switches allow you to create different firewall rule sets for different VLANs. and secured quickly without remote management on the same level as needed by large enterprises. You can also identify the time of day when particular users are allowed on the network to reduce the possibility of night-time attackers. This way you can put stronger security mechanisms in place. which can also slow communications.156 Chapter 4: Wireless Networking Devices of devices that may actually be on separate physical network segments bordered by routers that act as if they were on the same network segment. and Accounting). You can then create protected network segments that exist only in software configurations rather than requiring many different hardware elements.

installing a wireless switch at each location and using that switch to manage the APs is a great solution. When working with a small company. but I find many IT professionals being asked to provide them for conference rooms and facilities. These kinds of presentation gateways are often used to create a connection to a projection device without the need for cables. the fact that you can configure all of these devices from one interface is usually a timesaver overall. For this reason. graphics. Wireless media gateways fall into two main categories: centralized media sharing devices and wireless display connections. a wireless display connection is usually called a wireless presentation gateway. A centralized media sharing device. You can manage the switches across the LAN or WAN easily. including computers and televisions. configuring a wireless switch is much more complex than configuring a single AP. authorization. This gives you centralized control and management of authentication. and audio files across the wireless network with multiple device types. Common Applications Most environments utilizing full wireless LAN switches are large enterprise installations. In larger enterprises. and this gives you centralized administration of a very decentralized concept—wireless networking. the main focus of this section. if not all. As shown in Figure 4-16. However. The cost of the switches (often in excess of $3000) is a tremendous barrier to entry for SOHOs and even many medium-sized businesses. Wireless Media Gateways Wireless media gateways are no longer covered on the CWTS exam. Configuration Methods Because you are configuring many different APs at once. is used to share videos. Configuration interfaces usually include HTTP and HTTPS as well as Telnet or SSH. you should consider standardizing on a single switch provider for many. of your networking needs. the configuration of every switch will vary a little. The device shown . You can use them to run PowerPoint presentations or play digital videos for presentations and events. standard APs connected to standard wired hubs usually provide sufficient functionality and are much more cost-effective. Because each vendor provides different applications and interfaces.Wireless Network Components 157 Internet Authentication Service (IAS) or other software-based and hardware-based RADIUS devices. For this reason. and accounting (logging) parameters. I will briefly review these devices.

remember that direct AP connectivity uses layer 2 and distributed AP connectivity uses layer 3. in Figure 4-16 actually allows multiple presenters to install the client software and then switch between presenters on-the-fly to dictate which client device controls the presentation at any given time. Many WLAN controllers support multiple APs but have only one Ethernet port. you know it is a distributed AP connectivity model. no routers or switches exist between the APs and the controller. Distributed AP connectivity indicates that the APs are connected back to the WLAN controller through switches or routers or both. Wired repeaters may be used to extend this distance. while others use distributed connections. The result is that you will be unable to position APs in locations farther than approximately 100 meters from the wireless controller. however. It is important. you can even determine what the “null” screen will look like. some vendors do reference them as such. Some implementations use direct connections. wireless presentation gateway devices . Remember. This screen is the one shown when there is no active connection. Distributed APs may need to use layer 3 communications. as they must often pass through routers. which is great for in-between conference sessions. With customizable banner pages. You will be limited by the boundaries of Ethernet cable lengths. Connection may be made at layer 2 or at layer 3. Clearly. The rest of this section focuses on the centralized media sharing devices truly known as wireless media gateways. Direct-connected APs need only communicate with the controller using layer 2 communications. and many vendors still consider an implementation using repeaters to be a directconnected implementation. these controllers demand a distributed model. For our purposes. If the APs are on the other side of a router. For exam day. Although these devices are not generally referred to as wireless media gateways. In this implementation. Direct AP connectivity simply means that the lightweight APs are connected directly to the controller or switch with an Ethernet cable.158 Chapter 4: Wireless Networking Devices INSIDE THE EXAM Access Point Types Wireless controllers and switches connect to APs using different methods. to consider that many vendors consider the deployment to be a distributed model only if the APs are on a different subnet than the controller. we’ll refer to them as wireless presentation gateways.

videos. The downside to this is that most of these media gateways are very basic in what they allow you to do and have limited expandability (for example. the security concerns usually demanding a console interface are irrelevant. In this instance. you generally cannot add newer video codecs or audio codecs).) usually have HTTP (browser-based) configuration interfaces. some installations require a custom solution.Wireless Network Components 159 FIGURE 4-16 D-Link DPG2000W wireless presentation gateway (Photo Courtesy of D-Link Systems. Inc. and audio ■ Support for Internet streaming services ■ Extra capabilities such as internal storage and print servers Remote Control Interfaces Most wireless media gateways make it simple to access data by providing a remote control interface. For this reason. Common Features Common features of wireless media gateways include ■ Remote control interfaces ■ Support for graphics. . such as an actual PC functioning as a client to a wireless presentation gateway connected to a video screen or television. you are basically building your own wireless media gateway device with full expandability. Seeing as they do not actually provide access to any sensitive data. and in some cases (some wireless media gateways are more than $700 to $1000) this is a less expensive solution. Simple navigation and basic functionality keep the learning curve to a minimum.

if the wireless media gateway does not support the codecs (coding/decoding algorithms) in which your videos are stored. allowing you to access massive libraries of music and spoken word audio. When it comes to compatibility. such as DVD playback and TV schedule guides. Support for Internet Streaming Services Services such as Rhapsody and Napster are often supported by wireless media gateways. If you’ve done this before. and connectivity with Windows XP Media Center Edition for access to TV and other Media Center features. though that support is less common than the MPEG format. you know that it takes many. This kind of creative use provides centralized control over decentralized distribution of media of all kinds. including XVID. Configuration Methods The standard configuration interface for a wireless media gateway is web based. Audio formats supported generally include MP3. The same reality applies to any graphics files you wish to access. and various other formats. Extra Capabilities Capabilities above and beyond the basics include print servers. internal hard drives for storage of data. USB ports are used to connect USB printers. Video support almost always includes MPEG1 and MPEG2. or external USB hard drives for extra storage space. . RCA. Some devices support other video codecs. and Audio Most media gateways support standard image formats such as JPG and TIFF. USB. when they are supported. and very few support any other options. These extra services require monthly subscription fees but can be less expensive than buying individual CDs and are extremely popular. Common Applications While the most common application of a wireless media gateway is to provide access to all forms of digital entertainment and information for home use. VGA. but check the specifications closely to ensure support for your media type. Connector types include Ethernet. you have to re-encode hundreds of videos.Videos. small and large businesses are using them to create central points of access for multiple kiosks in various entrances to their facilities and for streaming of CEO presentations to employee break rooms. and other video connections. WAV.160 Chapter 4: Wireless Networking Devices Support for Graphics. S-Video. many hours.

Power over Ethernet Devices Power over Ethernet (PoE) provides the delivery of DC voltage to an AP or a wireless bridge over standard CAT5 or CAT6 Ethernet cables. With PoE. FIGURE 4-17 PoE installation in a park Ethernet CAT5 Cabling PoE Wireless AP Power and Ethernet Enclosure in Park . you could run an Ethernet cable through the air or bury it just a few inches deep and provide power through this cable. Let’s say you want to provide wireless coverage in a city park. they may not be located where you need them. Using a traditional setup. Figure 4-17 demonstrates this scenario and the placement of PoE devices and wireless devices. you would have to trench and lay pipe and wiring just to get power to the AP. apply firmware updates through the Ethernet port when possible to reduce the likelihood of corruption. While there may be power outlets in the park. As with APs. audio codecs. PoE lets you use an AP or bridge that cannot be located near a power outlet. Functionality PoE is used when AC power outlets are not available in the location of the AP or bridge and it is more cost-effective and time-efficient to use PoE instead of installing a power outlet. and video codecs. powering the unit with the same cable that carries the data to the unit. Administrative advantages include the ability to cycle devices (power off and on) from a remote location such as through a PoE-compatible switch interface.Wireless Network Components 161 Firmware upgrades are important for wireless media gateways as they provide extra functionality such as support for new streaming services.

a multiport injector provides DC power through multiple CAT5 cables . however. These devices detect the use of PoE for power and utilize it automatically. you will need two devices at a minimum. or any device that can provide Power over Ethernet is power sourcing equipment or PSE. A regulated DC tap converts the power to another voltage when necessary. sending power down the Ethernet cable from the PSE “turns on” the wireless device. You cannot configure the WPA settings on an AP just because it is powered with PoE. It is not used as frequently any more. this is a common mistake when taking a test. PoE requires one cable and provides centralized power administration. it was essential and supported by many DSL gateway wireless routers. Don’t. A passive picker/tap takes whatever DC power is injected and routes it to the DC port unchanged. but you can cycle the device to reset when software errors occur or during security emergencies. Because having an alternate power source is an advantage. you need either an injector plus a PoE device or an injector. Though not usually made in daily operations. confuse this with centralized device configuration.162 Chapter 4: Wireless Networking Devices Sometimes PoE can be useful even when power outlets are available. The first is the PoE-compatible wireless device. of course. you might be able to use PoE through a DC picker or DC tap. There are usually no configuration settings to manage in PoE-compatible devices. PoE Injectors PoE injectors come in many forms and with various capabilities. This support is usually noted on the vendor’s web site and in the documentation. If you lack PoE support in your chosen APs or bridges. Do not confuse PoE with PPPoE. To use PoE. A generic term used to refer to power injectors. and a standard device to provide extra flexibility in your power configuration. PoE is. These devices are sometimes called active Ethernet splitters. To use PoE. switches. A possible alternative second device is a PoE or active Ethernet switch that performs the role of the injector. They pull (or pick/tap) the DC power off the CAT5 cable and then make it available to the equipment through the standard DC power jack. PPPoE is PPP over Ethernet and is a protocol for connecting remote hosts to the Internet over a DSL connection by simulating a dial-up connection. and the second is the PoE injector. but in times past. In effect. PoE-compatible devices may be slightly more expensive. For example. Power over Ethernet. plus a DC picker. DC pickers come as either passive or regulated. PoE Devices Many APs and bridges contain built-in support for PoE.

3af or PoE ready.3af compliance—the IEEE standard for PoE devices. PoE injectors can be large and rack mountable or small-footprint devices that are mounted individually to a wall or shelving system. they should work together without any problem. With a beginning cost of less than $500.) . as well as injectors. They generally include either console or HTTP configuration interfaces or both. Figure 4-18 shows both single-port and multiport power injectors from D-Link. These devices usually support standard switch features such as VLANs and QoS management.) and a single-port injector provides power to only one cable. The D-Link DES-1316 switch.3af compliant. If your APs and bridges. This is an important characteristic to watch for when selecting a PoE switch. are 802. you might want to use a PoE-capable Ethernet switch.3af switch (Photo Courtesy of D-Link Systems. PoE Switches If you need to power many APs using PoE. This device is also a great example of a common reality with these switches: only 8 of the 16 switch ports on this device are 802. shown in Figure 4-19. One important feature to look for in PoE injectors is 802. is such a device. It’s still important to verify pin usage and power levels. These devices act as both switches and PoE injectors in one unit. FIGURE 4-19 D-Link DES-1316 PoE/802. The pictured switch supports PoE as well as Ethernet switching. Injectors may run power on different wires and can damage your equipment if not installed properly. Inc. Inc.Wireless Network Components 163 FIGURE 4-18 Single-port and multiport injectors (Photo Courtesy of D-Link Systems. PoE switches are viable candidates for small and medium-sized businesses as well as the large enterprise.

3-2005-compliant.3-2005 document. assuming they are IEEE 802. Clause 33 IEEE 802. The standard specifies that a PSE (power injector) located coincident (in it) with the switch (technically. The old amendment is now known as clause 33 in the IEEE 802. Many. You will not be required to understand the in-depth details of PoE for the CWTS exam (although this IEEE document can act as your source for more information).3-2005. The clause specifies five elements: ■ ■ ■ ■ ■ A method for scaling supplied power back to the detect level when power is no longer requested or needed A power source that adds power to the cabling system The characteristics of a powered device’s load on the power source and cabling A protocol allowing the detection of a device that requires power An optional classification method for devices depending on power level requirements The standard then spends the next 57 pages providing the details of this system.3-2005 standard in sections. If you download or access the IEEE 802. even most. The APs we’ve discussed that support PoE would be examples of PDs. the data terminal equipment or DTE in the standards) should be called an endpoint PSE. It also specifies that a PSE located between the switch and the powered device should be called a midspan PSE. assuming they are IEEE 802.164 Chapter 4: Wireless Networking Devices INSIDE THE EXAM IEEE 802. vendors—at this time—are still referencing the standard as IEEE 802. you should be familiar with the following two terms: midspan and endpoint power injectors.3-2005compliant. WLAN switches and LAN switches with integrated PoE support would qualify as endpoint PSEs. .3-2005 merged the older IEEE 802. but you should know that it has been rolled into the primary standard now.3af. The standard defines a Powered Device (PD) and Power Sourcing Equipment (PSE). however. Multiport and single-port injectors would qualify as midspan PSEs.3af PoE amendment into the core standard document. The power injectors and PoE-enabled switches would be examples of PSEs. clause 33 is in the section two PDF file.

3af vendors also provide this functionality. Some non-802. When you use a PoE injector. These devices offer role-based access control.3af device and if it’s not.3af-compliant PoE switches perform PoE device sensing. PoE switches allow you to stop and start the power to any given port through the management interface. 802. Among the many enterprise-class devices. you need both a switch (or sometimes a hub) and the PoE injector in the closet. Finally. One of the great benefits of PoE is the fact that you have to run only one cable to the wireless device. or smaller business environments. which means the switch detects if the device connected to the port is an 802. . A great source of information on these enterprise-class devices is the CWNA Certified Wireless Network Administrator Official Study Guide (Exam PW0-100). Enterprise-Class Devices As mentioned at the beginning of this chapter. With a switch. it is important to know what these devices are and the functionality they provide. and more. but when you use a PoE switch. Though not the main focus of this book and the CWTS certification. which is a huge benefit. there are more powerful devices that are not used in SOHO. consumer. This book prepares you for the CWNA exam and provides valuable information about more advanced wireless equipment than what is covered here. VPN tunnels. as the power flows on unutilized wires. Cycling an AP that is in the ceiling or some other hard-to-reach location such as the top of a tower is not as simple as opening your web browser and clicking a few buttons. you need only the switch. the most common ones include ■ Enterprise wireless gateways ■ Enterprise encryption gateways Enterprise Wireless Gateways Enterprise wireless gateways (EWGs) are specialized devices that provide authentication and connectivity for wireless clients. you have only one device to install in the closet or switch location. it cancels power to that port. Fourth Edition published by McGraw-Hill (2008). QoS management. Remember that non-PoE devices should not be damaged by the flow of power anyway.Wireless Network Components 165 PoE Ethernet switches carry the PoE benefits even further than stand-alone PoE injectors.

much less access the data once they get there. The Buffalo Technology WZR-RS-G54. many client types are supported by the EWG. many modern wireless routers are beginning to incorporate some of the features of an EWG. but also it controls the bandwidth consumed by a role on the wireless network. RBAC can also restrict access to particular time windows so that specific roles cannot access the network except at assigned times. and internal proprietary databases. including RADIUS. seen in Figure 4-20. 802. and for back-end authentication. This helps reduce bandwidth consumption by users who do not really “need” bandwidth-intensive applications—such as those Internet newscasts they might want to watch at work. Finally. LDAP. Not only is RBAC capable of limiting access to resources. is just such a device. though they perform at lower levels. FIGURE 4-20 Buffalo Technology WZR-RS-G54 .166 Chapter 4: Wireless Networking Devices Role-based access control (RBAC) allows you to configure different levels of wireless access to match particular job descriptions or functions in the organization. Because of this flexibility. An EWG can authenticate users with a variety of mechanisms. RBAC can provide an extra level of security in your environment because users cannot even access the network on which the secure data resides. For smaller businesses with tighter budgets. Some EWGs are so complex that in order to master their capabilities and configuration options it’s necessary to attend the vendor’s training class.1x. many service types as well.

the Buffalo Technology WZR-RSG54 supports only PPTP VPN endpoints and offers no support for L2TP/IPSec VPN client connections. and the encrypted side is the wireless LAN. and switches. With the right knowledge and testing equipment. and you can even power them with standard 802. The main difference between a device such as this and an EWG is that an EWG is not an access point in and of itself. . The major benefit of an EEG is that it can offset the overhead created by encryption from your APs to the more powerful EEG device. is a science and not an art. CERTIFICATION OBJECTIVE 4.3af PoE devices and still accomplish nothing if there are no antennas to propagate the wireless signals into the air. for example. Of course. The unencrypted side is generally your wired LAN. the types of antennas available. You can have the best APs. This section covers all three of these important elements. the technician must understand the basics of antenna functionality. Enterprise Encryption Gateways An enterprise encryption gateway (EEG) handles the encryption processes for your wireless LAN.02 Antenna Types Antennas are possibly the most important devices in wireless networks. though it does allow for all types of VPN pass-through. Selecting the right antenna. and there is also an external antenna port. When evaluating antennas. The EEG has both an encrypted and an unencrypted side. you can choose the best antenna for any situation. and how to choose the best location for the different antenna types. however. There are two internal antennas (one vertically polarized and one horizontally polarized) for better support of laptops and desktops.Antenna Types 167 This device is a perfect example of an entry-point device that provides some features of an EWG without the cost (this particular device is under $200). The Buffalo Technology WZR-RS-G54 is an all-in-one device that gives you some features of an EWG. Antennas come in all shapes and sizes with different purposes and capabilities. you lose many features. instead. routers. The PPTP endpoint also uses a built-in user database. it connects to and manages access to access points.

different antennas have different RF propagation patterns. the more spherical the propagation pattern. that the antenna does not exist. and in all other directions with the exact same energy. so to create a perfect sphere. The hose is the coaxial cable carrying the RF energy from a transmitter to the antenna. down. The nozzle is the antenna. The i stands for isotropic and is used to compare the actual gain in the advertised direction of the antenna. and others propagate most of the energy in a narrow path in one direction. which means. in the inverse. The longer or taller an omnidirectional antenna. it sprays the RF energy into the air much as the water hose nozzle sprays the water into the air. Some antennas propagate the energy relatively the same in all directions. that the shorter the antenna. I won’t look too foolish. it is impossible to create an isotropic antenna. of course. Just as the hose contains the water. the flatter the RF propagation pattern. With this type of antenna. side-to-side. you would fall off the end of the Earth. If an antenna is an omnidirectional antenna with a high gain (12 to 15 dBi). The Isotropic Radiator Most antennas are compared to a mythical antenna known as an isotropic radiator. less of the RF energy travels in an upward direction and more of the RF energy travels in an outward direction. I feel safe in saying that with the current technology and information available. the coaxial cable contains the RF energy until it reaches its destination. The isotropic radiator is an antenna that propagates RF energy in all directions in a completely equal spherical pattern. . In other words. I call it a mythical antenna because humans cannot create one. people once said that objects heavier than air could not fly. then the donut-shaped propagation pattern is flatter. So when someone reads this book in 1000 years (over a wireless network using a true isotropic radiator at 100 exabits per second. As you recall from Chapter 2. the RF energy is propagated up. Select the antenna that creates the appropriate propagation pattern to meet your needs. Just as different nozzles create different spray patterns. Am I the only one who fears saying that something cannot be done? After all.168 Chapter 4: Wireless Networking Devices Antenna Functionality An excellent way to think of antennas is to consider the analogy of a water hose and a nozzle. This way. or more). This means. dBi measures the gain of an antenna. you can use a standard transmitter (for example. and that if you floated too far in a boat. the antenna would have a length of zero. an access point) and propagate the RF energy differently in a range of places by using various types of antennas.

Antenna Types 169 Polarization You do not have to be a physics expert to implement and support wireless LANs. The most important thing to remember about polarization is that the sending and receiving antennas should be positioned using the same polarization. I don’t want to leave the impression that absolute vertical and horizontal polarization are the only options. Understanding the impact of horizontal versus vertical polarization is important. The electric portion of an electromagnetic wave is propagated parallel to the propagation device. If you have worked with any AP-attached antennas. you have to angle the antennas so that they are parallel to each other to achieve the best signal reception. Configuring the antennas with different polarizations causes a reduction in signal strength at the receiver and can impact throughput greatly. it is not uncommon to position an antenna in a way that might be called angled polarization. In other words. Antenna Gain and Loss An antenna is a passive device. You cannot use an antenna to increase the amount of RF energy radiated from . That is the good news. the RF waves are propagated horizontally. but by the position of the electric field. which means it does not create actual gains and losses. Even though the waves propagate horizontally when an omnidirectional antenna is vertical. However. the electric wave is vertical. if you place one antenna close to the ground and another 100 feet away and 30 feet higher. The easiest way to remember this is that polarization refers to the position of the antenna. the antenna is said to be vertically polarized. in the wave. when omnidirectional antennas are in a vertical position. the polarization of an antenna is not referred to by the propagation of the wave. Polarization references the physical orientation of the antenna in relation to the Earth. you should know enough about the concept of polarization to determine proper antenna placement. If the antenna is vertical. Simply put. This positioning allows the RF waves to propagate to multiple floors in a building and is often seen in hotel hotspot installations. In fact. The vertical and horizontal planes simply provide an easy way to think of antenna propagation behavior. you know they can be positioned at many angles. When the antennas are placed in a horizontal position. Now you know where the term vertically polarized comes from. Here is the catch: vertically polarized antennas are in a vertical position and horizontally polarized antennas are in a horizontal position. to the ground. it references the polarization of the electric field in relation to the Earth. the RF waves are propagated vertically. For example.

These antennas ship with APs but can be replaced with more powerful models to increase the signal strength. the most important thing to consider is the gain of the antenna. meaning the antenna sends the energy only in certain directions and. In many cases. you logically propagate that energy over a greater distance. before it evaporates. The water travels a greater distance. This rating indicates the RF signal strength that must exist for the wireless device to communicate. cabling vendors. Returning to a water analogy. so the signal will not travel as far vertically. With indoor networks. the energy dissipates. it will go a certain distance. the water dissipates over distance because it evaporates in the air. the antenna produces gain by propagating more of the energy in a limited scope of directionality. in a spherical pattern.170 Chapter 4: Wireless Networking Devices the antenna. that increased strength usually means a flatter horizontal distribution. the missing element is the estimate for free space path loss. you eventually reach a point where RF energy exists but is so weak that the wireless device can no longer detect it. The energy is absorbed and the wave front broadened as it travels until. if you have exactly one gallon of water and throw it in all directions at the same time with the same velocity. and so on). AP vendors. More of the energy travels in the desired direction and for a greater distance. you frequently use omnidirectional antennas placed in centralized locations in the facility. However. in that direction. Realize. . The distance it travels should be the same in all directions. you should use directional antennas for long-distance links. This formula is Received signal = RF transmitter output power – losses in the path to the transmitting antenna + transmitting antenna gain – free space path loss + receiving antenna gain – losses in the path to the receiver Using this formula. Use Table 4-1 for this purpose. There is a simple formula you can use to determine the received signal strength at the wireless receiver. Because the RF signal weakens over distance. assuming gravity has no impact on it. take that same amount of water and throw it in one direction with the same lack of gravity. you can decide which antenna type to select. the energy can travel farther. For this reason and to address security concerns. however. If you propagate more of the energy in one direction. eventually. Now. You can think of RF energy in a similar way. Why is all this so important? The answer is simple: wireless devices have a receiving sensitivity rating. As a passive device. therefore. While many of the figures needed to calculate the preceding formula are available from the hardware vendors (antenna vendors.

This ends up being approximately 2 nanowatts (0.25 94.Antenna Types 171 TABLE 4-1 Distance 100 meters 200 meters 500 meters 1000 meters Loss (in dB) 80. TABLE 4-2 Measurement Point AP output Connectors Antenna 100 meters Antenna Connectors Power Level 50 mW –3 dB 6 dBi –80 dB 6 dBi –3 dB Power Levels at Measurement Points .23 Free Space Path Loss Estimates For example.000002 milliwatts). Using the RF math rules covered in Chapter 2. though the data rate will be lower.23 86. Because most receivers have a receive sensitivity of –70 dBm or better (better being lower than –70). Let me explain this further. you determine that the receiver has a signal strength of roughly –74 dB from the original 50 mW. assume you have gathered the estimates listed in Table 4-2 for a particular connection between an AP and a client.21 100. The math to determine the –74 dB is as follows (from Table 4-2): –3 dB + 6 dBi = 3 dB 3 dB + –80 dB = –77 dB –77 dB + 6 dBi = –71 dB –71 dB + –3 dB = –74 dB You could also state it like this: (–3) + 6 + (–80) + 6 + (–3) = (–74) Once you have determined the loss in dB. this connection will likely work just fine. you can use the rules of 3s and 10s to determine the signal strength at the receiver.

but this upward propagation increases for a distance and then lessens. and they do this by flattening the wave. Because these antennas are omnidirectional. These three types are ■ Omnidirectional/dipole ■ Semidirectional ■ Highly directional Omnidirectional/Dipole Omnidirectional antennas propagate RF waves out from the antenna horizontally in all directions. which can be very useful for creating hotspots or covering large outdoor areas such as parks and corporate campuses. An example of such an omnidirectional antenna is shown in Figure 4-21. These antennas are sometimes called rubber ducky antennas because of the rubber shielding covering the actual antenna element. the wave looks more like a circle and less like a donut when you look at the propagating pattern. While the most common type of antenna installed in small networks is the basic omnidirectional or dipole antenna. The applications of omnidirectional antennas vary. but these many form factors can usually be categorized into three basic types of antennas. some of the wave propagates upward. but this concept is the best way to generalize the omnidirectional antenna’s functionality. First of all. if you use an AP with the default antenna configuration. nearly all APs come with an omnidirectional antenna—specifically a dipole antenna.172 Chapter 4: Wireless Networking Devices Three Antenna Categories Antennas come in dozens of form factors. Other omnidirectional antennas are intended to send waves a greater distance. place the AP in the center of the desired coverage area. you need to understand all three types so that you can select the best one for any situation. forming the shape of a donut. This circle is often referred to as a donut because the RF wave does not propagate in an outward direction only. . Another way to say this is the omnidirectional antenna sends out the RF waves in a perpendicular direction to the antenna itself. assuming the antenna is vertically polarized. Imagine an ever-growing circle around the antenna and you have the right concept. Omnidirectional antennas do not emit a perfectly circular radiation pattern. These antennas range in dBi from 4 to better than 15. Outdoor omni antennas are available in high-gain versions. In other words.

place a patch or panel antenna at each end of the hall and connect each one to a different AP using a separate channel. if you need to provide coverage to a group of offices along a long narrow hallway. Inc. and yagi antennas. Common form factors are the patch. These antenna types are useful for providing coverage down hallways and corridors inside buildings.) Semidirectional Semidirectional antennas come in a wide range of styles with a large variance in RF propagation patterns. The patch and panel antennas are generally flat form factors. Figure 4-22 shows the three types of semidirectional antennas. panel. mount a patch or panel antenna at one end of the hallway facing inward. If the hallway is of greater length. and the yagi (pronounced “YAH-gee”) antennas look like long rods with tines sticking out (though these tines are often covered by tubing). However. Sometimes using a yagi antenna solves this type of problem. For example.Antenna Types 173 FIGURE 4-21 Omni indoor wireless antenna: D-Link ANT240400 (Photo Courtesy of D-Link Systems. This placement usually provides coverage in the offices—as long as the hallway is not too long. the yagi may not provide coverage in the offices nearest the antenna. as it has a narrower beamwidth than the patch and panel antennas. .

and yagi antennas Yagi antennas can also be used in point-to-point links spanning distances of more than 3 kilometers (approximately 2–2. Assuming the air is uncongested with RF traffic. and buildings. panel. In other words. creating a single link (two antennas. With prices under $500 in many cases. and mounting kits) can cost less than $1500. reflection. Using these antennas. FIGURE 4-23 A parabolic dish . this link can be less expensive than the cost of leasing a line for two months. trees. and Figure 4-24 shows the grid antenna. it is a great cost/benefit solution. Highly Directional Highly directional antennas are generally used for WAN links such as point-topoint or point-to-multipoint. Figure 4-23 shows an example of a parabolic dish antenna. connectors. and refraction. a portion of the RF energy is lost due to absorption. Notice the similarities between the parabolic dish and a satellite dish.174 Chapter 4: Wireless Networking Devices FIGURE 4-22 Patch. Vendors often cite distances of more than 5 kilometers. If the wireless link provides the needed bandwidth. you can create a link that spans up to 35 miles. but this estimate is often unrealistic in real-world implementations because of interference by weather. two wireless bridges.5 miles). The parabolic dish and grid antenna are common examples of these antenna types.

and mounting kits are all needed. connectors. CERTIFICATION OBJECTIVE 4. In many cases. amplifiers. The grid antenna. Connectors Antennas come with different types of connectors. Common connector types include ■ N-type ■ F-type . withstands heavy winds well and is useful to maintain alignment in high wind areas.03 Antenna and RF Accessories You will need more than just an antenna and a wireless device to get your wireless connections working. with the holes in the back panels.Antenna and RF Accessories 175 FIGURE 4-24 A grid antenna This form factor allows for less of the signal to propagate behind the antenna and therefore provides more strength in the desired direction of propagation.

For example. ■ Be sure to select cable that is rated for the frequency you will be using. ■ Check with the vendor to discover the loss incurred per foot or per 100 feet before selecting the cable. Keep the following factors in mind when selecting RF cables for your implementation: ■ Different cables have different levels of loss. You might think of it as using licensed wireless bands today without paying for them—only then someone really paid for the implementation of the infrastructure. it may be illegal to use them with your equipment. and reverse-threaded models. but if you used them to break into the phone network.176 Chapter 4: Wireless Networking Devices ■ SMA ■ BNC ■ TNC In addition to the different types. make sure it matches your equipment in type and impedance. connectors should match your equipment. The FCC states that an adapter can be used only if it is part of a certified system. a kind of phone phreaking. Blue boxing. reverse-polarity. While it is not illegal to sell the pigtail adapters. . Look closely at the packaging for the antenna and the device to ensure they both use the same connector type. was a method used to access the long-distance mode of the telephone network without paying for it. and this should be considered when selecting the cabling for your system. adapters are available to convert from one connector type to another. In some cases. When selecting an RF connector. there are also variations on each type. the N-type connector comes in standard. This is reminiscent of the old days when crackers would phone phreak the telecom network with tone generators. Cables RF cables are used to connect the transceiver to the antenna (and possibly other in-series devices). so not all cables are the same. ■ Make sure the impedance of the cable matches the rest of your system. Cables have different levels of loss. When selecting antennas. but you must verify that the use of a pigtail adapter does not breach FCC regulations. you were—of course—committing a crime. If you’ve heard of blue boxing. you’ve heard of phone phreaking. It was legal to buy all the items to build the tone generator at your local electronics store.

Amplifiers Amplifiers are used down line from the antenna to increase the strength of the RF signal. Lightning arrestors are installed in series between the antenna and the AP or bridge (transceiver). you should install the lightning arrestor closer to the antenna with nothing between it and the antenna—if possible.Antenna and RF Accessories 177 ■ Higher frequencies mean greater loss in the same cable. will not be protected by the lightning arrestor. Amplifiers are useful when creating a wireless WAN link with a 15 dBi antenna that supports up to 100 mW of input power if your bridge outputs only . Among the features to look for in lightning arrestors are ■ Meeting the IEEE standard of <8 µs ■ Gas tube breakdown voltage ■ Reusability ■ Impedance ■ Frequency response ■ Connector types The basic functionality of a lightning arrestor is as follows: 1. Lightning strikes near the wireless antenna. if your antenna is struck directly by lightning. Extra components installed between the lightning arrestor and the antenna. The lightning arrestor senses these currents and immediately causes a short in order to direct the current to earth ground. such as connectors or amplifiers. Lightning Arrestors Lightning arrestors are installed in order to redirect or shunt electric currents caused by lightning strikes in close proximity. you will lose it and most likely the equipment to which it is attached. 2. Sadly. Lightning arrestors should be rated at <8 µs. ■ Either master the art of building cables or hire a professional to cut the cables and install the connectors so that you do not unnecessarily introduce extra loss. They are not meant to protect against direct lightning strikes. For this reason. 3. Transient currents are induced into the antenna or RF transmission line.

. you might need to purchase extra mounting kits and even build custom kits in many situations. For simple situations. be sure to fasten the pole in a solid concrete base. Pole or Mast Mounts Pole or mast mount installations are usually performed outdoors. Ceiling Mounts Ceiling mounts are useful for omnidirectional antennas. This is useful when you need to install an antenna in the center of a large open space and there are no poles or desks on which to place the antenna. and wall mount.178 Chapter 4: Wireless Networking Devices up to 50 mW. antennas can be mounted in various ways. With point-to-point and point-to-multipoint links. CERTIFICATION OBJECTIVE 4. In these cases. This will keep the pole from moving by large enough amounts to impact the alignment in a short period of time. it is very important that you mount the antennas firmly so that they do not lose alignment. The antenna can be placed in such a way that it hangs down from the ceiling and provides coverage to the surrounding area. public coverage areas can be created very easily by mounting an antenna on a pole or mast—usually with some type of u-brace—and connecting it to an AP or WLAN router. and sizes. ceiling mount. you can generally use the default kit that comes with the antenna. Mounting Kits Mounting kits come in all shapes. You can double the RF signal before it reaches the antenna and then get the full benefit of the antenna’s gain (while remaining within FCC regulations).04 Antenna Placement Much like the APs and bridges themselves. types. If the antenna installation will be sensitive to alignment variations. These methods include pole or mast mount. If you need to mount the antenna outdoors.

In most small networks (SOHO and small businesses).or semidirectional antenna at the central hub of the network. lightweight. multiple antennas have been used in single wireless APs for a long time. In fact. This will allow the sector antennas to cover the appropriate area. Mounting Recommendations Sector antennas are often mounted on poles or masts. or they may be managed centrally through WLAN controllers/switches or WLAN management software. When creating wireless WAN bridge links. . however. Aim these antennas at each other to establish a link. CERTIFICATION SUMMARY Wireless APs and controllers/switches create the heart of your WLAN. Patch and panel antennas are also often mounted on walls. the antenna with the better reception is used for wireless communications. A final important note about antennas is that multiple antennas do not automatically mean MIMO technology (think 802.or semidirectional antennas to create indoor coverage.11n). In addition to mounting the sector antennas. Place omnidirectional antennas in locations that are central to the desired coverage areas and the semidirectional antennas on the outer edge of the coverage area with the antenna aimed so that the RF energy is propagated inward. Lightweight APs may connect to the controller through direct or distributed connection. link type. The APs may be autonomous. The placement of your wireless antennas depends entirely on the antenna type. you install omni. Basically. They will then propagate their RF energy inward to the inner building coverage area. you should use semidirectional or highly directional antennas in most cases. use either an omni. the entire AP is usually mounted on the wall with the antennas attached directly to the AP. It is assumed that the RF signals will travel directly backward through the wall or will reflect and refract around it. With omnidirectional antennas.Certification Summary 179 Wall Mounts Wall mounts are used for both omnidirectional and semidirectional antennas. and power output. you must be sure to provide the proper amount of downtilt. These dual antennas allow for antenna diversity. APs can be managed directly through web and console interfaces. or mesh APs. When creating a point-to-multipoint connection.

The term wireless switch is sometimes used to refer to a wireless router with a builtin switch. These can be enterprise devices or SOHO devices. a wireless switch is a “wireless aware” switch. mount your antennas firmly and install them properly. When selecting antennas. When you need to create a longdistance link. . Power over Ethernet gives you an alternate way to power wireless devices. Select omnidirectional antennas for indoor use and coverage of small to medium outdoor areas. The power is carried over the standard CAT5 or CAT6 cabling to the device. Wireless repeaters are basically access points configured as repeaters. In enterprise terms. you need to upgrade to parabolic dish and grid antennas. Wireless bridges are basically access points configured to bridge communications across the wireless medium. Semidirectional antennas are used indoors for narrow and long coverage patterns and outdoors for short-distance wireless links. Lightweight access points have no localized configurations and are managed through the central controller—the wireless switch. they are used to increase the range of the wireless network. To ensure consistent coverage and connections.180 Chapter 4: Wireless Networking Devices Switches are often used in wireless implementations to centralize the management and control of infrastructure devices such as wireless access points and routers. The proper gain and coverage pattern allow you to “fill” the coverage area with RF signals and create a functional wireless LAN. Either way. This means that it is a special switch capable of controlling thick or thin access points. or they are permanently configured to act as a repeater. it is important to consider the gain of the antenna and the advertised coverage pattern. There are many types of antennas for many different purposes.

❑ Semidirectional antennas are used to propagate RF energy in a half-moon direction. ❑ A wireless repeater is a WLAN AP that acts as a go-between for a wireless client and the other WLAN APs. they may be placed on a wall directing the energy inward. ❑ Lightweight APs depend on a centralized controller to manage much if not all of the MAC functions. ❑ Omnidirectional antennas are used indoors and whenever links must be made in all directions around the antenna.11 MAC and PHY in the built-in firmware and hardware. It is used to extend the range of the WLAN. Antenna and RF Accessories ❑ The proper connector type must be matched when replacing antennas and RF cables. ❑ A wireless bridge is used to connect two otherwise disconnected networks using the wireless medium. ❑ Highly directional antennas usually radiate RF energy in a pattern of less than 90 degrees. . Antenna Types ❑ Omnidirectional antennas radiate RF waves out around the dipole antenna in a donut-shaped pattern. ❑ Highly directional antennas are almost exclusively used in outdoor bridge link scenarios that are Point-to-Point (PtP) in nature. ❑ Semidirectional antennas send most of the RF energy out one side of the antenna or in a 180-degree radiation pattern or less. and the APs provide the PHY functions. For example. ❑ WLAN routers are usually just wired routers that include an AP as a method of connecting to the LAN side of the router.Two-Minute Drill 181 ✓ TWO-MINUTE DRILL Wireless Network Components ❑ Autonomous APs include the entire 802. The device will also have a WAN port for connecting to other networks or the Internet.

❑ Wall mounts are useful when using semidirectional antennas to cover an indoor area. .182 Chapter 4: Wireless Networking Devices ❑ RF cables should match the impedance of all connectors. ❑ Ceiling mounts are very useful when you want to cover an indoor area with an omnidirectional antenna. You can place the antenna on the ceiling and central to the coverage area. Antenna Placement ❑ Pole and mast mounting is useful in outdoor installations and when mounting antennas on indoor beams. and the loss incurred by the cable should be considered. ❑ Lightning arrestors should meet the IEEE standard of <8 µs.

Thin D. What kind of AP includes the entire 802. Lightweight C. Mesh 4. Lightweight D. Choose all correct answers for each question. Wireless repeater C. Wireless bridge B. What device is designed specifically to extend wireless networks into areas such as this? A. Wireless AP D. You need to extend the range of your wireless network. What wireless device is like a wired router but also includes an AP? A.11 MAC and PHY implementation within the device? A. Wireless Network Components 1. Thick C. Wireless router C. Wireless AP B. Access port .Self Test 183 SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Wireless repeater D. Read all the choices carefully because there might be more than one correct answer. The area to which you wish to extend the network does not have wired Ethernet. Wireless bridge 3. Wireless router 2. What kind of APs will connect to this controller in a common implementation? A. Autonomous B. You are installing a WLAN that utilizes a WLAN controller. Autonomous B.

Omnidirectional B. <12 µs Antenna Placement 9. Highly directional 7. Highly directional Antenna and RF Accessories 8. What is the IEEE standard for lightning arrestor response time? A. >16 µs D. Ceiling mount .184 Chapter 4: Wireless Networking Devices Antenna Types 5. and you want as much of the signal to be maintained within the link as possible. Wall mount B. Semidirectional C. Semidirectional C. The building space can be covered with a single AP and antenna. Highly directional 6. Patch/panel D. You are implementing a WLAN within a small building. What kind of antenna will you choose? A. What kind of antenna is mostly used in outdoor bridge links? A. You are installing an omnidirectional antenna that must provide coverage to the space surrounding the antenna. You are creating a wireless bridge link that will span approximately 600 meters. >8 µs B. What mounting method will you use? A. What kind of antenna will you choose? A. Omnidirectional B. Semidirectional C. Omnidirectional B. The link is a point-to-point link. Patch/panel D. You want to place the antenna in the center of the coverage area. <8 µs C. Patch/panel D. The antenna must be fastened and cannot be placed on a shelf or countertop. The space covered is a single floor and is only about 400 square feet.

and they all use standard Ethernet for connectivity. Tower mount D. The second floor contains only stationary users. These users share desks and may work at one desk one day and another desk the next day. what kind of antennas would you use and where. You will use an omnidirectional antenna. You are installing a WLAN for employees in the outdoor recreation area of your facility. At the north-most edge of the recreation area D. What kind of antenna can be mounted on the wall and radiates the signal in a half donut fashion? A. Where would you place the antenna that covers the recreation area? A. how many APs would you recommend on each floor. and would you implement lightweight or autonomous APs? Additionally. and the other half work on the third floor. Omni B. Omni B. Inside the building B. Desktop placement 10. in general terms. What kind of antenna has a very high gain and is aimed in one specific direction? A. About half of the users work on the first floor of the building. Dipole C. They do not want to use cluttered Ethernet cables for connectivity. Each floor contains standard six-foot separation panel offices with no permanent walls. Rubber ducky D. Highly directional 12. Patch D. The company has 35 laptop computer users who want to begin accessing the network through the WLAN. Given what you’ve learned in this chapter and the preceding chapters. At the edge of the recreation area farthest from the building 11. In the center of the recreation area C. Parabolic dish LAB QUESTION You are installing a WLAN for a small company. Dipole C. You only want the employees to be able to access the Internet from here.Self Test 185 C. would you position them? .

186 Chapter 4: Wireless Networking Devices SELF TEST ANSWERS Wireless Network Components 1. Autonomous B. You need to extend the range of your wireless network. Wireless repeater C. The area to which you wish to extend the network does not have wired Ethernet. ® A. B. and D are incorrect. ® A. A wireless bridge is used to create wireless links between disconnected networks. What wireless device is like a wired router but also includes an AP? A. What device is designed specifically to extend wireless networks into areas such as this? A. A wireless router is basically a wired router that also includes an AP. 2. Thick C. Wireless bridge B. Wireless AP D. 3. Wireless repeater D. A lightweight AP is used with a WLAN controller or switch. Mesh APs work in a dynamic manner. . A wireless repeater is used to extend the range of a wireless network. Lightweight D. A wireless AP is a standard access device used to gain access to ˚ wired and wireless networks. Wireless bridge ✓ ® C is correct. A wireless bridge is used to create wireless links between ˚ disconnected networks. Wireless AP B. B. A wireless repeater is used to extend the range of a wireless network. B. and C are incorrect. Mesh ✓ ® C is correct. ® A. Wireless router C. Autonomous and thick APs include the entire MAC and ˚ PHY within the device and do not rely on WLAN controllers or switches. A wireless AP is a standard access device used to gain access to wired and wireless networks. building routes among themselves and coordinating channels and power levels. What kind of APs will connect to this controller in a common implementation? A. You are installing a WLAN that utilizes a WLAN controller. Wireless router ✓ ® D is correct. A wireless router is basically a wired router that also includes an AP. and D are incorrect.

C.Self Test Answers 187 4. Autonomous B. What kind of antenna will you choose? A. You are implementing a WLAN within a small building. Semidirectional and patch/ panel antennas are used for very short bridge links or to cover an area in one direction. ® B. Highly directional ✓ ® A is correct. and you want as much of the signal to be maintained within the link as possible. You want to place the antenna in the center of the coverage area. . The building space can be covered with a single AP and antenna. ® B. Access port ✓ ® A is correct. Omnidirectional antennas are best for coverage purposes such as covering an indoor area or an outdoor area for access by devices. 6. What kind of antenna will you choose? A. ® B. The link is a point-to-point link. Omnidirectional B. Omnidirectional antennas are best for coverage purposes such ˚ as covering an indoor area or an outdoor area for access by devices. Patch/panel D. You are creating a wireless bridge link that will span approximately 600 meters. Highly directional antennas are best for bridge links. A lightweight or thin AP is used with a WLAN controller ˚ or switch. C. Autonomous and thick APs include the entire MAC and PHY within the device and do not rely on WLAN controllers or switches. Thin D. Lightweight C. and D are incorrect. building routes among themselves and coordinating channels and power levels. Highly directional antennas are best for bridge links. What kind of AP includes the entire 802. Antenna Types 5. Semidirectional C. Highly directional ✓ ® D is correct. Semidirectional C. C.11 MAC and PHY implementation within the device? A. Patch/panel D. Mesh APs work in a dynamic manner. Semidirectional and patch/panel antennas are used for very ˚ short bridge links or to cover an area in one direction. Omnidirectional B. and D are incorrect. and D are incorrect.

® A. Antenna and RF Accessories 8. <8 µs C. . A tower mount would be useless indoors. Desktop placement is explicitly disallowed in the question. The IEEE standard is <8 µs. Antenna Placement 9. Tower mount D. Semidirectional C. What mounting method will you use? A. Semidirectional and patch/ panel antennas are used for very short bridge links or to cover an area in one direction. ® A. Desktop placement ✓ ® B is correct. ® A. <12 µs ✓ ® B is correct. A wall mount would cause much of the signal to be leaked to ˚ the outside of the building. Highly directional antennas are best for outdoor bridge links. Omnidirectional antennas are best for coverage purposes such ˚ as covering an indoor area or an outdoor area for access by devices. You are installing an omnidirectional antenna that must provide coverage to the space surrounding the antenna. C. C. >16 µs D. Patch/panel D. and D are incorrect. A ceiling mount would be best for the omnidirectional antenna. The antenna must be fastened and cannot be placed on a shelf or countertop. Wall mount B. >8 µs B. as they reflect improper response ˚ times. Highly directional ✓ ® D is correct. These answers are incorrect. and D are incorrect.188 Chapter 4: Wireless Networking Devices 7. What kind of antenna is mostly used in outdoor bridge links? A. The space covered is a single floor and is only about 400 square feet. B. Ceiling mount C. What is the IEEE standard for lightning arrestor response time? A. Omnidirectional B. and C are incorrect.

At the edge of the recreation area farthest from the building ✓ ® B is correct. You will use an omnidirectional antenna. ˚ A parabolic dish is a highly directional antenna and does not radiate in a half donut pattern. and D are incorrect. . Placing the antenna inside the building will reduce signal ˚ strength and coverage for the area. B. and D are incorrect. and rubber ducky are all the same kind of antenna ˚ that radiates in a full donut shape around the antenna. Highly directional ✓ ® D is correct. Inside the building B. Omni. ® A. Patch D. A highly directional antenna fits this description. Omni B. You are installing a WLAN for employees in the outdoor recreation area of your facility. You only want the employees to be able to access the Internet from here. B. ® A. Dipole C. it should be placed in the center of the coverage area. A patch or panel antenna fits this description. Rubber ducky D. dipole. Parabolic dish ✓ ® C is correct. Omni B.Self Test Answers 189 10. 12. Where would you place the antenna that covers the recreation area? A. What kind of antenna has a very high gain and is aimed in one specific direction? A. Dipole C. At the north-most edge of the recreation area D. C. Since an omni antenna is used. An omni antenna is not usually placed at any edge of a coverage area. What kind of antenna can be mounted on the wall and radiates the signal in a half donut fashion? A. An omni or dipole antenna would radiate in a full donut pattern. In the center of the recreation area C. and C are incorrect. ® A. 11.

what kind of antennas would you use and where.190 Chapter 4: Wireless Networking Devices LAB ANSWER You are installing a WLAN for a small company. in general terms. The company has 35 laptop computer users who want to begin accessing the network through the WLAN. About half of the users work on the first floor of the building. You could configure one AP to use channel 11 and the other to use channel 1. You may choose to install two APs on each floor. You will probably place one antenna in the middle of the left third of the floor and the other antenna in the middle of the right third of the floor. They do not want to use cluttered Ethernet cables for connectivity. With two APs on each floor and the APs using 7 dBi antennas.Your answer may vary. how many APs would you recommend on each floor. . and the other half work on the third floor. Given what you’ve learned in this chapter and preceding chapters. Each floor contains standard six-foot separation panel offices with no permanent walls. would you position them? The following represents one possible solution to the lab. you should accomplish both satisfactory coverage and enough throughput for 9 to 10 users on each AP. and would you implement lightweight or autonomous APs? Additionally. and they all use standard Ethernet for connectivity. These users share desks and may work at one desk one day and another desk the next day. the signal will flatten and less of the signal should leak up or down to the floors above or below. The second floor contains only stationary users. If you use high-gain omnidirectional antennas (7 dBi should suffice).

01 Client Devices and Software Two-Minute Drill Q&A Self Test ✓ .5 Wireless Client Devices CERTIFICATION OBJECTIVES 5.

Finally. laptops. a chipset may support only the transmission of 2. If you need to connect an older PC to the wireless network. Most of these devices cannot operate both PHYs at the same time but must switch between them or operate on only one of them. you need to connect the client devices to the network. and tablet PCs. the vendor allows for the device to be used in unique ways for testing and site surveying purposes. there is likely a way to connect without great difficulty. This chapter covers the many wireless client devices that you can connect to desktop PCs.4 GHz ISM signals and support the DSSS. The CWNP Program refers to such a device as an ERP/OFDM device because it actually implements the ERP and OFDM PHYs. For example. and IP cameras. The chipset and antenna are points of differentiation. the device can be set up with an external semidirectional antenna to compare communications quality with that obtained using a dipole antenna. You’ll also discover client devices such as gaming adapters. For example.11a/b/g adapter. and interfaces for connectivity to the device intended to communicate on the WLAN. The form factor. antennas for RF transmission and reception. O WLAN Client Device Internals Every WLAN client device is composed of a similar set of hardware components and software elements. If you need to connect a laptop to the wireless network.4 GHz ISM signals and the 5 GHz UNII signals as well. Client devices usually have built-in antennas. A device that supports both the ERP and OFDM PHYs is often called an IEEE 802. By supporting external antennas. Chipsets provide the actual implementation of the IEEE 802. which allows for support for the OFDM PHY. wireless presentation gateways. or a chipset may support the 2. Whatever the situation. you’ll learn about print servers—their functionality and benefits—and hotspot gateways as well. The hardware components include chipsets for radio control and management. or Mini-PCI. wireless client devices are available for that. determines the interface to the communicating device. There are many different client devices available for all the various scenarios you may encounter. you can connect—even without a built-in wireless or PCMCIA port—by using a wireless USB adapter. .192 Chapter 5: Wireless Client Devices nce your wireless infrastructure is in place. PDAs.11 PHYs that are supported by the client device. but many devices do also support the use of external antennas. Compact Flash. and ERP PHYs. HR/DSSS. whether it be PCI.

if you can connect it to the back of the computer only. like the one shown in Figure 5-1. and PCMCIA) ■ USB devices PCI and MiniPCI PCI wireless adapters are generally installed in desktop computers. The wireless PCI card with a built-in radio has a larger antenna that provides better reception. I’ll cover devices categorized as ■ PCI ■ MiniPCI/MiniPCIe ■ SDIO ■ Compact Flash ■ CardBus PC cards (ExpressCard. Later. Wireless client devices may be defined as any device that acts as a client to a WLAN. This setup helps overcome the issue with common PCI cards. therefore. However.11b devices supporting the HR/DSSS and DSSS PHYs. There are benefits to this scenario as well. CardBus. the antenna can also be a disadvantage. This form factor can be a benefit. Most of these devices are 802. you can remove the card from the desktop and insert it into your laptop for portable wireless access. You can slide a PCMCIA card into the PCI card slot and turn on the computer to have wireless access from your desktop. The majority of modern PCI wireless adapters have radios built in and. the back of the computer is a bad location because it’s more difficult for the antenna to pick up and send radio signals. Some PCI devices support cabled antennas that you can place some distance from the computer. Ensure the PC is powered off and that you discharge any static electricity that might have built up .01 Client Devices and Software Client devices come in many form factors and styles. When installing a PCI card. no longer need the PCMCIA cards to communicate.Client Devices and Software 193 CERTIFICATION OBJECTIVE 5. Older cards might actually be PCMCIA placeholders that support various PCMCIA radio cards. The computer itself will cause reflections and other RF reactions that may weaken the signal. take the usual precautions.

such as the one shown in Figure 5-2. your system detects that card and installs the drivers (assuming you have a modern plug-and-play system). Inc. Inc.194 Chapter 5: Wireless Client Devices FIGURE 5-1 PCI client device with cabled antenna (Photo Courtesy of D-Link Systems. into the open slot. Find an open PCI slot and slip the device. If the card is newer than the OS. This static discharge can be done by using specifically designed ESD (electrostatic discharge) wrist straps connected to a grounding point or by touching the internal metal frame of the computer while it is connected to a power source.) in your body. You then replace the cover and turn on the computer.) . you may have to install the drivers manually because the OS may not recognize the device. FIGURE 5-2 Standard PCI client device (Photo Courtesy of D-Link Systems. If device drivers are available for the card.

and you should be aware of the Mini-PCIe their reception is generally at least as good as a or Mini-PCI express. These small devices are generally installed in laptop computers and In addition to the Mini-PCI.” To use this referenced device.11b. a vendor may say. CF cards have a different form factor than SDIO in that they are much larger and often support only 802. USB and PC Card Wi-Fi devices can be used even with built-in chipsets on the motherboard. They are intended for use . Check the specifications closely. e-mail. As Figures 5-3 and 5-4 show. Compact Flash Like SDIO cards. You can disable the built-in wireless and use the USB or PC Card client instead. Most laptops built USB device with a built-in antenna (such as a after 2005 use Mini-PCIe and can support USB thumb wireless client). Before using a client device. you have to be running Windows Mobile 2003. allows for more Mini-PCIe devices or this upgrade means you have to physically smaller laptops. replace the hardware and not just upgrade some drivers or firmware. tablet PCs. They provide built-in antennas. “All you need is a Pocket PC 2002 or Pocket PC 2003 (running Windows Mobile 2003) with an SDIO slot running SDIO Now!. You might encounter the rare laptop that supports SD slots for more than memory sticks. it is still simpler and less expensive to purchase new Mini PCI hardware than to upgrade the standard soldered or integrated wireless. For example. One great benefit swapping adapters. you must have an SDIO slot supporting SDIO Now!. Of course. Nonetheless. Compact Flash (CF) cards are used in handheld devices. Remember. which often cannot be replaced without changing the entire system board.Client Devices and Software 195 Another form factor used with PCI devices is the Mini-PCI device. and you can use the SDIO WLAN card to access the Internet.This benefit newer standards and specifications. and corporate servers. Of course. but it’s not common. not all SDIO cards work with all devices. and your PDA has to be a Pocket PC 2002 or 2003 device.The major advantage to laptops using the Mini PCI port is the fact of Mini-PCIe over Mini-PCI is that that they can usually be upgraded to support Mini-PCIe is half the size. SDIO The SDIO (Secure Digital Input Output) wireless network adapter is used in PDAs and looks like a long SD (Secure Digital) memory stick. it’s important to understand what it requires.

They may also be used in desktop computers. Inc. PC Cards provide the benefit of easy removal and replacement as new standards are developed and new security capabilities are implemented. though this practice is becoming less common.11g access points.11b to 802. and ExpressCard.11g.196 Chapter 5: Wireless Client Devices FIGURE 5-3 D-Link CF adapter (Photo Courtesy of D-Link Systems.) FIGURE 5-4 NETGEAR MA701 CF wireless card with handheld devices with lower battery levels and processing power. The PC Cards come in three major types: PCMCIA. .11b mode. CardBus. so do not let vendor literature fool you when it says they can roam from 802.11b and 802.11b card. CardBus PC Cards PC Cards are the most common type of add-on WLAN network interface cards (NICs) used in laptop computers. it can’t communicate with any AP that doesn’t allow 802. when in reality if the card is listed as an 802. Many have taken this to mean that the CF card supports both 802.

and Type III. there were eight releases (complete new standard) and seven updates (minor modifications or changes not warranting a new release). The biggest difference between a pre-5. and 10.6 mm long and 54. to April 2001.11 processes and the power requirements. this makes a lot of sense. from June 1990.3. PC Cards are fine for HR/DSSS devices. Over the years. Most WLAN NICs that use the PCMCIA standard are Type II or Type III cards.) . The Type I. Thankfully.0. when the first PCMCIA standard was completed. just know that CardBus devices are faster and more capable than PCMCIA. FIGURE 5-5 Belkin CardBus wireless NIC (Courtesy of Belkin International. as Figure 5-5 shows. You might say that CardBus is high-performance (50 Mbps) PCMCIA. but CardBus cards do not work in PCMCIA slots (except for rare instances where a CardBus card is backwardly compatible with PCMCIA). many laptops are built that support one Type III card or two Type II cards.0 PCMCIA) card is that the newer cards support a 32-bit bus while the older cards support only a 16-bit bus. whereas PC Cards are low-performance (10 Mbps) PCMCIA. This is due to the chipsets needed to run the IEEE 802. Type II.0 PCMCIA card and a CardBus (post-5. If you’re familiar with standard PC hardware of the past. A CardBus wireless device looks like a PCMCIA device. 5. the cards usually have CardBus printed on them clearly. but they cannot keep up with the speeds of ERP or OFDM devices. Type II. but the thickness varies according to card type. If not. the PCMCIA standard has evolved to include newer capabilities.Client Devices and Software 197 The earliest standardized laptop or notebook computer add-on card was the PCMCIA (Personal Computer Memory Card International Association) card. In fact. These cards come in three form factors: Type I. Because they differ only in thickness.0 through 8. Think of CardBus as PCI and PCMCIA as ISA. covering PCMCIA releases 5. PCMCIA cards usually work in CardBus slots.0.0 mm wide). and Type III cards have thicknesses of 3. Inc. The length and width are the same for all three form factors (85. As you might guess. The newer CardBus standard is actually the newest and highest-performance version of the PCMCIA standard.5 mm respectively.

no ExpressCard/54 form factor WLAN devices could be located. The benefit of this device is that it allows more precise positioning of the . while based on the PCMCIA standards. At the time of this writing. or III PCMCIA slot. most laptops with ExpressCard slots contain a universal slot that can support both form factors. and ExpressCard/34 cards will work in ExpressCard/54 connector slots. ExpressCards can be roughly half the size of PCMCIA cards and are also lighter. since the ExpressCard/34 devices will work in any computer with an ExpressCard slot—either 34 or 54.0 supports faster throughput (up to 480 Mbps) than USB 1.0/1. The ExpressCards come in one of two form factors: ExpressCard/54 and ExpressCard/34. This is because the CardBus cards are actually just PCMCIA cards that use a later version of the PCMCIA standard supporting 32-bit bus architectures. however. tablet PC.198 Chapter 5: Wireless Client Devices The newest add-on card standard is the ExpressCard. uses a different form factor and does not work in a Type I. However.0. Both cards use a 34 mm–wide connector. there are only two kinds of WLAN NICs that use the form factor discussed in this section: PCMCIA and ExpressCard. and the ExpressCard/34 is 34 mm wide. or desktop computer as long as the computer has a USB port and the port is capable of the device’s USB version requirements. I mean that any USB device can be used in a laptop. USB Devices As the name implies. USB devices are beneficial in that they are universal (USB stands for Universal Serial Bus). The ExpressCard.0 or 1.1 and thus limit your options. An ExpressCard/54 card will not work in a slot that is designed only for ExpressCard/34 and is only 34 mm wide. older laptops support only USB 1.0 PCMCIA standard and the term CardBus is used to reference devices that comply with the PCMCIA 5. The ExpressCards connect directly to PCI Express and USB ports in the host computer rather than connecting to the CardBus port. By this. the phrase PC Card is used to refer to devices that comply with the pre-5. II. There are two versions of USB at this time: USB 1. Generally. It seems that most vendors are choosing to implement the ExpressCard/34 form factor.0 or higher standard. The form factor of USB devices varies. Ultimately. This is a logical decision. The ExpressCard/54 is 54 mm wide.1 and USB 2. the ExpressCards support PCI Express applications. The same is not true in reverse. USB 2.1 (12 Mbps) and is the preferred device type for wireless networking. Rather than just supporting PCI applications like the PCMCIA cards. and Figure 5-7 shows an external USB adapter with a built-in positional antenna. Figure 5-6 shows a thumb-type USB adapter.

Inc. you need to install and configure the device. Client Drivers Once you’ve selected the right wireless client device type. Installation can be as complex as updating firmware to support the wireless standards you are using or as simple as connecting the device and watching it magically work.) device and antenna and therefore better reception. FIGURE 5-7 NETGEAR USB external wireless adapter .Client Devices and Software 199 FIGURE 5-6 USB thumb-type wireless adapter (Photo Courtesy of Cisco Systems. The benefit of the thumb-type USB adapter is obvious—it’s extremely portable and can be carried easily for when you need wireless access most.

Verify System Requirements The first step is to ensure that the wireless hardware is compatible with your system. The ZyAIR G-220 lists the following requirements: ■ Pentium II 300 MHz or above ■ 6MB available hard drive space ■ 32MB RAM ■ CD-ROM drive ■ An open USB port ■ Windows 98 SE. 3. Windows ME. or Windows XP FIGURE 5-8 ZyAIR G-220 . Verify system requirements. Install the drivers. 2. These devices. provide for greater mobility and flexibility. 4. I’m going to walk you through the installation and configuration of a ZyXEL ZyAIR G-220 USB thumb-type wireless NIC. This is a standard USB wireless client having a small form factor for easy portability. This device is shown in Figure 5-8. while not as capable as a USB device with an external antenna. The steps to install a wireless client are as follows: 1. Connect the device. Windows 2000. Test connectivity. You can usually do this by reading the included vendor documentation or by visiting the vendor’s web site.200 Chapter 5: Wireless Client Devices To help you understand the process of installing and configuring a client device.

I have four open USB ports and a CD-ROM drive. I simply plug it into an available USB port or hub. and my operating system is Windows XP Professional. I’d turn off the computer and then remove the cover and install the PCI card. Not This Time to indicate that I do not want to search Windows Update for drivers. On the next screen. Given the requirements and these PC specifications. My system quickly notifies me that the driver has not passed Windows logo certification. so I choose to continue anyway. Because I’m installing a USB device. installation should not be a problem. but it’s a difficult and time-consuming process and. with USB devices. In my case. Install the Drivers When I’ve placed the device in the USB port. you can often ignore it. the device is compatible with newer Windows operating systems only. you must be certain that the device you select supports the operating system you wish to run. I’ll be installing the client device on a P4 3. If this were a PCI device. note the CD-ROM requirement. Second. often fails.4 GHz processor with 2GB of memory and a 120GB hard drive. since I’m running Windows XP Professional on my laptop. I select to install the drivers from a list or specific location and then route the installation to my CD-ROM drive where the ZyXEL CD is waiting. The reason it’s listed as a requirement is for driver and software installation. I used the Windows XP Wireless Zero Configuration (WZC) and its built-in wireless management interface. I click No. While listed as a requirement. the dialog shown in Figure 5-9 appears. First.Client Devices and Software 201 There are two important things to note about these requirements. This dialog alerts me that a new device has been detected and provides options for installing the device. I can test connectivity. If you download the drivers from the Internet and copy them to the computer’s hard drive. Sometimes you can find drivers on the Internet for operating systems other than those listed. Connect the Device The second step in the installation process is to connect the device. shown in Figure 5-10. and then I click Next. Test Connectivity Now that the drivers have been installed. After the system copies a few files. but this is not uncommon. Here you see two available wireless . For this reason. I click Finish to complete the driver installation. you do not need a CD-ROM drive.

202 Chapter 5: Wireless Client Devices FIGURE 5-9 Hardware detection screen FIGURE 5-10 WZC configuration interface for Windows XP .

I select the one labeled NETGEAR and click the Connect button. I’m connected and my wireless client has been configured. When I insert the CD into my CD-ROM drive. open the CD and look for a SETUP or INSTALL executable and double-click that file to begin the process. I see the screen shown in Figure 5-11. To install the software. If it does not start automatically. you need to install the client software that comes with your wireless client. The ZyXEL device I just installed comes with its own client software. If you are implementing a business or home network. there is no need for WEP or WPA configuration (WEP and WPA are security options). In moments. sadly. you insert the CD into CD-ROM drive. for many small networks. FIGURE 5-11 ZyXEL autorun installation routing . I’ll talk more about wireless security in Chapter 7. Client Software If you choose not to use Windows’ wireless connectivity features (WZC). This is common for hotspots and.Client Devices and Software 203 networks. where I can choose from several options. I select Install Utility. Because this is an open network. you should implement wireless security to protect your data and privacy. and the installation process begins automatically.

this simple tool is all you need for a small network for home users or small businesses. PCI. Figure 5-12 shows the site survey mode of the client software when I’ve positioned my laptop close to the AP (approximately 6 feet away). While this is not always the case. You can see how you could use this software to perform a site survey. but it’s useful for discovering where you have RF coverage in your facility. but in many cases. and you will no longer be able to configure the wireless connection using this tool. FIGURE 5-12 ZyXEL Site Survey software (6 feet from the AP) . Figure 5-13 shows the same site survey mode when my laptop is more than 100 feet away from the AP. Notice the difference in signal strength. More complex tools are available. or any other form-factor client devices. you should be aware that it is a possibility. One interesting feature offered by most client software programs is a site survey feature.204 Chapter 5: Wireless Client Devices Once you’ve installed the vendor utilities. they often take precedence over the WZC feature. The capabilities of this feature vary. The client software that comes with the ZyXEL USB wireless device is similar to client software that comes with other USB.

Wireless IP Phones are no longer covered on the CWTS exam. For example. and feature sets. includes the following features: ■ Six multiline appearance-extensions or speed dials ■ Calling name and number display ■ Call waiting ■ Call forwarding . Dedicated wireless VoIP phones come in different shapes. or they can be computing devices configured to operate as wireless VoIP phones. discussed briefly in Chapter 4.The information in this section is provided for your benefit as an administrator. shown in Figure 5-14. are client devices used to access VoIP networks through wireless networks.Client Devices and Software 205 FIGURE 5-13 ZyXEL Site Survey software (100 feet from the AP) Wireless IP Phones Wireless IP phones. sizes. These devices can be dedicated wireless VoIP phones. the Cisco wireless IP phone 7920.

Inc.) ■ Call transfer ■ Three-way calling (Conference) ■ Pre-dialing before sending ■ Redial ■ Call hold/resume ■ Call mute ■ Call park ■ Call pick-up/group pick-up ■ “You Have Voice Mail” message on display ■ Hotkey for keypad lock ■ Hotkey for voice-mail access .206 Chapter 5: Wireless Client Devices FIGURE 5-14 Cisco 7920 wireless IP phone (Photo Courtesy of Cisco Systems.

When using a PC or laptop as a wireless VoIP client. and German in the first release ■ Local phone book Most of these devices support standard security features such as WEP and WPA as well as phone locking capabilities. One connects to each gaming . When the phone is locked. Wireless gaming adapters usually work in one of two modes: console-to-console connections or console-to-Internet connections. They are both noninfrastructure devices used on wireless networks. WEP or WPA ensures that the VoIP communications are encrypted to prevent eavesdropping. and the IP camera provides video surveillance or other video purposes across the wireless infrastructure. the device provides standard wireless client connectivity at the same time. b. only someone who knows the unlock code can make a call. Gaming Adapters Gaming adapters come in 802. and echo cancellation ■ Language support: English. such as the Xbox. adaptive jitter buffer. Gaming Adapters and IP Cameras Wireless gaming adapters and IP cameras—while they seem to have nothing in common. to a wireless network. and g versions and support most gaming consoles without the need for drivers. Figure 5-15 shows a Linksys WGA54G wireless gaming adapter. Console-to-Console Connections A console-to-console connection is created when you use two wireless gaming adapters together. French. the software usually provides features similar to those listed for the Cisco 7920 phone.11a. and of course. other than being wireless—actually have another important feature in common. The gaming adapter connects a gaming machine. voice activity detection (VAD).Client Devices and Software 207 ■ Nine speed dials configurable in the set ■ Programmable speed-dial hotkeys 2–9 ■ Time/date display ■ Idle/call state-based soft keys ■ Keypad lock/vibration icon indicators ■ RF and battery level indication ■ Comfort noise generation (CNG).

you use just one wireless gaming adapter connected to your existing wireless network. . Console-to-Internet Connections When creating a console-to-Internet connection. and then they connect to each other wirelessly. Inc. which provides an IP configuration to the wireless gaming adapter that allows routing out to the Internet and to DNS servers. In this way. This allows for head-to-head gaming in one area.208 Chapter 5: Wireless Client Devices FIGURE 5-15 Linksys WGA54G (Photo Courtesy of Cisco Systems.) console through the console’s Ethernet port. the gaming console can connect to gaming services on the Internet to allow for online game play.

not having to run cabling is a huge benefit of using a wireless camera. a small business owner can be notified by e-mail if someone (or something) is in his or her building. as you need to provide DC power to the camera for functionality. While wired IP cameras are certainly available. therefore. you have automatic NAS archival of video feeds for security purposes. It also supports two-way audio and 4× zoom functions as well as built-in motion detection and e-mail notification. or low-quality video recording. This particular camera supports 802. Figure 5-16 shows a wireless IP camera that could be used for video surveillance or environment monitoring. should they ever be needed. In Figure 5-16. video conferencing. These cameras are often referred to as Internet cameras because you can view the video feed through an Internet browser that supports the software.Client Devices and Software 209 IP Cameras Wireless IP cameras. you can see the antennas that are used to form the wireless connection. With this device installed. or all the time. also commonly called wireless Internet cameras. With this camera in place.) . You can install the camera in any area where power is available. require you to use Internet Explorer on the clients unless your alternate browser supports ActiveX controls. by motion detection. Many cameras use ActiveX controls for viewing and.11g and allows for connectivity to your standard wireless network. allow you to implement video surveillance. FIGURE 5-16 Wireless IP camera from D-Link (Photo Courtesy of D-Link Systems. Most of these devices also support recording of the video feed to a network-attached storage (NAS) device. This device can be configured to record video based on a schedule. Inc.

wireless presentation gateways (WPGs) are often referred to as wireless media gateways. as its name implies. or all. Figure 5-17 shows an example of a wireless presentation gateway. or BMP images ■ Ability to function with Macs or PCs ■ Support for multiple presenters. I’ve been in many situations in which several people needed to present the information on their computer to the group. of the following features: ■ Ability to display PowerPoint presentations ■ Ability to display anything on the computer screen ■ Ability to display JPEG. is intended for delivery of presentations. With a wireless presentation gateway. we were able to share a single projector without connecting and reconnecting VGA cables. FIGURE 5-17 D-Link DPG2000W (Photo Courtesy of D-Link Systems. the one that I’ve found most useful is the ability to support multiple presenters. TIFF. in the section “Wireless Media Gateways.) . though not simultaneously ■ Configuration through web-based interfaces and custom client drivers Of these many features.210 Chapter 5: Wireless Client Devices Wireless Presentation Gateway Wireless presentation gateways were briefly mentioned in the last chapter.” As stated there. and a quick client install on each laptop. A WPG may have any. though they should really be differentiated. A WPG. Inc.

) . Wireless print servers come with two connection types: parallel (LPT) or USB. Features may include support for multiple protocols. and remote power cycling for maintenance and support. built-in memory buffers. However. FIGURE 5-18 Parallel wireless print server (Photo Courtesy of D-Link Systems. These are sometimes called netprint devices or printer sharing devices. on the network and connects to the network using either a wireless connection or both wired and wireless connections. you can acquire devices that support multiple ports of each kind to meet your needs regardless of the number of printers you have. You would have to purchase 25 feet of VGA extension cable to position the projector far enough away to fill the screen in a large room. A wireless print server is a device that can share the printer. you just position the wireless gateway beside the projector. and you’re off and running. Other devices may support multiple ports. Figure 5-18 shows a device with a parallel connection. With a wireless presentation gateway. These devices usually contain one LPT port and one or more USB ports. Wireless print servers will usually provide configuration interfaces that are browser-based and may provide Telnet support as well. and Figure 5-19 shows a device with a USB connection.Client Devices and Software 211 Another great benefit of a wireless presentation gateway is the available range. Inc. or printers. Wireless Print Servers Print servers are devices that allow you to connect a printer to the network for client use.

you usually have to connect a switch to the public port so that you can support more than one device) to provide wireless Internet access.11g support. A hotspot gateway provides a WAN port and two interfaces: one public interface and one private interface.) Hotspot Gateways A wireless hotspot gateway allows you to share Internet access publicly while maintaining the integrity of your private network. Inc. You can also get hotspot gateway devices that do not include wireless APs and that you connect to external APs to actually provide wireless access.11g hotspot gateway (Photo Courtesy of D-Link Systems.) . You can connect one or more APs to the public interface (to connect more than one AP. You can then connect multiple devices. Figure 5-20 shows the D-Link DSA-3200. again through switches.212 Chapter 5: Wireless Client Devices FIGURE 5-19 USB wireless print server (Photo Courtesy of D-Link Systems. Inc. FIGURE 5-20 D-Link DSA-3200 802. which is a wireless hotspot gateway with built-in 802. to the private side and be certain that devices on the public side cannot access devices on the private side.

However. These devices include PCI. SDIO. a wireless bridge uses its Ethernet port to connect with distant wired clients and then it uses its radio to create a link to the AP that is in root mode. The WGB will then associate with an AP and bridge communications from the local wired devices to the wireless AP across the association link. When in WGB mode. A wireless workgroup bridge (WGB) is used to provide wireless access to a group of wired stations behind the bridge. and USB devices. You can use an IP camera for video conferencing and environment surveillance. support either external authentication or authentication through the internal user database. The WGB will appear as a client to the AP. so it must meet required security parameters and be configured for the appropriate SSID. CERTIFICATION SUMMARY Choosing the right wireless client device is essential to building an operational wireless network. wireless presentation gateways. it’s important to distinguish between how many users can be supported and how many users can be connected. Using standard browser-based interfaces. The D-Link DSA-3200 can support up to 250 users when using the internal database. You should also understand how print servers. Mini-PCI. you can configure the public interface. You also learned about IP cameras and gaming adapters and their proper use. Because support is provided for external LDAP or RADIUS authentication. however. According to the documentation. you can create and support an unlimited number of users. . they are new to the CWTS exam and you will need to understand their basic purpose. Remember the repeater mode of an AP? This is very similar only when an AP is in repeater mode. and wireless settings to your liking. it is using its radio as both the AP to the distant clients and the client to the root mode AP. CardBus. CF. private interface. such as the one shown in Figure 5-20. and hotspot gateways function in order to choose and manage these devices when you need them. Think of these devices as server-based firewalls with multiple network interfaces configured for access to and control of multiple networks. You can use a gaming adapter to connect to the Internet or to another gaming console. only 50 users can connect to the Internet simultaneously. You would typically install a WGB with the Ethernet port connected to a hub or switch that the local wired devices are also connected to.Certification Summary 213 Many devices. Workgroup Bridges Workgroup bridges have been covered on the CWNA exam for many years.

❑ Mini-PCIe cards are smaller than Mini-PCI cards. ❑ PCMCIA cards are the slowest. . ❑ PCI Express x1 is faster than PCI by approximately 100 Mbps.0 provides the data rates needed for 802. ❑ USB 2. ❑ CF and SD WLAN adapters are usually used in portable devices. and CardBus or ExpressCards can handle 802. The wireless workgroup bridge actually acts as a client to the WLAN. CardBus cards.214 Chapter 5: Wireless Client Devices ✓ TWO-MINUTE DRILL Client Devices and Software ❑ PC Cards include ExpressCards. but they still provide fast communications with devices. ❑ Most WLAN adapters will require driver installation.11g and faster WLAN connections. and PCMCIA cards.11g and 802. ❑ Workgroup bridges are used to connect a remote wired network to another network via a wireless bridge link.11n communications.

11n HT devices. Client Devices and Software 1.Self Test 215 SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully because there might be more than one correct answer. Battery pack–sized connector 4. 4 . PCI C. One is a cabled wireless device that sits on the desk and has a positional antenna that can be moved and angled in different ways. Which device type will you select? A. What is the other form factor? A. You are installing a WLAN. PCI Express D. Which device types could you use? (Choose all that apply.1 B. 3 D. The infrastructure will support 802. Choose all correct answers for each question.) A. 1 B. PCMCIA B. SDIO D. Pigtail converter to connect to Compact Flash C. You want the client devices to be able to take advantage of four spatial streams for up to 600 Mbps data rates. 2 C. Thumb-type connector D. You want to implement WLAN client devices using the fastest bus speed possible.0 2. USB 2. CF 3. Converter dongle to connect to Mini-PCI B. USB 1. USB wireless devices come in two major form factors. How many interfaces does a wireless hotspot gateway usually have? A. USB 1. but the devices must be able to communicate at 200 Mbps.1 C.

Which adapter type will you choose so that you can take advantage of the full speeds of the ERP WLAN? A. PCI Express by 100 Mbps 8. What will you need to do after the laptop is powered on and the operating system boots in order to enable the wireless NIC? A. D. Install the hardware drivers. Update the OS. Mac OS X . The laptop can use either PCMCIA or USB 2. C. Install the card and download the drivers from the vendor’s web site. 7. What action can you usually take if there is no CD-ROM drive available? A. A WLAN NIC vendor lists a CD-ROM drive as a requirement in order to use its device. True 6. Express Card 9.0. A multiport wireless print server is a wireless print server that can connect to Ethernet or Wi-Fi.0 B. Install the card and let the operating system automatically install the drivers. PCI Express by 50 Mbps D. PCMCIA C. Insert the card into a converter so that it will use standard Ethernet drivers. B. PCI by 50 Mbps B. Which card is faster and by how much? A. You can use either a standard PCI card or a PCI Express x1 card. A. Install NetStumbler. You have inserted a CardBus wireless NIC into a laptop. D. Windows XP B. You are attempting to purchase a WLAN client adapter. whereas a single-port wireless print server can connect only to Wi-Fi. PCI by 100 Mbps C.) A. B. You are installing an ERP WLAN NIC. True of False. Insert the card into a converter so that it will use standard Token Ring drivers. Which of the following operating systems may connect to a WLAN? (Choose all that apply. 10. USB 2. Linux D. Add the WLAN client software from the NIC vendor.216 Chapter 5: Wireless Client Devices 5. False B. C. CardBus D. Windows Vista C.

The facility in which the upgrade will occur includes 331 networked computers using Ethernet and 48 laptop computers using wireless connections. All 48 laptop computers must be upgraded or replaced to support the new WLAN. The upgrade must be performed because the main goal of the project is to implement a system that requires clients to maintain at least a 25 Mbps data rate connection with the network.11b (HR/DSSS) WLAN. LLC.0. but some support CardBus cards and ExpressCards as well. The project manager has indicated that she wants to keep costs as low as possible while meeting all of these demands. What will you recommend to remedy the situation with the laptops and with what will you recommend replacing the 802.Self Test 217 LAB QUESTION You work as a consultant with SysEdCo.1 only.11b infrastructure? . The network administrator has informed you that 12 of the laptops have PCMCIA ports and USB 1. Your current project involves upgrading an existing 802. All of the other laptops support USB 2.

and C are incorrect. SDIO D. PCI C. ® A. Converter dongle to connect to Mini-PCI B.1. but PCI Express is faster ˚ than PCI. Each of these device types provides insufficient data rates. USB 1. Which device types could you use? (Choose all that apply. All of these answers are incorrect because they are not relevant ˚ to USB form factors. Thumb-type connector D. . Thumb-type connectors look like thumb drives and usually have LEDs that inform you of the wireless connectivity of the device. PCI is faster than CF or USB 1. Which device type will you select? A. Pigtail converter to connect to Compact Flash C. ˚ 2.1 B. CF ✓ ® C is correct. PCMCIA B. but the devices must be able to communicate at 200 Mbps. USB 2.218 Chapter 5: Wireless Client Devices SELF TEST ANSWERS Client Devices and Software 1. Battery pack–sized connector ✓ ® C is correct. ® A.0 ✓ ® D is correct.) A. B. Only USB 2. B. The infrastructure will support 802. USB 1. USB wireless devices come in two major form factors. PCI Express is faster than any of the other bus types listed. PCI Express D. What is the other form factor? A. You want to implement WLAN client devices using the fastest bus speed possible. You are installing a WLAN. and D are incorrect.1 C.0 will provide the 200 Mbps or greater data rate. ® A. One is a cabled wireless device that sits on the desk and has a positional antenna that can be moved and angled in different ways. They often include full wireless client feature sets. including the ability to act as an AP and the inclusion of site survey software. 3. and D are incorrect.11n HT devices. You want the client devices to be able to take advantage of four spatial streams for up to 600 Mbps data rates. B.

They simply have one printer port. B. A multiport wireless print server is a wireless print server that can connect to Ethernet or Wi-Fi. Add the WLAN client software from the NIC vendor. 3 D. D. ® A. C. The difference is that a multiport wireless print server supports more than one printer and can support both USB and parallel or LPT ports. These values do not represent the common number of interfaces ˚ on a hotspot gateway.Self Test Answers 219 4. ® B is incorrect. one for the private network. Updating the OS may be necessary in rare situations in order to ˚ enable compatibility with the hardware drivers. False B. 7. You have inserted a CardBus wireless NIC into a laptop. but it won’t enable the NIC. While the features of hotspot gateways vary. A multiport wireless print server usually has an Ethernet port and a Wi-Fi radio just as a single-port wireless print server does. they usually have three interfaces: one for the WAN (Internet). 2 C. Which card is faster and by how much? A. PCI by 50 Mbps B. Single-port wireless print servers usually have a wireless port and an ˚ Ethernet port. You are attempting to purchase a WLAN client adapter. but the drivers enable the hardware. Install the hardware drivers. True ✓ ® A is correct. PCI by 100 Mbps . How many interfaces does a wireless hotspot gateway usually have? A. whereas a single-port wireless print server can connect only to Wi-Fi. and D are incorrect. and D are incorrect. though it may provide enhanced features. Installing NetStumbler will allow you to scan for WLANs. 5. What will you need to do after the laptop is powered on and the operating system boots in order to enable the wireless NIC? A. B. Install NetStumbler. You can use either a standard PCI card or a PCI Express x1 card. Update the OS. you will enable it. 1 B. ✓ ® B is correct. 4 ✓ ® C is correct. and one for the public network. The WLAN client software is not required. C. ® A. By installing the hardware drivers for the NIC. A. 6.

These answers are simply incorrect. These listed operating systems all provide such support.) A. PCMCIA is not fast enough to provide 54 Mbps data rates. ® None are incorrect. No such Ethernet or Token Ring converters exist. and D are incorrect. You are installing an ERP WLAN NIC. 9. ˚ . PCI Express by 50 Mbps D. Insert the card into a converter so that it will use standard Ethernet drivers. Which of the following operating systems may connect to a WLAN? (Choose all that apply. USB 2. PCI Express x1 is approximately 100 Mbps faster than PCI. Any operating system that supports a WLAN NIC can connect. ® B. B.220 Chapter 5: Wireless Client Devices C. Mac OS X ✓ ® A.0 can support data rates of 54 Mbps and higher. Linux D. CardBus D. since that is the reason the CD-ROM drive is required. D. ✓ ® B is correct. PCI Express by 100 Mbps ✓ ® D is correct. Install the card and download the drivers from the vendor’s web site. USB 2. ® A.0. and D are correct. These answers are all correct. Windows Vista C. Install the card and let the operating system automatically install the drivers. because the laptop does not support them. ® A. C. and C are incorrect.0 B. However. The laptop can use either PCMCIA or USB 2. C. B. B. The operating system will not usually contain the needed ˚ drivers for newer WLAN NICs. Insert the card into a converter so that it will use standard Token Ring drivers. ˚ 8. you should note that few laptops will support this stated configuration in the real world. C. PCMCIA C. Downloading the drivers will usually suffice. Which adapter type will you choose so that you can take advantage of the full speeds of the ERP WLAN? A. ˚ CardBus and Express Cards will not work. C. A WLAN NIC vendor lists a CD-ROM drive as a requirement in order to use its device. 10. and D are incorrect. What action can you usually take if there is no CD-ROM drive available? A. Express Card ✓ ® A is correct. Windows XP B.

0 devices. LLC.11b infrastructure? The following represents one possible solution to the lab. All of the other laptops support USB 2. The other laptops can either be upgraded with a mixture of CardBus. The network administrator has informed you that 12 of the laptops have PCMCIA ports and USB 1. All 48 laptop computers must be upgraded or replaced to support the new WLAN. As for the laptops.0 devices. What will you recommend to remedy the situation with the laptops and with what will you recommend replacing the 802. Because the director has emphasized the need to save money. or—to be consistent— you may suggest using all USB 2. you may suggest that 802.1 supports only 12 Mbps. and USB 2.1 only.11b (HR/DSSS) WLAN. These devices are less expensive than 802.0. The facility in which the upgrade will occur includes 331 networked computers using Ethernet and 48 laptop computers using wireless connections. ExpressCard. Your current project involves upgrading an existing 802.11g devices be used. the 12 having only PCMCIA and USB 1.Your answer may vary.11n devices and will provide the needed data rates. but some support CardBus cards and ExpressCards as well. .1 will need to be upgrades because PCMCIA supports only 10 Mbps and USB 1. The project manager has indicated that she wants to keep costs as low as possible while meeting all of these demands.Self Test Answers 221 LAB ANSWER You work as a consultant with SysEdCo. The upgrade must be performed because the main goal of the project is to implement a system that requires clients to maintain at least a 25 Mbps data rate connection with the network.


01 6.04 Understand and Describe the Requirements Site Survey Types Manual Site Survey Types Using Protocol Analyzers 6.06 Using Spectrum Analyzers Using Antennas in Site Surveys Two-Minute Drill Self Test ✓ Q&A .6 Planning the Wireless LAN CERTIFICATION OBJECTIVES 6.03 6.02 6.05 6.

224 Chapter 6: Planning the Wireless LAN lanning a wireless LAN (WLAN) of any size includes three major activities: defining requirements. You will have the chance to work through a Wi-Fi detection lab in this chapter as well. and documenting recommendations. I will also provide you with a project plan outline so that you can overcome writer’s block and jump right into the project documentation when working as a project engineer. The final recommendations may take on the form of a complete implementation project plan. While it would be helpful for you to gain some experience with a spectrum analyzer. I will explain the basic features of a spectrum analyzer and how you might use one in a site survey. and you will need to know the methods and tactics for gathering and defining these requirements. As a project engineer. This chapter begins with a discussion of the first activity. Multiple objectives on the CWTS exam address site surveys. performing a site survey. you can divide the wireless planning process into three major activities: defining requirements. technical. the actual site survey process is detailed. and user requirements.01 Understand and Describe the Requirements As I stated earlier. and documenting recommendations. he will probably provide suggestions and recommendations. In both situations. The determination will be based on the role played by the wireless technical professional. these three activities must be understood. Finally. P CERTIFICATION OBJECTIVE 6. or they may simply provide suggestions for decision makers. these three phases can be broken down further into multiple sub-phases or sub-tasks. the cost may be prohibitive. However. I will provide you with lists for your recommendation sheets to make sure you cover all the bases for a client when working as a wireless consultant. Understanding and describing requirements is a major CWTS exam objective. Requirements will include business. You will need to understand manual and automatic site surveys and the tools used for both. Next. For this reason. As a wireless consultant. he will likely plan the entire implementation. performing a site survey. Consider the following breakdown: . I will present information on best practices for project planning and recommendation sheets.

the site survey must begin by determining what problems the organization is trying to solve or what advantages the organization is trying to create. Stated differently. For this reason. you’ll move on to investigate the potential constraints that may exist within the environment or organizational structure. An improperly implemented WLAN or a WLAN that is not capable of meeting business demands is as much a failure as if no WLAN were implemented at all. With these two important pieces of information. it’s very possible to implement a WLAN that does not provide needed capabilities such as seamless roaming or Quality of Service (QoS) for Voice over WLAN (VoWLAN) solutions. Once you’ve determined the organization’s requirements. a proper WLAN implementation plan can be formulated. you .Understand and Describe the Requirements 225 ■ Defining Requirements ■ Determine Requirements ■ User Requirements ■ Business Requirements ■ Functional Requirements ■ Discover Constraints ■ Budgetary Constraints ■ Technical Constraints ■ Regulatory Constraints ■ Define Objectives ■ Business Objectives ■ Technical Objectives ■ Performing a Site Survey ■ Perform an RF Site Survey ■ Documenting Recommendations ■ Document the Site Survey ■ Create a Recommendations Sheet ■ Create an Implementation Plan Gathering Requirements It is more important that you implement a WLAN that meets the organization’s needs than that you implement a WLAN. Once this is known. The first step in determining the organization’s needs is to perform a requirements analysis.

These interviews allow the wireless professional to determine the needs of the organization from the perspectives of the people who use the network. I back out of the driveway and drive south on my street.226 Chapter 6: Planning the Wireless LAN are ready to establish objectives that can be agreed upon by management and the solution provider. It is important to meet with key managers and users when determining how a WLAN will be utilized. whether the solution provider is an internal department or an external service firm. He or she usually says something like this: “I walk out the door and get in my car. These are often two different realities. constraints. this is rare and I encourage you to gather this information before attempting to perform an RF site survey. . and objectives. I frequently perform an experiment in my training classes where I ask an IT professional to tell me the steps they take to go to work in the morning on a typical day. . meet with the users and observe them performing their day-to-day activities. when . It really is that bad. This exercise will give you a picture of how they currently use the network and how they perceive themselves using the network. However. If you’re not careful. Only observation can truly shed light on the actual steps a user takes in his or her daily work routines. Next she destroys the data on the memory stick. She then places the memory stick in a computer in the lab and reads the data in the downloaded file. However. A user may indicate that she downloads a file and then places it on her SD memory stick. I turn right on . To avoid this. . you can assume too much and make poor decisions. Sometimes you are fortunate enough to walk into a site survey where the organization has already clearly defined their requirements.” At this point I usually stop the student and ask these two questions: ■ Do you always leave the door to your house open? ■ Do you always leave your car running so that you don’t have to start it after you get in? The purpose of this exercise is to point out the fact that we all leave out information when we describe our routines. Performing an RF site survey without understanding the organization’s objectives is like performing heart surgery without understanding human anatomy. Interviewing Managers and Users Requirements analysis usually begins with manager and user interviews.

This may be valuable information if you are planning to implement a wireless SAN that allows her to accomplish the task in question without the use of the SD memory stick. Finally. many WLANs were implemented that utilize the HR/DSSS physical layer (also called 802. User Requirements User requirements include the goals or tasks that users must perform when using the WLAN.and long-term expectations of the WLAN. She takes the memory stick to the lab and puts it in a lab computer. They may need to transfer files that are rather large without requiring an unacceptable amount of time. Regardless of what the managers project for the future. This means you will need to gain an understanding for their short. you have learned that she uses an internal FTP server and an external one. In such scenarios.11n devices.11b devices). you will need to clearly communicate the constraints of the current technologies. you see that she downloads two files from two different FTP servers (one internal and one external) and then aggregates them together. we can only suggest that newer technologies may be developed that either increase the data rate of WLAN technology or allow for the aggregation of multiple technologies to form bigger data pipes.Understand and Describe the Requirements 227 you actually observe her in action. But what comes after 802. For example. such as the HT PHY used in the future IEEE 802. Then she places the parsed file on an SD memory stick and removes the memory stick from her computer. users may need to roam throughout the facility while using a VoWLAN phone.11n? You may or may not know. she reads the data from the memory stick using a special analysis program and prints the results before destroying the data on the memory stick. In the early part of this decade (between 2000 and 2003). I always try to observe the users instead of assuming I understand their work routines. and these networks are greatly limited in their available throughput due to the 11 Mbps data rate of this PHY. Managers should also be interviewed in order to determine their perspective on the organizational needs of the WLAN and the benefits they expect to receive from it. you will be limited by available technology. and you may need to provide a tentative migration plan to future wireless technologies that will increase the data rate. These WLANs are already experiencing growth pains as is witnessed by frequent business travelers attempting to share a hotel’s WLAN with dozens of other users at the same time. This leads to better project scope documents and better resulting systems. She then runs a parsing script against the aggregated file to remove redundant information. For this reason. Do you see how different the user’s behavior is from her stated routine? For example. This last need is a perfect example of the kind of “requirements” you often get during .

you must be sure to communicate what you can and cannot control. The speed of the Internet. you might ask. if the users must be able to transfer large files without requiring an unacceptable amount of time. Users or managers will often use the term unacceptable without defining what they mean. always ask for clarification. you must get the answers to three questions: ■ What is a typical size for these large files? ■ How long would be unacceptable? ■ To or from where are the files being transferred? The first question clarifies the size of the referenced files. “How long would be acceptable?” Either way. The example in the preceding paragraph is very illustrative. The second question could also be stated in the positive as. Assuming you also determine that there will be 1 megabyte of normal network traffic per minute. they tell you the files should be transferred in less than one minute to be seen as acceptable. For example. you will gain a more specific number for your analysis. Since you are implementing an enterprise-class access point with approximately 18 to 24 Mbps of actual data throughput (resulting . This results in the following equation: 5 × 3 = 15 megabytes per minute You now know that you must provide a WLAN that will allow the users to transfer 15 megabytes per minute. In this situation. The point is this: when a user or group of users informs you of a requirement that is stated in nonspecific terminology. In such cases. Imagine the users tell you they are transferring files that are typically 5 megabytes in size and are transferring them to and from an internal FTP server. you actually need to be able to transfer 16 megabytes per minute. You can only control the performance from the users’ client stations to the Internet connection. “How much time would be an unacceptable amount of time?” and “What size are the large files you will be transferring?” You will be more likely to meet the requirements of the users if you gather specific user requirements instead of vague user requirements. The third question is of utmost importance in this scenario. Furthermore. you will have a limited amount of impact on the performance the users perceive. the remote network. and the remote FTP server may be completely out of your control. You also determine that there could be as many as three users transferring these files at a given time. If the users are transferring files to or from an FTP server on the Internet that is out of your control.228 Chapter 6: Planning the Wireless LAN user interviews that require you to dig deeper into the intentions of the user.

and it is often unacceptable to reduce data throughput in a modern network implementation. Therefore. Internal requirements will be based on organizational objectives and policies such as security policies. Other applications transfer blocks of information with time sensitivity and even sequence sensitivity. There has been much confusion over the difference between megabits per second and megabytes per second. A bit is a value equal to 0 or 1. A 54 Mbps WLAN device is a 6. An example of a business requirement would be to say that the WLAN must allow the users to perform at the same level at which they have been able to perform on the wired LAN. Modern applications are far more throughput intensive.Understand and Describe the Requirements 229 in 2. HTTP. and a byte (in most computer systems) is a collection of eight bits. and so on. wireless equipment supporting QoS and fast secure roaming should be selected. but not backward in the area of performance (data throughput). Examples include FTP. . External requirements will be based on regulations from local regulatory bodies such as federal and local governments and their agencies. The organization may want to move forward in the area of mobility. employment policies. The user requirements should be things that help the users act in such a way as to achieve business or organizational requirements. you are confident that the WLAN will be able to maintain the demands of the users. Ultimately.75 MBps device. you end up with the 18 to 24 Mbps referenced in the preceding paragraph (sometimes even less). Business requirements come from two primary sources: internal business requirements and external business requirements. Since a 54 Mbps WLAN provides for only half or less than half the data rate as actual data throughput. Another factor that must be considered is application type. Examples include Voice over IP and video over IP.25 to 3 MBps). this business requirement is born out of the objective to improve performance or at least maintain it while also providing mobility. Business requirements are a superset of user requirements. and SMTP. Some network applications transfer blocks of information without time sensitivity. If the application has a low tolerance for latency (delays in the network) or jitter (variance in network delays). Business Requirements Manager interviews will provide you with insights into the business requirements for the WLAN. you can convert megabits per second (Mbps) to megabytes per second (MBps or MB/sec) by dividing the Mbps by 8. This is a very important differentiation when you are attempting to calculate and ensure proper available throughput for your WLAN.

the APs may need to be fastened to ceilings. Many organizations will require that the access points (APs) be installed in secured closets or. walls. . You will need to determine whether an EAP-based authentication mechanism is required or if WPA-Personal or WPA2-Personal will be sufficient. at the very least. You may also be able to cover the antennas with enclosures. These physical security measures will help prevent hardware theft. confidentiality.230 Chapter 6: Planning the Wireless LAN SCENARIO & SOLUTION Users indicate that they need to have at least 20 Mbps of throughput. will become part of your WLAN implementation plan and may not be considered in detail during the actual site survey. and auditing. The moral of the story is that the security solutions you implement will—at least—impact the throughput on your WLAN and may even impact the coverage area in some situations. Physical Security Physical security requirements will determine how and where wireless devices may be installed. This is because the site survey is mostly aimed at providing the needed coverage and throughput. These security requirements should cover three areas at a minimum: authentication. or other mounting locations. Wire mesh enclosures can cause significant signal degradation. in out-of-sight locations. You usually lose half of the data rate to management overhead and frame retransmissions. You must decide if you will need to use certificates for authentication at the client and the server. what will be required as a minimum data rate? Probably about 48 Mbps. Based on the performance of 802. only at the server. Defining Security Requirements As part of the site survey process and WLAN implementation plan. you must consider the security requirements.11g Wi-Fi solutions. and more. but be careful to select enclosures that are designed with wireless equipment in mind. These decisions. it is very important to consider the extra encryption and authentication overhead and how it will impact the resulting throughput that your WLAN achieves. poles. or neither. however. A great way to prevent antenna theft is to place the APs in an enclosed area that allows the RF signals to easily escape into the intended coverage areas. Additionally.

It is impossible to test for interference. The good news is that these requirements are easily acquired. You will need to consider antenna types and placement during the survey. In addition to power sourcing. best placement of APs. If direct connect power sourcing is used. One of the key elements involved in coverage testing is proper antenna use and selection. While the latter requirement is more difficult to guarantee.Understand and Describe the Requirements 231 Data Security Data security is focused on encrypting the data that traverses the WLAN. This security is usually implemented using WPA or WPA2 solutions. the WLAN devices will also need to connect to the network infrastructure. RF Coverage Requirements Each WLAN is different in respect to the coverage requirements. Infrastructure Connectivity and Power Requirements There are two primary methods used to power infrastructure WLAN devices: direct connect and Power over Ethernet (PoE). with the right antennas. Determine the areas that should be covered and the areas that must not have coverage. the site survey engineer’s primary job is ensuring that appropriate power is available where it is needed. may still be able to connect from these locations. for example. but also how those APs will be powered. . an additional wire will need to be run for Ethernet connectivity. When using PoE. which utilize a preshared key (PSK). Chapter 10 covers these security solutions in greater depth. cable lengths must be considered. Hackers. just remember that security considerations make up an important part of the site survey process. the Ethernet connectivity and power sourcing are accomplished in a single connection. a RADIUS server with an authentication database will be utilized. Additional switches or Ethernet repeaters may be needed to carry the signal to and from the WLAN devices. SOHO implementations commonly use the personal editions of WPA and WPA2. Some organizations will want the entire facility covered. In these cases. or any other WLAN site survey test without an understanding of the coverage requirements. you can ensure that the authorized client devices cannot connect from a specified location. The site survey documentation should not only list the locations of APs. For now. It should be part of the standard interview process (for managers and users). In relation to power sourcing. and others desire coverage only in specific areas. In an enterprise implementation.

be wasted. Client Connectivity Requirements When determining client connectivity requirements. Including multiple omnidirectional antennas with different levels of gain may also be beneficial. at a minimum. and other constraints will be discovered during user or . along with 7 and 12 dBi gain antennas. you could include a standard omni. and handheld mobile devices. therefore. Discover Constraints Constraints are restrictions that will impact the decisions you make related to your WLAN design and implementation. The key here is to ensure that each of these clients can connect with the needed data rates and from the desired locations. This can help you provide the right coverage in the right place instead of simply allowing RF energy to be leaked into unneeded areas and. including ■ Omnidirectional ■ Semidirectional ■ Highly directional The two to include.232 Chapter 6: Planning the Wireless LAN Antenna Use Considerations You will want to include at least two of the three primary antenna types in your site survey kit. By providing different antenna types. are omni. three questions should be answered: ■ What types of clients need to connect? ■ At what speeds do they need to connect? ■ From what locations do they need to connect? WLANs usually support three types of clients: laptop users. but you may wish to include this antenna type in any site survey kit just to be certain you are prepared. you can test AP installation with patch or panel antennas against omni antennas. Some constraints cannot be discovered before the site survey is performed.2 dBi. The handheld devices will include Wi-Fi phones and PDAs. Highly directional antennas are more likely to be needed for outdoor site surveys. which is usually around 2.and semidirectional antennas. Laptop users will use both built-in WLAN NICs and CardBus or USB NICs. desktop users. For example.

the opposite is a bottom-up budget where you are asked to determine what it would cost to implement a WLAN that meets all requirements. If they do implement the pre-N devices that are currently in the marketplace. which is usually prohibited by the budgetary constraints. These can be constraints imposed by regulations such as Sarbanes-Oxley or HIPAA. In turn. This is a limit of capability in the currently available hardware and software in the marketplace.11n amendment. This is a perfect example of the technical constraints that will be imposed on your WLAN design and implementation. Budgetary Constraints There are many projects that begin with the words. the IEEE is still working on the final IEEE 802. As an example.Understand and Describe the Requirements 233 management interviews. you will have to live within the boundaries of the current technology. This may impact decisions such as the wireless equipment you purchase or the saturation of wireless devices you can afford. this kind of budget is often called a top-down budget. There are three key sets of constraints that you must deal with as a WLAN administrator or engineer: budgetary. Either way. as there is simply a practical limit on how much money is available. Of course. any U.S. Technical Constraints The second type of constraint is the technical constraint. “Can you get this done for X amount of dollars?” In other words. Unless you want to completely engineer a solution from scratch. they risk potential incompatibility with final IEEE 802.11n devices after the amendment is ratified (this is because the current pre-N devices are based on the draft standard and that standard could still change drastically). For example. you will likely run into budget limitations. and regulatory constraints. as I write this. This means that most enterprise-class networks cannot even consider the WLAN technology that promises greater throughput and greater range of coverage. The point is simple: what you can implement is directly linked to the demands of the users and the available resources. government or nongovernment agency currently connected to the DOD-GIG (Department of Defense–Global Information Grid) . the budget is already set before the plan has even been created. this can impact available throughput in a coverage area. They can also be constraints imposed by parent companies in many situations. Regulatory Constraints The final type of constraint is the regulatory constraint. among others. Whatever the source. To make it less painful. technical. they force specific implementations to be utilized.

you have a head start. this section focuses on two kinds of documentation you’ll need to develop: site-specific documents and network infrastructure documents. and you can map out the RF cells and device placements right on the plan. Always verify OSHA regulations for installation procedures and locations.2p in regard to the wireless devices that are attached to the networks as defined in the policy and amendment. If not. This type of regulatory constraint will often answer the question of whether you can implement a WLAN or not. The Occupational Safety and Health Administration (OSHA) organization defines operational standards aimed at providing safer and healthier environments. This documentation can also help you utilize predictive and virtual site survey software. you should consider OSHA regulations. in healthcare environments. you cannot implement a WLAN at all. . create no documentation at all. Just as many organizations. Site-Specific Documentation Documentation is frequently available that can assist you in becoming familiar with a site before you actually visit on location. Network diagrams—particularly those linked to building blueprints or drawings—can also be very helpful. If the documentation is provided.2 and amendment DODD 8100. Because they’re familiar with the layout of their buildings. Gather Documentation Many organizations document their environment and networking infrastructure well. If you cannot implement a WLAN that meets the regulatory constraints (due to budget constraints). In particular. As an example. antennas and APs cannot be installed in a manner that would block hallways. there are documents related to the physical buildings and area landscaping that may be useful. In addition to these constraints. Full blueprints show the locations of power outlets.234 Chapter 6: Planning the Wireless LAN must comply with policy DODD 8100. An advantage of mapping the installation directly on the floor plan is that it’s easier for decision makers to understand your proposals. however. Having blueprints or floor plans is essential when working in medium and large facilities. they’re more likely to grasp your message when looking at the device placements and RF cell sizes overlaid on the floor plan.

For this reason. metal filing cabinets. web. etc. An area that is commonly overlooked is the actual items that are in the building. While you may not take the time to consider every piece of furniture. microwave ovens. there seems to be a tendency. and accounting servers and service servers (e-mail. These items can impact the RF signal’s ability to reach certain areas. authorization. in the discussions of WLAN site surveys. you can determine where traffic flows on the network and strategically place WLAN access points so that they can have unobstructed (or less obstructed) access to mission-critical servers like Call Manager servers in Cisco VoWLAN implementations. you will find it easier to plan the WLAN. it must be considered when creating your WLAN implementation plan. . The reality is that many site surveys are performed after a WLAN is implemented because the implemented WLAN is not performing well or because it needs to be upgraded to support modern uses of wireless such as VoWLAN. you will have an advantage in that you can estimate the impact these materials will have on RF propagation. it is useful to inventory the contents of the area.Understand and Describe the Requirements 235 If you know the building materials used to construct the facility in which you are installing a WLAN. and walls lined with metal filing cabinets. to assume that site surveys are performed only where there is no existing WLAN. From these diagrams. Gigabit)? Are they all in use? Is there power at the port locations if you need to connect more switches or routers? What applications are running on the LANs and WLANs. streaming video. file. 100 Mbps. you should at least consider items like metal storage racks.). If you can detect a WLAN from the requesting organization’s facilities. Where are they? What speed do they provide (10 Mbps. Network Documentation For some reason. The point is that you must discover both existing networks that are managed by the requesting organization and WLANs that are not managed by the requesting organization. and broadband Internet access. and will they continue to be used in the new WLAN? If you can acquire network diagrams showing the switching and routing infrastructure as well as the location of authentication. Everything from a filing cabinet to storage shelves and furniture can have an impact on the RF coverage within the facility. Among the network details you should document are the current wired LAN connections. print.

but it will also help you get along with your neighbors much better.)? ■ ■ ■ While it may seem simple to think of having to answer only four questions. You might be able to detect a WLAN on channel 6. you might discover that channels 1 and 11 are utilized by networks near you that are showing strong signals.236 Chapter 6: Planning the Wireless LAN INSIDE THE EXAM Site Surveys The site survey is the process of examining the current RF activity in the physical space where the WLAN must operate. HT. ERP. However. OFDM. you could implement a WLAN on channel 6 and not be seriously impacted by the neighboring WLANs. It is common to assume that a site survey is not needed for a small wireless network that consists of two or fewer APs. it is always important to answer the four questions I’ve suggested regardless of the network size. it involves evaluating how your WLAN will function within that physical space. etc. For example. You may still have to negotiate a reduction in output power on the neighboring WLANs. for example. however. there are many other questions that we must answer in order to fully answer these four highlevel questions. The site survey should answer the following four key questions: ■ Is the current RF utilization low enough to allow for the implementation of my new WLAN? How must I implement the WLAN in order to provide the needed RF coverage within the designated service or coverage areas? Will I need to negotiate with neighboring WLAN administrators for such demands as reduction in output power on their WLANs or even channel adjustments on the WLANs? What physical layer should I implement (HR/DSSS. This thinking is probably rooted in the simplicity of the network installation. . These issues are at the core of any site survey. Additionally. the current RF frequency utilization is both a factor of frequency or channel usage and the signal strength of the frequency usage within the area. but is it strong enough to prevent you from implementing another WLAN on that same channel? Additionally. Not only will this allow you to implement a functional network.

Manual site surveys are the most accurate. Between these two extremes. The term overengineering simply means that more hardware is installed than is absolutely necessary.02 Site Survey Types Site surveys come in many forms. the cost of the extra hardware is often less than the cost of an in-depth manual or assisted site survey. Manual Site Surveys The traditional site survey is the manual site survey. protocol and spectrum analyzers.Site Survey Types 237 CERTIFICATION OBJECTIVE 6. However. This method usually requires the import of a blueprint. In this case. we have automated and assisted site surveys as well. In this type of survey. Manual site surveys involve the wireless technology professional far more than predictive site surveys. guesswork and theorized analysis are mostly removed. Automated site surveys may tend toward overengineering. However. etc. Since the central controller is receiving information from all APs. or some other form of area map. but the WLAN system can make adjustments to the end environment as needed. it can make adjustments to the environment automatically. The engineer will place one or more APs at strategic locations and walk throughout the intended service area to test signal strengths and coverage. Predictive Site Surveys The theoretical or virtual site survey (also known as a predictive site survey) is a completely hands-off site survey method. The use of more than one AP will allow the engineer to discover more exact roaming points and determine the best cooperative placement for the APs that result in the most effective coverage of the service area. Assisted site surveys attempt to accomplish a happy medium between manual and automated site surveys. The APs may then be moved to another location. various antennas. an aerial photo. or multiple sets of APs may be used. the manual site survey takes much more time when the service area being covered requires the use of hundreds or even dozens of APs. the WLAN engineer enters the physical area that is to be provided with WLAN coverage with an RF site survey kit (APs. Because the engineer is making decisions based on actual RF information in the intended coverage area. some manual work is required. Automated site surveys rely on intelligent APs that communicate with a centralized controller. assuming the engineer understands the process and results.). Some tools will also .

In these scenarios. coverage area. many vendors that sell theoretical or virtual site survey software also offer a site survey service.238 Chapter 6: Planning the Wireless LAN provide a drawing component of their own. a small or medium WLAN will often be serviced better by a manual. Less accurate in relation to hardware required. and they will input the data into the application and generate a report for you. Table 6-1 reviews the pros and cons of the different site survey types and the most common applications for each type. However. the virtual site survey tool will predict placement of APs and the configuration settings for those APs. The downside of such tools is that they are usually very expensive and they require a tremendous investment of time in order to learn the application and input all the data related to materials. Most applications will even generate an RF map showing the coverage patterns the suggested network will provide. only the cost of the application is a hindrance.000 square feet (at the time of this writing). high level of RF knowledge required. Cons Time consuming. Dynamic reconfiguration when the environment changes. and that may not be a barrier for WLAN consultants who will be performing many WLAN site surveys. Next the materials of the building or the area are described and the type of WLAN desired is specified. this offers a good trade-off. For this reason. real readings in a real environment. or assisted site survey. This is because it will often take less time to perform a manual site survey than it will take to enter all the information needed by the virtual site survey software. You will send them the blueprints of your facility and information about the materials and contents of the facility. many facilities are built using common architectures and materials. Applications Small and medium WLANs. automated. large WLANs requiring exacting measurements. open outdoor environments (city parks. Automated . This service is sometimes offered for less than $1000 per 50. automatic power and channel management for frequency bandwidth usage. and virtually site-surveyed in a few hours. With this input. Since you are not required to learn the application. These buildings may be able to be blueprinted. open outdoor areas like corporate gardens and picnic areas). and WLAN specifications. At the same time. may require some overengineering. Predictable environments (national chain shops and stores). TABLE 6-1 Site Survey Types Site Survey Type Pros Manual Very accurate. inventoried for materials.

Larger enterprises. covered in this section. RF map generated automatically. with bigger budgets. it is most often a manual site survey. noise level.03 Manual Site Survey Types When a site survey is performed for a small business. Costly. Having these values in dBm instead of just a graphical meter or percentage value allows you to more accurately determine the performance of the WLAN. Active Surveys Manual site surveys are often performed with client utilities provided by hardware vendors such as Cisco. Fabricated buildings. they are considered more representative of actual applications that might be used on the WLAN. though usable only with HR/DSSS Cisco cards. The Cisco Aironet Client Utility (ACU). actually transmit information to the AP during the site survey tests. Active client utilities.Manual Site Survey Types 239 TABLE 6-1 Site Survey Types Site Survey Type Pros Assisted Requires less overengineering than the fully automated site survey. is very useful in this way. large-scale installs that warrant the data entry time. . are more likely to use advanced site survey technologies. may require large amounts of time for data entry. Figure 6-1 shows the ACU revealing signal strength. Virtual No physical activity required. Cons Requires more physical activity than the automated site survey. CERTIFICATION OBJECTIVE 6. Manual site surveys come in two primary types: active and passive. Client utilities fall into two categories: active and passive. 3Com. Because active utilities actually transmit packets between the client and the AP. or NETGEAR. The ACU shows the signal strength in dBm as well as the noise level and the SNR. consulting firms that repeat similar site surveys. Applications Any scenario that demands a balance between the pros and cons offered by the manual and assisted site surveys.

the utility generally allows you to configure the number of packets to transmit. you will see screens similar to those in Figure 6-2 showing that the data is being transmitted and the statistics are being gathered. If you do not have the older Cisco 350 series WLAN adapter. the size of the packet. the CB21AG adapter comes with the Aironet Desktop Utility (ADU). and AP information. supports active mode site surveying. such as the Cisco ACU. and other settings such as those shown in Figure 6-1. Once configuration is complete. This newer tool provides similar features to the older ACU.240 Chapter 6: Planning the Wireless LAN FIGURE 6-1 Cisco ACU SNR. FIGURE 6-2 Active mode survey progress . When a utility.

many laptop vendors are now including their own tools or rebranded tools for monitoring and configuring WLAN connections. The protocol analyzer captures frames that are traversing the service area in which you are running the software. These frames can be analyzed to see if security is being used. Active site surveys will transmit data to the network as well as reading data from the network. and more. the data rate of the communications. the type of data being transmitted. The utilities may automatically refresh. configured in Figure 6-1.04 Using Protocol Analyzers A protocol analyzer can reveal for what a frequency band is being used. Passive Surveys Most client utilities provide only passive site survey functionality. but they are usually less powerful than the vendor tools. but most WLAN engineers prefer to use manufacturer client tools or thirdparty monitoring tools such as those provided by Cognio or AirMagnet. again and again at different locations while performing the site survey. .Using Protocol Analyzers 241 SCENARIO & SOLUTION Which manual site survey method simply reads information from the wireless network or looks at activity in the Wi-Fi frequency ranges? Passive site surveys. noise level. or you may have to refresh them manually. As you can see in Figure 6-2. and SNR (usually these three are the minimum supported monitoring values) and reporting this information to you. The Windows wireless client software can be used to monitor similar settings. You can rerun your site survey script. In addition to standard NIC vendor client utilities. the tool is simply monitoring the signal strength. packet loss is being counted as well as the overall link quality. In these cases. CERTIFICATION OBJECTIVE 6. These tools may be able to be used for WLAN site surveys as well.

Click the Device menu and select the appropriate NIC. effectively. EXERCISE 6-1 Using NetStumbler ON THE CD CertCam In this exercise we are going to use NetStumbler to detect WLANs. Protocol analyzers can capture these beacon frames in order to discover the technologies used by the WLAN.11g (ERP). A beacon frame contains information about the BSS being administered by a given AP. 802. a protocol analyzer that is specifically designed for locating WLANs. These frames include beacon frames. certain frames are transmitted without encryption. On the File menu. etc. Assessing WLANs Once WLAN frames have been captured. NetStumbler is.com web site.11a (OFDM).242 Chapter 6: Planning the Wireless LAN Identifying WLANs Protocol analyzers reveal the actual data packets traversing a WLAN.11b (HR/DSSS). The information that can be gathered from beacon frames alone includes ■ Whether the WLAN is an ad hoc or infrastructure wireless LAN ■ Whether WEP is utilized for confidentiality ■ What physical layers are supported: 802. 802. It’s much more complicated to use a tool like CommView for Wi-Fi or OmniPeek to capture the same information. the wireless technology professional may analyze these frames in order to learn about the parameters of the WLAN. In order to perform this exercise. . The packets may be encrypted. 3. ensure that Enable Scan is checked. Launching and Configuring NetStumbler 1. Even on an encrypted network. 2. Launch the NetStumbler application from the Start menu or the Desktop icon. NetStumbler may be downloaded from the NetStumbler. but they can still be read from the wireless medium. ■ The network’s SSID Much of this same information is revealed by simpler tools such as NetStumbler. you will need to download the NetStumbler application and install it on a computer with a wireless NIC.

Icons with a padlock indicate secured WLANs. Figure 6-3 illustrates this activity. 5. expand the Channels node in order to view the detected active WLAN channels. In the left pane. FIGURE 6-3 NetStumbler utilization . Expand the SSID node. 4.Using Protocol Analyzers 243 Viewing WLANs 1. 2. Note the available SSIDs for the detected active WLANs. Expand a channel to view networks and click a network to view the signal strength graph. 3. Note the icons.

Software spectrum analyzers scan the 2.11b/g and 802. Because Wi-Fi equipment uses the unlicensed frequency bands. In a worst-case scenario. you can discover noise that may impact the WLAN as well as other WLANs in the area. because the frequencies are unlicensed. All these can cause problems for your network. . While it is possible for you to negotiate with your neighbor businesses and home users. are used to view the activity in the spectrum in which you plan to deploy a WLAN. RF interference does not come from other Wi-Fi networks alone. you have so much Wi-Fi traffic around you in the 802. other businesses or homes might be using Wi-Fi equipment in a nearby location. however. whether software or hardware. Spectrum analyzers. that can cost thousands of dollars. Perhaps they have the settings at the default and it might be more than they need. and elevator motors. microwave ovens.244 Chapter 6: Planning the Wireless LAN CERTIFICATION OBJECTIVE 6. but they fall into two main categories: software and hardware.4 GHz range (assuming that is the spectrum supported by the NIC in the computer running the spectrum analyzer software) and provide a graphical view of the activity in that spectrum. you can’t assume there are no other Wi-Fi networks just because you’re in a rural location.05 Using Spectrum Analyzers Spectrum analyzers allow the wireless technology professional to gain insights into the RF activity in a specific spectrum or frequency range.4 GHz phones. This is highly likely in large cities and less likely in rural areas. There are many types of spectrum analyzers. Hardware spectrum analyzers are devices. If you can’t work with your neighbors to adjust the channels used. Wi-Fi space is on a first-come. which may be based on PDAs. depending on their features. Educating them on the possible ways to “play nice” is often enough to get the change made. You should also consider the possibility of interference from 2. you might be able to get them to turn the power output down on their access points. Identifying Interference Sources Interference discovery is a very important part of a site survey. first-served basis.11a frequencies that you cannot install a standard Wi-Fi network that functions effectively. If you can ensure that the WLAN devices of any users in the area are turned off. you might not be able to get them to change their networks. investigate fully to determine if they actually cause any measurable interference. The 5 GHz range is also supported by many spectrum analyzers.

4x (if you only need 2. For example. FIGURE 6-4 Microwave oven activity in a spectrum analyzer .4 GHz analysis) or DBx (if you need both 2. Figure 6-4 shows the signature of a microwave oven using the Wi-Spy DBx device. it’s hard to find a better spectrum analysis tool than the combination of MetaGeek’s Chanalyzer and their 2. The most important thing to take away from Figure 6-5 is how different microwave oven activity looks compared to 802.4 and 5 GHz spectrums. Wireless devices have specific signatures.11 activity. The best way to describe the signature of a microwave oven is to say that it looks like a fire.Using Spectrum Analyzers 245 Differentiating Between Wi-Fi and Non-Wi-Fi Interference One of the key advantages provided by a spectrum analyzer is the ability to distinguish among various signatures. When you compare the features to the price.4 and 5 GHz analysis) solutions. It is spread over a large portion of the 2. This spectrum analyzer connects to any PC through the USB port and allows monitoring of both the 2.4 GHz spectrum (nearly half) and it seems to lick upward in frequency ranges much like a flame.

among others. SCENARIO & SOLUTION You want to look for interference from non-WLAN devices. and 802. Protocol analyzers look at WLAN frames and provide in-depth analysis of the activity on a wireless network.11g activity in a spectrum analyzer Figure 6-5 shows what an 802. 802.11g network running on channel 11 looks like. . One of the great features of Chanalyzer is that it comes with a number of predefined templates. Would you use a protocol analyzer or a spectrum analyzer? NetStumbler falls into which category: protocol analyzer or spectrum analyzer? You would use a spectrum analyzer. 802. You can learn to recognize these patterns through use of the tools over time. It is designed for a specific purpose: locating WLANs.11g.11a signatures.11n. Notice that it seems more controlled.246 Chapter 6: Planning the Wireless LAN FIGURE 6-5 802. You have templates for microwaves. NetStumbler is an example of a very basic protocol analyzer.

. for example. Omnidirectional Antennas Without question. an 8 dBi patch antenna would be very useful. Semidirectional and Highly Directional Antennas Semidirectional antennas propagate the RF signal in one preferred direction. This antenna is the most common high-gain omni antenna used. and sector antennas. You can mount such an antenna on poles or walls (with temporary mounting glue) to test the coverage provided. is that they can be used to cover a longer more narrow area.2 dBi ■ 7 dBi This antenna is the standard rubber ducky antenna that ships with most wireless devices using such an antenna. If you perform the site survey. they are rarely used in indoor WLANs. These antennas include patch. The benefit of semidirectional antennas. For this reason. They are often used to “shoot” the RF signal down longer hallways or corridors. While some vendors sell 12 dBi antennas.Using Antennas in Site Surveys 247 CERTIFICATION OBJECTIVE 6. panel. You should include at least one semidirectional antenna in your site survey kit. You can match the antennas that will be used by the APs. You should analyze the Azimuth chart for the antennas you select. This reality is based on the fact that most APs and wireless routers ship with omnidirectional antennas. it is important that you have several antenna types in your site survey kit.06 Using Antennas in Site Surveys Using the wrong antennas is a common mistake made when performing site surveys. the actual network will perform differently than the site survey predicted. omnidirectional antennas make up the vast majority of WLAN antennas used. As an example. You will want to include the following omni antennas in your site survey kit: ■ 2. The Azimuth chart shows the propagation pattern of the antenna from a top-down view. with a 12 dBi omnidirectional antenna and then you install APs with 7 dBi antennas. Omnidirectional antennas radiate the RF signal in all directions surrounding the antenna equally—or that is their intention. You can also use semidirectional antennas to keep most of an RF signal within a coverage area by placing them on the perimeter of that area. for indoor WLANs.

Finally. however. remember that the antenna can be placed on a downward or upward tilt. Lower-gain omnidirectional antennas may even be able to provide coverage to floors above and below the AP location. you will want to document recommendations for the WLAN implementation. this information will prove valuable to you as you implement WLANs and other Information Technology solutions. Adjusting the tilt of the antenna can allow for better coverage below the antenna. It may also include an implementation plan that provides installation location specifications and configuration suggestions. and it may still provide the needed coverage at the needed distance. The highergain omnidirectional antennas. Omnidirectional antennas are excellent when placed in the center of the coverage area. will reach out farther and reach up less. Documenting Recommendations The information covered in this section. make sure you understand the directionality of gain for semidirectional antennas. When testing with patch. It’s not always obvious when dealing with patch and panel antennas.248 Chapter 6: Planning the Wireless LAN INSIDE THE EXAM Antenna Usage Remember that one of the key questions answered by the site survey is. panel.” is for your learning benefit. The section “Documenting Recommendations” continues until the section “Certification Summary” near the end of this chapter. Once you have completed the site survey. A recommendation sheet will include the needed hardware and software for the implementation. be sure to consider different antenna types as well. . be sure to look at the Azimuth and Elevation charts. You will not be tested on this information during the CWTS exam. however. “How must I implement the WLAN in order to provide the needed RF coverage within the designated service or coverage areas?” You will answer this question in more ways than one. and sector antennas. “Documenting Recommendations. Azimuth charts provide you with a top-down view of the antenna’s coverage pattern. When installing the antenna. and Elevation charts give you a side view. Instead of just considering output power settings on the APs and antenna locations.

you will want to include the following: ■ WLANs detected from within the target coverage areas ■ Channels used ■ Signal strength ■ Non-WLAN interference sources ■ Locations ■ Cause of interference (microwaves. Your site survey may effectively be a feasibility study. etc. Don’t be mislead by the fact that it’s called a recommendation sheet—in the singular—as it may be many pages long. the installers can create an appropriate plan.Using Antennas in Site Surveys 249 Recommendation Sheets A recommendation sheet will be used by the organization to plan the WLAN install based on the results of the site survey. The timing chosen is usually based on whether the organization wants to implement a WLAN regardless of the site survey results or implement a WLAN only if it is cost-effective.) ■ Suggested hardware ■ APs ■ Switches/controllers ■ Power sourcing ■ Antennas ■ Suggested configuration ■ Channels ■ Output power ■ Suggested locations ■ AP locations ■ Antenna locations If you provide this minimum set of recommendations. At a minimum. If you are the installer. phones. . Project Plans The WLAN installation project may begin after the site survey or before the site survey. this list will help to ensure that you include all of the needed elements for the installation.

The inputs to phase one are minimal. To illustrate the fundamentals of effective project management. If you would like to learn more about it.SysEdCo. Each phase involves inputs. In this phase. The goal here is not to develop a detailed project plan. the organization may choose to avoid the WLAN installation. processes. The methodology breaks IT implementation projects into four distinct phases. you are fortunate enough to have a well-designed project proposal to start with. you may be approached by the company president with the following statement. Taking the input of a simple idea. many projects are launched without much thought. The project proposal will include major goals of the project and possibly a rough definition. we can execute selected processes that result in a well-defined project. and outputs. Method 4D At The Systems Education Company. you can visit the company web site at www. The methodology is freely available and documented at the web site. As an example.com. the project is clearly and concisely defined. The processes used in the Define phase include ■ Define the project ■ Evaluate the project Defining the project involves user and manager interviews that result in a better understanding of what is required. we use a project management methodology called Method 4D. The good news is that this is exactly why the Define phase exists. In some cases. I will provide you with a high-level overview of this methodology. The goal is to develop a specific project definition and provide a project charter to the sponsor (the decision maker) for approval. it is far more common to start the Define phase with a basic idea. This process takes you from “Can you implement . The utilization of the methodology helps to ensure that the projects are implemented and managed effectively. Define Phase one is the Define phase. “Could you implement a wireless network for us?” This kind of request is usually all that we have as input to the Define phase. However.250 Chapter 6: Planning the Wireless LAN If too many APs are required or the hardware and software cost is too great. they include ■ Project idea ■ Project proposal Sadly.

Using Antennas in Site Surveys 251 a wireless network for us?” to “We will implement a wireless network that provides coverage to the entire first and second floors of our facility and supplies a minimum data rate of 24 Mbps while implementing strong WPA2 security. it will act as a baseline for decisions. you can go back to the definition and ask your project team how the requested change fits within the definition. The sponsor is often asked to sign the charter as a method of green-lighting the project. This definition is the result of the first process used in the Define phase. To be clear. A good project definition accomplishes three tasks. it will clearly define what your project is about. Such details will be provided in the Design phase. ■ The minimum data rate must be 24 Mbps regardless of the client location. The project definition states the following requirements for our WLAN implementation: ■ The first and second floors must have wireless network access from any location on the floors. here is our project definition: We will implement a wireless network that provides coverage to the entire first and second floors of our facility and supplies a minimum data rate of 24 Mbps while implementing strong WPA2 security. site survey reviews (if the site survey has already been completed). it is far better to abandon the project in the Define phase than in the Design or Deliver phase. The output of the Define phase is a project charter. ■ WPA2 security must be used. Second.” Do you see the difference? The first question is a simple idea. The goal of this process is to ensure that the project is feasible. Project charters may include the following information: ■ Project name ■ Potential start date . The second process used in the Define phase is project evaluation. This process includes cost evaluations. Project charters include several pieces of information and usually fit on one to three printed pages. If the project doesn’t make sense for the organization. Does this definition state the specific technologies to be used? No. When a stakeholder comes to you asking for a change to the project. it will be easily understood by anyone involved in the project. and possibly requirements analysis. Third. First. The second statement is a concisely detailed project definition. You will not usually want to constrain yourself to a specific technology at this point.

252 Chapter 6: Planning the Wireless LAN ■ Rough order estimate of duration ■ Rough order estimate of cost ■ Project manager name ■ Project sponsor name ■ Key project team members ■ Project definition ■ Major project deliverables ■ Roles and responsibilities The rough order estimates (sometimes called rough order of magnitude estimates) are very simple estimates that can be off by 50 percent or more. group knowledge will be provided by the project team and key stakeholders. but it also includes knowledge of business processes. You should be sure to make this clear to the project sponsor and let her or him know that more accurate estimates will be provided after project planning within the Design phase. and potential problems that your project plan will need to address. Finally. These projects may reveal costs. The inputs to the Design phase include ■ Project charter ■ Past projects ■ Group knowledge The most important input to the Design phase is the project charter. procedures. The project management processes used in the Design phase include ■ Task discovery ■ Resource selection ■ Time estimation ■ Schedule creation ■ Budget development ■ Risk analysis . This knowledge includes technical knowledge. This document will help the team focus on the actual desired outcomes during project planning. Past projects also provide valuable insights. Design The Design phase is where the detailed project plan is born.

budget. and deliverables should be documented. execution can be considered from two perspectives. Control implies that the project should be constrained within the boundaries of the plan as much as possible. The second perspective is that of the project manager. The project plan will consist of the following common elements: ■ All project charter information updated according to the Design phase process results ■ Work breakdown structure (WBS) ■ Budget ■ Schedule ■ Resource assignments ■ Hardware acquisition plan ■ Risk response plan Your project plan may have more or less information. budget. In addition. and the processes include execution and control. you will generate the key output of the Design phase: a project plan. it is very common for the project manager to also be the task worker. The desired output of the Deliver phase is the accomplishment of the definition provided all the way back in the Define phase. This activity includes monitoring of the budget. ■ Learn lessons for future projects. actual project schedules. and the scope. but this is a rough guideline to the items that should be included in the plan. who sees execution as doing the work. Deliver The Deliver phase is where the work gets done. and scope. The primary goal of the Determine phase is to evaluate the project with two major objectives in mind: ■ Ensure that the project charter has been fulfilled. . The Determine phase takes the original schedule. The first perspective is that of the task worker. In smaller organizations. who sees execution as monitoring the work. The input to this phase is the project plan. The scope is defined as the promised deliverables of the project. the schedule. and scope and compares them to the actual schedule. Of course. budgets. Determine You will know when it’s time to move to the Determine phase—all of the technical work is done.Using Antennas in Site Surveys 253 After performing these processes. Your WLAN exists.

we are not truly utilizing project management. considerations related to antenna selection were addressed so that you can select the right antennas for a site survey scenario. resulting in greater project success rates. it is in these three phases that project management succeeds or fails. CERTIFICATION SUMMARY This chapter introduced you to the concepts related to WLAN implementation planning. Both active and passive site survey tools were addressed and the issues related to manual and automated site surveys were reviewed. and over time. It is very tempting to skip the Define and Design phases of a project. .254 Chapter 6: Planning the Wireless LAN The greatest long-term value usually comes from the lessons learned analysis. However. It is also tempting to avoid the Determine phase. your project management skills and methodologies will mature. These lessons will benefit future projects. If we always jump right into the work or quickly move on to the next project without consideration of the lessons learned in the current one. Additionally. You learned about site surveys and the tools used during these surveys.

. The data rate is the total speed available on the wireless medium. ❑ Both active and passive site survey utilities read information from the WLAN in order to provide data such as the SSID. Site Survey Types ❑ Manual site surveys include the highest involvement of the wireless technology professional. but much of the data rate is consumed by management overhead. ❑ NetStumbler is a protocol analyzer dedicated to reading BSS information only. ❑ Assisted site surveys automate many tasks but rely on the wireless technology professional to make decisions as well. and signal strength of a wireless network. ❑ Power can be provided using PoE or direct connect. ❑ Protocol analyzers can be used to determine the channel. ❑ Site-specific documents include blueprints and floor plans.Two-Minute Drill 255 ✓ TWO-MINUTE DRILL Understand and Describe the Requirements ❑ Business requirements are used to choose the proper wireless technology for a given scenario. security parameters. ❑ Data throughput is different from the data rate. ❑ Automated site surveys are performed by centralized software or hardware solutions. ❑ Automated site surveys may result in overengineering. Using Protocol Analyzers ❑ Protocol analyzers allow for the analysis of the actual data traversing the wireless medium. ❑ Security requirements are used to ensure that the wireless network is implemented in a secure manner. Manual Site Survey Types ❑ Active site survey utilities transmit data to the WLAN. and signal strength. ❑ Client utilities may be used as site survey tools. channel.

❑ Semidirectional antennas are useful for coverage in long. panel. ❑ Highly directional antennas are rarely used for indoor site surveys. and sector antennas are usually called semidirectional antennas. . software. ❑ Spectrum analyzers often include signature analysis features. APs. ❑ A spectrum analyzer can be used to differentiate between Wi-Fi activity and RF noise. and hardware/software com- bination deployments. Using Antennas in Site Surveys ❑ Wireless infrastructure devices. narrow areas. ❑ The coverage pattern of an antenna is revealed on Azimuth charts. ❑ Omnidirectional antennas are commonly available in 7 and 13 dBi implementations. and routers usually come with 2. ❑ Patch. ❑ Any laptop with a USB port can act as a spectrum analyzer.2 dBi dipole antennas. ❑ Omnidirectional antennas are most useful when you need to cover wide areas from a central origination point. and these charts can be used to predict the coverage an antenna will provide.256 Chapter 6: Planning the Wireless LAN Using Spectrum Analyzers ❑ Spectrum analyzers come in hardware.

Interference B. FTP traffic Site Survey Types 4. Power over Ethernet C. What two methods can be used to provide power to WLAN devices? A. Assisted C. Ethernet over Power Line B.Self Test 257 SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Overengineering D. Business requirements B. Existing WLANs C. Existing interference sources D. Automated B. Old hardware 2. Theoretical D. Manual . Management overhead C. What is the first information set that must be defined before any other site survey activities can be performed? A. Choose all correct answers for each question. What consumes much of the data rate and reduces the actual throughput of properly implemented WLANs? A. Understand and Describe the Requirements 1. Direct connect 3. What type of site survey includes the highest level of engineering involvement? A. Read all the choices carefully because there might be more than one correct answer. Power over RF D.

what application type will you utilize? A. When you want to analyze the actual data traversing a wireless network. may be used as site survey utilities? A. When performing a site survey. Passive site survey B. RF generator D. what kind of information is usually gathered from existing WLANs? (Choose all that apply. which typically ship with wireless NICs. Automated B. Audio tuner . What kind of site survey is more likely to result in overengineering? A. Assisted site survey 6. Spectrum analyzer C. What applications. Which type of site survey is a manual site survey that involves transmission of data to the wireless network as well as the reading of information? A.258 Chapter 6: Planning the Wireless LAN 5. Automated site survey C. NIC drivers B. Client utilities C. NetStumbler D. Active Manual Site Survey Types 7. Wi-Fi Finder Using Protocol Analyzers 9. Channels used D. The actual data traversing the network B.) A. Passive D. Protocol analyzer B. SSID C. Active site survey D. Assisted C. Signal strength 8.

What feature of a spectrum analyzer would allow you to identify wireless devices based on patterns? A.) A. Multiband utilization 14. Strength analysis B. NetStumbler C. Protocol analyzers may be used to gather what information? (Choose all that apply. Dipole C. True or False. NetStumbler B. Patch B. IPConfig 11. Rubber ducky D. Spectrum analyzer D. What type of antenna allows for the propagation of RF signals mostly in one direction? A. PING Using Antennas in Site Surveys 15. SSID B. Traceroute D. Frequency analysis C. PING C. Security parameters Using Spectrum Analyzers 12. True B. Omnidirectional . Protocol analyzer B. Spectrum analyzers come in hardware implementations and are not available as add-ons for PCs. A. Actual data C.Self Test 259 10. Channels in use D. Signature analysis D. False 13. What common application is a specially designed protocol analyzer used to locate and analyze wireless LANs? A. What tool can be used to differentiate between RF noise and Wi-Fi activity? A.

Panel C. Do you still need to perform a site survey and why? . The business operates out of a small. One AP will be sufficient. What type of antenna is usually placed in the center of the intended coverage area? A. Omnidirectional D.260 Chapter 6: Planning the Wireless LAN 16. since only five users will access the wireless network. Patch B. 1400-square-foot storefront. Parabolic dish LAB QUESTION You’ve been asked to perform a site survey for a small business.

C. Detecting existing WLANs and interference sources will ˚ eventually be very important. ® A and C are incorrect. FTP traffic ✓ ® B is correct. but if you don’t know the business requirements. and D are incorrect. . Ethernet over Power Line uses the power line to send Ethernet ˚ signals.Self Test Answers 261 SELF TEST ANSWERS Understand and Describe the Requirements 1. ® A. Power over RF is being tested and implemented for RFID devices. Power over RF D. Interference B. Power over Ethernet (PoE) or direct connect may be used to provide power to WLAN equipment. Direct connect ✓ ® B and D are correct. Management overhead C. this information will be useless. Management overhead can consume half or more of the data rate. Business requirements are paramount to success and must not be overlooked. 3. FTP traffic is actual data throughput. Old hardware ✓ ® A is correct. and D are incorrect. but no WLAN equipment can utilize such a technology. 2. Existing WLANs C. Existing interference sources D. Business requirements B. What consumes much of the data rate and reduces the actual throughput of properly implemented WLANs? A. Interference does not actually consume the data rate. however. C. Ethernet over Power Line B. What two methods can be used to provide power to WLAN devices? A. What is the first information set that must be defined before any other site survey activities can be performed? A. Overengineering D. The old hardware doesn’t matter until you know what you need to accomplish. ˚ it may cause retransmissions. ® B. Overengineering is a phenomenon that occurs when using automated site surveys. Power over Ethernet C.

Manual ✓ ® D is correct. Which type of site survey is a manual site survey that involves transmission of data to the wireless network as well as the reading of information? A.262 Chapter 6: Planning the Wireless LAN Site Survey Types 4. . Assisted C. passive. Passive site surveys are manual site surveys that include only the ˚ reading of information. Assisted site survey ✓ ® C is correct. Automated site survey C. 6. Automated and assisted site surveys are not completely manual surveys. C. Active ✓ ® A is correct. B. ® A. Automated site surveys and theoretical site surveys incur the ˚ least engineering involvement. but not as much as manual surveys. Automated site surveys are more likely to result in overengineering. and D are incorrect. What kind of site survey is more likely to result in overengineering? A. ® A. Automated B. Assisted C. and D are incorrect. and active site surveys are less likely to result ˚ in overengineering than automated site surveys. Assisted. Automated B. Active site survey D. since they attempt to automatically configure the network. Passive site survey B. 5. B. Passive D. Theoretical site surveys are actually performed within software applications. What type of site survey includes the highest level of engineering involvement? A. and C are incorrect. Theoretical D. Assisted site surveys require more involvement. ® B. Manual site surveys require the highest level of engineering involvement. Active site surveys are manual surveys that include both the sending and receiving of data.

channels utilized. NIC drivers allow the NIC to operate. NIC drivers B. C. Client utilities usually ship with the wireless NIC and may be used to perform site surveys. C. ® A is incorrect. ® A. RF generator D. . ˚ 8. may be used as site survey utilities? A. Spectrum analyzers analyze the activity in the RF frequency ˚ space. SSID C. This data includes management frames such as beacon frames. C. Audio tuner ✓ ® A is correct. and signal strength are all commonly captured during a site survey. and D are correct. Using Protocol Analyzers 9. The SSID. NetStumbler and Wi-Fi Finder are both third-party applications that can be used to locate WLANs and perform basic site surveys. ® B. When you want to analyze the actual data traversing a wireless network. Client utilities C. The actual data traversing the network B. but they do not assist ˚ directly in site surveys. Wi-Fi Finder ✓ ® B is correct. RF generators generate RF energy. Protocol analyzer B. What applications.Self Test Answers 263 Manual Site Survey Types 7. what kind of information is usually gathered from existing WLANs? (Choose all that apply.) A. When performing a site survey. Protocol analyzers are used to read the actual data traversing the wireless LAN. Channels used D. NetStumbler D. Spectrum analyzer C. Audio tuners are used to tune stringed musical instruments. and D are incorrect. Signal strength ✓ ® B. and D are incorrect. The actual data is rarely captured during a site survey. which typically ship with wireless NICs. what application type will you utilize? A.

A. ˚ Using Spectrum Analyzers 12. Strength analysis B. NetStumbler can be defined as a specially designed protocol analyzer. among others. NetStumbler B. and IPConfig are all utilities for working ˚ with and troubleshooting IP communications and configurations. Spectrum analyzers come in hardware implementations and are not available as add-ons for PCs. What feature of a spectrum analyzer would allow you to identify wireless devices based on patterns? A. Protocol analyzers may gather all of this information and more. and D are incorrect. and D are correct. provides an excellent spectrum analysis solution on PCs. False ✓ ® B is correct. Signature analysis D. Actual data C. True or False. Security parameters ✓ ® A. Traceroute.) A. Signature analysis is used to identify common wireless devices and activities. .264 Chapter 6: Planning the Wireless LAN 10. 11. ® None are incorrect. ® A. ® B. C. ® A is incorrect. IPConfig ✓ ® A is correct. Traceroute D. B. The statement is not true. PING. These are common features of spectrum analyzers. C. B. PING C. The Wi-Spy solution from MetaGeek. Protocol analyzers may be used to gather what information? (Choose all that apply. Frequency analysis C. ˚ 13. Multiband utilization ✓ ® C is correct. SSID B. Channels in use D. and D are incorrect. What common application is a specially designed protocol analyzer used to locate and analyze wireless LANs? A. This is false. True B. but they do ˚ not provide the functionality specified.

16. Using Antennas in Site Surveys 15. PING is used to troubleshoot and analyze IP networks.Self Test Answers 265 14. What type of antenna is usually placed in the center of the intended coverage area? A. Panel C. and D are incorrect. and omnidirectional antennas all fit into ˚ the omnidirectional category. What type of antenna allows for the propagation of RF signals mostly in one direction? A. Rubber ducky D. Omnidirectional ✓ ® A is correct. Protocol analyzer B. . ® A. Patch B. NetStumbler doesn’t directly detect interference at all (as the engineer. and D are incorrect. ® A. Omnidirectional antennas propagate RF signals out from the antenna in a donut-like pattern. panel. Dipole. ® B. ˚ Patch and panel antennas are semidirectional. Patch B. B. and D are incorrect. PING ✓ ® C is correct. but they cannot indicate what may be causing the interference. Spectrum analyzer D. you would need to know that two WLANs on the same channel in the same area interfere with each other). Parabolic dish ✓ ® C is correct. Parabolic dish antennas are highly directional. C. rubber ducky. What tool can be used to differentiate between RF noise and Wi-Fi activity? A. Protocol analyzers may provide information that reveals inter˚ ference. Omnidirectional D. B. Dipole C. Spectrum analyzers can be used to differentiate between non-Wi-Fi and Wi-Fi-based interference sources. or yagi antenna will allow for the propagation of RF signals in mostly one direction. A patch. NetStumbler C. These antennas are all either semidirectional or highly directional.

1400-square-foot storefront.11g sufficient. or should 802. since only five users will access the wireless network. Yes. however.Your answer may vary. a site survey should still be performed.266 Chapter 6: Planning the Wireless LAN LAB ANSWER You’ve been asked to perform a site survey for a small business. . The business operates out of a small. One AP will be sufficient. Do other wireless networks exist in the same building or area? On what channel are these networks operating? What channels will work for the new WLAN? Should you use 2. Do you still need to perform a site survey and why? The following represents one possible solution to the lab. it is still important to verify the wireless activity in the area.4 GHz devices or 5 GHz? Is 802.11n be utilized? These questions represent just a few of the questions that a short site survey will answer. The good news is that the survey will probably take less than an hour.

03 Installation and Configuration Procedures Hardware Placement Common Problems and Solutions ✓ Q&A Two-Minute Drill Self Test .7 Installing and Troubleshooting a Wireless LAN CERTIFICATION OBJECTIVES 7.02 7.01 7.

In Chapter 1. we will explore some of the unique or common considerations related to each of the deployment scenarios. For this reason. we’ll look in detail at the deployment process for a basic wireless network. Starting with a hardware list and ending with the actual configuration of the clients that will connect.268 Chapter 7: Installing and Troubleshooting a Wireless LAN T he WLAN installation process is typically straightforward once the hardware has been selected and a proper site survey has been performed. After exploration of the deployment scenarios. For example. you’ll experience the most important elements of a WLAN implementation.11 deployments must utilize either the 2. those surprises will occur and the wireless technology professional has to be prepared to deal with them. the installation should go smoothly and few surprises should occur. CERTIFICATION OBJECTIVE 7. depending on the environment in which the wireless connections are implemented. This decision is . The deployment types have many considerations in common. we looked at the various deployment scenarios for WLANs from the perspective of the benefits introduced through the utilization of wireless technologies. Assuming the site survey was thorough. but from a different perspective.01 Installation and Configuration Procedures The wireless network installation and configuration process varies.4 GHz spectrum or the 5 GHz spectrum or both. the installation process will be covered in the following three phases: ■ Installation and configuration ■ Hardware placement issues ■ Common problems and solutions By following this approach. we will look at the same scenarios explored in Chapter 1. all 802. Deployment Types Each type of deployment introduces new considerations. however. you will be exposed to the most common issues that arise when installing a WLAN. For this reason. Here.

One final issue that separates SOHO implementations from enterprise installations is the budget. you may use two wireless APs as bridges and connect the original wired network to a new wired network in the extended area. we may be limited to two or three consumer-grade APs and no centralized controller. but it is performed on a much smaller scale. shopping plazas.4 and 5 GHz spectrums. At The Systems Education Company. Small Office/Home Office A small office/home office (SOHO) wireless network implementation is similar to an enterprise WLAN install. This reality means that Linksys and NETGEAR devices are far more common in SOHO installations.Installation and Configuration Procedures 269 common to all deployments. but the client must be informed of the limitations that will be imposed by such a low budget. The end result is that many SOHO installations will require negotiations with surrounding companies. If all of the frequencies are utilized by surrounding networks in both the 2. It’s not uncommon for us to receive a request for a wireless network that does not exceed $1500 to $2000. we implement from fifteen to twenty wireless networks each year. the process is very similar to a buildingto-building connection. maintenance costs may be increased slightly. With this latter model. This fact means that the SOHO organization is more likely to be closer to neighboring businesses than an enterprise implementation where the organization owns the entire building. About half of these are implemented for SOHO businesses. The following sections address these varied issues. Network Extension When implementing a network extension. However. This configuration means that the APs must be configured individually and. you may desire to extend the network as a wireless network only. Is it possible? It is possible. you must consider how many clients will be served and the . For example. These shared environments may take the form of office buildings. SOHO networks can often use consumer-grade or inexpensive enterprise-class hardware. This statement assumes that you plan to extend an existing network into another area of the building where Ethernet cabling is not implemented. SOHO installations are often performed in shared environments. In such cases. however. Due to the smaller size. and even residential areas. there are issues that must be considered for a network extension that are not usually considered for a SOHO wireless network implementation. This described scenario is much like a building-to-building connection. over the long run. some careful negotiation skills will be required.

When such tools are not available. A PtMP link is made using a semi. Mobile Offices. . Building-to-Building Connectivity Building-to-building connectivity will be accomplished with point-to-point (PtP) or point-to-multipoint (PtMP) links. you should take advantage of them.270 Chapter 7: Installing and Troubleshooting a Wireless LAN data rates that are needed. The most important task in a building-to-building implementation. lock the antennas and then add a reminder to your calendar to check the link periodically for the next year in order to catch any seasonal impact changes. will you allow unauthorized access or will you require authorization first? These factors and more must be considered.or omnidirectional antenna at a central location and semidirectional or highly directional antennas at the remote locations. once the proper antennas have been selected. many hotspot providers will force the users to first load a Terms of Use page and require agreement before continuing to the Internet. Classroom. You still have to perform the site survey and ensure that the proper channels are selected. However. each network does demand that some unique questions be answered. is antenna alignment. and industrial and healthcare implementations of wireless networks are very similar to standard enterprise or SOHO wireless networks from a technology perspective. This configuration can help prevent lawsuits and aggravated customers. In fact. Will you be offering a free hotspot or a members-only installation? With a free hotspot. a network extension that is wireless-only is not different from a normal WLAN implementation. At the very least. and Healthcare Mobile offices. Many antenna vendors offer aiming tools and software in order to better align the antennas. you can first align the antennas based on line of sight and then gradually tweak them while monitoring the signal strength of the link. Wireless Hotspots From a technical point of view. If such tools are available. Industrial. A PtP link is made using two highly directional or semidirectional antennas depending on the distance of the link. classrooms. Once you’ve located the position with the greatest signal strength. implementing a wireless hotspot is exactly like implementing a standard wireless network. Poorly aligned antennas can cause link outages and degraded throughput. The additional factor that arises with a hotspot implementation is the mode of operation. Many times antennas will be installed in the winter months and spring foliage can block the link.

The network must be secure in order to protect sensitive information related to law enforcement and private citizen data. Municipal and Law Enforcement Connectivity Two big issues quickly surface when considering law enforcement networks: security and availability. proprietary. 3G.)? Questions to ask for healthcare implementations include ■ Do any walls have special RF-blocking materials? ■ Are there any areas that must not be covered by the wireless network signals? ■ Will the users require connectivity during mobility? ■ What security methods must be used in order to comply with regulations? Of course.Installation and Configuration Procedures 271 Questions to ask for mobile office implementations include ■ Will the network need to connect to a home network through cellular. The network must be available even in disaster scenarios. desktop. laptop. unique situations will force you to ask different questions. but these questions provide a sampling of the different issues that may be faced with these different types of wireless installations. etc. Wireless network availability is usually . or satellite links? ■ Does the network need to function during mobility? ■ What range of coverage must be provided by the mobile office? Questions to ask for classroom implementations include ■ How many students will need to connect? ■ What applications will be in use? ■ Are there unique security concerns? ■ How will you prevent students from connecting with nonapproved devices? Questions to ask for industrial implementations include ■ What kind of machinery is used in the environment? ■ Are any other RF-based systems in use? ■ What kind of client devices will be connecting (handheld.

it is important to note that Wi-Fi is rarely used for the entire link chain from the subscriber to the Internet. however. the hardware is built from better components. due to the greater value that is often placed on network access in larger organizations. One of the key features that is nearly always found in enterprise-class hardware is centralized management. Security issues related to wireless networks are covered in detail in Chapters 9 and 10. Second. regardless of the actual distance. Remember that a WISP uses Wi-Fi technology for the last mile. This capability will allow for roaming with VoIP clients and inventory management clients. study the . or cellular technology to reach an area near the subscriber and then use 802. enterprise-class hardware is more expensive for two reasons. SOHO devices. WiMAX. ensure that the technology selected implements some fast roaming method that does not break the network or IP layer connection. When implementing corporate data access for users.11-based Wi-Fi to span the “last mile. Wi-Fi Installation Walkthrough This section provides you with an in-depth understanding of how to implement a wireless network by taking you step-by-step through an actual demonstration installation. among others. Typically. If the users need mobility. 3G. have minimal or no centralized management features.” The last mile may literally be a mile. 3G. but not for the entire link chain. WISPs will frequently use WiMAX. To help you understand the reason for each set of tasks. Corporate Data Access and End-User Mobility Corporate data access is no different than SOHO data access from a capability standpoint. the hardware offers more features.272 Chapter 7: Installing and Troubleshooting a Wireless LAN achieved through redundancy in the network and in the power supply. or it may be more or less. such as Linksys APs. First. you must also consider mobility. or some other network is used to connect back to the WISP’s central office and then to the Internet. Last-Mile Data Delivery Last-mile data delivery usually refers to wireless Internet service providers (WISPs). enterprise-class hardware is usually used.

you’re using Linksys WAP54G access points.Installation and Configuration Procedures 273 FIGURE 7-1 Infrastructure device locations Cell 3 Cell 1 Cell 2 Wireless Access Point Channel 11 192.2 diagram shown in Figure 7-1.1 PPTP Server Wireless Access Point Channel 6 192. In this example implementation. ■ Provide sufficient bandwidth for typical business applications such as saving Microsoft Office documents to the server. The technology used in this chapter is just a sampling of the technology available today and should not be taken as an implication of its superiority over other technologies. ■ Allow for remote VPN connections to the corporate network for select users while providing acceptable levels of security for a low-risk implementation. Existing wired clients use a standard 16-port switch and one wired server as a fileand-print server. This diagram of the facility shows the intended location of infrastructure devices and which devices will be used at the different locations in the facility. You’ll connect a new 8-port switch into the existing 16-port switch to provide the needed Ethernet ports. and web browsing.168.168. .12.3 Wireless Router Channel 1 192. ■ Provide acceptable security without the need for continual modifications of configuration settings. This router allows for remote client connections to the organization’s network. Evaluate every situation independently to select the best solution.12.168. e-mail. The organization in this example scenario has four goals: ■ Provide wireless connectivity for all future client devices. You’ll also use one Buffalo Technology Air Station wireless router with PPTP VPN end-point functionality. which are a good choice for most small business uses.12.

168. This device provides a VPN PPTP server without the need for extra software or other devices such as a Windows server running Routing and Remote Access Services.12.274 Chapter 7: Installing and Troubleshooting a Wireless LAN Installing the Infrastructure The first step to installing the wireless infrastructure is to install the new 8-port switch. 3. unplug one Ethernet cable and then plug it into the 8-port switch to provide continued support for the wired device.12. as shown in Figure 7-2.12. Test the implementation. you perform the following configuration steps: 1. Configure and install the access points.168. This leaves 6 available ports in the new 8-port switch. 2.3 Wireless Router Channel 1 192. To successfully install this wireless network infrastructure. The existing 16-port switch is located near the center of the facility. and because all 16 ports are in use. Configure and Install the Router This example implementation uses a Buffalo Technology Air Station WZR-RS-G54 broadband router (see Figure 7-3). which consists of two wireless access points and one wireless router. This device provides the needed ports to connect the wireless access points to the existing wired network.1 PPTP Server Wireless Access Point Channel 6 192. FIGURE 7-2 Existing wired network with added 8-port switch Cell 3 Cell 1 16-Port Switch 8-Port Switch Cell 2 Wireless Access Point Channel 11 192. Configure and install the router.2 .168. of which 4 are required for your implementation. Plug the 8-port switch directly into the 16-port switch. Table 7-1 lists the primary configuration settings for each of these infrastructure devices to guide you through the installation and configuration of each device.

do not connect the device to the existing network. SSID (WINET) WPA. For security purposes. Now that the laptop has the appropriate IP configuration. SSID (WINET) WPA.1. you can access the configuration interface on the wireless router. To do this. so you configure the IP settings on the local laptop to reflect those in Figure 7-4. The first step to installing this device is to configure the settings in the wireless router. connect an Ethernet cable to the available port on the router and then connect the other end of the cable to a laptop computer. WPA. This device defaults to an IP address of 192.12. As an 802. open the web browser and FIGURE 7-3 Buffalo Technology WZR-RS-G54 wireless router .168. To configure the device. SSID (WINET) Configuration Settings for Hardware Internet access is also provided through this device. it offers 54 Mbps data rates for the wireless network in the coverage cell referenced as “cell 1” in Figure 7-1.Installation and Configuration Procedures 275 TABLE 7-1 Device Wireless router Access point 1 Access point 2 Channel 1 6 11 Specific Configurations PPTP server.11g standards-based device. and it provides DHCP services to the network. Internet routing.

click Advanced to go to a configuration interface that allows you to enter everything manually. The device uses channel 1 and an SSID of WINET. A logon dialog appears. Though many wireless routers and access points provide wizards and automated configuration tools. you see the configuration interface in Figure 7-5.168. this device supports DSL or cable Internet connections. allows you to configure the SSID. shown in Figure 7-6.12.1. this interface is preferred. As you can see in Figure 7-5. Next. Because the network has very specific configuration needs. this is not the intended purpose of the device and dedicated routers designed for that purpose perform better. the cable Internet connection is really just a standard router interface using Ethernet. you configure the security of the device by changing the default logon password to something other than blank and configuring WPA for use on the local . When you click OK. In fact. however. so you could use this device to route between two internal network segments. The initial configuration screen. you generally want to perform manual configurations for greater control over the end results and a level of certainty that the device is configured properly. If you understand these settings. and other settings.276 Chapter 7: Installing and Troubleshooting a Wireless LAN FIGURE 7-4 IP Settings on laptop to configure Buffalo Air Station connect to the IP address of 192. scroll down and click Apply. as this is the default. After entering these settings. wireless channel. Enter the user name of root and leave the password field blank.

you need to configure the DHCP server settings next.12.100. The screen shown in Figure 7-7 allows for configuration of DHCP.168. so navigate to the Management link in the menu on the left side of the screen.12. Since this device will provide DHCP services to the wired and wireless LANs.12. seeing as there are far fewer than 154 devices to receive dynamic IP configuration.254.168. and then click Apply.Installation and Configuration Procedures 277 FIGURE 7-5 AirStation configuration screen wireless network. which use static IP addresses. Click Change Password and then change the password to something other than blank. include addresses from 192.1 to 192. The default logon password used to access the configuration interface is in a different location. As indicated. Access these by selecting LAN Settings and then DHCP Server from the left menu.168. The nondynamic devices.168. This provides plenty of IP addresses for the network. click Wireless LAN Security from the menu on the left.12. .101 to 192. From the screen shown in Figure 7-6. Click the TKIP radio button and enter a WPA-PSK key of 911080703. configure the IP address pool to include the addresses from 192.

the devices function in a workgroup configuration. Because the small network you’re installing uses an ISP that provides dynamic IP addresses only. or router. . out to the Internet.278 Chapter 7: Installing and Troubleshooting a Wireless LAN FIGURE 7-6 Configuring the SSID and wireless channel If the environment in which you were implementing this wireless network included a Microsoft Active Directory network. you do not have to configure the WAN settings. This device comes preconfigured to receive dynamically configured IP settings from the WAN port interface. configure a dynamic DNS service and then configure the PPTP server that is built in to the Air Station device.The Buffalo Air Station acts as the DHCP and DNS server for the network as well as the default gateway. The final step is to configure the device to support PPTP VPN connections from the clients connecting through the Internet. you would probably be hosting both the DHCP and DNS on a Microsoft server. In this case. To use this effectively.

Figure 7-8 shows the configuration screen for dynamic DNS. The dynamic DNS services work like this: 1. Otherwise. . The device communicates with the dynamic DNS service at regular intervals to inform the service of the current IP address associated with a particular domain name. you must create an account with DynDNS. using a dynamic DNS server simplifies the connectivity to the VPN server in the router.Installation and Configuration Procedures 279 FIGURE 7-7 DHCP settings To configure dynamic DNS. Before these settings will work properly. Because the ISP provides a dynamic IP address. you couldn’t save a permanent VPN configuration setting file. DynDNS provides dynamic DNS so that a nonstatic IP address provided by your ISP can be used for access to the network from the Internet. click the WAN Settings option on the left and then select the Dynamic DNS option.

Because the Buffalo Air Station supports only PPTP VPNs internally. The device comes with a built-in antenna that lacks communication . and you can connect to the wired infrastructure. Click the PPTP Server option on the left menu. 3. Now that you’ve configured dynamic DNS. The router is now configured and secured. allow only the highest encryption and authentication level for this system. allowing the client to create a VPN tunnel. As shown in Figure 7-9. as shown in Figure 7-9. The clients that wish to connect configure their VPN client software to connect to the domain name. The dynamic DNS service dynamically resolves the domain name to the current IP address.280 Chapter 7: Installing and Troubleshooting a Wireless LAN FIGURE 7-8 Dynamic DNS configuration 2. you can configure the final setting for this router: the PPTP server. the configuration is simply one of deciding to enable the service and what encryption levels to use.

I’ll walk you through the configuration and installation of only one access point in detail. for moderate security needs. be very careful. so there’s no need for extension cables or repeaters between the device and the switch port. plug the Ethernet cable into an available switch port and plug the power cable into an outlet and the device is live on the network. note that the device is located in the switch closet. For this reason. With the 7 dBi antenna connected to the device. When connecting to an MC connector. which has received much press for being insecure.Installation and Configuration Procedures 281 FIGURE 7-9 PPTP server configuration range. you’ll connect an external antenna to the MC antenna connector. as they are among the easiest to damage. However. the service suffices. Configure and Install the Access Points Both of the access points are configured identically with the exception of the IP address and wireless channel. This implementation does not require high levels of security. . This device uses a PPTP VPN protocol. so PPTP serves the needs of the organization. Also. For this reason. You’ll use the Linksys WAP54G access point for this exercise.

configure the laptop’s IP settings to 192. To see an example of the WAP54G that you’re configuring.1.168.282 Chapter 7: Installing and Troubleshooting a Wireless LAN You configure the access points in much the same way as you do the router. Because this device defaults to an IP address of 192. change the IP address to 192.255. On the very first screen. enter the password of admin in the logon dialog with no user name. you configure the wireless settings. The SSID and channel are both configured on the same screen shown in Figure 7-10.12. First connect the access point to your laptop and then configure the laptop’s Ethernet port to the appropriate settings. After logging on again. When you first access this access point by connecting to 192.168. refer to Figure 4-4 in Chapter 4.2 and the default gateway to 192. Leave the device in FIGURE 7-10 Configuring the basic wireless settings . Click Save Settings and wait for the access point to restart.168.200 with a subnet mask of 255.

Installation and Configuration Procedures 283 FIGURE 7-11 Wireless security configuration mixed mode. Other than these settings. It defaults to admin. Select WPA-Personal. Configure the channel to 11 and the IP address to 192.3. The final setting to configure is the logon password for the management interface. so place it on channel 6. The next settings you’ll configure are the wireless security settings. as this allows both 802.11b and 802. Now repeat these steps with the second Linksys WAP54G access point.11g devices to connect to the network. you must change it to something more secure. This device is located in cell 2. (This setting is the same as the WPA-PSK settings in the Buffalo Air Station router.168. everything else is the same. and because this is well known.12. The final step is to run the cable and connect the access points to the network using two 150-foot Ethernet cables to connect the access points to the central .) Use the same settings for Passphrase and Key Renewal as used for the Air Station. as shown in Figure 7-11.

it’s time to install the client devices. I’ll show you how to perform the following configuration tasks: ■ Install a PCI client device. Some devices require that you install the drivers before you install the card in order for the installation to complete successfully. the infrastructure is working as planned. If you notice problems. ■ Configure a client to connect with VPN. With the cables installed and the access points plugged into the Ethernet and outlet power. In addition. Assuming you’re running a plug-and-play–compatible system. ■ Install a PC card client device. These cables run under the floor to the locations of the access points in cells 2 and 3. shown previously in Figure 7-1. you power on the computer and install the appropriate drivers. you can usually insert the CD from the manufacturer and let the wizard install the proper drivers. Some of the systems in this organization will use PCI devices in desktop computers and others will use either built-in wireless or PC card wireless devices in laptops. The first step you take to install a PCI wireless card is to remove the cover from the machine and insert the card itself. If the device connects and has ample throughput and data rates. You can test at each stage along the way or after the entire infrastructure has been installed. the specialized . Install a PCI Client Device Most desktop computers that are configured for wireless networks use a card that plugs into an available PCI slot or else a USB wireless device. such as Windows XP. At this point. the infrastructure installation is now complete. Figure 7-12 shows an example of a wireless PCI card being installed. Installing the Clients Now that the wireless infrastructure devices are in place. ■ Configure a built-in wireless device. Connect a client device to the network using the appropriate security settings. you may need to perform some of the troubleshooting tips listed later in this chapter. you’ll eventually see a screen informing you that new hardware has been discovered.284 Chapter 7: Installing and Troubleshooting a Wireless LAN switch in the closet. Once you’ve done this and replaced the cover. Test the Implementation Test the implementation to verify proper configuration. To understand the steps needed for all client connection types.

Don’t be alarmed if a warning about unsigned drivers pops up. If you’re connected to a wireless network. A screen similar to the one in Figure 7-14 appears. Once setup is completed. Now that the drivers are installed. you’ll be asked for the passphrase. Inc. Always be sure to apply appropriate service packs and patches to your clients. . Assuming the drivers have been installed correctly and your system is configured to use the Windows Wireless Zero Configuration (WZC). the PCI card is configured and operational. and the data packets that have been sent and received. you’ll configure the device with the built-in wireless services. this dialog box gives you the connection information. This information includes the name of the network.Installation and Configuration Procedures 285 FIGURE 7-12 D-Link wireless PCI card (Photo Courtesy of D-Link Systems. you can connect to the wireless network easily by clicking Start and selecting Connect To and Wireless Network Connection. the length of the connection. In this example. Type in the phrase used earlier (911080703) and then connect to the network. the speed and strength of the connection. you can configure the card to access the installed wireless infrastructure. If you select the network and click Connect. depending on whether you are using the wireless client software written for the device or the Windows XP built-in wireless services. These warnings are part of the Windows 2000 and XP operating systems and do not necessarily indicate that the drivers will be problematic. If you’re connected to a wireless network.) client software that comes with the device is not usually installed if you just install the drivers in this way. You’ll see the dialog shown in Figure 7-13. you can see the available networks by clicking the View Wireless Networks button. The network you’ve configured uses WPA for securing the wireless links. The method you use for this configuration varies. as long as you know the drivers you are installing came from a credible source.


Chapter 7:

Installing and Troubleshooting a Wireless LAN


Wireless Network Connection dialog


Available wireless networks screen

Installation and Configuration Procedures


Install a PC Card Client Device If your installation includes laptops without built-in wireless connectivity, you’ll have to decide on a method for providing wireless support. For this installation, you’ll use the Proxim Orinoco 11b/g Gold card as shown in Figure 7-15. This card works with any 802.11b or 802.11g network and supports the WPA requirements of the network you’ve built.
Another advantage of the Orinoco 11b/g Gold card is its support for an external antenna. Other PC Cards provide this support as well, but most cards include a built-in antenna with no expandability.The use of an external antenna with this card is valuable for site surveys and security penetrationtesting scenarios. Similar to the PCI device, the first step to installing this card is to install it physically in the computer. Because the card is a PC Card, you can install it while the laptop is on, or you can install it while the laptop is off and then power the laptop on. I suggest installing the software from Proxim first and then inserting the PC Card. When you insert the accompanying CD-ROM and launch the SETUP.EXE program, you’ll see a screen like the one shown in Figure 7-16. When you click Next, installation begins. You’ll be asked to accept the license agreement and then you must decide if you want to install the driver only or the driver and the Orinoco Wireless Utility. For this example, you’ll install both. After you select the file location and the Program Group name, the file copying process begins. Once it’s complete, a quick click of the Finish button finalizes the operation.


Orinoco 11b/g Gold card (Photo Courtesy of Proxim Wireless)


Chapter 7:

Installing and Troubleshooting a Wireless LAN


Orinoco installation program

When you insert the wireless card into an available PC Card slot, it’s detected automatically. You can then launch the wireless client utility from Orinoco. If WZC is turned on, the utility gives you the option to turn it off. Elect to do so and you are presented with the screen shown in Figure 7-17. To configure the device for the WINET wireless network, select the Profile Management tab and click Modify. Here you can enter the SSID. Then you click the Security tab, where you can configure the WPA settings. Figure 7-18 shows the resulting dialog screens. With these configuration parameters set, the client is ready to use the wireless network. If a wireless client is receiving weak signals or dropped connections with this configuration, provide the client with an external antenna (using an MC connector type) to provide better signal reception and transmission. Remember, the MC connecter type is susceptible to damage, so use them with caution.

Configure a Built-in Wireless Device Built-in wireless devices in laptops are usually preconfigured from the manufacturer; however, newer device drivers may be available and may improve performance, so you should evaluate this. Once the

Installation and Configuration Procedures



Orinoco client utility

drivers are installed, you can usually configure the device through the Device Manager in Windows-based systems. The screen in Figure 7-19 shows the configuration interface provided by the Device Manager.

Configure a Client to Connect with VPN As you may remember, the original specifications for this installation stated that a user should be able to connect to the network from home using an Internet connection and a VPN client. You configured


Security configuration screens


Chapter 7:

Installing and Troubleshooting a Wireless LAN


Configuring a builtin wireless device

the VPN service in the Buffalo Air Station router, so all that’s left to do is configure the clients to connect to the VPN server. You can do this yourself, or users can do it according to your instructions. Either way, assuming they are using Windows XP, you can create a VPN connection to a PPTP-based VPN server easily. To create the VPN connection, follow these steps: 1. Click Start and select Connect To and Show All Connections. 2. Click the Create A New Connection option on the left-side menu (Figure 7-20). 3. Click Next. 4. Select Connect To The Network At My Workplace and click Next. 5. Select Virtual Private Network Connection and click Next (Figure 7-21). 6. Enter a company name or a name for the connection and click Next. 7. Enter the domain name pptp.vpn4-winet.net, which is the name used through dynamic DNS to connect to the Buffalo Air Station router (refer back to Figure 7-8 earlier in this chapter). 8. Click Next and then click Finish.

Installation and Configuration Procedures



Create a new connection.

You’ve created the connection, and because of the default settings, you can actually connect immediately. After configuring the connection, you will see the dialog in Figure 7-22. Here you enter a user name and password created in the internal database on the Buffalo Air Station PPTP server. If you want to verify the settings for the VPN connection, click the Properties button in the connection authentication dialog. After the Properties dialog is


Selecting Virtual Private Network


Chapter 7:

Installing and Troubleshooting a Wireless LAN


Connection authentication dialog

displayed, click the Networking tab. Here you can select either PPTP or L2TP for the VPN type. You can also choose Automatic and let the software determine what the server supports. The client uses whatever the server supports that is the most secure. Figure 7-23 shows this screen.

Selecting the VPN tunnel type

Hardware Placement


You are installing a new wireless AP right out of the box. Should you connect it to the live network and then configure it, or should you configure it while disconnected from the live network? You should configure the device while disconnected from the live network. If the device is connected to the live network—even for a brief period of time— without being properly configured, it may introduce an opportunity for an attacker to gain access to your network.


Hardware Placement
In most cases, when an effective site survey was performed, the installation will go smoothly; however, there are certainly times when problems occur. One potential set of problems is related to hardware placement.

Dealing with Difficulties
Common hardware placement difficulties include attempting to install APs in areas where they cannot easily be placed and attempting to connect APs beyond the reach of Ethernet cable limitations.

Areas Where APs Cannot Be Placed
There are two primary solutions to this problem: either add a physical structure for mounting or install only the antenna in the desired location. Many APs can use external antennas, and you may be able to run a cable between the AP and the antenna. This method allows for the AP to be installed in one location and the antenna to be placed in another. If you choose this solution, be sure to check with the vendor for proper FCC compliance and to supply any needed amplification to counter the losses incurred from the cable run. The alternate solution is to build or implement a physical structure for mounting. If the AP is to be mounted outdoors, you can purchase enclosures that are weather safe and install the AP within the enclosure. If you had planned to locate an AP in


Chapter 7:

Installing and Troubleshooting a Wireless LAN

You had planned to install an AP with a dipole antenna in the center of a desired coverage area. The area provides no installation point. What can you do? Use semidirectional antennas, such as patch and panel antennas, at the perimeter of the area. This can provide the same or better coverage without the inconvenience that is sometimes introduced by central omni antennas.

the center of a coverage area, but that center location lacks a mount point, you may be able to use a semidirectional antenna at the perimeter of the coverage area. This last solution is a common quick fix for site survey recommendations that suggest the use of omnidirectional antennas only.

Areas Beyond Ethernet Limitations
It is not uncommon to desire that an AP be placed in an area that is well beyond the reach of Ethernet cable runs. A category 5 (CAT 5) or category 6 (CAT 6) cable can be up to 100 meters (in US, ~300 ft) in length. What do you do when you need to install an AP 200 meters away from the nearest Ethernet switch? You have two primary options: install Ethernet repeaters or use a range extender. Ethernet repeaters receive the incoming signal from one cable and transmit it out the other. Repeaters can often extend the length to the desired range; however, this solution will require a cable run. The alternative to Ethernet repeaters is, effectively, a wireless repeater. A wireless repeater is usually called a range extender. The device operates off of a simple premise. It listens Remember that a range to an AP close to the Ethernet switch and extender can be used to provide wireless acts as the AP to clients at a greater distance. coverage at a distance far away from If clients could connect to the AP near the the AP. A range extender is much like an Ethernet switch from 80 meters away, they’ll Ethernet repeater for wireless links. now be able to connect from 160 meters away. With the right combination of Ethernet cables to the AP near the Ethernet switch and channels between the range extender and clients, you can easily reach 200 meters away from the switch.

Common Problems and Solutions



Common Problems and Solutions
After the WLAN is installed, you will need to test the network. This testing is performed in order to verify accurate operations. When you perform the test, you are likely to encounter common problems, including
■ Decreased throughput ■ Connectivity issues ■ Weak signal strength

In addition to these issues, you’ll have to maintain the network. While Chapter 8 will provide more in-depth information relating to optimizing the WLAN, you will learn about firmware and driver updates in this section.

Decreased Throughput
An intentional part of the 802.11 standard is Dynamic Rate Switching (DRS). DRS adjusts the data rate in order to reduce retransmissions. If the data rate remains high when the client is farther from the AP, it will result in so many retransmissions (due to interference resulting in frame corruption) that the actual throughput is greatly reduced. These retransmissions hurt other clients as well, since the wireless medium is being consumed for the transmission of the same information multiple times. For this reason, part of the 802.11 standard accommodates data rate changes. The goal is simple: maintain the same throughput by reducing the data rate and, therefore, reducing errors and retransmissions. If you are experiencing decreased throughput and the data rate is also being lowered, the only solution is to increase the output power of the AP and client or to move closer to the AP. DRS is a positive thing. If you are experiencing decreased throughput Lowering the data rate provides an overall and the data rate is not being lowered, check benefit to all connected clients. Keeping for interference sources or for other clients a higher data rate does not improve connecting to the same AP that have throughput from longer distances. disabled DRS.

but it is partly true. Why do these connectivity issues keep cropping up? Just saying that it’s the nature of the beast doesn’t make us feel any better. Look for new walls. Verify that the antenna is connected (I’ve seen users disconnect the external antenna more than once). and other changes that could block. If the network uses a preshared key and that key has been changed. not showing an active wireless connection. but you cannot use the they can include bugs. suspect the security settings. NIC drivers are simply software point.296 Chapter 7: Installing and Troubleshooting a Wireless LAN Connectivity Issues One of the common complaints about wireless networks is related to connectivity problems. If your operating system is showing applications. Additionally. large cabinets. reflect. Ask the user if any changes have been made. Make sure the wireless NIC is still connected and operational. higher-gain antennas may provide a permanent solution. try moving the client closer to the AP. often solve connectivity problems. If just one client is having connectivity problems. and they will not function properly until they are updated. If weak signals are the problem. partitions. but sometimes the impact may surprise you. you should suspect the client. and like any other application. The nature of RF is that small changes in an environment can drastically alter the way the signals propagate throughout that environment. You can install the higher-gain antennas either at the AP (if this action does . a connection. No Connectivity Changes to the environment are always suspected when clients suddenly have no connectivity. Check the security settings as well. but you cannot utilize the network. you should check the client security settings are not an issue at that driver. Most indoor changes are minimal in their impact. Intermittent Connectivity The most common cause of intermittent connectivity is a toss-up between interference and weak signals. all of the clients will need to be updated. Suspect security configuration settings any time the operating system says you are If your operating system is connected. absorb. Updating the driver can network. or scatter the RF signals. Users may also reconfigure their wireless client to use an old key if they are not aware that you’ve configured their machine for a new key. This fact is particularly true if you know that the AP is still up and running. If the problem is resolved.

An example of this is a microwave oven. suspect a device permanently in the environment.4 GHz ISM band. not cause problems for the rest of the network) or at the client. it’s easy to write off the situation as user error. when you arrive. If we’re not careful.4 GHz spectrum and not just the higher channels. more signal strength will be needed to maintain higher data rates. If the problem just started.11 standard within the 2. If the connectivity problem has been occurring for some time. You may be able to adjust the output power in the AP in order to resolve signal strength issues. but the interference they cause may not be problematic to devices that are closer to the AP. an attack against your network could be under way. At other times. it is more likely that an intermittent interference source is the problem. Many microwaves operate (roughly) in the range from channels 5 to 11 of the 802. Weak Signal Strength Weak signal strength can be identified using the client tools in the computer or free applications like NetStumbler. however. the microwave may all but drown out the signals from the AP. you may have to upgrade the AP antenna or replace the client wireless NIC entirely. check the signal strength.Common Problems and Solutions 297 INSIDE THE EXAM Wireless Connection Problems Certainly. the most common complaint about wireless networks (after security) is related to connectivity. the connection is stable. Intermittent connectivity problems are some of the hardest to analyze. using high-gain antennas may be helpful. Some older microwave ovens will operate in the entire 2. Since many clients do not support external antennas. The microwave is not designed to work in those channels. Any time users complain of poor performance on the WLAN. . If a microwave is near a client and that client is far from the AP. In an environment that is noisy (understood as RF noise). The problem is that. Many devices cause interference. The user may lose her connection three or four times in a five-minute window and then call you for help in frustration. the channels just happen to use the frequency range that is best absorbed by water. In both situations. you can use a spectrum analyzer (as referenced in Chapter 6) to locate the interference.

298 Chapter 7: Installing and Troubleshooting a Wireless LAN EXERCISE 7-1 Using NetStumbler ON THE CD CertCam In this exercise we are going to use NetStumbler to monitor signal strength during mobility. 3. Viewing WLANs 1. move approximately 100 feet away from the AP. This is particularly true when there are several walls between you and the AP. Note the new signal strength. Finally. expand the Channels node in order to view the detected active WLAN channels. Launching and Configuring NetStumbler 1. Move approximately 20 feet away from the AP. 2. 2. you must transition to maintenance mode. ensure that Enable Scan is checked. There are three major tasks you must perform to keep your environment stable and secure: . Move approximately 40 to 50 feet away from the AP. you install updated drivers and apply updated firmware from the manufacturers to keep your environment secure and provide users with the latest features and capabilities of the Wi-Fi world. Performing Device Upgrades Installing a wireless network is only the beginning of your responsibility if you’re the network administrator for the organization. In the left pane. 4. In this mode. Launch the NetStumbler application from the Start menu or the Desktop icon of a laptop computer that is powered by battery. you may completely lose the connection at only 100 feet. Note the new signal strength. Expand a channel to view networks and click a network to view the signal strength graph. Once you’ve installed the network. Do you still have a connection? In some cases. 5. Click the Device menu and select the appropriate NIC. You will want to start the exercise in a location within a few feet of the AP. 3. On the File menu.

Common Problems and Solutions 299 ■ Applying firmware ■ Updating client drivers ■ Updating clients and servers Applying Firmware Depending on the manufacturer. Some manufacturers release new firmware revisions on a near quarterly basis while others release a fix rollup shortly after the product is released with few revisions or updates after that. you can receive updated firmware automatically or you can download it manually. It is usually your responsibility to go to the web site and download the firmware. FIGURE 7-24 WAP54G Firmware Download page . Figure 7-24 shows the firmware download page for the Linksys WAP54G used earlier in this chapter.

300 Chapter 7: Installing and Troubleshooting a Wireless LAN Updating Client Drivers Because a wireless client device may have been stored in a warehouse for months. however.2.1. Updating Clients and Servers Much of the literature related to wireless security and installation assumes the wireless network exists in some sort of black hole all by itself. The Orinoco Gold card used earlier in this chapter shipped with drivers at version 3. Figure 7-25 shows the Version tab for an installed Proxim card before and after the driver upgrade. Either way. FIGURE 7-25 Proxim drivers. Actually the wireless network is just the point of access to the much larger organizational resource pool. check for newer drivers after the install. You can view the version of the installed driver in the Device Manager if you are using a Windows-based computer.6. old and new versions . You might consider using automated update services such as Microsoft’s Software Update Services (SUS). To keep your wireless network secure. you must keep the devices on the network— clients and server—secure as well by patching the machines when security vulnerabilities are discovered and applying appropriate service packs and updates. You can also configure the service to download the updates and wait for approval before distributing the update to the computers on the network. version 3.0. These services download patches from the manufacturer and allow you to distribute them automatically to your network computers. or even years. these services can save you many hours of labor.1.19 is available for download from the Proxim web site at the time of this writing.

In this section we looked at the causes of decreased throughput and connectivity issues. The second objective was hardware placement issues. We also explored the methods for detection of weak signal strength and device upgrades. We covered both the inability to install an AP in a needed area and the lack of Ethernet connectivity where the AP should be located.Certification Summary 301 CERTIFICATION SUMMARY This chapter covered three important CWTS certification objectives. It also includes the actual steps involved in a typical wireless network installation. The final objective was common problems. . The first was installation and configuration procedures. This objective includes understanding the different type of installations and the issues they present.

❑ Industrial environments may introduce electromagnetic interference that is generated by machinery.302 Chapter 7: Installing and Troubleshooting a Wireless LAN ✓ TWO-MINUTE DRILL Installation and Configuration Procedures ❑ SOHO installations often take place in shared facilities. ❑ Wireless range extenders may be used to allow a wireless network to reach a distant location. ❑ A network may be extended into remote locations as a pure wireless extension or as a wireless bridge link between two wired networks. Repeaters are usually less expensive.11 DRS behavior. Hardware Placement ❑ Many APs support detached antennas so that the antenna can be mounted separately from the AP. . ❑ Outdoor enclosures may be used to install an AP in an area that would otherwise be exposed to weather. 3G. ❑ Ethernet switches may be daisy-chained to form a pseudo-repeater chain. ❑ A mobile office may include connectivity to a central location through WiMAX. ❑ Wireless hotspot installations require that a decision be made between open access and authorized access. ❑ Building-to-building connections are either PtP or PtMP. ❑ Wi-Fi-based last-mile delivery uses Wi-Fi technology for only the last section of the connection to the subscriber. ❑ Decreased throughput may be the result of normal 802. Common Problems and Solutions ❑ Decreased throughput may be caused by interference. or satellite connections. ❑ Ethernet repeaters may be used to extend the reach beyond 100 meters. ❑ Improper security settings may result in no connectivity. but the switches may be used if Ethernet ports are needed along the chain as well.

❑ Firmware upgrades often resolve faults in the original deployment of infrastructure and client devices.Two-Minute Drill 303 ❑ Interference or weak signals may cause intermittent connectivity. ❑ Signal strength may be improved by increasing the output power at the AP. . ❑ APs usually require firmware upgrades. whereas clients usually require driver upgrades. ❑ Signal strength may be improved by moving closer to the AP or by installing higher gain antennas.

The link from the WISP to the 3G infrastructure D. Complex controller or WLAN switch configurations D.) A. The links within the 3G infrastructure 3. What portion of the connection to the subscriber uses 802. What kind of wireless application does this represent? A. Total wireless extension C. The entire chain C. Network extension . Choose all correct answers for each question. You have implemented an outdoor PtP link that spans approximately one quarter of a mile and uses 802. Token-ring extenders 5. Interference from neighboring networks B. Co-channel interference B. The last section B. Which of the following are common issues encountered when installing SOHO wireless networks? (Choose all that apply. Ethernet repeaters D. Building-to-building B. Audio noise D.304 Chapter 7: Installing and Troubleshooting a Wireless LAN SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Installation and Configuration Procedures 1. Vibrations 4. What problem may be introduced by machinery running in industrial environments? A. Complex RADIUS implementations 2.11 standards in a WISP last-mile configuration? A. Electromagnetic interference C. Read all the choices carefully because there might be more than one correct answer.11b technology. Limited budgets C. What two methods may be used to extend a network into a remote location using Wi-Fi technology? A. Wireless bridging B.

Satellite Hardware Placement 7. B. Wi-Fi hotspot D. Implement WPA2.Self Test 305 C. DNS C. 802. Interference D.11 standard and may result in decreased throughput? A. The signal must radiate from the center of the coverage area. WiMAX B. and the AP being used does not support PoE. Wireless range extender B.) A. Common Problems and Solutions 10. D. Ethernet repeater D.11 network back to a central office? (Choose all that apply. B. C. 3G C. What can you do to protect an AP installed in an outdoor. Buy a converter that connects to the Ethernet port of the AP and converts it into a PoE AP. D. Mobile office 6. Ethernet NIC 9. Buy a switch that powers non-PoE APs. Install the AP near the power supply and the antenna in the center area. What type of connections are frequently made to connect a mobile office 802. What is used to extend the reach of Ethernet cables beyond 100 meters? A. Which of the following is part of the 802. 8. C. Install the AP on a tower. The center point does not provide power. Install the AP in the center area and the antenna near the power supply. Wireless repeater C. Implement WPA.11g . What can you do to install this AP? A. weather-exposed area? A. You need to install a wireless network within a building. Install the AP in a weather-proof enclosure. Cellular D. DRS B.

All of the devices that operate in the area will utilize 802. but the client wants to use wireless technology for the network extension as well as the local connections within the coverage area. Move the client closer to the AP. How can you improve signal strength? (Choose all that apply. Client NIC 13. The area that needs coverage is approximately 250 meters from the nearest Ethernet port. In addition to DRS. No wireless networks currently exist. Removing security settings D. Interference C. What may need upgraded in an AP in order to repair faults in the software? A. 12. Worms and viruses 14.11n wireless client NICs. Memory C.306 Chapter 7: Installing and Troubleshooting a Wireless LAN 11. Intermittent connectivity B. You are performing a device driver upgrade. C. D. Increase the output power. Switch C. B. Insecure operations C. Firmware D. Install higher-gain antennas. Higher data rates B. Secure operations D. Decrease the input power. What is often caused by weak signals or interference? A. Hub D. Connecting on the wrong channel 15. what else may cause decreased throughput? A. Antennas LAB QUESTION You’ve been asked to install a network extension into a previously unserviced area for a client. Device driver B. AP B.) A. What device are you most likely working with? A. What would you suggest to this client? .

and D are incorrect.11 standards in a WISP last-mile configuration? A. Co-channel interference occurs only when other 802. C.) A. Limited budgets C. ® C and D are incorrect. Interference from neighboring networks is common because many SOHO businesses operate in shared space. While enterprise installations have controlled budgets. Interference from neighboring networks B. and D are incorrect.11 standards. SOHO installations also have limited budgets. they are usually sufficient to allow for complex centrally managed solutions. Electromagnetic interference C. What portion of the connection to the subscriber uses 802. 2.11 standards. Vibrations ✓ ® B is correct. Audio noise D. Which of the following are common issues encountered when installing SOHO wireless networks? (Choose all that apply. The entire chain C. The last section B. ® B. ® A. C. Complex RADIUS implementations ✓ ® A and B are correct.11 ˚ equipment is present. Only the last section will usually use 802. The motors in the machines may generate electromagnetic interference. The link from the WISP to the 3G infrastructure D. Complex controller or WLAN switch configurations D. What problem may be introduced by machinery running in industrial environments? A. Audio noise and physical vibrations will not interfere with WLAN communications. 3.Self Test Answers 307 SELF TEST ANSWERS Installation and Configuration Procedures 1. Both of these answers represent enterprise or corporate wireless ˚ networks and not SOHO installations. Co-channel interference B. These section usually use WiMAX or 3G standards instead ˚ of 802. The links within the 3G infrastructure ✓ ® A is correct. .

Wi-Fi hotspot D. . Though all of these technologies are used today. What two methods may be used to extend a network into a remote location using Wi-Fi technology? A.) A. Token-ring extenders ✓ ® A and B are correct. Mobile offices provide wireless networks to temporary facilities.11 network back to a central office? (Choose all that apply. Total wireless extension C. cellular links are ˚ becoming less common.11b technology. 3G C. Satellite ✓ ® A. and D are incorrect. WiMAX B. Wireless bridging B. All of these technologies are used to connect mobile offices to central offices. 6. Ethernet repeaters do not fall into the Wi-Fi technology category. Wi-Fi hotspots ˚ are built to provide public access within a specified area. Mobile office ✓ ® A is correct. What type of connections are frequently made to connect a mobile office 802. Network extensions are built within facilities. You have implemented an outdoor PtP link that spans approximately one quarter of a mile and uses 802. and D are correct. ˚ Token-ring extenders do not exist. Cellular D. What kind of wireless application does this represent? A. Wireless bridging is used to connect a new wired network in the extended area to the existing wired network. since they provide low data rates. C. Ethernet repeaters D.308 Chapter 7: Installing and Troubleshooting a Wireless LAN 4. 5. Network extension C. ® None are incorrect. Building-to-building B. C. Total wireless extension is used when only wireless connectivity is needed in the newly covered areas. ® C and D are incorrect. ® B. B. Building-to-building wireless applications are either PtP or PtMP and are used to establish connections over greater distances.

Implementing WPA or WPA2 will do nothing to protect the ˚ physical AP. Ethernet repeaters are used to extend the range of Ethernet cables. 9. D. Ethernet NIC ✓ ® C is correct. but they do not extend the range of the network. Ethernet repeater D. Buy a converter that connects to the Ethernet port of the AP and converts it into a PoE AP. and D are incorrect. Buy a switch that powers non-PoE APs. Install the AP on a tower. and the AP being used does not support PoE. Wireless range extenders and wireless repeaters are essentially ˚ the same thing. Installing the AP on a tower without a weather-proof enclosure will do nothing to protect it and may further expose it to weather damage. and retransmits it on another cable. What is used to extend the reach of Ethernet cables beyond 100 meters? A. The repeater does not technically extend the cable range. ® A. C. The center point does not provide power. weather-exposed area? A. B. Wireless repeater C. Wireless range extender B. ® A. they extend wireless network ranges. Install the AP in the center area and the antenna near the power supply. ✓ ® C is correct. and D are incorrect. amplifies it. Install the AP near the power supply and the antenna in the center area. B. not Ethernet cable ranges. B. Implement WPA. An unmentioned solution is to purchase an AP that is ruggedly designed and is itself weather-proof. The signal must radiate from the center of the coverage area. What can you do to protect an AP installed in an outdoor. You need to install a wireless network within a building. D. B. Install the AP in a weather-proof enclosure. Implement WPA2. Installing the AP in a weather-proof enclosure is the only way to protect it outdoors. but it receives the signal from one cable.Self Test Answers 309 Hardware Placement 7. C. . What can you do to install this AP? A. 8. Ethernet NICs are used to connect to an Ethernet network.

and D are incorrect. B. DRS B. Move the client closer to the AP. you should verify that the loss incurred from the RF cable is not significant. Answer A does not resolve the issue. Decrease the input power. C. and C are correct. You can improve signal strength by moving the client closer to the AP. DNS is used to resolve domain names to IP addresses on IP ˚ networks. ✓ ® A. How can you improve signal strength? (Choose all that apply. Install higher-gain antennas. ® D is incorrect. Hub D. and D are incorrect. Increase the output power. What device are you most likely working with? A. In such an installation. C. Common Problems and Solutions 10. No switch can power a non-PoE AP. you will reduce the signal strength. If you install the AP near the power supply and the antenna in the center of the coverage area. 12. You are performing a device driver upgrade.11g does not result in decreased throughput. Interference is not part of the 802. B.310 Chapter 7: Installing and Troubleshooting a Wireless LAN ✓ ® B is correct. or increasing the output power of the AP and/or client. ® B. Client NIC . 802. you will accomplish the same performance as if you had installed the AP in the center area. since the AP is still unable ˚ to be powered. DRS intentionally reduces the data rate in order to maintain a stable connection. 11. and there are no such converters as described in answer D. If you decrease the input power (by installing an attenuator between the ˚ antenna and the client NIC).11g ✓ ® A is correct. 802. AP B. Switch C. Interference D. DNS C.11 standard and may result in decreased throughput? A.11 standard. installing higher-gain antennas. Which of the following is part of the 802. ® A.) A. C. D.

since encryption overhead is removed. In addition to DRS. Interference C. Worms and viruses are actually less likely to spread across weak signals. 15. B. what else may cause decreased throughput? A. Memory ˚ would not resolve a software fault. Antennas ✓ ® C is correct. Removing security settings D. 14. ® A. and C are incorrect. Interference is the only item listed that may cause decreased throughput. Removing security settings may increase throughput. and you usually cannot upgrade the memory in even enterprise-class APs. Device drivers are usually used on client computers. switch. The AP. Firmware D. Secure operations D. but ˚ rarely device drivers. and D are incorrect. Memory C. since the connection may not last long enough to transfer the worm or virus. Changing antennas will do nothing to resolve software issues. C. Higher data rates B. B. Connecting on the wrong channel ✓ ® B is correct.Self Test Answers 311 ✓ ® D is correct. ® A. Weak signals or interference cannot cause insecure or secure ˚ operations. Intermittent connectivity B. What is often caused by weak signals or interference? A. ® B. and hub may require a firmware upgrade. ® A. What may need upgraded in an AP in order to repair faults in the software? A. Insecure operations C. Connecting on the wrong channel is simply not possible on a WLAN. 13. C. Worms and viruses ✓ ® A is correct. Higher data rates will usually result in greater or equal ˚ throughput. Device driver B. APs are upgraded through firmware. and D are incorrect. The NIC in the client is the most likely device to need a device driver upgrade. Intermittent connectivity is often caused by weak signals or interference. and D are incorrect. .

312 Chapter 7: Installing and Troubleshooting a Wireless LAN LAB ANSWER You’ve been asked to install a network extension into a previously unserviced area for a client. Of course.11g for the link and 802. First. Next. The area that needs coverage is approximately 250 meters from the nearest Ethernet port.11a for the link and 802. The 802. Additionally.11n AP in bridge mode with a single high-gain semidirectional antenna at each end of the 250-meter span. would reduce the real communications speed back to the existing network.11n for everything.11n APs would operate in the 5 GHz band. I would install an 802. and—since that’s where the services used by the clients likely reside—this may be counterproductive. however. you could use 802. but the client wants to use wireless technology for the network extension as well as the local connections within the coverage area.11n for local access or vice versa.11n for the local access. this solution assumes that no nearby networks use the needed frequency space. What would you suggest to this client? The following represents one possible solution to the lab.4 GHz for the local access would guarantee that plenty of bandwidth is available for all communications. I would install sufficient 2. No wireless networks currently exist. Alternate solutions could use 802.11n wireless client NICs. This strategic use of 5 GHz for the network extension and 2.Your answer may vary. .11n AP in the remote area would connect to a switch.11n APs in the remote area to provide coverage. These two 802. All of the devices that operate in the area will utilize 802. My personal suggestion in this scenario would be to use 802.4 GHz 802. Both of these solutions.

01 Procedures for Optimizing Wireless Networks ✓ Q&A Two-Minute Drill Self Test .8 Administering and Optimizing a Wireless LAN CERTIFICATION OBJECTIVES 8.

the environment. or the configuration settings can have a great impact on the resulting coverage. Initial device configuration can take anywhere from a few minutes to a few days. This best practice should be part of any IT organization’s operational procedures. This effort must be performed in order to provide a network that is flexible to minor changes and easily adjusted for major changes. but wireless LANs experience changes—quite often—on a daily basis. Small changes in the AP locations. you will want to avoid unnecessary manual reconfigurations. Wired LANs may experience changes every few months. Stability is improved because devices are added to the network only after they are configured to operate properly within the network. Wireless networks do not necessarily require the reinvention of administrative best practices.314 Chapter 8: Administering and Optimizing a Wireless LAN nlike wired LANs. Many devices allow you to save the backup to a file that is stored separately from the device. wireless LANs are ever evolving. including these: ■ Configure devices offline. The best way to avoid this extra work is to back up the configuration settings for any device that provides a backup facility. ■ Update devices periodically. As a wireless technology professional. U Administration Guidelines Best practices provide a foundation on which to build specific policies and procedures for unique organizations. ■ Back up configurations. For this reason. the antenna locations. ■ Perform analysis occasionally. ■ Document changes. we must understand how to best administer and optimize our wireless networks. Several best practices can be borrowed from wired network administration. Configuring devices offline provides two major benefits: improved security and greater network stability. Security is improved because the new device is not connected to the network until it is configured according to organizational security policies. and some devices allow only internal backups that are stored in the memory of .

This action can help to protect you from security vulnerabilities and to provide the most stable environment. In the early part of this decade. As a wireless technology professional. I usually back up the initial configuration and then back up the modified configuration to a separate backup file. The AP software is usually called firmware. However the backup is performed. we may miss the problems occurring in coverage patterns. an AP uses software to run the radios. As much as we talk about the importance of documentation. wireless networks introduce new guidelines. it is important to check for updates to your wireless devices periodically. For example. .Administration Guidelines 315 the device. On wired networks. These wireless-specific guidelines include ■ Test the RF behavior after environmental changes. it is equally important to remember that new firmware can introduce previously nonexisting problems. These configuration changes should also be saved to a backup. Hardware devices use software for operational processing. ■ Update security solutions as needed. While the external backup is preferred. In addition to these practices borrowed from the wired networking world. Additionally. transmit frames. however. Like all other software. These bugs can be fixed only by updating the firmware. Finally. For this reason. ■ Remove configurations from decommissioned devices. administrators spend most of their time analyzing the performance of the network from a strict data throughput perspective. Are the needed areas still receiving coverage at the required data rates? If you look only at the throughput at the APs. and process incoming frames. If the device supports it. IT professionals seldom document minor changes they make to device configurations. it is important to back up the changes as well as the initial configuration. It is not uncommon for a device to be modified more than a dozen times a year. On wireless networks. These minor changes add up to a big difference over time. Device configurations are often modified several times over their life cycle. vendors often add new features through firmware upgrades. many vendors updated firmware in order to support WPA security in addition to the faulty WEP security. the issue of coverage must also be considered. the internal backup should be utilized if it is the only method supported. firmware often contains bugs. it is essential that you understand the method used to revert to a previous version of the firmware. and the easiest way to document them is to back them up. occasional analysis of the network will allow you to determine if it is still performing acceptably.

Do we really need to ensure that our wireless links are equivalent to our wired links? Not if they are used for different things or if we can provide effective security at higher layers.316 Chapter 8: Administering and Optimizing a Wireless LAN The first wireless-specific guideline is really a subset of the wired best practice of occasionally performing analysis. WEP was shown to be flawed in less than three years. but it doesn’t take long to remove the configuration and it is likely that machines should be wiped before decommissioning them anyway. Since new exploits are discovered periodically. We must analyze the RF behavior and ensure that coverage is still provided where it is needed. This fact may be the reason behind the more rapid discovery of vulnerabilities. Wired and wireless networks require updated security solutions. but if history is our teacher. the small business or home office will require occasional analysis and adjustments based on the results. since the security settings of the wireless network are often stored in the APs and client devices. wireless networks introduce the need to look at more than throughput metrics at the port level. WPA and 802. we may be forced to change the security solution we’re using every three to five years. some organizations require IPSec VPN tunnels for any wireless links that connect to sensitive data. it is crucial that you remove the configuration settings before decommissioning the hardware. and this weakness was discovered within five years of ratification. The likelihood of this occurring is slim.11i) are intended to provide wireless with security at or greater than the level of a wired network (WEP stands for Wired Equivalent Privacy) and yet they do not always achieve it.11i have a backward compatibility weakness when using TKIP that may allow for ARP poisoning or denial of service attacks. The problem is that these solutions (WEP and 802. For example. the next person to acquire the equipment may be able to retrieve the information and use it to gain access to your network. Aside from implementing enterprise-class monitoring systems. If you leave the WPA passphrase (used with WPA-PSK) in the device’s configuration settings. . Finally. However. As I stated previously. The nature of wireless communications allows for attacks to be made without physical access to the premises. this issue of meeting wired equivalence may be less of an issue than the level at which it is often presented. This extra requirement is driven by the nature of RF communications. I am using a wired Ethernet port right now that was installed more than ten years ago—no security changes have been needed to meet the level of a physical port because it is a physical port. wireless networks may require such updates more frequently.

■ APs may be more expensive. with the possible exception of security services when implementing 802. it means that the APs contain all of the logic within them to perform MAC-layer operations. ■ Each AP may be able to handle fewer client stations. The single MAC model is the oldest and is still very popular in small and medium-sized WLANs. Interestingly. ■ Implement client load balancing.11 services reside within the AP. This hardware includes WLAN switches and controllers as well as the APs themselves.11i. Single MAC model costs include: ■ Decentralized administration may require more ongoing support effort. or Stand-Alone) When a single MAC model is used. Autonomous. It is important to choose the right model. both types of networks can benefit from optimization techniques. Single MAC Model (Edge.Procedures for Optimizing Wireless Networks 317 CERTIFICATION OBJECTIVE 8. The WLAN switches and APs may cooperate in a split-MAC model or in a single-MAC model. All IEEE 802. There are both costs and benefits of the single MAC model. because they have more powerful hardware. ■ Resolve common WLAN problems. WLANs may be optimized by performing any of the following actions: ■ Select appropriate infrastructure hardware.01 Procedures for Optimizing Wireless Networks WLANs can be simple networks consisting of a single AP and a handful of wireless clients. Remember that infrastructure hardware is the hardware that builds the access. or core layers of a network. Infrastructure Hardware Chapter 4 provided coverage of the infrastructure hardware used on WLANs. ■ Remove or address interference issues. or they can be complex networks including hundreds of APs and thousands of clients. ■ Analyze the infrastructure capacity. . distribution.

■ More features are included within the APs themselves. You may have noticed that. There are costs and benefits associated with the split MAC model too. Split MAC model benefits include: ■ Centralized administration may reduce ongoing support efforts. change configurations. as newer devices support the split-MAC model while implementing fewer APs. If one AP goes down. Split MAC Model (Centralized) The split MAC model is called such because a portion of the MAC layer operation is offset to centralized controllers and another portion remains in the AP. the others continue to function. The central device is usually a software application that runs on a server. ■ Each AP may be able to handle more client stations. These tools allow you to update firmware. ■ Less wired network traffic is required to manage the wireless stations.318 Chapter 8: Administering and Optimizing a Wireless LAN Single MAC model benefits include: ■ There is no single point of failure. Split MAC model costs include: ■ A possible single point of failure arises at the WLAN controller. the benefits of the split-MAC model are the costs of the single-MAC model and the benefits of the single-MAC . and even perform dynamic radio adjustments automatically from a central controller. since the AP doesn’t have to handle management processing overhead. ■ APs may or may not be less expensive. Centralized management tools can reduce or even eliminate the costs associated with the single MAC model. ■ There are fewer features within the APs themselves when using truly thin APs. ■ Increased wired network traffic is required to manage the wireless stations. because they can have less memory and processing power. The split MAC model is very popular in large networks today and is becoming more popular in smaller networks as well. in a large way. These types of APs are often called thin APs or access ports because they do not perform as many functions as the traditional APs (fat APs or thick APs).

controllers. you will quickly discover that the lack of centralized management causes tremendous inefficiencies in administration. For example. and other such devices will be located in switch closets and network operation centers. The initial placement will be determined in the site survey. to change one single setting. The differences between these two categories of hardware are important. This method of management is time-consuming and frustrating. The key is to determine what is best suited to fill the organizational and technical needs of the organization in which you are implementing the WLAN. If you attempt to install consumer-grade APs in an environment requiring dozens of APs. TABLE 8-1 Enterprise-Class Hardware Usually provides centralized configuration Includes more features Provides PoE power May have more powerful hardware Often provides detachable antennas May provide enhanced security features Consumer-Grade Hardware Usually requires individual configuration Includes fewer features Does not provide PoE power May have less powerful hardware Often provides detachable antennas Usually provides basic security features Enterprise Versus Consumer Hardware . you will have to connect to every AP individually and configure that setting. The APs will be distributed throughput the facility. WLAN switches. Proper Placement Regardless of the hardware chosen.Procedures for Optimizing Wireless Networks 319 model are the costs of the split-MAC model. Part of WLAN optimization is determining the best placement of antennas for transmission and reception. Enterprise Versus Consumer Hardware Another key decision you must make is that between enterprise-class and consumergrade hardware. You can usually just perform coverage validation for those users accessing the AP for which the antenna has been repositioned. the hardware must be installed and configured correctly. but changes to the environment may demand changes in antenna placement or orientation. While there are certainly more details involved than this. An entirely new site survey is not required. it is important to understand that you will be giving up something regardless of the model you choose. encryption gateways. Table 8-1 provides a comparison of enterprise-class and consumer-grade hardware.

however. the users did not complain about the performance of the WLAN.320 Chapter 8: Administering and Optimizing a Wireless LAN SCENARIO & SOLUTION You have installed a WLAN. Now the users are complaining about weakened signals. Last week. the office manager had several new metal filing cabinets installed. 3. Addressing Interference Issues One of the primary causes of performance problems in existing WLANs is interference. In most situations. you should adjust the antenna locations first. Negotiation skills may be required. Locate the interfering device or network. Should you buy new APs or adjust the antenna locations? If the WLAN was performing acceptably before. and these signals present patterns that the spectrum analyzer can use to identify interference types. During the first few months. Interestingly. The fact that the antennas can be so close to one another and still provide very different communication capabilities should serve as a reminder that slight location differences can greatly enhance or depreciate wireless communications. it is sufficient for now to know that antenna diversity uses more than one antenna in order to improve reception or transmission. the solution uses only one antenna for actual communications and the two antennas of choice are usually within 5 or 6 inches of each other. It’s the hardest step because you are not always the owner of the interfering device. Remove the interference. Identifying Interference Chapter 7 introduced spectrum analyzers and how to use them for interference analysis. as small changes can make a big difference in WLAN functionality. the last step is the most difficult. Different devices generate differing RF signals. One of the solutions to WLAN performance problems is antenna diversity. . Addressing interference is a three-step process: 1. This action will most likely resolve the performance problem. For example. Antenna diversity is discussed in greater detail in a later section of this chapter titled “Multipath and Performance”. 2. Identify the source of the interference.

careful negotiations are in order. and elevators. They will likely be connected to an Ethernet port too.11 device and that caused by a microwave oven. At this point you can use the excellent interference locators that are built in to every human being: the senses. Look around. which take very little space. An RF generator is a device used to generate RF noise within specified frequency ranges. The microwave does not operate within the same tight boundaries (though there are limits imposed on the output power) and has a pattern that sweeps across a wide range of the 2. Look for any of the following: ■ Small boxes plugged into wall power. and the patterns are similar among all compliant devices. also known as pocket APs. Removing Interference If the interference source is within your property. you cannot force the owner to adjust it in any way.Procedures for Optimizing Wireless Networks 321 you can easily tell the difference between interference caused by an 802.11 device is designed to operate within specified frequency ranges. Locating Interference Locating the interference can be as simple as walking around with a spectrum analyzer until the signal is the strongest. you can either remove the device or change channels to work around it. If the source is a neighboring WLAN or other equipment used by neighboring companies. . you know the interfering device is nearby. but they can be used by attackers to cause disassociations with WLANs. The 802. Keep the following in mind: ■ As long as the neighboring WLAN or device is operating within the FCC regulations. microwaves. you’ll probably spot the device quickly.The devices are used to test RF behavior in different spaces. ■ Neighboring WLANs. These boxes may be RF signal generators being used to intentionally interfere with your network.4 GHz spectrum. ■ Motors. These devices may generate unintentional RF interference. ■ Small APs. Once you’ve found the spot with the strongest signal.

and more. your WLAN is interfering with the neighbor’s as well. . Infrastructure Capacity and Utilization Analysis Installing a WLAN that provides access to users is only a partial solution. If you can adjust the channel on your WLAN.322 Chapter 8: Administering and Optimizing a Wireless LAN ■ Calm requests usually provide the best results. This section will introduce you to the topics you’ll need to understand to provide your users with the throughput they need to get their jobs done efficiently. but it may already have twelve clients associated with it. Providing sufficient throughput for the users to use the applications they require is vital. This scenario explains client load balancing in a nutshell. however. an AP may be very close to the client. The reason for that last recommendation is simple. including the chosen PHY. you may want to let the neighbor know that you’ve solved it. The technology attempts to place the wireless clients in association with the best AP at any given time. Remember the ancient wise saying. Another AP may be slightly farther from the client (resulting in a lower signal strength and possibly lower data rates) but have only one client associated with it. This fact means that your adjustment has probably just solved some problems for the neighbor. a gentle response defuses anger. It’s far better to communicate with the owner of the nearby WLAN and negotiate an amiable solution. because that data rate is shared with fewer competing clients. Many issues affect the available throughput in a WLAN. Even though the data rate will be lower when connected to the second AP. In a license-free world. guess what. negotiation skills are key. For example. It is sometimes tempting to simply increase the output power of your WLAN to overpower the neighbor’s network. wired-side limitations. the actualized throughput will be greater. do it. Client Load Balancing Client load balancing is an advanced feature of some WLAN vendor solutions. ■ Try everything in your power first. If the interference problem is resolved. If your WLAN is being interfered with by your neighbor’s WLAN. Informing them of such may generate good will for that future scenario where you need them to change their wireless settings. The access provided must be sufficient for the users’ needs. this is considered to be bad etiquette.

I don’t know of any vendors offering load balancing across controllers.11g (ERP) as compared to 802. PHY Limitations The first choice that will impact the available throughput is the PHY or PHYs you decide to implement. and this time the AP will let the client in. If a WLAN vendor supports client load balancing after the initial association (for example. In fact. If the client acknowledged reason code 17. forcing the client to move to a different AP without the roaming of the client). but there are also not-so-obvious issues such as ERP protection mechanisms. even though it is busy with enough other clients. the AP will usually implement a protection mechanism that reduces the overall throughput of the WLAN.11 standard. Simple client load balancing occurs during the association with the APs. Vendors that include advanced client load balancing features require the use of a centralized switch or controller that communicates with the clients and APs in order to provide the best association at a given time. it will immediately move to another AP. which is part of the 802. as it is not required by the standard. at the time of this writing. Load balancing does not usually occur across controllers.11a (OFDM) and 802. This behavior is because transfers that use the OFDM modulation included in the ERP PHY must . and a non-busy AP will accept the association. it will send an associate request to the same AP.11b or HR/ DSSS client associates with that AP. The reason code 17 is not acknowledged by all clients. this would be implemented using proprietary methods. When an AP implements the 802.11g or ERP PHY and an 802. It is not a required part of the 802. Clients are load-balanced across APs connected to a single controller.11 standard. Obvious issues include the data rate supported by 802. which is often called aggressive load balancing. A busy AP will send back a reason code 17. The client attempts to associate with the AP. If it does not.Procedures for Optimizing Wireless Networks 323 INSIDE THE EXAM Client Load Balancing Client load balancing is not available with all wireless equipment.11b (HR/DSSS). Cisco controllers provide load balancing across APs within a controller.

Not only should the Ethernet port that is in the AP or router be included. an 802. you may choose to connect five APs to a switch and have an average of fifteen users associate with each AP.cnet. If the switch provides only a 100 Mbps uplink to a 1000 Mbps infrastructure.11g BSS will have a greater range with higher data rates at a greater distance than an 802. If the port is a 10 Mbps port.324 Chapter 8: Administering and Optimizing a Wireless LAN first set a counter in all non-ERP clients that are associated with the AP.11n PHY should provide an even greater range than what is provided by ERP devices today.6 Mbps of throughput in an ERP-only configuration. are labeled as gigabit switches. assuming the users communicate more with devices and services on the wired LAN than they do with each other. You can often more than double the total throughput in a BSS by ensuring that only ERP-based clients are allowed to connect to any WLAN in the vicinity and overlapping channels. of the time. you will want a minimum of a 100 Mbps port for connections to the APs and a 1000 Mbps port for the uplink connection from the switch to the rest of the network. Wired-Side Limitations You must ensure that the wired port on your APs and WLAN routers is fast enough to keep up with the WLAN. As an example. Having a 1000 Mbps (gigabit) uplink can resolve this issue. Look closely at the documentation to see if the switch operates at the rate of the slowest connected device or if it operates . but this dropped to 7. In most cases. This action is accomplished by transmitting RTS and/or CTS frames with a duration that is greater than or equal to the time needed to transmit the actual OFDM-modulated frame and responses. it will not be able to keep up with the demands of the WLAN.9 Mbps in a mixed-mode implementation with both ERP and HR/DSSS PHY–based clients (see http://reviews. Another fact to consider is that many wired switches. The 802. you can force the AP to reject associations below a particular data rate so that even visiting clients (those that are out of your control) will not impact your BSS on an ongoing basis. 2003.com for more information). a Buffalo AirStation WLAN router provided 19. particularly those aimed at the SOHO and SMB market. but they function in 100 Mbps mode much. Furthermore. if not all. Generally speaking. the uplink port in the switch will act as a bottleneck that downgrades the average maximum throughput for your five APs.11a BSSs. in tests performed by CNET Labs (reviewed April 17. You must also consider the range of the PHY you select. For example. but also the Ethernet port that the AP or router connects to. by Brian Nadel). The extra overhead reduces the throughput of an ERP BSS drastically and should be considered when implementing your WLAN.

which means that each connection can function at the highest speed supported by both the port and the connecting device. The vast majority of devices use wire speed nonblocking ASICs. not just WLANs. One example of such a tool is the free bandwidth monitor included in the Axence NetTools suite available at www. Figure 8-1 shows the bandwidth monitoring component of this suite. This kind of software can report on network bandwidth. ping histories. FIGURE 8-1 Axence NetTools bandwidth monitoring . Testing Tools There are many tools that can report the throughput ratings for a network connection (whether wireless or wired).AxenceSoftware.com. traceroutes.Procedures for Optimizing Wireless Networks 325 each port independently and at the highest rate that the connected device and switch support. and DNS lookups—all of which can be very beneficial in any network troubleshooting scenario.

11b client devices from your WLAN coverage space and channel.info. Before starting this exercise.93 Kbytes/sec in the lower right in Figure 8-2. 5. Using a Windows XP client.326 Chapter 8: Administering and Optimizing a Wireless LAN Possible Solutions The solutions to throughput problems include the following: ■ Install more APs in the coverage area using different channels and possibly lower output power settings. Testing the Speed in Close Proximity 1. EXERCISE 8-1 Analyzing Network Bandwidth ON THE CD CertCam In order to perform this exercise. if the FTP server is named ftp. ■ Remove all 802. When the download completes. you can test the speed of your WLAN by downloading FTP files. make sure that a large file (more than 1 megabyte should suffice) is on the FTP server and that an account exists that you can use to access the file. Connect to your FTP server. type ftp. you will need a laptop with WLAN client capabilities and an FTP server from which you can download files. 6. and then type CMD and press ENTER. through both enforced and documented policies. legal and illegal movie and music downloads. Download a large file with the command get filename.11a APs and clients that use nonoverlapping channels and can accommodate many more APs in a coverage area. ■ Ban. . Launch the Windows command line: click Start and select Run. An internal FTP server will work best.) 4. bandwidth-consuming applications such as streaming radio.info. The speed is listed as 217.thecompanyserver. note the speed in the download report. ■ Install faster switches between the APs and the wired network infrastructure. ■ Install 802. (For example. Boot your laptop and connect to the WLAN within 10–20 feet of the AP. as it should provide greater consistency on the wired side of the AP. 2.thecompanyserver. and other large data downloads. Enter the proper authentication credentials. 3.

3. Resolving Multipath and Hidden Node Problems Two common problems in WLANs are multipath and hidden node problems. Some newer wireless technologies take advantage of multipath in order to increase the data rate and throughput of wireless communications. Multipath is the result of normal WLAN operations. Now that you have a baseline. Multipath and Performance Since WLANs have RF LOS instead of just visual LOS. What is the stated speed? 2. . move the laptop approximately 100 feet from the AP and download the same file. the RF receivers can receive signals that travel directly from the transmitter to the receiver as well as signals that reflect and diffract off of or around other objects and then travel to the receiver.Procedures for Optimizing Wireless Networks 327 FIGURE 8-2 FTP download screen Testing the Speed at a Distance 1. Multipath is the term for signals traveling multiple paths and still arriving at the receiver. Move approximately 150 feet away and test again. Continue until you have lost the connection. Multipath can be good for the communication link. Hidden node problems are often the result of poor planning or changes within the environment. and it can be bad for the communication.

will always be weaker than the originally transmitted signal. This result of multipath usually causes a retransmission of the corrupted frame from the transmitter. instead of weakening the signal. and there may need to be multiple retransmissions before the frame actually makes it through. not the complete frame. multipath can provide good and bad results.11n draft document. the signal may be stronger than it would have been at the point of reception had the upfading not occurred. occurs when one or more reflected waves arrive at the receiver out-of-phase with the main wave. it is known as downfade. As the wave travels. the main wave’s amplitude is canceled and the signal cannot be received by the receiver. In this case. Multipath may also cause signal reduction or a decrease in the signal amplitude. This is because the amplitude of the received signal is reduced to such a point that the receiver can understand only part of the frame being transmitted.328 Chapter 8: Administering and Optimizing a Wireless LAN An example of this is the MIMO technology on which the HT PHY is based in the IEEE 802. out-of-phase signals may also cause corruption of the main signal. free space path loss ensures that the received signal will be weaker than the transmitted signal. the RF signal is very close to the noise floor. When this occurs. As I stated. however. In most cases. the signal is not stronger than when it was transmitted and. In addition. The results include ■ Increased signal amplitude at the receiver ■ Decreased signal amplitude at the receiver ■ Data corruption ■ Signal nullification Increased signal amplitude at the receiver can result from multiple signal paths arriving at the receiving antenna in phase. In other words. The last possible result of multipath. Downfade occurs when two copies of the same signal arrive at the receiver out of phase. which is not the likely case. the wavefront broadens and the signal strength at a given far point will be less than at a point nearer the origination. which should be considered during the selection of antennas at the time of the site survey. In these cases. This is known as upfade. in fact. Of course. retransmission of the frame will not likely resolve the problem unless the multipath occurred because of a moving vehicle in the area. As you learned in preceding chapters. the results are negative unless specific technologies are implemented to deal with them. nulling. . This usually happens when the signal-to-noise ratio is very low. You will most likely have to reposition one or both of the ends of the link.

or it may use one antenna the majority of the time. the AP may switch from one antenna to the other for nearly every frame. There are really two main solutions to multipath. it PHYs (not 802.11g (ERP) or 802. but they cannot see each other. you can detect multipath only by looking for its symptoms.11a (OFDM) device. There is usually no way to tell which antenna receives more traffic.Procedures for Optimizing Wireless Networks 329 Since you cannot actually see waves as being in phase or out of phase. For example. APs and device with multiple antennas is not WLAN routers that have two antennas but only automatically an 802. This might include RTS/CTS. Only the radio will listen to one antenna and then the HT PHY uses multiple antennas without other at the beginning of a frame transmission diversity. Because of this scenario. The first is to reposition objects. (specifically. during the preamble) and will then receive the frame using the antenna with the better signal. Because multiple clients are being served. Hidden nodes usually occur because of some large obstacle such as a solid wall between the clients or because of insufficient transmit power. . such as the receiving or transmitting antenna—or both—in order to remove the multipath. You will know diversity configured. These symptoms include links that should work—based on standard link budget calculations—but are experiencing problems and dead spots in the RF coverage during a site survey or during the implementation of the WLAN. Hidden Nodes and Performance Hidden nodes are clients that can be seen by the AP and can see the AP but cannot see or be seen by one or more other clients. The Remember that a second is to use diversity antennas. the AP may be placed on top of a thick block or brick wall and clients that are lower and on either side of the wall can see (detect the RF signals of) the AP.11n or HT PHY implement 802. The result of hidden node problems will be collisions that cannot be avoided without the implementation of some function to clear the channel.11n or HT PHYs) are usually may be a diversity device. the hidden nodes cannot hear the other clients or at least one of the other clients communicating and may attempt to communicate while the other node or nodes are active. This simply means that the from the PHY implemented. High retransmissions in links that should be working—based on link budgets and analysis of the RF noise floor when your transceivers are off—may also be an indication that multipath exists. If the device has two antennas.

but it should not be used as the automatic solution to a hidden node problem. ■ Remove obstacles. Using a protocol analyzer near the AP. When the hidden nodes begin to cause too many retransmissions. In the real world. The frames are being corrupted near the AP because that is where the signal from the one hidden node and the other hidden node “run into” each other. which is higher than most indoor APs. Increasing the output power at the nodes increases the likelihood that all or most nodes will be able to hear all or most other nodes.11h and Transmit Power Control (TPC). Theoretically. you will likely need to perform one of the following steps to solve the problem: ■ Use RTS/CTS. (Notice that both clients are hidden nodes because they cannot see each other. If they are. Use a protocol analyzer as mentioned in the preceding chapters to determine if 10–20 percent of the frames (from a particular client) are being retransmitted.) It is important that you realize that there will almost always be hidden nodes in a WLAN (assuming it uses an omnidirectional antenna and has clients on all sides of the AP) and that the existence of hidden nodes is not a problem in and of itself. they will not likely impact the WLAN’s throughput as much as RTS/CTS would and they may actually improve the throughput instead. it is not practical to think that you will use 300 mW of output power on every client or that you will be able to use external antennas on . Using RTS/CTS can help alleviate the overhead incurred from a bad hidden node scenario. ■ Ensure the APs and clients transmit at the same power using IEEE 802. if the AP is transmitting at 100 mW with a 7 dBi antenna and your clients are transmitting at 300 mW with a similar or higher-gain antenna. ■ Increase power output at the clients. it may become a performance issue on your WLAN. Using a protocol analyzer near the client. ■ Move the clients. There are client adapters now that use power output levels as high as 300 mW. you will notice frame corruptions.330 Chapter 8: Administering and Optimizing a Wireless LAN A signature of the hidden node problem is increased corruption near the AP and increased retransmissions from the client even though there is no increased corruption near the client. there should never be a situation where a client can hear the AP but not hear other clients. you will notice retransmissions approximately equal in percentage to the frame corruptions near the AP. If they do. Consider trying the other options first to see if they resolve your problem.

The four methodologies are ■ REACT ■ OSI Model ■ Hardware/Software Model ■ Symptom. I found that I would frequently forget to do an important . General Troubleshooting Tips The information in this section. The benefit of methodologies is multifaceted. By collective knowledge. while not part of the CWTS exam. A methodology can be defined as a standard way to do something. I’ll share four different methodologies with you in this section as well as one concept that will help you in the troubleshooting process. and Solution REACT Early in my Information Technology career.Procedures for Optimizing Wireless Networks 331 every client. I worked as a help desk analyst and a telephone troubleshooter. I mean that knowledge that you do not possess yourself and yet benefit from. in a WLAN with many nodes. First. Understanding troubleshooting methodologies is a key to effective administration and optimization. due to absorption. In these latter scenarios you may be able to move the nodes just a few feet or remove obstacles to resolve the hidden node problem. most of us have never researched the statistics to know if wearing a seat belt is safer than not wearing a seat belt when we drive. a troubleshooting methodology is a standard way to troubleshoot. will be valuable to a wireless technology professional. they provide you with collective knowledge when developed over time. Your goal is to reduce the negative impact these hidden nodes have on the overall throughput of your WLAN. and therefore. however. reflection. diffraction. they help to ensure that you do all the things you need to do to complete a task or set of tasks. However. For example. A good troubleshooting methodology will cause you to take steps for which you may not fully understand the purpose. Diagnosis. the reality is that regardless of what you do. refraction. there will most likely be hidden nodes. therefore. but you will still get the benefit. Second. we trust the research done by others. even with high output power. the scenario can certainly exist where two nodes cannot hear each other. Additionally. and scattering that occur in WLANs. we wear our seat belts (it also helps to motivate us when the law requires it).

that I was trying to resolve a problem with a Microsoft Access 95 database. The REACT acronym stands for the five stages of troubleshooting: ■ Research ■ Engage ■ Adjust ■ Configure ■ Take Note I’ll cover each one briefly in the following sections so that you can understand how they fit together and why I go through these stages. however. it was. I searched for the error message and found that the error could be generated if VBRUN300. The next day. she received an error that read. I don’t know about you. “A device attached to the system is not functioning. it used to fit on one CD and have plenty of space left over). For this reason. and of course.DLL was corrupt. it was probably 1997.332 Chapter 8: Administering and Optimizing a Wireless LAN thing in the troubleshooting process that would cost me minutes or even hours of time—not to mention the added stress. I reinstalled Microsoft Access and the error went away. The jungle of my mind was suddenly clear and I realized the implications: If the corruption of VBRUN300. maybe any corrupt DLL could cause the error. so I opened the MSDN CD (that’s right. Every time the user tried to open the database. Research I remember.” Now. I spent more than two hours trying to verify that all the hardware was functioning properly. The only problem was that Microsoft Access and this database did not rely on Visual Basic 3. .DLL was used by all Visual Basic 3. I decided to do some research.DLL could cause the error. I always reach a solution by the end of the acronym. but when I see an error about a device. however. a simpler solution is found.0 applications. I developed an acronym to remind me of the stages I should go through when troubleshooting a problem. I can work through the acronym until I reach a solution. This way. By this time.0’s runtime for anything. The reality is that sometimes the solution is a complete reload of a device’s firmware and settings and sometimes it is a complete reload of a client computer’s operating system. If you haven’t been around long. the end of the day had arrived and I went home tormented by my failure to resolve the problem (hopefully I’m the only one who suffers like this when I can’t fix a computer problem). more often than not. VBRUN300. my mind was racing. the first thing I think of is hardware.

com to see what I can discover. Engage While you may be eager to move from research to adjust. “Do you know if anything has changed about your system in the past few days?” Notice I didn’t say. I will start with research only when it is a real troubleshooting scenario according to this definition. The moral is that I could have saved the first two hours of work with a few minutes of research. I will usually get direction so that I can focus on the right area as I move to the engage or adjust stages. I will search for this error message at www. Ask a question like. For example. but when they do. Not all problems require troubleshooting. “Did you change anything?” The latter question will usually cause people to become defensive and fail to get you any valuable information.) ■ Has the problem only recently begun or has it been happening for some length of time? ■ Are you aware of any others experiencing similar difficulties? ■ When was the last time it worked? ■ Is it turned on? (Seriously. In the end. You see. I may also search the vendor’s web site. If I don’t find the cause or solution. Here is my favorite definition: Troubleshooting is the process of discovering the unknown cause and solution for a known problem. by researching for just fifteen minutes. I find that the cause and solution are often learned without spending any time adjusting various settings and parameters to resolve the issue.) . and the confusion that usually comes into play is the result of a misunderstanding of what troubleshooting really is.google. if I know the solution to a problem.Procedures for Optimizing Wireless Networks 333 You are probably wondering what the moral is of this intriguing story. it can save you hours or even days of trouble. My new standard became: Research at least fifteen minutes before moving to the adjust stage with any new problem that requires troubleshooting. The users do not usually have any knowledge of what caused the problem. I am repairing and not troubleshooting. Always engage the user. Other questions that might be beneficial include ■ Have you seen any strange activity in the area lately? (Rogue APs. you should engage the user if he or she is involved in the problem. In other words. if my client cannot connect to the WLAN and is receiving a specific error message when the client software first loads.

you will need to reinstall according to the original specifications for the installation and then apply any configuration changes that have been approved or processed since that time. You might try updating the firmware on an AP or installing new device drivers for a client adapter. The point is that this is where you begin the “technical” side of troubleshooting. This is the stage where you begin trying different things to see if you can track down the cause of your problem. this solution is sometimes reinstalling the application or operating system. we’ve just now arrived where I see many techs. Don’t feel bad—I’ve done it many times myself. or network administrators beginning. such as a DLL being referenced as a device by the operating system . You could also change settings or disable features to see if the problem goes away. WLAN administrators. you’ve always come to a solution. and I suggest documenting the following at a minimum: ■ The problem with any error messages if they existed ■ The cause concisely explained ■ The solution with any necessary step-by-steps ■ Any learned principles. you ensure that the systems and devices are configured and are operating according to your standards before leaving the physical area (or remote management tool). or you may have it after the engage stage. This allows you to maintain a standardized environment. and a standardized environment is usually more stable. For example. By documenting your findings. Configure This is the first of the two ongoing stability stages. you provide a searchable resource for future troubleshooting. but things are working again. with a reinstallation. Whether you make it all the way to the adjust stage or you solve the problem earlier in the process.334 Chapter 8: Administering and Optimizing a Wireless LAN Adjust Interestingly. Of course. Again. Take Note This final stage completes the process and ensures that you get the greatest benefit out of this methodology going forward—this is the second ongoing stability stage. In the configure stage. you are now ready to move to what I call the ongoing stability stages: Configure and Take Note. You may have your solution after the research stage. the situation I shared earlier where the device error was generated should be documented. Once you’ve completed these first three stages. what I call take note.

If your clients are authenticating and associating with the AP. Once you get to the wired network. again. OSI Model The OSI model can also be used for troubleshooting purposes. An additional key is to evaluate the hardware used by layer 1 (sometimes called layer 0). and this would mean evaluation of the WLAN client devices or infrastructure devices to ensure that they are working properly at the hardware level. If it does not. I encourage you to consider creating your own database. you may also evaluate patch panels. or you may choose to evaluate all seven layers (or even eight layers if you’re considering the user layer. verify that the Ethernet cable is good. This allows you to break the problem into logical sections and then verify that the system is operating properly in each of these sections (OSI layers). Can you? If not. Just be sure you can document the needed information and query it easily. but they cannot obtain an IP address from your DHCP server (assuming you’re using one). Another area where failure may occur in relation to layer 1 is the Ethernet connection between the AP and the wired LAN. Layer 1 Layer 1 is the Physical layer. or other kind of removable device) and installing it in another computer that is using the exact same model device and is working. the WLAN device is most likely at fault at the hardware level or the software level (firmware). For example. and that the Ethernet port in the AP is still functioning (by connecting directly to the AP and trying to connect). . The concept here is to walk up or down the OSI model analyzing the system at each layer. If the new computer stops working too.Procedures for Optimizing Wireless Networks 335 If your organization does not provide a centralized trouble ticket–tracking system or help-desk solution. You can use any desktop database application such as Microsoft Office Access or FileMaker. and cabling at this point. If it is an AP and you have a spare. You may choose only to analyze layers 1 to 3. which is sometimes called layer 8). this can be tested quickly by removing the WLAN client device (assuming it’s a USB. Go to a wired client and try to connect to the AP via the Ethernet connection. that the port on the switch is working. connectors. the Ethernet connection may not be working. CardBus. you could load the identical configuration on the spare and place it in the same exact location to see if the problem persists. is the radio still functioning appropriately or not? With client devices. the radio—or some other hardware/firmware issue—may be failing.

Layer 2 troubleshooting will usually be performed with a protocol analyzer. Upper Layers Finally. and connectors at layer 1 and you’ve checked the bridges and switches at layer 2 and you’ve still not found a solution. Make sure the switch ports are still working properly. . and arp. Check the configuration in your bridge or bridges to ensure that they are configured correctly. Try using different tools and software that provide the same basic functionality. WLANs operate at layer 1 and layer 2. Here you’ll need to check the routing tables to ensure proper configuration. you can ensure that you can route data from one location on the network to another. Using common desktop operating system tools such as ipconfig.336 Chapter 8: Administering and Optimizing a Wireless LAN Layer 2 The second layer you will usually evaluate is layer 2. Be sure that the authentication mechanisms are installed and configured correctly. It’s time to move to the upper layers. the network infrastructure is probably working fine. Look at the configuration settings in your applications and client software for WLAN utilization. cabling. and that port security settings are set accurately on your switches.11 standard completely. ping. Make sure any filters applied are accurate. and most WLAN literature refers to this portion as the MAC. there may be a compatibility problem with the specific application you’re using and the hardware on which it is operating. you might have to move on to layer 3. but you will have checked that already at layer 1. As noted in Chapter 11. many WLAN administration tools (protocol analyzers. the problem can be at the cable and connector level. This is where the bridges and switches live. Do they work? If so. Since bridges evaluate incoming frames and forward them according to information in the frame. Be sure the wireless link on all wireless bridges is still working and that the signal strength is still acceptable for operations. You can investigate WLAN frames and determine if corruption is occurring at the PHY layer and that the WLAN is configured appropriately. Layer 3 If you’ve evaluated the radios. for example) work with only a limited number of devices. and the Data Link layer is the MAC. The Physical layer is the PHY. with both bridges and switches. The Data Link layer (layer 2) is defined in the 802. be sure that your bridging rules or filter is set up appropriately.11 standard. The Physical layer is defined within the 802. that VLANs are configured appropriately. if you’ve tested the first three layers and can’t find a problem there. Of course.

There are certain problems that are commonly hardware problems. Many administrators will attempt to troubleshoot software first and then hardware. signal too weak at a distance Could cause improper power for PoE devices or low SNR for antennas Hardware Problems and Symptoms . OS reports errors loading the device No support for newer security features. that is often a good sign that the software is the problem. TABLE 8-2 Problem Client adapter failed Firmware outdated Improper antenna installed or antenna disconnected Bad cables Symptoms Device driver will not load. but you can take it further by learning more about what happens at each layer and the tools that can be used to test at that layer. there are hardware problems that present certain symptoms. poor performance. If everything is working in a system except one application. I’ve only touched on the concept here. the OSI model of troubleshooting can help you both focus and move through a sequence of testing procedures until you find the true source of the problem. In most cases. For example. Hardware/Software Model The hardware/software model is a troubleshooting methodology that is used in an attempt to narrow the problem to either hardware or software. you can use a spectrum analyzer to test and troubleshoot the physical layer and a protocol analyzer to inspect the Data Link layer of WLANs. If multiple applications that use the same hardware are experiencing the same problem. and there are others that tend to be software problems. but they are good general guidelines. the list in Table 8-2 is a good place to start. that is often a good sign that the hardware is the problem. Hardware Problem In WLANs. While I cannot provide you with an exact list of symptoms mapped to problems. These are not absolute rules. the situation will help you to determine which should be your first point of attack.Procedures for Optimizing Wireless Networks 337 As you can see. client cannot connect. Others will do the opposite. reduced stability RF coverage in the wrong place.

Good questions are at the core of effective problem definition. In other words. Look at the symptom. and then treat it (solution).” . Symptom Defining the symptoms means gathering information about the problem. and Solution Because certain symptoms usually surface with specific problems. but you will most likely learn more by treating one cause at a time. try one solution based on your diagnosis first and evaluate the results. Diagnosis Given the information gathered from your symptoms analysis. if any. Diagnosis.338 Chapter 8: Administering and Optimizing a Wireless LAN TABLE 8-3 Problem Client software misconfigured Improper passphrase entered DHCP server down RADIUS server down Symptoms Client cannot connect. cannot receive an IP address. This gives you expert knowledge over time. identify the most likely cause (diagnosis). unable to browse the network Client associates with the AP but cannot log on to the network Client associates with the AP but cannot acquire an IP address Client associates with the AP but cannot log on to the network Software Problems and Symptoms Software Problems Table 8-3 lists common software problems and their symptoms. or what some call “intuition. are involved? Has it always been this way? Answering questions like these will help you determine the various details about the problem. What is happening? Where is it happening? What technology is involved? Which users. many issues can be resolved in a way similar to human health issues. what is the most likely cause or what are the most likely causes? You can treat one or all. Symptom. Repeat this process until the problem is resolved.

the reality is that there are probably thousands of individuals out there who have had the opposite experience as you. both cards work in the other computer. I look at problems as stepping stones to a better future. When you do this. After replacing the card. but this doesn’t help either. You document the solution for future reference. This is called experience. given the symptoms. In the end. In other words. the most likely cause is a failed card. because the solving of this network or computer problem today will only make me more able to solve similar and different problems tomorrow. In other words. You send it to the vendor for repairs. if you like the computers from company A because they are very stable and you don’t like the computers from company B because of your experience with them. you eventually approach the level of expertise that helps you solve problems more quickly. Systems Thinking Systems thinking is the process of analyzing all interdependent components that compose a system. you note that you are experiencing the exact same problem. Next you may decide to try both cards in another machine that is currently using the same card model and is working. I want to ask questions like ■ What are the systems or devices between this device and the network or device with which it is attempting to communicate? . While some operating systems and some PC brands may seem more prone to problems than others. but you also mentally document it. I must focus on the actual problem and seek a solution. The point is simple: rather than focusing on a vendor that I do not like. you discover that the CardBus port is experiencing intermittent failures in the malfunctioning laptop. For this reason. This illustration demonstrates how the diagnosis and solution look—what I call the adjust phase in my REACT methodology. I’ve seen administrators blame everything from network connectivity to application errors on an operating system or a particular brand of PC instead of looking for the actual problem. I’m less likely to just reinstall every time a problem comes up.Procedures for Optimizing Wireless Networks 339 Solution The solution is the potential fix for the problem. You may try replacing a CardBus PC card because you determine that. When I do this. there is likely someone (or thousands) out there who feels exactly the opposite because of his or her experience. You make changes and try different tactics until something solves the problem. and as you get more and more of it. it is the opposite of being narrow-minded in the troubleshooting process. Next you may attempt to reload the drivers in the malfunctioning computer.

Whether you adopt one or more of these methodologies.340 Chapter 8: Administering and Optimizing a Wireless LAN ■ What other devices are attempting to communicate with the same system at this time? ■ What has changed in the environment within which the system operates? ■ Has the system been physically moved recently? Asking these kinds of questions causes you to evaluate factors that are more related to the actual system you have in place and less related to the vendors that have provided the components. you will likely discontinue partnering with that vendor. we investigated the various techniques used to optimize WLANs. you learned several concepts outside the scope of the CWTS exam. You learned how to deal with common problems such as multipath and hidden nodes. blaming the problem on a single vendor every time does not help me solve the problems I am facing right now. you should consider how you troubleshoot problems and then be sure it is an efficient and effective process. You also learned to analyze bandwidth and throughput for communications. . or create one of your own. however. I need systems thinking and a good methodology. Finally. pursue another methodology. including administration best practices and troubleshooting methodologies. CERTIFICATION SUMMARY In this chapter. For that. if a vendor has provided you with bad components over a period of time. Indeed.

autonomous. ❑ Enterprise-class hardware provides centralized configuration management. ❑ Multipath may cause signal degradation and signal cancellation. and consumer-grade hardware usually does not provide centralized configuration management.11 networks use a license-free frequency space. . ❑ Client load balancing relies on response code 17 messages. ❑ Enterprise-class hardware is usually more powerful than consumer-grade hardware. ❑ The single-MAC model implements the entire 802. ❑ Thick APs (autonomous APs) may be converted for use as lightweight APs.11 logic set in the APs and part of it in the WLAN controller or switch.11 logic set in the APs. ❑ The split-MAC model uses lightweight APs that are sometimes called access ports. ❑ Hidden nodes can cause performance problems due to retransmissions.Two-Minute Drill 341 ✓ TWO-MINUTE DRILL Procedures for Optimizing Wireless Networks ❑ The single-MAC model is also known as the edge. ❑ Multipath occurs when the same signal arrives at the receiver after traversing different paths. ❑ 802. ❑ Hidden node problems occur when two clients connected to the same AP cannot receive each other’s communications. ❑ The split-MAC model implements part of the 802. ❑ Resolving interference often requires careful negotiations with neighboring individuals and companies. or stand- alone model. ❑ Client load balancing is used to suggest to wireless clients that they should associate with different APs.

Line tester D. Single-MAC B.342 Chapter 8: Administering and Optimizing a Wireless LAN SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Which of the following are possible causes to look for once you’ve located the strongest signal location while searching for the source of interference? A. Edge D. What law allows you to force the neighboring WLAN to change to a different channel? A. 4. You have implemented a WLAN switch that controls four access ports. Spectrum analyzer C. Read all the choices carefully because there might be more than one correct answer. Bandwidth monitor B. The Freedom of Information Act D. Camera 2. What WLAN model have you installed? A.) A. Microwave B. Edge . The Computer Privacy Act C. Efficient 5. The Wireless Freedom Act of 2003 B. Motor C. There is no law that provides such authority. Centralized B. Autonomous C. Choose all correct answers for each question. Procedures for Optimizing Wireless Networks 1. What tool will you use? A. You are attempting to locate the cause of interference in a section of your WLAN. What alternate names are used for the single-MAC model? (Choose all that apply. Elevator D. Speakers 3. You have determined that a neighbor’s WLAN is causing interference with yours.

What action will you likely take to enable these APs for use with your central controller? A. Detach the antennas. B. A client attempts to associate with an AP and then moves on to another AP even though the first AP provided greater signal strength. Upper speed thresholds are in place. Upgrade the memory. 11 C. Client load balancing is most likely in use. Split-MAC 6. What is the response code used in client load balancing? A. Stand-alone D. 17 D. 802. Centralized D. You have several thick APs from an enterprise-class vendor. 11. C. You want to use these APs with a centralized WLAN controller. Consumer-grade 10. D. Split-MAC B. 7. What class of AP is more likely to support this feature? A. 13 B. C. Hybrid 8. Enterprise-class B. You need to implement APs that support PoE. Convert the thick APs to access ports or lightweight APs. You need to implement APs that support more concurrent client connections. considering that the client had the appropriate authorization to access that first AP? A. B. What was the likely cause of this behavior. Which WLAN model implements the entire logic of the 802.11i redirection probably occurred. Single-MAC C. D. Consumer-grade 9. The client didn’t support the frequency used by the AP. The vendor says it is supported. Enterprise-class B. 9 .Self Test 343 C. What class of AP is more likely provide the needed capability? A.11 standard within the AP? A. Replace the radios.

When you test. What is the likely cause? A. Talk to the owner of the neighboring network and attempt to negotiate a solution. ANSI D. you determine that a hidden node problem is the cause.344 Chapter 8: Administering and Optimizing a Wireless LAN 12.11 networks. Multipath C. There is no licensing organization for 802. Use the higher channels that the FCC disallows in the United States. What organization provides the licenses for 802. Close to the AP. 13. You are using all available channels and cannot simply relocate your WLAN onto a different channel. Free path space loss 15. OFDM D. ERP LAB QUESTION You are troubleshooting performance problems for a WLAN user. however. C. You have determined that a neighboring WLAN is interfering with your WLAN that is located in Columbus. Turn the power down on your APs. What solutions can you offer to the user? . close to the client. 14. Use directional antennas and aim them at the neighboring network.11 networks? A. Multipath B. Dynamic Rate Switching B. you notice that a high number of retransmissions are occurring. FCC B. frames are being corrupted. Ohio. What WLAN phenomenon can cause signal degradation and signal cancellation? A. After some analysis. IEEE C. D. Incompatible client C. they are not. B. Hidden nodes D. You receive a complaint from a wireless user suggesting that performance on the WLAN is unacceptable. What other option do you have? A.

Bandwidth monitor B. Speakers do not cause interference. ® A. A camera is not used to locate interference sources. C. Microwave B. You have determined that a neighbor’s WLAN is causing interference with yours. The Wireless Freedom Act of 2003 B. A bandwidth monitor is used to monitor the consumed ˚ bandwidth or throughput on a network. elevators. and this can be used to locate the cause of interference. Line tester D. and C are correct.Self Test Answers 345 SELF TEST ANSWERS Procedures for Optimizing Wireless Networks 1. What law allows you to force the neighboring WLAN to change to a different channel? A. 2. There is no law that provides such authority. motors. Which of the following are possible causes to look for once you’ve located the strongest signal location while searching for the source of interference? A. Camera ✓ ® B is correct. Spectrum analyzer C. . You are attempting to locate the cause of interference in a section of your WLAN. What tool will you use? A. B. Speakers ✓ ® A. ˚ 3. Microwaves. ® D is incorrect. The Freedom of Information Act D. A line tester is used to test an analog or digital communications line. A spectrum analyzer is used to view the RF activity within a specified frequency range. The device will usually reveal signal strengths as well. and wireless devices may all cause interference. Elevator D. and D are incorrect. Motor C. The Computer Privacy Act C.

Edge C. Autonomous C. and C are incorrect. 5. B. and C are incorrect. 6.) A. The single-MAC model is also known as the autonomous. You have several thick APs from an enterprise-class vendor. Split-MAC ✓ ® D is correct. ® A. Efficient ✓ ® B and C are correct. ˚ Any WLAN model can be efficient if it meets the needs of the implementing organization. A split-MAC model uses a centralized WLAN switch or controller to control the access ports or lightweight APs. You want to use these APs with a centralized WLAN controller. What action will you likely take to enable these APs for use with your central controller? A. you cannot use any law to force a neighboring WLAN owner to take any action as long as the interfering WLAN is operating according to FCC specifications. ˚ 4. B. ® A. Single-MAC B. edge. and stand-alone are all names for the ˚ decentralized single-MAC model. D. edge. None of these are laws that can provide authority for such action. ® A and D are incorrect. B. . You have implemented a WLAN switch that controls four access ports. or stand-alone model. The vendor says it is supported. Replace the radios. Stand-alone D. Edge D. Upgrade the memory. Centralized B. Detach the antennas. Single-MAC. What WLAN model have you installed? A. Since WLANs operate in a license-free spectrum. This model does not use a centralized controller or switch to control the distributed devices. C. Convert the thick APs to access ports or lightweight APs. What alternate names are used for the single-MAC model? (Choose all that apply.346 Chapter 8: Administering and Optimizing a Wireless LAN ✓ ® D is correct. The split-MAC model is actually known as a centralized model.

Upgrading the memory is not necessary. Detaching the antennas. Enterprise-class B. Which WLAN model implements the entire logic of the 802. C. Enterprise-class hardware will provide PoE. Consumer-grade ✓ ® A is correct. Centralized is another term for the split-MAC model. Consumer-grade ✓ ® A is correct. You need to implement APs that support more concurrent client connections. ® A. and D are incorrect.11 standard within the AP? A. Consumer-grade hardware seldom supports PoE. C. What class of AP is more likely to support this feature? A. and D are incorrect. ® B is incorrect. Centralized D. Hybrid is a term sometimes used to reference a WLAN model where more of the 802. 8. Enterprise-class hardware can usually support more concurrent users due to the more powerful hardware implemented. ® B.11 standard ˚ in the AP and some in the centralized controller. ˚ 9. Thick or autonomous APs may sometimes be converted to act as lightweight APs. Split-MAC B. Hybrid ✓ ® B is correct.11 standard within the AP. The split-MAC model implements some of the 802.Self Test Answers 347 ✓ ® A is correct. Consumer-grade hardware usually implements less powerful hardware that ˚ can handle a more limited number of concurrent users. Single-MAC C. The APs must support this feature in firmware. . Enterprise-class B. Replacing the radios would not allow the APs to work with a ˚ centralized WLAN controller. The single-MAC model implements the entire 802.11 operations are housed within the AP than in a more common split-MAC implementation. You need to implement APs that support PoE. could damage the equipment. 7. while allowing the AP to operate. ® B is incorrect. What class of AP is more likely provide the needed capability? A.

and C are incorrect. and D are incorrect. ® A. B. 13 B. D. Talk gently. and there is no such thing as 802. D.11i redirection probably occurred. Use directional antennas and aim them at the neighboring network. You have determined that a neighboring WLAN is interfering with your WLAN that is located in Columbus. Talk to the owner of the neighboring network and attempt to negotiate a solution. ✓ ® D is correct. Talk patiently and hope for a favorable outcome. considering that the client had the appropriate authorization to access that first AP? A. These options are all incorrect. Turning the power down on your AP would increase the problems caused by the interference. Use the higher channels that the FCC disallows in the United States. 9 ✓ ® C is correct. and D are incorrect. 11. 17 D. The response code used by client load balancing is response code 17. ® A. Client load balancing is most likely in use.11i redirection. but it will not improve your situation. What was the likely cause of this behavior. Negotiations are in order. You are using all available channels and cannot simply relocate your WLAN onto a different channel. C. ® A. ˚ 12. What is the response code used in client load balancing? A. Ohio. Using directional antennas aimed at the neighboring WLAN may cause more interference for the neighbor. Using channels that are disallowed by the FCC can result in ˚ steep fines. A client attempts to associate with an AP and then moves on to another AP even though the first AP provided greater signal strength. Upper speed thresholds are in place. B.348 Chapter 8: Administering and Optimizing a Wireless LAN 10. Client load balancing is likely in use and this would cause the client to move on to another AP if the first AP indicated that it was too busy. The client didn’t support the frequency used by the AP. 802. C. . What other option do you have? A. 11 C. None of the stated scenarios ˚ would cause the symptom. B. B. These answers are simply incorrect. ✓ ® B is correct. C. You have no power to force the owner to change the WLAN settings. Turn the power down on your APs.

The ANSI organization does not provide services directly related to 802. When you test. What is the likely cause? A. C. An incom˚ patible client would not be able to connect at all.11 networks. frames are being corrupted. Of the items listed. only multipath will cause signal degradation and cancellation. and no organization provides licenses. Multipath would not show these precise symptoms.11 networks. and D are incorrect. B. Close to the AP. 14. You receive a complaint from a wireless user suggesting that performance on the WLAN is unacceptable. .11 uses the ISM and U-NII bands. DRS actually helps improve communications by slowing the ˚ data rate. While the FCC specifies the allowed communications frequencies. There is no licensing organization for 802. ANSI D. Incompatible client C. and C are incorrect. What WLAN phenomenon can cause signal degradation and signal cancellation? A. you notice that a high number of retransmissions are occurring. however. 802. These are symptoms of hidden node problems. they are not. close to the client. but not necessarily corruption of frames. Multipath B. OFDM D. ® A. Hidden nodes D. ® A.Self Test Answers 349 13.11 networks? A. Multipath C. ERP ✓ ® B is correct. Free space path loss would result in weakened signals. Dynamic Rate Switching B. B. FCC B. and D are incorrect. IEEE C. 15. The IEEE designs standards that comply with FCC regulations. What organization provides the licenses for 802. since 802. OFDM and ERP are physical layers and do not degrade or cancel the signal. Free path space loss ✓ ® C is correct. ✓ ® D is correct.11 uses license-free bands. ˚ they do not issue licenses. ® A.

Increasing power output at the clients may increase the signal strength enough that they can see each other. This will slow overall performance. the clients may be able to move closer to the AP or each other. Removing obstacles may solve the problem if it provides RF LOS for the nodes.Your answer may vary. Using RTS/CTS will require that all devices communicating with the AP reserve time for frame transfers. What solutions can you offer to the user? The following represents one possible solution to the lab. but it should increase the performance of the hidden nodes.350 Chapter 8: Administering and Optimizing a Wireless LAN LAB ANSWER You are troubleshooting performance problems for a WLAN user. Increase power output at the clients. Move the clients. you determine that a hidden node problem is the cause. . You may recommend any of the following to the user: ■ ■ ■ ■ Use RTS/CTS. and this will also resolve the issue. Finally. Remove obstacles. After some analysis.

01 Identify and Describe WLAN Security Techniques ✓ Q&A Two-Minute Drill Self Test .9 Security Analysis CERTIFICATION OBJECTIVES 9.

which are 802.11 networks that do not implement the newest version of Clause 8 in a secure fashion based on the solutions first introduced in the 802.11 amendment. The following sections provide information about common WLAN attacks. in these next two chapters.352 Chapter 9: Security Analysis LANs have vulnerabilities that are common to all computer networks. it only offered the use of authentication mechanisms and WEP encryption.01 Identify and Describe WLAN Security Techniques The first step to understanding security is to understand the attacks against which you must defend. This information will help you secure your networks and also provide you with the foundational knowledge needed for the CWTS exam. . neither of these features provides any real security.11 networks. Identifying and Preventing WLAN Security Attacks Clause 8 was included in the original IEEE 802. and they have vulnerabilities that are specific to 802. it becomes more likely that someone will eventually discover the weaknesses in that thing if weaknesses exist. Other optional configuration parameters have been touted as security features over the years.11-based. IEEE 802. and it is seen in the most popular WLAN networks. This security feature was WEP (discussed later in this chapter and the next). however. These features include things like MAC filtering and disabling the broadcast of SSIDs from access points.11i amendment. When something is implemented in the same way over and over again. With the ratification of the IEEE 802. This chapter will present the inherent weaknesses in standards-based 802. W CERTIFICATION OBJECTIVE 9. This is seen in the most popular operating systems and software applications. but either they were never intended as such or vulnerabilities were known from their inception.11 networks showed their biggest security vulnerability when the one real security feature was hacked in the first few years of existence. As you will see. which were shown to be very weak.11-1997 standard.

Identify and Describe WLAN Security Techniques 353 Clause 8 has been heavily updated to include support for better security technologies that can eradicate (at least for now) the majority of the security vulnerabilities discussed in this chapter. More information is included. depending on how you define casual. the original specification stated that WEP was intended to protect “authorized users of a wireless LAN from casual eavesdropping” (emphasis added). since I have not seen it clearly documented elsewhere outside the standards and my CWNA book. These methods include ■ Eavesdropping ■ Hijacking ■ Man-in-the-middle attacks ■ Denial of service attacks ■ Management interface exploits ■ Encryption cracking ■ Authentication cracking ■ MAC spoofing ■ Peer-to-peer attacks ■ Social engineering You do not have to possess the ability to perform any of these attack methods for the CWTS exam. you will need only to describe and differentiate among these attack methods. and so far. whereas the new clause is almost 100 pages long. . The original Clause 8 spanned only about 11 pages. It was never intended as a robust security technology in the first place. A robust security network—as specified in the new version of Clause 8—that is implemented with a strong EAP type is very difficult if not impossible to hack into at this time. it has proven to provide a security framework that is very strong. I would argue that it still protects authorized users from casual eavesdropping. In fairness to the IEEE. In this section. however. For the exam. understanding them helps you better comprehend the reason for the security solutions covered in Chapter 10. I will provide an overview of the common attack methods used against WLANs.The question is: Do you want to casually protect your enterprise data from casual attacks? You’ll read more on this in Chapter 10.

Stated differently. Such behavior may result in legal action against you. WEP encryption can indeed be hacked in just a few minutes and should not be used in any production WLAN when newer encryption schemes are available. I may not be able to decipher the meaningful data that is in the frames. You can encrypt the data. I am simply accessing the network that has been set up for my use. On the other hand. but I can still read the frames using a WLAN analyzer application. The level of offense is determined by the governing body controlling the domain in which the offense occurs. but this does not make it any more legal. High-gain antennas and sensitive radios can pick up RF signals from a great distance. at the time of this writing. an antenna placed in the right location and connected to a WLAN NIC can read this data. if an attacker can hack your encryption in just a few minutes. be sure you’ve been given the right to do so—even if you are performing . “Wait—I thought you could encrypt the data. If you just read that last paragraph and began to think. As you may know. Some people refer to wardriving as casual eavesdropping. Some wardriving efforts may be innocent in intent. If I access the Internet through their network. he may not have to get as close to your facility as you may think. Since you cannot stop an attacker from reading the frames. you must ensure that you are using an encryption method that is solid enough to protect against a fast attack. The same is true when I access a hotel’s free WiFi service when I am staying there as a customer. Additionally. In recent years. He will not have to associate with the WLAN to view the frames that are being transmitted. You are accessing a hotspot that has been set up for your use. When you access a network. For example. It is impractical to prevent an attacker from “reading the frames” out of the air. I am not wardriving. Wardriving is the process of locating WLANs that have not been configured for your access. it has evolved to act as an umbrella term for nearly any method used to find a WLAN. if I drive down the street in my neighborhood and find and use an open WLAN—either intentionally left open or unintentionally—I may actually be committing a crime. You should be very cautious about stealing network access from networks that were not set up for your use.” you are absolutely correct. it’s not strong enough. the Panera Bread store down the street from me provides free WLAN Internet access. and this is very important to remember. If you are accessing a public hotspot. you are not wardriving. if the attacker can get close enough to your WLAN to pick up the signal. This issue is very serious and will likely grow to become more serious as time passes.354 Chapter 9: Security Analysis Eavesdropping Because a WLAN sends data through the open air. depending on local regulations. but I can read the frames and that cannot be stopped.

FIGURE 9-1 Easy WiFi Radar . There is a more sinister type of eavesdropping. since you are not actually “listening” to meaningful conversations. For our purpose here. Others suggest that wardriving does not even fit into the category of eavesdropping.11 frames through a WLAN NIC. we can categorize wardriving as eavesdropping—the wardriver is listening for frames that are not intended for his or her use. however.Identify and Describe WLAN Security Techniques 355 a penetration test. The following tools may all be used for casual eavesdropping or WLAN network location: ■ MacStumbler ■ KisMAC ■ NetStumbler ■ Kismet ■ Easy WiFi Radar Figure 9-1 shows the Easy WiFi Radar application. I suggest you acquire a written contract that stipulates what and how you will be allowed to access the network. These frames are used to detect WLANs that may be accessible. In order to do this. In the situation where you’ve been asked to perform a penetration test. the attacker will need to utilize a WLAN protocol analyzer. A malicious type of eavesdropping involves the capture of data packets that are traversing the wireless medium (WM). This analyzer is a software application that is designed for or also supports the capturing of IEEE 802. which is a relatively new entry to the WLAN locator or stumbler application pool.

A number of these regulatory domains have extended these laws. Mac. Though there have not been many reported cases of prosecutions up to this point. their frames would be covered under such regulations. Both commercial and freeware applications exist and can be used for malicious eavesdropping. you may need to acquire a MAC address in order to spoof that MAC address for connectivity if you are attempting to hack into a WLAN that uses MAC filtering. . Don’t take these laws lightly. Figure 9-3 shows the full CommView for WiFi application running on a PC as an evaluation version. since it is limited in the data it can retrieve. Since WLANs use electromagnetic waves for communications.356 Chapter 9: Security Analysis Many regulatory domains have finalized laws making it a crime to listen in on telephone conversations without previous authorization. For example. we’ve seen local governments become more aware of WLAN security issues and take steps to help their citizens and local organizations protect themselves from computer crimes. Applications are available for the Windows. The following list includes some of the more common WLAN protocol analyzers available today: ■ OmniPeek Personal (free) ■ AiroPeek (commercial) ■ Network Instruments Observer (commercial) ■ AirMagnet WiFi Analyzer (commercial) ■ Javvin CAPSA (commercial) ■ Ethereal (open source). that cover all electromagnetic communications. and Linux platforms. In the United States. even those initiated voluntarily by the customer. The recording of telephone conversations without consent. now WireShark ■ CommView for WiFi PC (commercial) ■ CommView for WiFi PocketPC (commercial) Figure 9-2 shows the CommView for WiFi application running on a PocketPC. This tool is mostly used for wardriving. Eavesdropping is a common precursor to the attack methods covered in the remainder of this section. is illegal in the United States. this should not be taken as a sign that governments will not enforce these laws. This law is the reason you hear the message “this call may be recorded” when you call so many customer service support centers. or written new ones.

In a WLAN. hijacking is done at layer 2 for denial of service and at layer 3 for attacking purposes.Identify and Describe WLAN Security Techniques 357 FIGURE 9-2 CommView for WiFi PocketPC Hijacking Hijacking is a situation in which an unauthorized user takes control of an authorized user’s WLAN connection. although you could perform certain FIGURE 9-3 CommView for WiFi PC .

The attacker sends deauthentication frames (or enables a high-powered RF signal generator. The attacker then allows bridging across the two WLAN NICs. The attacker starts her own AP. forcing the victim to look for a new AP with which to associate. Since the attacker’s AP is closer and provides a stronger signal. 3. If we stop at this stage. and the other acts as a standard WLAN client of the valid AP to which the victim was originally associated. Because the victim is no longer connected to the AP that actually provides access to needed services. The attack can be taken to another level. including Windows XP. By default. After the victim client station has a working IP configuration. Figure 9-4 shows a graphical representation of the architecture of such an attack. Windows clients introduce an interesting vulnerability. usually through software running on her computer. services have been denied. the attacker can then attempt to access the victim station to steal data or plant viruses. At the same time. The victim can continue to browse the Internet or use other services provided by the valid AP. The process of hijacking layer 2 (the MAC layer of the OSI model) is outlined here: 1. many Windows clients send out probe requests looking for “preferred networks. the victim associates with the attacker’s AP and the user of the machine doesn’t realize he is no longer associated with the valid AP. and rootkits. worms. a man-in-the-middle attack is successfully accomplished. the result is a denial of service scenario. When you configure such a man-in-the-middle attack. the attacker can launch various attacks against the victim client station or simply monitor the traffic that is passing through the newly arranged bridge path through her computer. The attacker configures her AP to use the same SSID as the WLAN to which the victim is currently associated. as outlined in the four steps previously. 4.” These are . At this level. One acts as the AP to hijack layer 2. With this latter configuration. 2. you have hijacked layers 1 and 2 and have the ability to continue attacking the victim station without the user realizing that anyone is even accessing his computer. However.358 Chapter 9: Security Analysis denial of service attacks with a hijack of layer 3 as well. causing interference that results in the victim needing to reassociate). the attacker uses two WLAN NICs. Windows Client Vulnerabilities In addition to the hijacking concept presented here. the attacker can run a DHCP server on her machine that provides an IP address to the victim’s client. which is supported by a number of operating systems.

the developers chose to leave it on and probe for an assumed unavailable network with a random SSID. It didn’t take long for security crackers and hackers to realize the vulnerability exposed. the rogue AP can even respond to this. While standard APs are configured with a specific SSID that they listen for in probe requests and transmit in beacon frames (by default). I’m the SSID you are probing for. the client would need to power off the WLAN device and then power it back on in order to scan for preferred networks again at some interval. . they can be seen in the Wireless Networks tab of the Properties dialog for your Wireless Connection in the Network Connections container. new softwarebased APs can respond to any probe request and say. Rather than having the user notified of a device being turned on and off. it will not simply stop scanning. If the client cannot find a preferred network based on this list. The order in which they appear is the order in which Windows attempts to connect to these networks. While this behavior may seem odd.Identify and Describe WLAN Security Techniques 359 FIGURE 9-4 WLAN hijacking attack and manin-the-middle Original Association Victim WLAN STA Valid AP Hijac ked f rom Victim WLAN STA AP Asso ciati on Valid AP Attacker’s Laptop networks that you’ve connected to in the past. it was implemented with good intentions. An example of such a cracking tool is the software-based AP named Karma on the Linux platform. that’s me. “Yeah. If there were no preferred networks available. when a Windows client probes for the randomly generated SSID. Instead the client will scan for a randomly chosen network based on a randomly generated SSID. Now.” The result is that cracking tools exist that allow you to set up a rogue AP and respond to any SSID for which a client is probing.

This attack is done using devices that output RF energy.360 Chapter 9: Security Analysis The only real protection you have against such attacks (when using the Windows default client) is to keep your WLAN card powered off when you’re not using it and be sure to remove any unsecured wireless networks from your preferred network list immediately after using them—at least until Microsoft releases a fix. The layer 1.11 channel. He stated that a large distributed DoS (DDoS) attack was launched against a client using more than one million nodes from around the world. Another prevention technique would be to use a different WLAN client than the built-in Windows client. it drowns out the RF energy being transmitted by valid devices on your WLAN. your computer will associate with an unsecured software-based AP running Karma (or some other tool) automatically. Many people are still unaware that you can disable the built-in Windows client and use a third-party WLAN client application that provides much greater security. I had the opportunity to interview several security professionals at the DefCon hackers conference. In 2008. attacks are also known as RF jamming attacks. .11 devices. A denial of service attack is a category of attack that includes any actions resulting in the inability of users or systems to access needed resources. When these intentional radiators put out the RF energy at the power levels they support. they can be launched by attackers with little skill as well as attackers with in-depth knowledge of IEEE 802. DoS attacks can be simple to implement or very complex. This remote attack machine (the one running Karma) can provide your computer with an IP address. This information shows how serious DoS attacks have become. The interference can also be narrowband and still cause problems on your WLAN if the band fits nicely in the center of your configured 802.11 networks. One individual represented an organization that provides network offloading for DoS protection. Denial of Service Denial of service (DoS) attacks are launched specifically against WLAN networks at layer 1 (physical) and layer 2 (data link). or Physical layer.4 GHz spectrum used by IEEE 802. and then the attacker can begin launching an attack against your machine. Since the AP will not likely be configured to automatically adjust its channel in the face of interference (though some APs do have this capability). For this reason. usually across the entire 2. a DoS scenario can even be caused by narrowband signal generators. Since the device (called a signal generator) puts out a signal that drowns out the signals of the WLAN. it effectively causes a DoS scenario. If any unsecured wireless networks exist in your preferred network list.

Look for new microwaves. These frames are management frames and. or even new WLANs installed by employees or nearby organizations. To do this.Identify and Describe WLAN Security Techniques 361 Unintentional DoS scenarios can also exist due to the interference caused by microwave ovens. The closer you are to the AP and the more powerful the output of your WLAN adapters. notification frames. This is often said to be a data flood attack instead of a layer 2 attack because the frames are intended to be used to carry upperlayer data. These unintentional DoS scenarios can wreak havoc on your WLAN even though they are not malicious. is possible because you can use many different tools to generate data packets. If you install two or three WLAN adapters in a laptop computer and then enter any WLAN area. cordless phones. and in fact. chances are good that you will tie up most of the available throughput in the service area. the more likely you are to consume a large portion of the network’s throughput. and the result is that the client stations will be denied access to the WLAN as long as the attacker continues to transmit the spoofed disassociation or deauthentication frames. These additional methods include ■ PS-Pool floods ■ Association floods ■ Authentication floods ■ Empty data floods The last one. it could be an indicator that something has changed in your environment. you can generate the maximum frame size data frames on a continual basis. the frame generated is a deauthentication or disassociation frame. Since you are doing this with three different adapters at the same time. and other devices that share the frequency bandwidth with the WLAN. They cannot be ignored by the clients. but it is helpful to know they exist. more specifically. A layer 2 attack is launched by exploiting the processes used for frame management and network communications in a WLAN. they are generated by applications residing at the upper layer . they can be detected through the reports that come in—often from your users—of degraded performance on the network. You do not need to understand the details of their functionality for the CWTS exam. cordless phones. For example. the attacker generates a frame on the WM that uses (spoofs) the MAC address of the AP. layer 1 DoS attacks are not as common as layer 2 DoS attacks on WLANs. empty data floods. Because signal generators are somewhat expensive. an attacker may spoof a deauthentication frame. If these complaints begin to surface suddenly. In general. Additional layer 2 DoS attacks exist that can be executed against a WLAN.

Some APs default to an IP address of 10.11w is written in such a way that it depends on 802. In short order.11 standard without amendments.x.11 standard will include protected management frames. For now. however.10. but a data flood attack is at least a partial DoS attack as well. Management Interface Exploits Most APs support a web-based management interface. most enterprise APs will have IP addresses assigned by the WLAN administrator.10. the draft document for 802.1. Her goal is simple: she will look at the IP address assigned to her machine and use that to find the IP of the wireless router or AP. After an attacker connects to an open WLAN.11i amendment. or you may find that one of your users has installed a rogue AP in the corner of his office and configured it to use the same channel as your WLAN. all she has to do is attempt to connect to each IP address in her subnet (determined by inspecting the IP address and subnet mask in her received configuration) or use a scanning tool that will attempt to connect to port 80 on each IP address. P802. However. ratification is expected in late 2009 or early 2010. This action is taken because a WLAN residential gateway and many wireless routers use this IP addressing scheme for their default configuration.x. One of the simplest solutions to this problem is to disable the web-based administration interface for WLAN connections.0.11i specifies a robust security network.10.11w amendment is in draft at the time of this writing.0.11w states that it is based on 802.2. Eventually. Imagine her IP address is 10. this is usually referenced as a data flood attack. he hasn’t really noticed much of an interference problem. The 802. 802. As an attacker. Whereas 802.245.1 with her web browser. the use of a spectrum analyzer will help you track down the location of the interfering device. She will attempt to connect to 10.11w defines robust management frames. You may find an individual in the parking lot with a signal generator. the IEEE 802. and others default to 192. Since he is sitting so close to the AP.11-2007 as opposed to the original 802. particularly since he is the only one using it. where the x represents the portion of the IP address in that octet. Figure 9-5 shows one WLAN . the IEEE 802. she will likely find the web-based interface of the AP or WLAN router if it is enabled.1. For this reason. and this will help prevent the true layer 2 DoS attack methods.11i as an existing entity in the standard.11w amendment defines more robust methods to be used in WLANs. For this reason.362 Chapter 9: Security Analysis of the OSI model. This is actually more common than finding the attacker with the signal generator—at least in my experience. In fact.10.18.168. Much like the 802. one of the first things she will usually do is attempt to connect to x.

I’ve seen multiple scenarios where the attacker gained access to the AP or WLAN router and then configured the MAC filters to only allow his or her client access. It is not uncommon for an attacker to turn a management interface exploit into a type of DoS attack. You must also consider the other configuration methods such as Telnet and SSH. This action gave the attacker full access to the provided throughput for some period of time until the exploit was discovered. . Ensure such services are either disabled or secured with passwords that are very difficult to guess. Two of the organizations were large enough to justify implementing WPA2-Enterprise and use very strong levels of encryption and authentication. In all of these cases that I’ve encountered. the WLANs were wide open and had not implemented any effective security solutions.Identify and Describe WLAN Security Techniques 363 FIGURE 9-5 Linksys WRT54G web management configuration router’s screen for doing this. WPA-PSK or WPA2-PSK with a sufficiently long and cryptic preshared key would have prevented the attack in every one of these scenarios.

The event planner had asked me if 30 minutes would be enough time to demonstrate the WEP crack. While he was transferring the data I performed a data capture still not knowing the WEP key. Then I had the attendee use his laptop to connect to the WLAN router that we were using for the demonstration and transfer a large file from an FTP server. Enter the proper authentication credentials. and connect to the IP address of the web management interface. you would access Administration | Management and disable the feature called Wireless Access Web. Configure the IP settings appropriately. 2. Connecting to the Web-Based Interface 1. 2. In order to make the demonstration more impacting. Open a web browser. This exercise walks you through the high-level steps needed to disable the web-based interface on a WLAN router or AP. Encryption Cracking I was speaking at a government technology conference in California in May 2006. on a Linksys WRT54G. you will need access to a WLAN router or AP with a web-based interface. The topic was WLAN security. 4. Navigate to the appropriate page and disable Wireless Management access. Disabling Wireless Management Access 1. Reboot the wireless device if required. For example. Connect to the same wired subnet as that utilized by the WLAN router or AP. and they had asked me to demonstrate WEP cracking. I asked an attendee to enter a WEP key while I was not looking and I asked the attendee to make it a complex key with uppercase. After about four minutes I had just over 300MB of data and was ready to crack the WEP key. 3. and numeric characters. I said that we would have time left over. such as Firefox. . lowercase.364 Chapter 9: Security Analysis EXERCISE 9-1 Disabling Web Management Interfaces ON THE CD CertCam In order to perform this exercise.

documents often refer to WPA/WPA2 as if they are the same thing. to which he replied. and WPA was based on part of the 802. The WPA2 certification is based on the ratified IEEE 802. When implemented with an authentication server. The conference group. but differences do exist. WPA2 is a mandatory feature for all new equipment that receives the WiFi Certification from the WiFi Alliance.Identify and Describe WLAN Security Techniques 365 I quickly converted the data to a format that could be used by the WEP cracking tool I was using and then ran the cracking tool against the data. was just over six minutes. methods are available to force the generation of enough traffic so that the attacker can gather the needed data. In fact. I asked the attendee who had entered it if it was the right one. WPA does not implement the Advanced Encryption Standard (AES) encryption and WPA2 does.11 as 802. Normally an attacker does not need to take time to enter a WEP key. “Wow! Yeah. A deep understanding of Initialization Vectors is not required for the CWTS exam or to configure a WLAN. For example. they are more secure. Authentication Cracking With the weaknesses found in the WEP implementation.” This information was not news to people who work with WLANs every day. however. but you should know that they are a major reason for WEP’s weaknesses. the WiFi Alliance created a certification known as WPA.11i. Even if there is insufficient traffic. While they were developing what eventually became an amendment to IEEE 802. assuming a strong EAP type is used. the attacker can usually capture enough data to get the WEP key in three to five minutes and then crack it in three to five seconds. they make it impossible to crack the WEP key in three to five minutes at this time. the IEEE began development of a more secure authentication and encryption algorithm.11i document. so if there is sufficient traffic on the WLAN. The total time. both can be implemented using passphrases or authentication servers. In about three seconds the entire group was looking at the WEP key. Today. including the time spent by the attendee entering the WEP key and then my capturing of the data during transfer.11i draft document available at an earlier time. However. . Some newer WLAN devices intentionally avoid weak Initialization Vectors and make it much more difficult to crack the WEP key. had not been exposed to the speed at which WEP could be cracked.

The MAC address is normally read from hardware by the NIC device driver.8 GHz processor. at this time. knowledge of the SSID. The feature is based on the fact that all 802. The problem is that. if you install many WLANs. Solutions to this latter scenario include TinyPEAP. implement an EAP type that is secure. I could set the PSK passphrase to SYSEDCO43040. which is my company’s name and my ZIP code. it could take years to brute-force a passphrase like the one represented here even with a P4 3. is to use enterprise-class security instead of the PSK. Figure 9-6 shows a typical configuration interface for this feature. If an attacker can discover a valid . An attacker can listen for the four-way handshake that is involved in the WPA authentication process and use the CoWPAtty tool. According to some researchers.366 Chapter 9: Security Analysis When using a passphrase and preshared key (PSK) to authenticate client STAs using WPA or WPA2. but the device driver can be instructed to ignore what was read from the NIC hardware and to use a different address. This address is either encoded into a NIC or is stored as a configuration parameter. but in most cases you can use a longer passphrase that is not a word at all (something like gu7YjhU67BbrYYZ89klop09) and gain enough security for these installations. as one example. that cannot or will not support a full authentication infrastructure. there is a known vulnerability. my company’s name is SYSEDCO. With the handshake frames. If the attacker does not capture a four-way handshake quickly. This simple technology used a list of MAC addresses that are allowed to authenticate with the AP or a list of MAC addresses that are not allowed to authenticate. it could be easily guessed and should be avoided. For example. the attacker can eventually retrieve the passphrase and PSK. You are likely to find yourself in an organization. she can transmit a disassociation frame to the client station causing it to process the four-way handshake again. MAC addresses can be spoofed (faked or stolen). This type of attack is often called WPA cracking. Even a longer passphrase can be very weak. to discover the passphrase.11 WLAN NICs have a physical address known as the MAC address. and a dictionary of possible passwords or passphrases. It will usually happen in SOHO installations or SMBs. since many devices have a MAC that is specified as a configuration parameter. instead of using passphrases. MAC Spoofing One of the earliest attempts at securing WLANs was to implement MAC address filtering. even though it’s long. The primary protection against this attack. However. To accomplish this. such as PEAP or EAP-TTLS.

In addition to the built-in interface of many WLAN NICs. their MAC addresses must be in the allowed list. you can utilize applications like SMAC (shown in Figure 9-8) to change the MAC address of your WLAN card. which is available for many different WLAN devices. he can easily change the MAC address of his NIC to match. an attacker can quickly determine the MAC address of users who are associated with your AP. but it should not be considered a security solution in any way. . wired or wireless. All that the attacker has to do now is configure his MAC address and then authenticate and associate with the AP. Using simple eavesdropping tools like CommView for WiFi or OmniPeek Personal. This simple hack is why MAC filtering should not be considered a security solution at all. Figure 9-7 shows the Device Manager interface for changing a MAC address. It may be considered a configuration enforcement solution of sorts. SMAC works with almost any NIC. If they are associated.Identify and Describe WLAN Security Techniques 367 FIGURE 9-6 Configuring MAC filtering in a Linksys device MAC address.

368 Chapter 9: Security Analysis FIGURE 9-7 Device Manager MAC modification interface FIGURE 9-8 SMAC 2.0 MAC spoofing tool .

These types of attacks must be protected against. Hijacking attacks are sometimes referred to as peer-to-peer attacks as well. Endpoint security involves the installation of an application on your WLAN clients that monitors and reports on any attempts made by other client stations to access the monitored client. This is normally the only way one station can communicate with another station in an infrastructure BSS. Instead. Such software may be bundled in with anti-spyware or antivirus software. Figure 9-9 illustrates the concept of a peer-to-peer attack. which is just such a place where peer-to-peer attacks are likely to occur. When an attacker tries to gain access to a client station on your network. Many times the users are traveling through airports. though they may call it by a different name. it is seldom going to be benign. Many users have personal information on their laptops as well as information belonging to the organization. wouldn’t he?” The answer is an affirmative one. The personal information may include account names and passwords for online banking and other sensitive systems that the users access. he is not likely to be doing it for Internet access. Peer-to-Peer Attacks A peer-to-peer attack occurs anytime one WLAN client station attacks another WLAN station that is associated with the same AP. If station-to-station . but remember that attackers can pick up equipment at eBay now for very little cost. To understand the potential severity of a peer-to-peer attack. he is likely to be performing a data theft or destruction attack. PSPF is a Cisco technology that allows you to disable access to WLAN client stations by other stations associated with the same AP or even the same ESS. Users will often copy this information to the hard drive of their laptops so that they can view the information while traveling. Notice that the malicious file is passing through the AP. consider the data that is often held on a user’s laptop. That is often their single intent. Attackers may desire to penetrate your network in order to use it to gain access to the Internet. as they are usually malicious. Whatever his intention. The organization’s information can include anything the users have at least read access to on the network.Identify and Describe WLAN Security Techniques 369 A common response to the reality of scenarios like this is. No real reason exists for an attacker to gain access to another peer computer other than theft or damage. “The attacker would have to have the right WLAN card to work with these eavesdropping tools. Other vendors offer similar functionality. He may be attempting to install back doors into your network or other malicious software. You can protect against these types of attacks using two common methods: endpoint security solutions or Public Secure Packet Forwarding (PSPF).

Many of these. An additional concern in peer-to-peer scenarios is the attacks that can occur in an ad hoc or IBSS network. if it’s available) and be trained in how to use it to limit the machines that can connect to their file shares and computer. but there can be no question that many of the ad hoc networks configured to have the identical SSID as that of the local airport or hotspot are there waiting for the unsuspecting user to connect so that the attacker can infiltrate the victim’s machine.370 Chapter 9: Security Analysis FIGURE 9-9 Peer-to-peer WLAN attack Malicious File or Document Malicious File or Document Attacker’s WLAN STA Valid WLAN STA communications are disallowed. Another concern from the perspective of ad hoc networks is the common situation you find at airports and other public spaces. the users should have firewall software installed (or more robust WLAN endpoint software. . no doubt. In an ad hoc network. are innocently configured machines with no ill intentions. This common configuration opens the door for attack. the attacker would have to perform a more complex hijacking hack to get the same malicious file onto the victim’s station. In these types of ad hoc networks. For this reason and the fact that most computers today run Microsoft Windows. It is not at all uncommon to turn on your Windows-based laptop and select to “View Available Wireless Networks” only to find that there are dozens of ad hoc networks in existence. Windows file sharing is often enabled. the users are typically intending to share files with each other.

and you will need to know how to protect against malicious hackers as well. These kinds of peer-to-peer attacks shed light on the importance of data classification procedures. It is my sincere hope that every person who acquires his or her CWTS will go on to acquire the CWNA and CWSP certifications. but this certification gives you the knowledge you need to administer the security in a WLAN. Data classification can be defined as the process of labeling or organizing data in order to indicate the level of protection required for that data. but it should help you to determine which data users should be allowed to store offline and which data should be accessed only while authenticated to the network. Please. you may define data classification levels of private. and public. as this book’s brief introduction has hopefully shown you. you need that depth to thoroughly secure a WLAN. he quickly closed his laptop. They provide more depth on the security-related topics and. Without saying a word. Public data would be data that can be viewed by anyone. I will take you a little deeper still in Chapter 10. and walked away. so I decided to find this network source. For example. don’t stop your journey half way. the malicious hacker is out there. placed it in his bag. I used software to monitor the strength of the signal coming from that network and moved around slowly until the signal became stronger and stronger. The CWNA and CWSP certifications will provide you with the knowledge needed to implement. you help reduce the severity of a peer-to-peer attack that is launched solely to steal information. Finally. test. Successful social engineering attacks occur because the target might be ignorant of the organization’s information security . sensitive. trade secrets or internal competitive processes should be classified as private data. Your users must be educated. analyze. I asked if he was having fun running his own little network and allowing people to associate with it. I eventually found myself seated next to a man about my age with his laptop open and running. This is just one example of data classification.Identify and Describe WLAN Security Techniques 371 In one recent encounter. Private data would be data that should be seen only by the organization’s employees and may be seen only by a select group of the organization’s employees. Social Engineering Social engineering is a technique used for persuading someone to give you something that he or she should not give you. the information on the organization’s Internet web site should fall in the classification of public data. I noticed an ad hoc network with the same name as the airport’s network. The contracts that exist between the organization and service providers or customers should fall in the classification of sensitive data. For example. and administer the security in your WLAN. By keeping private data off of laptops. Yes. Sensitive data would be data that should be seen only by the organization’s employees and approved external individuals.

In the very same manner. a hired professional security auditor should openly attempt intrusion as one tactic of testing security policy adherence. Even in networks using more secure technologies like WPA-PSK as opposed to WEP. he will plug it into his own computer and wireless packet analyzers to view sensitive data in real time. an attacker may be able to persuade an employee to reveal the passphrase that is being used. The help desk employees are probably used to assisting internal employees with network configuration issues and WLAN access problems. Items that might be marked as private and needing such identity verification are ■ Hidden SSIDs of access points ■ PSK passphrases. they are probably well armed with information about how to configure a client computer to access the organization’s WLAN. or attitude.372 Chapter 9: Security Analysis policies or intimidated by an intruder’s knowledge. if used ■ Physical locations of access points and bridges ■ Usernames and passwords for network access and services (such as e-mail) . There are some well-known targets for this type of attack: ■ The help desk ■ On-site contractors ■ Employees (end users) The Help Desk Because the help desk exists to provide help. These professionals should be trained on what to give out and what not to give out over the phone. Hackers (used in the negative sense of the term here) do not always fit the common profile of a technical recluse who is non-sociable and unable to communicate well. Social engineering is one of the most dangerous and successful methods of hacking into any IT infrastructure—wired or wireless. For this reason. Once the attacker has the passphrase. just as though there were no security. For this reason. expertise. it may become an easy target for a social engineering attack. social engineering has the potential of rendering even the most sophisticated security solution useless. There should also be some form of identity verification mechanism in place any time they do assist someone in gaining access to the WLAN. Many times the most successful and damaging network intrusion is accomplished in broad daylight through clever efforts of someone who walks into a business as if he owns it.

if the company Teddy Bears and Rocking Chairs. if the technology group has a special name like CompanyName Information Services. Contractors usually have no loyalty to the company in the first place. which is exactly the opposite of what a social engineer wants. A social engineer is likely to call over and over. Inc. Many times a threat to speak with. “I’ve been talking to people from TBIS all day and it hasn’t resolved my problem. . or stressed (people like to help relieve other people’s stress). The help desk person is usually disarmed and stops paying attention when she figures out that the person to whom she is speaking knows very little. or write a letter to. For example. If you do not. Are you the one person in that group who actually knows what you’re doing?” This appeals to the vanity of the listener and makes him or her feel better about trusting you. ■ Play dumb. Playing dumb is a favorite of many social engineers. All of these approaches have the same effect: getting the requested information. afraid. Contractors A second group that the social engineer may target is that of temporary contractors. and taking different approaches with each. the acronym for that term). It’s important that a help desk person be alert to this tactic at all times. They also understand that their manager will not be happy with them if their customers are not happy with the service they are receiving. you fit in. and this can lead to a more liberal handling of private company information. the manager. When you speak the language of the organization. ■ Speak the language of the organization (for example.. has a technology group called TBIS (Teddy Bears Information Systems). can help the social engineer to get the help desk person to give over the requested information just to appease and settle down the social engineer. Help desk personnel understand that their job is to help people with their problems. yet professional language. you want to be aware of this as a social engineer. hoping to speak with different representatives. This situation is exacerbated when the “dumb” customer (the social engineer) is overly polite and thankful for the help. you got this information from a company report that was intended for internal distribution but was published on the company’s web site. be sure to use that terminology or. You may be able to get information by saying something like. even better.Identify and Describe WLAN Security Techniques 373 The auditor should (and the hacker will) use three particular tactics when dealing with help desk personnel: ■ Use forceful. there is an almost subconscious awareness that something is wrong and this may cause the victim to be on higher alert. How would you know the group is called TBIS? Of course.

and refresher training classes may also be needed. Better training is required. and even the cause (whatever it might be). the fame. but another part is that of auditing. he used social engineering methods to acquire the information. This attack method takes advantage of the ever-present human factor. The reality is that the pool includes introverts and extroverts. It can even be incorporated into annual employee meetings. In many of these cases. However. He was employed as a contractor and proceeded to attack the organization and steal proprietary knowledge. That’s certainly part of it. the ability to link actions to individuals is lost.to ninety-minute window once or twice a year. The good news is that you can usually provide the needed awareness training class in a forty-five. social engineering is a very powerful attack method that cannot be protect against by technologies alone. Many users—and IT professionals—do not understand that the motivation behind individual user accounts and passwords (or any other individual authentication mechanism) is more than just to give them the right access to the right things. Because of this. you must consider that it is very likely that a user will give up valuable information to these individuals. we must improve our humans and not just our technologies. We tend to develop trust for people we work with on a regular basis. because advanced social engineers are very skilled at their craft. The fastest solution to the contractor dilemma is to be sure to give contractors only the level of access they need to get their jobs done and then train employees well in identifying social engineering or in protecting company interests. and this often causes us to take actions we really shouldn’t take. and to protect against it. contractors are actually the individuals performing the network attack. Storage-level encryption and intrusion prevention or monitoring systems may help in these scenarios. but it can also lead to the sharing of sensitive information that should not be shared. High trust is a very good thing for productive work. there has been a fair amount of research on why crackers crack and the kinds of personalities that tend to become crackers.374 Chapter 9: Security Analysis Sometimes. Employees It is not uncommon to walk down the hallway of an organization and hear one employee loudly calling out his username and password to another employee in a different cubicle or work area. costing companies millions of dollars by some estimates. but it must not be forgotten. This was the case with Kevin Mitnick in many of his attacks in the 1990s. I’ve chosen to . When a user gives his or her account and password to another user. Better training programs are needed in many organizations to resolve this issue. Know Your Enemy Over the years. In the end. It includes people who are in it for the money.

To protect against this skill level. The Wannabees are often called Script Kiddiez by the security community. or financial motivations of the attacker. however. they go on to my neighbor’s network that is wide open. these categories serve as an excellent thinking tool when you look at different technologies. I said that the Wannabees probably wouldn’t breach my six-character passphrase for WPA-PSK. There are exceptions where Wannabees perform intentional attacks against networks that represent philosophies or ideas to which they are opposed. They may use a mix of instructions and existing knowledge. This name has been associated with them because they cannot really crack a system. if they have step-by-step instructions. I will need to implement strong authentication and confidentiality. but this is only wishful thinking. In the preceding paragraph. By considering the technical proficiency. but these attacks are the exception. This allows them to become masters of social engineering as well as technical cracking. End-user training and strong authentication . There is no more skillful foe. I can say that a WPA-PSK implementation with a sixcharacter alphanumeric non-word passphrase will protect against most Wannabees. is the category of attackers who combine the technical proficiency of the Gonnabees with deep knowledge of human engineering. my home network is more likely to be attacked by a Wannabee than the other two categories. not the rule. but it will not protect against Gonnabees or Killerbees. these are my terms and not part of the CWTS program’s tested material. since there is no real way to track how these skilled crackers and hackers use their abilities. For example. they can penetrate a system that has a known vulnerability. I would like to think that more Gonnabees are on the side of obedience to the law than are law breakers. but they are much more dangerous than the Wannabees if they choose to use their skills for bad rather than good. They will attack any network that has a known vulnerability. the Killerbees. Those that I categorize as Gonnabees are the crackers and hackers with a moderate to high level of skill. The final level. However. These attackers usually bear no malice toward the specific network they are attacking. and as soon as they see my network would require some effort.Identify and Describe WLAN Security Techniques 375 look at the technical proficiency of the attacker rather than the emotional. However. I can better organize my protective mechanisms to deal with the threats that I am most likely to face. social. The three categories I look at are the following: ■ Wannabees ■ Gonnabees ■ Killerbees Of course. The reason is simple: They are parked at the stop sign in front of my house.

intrusion monitoring and activity logging should always take place at some level. Every organization should take measures to protect against the Wannabees. This is more important in larger organizations that receive more media coverage and are therefore more likely to be targets of attacks at this level. Standard security practices will thwart many attack attempts by these advanced crackers. Of course. These individuals with little technical skill but a desire to penetrate networks and possibly cause damage abound. You can protect your network from these attackers using standard security precautions. which include ■ Using modern secure encryption technologies ■ Patching computers and devices with updates to software and firmware ■ Providing periodic awareness training to your end users ■ Implementing effective authentication. but greater measures will also need to be taken. but you must implement stronger security mechanisms when applicable. but the latter organization—in this case— may need to implement just such a solution. you have to go a step further. regardless of the level of technical skills possessed by the attackers who threaten you. For example. For this reason. and accounting procedures To protect against the Gonnabees and Killerbees. authorization. The next chapter will introduce you to the protection mechanisms that are available and will also expose . the latter organization is more likely to be attacked by both skilled and unskilled crackers. You will determine applicability by balancing the value of your assets against the risk of attack.11 networks. The latter organization is more likely to be considered divisive and nontrivial. as well as frequent re-education of the user community. Regular updates to software and firmware are also a given. Continual awareness of changes in the environment will be necessary. a small company that sells nuts and bolts has a much lower risk level than a small organization that exists in order to promote a social agenda. Smaller organizations that are involved in markets that see strong resistance from various social groups must also be on the lookout. Most small organizations do not implement advanced intrusion prevention systems. The former organization is involved in work that most people would consider trivial or nondivisive.376 Chapter 9: Security Analysis and confidentiality will be needed. General Security Principles This chapter has introduced you to the wireless vulnerabilities and attack methods that are commonly executed against 802. there are minimum security measures you should always employ. For example.

or will they be adept crackers in the true sense of the word? Of course. which I will refer to as information security to encompass all three of these traditional terms. we need the well-trained human to make the decision. network security. Will the attackers be unskilled crackers following the instructions of others. From the technical perspective. it is a bit more complex. it is the truly human decision device (the emotional brain) that is best at selecting the right technology for the right scenario. You will need to ensure that the technology chosen provides the needed level of security. you leave your network and—more important—your data vulnerable. This will prepare you for the chapter that follows. Maybe someday we’ll get that perfect algorithm. The human perspective is where you consider the types of attacks to which you will be most vulnerable and the types of attackers who are likely to attack your network. all networks are vulnerable to attack from all kinds of attackers. If you implement too much. but we must be realistic when selecting security solutions. The two concepts are ■ CIA ■ AAA . a few more vulnerabilities. Part of the security selection process should include an evaluation of the threats to your organization. I will end this chapter with a brief overview of two security concepts that are often referenced when dealing with computer security. In the end. it becomes difficult to justify and can cause nontechnical managers to side against future security investments. Two extremes must be avoided: implementing too little and implementing too much. the process is simple. Pure numbers will often lead to too little or too much. If you implement too little in the way of security solutions. These threats must be considered from a technical perspective and a human one. but for now. or internetwork security.Identify and Describe WLAN Security Techniques 377 INSIDE THE EXAM Choosing the Right Security Solutions An important part of your role as a wireless technology professional is the selection of the appropriate security technologies. The cost would far outweigh the security benefits. From the human perspective. I am not going to implement a RADIUS server and a public key infrastructure (PKI) for a small business with one AP and seven WLAN client stations.

which controls access to the area where the information is being used on-screen or in print format. FIGURE 9-10 y alit CIA security triad nfid e Int nti egr ity Co Availability . the data is what it should be. Confidentiality is the concept of keeping private information private. a man-in-the-middle attack may involve receiving data from an unsuspecting client and changing it in some way before it is sent on to the destination. if you’ve provided sufficient throughput and then an attacker performs a DoS attack. Availability simply states that the right data is available to the right people at the right time in the right place. During transfer it is achieved through the use of encryption. This must be true when the data is transferred from one place to another. transferred. then. They are sometimes called the CIA security triad or just the CIA triad. During utilization it is achieved by means of physical security. the data integrity has been violated. and availability. When this occurs. This acronym is often used to reference these three extremely important concepts in information security. then. This is usually protected against through the utilization of hashing algorithms and CRC methods. A DoS. In other words. availability suffers. Integrity is the concept of data consistency.378 Chapter 9: Security Analysis CIA CIA stands for confidentiality. This is a factor of data throughput as much as it is of data security. is an example of an integrity violation. However.11. During storage it is achieved by encrypting the data in some cases and restricting access to it in all cases. An example of weak confidentiality is the WEP encryption in IEEE 802. Figure 9-10 represents this concept. or utilized in any other way. integrity. is an example of a security breach that would violate the principle of availability. A hijacking attack that evolves into a man-in-the-middle attack. For example. It is accomplished by restricting access to the information when it is stored.

authorization. and accounting (or auditing). but it is often worth the cost. integrity.Identify and Describe WLAN Security Techniques 379 SCENARIO & SOLUTION You want to ensure that the data received is the data that was originally transmitted. As you can already see. The same is true for various integrity algorithms. which is called the AAA (pronounced triple-A) in many references. These three concepts must be considered when implementing your WLAN. AAA The second fundamental concept of information security is authentication. and availability. In other words. the users are responsible for protecting their accounts as well as the actions they take while connected to the network with those accounts. As a definition of accountability. If availability is highly important. This is an important concept. without all three I cannot really have accountability on my network. you will have to either sacrifice the level of confidentiality and/or integrity or implement hardware that is powerful enough to overcome the overhead. For example. This means that your WLAN will cost more. It is used to prevent unauthorized data modification. you have users sharing their authentication information with other users and you lose all . Do you need confidentiality or integrity? Data integrity is used to ensure that the data received is the same as the data that was transmitted. but you must also consider which is most important. Without this concept of accountability. Think of these three factors like this: ■ Authentication ■ Authorization ■ Accounting Who are you? What do you want? What have you done? If you remember these three simple questions. consider the following: Accountability is the concept that says all network users are responsible for the actions taken by their individual network accounts. stronger encryption may require more overhead that in turn reduces availability (throughput). you’ll always be able to remember these three important factors. Not only must you consider how you will provide confidentiality.

data integrity algorithms. you’re ready to move on to Chapter 10. authorize. . then your accounting will serve a much diminished purpose. decrypt the traffic on your network.380 Chapter 9: Security Analysis accountability on the network. Since this is the case. Of course. In the process. You will learn about encryption technologies. however. You discovered some of the inherent weaknesses of WLANs. If you authenticate users but do not utilize effective authorization (for example. You also learned how attackers can take over a user’s computer and attack it or monitor that traffic going in and out of it. You must first verify the identity of an individual before you can grant him access to resources as an individual. When you consider the three factors of AAA. and hack the preshared keys used to authenticate to your network. The point of accounting or auditing is to track who does what and when they do it on your network. I’ve seen many environments with security policies that stipulate that users shall not share their credentials with other users. Authorization is the granting of access to resources. strong authentication is essential to solid information security. CERTIFICATION SUMMARY In this chapter. enforcement is another story completely. Now that you know how attackers attack you. users will be very slack in protecting their credentials and therefore the entire AAA concept is weakened. If everyone can do everything. If your authentication is weak. which is the first part of the journey to learning to secure them. As you can see. you allow everyone to access everything). you learned about the different WLAN attack methods that are common. the trickle effect will be weak or irrelevant authorization and accounting. and protection mechanisms to find and eradicate DoS attacks. authentication simply must come first. where you’ll learn how to protect against their attacks. you discovered how attackers can view the frames on your network. You’ll also learn to authenticate. and account for what your WLAN users do on the network. Chapter 10 will reveal the various technologies that are available to implement both CIA and AAA in WLANs. I’ve seen very few environments that successfully enforce this with a measurable penalty that demands compliance. you need all three to have strong information security.

. ❑ When an unauthorized user takes control of an authorized user’s session. ❑ Data flooding is a type of DoS attack. ❑ Social engineering targets include users. layer 3. ❑ Wi-Fi finders such as NetStumbler are often categorized as eavesdropping tools. integrity. ❑ CIA stands for confidentiality. ❑ WPA may be hacked when using a preshared key (PSK) using handshake captures or brute-force guessing. ❑ Many WLAN routers and residential gateways have web-based management interfaces that may be exploited by attackers.Two-Minute Drill 381 ✓ TWO-MINUTE DRILL Identify and Describe WLAN Security Techniques ❑ Eavesdropping is the act of capturing WLAN frames that are not intended for your client station. contractors. ❑ Protocol analyzers may be used to eavesdrop on WLAN communications. ❑ Social engineering is an attack method that exploits the human element. authorization. ❑ Hijacking may occur at layer 2. ❑ MAC filtering is not an effective WLAN security solution. it is called hijacking. ❑ A denial of service (DoS) is an attack that results in service disruption. as MAC spoofing is a simple procedure. ❑ AAA stands for authentication. ❑ An RF signal generator is often used in hijacking attacks. and availability. ❑ A distributed DoS (DDoS) attack uses multiple bots or machines to attack a target station or network. and accounting (or auditing). ❑ The Wired Equivalent Privacy (WEP) protocol is insecure and should not be used on any new WLAN. or both. and the help desk. ❑ Ad hoc (IBSS) WLANs are often used to lure unsuspecting victims in public places.

Man-in-the-middle D. CCMP Invocation Actuator C. Encryption cracking 5. Coverage Intentional-Radiation Adjustment 2. Encryption cracking 4. Auditing C. Spam . DoS D. Data flooding is in what attack category? A. Hijacking B. Eavesdropping C. Accounting 3. Identify and Describe WLAN Security Techniques 1. What does CIA stand for in the realm of information and network security? A. what attack is she always performing? A. Authentication B. When an attacker retrieves WLAN frames from the WM that are not intended for her. Hijacking B. Eavesdropping C. Choose all correct answers for each question. Central Intelligence Agency B. Hijacking B. Read all the choices carefully because there might be more than one correct answer. What is it called when an unauthorized user takes control of an authorized user’s WLAN session? A. Eavesdropping C. Confidentiality Integrity Availability D. Authorization D. What does the second A in AAA stand for? A.382 Chapter 9: Security Analysis SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Man-in-the-middle D.

Hijacking D. Brute force C. Console B. Handshake capturing B. Distributed B. WPA2 C. Large C. What kind of attack always results in the disruption of service? A. DoS B. NetStumbler may be categorized as what kind of attack tool? A. what kind of DoS attack is employed? A. Manual switches 10. When an attacker gains control over dozens of nodes and uses them to attack a target. Serial D. Eavesdropping 8. Small D. Which one of the following protocols is insecure regardless of the implementation method? A.11i 11. What management interface may be exploited across wireless connections if not secured properly? A. Web-based C. Encryption cracking B.Self Test 383 6. 802. Eavesdropping D. Hijacking C. Weak IV detection D. WPA B. Deployed 9. Protocol remapping . DoS C. What two methods can be used to crack WPA when PSK is used? A. Encryption cracking 7. WEP D.

Peer-to-peer attacks are often launched using what kind of WLAN? (Choose the best single answer. Which security technique is not effective due to simple hacks? A. Cisco D. and the key is the same as it was when first installed.11i 13. 802. The current key is: 67yHju.384 Chapter 9: Security Analysis 12. WPA-Enterprise C. The current network uses WPA-PSK. Twelve APs are installed. What would you recommend to this client and why? . Social engineering D. WPA2-Enterprise D. WPA cracking C. Infrastructure B. Layer 4 LAB QUESTION A client has requested that you analyze the current security used on the organization’s WLAN. Layer 3 D. and three more will be added in the next twelve months. MAC filtering B. Brute-force attacks 15. What attack method exploits the human element and does not rely on technical ability? A. At what OSI model layers does hijacking usually occur? (Choose two.) A. Layer 1 B. ESS C. Ad hoc 14. Layer 2 C.) A. WEP cracking B.

integrity. B. Hijacking. B. When an attacker retrieves WLAN frames from the WM that are not intended for her. man-in-the-middle. Accounting ✓ ® C is correct. and D are incorrect. What does the second A in AAA stand for? A. ® A. this scenario is always eavesdropping.Self Test Answers 385 SELF TEST ANSWERS Identify and Describe WLAN Security Techniques 1. Authentication is the first A. C. ˚ 3. ® A. Auditing is not one of the “As” in triple-A. Coverage Intentional-Radiation Adjustment ✓ ® C is correct. CIA stands for confidentiality. ® A. Auditing C. CCMP Invocation Actuator C. and D are incorrect. Eavesdropping C. but eavesdropping is defined as capturing frames that are not intended for you. These answers are simply incorrect. Encryption cracking ✓ ® B is correct. what attack is she always performing? A. and availability. Authentication B. Hijacking B. What does CIA stand for in the realm of information and network security? A. ˚ 2. Accounting or auditing is the last A. . and D are incorrect. While frames may be captured for other purposes. and encryption cracking may ˚ include capturing of frames. Central Intelligence Agency B. Man-in-the-middle D. Authorization D. Confidentiality Integrity Availability D.

A denial of service (DoS) attack results in the disruption of service. Eavesdropping. Eavesdropping D. Encryption cracking B. Data flooding is in what attack category? A. Hijacking D. Eavesdropping C. Eavesdropping . Man-in-the-middle D. Hijacking may result in the disruption of service. C. man-in-the-middle. Encryption cracking ✓ ® A is correct. Hijacking B. but they are not defined as taking control of an authorized user’s session. ® A. DoS C. What is it called when an unauthorized user takes control of an authorized user’s WLAN session? A. Hijacking is the term that refers to taking control of another user’s authorized session. Hijacking is defined as taking control of an authorized user’s ˚ session. 7. ® B. and neither does encryption cracking. ˚ Eavesdropping does not result in the disruption of service. Spam is unsolicited e-mail. but not always. Data flooding is a form of DoS attack. What kind of attack always results in the disruption of service? A. Hijacking C. and D are incorrect. ® B. Hijacking B. Encryption cracking ✓ ® A is correct.386 Chapter 9: Security Analysis 4. NetStumbler may be categorized as what kind of attack tool? A. B. and encryption attacks are ˚ all potential threats. DoS B. 6. DoS D. Eavesdropping is defined as capturing frames that are not intended for you. Eavesdropping C. Spam ✓ ® C is correct. and D are incorrect. 5. and D are incorrect. C.

WPA B. Large C. ® A. and D are incorrect. These answers are simply incorrect. 10. and C are incorrect. WEP is considered insecure in any implementation today. Web-based management interfaces may be exploited across the wired or wireless LAN if not secured.11i defines a very secure WLAN. What management interface may be exploited across wireless connections if not secured properly? A. Small D. Manual switches would require physical access in order to manipulate them. 802. Deployed ✓ ® A is correct. B. C. NetStumbler cannot perform encryption cracking. WEP D. . Which one of the following protocols is insecure regardless of the implementation method? A. ® A. ˚ or hijacking. C. ® A. what kind of DoS attack is employed? A. Manual switches ✓ ® B is correct. NetStumbler may be categorized as an eavesdropping tool. ˚ 9. Distributed B. Console B. This description is that of a distributed DoS (DDoS) attack. 8. B.11i ✓ ® C is correct. and D are incorrect. DoS attacks. WPA and WPA2 can be implemented in a secure manner. ® B. Serial D.Self Test Answers 387 ✓ ® D is correct. ˚ 802. When an attacker gains control over dozens of nodes and uses them to attack a target. Console and serial access is available only at the physical location ˚ of the device. and D are incorrect. WPA2 C. Web-based C.

Social engineering D. WEP cracking B. 802. ® C and D are incorrect. however. and there is no such thing ˚ as protocol remapping in relation to WLAN security. MAC filtering can be easily circumvented through MAC spoofing efforts. Cisco D. Protocol remapping ✓ ® A and B are correct. Ad hoc ✓ ® D is correct. Infrastructure B.) A. and attacks may be launched against their devices when improperly configured. and C are incorrect. WPA cracking C. ˚ 802. C. WPA2-Enterprise D. Weak IV detection D. ® B. Cisco is a hardware vendor. The four-way handshake may be captured and used to crack the WPA passphrase. Ad hoc WLANs are usually used to perform peer-to-peer attacks. What attack method exploits the human element and does not rely on technical ability? A. WPA and WPA2 enterprise implementations are very strong. Peer-to-peer attacks are often launched using what kind of WLAN? (Choose the best single answer. WPA-Enterprise C. Weak IV attacks only work against WEP. Infrastructure and ESS WLANs are very difficult to use for ˚ peer-to-peer attacks because the communications must pass through the AP. 14. 12. B. Brute force C.11i defines stronger security solutions that may replace WEP. Brute-force attempts may also be used. ® A. Cisco’s hardware is not more prone to such attacks than any other vendor’s. Handshake capturing B. and D are incorrect. Which security technique is not effective due to simple hacks? A. ESS C.388 Chapter 9: Security Analysis 11. 13. MAC filtering B. Brute-force attacks . What two methods can be used to crack WPA when PSK is used? A.11i ✓ ® A is correct.

LAB ANSWER A client has requested that you analyze the current security used on the organization’s WLAN. the organization is not rotating WPA keys. are the common layers hijacked. ® A and D are incorrect.Your answer may vary. and D are incorrect. Layer 4 ✓ ® B and C are correct. At what OSI model layers does hijacking usually occur? (Choose two. What would you recommend to this client and why? The following represents one possible solution to the lab. Layer 1. the organization can take advantage of centralized security with automatic key changes. the Physical layer. ˚ the Transport layer. The current key is: 67yHju. as well as brute-force attacks. Second.) A. ® A. By implementing 802. First. Layer 3 D. and three more will be added in the next twelve months.Self Test Answers 389 ✓ ® C is correct. Layer 4.11i robust security networks. the current key is too weak to resist cracking attempts. use ˚ technical tools for the attacks. It should be much longer. You may recommend that the client implement WPA2-Enterprise as the new APs are installed. . Social engineering employs manipulation tactics in order to gain information for access to wireless and wired networks. and the key is the same as it was when first installed. Twelve APs are installed. Layer 2 C. the Data Link and Network layers. Layer 1 B. cannot really be hijacked. The current network uses WPA-PSK. 15. B. Layer 2 and layer 3. is hijacked only through layer 3 and is not considered the layer at which hijacking occurs. This configuration will result in greater security and easier long-term maintenance. WEP and WPA cracking. and this is a serious security concern.

This page intentionally left blank .

02 Identify and Describe WLAN Security Techniques Regulatory Compliance ✓ Q&A Two-Minute Drill Self Test .01 10.10 Security Tools and Solutions CERTIFICATION OBJECTIVES 10.

in order to understand the security solutions available for WLANs. at varying intervals. These fundamentals include: ■ Security-related terminology ■ Security principles ■ Security analysis Security-Related Terminology Five key terms must be understood in order to master the various security solutions referenced in this chapter. These concepts include three basic techniques: ■ Something you know ■ Something you have ■ Something you are Password-based authentication is an example of something you know. Biometrics authentication utilizes something you are (fingerprint. confidentiality. For example. However. integrity.392 Chapter 10: Security Tools and Solutions T he premise of this chapter is simple: both wired and wireless networks require security solutions. and nonrepudiation. These terms are authentication. retina. you need to begin by understanding the fundamentals of security. The most secure authentication systems use multiple factors such as a password and a fingerprint or a smart card and a PIN (personal identification number). security policies and myths related to WLAN security will be addressed. Something you have would include smart cards and certificates. Security Fundamentals The fundamentals of security apply to both wired and wireless networks. and facial recognition are examples). I reiterate this fact in different ways. . Authentication is the process used to corroborate or validate the identity of a human or system. authorization. The first section of this chapter will cover these fundamentals. a WLAN requires the same basic security solutions as a wired LAN in order to meet HIPAA regulations. Authentication is accomplished using proof of identity concepts. Next. Throughout the chapter. WLAN security techniques will be addressed. followed by regulatory compliance issues. Finally.

In order to implement effective authorization. When encryption is used. it is called role-based access control (RBAC). Consider the . Nonrepudiation is essential for implementations requiring HIPAA compliance. the data has not been modified without authorization and awareness. a 128-bit hashing algorithm always generates a 128-bit number regardless of the input data. The latter option does not provide confidentiality during data transfer.Security Fundamentals 393 Authorization differs from authentication. including ■ Using digital signatures to sign data before transfer ■ Using strong authentication and authorization ■ Implementing accounting or auditing to track actions Security Principles There are many people who believe an environment can be made secure. They will tell you that security is a process. Still. When secure storage is used. Once authenticated. not an endpoint. the user or system can attempt to access resources. and there are others who believe that environmental security can never be accomplished. Integrity is implemented using hashing algorithms such as MD5 and SHA-1. This 128-bit number is used to validate that the data is still the same data. Confidentiality is implemented using encryption or secure storage. nonrepudiation indicates that the sender of data or the actor upon the data cannot deny sending or acting on the data. Finally. The odds that two differing inputs would generate the same output are very low. Stated differently. A hashing algorithm processes any data and always generates a fixed-length number. When authorization is based on roles. Authorization can be performed based on access control lists (ACLs) or roles. Authorization occurs at the point of resource access. Taking this latter position allows you to have a level of confidence in your network today and at the same time stay on the alert for new vulnerabilities if you are to have that same confidence about your network in the future. the data is manipulated using keys and algorithms to ensure that only individuals or systems with the appropriate keys can access the data. Nonrepudiation is accomplished in several ways. authentication must first take place. Data integrity is achieved when we can be certain that the data received is the same as the data that was originally transmitted. authentication and authorization are solely used to provide confidentiality. there are those who take a different approach. For example.

sometimes just called WUS) to continue support. As long as the idea holds that a system or environment can be made secure and that once secured it will always be secure. I think it is safe to say that many people did not apply the patch. you can certainly say that many cases were likely the result of this thinking. would have prevented any system from being affected by the Code Red worm. . the vendor (Microsoft) released a patch that. Just as on a wired network. If you hold to this definition. 2006. 2005. An example of patch or update management is the Software Update Services (SUS) from Microsoft. It is sometimes called update management as well.394 Chapter 10: Security Tools and Solutions worms that have spread across the Internet in the last few years. I don’t want to cause any confusion. While you can’t assume that all the unpatched systems were the result of thinking that once an environment is made secure it will always be secure. many of these machines would have been patched and Code Red would have done little or no damage to them. You can no longer download SUS as of August 4. wireless network security can be breached if a configured client is breached. if the idea of security as a process had been paramount. security is a process. you can further say that. if you define being secure as being impenetrable. you will have to upgrade to Windows Server Update Services (WSUS. security breaches such as Code Red will occur. Months before it was launched. you can also define a secure system as one having an acceptable level of risk. Because hundreds of thousands of systems were infected. so let me be clear: Microsoft supported SUS only until December 1. You might say that there are no secure systems. Either way. From this. and you must maintain vigilance to reduce the likelihood of attack within your organization and wireless implementations. or patching systems as needed. Code Red was a worm that infected certain types of web servers and operating systems. WSUS now integrates with Microsoft SQL Server for data storage. Support professionals are responsible for staying informed about newer security problems and changing configurations. A worm is a selfreplicating malicious software module. had it been applied. updating firmware.Today. you can apply patches to all your Windows servers and clients on an automated basis. and there have been many others like it. You should consider this and other similar tools to help maintain the security of your environment. Among other things. you secure a system based on risk levels. Code Red was just one scenario. It is this security-as-a-process mindset that has given birth to a large new industry—patch management. With this technology in place. However.

Security Analysis Threats include the individuals or groups who wish to attack your network and the systems they use to perform the attacks.Security Fundamentals 395 Whether the security process is automated with update and patch management software or performed manually by administrative staff. The first concept you must understand to provide security for your wireless network is the concept of the attack surface. if necessary. Documentation of your securityrelated configuration is very important. Attack Surface The attack surface is inclusive of all areas that can potentially be attacked. This process is in line with the principle of security-as-a-process FIGURE 10-1 The process of security Analyze Environment Document Effective Configs Make Proper Changes . I cover other attack points at a high level. Attack surface reduction is the process of reducing the number of areas where your system can be attacked. as they can provide access to the configuration interfaces of your wireless devices. Vulnerabilities are the points where your system is weak and able to be penetrated. and others are general to all networking types. you must analyze your environment and then make changes. You must consider both to implement an effective wireless solution. this helps consultants and other employees better understand how your systems are configured. This diagram shows that you will not always need to make changes. Figure 10-1 illustrates this process flow. While most of this chapter focuses on wireless-specific vulnerabilities. and document effective configurations. but you must continue monitoring the environment and applying changes when needed. Some vulnerabilities are wireless-specific.

and accounting server (RADIUS). These devices have at least two interfaces: the Ethernet port and the wireless interface. you should implement best practices for wireless security. The attacker opens a command prompt and types the command ipconfig /renew to see if a DHCP server is available on the network. and other wireless devices. Immediately.396 Chapter 10: Security Tools and Solutions because attack surface reduction acknowledges that a system cannot have an attack surface reduced to zero and still provide a functional benefit to the organization. . providing an easy attack surface for an attacker. do not use it. your network is harder to penetrate when you reduce the attack surface. but the default configurations of these devices make them an easy target. They don’t mean to harm the network.1X and EAP for authentication and encryption. Think of it like the booth at the fair where you throw the darts at the balloons. which generally involves a centralized authentication. In more advanced implementations. using encryption. To understand the impact of this oversight. Best practices include user training. One common attack point is a rogue access point. consider the use of a standard access point. The smaller balloons warrant a bigger prize (the gigantic Elmo for my four-year-old) because they are harder to hit due to the reduced surface area. the attacker notices the LED lights indicating that the port is most likely active. Imagine an individual slips into a conference room or side office in your small business. Even well-meaning users can install these points when they want wireless access or a different kind of wireless access in their work area. wireless bridges. wireless routers. So go ahead and let the air out of your network’s balloon by disabling unneeded services. You need to ensure that proper security mechanisms are in place to help prevent unauthorized access through these entry points. authorization. Wired Entry The wired entry point is often overlooked when configuring wireless networks. The attacker now has an IP address on your network. Attack surface reduction is about reducing the likelihood of attack by reducing the number of attack points. In the same way. Wireless Entry The wireless attack surface includes all access points. An IP configuration set comes down to the tablet PC. and the results are displayed on the screen. You can sum it up like this: If you do not need a particular technology or capability for some beneficial business purpose. There are two general entry points to your wireless devices: wireless entry and wired entry. and securing the administration interface. consider the use of 802. This individual pulls out a small-footprint tablet PC and connects it to the Ethernet port in the office. The Ethernet port can be used to access the access point and modify configuration settings. To prevent wireless attacks.

demands that the Ethernet port in the spare office be disabled until it is needed. With the port disabled. After a brief scan with a scanning utility. traverses. but if the principles of attack surface reduction had been employed. applied to this scenario. The attacker opens the web browser and directs it to the IP address.Security Fundamentals 397 The next step is to begin looking for devices to access on the network. The attacker assumes these are infrastructure devices that can be configured through a web interface or that they are actual web servers. Noticing the Linksys WAP54G name in the dialog. One of the two IP addresses that responded positively to the script was 192.250. and is removed from your network. only to see the screen shown in Figure 10-2. Attack surface reduction. Data Flow Data flow analysis is the analysis of data as it enters. the attacker could not have used the port to obtain an IP address and then reach the access point to reconfigure it. the attacker detects more than 30 active devices. The attacker attempts this logon and in a moment is looking at the configuration interface for the access point. though it is an important concern with security in general and you should consider it as part of your complete security policy and plan.0. FIGURE 10-2 Access point login screen . Two of the IP addresses respond positively to the script. the attacker wouldn’t have been able to reach the access point in the first place. You aren’t concerned with the departure point from the network in most wireless implementations. This security attack was made worse because the default administrative logon for the access point had not been changed. The attacker runs a script that tries to connect to port 80 using HTTP on all the discovered devices (this port is the one used by most web servers). the attacker remembers that the default logon for this device is no user name and the password of admin.168.

This data almost always requires advanced security mechanisms such as VPN tunnel requirements for all wireless connections transferring this data and possibly the use of certificates and a PKI (public key infrastructure). and you .1X/EAP authentication. Entry Point The data entry point is the beginning of the flow of data. a desktop computer. but viewing the data is not a concern. more advanced wireless security mechanisms for this type of data. network traversal. If a client uses only public data. Publicly available data is not usually as valuable as data viewed only by limited personnel in your organization. Access to secure sites should be encrypted with SSL. I focus on the flow of data from four perspectives: the data entry point. In any case. live storage points. in some situations. you do not need to be as concerned about the security of the connection and standard wireless security practices should suffice. The assumption is that any internal individual should be able to view this data at a minimum. you must consider how to secure this data. Highly private data is described as information that only a select few should see. Think of it like this: you wouldn’t spend $100 to protect a common modern penny. the kind of data determines how you protect that data. you might not need advanced security techniques. you must focus on how the device connects to the network that is responsible for transferring the data from the client to the network. You might want to limit the ability of users to modify the data. The underlying issue is the value of the data. nonsensitive trade secrets. This point is where the user enters the data initially. You might categorize your data into three basic levels of data sensitivity: ■ Public ■ Private ■ Highly private Public data is data that anyone can see and access. If the only thing you ever use the computer for is Internet access. As you can see. You generally use standard wireless security practices and. Private data is data that should be seen only by organizational employees and members.398 Chapter 10: Security Tools and Solutions For wireless networking security. It might be a laptop computer. If this is a wireless connection. and insecure sites should not need encryption beyond that provided by WPA or WPA2 (I’ll cover these later). or even a web-based interface traveling across the Internet. The level of security needed depends on the type of data. such as VPN connections and 802. such as human resource information. and backup storage points. and other data not needed by the public.

Investigate these areas for security vulnerabilities and protect against attacks as much as possible. For our purposes. Consider the network represented in Figure 10-3. During this data flow. Client Workstation (wired) FIGURE 10-3 Network traversal diagram Database Server Wireless Bridge Network Printer Wireless Bridge Client Workstation (wired) Access Point Windows 2003 Domain Controller Mobile Wireless Client . Assume that the user enters data in the wireless laptop client and that data is then transferred to the database server on the network. check out the book Network Security: The Complete Reference by Mark Rhodes-Ousley. travel can be interrupted and the data viewed by an attacker if the traversal points are not secured properly. For more information in this area. This section is not intended as complete coverage of data sensitivity analysis. we are concerned with the wireless medium. Network Traversal Once the data leaves the transfer device communicating with the network. 2003).Security Fundamentals 399 wouldn’t spend thousands on security equipment and software to protect data that is worth very little. and Keith Strassberg (McGrawHill/ Professional. Roberta Bragg. There are many factors to consider and you should contemplate all the ways in which your data is used in order to provide proper security mechanisms. Part of data flow analysis is investigating these connection points and the medium between the connection points. it traverses the network and passes through many devices along the way.

if attackers discover the configuration parameters needed to associate and authenticate with the access point. You must encrypt the data because you cannot prevent the attacker from pulling the data packets from the air or RF medium. IRC chat. two points of access where this data must be secured: the network and the storage device. or other sources of warez. would be at risk while traveling between the bridges. There are. which is the cracker term often used for pirated software. however. they’ve breached the . it is processed in some way. Attackers acquire the tools through newsgroups. The second is between the two wireless bridges connecting the two wired networks. While discovering these parameters does not give attackers immediate access to the data other wireless clients are transferring with RF technology. you ensure that eavesdroppers can’t view the data easily. but an attacker can still position his device between the two bridges and sniff the traffic from the air. There are many wireless network sniffers (more formally known as network monitors. it might allow them to view the data as it enters the wired network or. The concept of sniffing the traffic means to pull the packets into your device even though they might not be intended for you. Do not assume that attackers cannot acquire the powerful commercial tools because of the high cost. In many cases. To protect against the scenario where attackers discover a method for associating and authenticating with your wireless network (in other words. By encrypting the packets. which is discussed next. Bridges usually have a more narrow RF propagation pattern. If you enable WPA2-Personal on the access point but do nothing to secure the wireless bridges. However. Both of these wireless connections need to be secured to provide complete security to the data flow. give them the ability to access the data in live storage. Live Storage Point After the data has traveled the network to its final destination. Live storage means that data is stored in a location that can be accessed instantly by authorized users. they cannot view the internal data easily. the data is stored in live storage. as is the concern here. The first is between the wireless laptop client and the access point connected to the wired network. even though attackers can acquire the packets.400 Chapter 10: Security Tools and Solutions There are two wireless traversal points. This precaution helps secure data in transit only. There are also powerful commercial tools available. or protocol analyzers) available for free. and does not protect against data theft during storage. peer networks. packet analyzers. at minimum. though secure while traveling between the laptop and network. they can access the network. you ensure that. your data. When you encrypt the communications between a client device and an access point. The main purpose of network traversal analysis is to ensure that eavesdroppers cannot gain access to your data easily.

in fact. Create users and groups. Sometimes organizations transfer the data across the network to an external backup device. and then assign proper permissions to those users and groups. as supported by your network operating system or storage device. CERTIFICATION OBJECTIVE 10. The default for nearly all access points is to broadcast the . You don’t need to know how to do this for the CWTS exam. you must ensure that the traversal path is secure by securing all wireless links in the path. the return on investment (ROI) will be difficult to achieve. SSID Hiding One way you can limit the visibility of your wireless network is to hide the SSID. Many organizations use physical backup devices that are connected directly to the live storage device. they should not be able to access the data. just as when securing the wireless laptop client connections earlier. you should use secure authorization at the point of live storage on the storage device. If you implement too little security. You are. but you must learn to do it for your production implementations. In these scenarios. not hiding the SSID so much as you just aren’t shouting it out to the world any longer.01 Identify and Describe WLAN Security Techniques One of the most important jobs of the wireless technology professional is that of security solution selection.Identify and Describe WLAN Security Techniques 401 network access portion of your security). To truly secure against this kind of attack. This understanding is critical to providing complete security to your network because skilled attackers often escalate their privileges once they gain access to the network—this means they become one of those users accessing the data. Backup Storage Point The final point of attack is the storage media you use for data backup. Because the attackers are not members of one of these groups and/or are not one of these individuals. your systems will be unnecessarily vulnerable. you need to understand the security mechanisms of your chosen network operating system or device in-depth. If you implement too much. This section identifies common security solutions and considers the reality of their use.

I was at an intersection in a small town near my home and my Pocket PC began beeping to alert me that a wireless network was available. as your network is not truly hidden (see why I say it is obscured?) from skilled eyes. depending on other network configuration settings. access points do not truly let you disable SSID delivery. FIGURE 10-4 Disabling SSID broadcasting . Most access points also allow you to disable SSID broadcasting. Generally. Figure 10-4 shows the interface that allows you to disable SSID broadcasting in a Linksys WAP54G access point. When I pulled the Pocket PC out of my pocket (that’s a good place for it—eh?).402 Chapter 10: Security Tools and Solutions SSID to the wireless network. clients may send their SSID in unencrypted packets. This setting means that any device can see the SSID. For this reason. Also. disabling SSID broadcasting can prevent casual access attempts on your network. A skilled attacker can send specific packets onto the wireless airwaves that make the access point respond with its SSID. Recently. disabling SSID broadcasting is not considered a total security solution. At the same time. Disabling SSID broadcasting does not prevent a skilled attacker from getting the SSID of your network and should not be considered a true security solution. which helps obscure your network.

Each vendor calls this technology something different. MAC spoofing can be used to easily circumvent MAC filtering. it does provide the needed evidence to show malicious intent from the beginning (the hacker had to know that the network was not “one of his” if the SSID is sufficiently unique). Instead of disabling the broadcast of the SSID. however. Use something that uniquely identifies your network. some may say that PPTP-based VPNs fall into the legacy security category.Identify and Describe WLAN Security Techniques 403 I noticed that the SSID was PO. Other legacy solutions should be avoided at all costs. WEP is an example of a legacy security solution that should not be utilized. they may be sufficient. Legacy Security Legacy security solutions may or may not provide effective security for your needs. had they disabled SSID broadcasting and been using Windows clients. Had they disabled the SSID broadcasting. as you can prove that your network is not an “open” network to which anyone could mistakenly connect. however.S. you should change the SSID. Buffalo Technology ■ SecureEasySetup (SES). Linksys . This situation shows the only true values you can gain from configuring the SSID— proving intent and disassociating the name with the organization. post office. Push-Button Security Because of the insecure implementations of many wireless networks. Remember that this alone does not protect you from the best hacker. they may have introduced more security problems than the effort was worth (as I mentioned in Chapter 9). However. vendors now provide simple push-button security mechanisms. this event would not have occurred.” MAC filtering is also commonly referenced as legacy security. and I was parked right beside a U. for basic levels of security. Here’s an example of just two vendors’ terminology used to refer to push-button security: ■ AirStation One-Touch Secure System (AOSS). For example. I had to wonder how many others might have accessed it. I would suggest that MAC filtering may still be useful for generic machine authorization. it is covered in-depth in the later section of this chapter titled “Understanding Encryption. but it should not be considered secure. Disassociating the name simply means that the SSID in no way reflects your organization. While I did not access that network (which was not protected by encryption).

3. SES. Needless to say. and keys are much longer. and clients with the Broadcom chipset in them can function with SES. 2. The unreadable state is known as ciphertext (or cipherdata). Understanding Encryption The process of converting data from its normal state to an unreadable state is known as encryption. For example. you must know both the algorithm and the key. Most access points stay in push-button mode for 2–3 minutes. giving you enough time to connect the client to the access point. The access point negotiates with the client during this window of time to find the greatest level of security that they have in common. by Linksys. the client and the AP must both support the technology in order for this to work. but this overview gives you an idea of how things work with data encryption. For example. The basic process of push-button security is as follows: 1. The normal way to encrypt something is to pass the data through an algorithm using a key for variable results.404 Chapter 10: Security Tools and Solutions Whatever its name. Go to your client device and initiate the “push-button security” mode on the device (either a software setting or a literal button on the device). Figure 10-5 illustrates the encryption process. . modern crypto algorithms are much more complex than this. we come up with this: 108 / 3 + (3 × 3) = 45 In order to recover the original data. is based on the Broadcom chipset’s support for this function. Push the security configuration button on the access point and hold it for a few seconds (the time to hold it and the button’s name will vary by vendor). the AOSS technology by Buffalo Technology works only with other AOSS devices. though in some cases they can’t and in others you need to install newer drivers. Here is our algorithm for protecting numeric data: original data / crypto key + (3 × crypto key) Using this algorithm with a key of 3. let’s say we want to protect the number 108. and the readable state is plaintext (or plaindata). Some form of indicator light begins to blink or light up to indicate that the access point is in “push-button security” mode.

” WEP and RC4 WEP-40 uses a 40-bit key for encryption. the IEEE must have intended for casual eavesdropping to mean protection against such behavior because they state.11-2007. which uses a poor implementation of the RC4 algorithm. it also specifies the security solutions added through the 802. I’ll first explain WEP and its ailments.11 document.” Indeed.11 networks use encryption solutions defined within Clause 8 of the 802. that “they (pre-RSNA security standards) fail to meet their security goals. in the draft for 802. Vendors implemented 104-bit keys quickly. and the IEEE acknowledges them in the more recent updates to Clause 8 of the 802. However. In all honesty. the goal was to prevent casual eavesdropping on a WLAN.Identify and Describe WLAN Security Techniques 405 FIGURE 10-5 Plaintext Ciphertext Encryption illustrated Windows 2000 Key and Algorithm x0z6tfr b7hQ Standards-based 802. WEP The original IEEE 802. . 40-bit keys are certainly considered small. WEP has failed as a security solution and should not be implemented in any WLAN by choice. I don’t know anyone who would define casual eavesdropping as capturing a few million WLAN frames in order to find the few thousand interesting ones and then using a cracking tool to discover the WEP key so that you can read the captured frames and also decrypt live frames off of the WLAN. To help you understand the need for improvements. This amendment provides improved encryption with the AES algorithm and better key management.11i amendment. but exportability of the encryption technologies implemented based on the standard was the most likely reason for limiting the key size to 40 bits initially.11 standard specified the Wired Equivalent Privacy (WEP) protocol for the purpose of providing security that was comparable to that of wired networks. Specifically. The encryption algorithm used is also RC4 like WEP-40. By today’s security standards.11 standard. This clause still allows for WEP encryption. WEP-104 uses a 104-bit key for encryption. The weaknesses of WEP will be discussed in the later subsection “WEP Weaknesses. however. The encryption algorithm used is RC4.

The WEP static key and the IV are used to seed the pseudorandom number generator used by the RC4 algorithm. The 24-bit IV is transmitted in cleartext. WEP is only intended to protect the data payload in a frame. The receiver uses the IV that was transmitted and the stored static WEP key to feed . the secret key (40-bits or 104-bits). A hacker can use this method to capture encrypted packets and later. The WEP process starts with the inputs to the process.and 104-bit WEP. The resulting keystream is XORed against the plaintext to generate the ciphertext. This implementation is nonstandard and.406 Chapter 10: Security Tools and Solutions If you see a configuration interface that refers to a 64-bit or 128-bit WEP key. In order to encrypt the data. Since WEP is a layer 2 security implementation.11 frames. For this reason. For this reason. a 24-bit pool results in only 16. Some vendors have even expanded WEP by allowing a 128-bit encryption key for a total of a 156-bit WEP key when the 24-bit IV is added. although it is quite common to see vendors intermingle the nomenclature. These inputs are passed through the WEP algorithms to generate the output (the ciphertext or encrypted data). The WEP Process An understanding of the basic WEP process will help you to understand the weaknesses that are covered next. the IV is sent to the receiver. you can decrypt all the packets that use that WEP key. if implemented. The limited pool requires the reuse of IV values at some eventual time. One major problem with WEP. 40 plus 24 is 64 and 104 plus 24 is 128.777. These inputs include the data that should be encrypted (usually called plaintext). The initialization vector (IV) is a nonstatic 24-bit number that is generated for each frame. the RC4 algorithm is used to create a pseudorandom string of bits called a keystream. the encryption is said to be 40-bit or 104-bit and not 64-bit or 128-bit. keep in mind that the WEP implementation uses an initialization vector that is 24 bits long for both 40. however. However. requires the use of a specialized supplicant (WLAN client) that can handle the nonstandard encryption key size. it doesn’t matter what type of data is being transmitted as long as it originates above layer 2 in the OSI model. the header portion of the frame is not encrypted. Of course. is that once you have a valid WEP key. as I’ll discuss in detail under “WEP Weaknesses” following. view all the packets in their unencrypted form. The header includes the source and destination MAC addresses and can easily be read using a protocol analyzer that supports the capture of 802. This works with all captured data packets from the capture session and can be replayed later when a valid WEP key is used in the protocol analyzer. and the IV (24-bits). after successfully performing a brute-force or dictionary attack.216 possible unique IVs. The ciphertext alone is transferred without the keystream.

The XOR is reversed at the receiver to recover the original plaintext from the ciphertext. The brute-force attack method is a key guessing method that attempts every possible key in order to crack the encryption. you launch the client program and configure it to connect to the server. The weaknesses in WEP include the following: ■ Brute-force attacks ■ Dictionary attacks ■ Weak IV attacks ■ Re-injection attacks ■ Storage attacks In late 2000 and early 2001. With the modern addition of field-programmable gate arrays (FPGAs). however. With the rapid increase in processor speeds. WEP Weaknesses WEP was never intended to provide impenetrable security. Next. With 104-bit WEP. the security weaknesses of WEP became clear. cracking WEP has become a very short task and it can no longer be considered for protection against any organized attack. The client program will request a portion of the keys to be guessed and will attempt to access the encrypted frames with those keys.Identify and Describe WLAN Security Techniques 407 the same pseudorandom number generator to regenerate the same keystream. but was only intended to protect against casual eavesdropping. which are add-on boards for . this is really not a feasible attack method. While the full details of WEP’s functionality are beyond the scope of this book and the CWTS exam. 40-bit WEP can usually be cracked in one or two days with brute-force attacks using more than 20 distributed computers. it is important to note that the plaintext that is actually encrypted includes the upper-layer payload plus an Integrity Check Value (ICV) that is used to verify that the frame was not modified between the sender and receiver. The ICV is encrypted with the data payload and becomes part of the ciphertext. The short timeframe is accomplished using a distributed cracking tool like jc-wepcrack. Since then many attack methods have been developed and tools have been created that make these attack methods simple to implement for entry-level technical individuals. jc-wepcrack is actually two tools: the client and the server. You would first start the tool on the server and configure it for the WEP key size you think the WLAN uses that you are cracking and provide it with a pcap file (a capture of encrypted frames) from that network.

This reduces the total attack time down to less than 5 to 6 minutes on a busy WLAN. the 20 computers would have to be P4 3. Additionally. These weak IVs result in certain values becoming more statistically probable than others and make it easier to crack the static WEP key. you would be spending a lot of money to crack that WEP key. The weak IV attacks are based on the faulty implementation of RC4 in the WEP protocols. The weak IVs discovered by Fluhrer. you can crack the WEP key in a matter of seconds.11 and is implemented differently by the different vendors.11 frames that use these weak IVs have come to be known as interesting frames. Many vendors allow the user to type a passphrase that is then converted to the WEP key using the Neesus Datacom or MD5 WEP key generation algorithms.6 GHz machines or better.408 Chapter 10: Security Tools and Solutions hardware acceleration. Mantin. The Neesus Datacom algorithm is notoriously insecure and has resulted in what is sometimes called the Newsham 21-bit attack because it reduces the usable WEP key pool to 21 bits instead of 40 when using a 40-bit WEP key. and Shamir identified “weak” IVs in a paper released in 2001. The 802. another 16 classes of weak IVs have been discovered by David Hulton (h1kari) and KoreK. Mantin. which is insecure due to weak IVs as well. By re-injecting the ARP packets back onto the WLAN. Because smart enterprises will no longer be using WEP. Since 2001. Even MD5-based conversion algorithms are far too weak and should not be considered secure because they are still used to implement WEP.6 GHz single machine using modern cracking tools against a pcap file. This means than an attacker already knows the first 24 bits of the encryption key. you are not likely getting access to any information that is as valuable as your hacking network. The key then is to use a dictionary cracking tool that understands the conversion algorithm used by a hardware vendor to convert the typed password into the WEP key. The IV is prepended to the static WEP key to form the full WEP encryption key used by the RC4 algorithm. This algorithm is not part of IEEE 802. and Shamir are now among a larger pool of known weak IVs. it will force the other clients to reply and cause the creation of large . If you chose to go the FPGA route. the time to crack can be reduced by more than 30 times. This kind of attack usually re-injects ARP packets onto the WLAN. With enough interesting frames collected. The dictionary attack method relies on the fact that humans often use words as passwords. What if the WEP-enabled network being attacked is not busy and you cannot capture enough interesting frames in a short window of time? The answer is a re-injection attack. This smaller pool can be exhausted in about 6 to 7 seconds on a P4 3. The program aireplay can detect ARP packets based on their unique size and does not need to decrypt the packet. Fluhrer. In fairness. since the IV is sent in cleartext as part of the frame header.

you can usually sell them on the need for better security with a short (five minutes or less) demonstration of just how weak WEP is. When you have the authority of a corporation. you may want about 1. WEP makes up the core of pre-RSNA security in 802. The only exception would be an installation where you are required to install a WLAN using older hardware and you have no other option. The problem was with the client devices that the church members wanted to use to connect to the WLAN.000. another solution is needed. the government. These devices did not support WPA or WPA2.11 networks. WEP keys have often been stored in the registry in an encrypted form. The application works only if you have administrator access to the local machine. and it implements them in such as way . however. you usually want around 300.000 frames. RSNA Security Since pre-RSNA security is unable to protect modern WLANs. it appears that the problem has not been fully removed from our modern networks. businesses and organizations that have sensitive data to protect must take a stand for security and against older technologies.000 total frames to get enough interesting frames. Storage attacks are those methods used to recover WEP or WPA keys from their storage locations. The problem was not with the infrastructure equipment in any of the scenarios. or even a nonprofit oversight board. Open System authentication with no WEP.Identify and Describe WLAN Security Techniques 409 amounts of WLAN traffic very quickly. This means that you should not be implementing WEP anywhere in your organization. WPA just improves the way the key is managed and implemented) and comes with the Aircrack-ng tools used for cracking these keys. and we were forced to use either WEP or no security at all. An application named wzcook can retrieve the stored WEP keys used by Windows’ Wireless Zero Configuration. but in an environment with poor physical security and poor user training it’s not difficult to find a machine that is logged on and using the WLAN for this attack. or WPA2 security is just that: open. An older version of this attack method was the Lucent Registry Crack. for example. This application recovers WEP or WPA-PSK keys (since they are effectively the same. WPA. Of course you wouldn’t have pre-RSNA security if you didn’t have RSNA security. In the end. at least it has to be cracked. and for 104-bit WEP cracking. Robust security network association (RSNA) security implements better security technologies than pre-RSNA. I’ve encountered this scenario in a few churches where I’ve assisted in their network implementation. While WEP can certainly be cracked quickly. For 40-bit WEP cracking. I hope the reality that WEP can be cracked in less than five minutes is enough to make you realize that you shouldn’t be using it on your networks. On Windows computers.

Second Edition or higher.1X ■ Preshared Key (PSK)/Passphrase Authentication ■ The four-way handshake ■ Key hierarchies ■ Transition Security Network IEEE 802. there are many terms that need to be understood in order to comprehend the full functionality of the new 802. but it does specify that EAP-MD5 would not be considered a valid solution. The standard does not control the type of authentication. 6.410 Chapter 10: Security Tools and Solutions that allows them to evolve as security needs change. Clause 8 (previously IEEE 802. since it does not perform mutual authentication. TKIP (RSNA). For more in-depth information on RSNA security. Clause 8 of the 802. Additional modifications were made to Clauses 5.11 security standards specified in Clause 8. As you can see from the preceding two paragraphs. the greatest amount of change was seen within Clause 8. The concepts covered here include ■ IEEE 802. It is also interesting to note that the standard specifies that an RSN (robust security network) can only truly be established if mutual authentication occurs. and pre-RSNA equipment is not capable of such. Clause 8 The 802.11.11i) ■ TKIP and RC4 ■ CCMP and AES ■ IEEE 802.11 standard is simply titled Security.11. The concepts covered in this clause include both authentication and confidentiality. This section will introduce you to the concepts of RSNA security. however. .11i amendment (ratified in 2004) is being rolled into the IEEE standard as an updated version of Clause 8. you should consult the IEEE standards and the CWSP Certification Official Study Guide. The following definitions will act as a foundation for our further discussion: ■ Robust security network association (RSNA) An authentication or association between two stations that includes the four-way handshake. RSNA equipment is said to be capable of creating a robust security network association. This is accomplished through support for the Extensible Authentication Protocol. Entity authentication is provided by either Open System authentication (RSNA) or Shared Key authentication (pre-RSNA). 7. or CCMP (RSNA). 10 and 11. Confidentiality is provided through the use of WEP (pre-RSNA).

11 pairwise key management protocol that confirms mutual possession of a pairwise master key (PMK) between two parties and distributes a group temporal key (GTK). TKIP and RC4 The Temporal Key Integrity Protocol (TKIP) is an optional encryption method defined in 802. While the device will not likely be upgradable to CCMP and AES.11i amendment was ratified in 2004. An 802. A key used to protect multicast and broadcast traffic in WLANs. consider consulting the vendor for a firmware upgrade. These RSNAs are established through a four-way handshake that results in the generation of the PMK and the provision of the GTK to the authenticating STA. which is based on the . however. The highest level key in the 802. it may be able to implement TKIP. CCMP and AES Clause 8 stipulates a default encryption method called Counter Mode with Cipher Block Chaining–Message Authentication Code (CCMP). TKIP also implements a stronger integrity checking algorithm in the message integrity check (MIC) algorithm instead of the ICV used with WEP. A key derived from an EAP method or obtained directly from a preshared key (PSK). an RSN is a WLAN that will only allow for RSNAs. the weaknesses of WEP are addressed by enlarging the IV pool (it is 48 bits instead of 24 bits) and using true 128-bit static keys. To qualify as an RSN.Identify and Describe WLAN Security Techniques 411 ■ Robust security network (RSN) A WLAN that allows for the creation of RSNAs only. The beacon frame will indicate that the group cipher suite being used is not WEP. ■ Four-way handshake ■ Pairwise master key (PMK) ■ Group temporal key (GTK) To summarize these definitions.11 standard. as you are about to learn. If you are using an older device that shows only WEP support in the configuration interface. The Wi-Fi Alliance released a certification known as Wi-Fi Protected Access (WPA) before the 802. Once this RSNA is set up. TKIP is not as processor intensive as CCMP.11 as amended. WPA is essentially the TKIP/RC4 implementation documented in Clause 8 of 802. CCMP uses the Advanced Encryption Standard (AES) instead of RC4. For this reason. there can be no support for associations not based on the four-way handshake. many older devices were able to be upgraded through firmware patches to support TKIP.11 as amended. TKIP uses RC4 encryption such as WEP. the STA may communicate on the WLAN with confidentiality and integrity.

These old devices cannot participate in an RSN unless they can be upgraded to support TKIP as a minimum.412 Chapter 10: Security Tools and Solutions Rijndael algorithm. a device that is IEEE 802. The PAEs control the forwarding of data to and from the MAC.11 client stations do not have physical ports to which they are connected. the IEEE standard specifies that a station (STA) shall have a port access entity (PAE).11-2007–compliant in the area of security may support CCMP/AES or TKIP/RC4 or both.11i– compliant or IEEE 802.1X Authentication and Key Management (AKM) The IEEE 802. which means it will support TKIP at a minimum.1X framework. .11–compliant may implement no security at all. the device connected to the port must be authenticated. The protocol uses an 8-byte MIC for integrity checks that is stronger than that used in the TKIP implementation. While 802. Both CCMP and TKIP are optional (as is WEP) to the standard. many older devices cannot be upgraded to support CCMP and AES. but it is important that you verify TKIP support is included if you need it for backward compatibility with older hardware. INSIDE THE EXAM What 802. CCMP/AES utilizes a 128-bit encryption key and actually encrypts in 128-bit blocks. Because the IEEE standard specifies the encryption and security technologies as optional even though CCMP is said to be the “default. These roles play a part in the 802. For this reason. In order for a port to be used for normal network operations. IEEE 802.11-Compliant Security Really Means A device that claims to be IEEE 802. Most vendors will likely implement both. If you purchase a device that was manufactured after the year 2003 and it is Wi-Fi Certified. The AES cipher is very processor intensive because it works with larger numbers and is a more complex algorithm than RC4.1X standard specifies port-based authentication. therefore. it must support WPA at a minimum.” this verification must be performed. An AP always implements an Authenticator PAE role. and an associating STA always implements a Supplicant PAE role.

1X Uncontrolled Port.1X Uncontrolled Port. They are the controlled and uncontrolled ports. the authenticator. The IEEE 802.1X Controlled Port and an IEEE 802.1X Controlled Port is blocked from passing general data traffic between two STAs until an IEEE 802.1X authentication procedure is completed successfully over the IEEE 802. In addition to an AP acting as the authenticator.1X standard for the purpose of authenticating connected systems.Identify and Describe WLAN Security Techniques 413 The 802. These ports are best thought of as virtual ports. a combination of an AP and a WLAN switch or controller can act together as the conduit to the wired network where the AS exists.1X Port maps to one association. and general network communications usually occur across the controlled port. The controlled port is enabled for use once the authentication and key management exchange have occurred successfully. Consider the following text from the IEEE 802. but they are a logical implementation that results in the logical (WLAN association) or physical (wired LAN) implementation of an 802.1X Port.1X are the supplicant. You can see from this small excerpt that the controlled and uncontrolled ports are not really some physical implementation. The core takeaway is that an STA cannot perform general network communications until it has authenticated. In a WLAN.11 standard: A single IEEE 802. and each association maps to an IEEE 802. Two ports are defined by the 802. and they both include the following concepts: ■ Authentication roles ■ Controlled and uncontrolled ports ■ IEEE 802. The authentication server (AS) is most frequently a RADIUS server installed on a network server or included in a network appliance. Both wired and wireless 802 LANs can use IEEE 802.1X. the supplicant is the STA desiring to be authenticated to the WLAN. An IEEE 802. Authentication happens across the uncontrolled port. and the authentication server. .1X Port consists of an IEEE 802.1X framework is said to be generic because it does not require a specific authentication type for use across its framework.1X generic authentication flow framework The three authentication roles specified in 802. The authenticator is usually an AP but may be another device with AP functionality such as a network-attached storage device with built-in AP support or a computer running a software-based AP.1X Port.

and the authenticator forwards this response to the AS. it will request the identity of the supplicant when Open System authentication has completed. EAP-MD5 is considered an insecure authentication protocol when compared with the others.1X security solution is often called user-based security. anyone possessing the passphrase can access the network. As the table indicates. EAP-MD5 does not require the use of Authenticator Requests Identity Supplicant Responds with Identity Authenticator Forwards Authentication Info Request FIGURE 10-6 Generic 802. because the user must be a valid user in order to access the WLAN. depending on whether the client was able to provide the proper credentials. In 802. With passphrase-based security. The supplicant responds appropriately.414 Chapter 10: Security Tools and Solutions In 802. known as Extensible Authentication Protocol (EAP) types.1X-2004 both supplicant and authenticator may have a controlled port and always will when mutual authentication is supported. The authenticator (AP) forwards this to the AS. however. will be discussed in more detail later. User-based security utilizes one of several EAP types.1X-2001 only the authenticator ever had a controlled port. The generic authentication flow specified by the 802. The supplicant provides the requested identity in a format useful to the AS based on the EAP type implemented. The AS responds with a request for more information needed for authentication. The 802. Table 10-1 lists common EAP types.1X authentication flow process Supplicant Authenticator Forwards Identity to Authentication Server Authentication Server Requests Needed Authentication Info Authenticator Forwards Authentication Info Authentication Server Validates or Invalidates the Client Authenticator Supplicant Responds to Authentication Info Authentication Server Authenticator Switches the Controlled Port to Authorized (if the client is validated) . Figure 10-6 shows the generic 802. These authentication types.1X authentication flow. The AS responds with authentication validation or invalidation. and this is forwarded to the supplicant from the authenticator. When port-based authentication is enabled in an AP.1X standard allows for the use of many different authentication types.

2000. Mac OS X. consider using EAP-TTLS or PEAP. . ■ The four-way handshake is performed. The server sends a challenge string to the client as clear text. Windows 9x. which requires the implementation of one or more certificate servers. and then the client responds with the hash of the text. The WEP key is static and vulnerable to normal WEP weaknesses. EAP-MD5 may be an option. the IEEE standard specifies the following operations be carried out: ■ STAs discover the AP’s security policies through passive monitoring of the Beacon frames or through active probing. (See the later section “The Four-Way Handshake. XP. ■ No per-session WEP keys To avoid these vulnerabilities. considered insecure compared to others EAP Types Compared a certificate on the server or the clients. and NT-based systems (NT.”) ■ The authenticator sends the group temporal key (GTK) to the supplicant for use in decryption of multicast and broadcast frames. as they require a certificate only for the server and that certificate can often be generated without a full public key infrastructure (PKI). The pairwise master key (PMK) is set to the value of the PSK. but you are exposing yourself to the following security vulnerabilities: ■ One-way authentication ■ Challenge passwords Only the client is authenticated—not the server. If you want this simplicity. Preshared Key (PSK)/Passphrase Authentication When a preshared key (PSK) is used instead of an authentication server external to the AP. password-based.Identify and Describe WLAN Security Techniques 415 TABLE 10-1 EAP Type EAP-TLS EAP-TTLS PEAP EAP-MD5 Common Supported Clients Linux. This allows an attacker to intercept both messages and learn the password. 2003) Same as preceding Windows XP Most clients Certificate Requirements Required for both server and client Required for server. optional on client No certificates. optional on client Required for server.

or the ANonce. All new equipment that receives the Wi-Fi Certification supports WPA2. This PTK is used to generate a MIC. The first exchange is a number used once (nonce) that is generated at the authenticator and sent to the supplicant. Clause 8 security is synonymous with WPA-Personal or WPA2-Personal. . which is the supplicant sending the MIC and its SNonce (supplicant nonce) to the authenticator. Figure 10-7 shows the four-way handshake as a graphical representation. WPA certifies equipment that uses TKIP as being interoperable with other equipment that also uses TKIP. which is a common misconception. it is better to use a RADIUS server and a strong EAP type. Notice that the handshake occurred between the authenticator and the supplicant and not between the authentication server and the supplicant. If you choose to implement WPA. The four-way handshake is really a four-packet exchange between the authenticator and the supplicant.416 Chapter 10: Security Tools and Solutions PSK authentication is sometimes also called passphrase authentication. you should be sure to use a passphrase that is long and not a word or combination of words. The supplicant generates the pairwise transient key (PTK) from the PMK that it has stored as the PSK or that it received during the EAP authentication process. No new equipment is being certified as only WPA. Notice that the supplicant also generated its own number used once. The authenticator then uses the SNonce to generate a MIC based on the PTK that it has generated from its PMK. In enterprise installations. depending on whether you are implementing RC4 or AES for encryption. The authenticator will either get the PMK from the stored PSK or as information received from the authentication server previous to the four-way handshake. This implementation of the 802. Remember that the PMK is the PSK in preshared key implementations and that it is derived using the EAP type in implementations that use RADIUS. Either way. This results in the second exchange. the four-way handshake is used to establish the temporary or transient keys with the AP. This number is known as the authenticator nonce.or WPA2-Personal. but generally speaking a passphrase of 20 characters or longer that is alphanumeric and case sensitive is considered to be very difficult (time consuming) to crack with brute force. Remember that WPA and WPA2 are both vulnerable to brute-force attacks if you use weak PSKs.11. Proprietary interfaces may allow direct entry of the PSK. This is because the standard configuration interfaces allow you to type a passphrase that is converted to the PSK. WPA2 certifies equipment that uses CCMP as being interoperable with other equipment that also uses CCMP. What is long? This varies depending on whom you ask. The Four-Way Handshake The four-way handshake occurs after the determination of the PMK.

generate MIC Message 3: Authenticator nonce. there is a problem and the four-way handshake will fail. verify MIC. generate MIC Message 2: Supplicant nonce (SNonce). This is done by using the PTK generated at the authenticator from the PMK to generate a MIC against the SNonce.Identify and Describe WLAN Security Techniques 417 FIGURE 10-7 Supplicant Authenticator The four-way handshake Pairwise Master Key (PMK) Known Message 1: Authenticator nonce (ANonce) Derive PTK. GTK Verify MIC. . install keys for encryption Message 4: MIC Install keys for encryption Encrypted communications enabled. generate SNonce. If they do not match. Once the authenticator receives the SNonce and MIC from the supplicant. If the MICs match. The supplicant may have to go through the initial Open System and EAP authentication processes again. it can verify that the supplicant has the same PMK. this means that the authenticator and supplicant have the same PMK. MIC protected Pairwise Master Key (PMK) Known Derive PTK. MIC. Key RSC.

The PMK is used to generate the PTK keys that are actually used to encrypt the data traveling across your network. the authenticator sends a packet to the supplicant indicating that the verification was successful. The PMK is the highest key in the 802.11 hierarchy. the pairwise transient key (PTK). The commonly referenced key types are the pairwise master key (PMK). You can create users and assign them a role and then grant permissions to the role rather than the individual users. but more specifically it can granularly limit access to portions of the network or specific services on the network. This key is used to generate the other keys known as transient or temporal keys. the supplicant responds with the fourth exchange. for example. Virtual private networks. The fourth exchange simply says. RBAC involves users. the section didn’t cover some key types.418 Chapter 10: Security Tools and Solutions After the authenticator verifies the MIC sent from the supplicant. Once the supplicant receives this third exchange and verifies the authenticator. I’ve installed the keys and you should too.” Key Hierarchies The preceding section introduced a number of keys and due to the fact that the CWNA exam does not go into the depth of this information that the CWSP exam does. Additionally. if such a master key is implemented. or they may utilize existing security technologies layered over WLAN security solutions. Those that were not mentioned have been mentioned in other sections of this chapter already. This third exchange also includes a MIC that the supplicant can regenerate using its PTK to verify the authenticator really has the same PMK. . and permissions. the GTK is used to secure multicast and broadcast frames and may be derived randomly or from a group master key (GMK). and the group temporal key (GTK). “Thanks for the verification process. Role-Based Access Control Role-based access control (RBAC) is a feature provided by most WLAN switches. Advanced security solutions may take advantage of complex authorization schemes. It provides the ability to restrict network access to authorized users. roles. Advanced Wireless Security Solutions Enterprise networks and sensitive smaller networks must utilize more advanced security solutions. Think of roles as like groups in traditional network account management and the users as like the traditional network user accounts. Permissions include firewall-type filters. layer security on top of whatever WLAN security solution you’ve already implemented.

As an example. Confidentiality is provided by encrypting the payload or data that is transmitted. and 25 (HTTP. POP3. but in reality it doesn’t have to be that complex.Identify and Describe WLAN Security Techniques 419 layer 2 permissions. Nonrepudiation is ensured in that the message digest (the result of the hashing algorithm) is encrypted with the secret key or some credential that only the sender would know but the receiver can access. For this reason. You may WLAN controller or switch in order to use authenticate these guests via a captive portal. IPSec (short for IP Security) is actually a security solution that involves three potential provisions: confidentiality. however. Integrity is ensured through hashing algorithms such as MD5 or the more secure SHA-1. This may be a public/private key pair where the sender encrypts the data with her private key and the receiver decrypts it with the public key. The guest users will never know that there are other services on your network because they cannot access them. and even bandwidth-limiting permissions. The reality is that some vendors’ implementations of IPSec will simply not connect to other vendors’ implementations. You will usually want to use the strongest form that is supported by both devices. and nonrepudiation. IPSec has been on the rise as a solution for VPN tunnels that use the L2TP or Layer 2 Tunneling Protocol. imagine you want to allow You will frequently need a guests to log on to your network. 100. While the PPTP protocol still abounds and is widely supported. the sender cannot deny sending the initial packet and therefore cannot repudiate the data. it has fallen out of common use in the enterprise due to the security vulnerabilities discovered in the early implementations of the protocol. Virtual Private Networking In addition to the methods covered so far. assigned the role that limits the connection to a maximum of 128 Kbps bandwidth and allows only ports 80. If the message digest can be successfully decrypted. you can still secure WLAN client communications using VPN protocols. the guest user may be without the use of a WLAN controller. RBAC. You simply have to ensure that you enable the same encryption and hashing settings on both ends of the VPN connection. and SMTP respectively). layer 3 permissions. integrity. RBAC is not supported within APs The captive portal page will clearly tell the user themselves and may not be supported to enter the user name of “guest” and a password by the existing network infrastructure of “guest”. At the same time. some have chosen to purchase . IPSec has often been said to be an unnecessarily complex VPN protocol.

This can be an excellent feature for connecting remote offices. . I assisted one company that has five computers at one location and three computers at another. While this slightly impacted throughput and performance. and optimized. clients that old may find that the overhead of managing the VPN tunnel brings their network connection to a snail’s pace as well.420 Chapter 10: Security Tools and Solutions dedicated VPN devices (sometimes called VPN concentrators or routers) to place on either side of the connection being secured. In other words. Be sure to check with your ISP to verify that you will not be in breach of your usage agreement by setting up such a VPN connection. there was one multipoint location that provided connectivity for five remote bridges. however. The multipoint location was twothirds up a 500-foot tower on top of a 2500-foot mountain in the middle of a metropolitan area. This is often suggested as a solution for older WLAN clients that do not support any security mechanism beyond WEP. verified. you ensure that the communications between the WLAN client and the local hotspot AP are completely encrypted and secure. For example. We set up the WLAN router at each end to use dynamic DNS for name–to–IP address resolution and then configured the VPN tunnel between the two routers. Figure 10-8 depicts this setup. the peace of mind it provided was well worth it in the customer’s eyes.8 GHz Cisco bridges. you could implement a VPN server and require that the WLAN clients connecting locally create a VPN tunnel before beginning other communications. Another common use of VPN technology is that of protecting WLAN clients that connect to unprotected and open hotspots. and they wanted to create a virtual WAN across the Internet links. It’s probably still best to upgrade these older WLAN clients. Both locations had high-speed Internet connections. Many SOHO WLAN routers support VPN capabilities right out of the box. Once the wireless backbone connections were established. the configuration was done and the WAN link in place in less than an hour. Since the two locations were less than a mile apart. By requiring these clients to first create a VPN tunnel with a device on your corporate network and then routing them back out to the Internet through that VPN connection. Now those hungry hackers hanging around the hotspot cannot easily steal user accounts and other sensitive data that may be traversing the local hotspot WLAN. You can also implement such VPN solutions for local WLANs within your company. VPN connections were established over the top of the already highly secure wireless connection at the request of the customer. Here’s another example: While working on a large municipal wireless backbone project where the customer was deploying a point-to-multipoint bridge solution using U-NII-3 5.

The settings that can be configured separately for each VLAN often include ■ Authentication type ■ Encryption method . the SSID is used to determine the VLAN that a wireless LAN station should participate in. Corporate Client connecting from an insecure hotspot location Using VLANs A virtual LAN (VLAN) is used to define the logical separation of a physical LAN into multiple networks or broadcast domains. In most wireless LAN equipment that supports VLANs. Two VLANs act much like two physical LANs in that they cannot communicate with each other unless they are configured with routers between them.Identify and Describe WLAN Security Techniques 421 FIGURE 10-8 WLAN client connecting with a VPN at an unsecured hotspot Local Hotspot AP Internet VPN Server Corporate Network VPN Tunnel Hacker cannot crack the VPN tunnel. This can provide you with a simple solution for providing a public network and a private one through the logical segmentation provided by VLANs. Each VLAN will have different features assigned to it. from the upper layers of the OSI model. such as authentication methods and encryption methods.

This capability is provided by VLAN technology.422 Chapter 10: Security Tools and Solutions ■ Number of allowed clients ■ QoS settings Since VLANs only allow nodes to communicate with other nodes in the same VLAN—unless a bridging or routing device is used—you can implement solutions like that represented in Figure 10-9. Note the VLAN trunks between LAN switch A and switch B and between the APs and the switches. The two WLAN clients on VLAN A can communicate with each other even though they are in separate physical networks. FIGURE 10-9 Switch A VLAN Trunk Switch B VLAN Trunk VLAN configuration for WLANs VLAN A VLAN A VLAN Trunk VLAN B These clients can communicate. The VLAN trunk uses IEEE 802.1Q encapsulation to allow for this magic to work. . and the VLAN A and VLAN B clients on the left cannot communicate with each other even though they are on the same physical network.

As a wireless technology professional. Indeed. and even that can be classified under the normal heading of protecting valuable data. there is . The PCI DSS document is a 73-page document (version 1. debit cards.Regulatory Compliance 423 CERTIFICATION OBJECTIVE 10. in the United States. With this fact in mind. PCI Compliance Payment Card Industry (PCI) compliance is statement of conformity to the PCI Data Security Standard (DSS). and information transfer. The regulations covered by the CWTS exam include PCI and HIPAA. Additionally. you’ll immediately recognize most of these components as standard security best practices.) do so in a secure manner.2) that outlines the process of implementing a secure payment card processing environment. PCI DSS is a set of standards that help to ensure that companies processing payment cards (credit cards. you must understand the basics of these regulations in order to implement WLANs that comply with them. For example. In the end. etc. the exam tests your knowledge of WIPS solutions that may be used to enforce compliance.02 Regulatory Compliance Governing bodies define and enforce regulations related to many different knowledge domains. the government has passed health information management policies as the HIPAA guidelines. the only unique component is that of protecting cardholder data. storage. Information has evolved to become an extremely valuable resource in modern economies. The document covers the following components: ■ Building and maintaining a secure network ■ Protecting cardholder data ■ Maintaining vulnerability management programs ■ Implementing strong access control measures ■ Regularly monitoring and testing networks ■ Maintaining an information security policy If you’ve been a student of information security. The standards encompass payment card processing. many regulatory agencies have defined regulations related to information management.


Chapter 10:

Security Tools and Solutions

nothing new in the PCI DSS document; however, more and more states and credit card companies are requiring compliance with it in order to process payment cards. At this point, the U.S. government does not require compliance with PCI DSS, but it is a likely future outcome. The good news is this: if you implement security best practices, you’ll have very little to change in order to comply with PCI DSS. The PCI DSS lists both recommended practices and required practices. In the standard, network segmentation is only recommended, while the installation of perimeter firewalls between wireless networks and the payment processing segment is required. In fact, the standard lists many requirements for WLAN implementations, including these:
■ Install perimeter firewalls between any wireless networks and the cardholder

data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.
■ For wireless environments connected to the cardholder data environment

or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. Ensure wireless device security settings are enabled for strong encryption technology for authentication and transmission.
■ Ensure wireless networks transmitting cardholder data or connected to the

cardholder data environment use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission. In summary, to comply with PCI DSS, a WLAN that is not involved in payment card processing must be segmented from the payment card processing segment using firewalls, vendor default SSIDs must be changed, and strong encryption based on 802.11i must be implemented. In fact, the standard explicitly states that—as of March 31, 2009—WEP cannot be utilized in any new WLANs. If the WLAN existed before March 31, 2009, WEP must be removed by June 30, 2010.

Make sure you remember the three key factors that allow a WLAN to comply with PCI DSS. They are: segment non–payment processing WLANs with

firewalls, change vendor defaults, and implement 802.11i or strong security such as AES.

Regulatory Compliance


HIPAA Compliance
The HIPAA regulations require that healthcare organizations (including hospitals, doctors, and any other organization that handles health information) implement policies and procedures to ensure that only authorized individuals may access patient health information. HIPAA (the name stands for Health Insurance Portability and Accountability Act) was enacted within the United States in 2006. Organizations covered by the act and, therefore, required to comply include
■ Health plan providers ■ Healthcare clearinghouses ■ Any healthcare provider who transmits health information in electronic form

The health information protected by HIPAA includes all individually identifiable health information. This information is identified as information that is unique to an individual and related to the health of that individual. Examples include
■ Past, present, or future mental or physical health condition ■ Healthcare that has been provided to the individual ■ Healthcare payment information

Information classified as de-identified does not require compliance with HIPAA regulations. De-identified information is information that neither identifies nor provides a foundational knowledge base on which a patient may be identified. The HIPAA regulations are nonspecific, allowing organizations of differing sizes to implement appropriate security measures that result in the protection of health information. The general requirements include these stipulations:
■ Privacy policies and procedures must be documented. ■ A privacy official must be designated to oversee the HIPAA regulation

implementation and maintenance.
■ All workforce members must be trained to understand and comply with the

privacy policies.
■ Mitigation efforts must be taken when privacy policies are breached. ■ Effective data safeguards must be implemented. ■ Complaint processing procedures must be implemented.


Chapter 10:

Security Tools and Solutions

■ Patients must not be asked to waive privacy rights, and retaliation against

complaints is not allowed.
■ Privacy policies and incident documentation must be maintained for six years.

With an understanding of the HIPAA regulations, the only remaining question is this: How do these regulations apply to a WLAN? The answer is simple. They apply to WLANs in the same way they apply to wired LANs. There is no significant difference. Whether wired or wireless, the following five security solutions should be used in order to effectively comply with HIPAA regulations:
■ Authentication ■ Authorization ■ Confidentiality ■ Integrity ■ Nonrepudiation

All of these terms were defined in the opening section of this chapter and need no further description here. Wired networks do not provide confidentiality by default, and encryption solutions must be used to comply with HIPAA. This requirement is the same for wireless networks. To avoid redundancy, I’ll just say that the same is true for the other four requirements. You must provide all five of these requirements on both wired and wireless networks. Many vendors attempt to differentiate between wired and wireless networks in order to indicate that their wireless solution is the best when it comes to HIPAA compliance.The truth: any hardware and software combination that allows the implementation of 802.11i security can be fully and completely HIPAA compliant. Don’t fall into the trap of marketing hyperbole.

Using WIPS to Enforce Compliance
Both the PCI DSS and HIPAA regulations require incident handling procedures. These procedures must be documented and followed in the event of a security breach. However, the first step to incident processing is incident detection. Intrusion prevention systems (IPSs) are used to detect and even prevent network security breaches. A wireless IPS (WIPS) is specifically designed to perform this operation for WLANs. By implementing a WIPS solution, you take the first step toward incident handling compliance.

Regulatory Compliance


Network Security Policy Basics
Security policies for WLANs are covered in-depth in the CWSP Certification Official Study Guide, Second Edition by Tom Carpenter, Grant Moerschel, and Richard Dreger (McGraw-Hill Professional, 2006). The CWTS exam does not require in-depth knowledge of security policies, but an understanding of these policies will help you better implement security solutions in the real world. A security policy will define the measures taken to secure the network, the audit methods used to ensure network security according to policy and the penalties that will occur should an individual breach that policy. For example, the SANS Security Policy Project (available at www.sans.org/resources/policies) provides templates for many types of security policies. The Wireless Communications Policy document for SYSEDCO opens with these remarks: This policy prohibits access to SYSEDCO networks via unsecured wireless communication mechanisms. Only wireless systems that meet the criteria of this policy or have been granted an exclusive waiver by InfoSec are approved for connectivity to SYSEDCO’s networks. I took the liberty of inserting my company name into the policy where the template simply says <Company Name>. You can see, from the opening of this policy, how it sets the stage for prohibiting access to the network using improperly secured devices and even prohibits the use of rogue APs. The policy also includes the following enforcement statement: Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. The policies at the SANS Security Policy Project are a good place to start, but you will need to customize them for use in your organization. For example, this WLAN policy from which I’ve quoted requires the use of VPN tunnels, but you may decide that this is not necessary for your organization. Security policies may be divided into two segments: general and functional. General security policies will describe the overall view of the network. Functional security policies will describe specific technology procedures that must or should be implemented in the environment.


Chapter 10:

Security Tools and Solutions

General Security Policy Elements
General security policies usually give a high-level overview of the way the network security should be implemented and managed. They may include the following sections of information:
■ Statement of authority ■ Target audience ■ Violation reporting and enforcement ■ Risk assessment ■ Impact analysis ■ Security auditing

The statement of authority will identify the individual, group, or organization that has the authority to enforce the policies. The target audience will identify the individuals who must comply with the policy, and violation reporting and enforcement statements will determine how a violation incident will be handled. The risk assessment will begin with the identification of assets and the threats posed against those assets. Once these assets are identified and the threats determined, an impact analysis will help to discover the loss to the organization should the risk occur. Finally, security auditing procedures and frequencies should be defined so that the administrative staff knows what is expected of them and how to meet those expectations.

Functional Security Policy Elements
Functional security policies specify how specific security-related technologies should be utilized. There will often be a separate document for each technology or concept. The functional policy will provide specific methods that result in the mitigation of threats identified and described in the general policy. An example of a functional policy may be that all Ethernet ports utilize 802.1X port-based access control in all conference rooms and public areas. This can help prevent the installation of rogue APs. The general policy may have defined rogue APs as a threat, but the functional policy defines the protection mechanism to be enforced. Functional policies may include the following sections, or each of these may be an individual policy document:
■ Password policies ■ Training requirements ■ Acceptable use ■ WLAN access requirements

Regulatory Compliance


■ Encryption standards ■ E-mail usage ■ Internet usage ■ Asset management

Security Policy Recommendations
The following sections document recommended practices that should be included in your security policies. Remember that you must actually perform these acts in order for them to be effective. Many security policies make good doorstops because they are created but never fully implemented.

Baseline Practices
The following are intended to be general baseline guidelines for WLANs in three markets: small office/home office (SOHO), small and medium-sized businesses (SMB), and enterprise-class installations.

SOHO SOHO implementations seldom require enterprise-class security that includes RADIUS servers and 802.1X/EAP authentication. However, the following should serve as a minimum baseline at this time:
■ Upgrade all APs and clients to the latest firmware and software revisions. ■ Use all WPA2 hardware if possible. ■ Change the manufacturer settings for SSIDs, logon accounts, etc. ■ Enable Open System authentication and use WPA- or WPA2-Personal. ■ Use a strong passphrase that is long enough to resist brute-force and

dictionary cracks.

SMB Small and medium-sized businesses will usually not have the budgets of large enterprises, but they should insist on upgrading the baseline recommended for SOHO installations in the following ways:
■ Use all newer hardware that supports WPA2-Personal at a minimum as much

as possible.
■ For legacy devices that cannot use WPA-level security (such as barcode readers

and older wireless IP phones), implement separate VLANs that prevent anything on the unsecure VLAN from getting to the corporate network.
■ Preferably use WPA2-Enterprise with a RADIUS server.


Chapter 10:

Security Tools and Solutions

Enterprise Enterprises with hundreds and even thousands of users cannot accept the lower security baselines of the SOHO and SMB. This is mostly a matter of asset value, and the large enterprises have more to lose, so they should be willing to spend more to protect it. The baseline should now be upgraded to include the following:
■ If they do not exist, a full set of documented security policies for the wired

and wireless LANs should be developed.
■ Perform periodic security audits to verify that the network is still operating

according to policy and is secure.
■ Use only WPA2-Enterprise and fall back to WPA-Enterprise if need be. ■ Do not implement preshared keys anywhere. They are too difficult to manage

in a large implementation and are not as secure.
■ Use VLANs to isolate users from one another and from services as needed. ■ Implement a wireless intrusion prevention system. ■ Consider implementing network access control.

Implementation Practices
Ensure that your devices are configured while detached from the network. Attaching a default configured device to the network temporarily opens you up to attack while the device is still insecure. Configure the device using the console port of a direct Ethernet cable if you choose to configure the device with the web-based interface. Once the device is configured to meet your security standard, bring it online.

Physical Security
If you cannot provide a guarded entrance to your facility, consider installing wireless IP cameras that can monitor your facility 24×7. As noted earlier, you can also install fake cameras to deter attackers who would otherwise readily install rogue APs without fear. Additional physical security concerns include
■ End-user training ■ Disabling unused physical ports ■ Installing APs central to the facility or with antennas that propagate the RF

energy inward toward the facility instead of outward toward your parking area It is very important that you realize this last item will not guarantee that an attacker cannot “see” or “read” the information traversing your WLAN. This will

Regulatory Compliance


only make it more difficult and should not be considered an actual security solution. The main purpose of proper antenna selection is gaining the coverage you need and not gaining a security advantage.

EXERCISE 10-1 Customizing a SANS.ORG Policy Template

In this exercise you will download and customize the WLAN policy from the SANS. ORG policy template library.

Connecting to the SANS.ORG Web Site
1. Open your preferred web browser. 2. Navigate to http://www.sans.org/resources/policies. 3. Click the link that reads “Need an Example Policy or Template.”

Download the Wireless Policy Template
1. Scroll through the list of policies until you come to the one titled “Wireless Communication Policy.” 2. Click the link that reads “Download Word Template.” 3. Save the file to an acceptable location on your computer.

Customize the Wireless Policy Template
1. Open the template file in Microsoft Word. 2. Perform a Replace operation: a. Look for <Company Name>. b. Replace it with your organization name. 3. Perform another Replace operation: a. Look for “Information Security Team.” b. Replace it with the name of your InfoSec group. 4. Change any other information required. 5. Save the document.


Chapter 10:

Security Tools and Solutions

Wi-Fi Security Myths
While the CWTS exam will not test you on the following information, it is important that I emphasize the myths related to WLAN security. Many recommendations either provide no added security or minimal added security. Some recommendations actually open your client computers up for attack. The myths that I will address include
■ MAC filtering ■ SSID hiding ■ That all modern equipment uses “Better WEP” ■ That WLANs can’t be secured

The first myths focus on recommendations that either provide minimal or no security, and the last one reverses the perspective to focus on the false conception that WLANs simply cannot be implemented in a secure manner.

MAC Filtering
Vendors of wireless devices and books on wireless networking often provide a list of the “Top 5” or “Top 10” things you should do to secure your WLAN. This list usually includes MAC filtering and SSID hiding or cloaking. The reality is that neither of these provides a high level of security. MAC addresses can easily be spoofed, and valid MAC addresses can be identified in just a few moments. For example, an attacker can weed out the AP in an infrastructure BSS by looking for the MAC address that sends out beacon frames. This will always be the AP in the BSS. With this filtered out of the attacker’s protocol analyzer, he has only to find other MAC addresses that are transmitting with a destination MAC address equal to that of the AP. Assuming the captured frames are data frames, the attacker now knows a valid IP address. There is no question that MAC filtering will make it more difficult for an attacker to access your network. The attacker will have to go through the process I’ve just outlined (or a similar process) in order to obtain a valid MAC address to spoof. However, you are adding to your workload by implementing such MAC filtering and you have to ask, “Am I getting a good return on investment for my time?” The answer is usually no. Assuming you are using TKIP or CCMP with a strong EAP type for authentication (or even preshared keys), this will be so much more secure than MAC filtering could ever hope to be that it makes the extra effort of MAC filtering of minimal value. I recommend that you do not concern yourself

Regulatory Compliance


with MAC filtering in an enterprise or SMB implementation. It may be useful in a SOHO implementation, but I even question its value there.

SSID Hiding
Hiding or cloaking the SSID of your WLAN falls into a similar category as MAC filtering. Both provide very little in the way of security enhancement. Changing the name of your SSID from the vendor defaults can be very helpful, as it will make dictionary attacks against PSK implementations more difficult. The SSID is used in the process of creating the pairwise master key. Hiding the SSID makes it difficult only for casual eavesdroppers to find your network. Hiding the SSID also forces your valid clients to send out probe requests in order to connect to your WLAN, whether using the Windows Wireless Zero Configuration utility or your vendor’s client software. This behavior means that, when the user turns on his or her laptop in a public place, the laptop is broadcasting your SSID out to the world. This could be considered a potential security threat, since a rogue AP of any type can be configured to the SSID that is being sent out in the probe requests. Of course, modern, software-based APs can respond to random SSIDs generated by WZC, but hiding your SSID effectively makes every WLAN client in existence vulnerable to such attacks, since they will all have to send probe requests with the SSID now. I always recommend changing the SSID from the default, but I never recommend hiding the SSID for security purposes. Some people will hide the SSID for usability purposes. Turning of the SSID broadcast in all APs’ beacon frames will prevent client computers from “seeing” the other networks to which they are not supposed to connect. This may reduce confusion, but SSID hiding should not be considered a security solution. An argument can be made such as the following: “MAC filtering and SSID hiding are not strong security techniques, but they are security techniques because they make it more difficult to penetrate the network.” Let’s compare this to our physical world. For example, closing your door at night is not a strong security technique, but it is a security technique because the intruder now has to turn the door knob and push the door open to enter your house. Does that sound right to you? It doesn’t sound right to me.

All Modern Equipment Uses “Better WEP”
When the initial scare hit, many vendors looked for solutions to the weak IVs used in the current (at the time) WEP implementations. Eventually many vendors began implementing newer WEP solutions that attempted to avoid the weak IVs.


Chapter 10:

Security Tools and Solutions

As early as 2003, I noticed people posting on the Internet and saying that the newer hardware didn’t have this problem. In fact, I have a network-attached storage device that was purchased in 2005 that includes a built-in AP. This device is running the most recent firmware from the vendor (D-Link, in this case), and I can connect a brand new Intel Centrino chipset laptop to the device using WEP. While monitoring from another computer, I am able to capture weak IVs and crack the WEP key in a matter of minutes. You simply cannot trust that a vendor has actually implemented algorithms that protect you against WEP weaknesses just because it is newer hardware. Instead, you would need to monitor the communications with the device in order to determine if weak IVs are being used. It’s easier to implement WPA or WPA2, so I recommend that.

WLANs Can’t Be Secured
Don’t allow these last few false security methods to keep you from implementing a WLAN. WLANs can be implemented in a secure fashion using 802.11i (Clause 8 of IEEE 802.11-2007) and strong EAP types. In fact, they can be made far more secure than most wired LANs, because most wired LANs do not implement any real authentication mechanisms at the node level. If you buy into the concept that WLANs cannot be secured and you decide not to implement a WLAN for this reason, you will likely open your network up to more frequent rogue AP installations from users that desire to have wireless access to the network. The simplest way to avoid or at least diminish the occurrence of user-installed rogue APs is to implement a secure WLAN for the users.

This chapter provided you with the essential information needed to choose the right security solution for a given scenario. You learned about general security principles and the various technologies provided by the 802.11 standard for securing your WLANs. These technologies included WEP, WPA, WPA2, and multiple encryption solutions, including RC4 and AES. You learned about the weaknesses of some security concepts such as WEP, MAC filtering, and SSID hiding. Finally, you learned the basics of security policies and how to create quick security policies for any environment using publicly available templates.

Two-Minute Drill


Identify and Describe WLAN Security Techniques
❑ SSID hiding is used to turn off the broadcasting of the SSID in beacon frames. ❑ Hiding the SSID is not a good security solution, because attackers can easily

gather the SSID from frames other than the beacon frame.
❑ Many clients transmit the configured SSID continually when SSID hiding

has been disabled in the corporate environment. This behavior can make the client vulnerable when powered on in public places.
❑ MAC filtering is not a strong security solution, because attackers can easily

gather a list of valid MAC addresses.
❑ MAC spoofing is used to alter the MAC address to one that is allowed by the

AP’s MAC filtering list.
❑ WEP uses a 24-bit initialization vector (IV). ❑ WEP is vulnerable to weak IV attacks. ❑ Forty-bit WEP keys are considered too short in today’s environments

regardless of other vulnerabilities.
❑ WPA and WPA2 can use preshared keys (PSK) for security. ❑ The PSK should be changed periodically and should be sufficiently long,

which means usually more than 15 characters.
❑ WPA- or WPA2-Enterprise should be used when installing larger WLANs. ❑ A RADIUS server is usually used for authentication in a WPA- or

WPA2-Enterprise implementation.
❑ Authentication is the process that results in validation of a user or system

❑ Authorization is the process that results in an authenticated user or system

gaining controlled access to a resource.
❑ Accounting or auditing is the process that results in the documentation of

actions taken by users or systems in relation to resources and services.
❑ Confidentiality is used to ensure the privacy of information through

encryption or authentication and authorization.


Chapter 10:

Security Tools and Solutions

❑ Integrity is achieved when the data accessed or received can be validated as

unchanged from the time of storage or transmission.
❑ Availability is provided when the data is available at the time of need.

Regulatory Compliance
❑ The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of

guidelines used to provide effective security for credit card transactions.
❑ The PCI DSS includes guidelines for payment processing, storage, and

❑ PCI requires that non–payment processing WLANs connected to the same

network as the payment processing segment be separated by a firewall.
❑ The Health Insurance Portability and Accountability Act (HIPAA) is the

regulatory policy that guides information security related to patient health information.
❑ The security requirements needed to comply with HIPAA are the same for

both WLANs and wired networks.
❑ Five factors must be addressed in HIPAA compliance: authentication,

authorization, confidentiality, integrity, and nonrepudiation.
❑ WIPS solutions can be used to detect security incidents and launch the

incident handling procedures required by HIPAA regulations.

Self Test


The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully because there might be more than one correct answer. Choose all correct answers for each question.

Identify and Describe WLAN Security Techniques
1. Which one of the following security techniques may actually cause your wireless clients to be more vulnerable when powered on in public spaces? A. MAC filtering B. SSID hiding C. WPA D. WPA2 2. What attack method is used in order to circumvent MAC filtering? A. SSID hiding B. MAC spoofing C. Man-in-the-middle D. Hijacking 3. What is the size of the WEP IV? A. 8-bit B. 16-bit C. 24-bit D. 32-bit 4. What WEP vulnerability is related to the IV? A. Weak IV attacks B. Corrupt IV attacks C. Data flooding D. Brute-force cracking 5. Which WEP key length is considered too short for today’s environments? A. 40-bit B. 104-bit C. 128-bit D. 24-bit


Chapter 10:

Security Tools and Solutions

6. You are installing a large WLAN. What security solution should be used? A. WPA2-Enterprise B. WPA-PSK C. WEP D. WPA2-PSK 7. You are installing a small WLAN, and a RADIUS server is not available. What security solution should you use? A. WPA-PSK B. WPA2-Enterprise C. WPA-Enterprise D. WEP 8. What process is used to validate the identity of a user? A. Authorization B. Accounting C. Authentication D. Auditing 9. What process is used to document actions in relation to resources and services? A. Authorization B. Accounting C. Authentication D. Confidentiality 10. What is provided by encryption? A. Integrity B. Accounting C. Confidentiality D. Auditing 11. What kind of server is used to authenticate WLAN clients in an 802.1X security implementation? A. IPSec B. PPTP C. RADIUS D. VPN

Self Test


12. What is the algorithm used to provide integrity in data communications? A. Encryption B. Hashing C. Redundancy D. Authorization

Regulatory Compliance
13. What regulation applies to credit card processing? A. PCI DSS B. HIPAA C. IETF D. FCC 14. You have placed the WLAN that your users use to browse the Internet behind a firewall separating it from the rest of your wired network. You also have a network segment where credit card processing occurs. What regulation has driven you to set up the WLAN in this way? A. PCI DSS B. HIPAA C. IEEE D. WPA 15. Which of the following are included in the five security solutions required to meet HIPAA regulations when implementing a WLAN? (Choose all that apply.) A. Authentication B. Accounting C. Nonrepudiation D. Attack surface reduction 16. Which of the following describes organizations that must comply with HIPAA regulations? A. Any healthcare provider who transmits health information in electronic form B. Any organization that deals with patients C. Only hospitals D. Only health insurance providers


Chapter 10:

Security Tools and Solutions

You are installing a WLAN that consists of three APs and thirteen wireless clients. The organization has informed you that the budget is limited. Currently, no RADIUS servers are installed in the organization. The IT director is concerned about his users connecting to public hotspots as well. What primary security solution will you recommend to the organization? What solution will you recommend for use when connecting to public hotspots?

What attack method is used in order to circumvent MAC filtering? A. WPA2 ✓ ® B is correct. and D are incorrect. Man-in-the-middle attacks have nothing to do with MAC filtering. WPA D. ˚ . but it does not make ˚ the clients more vulnerable. 32-bit ✓ ® C is correct. MAC spoofing is used to circumvent MAC filtering. Hijacking ✓ ® B is correct. ® A. and D are incorrect. ® A. MAC spoofing C. 24-bit D. WPA and WPA2. These answers are simply incorrect. 3. but it ˚ does not provide a method for circumventing MAC filtering. Man-in-the-middle D. C. MAC filtering B. ® A. B. Which one of the following security techniques may actually cause your wireless clients to be more vulnerable when powered on in public spaces? A. Hiding the SSID requires the client to store the SSID and probe for it—in some cases continually—when the WLAN NIC is powered on. The WEP initialization vector is 24 bits. What is the size of the WEP IV? A. 16-bit C. C. SSID hiding B.Self Test Answers 441 SELF TEST ANSWERS Identify and Describe WLAN Security Techniques 1. when implemented properly. SSID hiding is an attempt at security that is feeble at best. MAC filtering is not considered secure. and D are incorrect. SSID hiding C. are considered very secure. and neither do hijacking attacks. 2. 8-bit B.

and a RADIUS server is not available. and D are incorrect. WPA-PSK and WPA2-PSK would be too difficult to manage in ˚ a large network. WPA-PSK B. A 40-bit key is considered too short. 7.or 128-bit key length is sufficiently long for most ˚ scenarios. WPA2-Enterprise . 24-bit ✓ ® A is correct. and brute-force cracking is a potential WEP attack that does not depend on or utilize the IV in the attack process. Brute-force attacks against a 40-bit key. Corrupt IV attacks C. can be processed within days or weeks. Which WEP key length is considered too short for today’s environments? A. What WEP vulnerability is related to the IV? A. WEP should not be used regardless of the network size. Brute-force cracking ✓ ® A is correct. C. WEP does not support a 24-bit key length. What security solution should you use? A. 6. particularly with distributed computing. ® B. WPA2-PSK ✓ ® A is correct. 5. ® B. Weak IV attacks B. and D are incorrect. There is no such attack as a corrupt IV attack.442 Chapter 10: Security Tools and Solutions 4. A weak IV attack is an attack where the frames are analyzed in search of specially formed IVs that are more vulnerable to attack. 128-bit D. WPA2-Enterprise B. C. WEP D. and D are incorrect. What security solution should be used? A. WPA2-Enterprise provides the strong security and automation of administration needed. You are installing a small WLAN. Data flooding D. only WPA2-Enterprise should be used in a large WLAN. C. Data flooding is ˚ a DoS attack. ® B. A 104. 40-bit B. You are installing a large WLAN. WPA-PSK C. since no automatic key rotation is provided. Of those listed. The IV is 24 bits in length. 104-bit C.

Auditing . What is provided by encryption? A.and WPA-Enterprise require an authentication server ˚ (RADIUS). WPA2. ® B. 10. Authorization is used to grant or deny access to resources. Accounting or auditing is used to document or log the actions of a user or system in relation to a resource or service. Authentication D. C. WPA-Enterprise D. something you have. Auditing ✓ ® C is correct. Integrity B. Accounting C. ® A. Confidentiality ✓ ® B is correct. or something you are. Authentication is used to validate the identity of a user and may include something you know. Authorization is used to grant or deny access to resources. Authorization B. 8. What process is used to validate the identity of a user? A. you will need to use a preshared key. Authentication D. 9. What process is used to document actions in relation to resources and services? A. Authorization B. C. Without a RADIUS server. Accounting C.Self Test Answers 443 C. ˚ Accounting and auditing are used to track actions taken by users in relation to resources or services. Accounting C. WEP ✓ ® A is correct. ® A. WPA-PSK is the only valid choice in this list. WEP should not be used regardless of whether a RADIUS server is available or not. and D are incorrect. B. Confidentiality D. and D are incorrect. ˚ Authentication is used to validate identity. Confidentiality is used to ensure the privacy of data. and D are incorrect.

PCI DSS B. A VPN is a virtual ˚ private network. 11. Regulatory Compliance 13. Encryption provides confidentiality. Authorization ✓ ® B is correct. IPSec B. Hashing C. Encryption B. PPTP C. Confidentiality may also be provided through the combined use of authentication and authorization. IETF D. and D are incorrect. ® A. and D are incorrect. IPSec and PPTP are VPN protocols. 12. ® A. ® A. B. B. but. What is the algorithm used to provide integrity in data communications? A. Redundancy D. technically. Authorization is used to grant or deny access to resources. The most common type of authentication server used for 802. Accounting provides a log of actions taken by users or systems. C. encryption can be reversed. Hashing algorithms ˚ are sometimes categorized as encryption algorithms.1X systems is a RADIUS server.444 Chapter 10: Security Tools and Solutions ✓ ® C is correct.1X security implementation? A. and D are incorrect. Auditing is the same as accounting. FCC . Hashing algorithms such as MD5 and SHA-1 are used to provide integrity for stored data or data in transit. What kind of server is used to authenticate WLAN clients in an 802. Integrity is provided with hashing algorithms. HIPAA C. VPN ✓ ® C is correct. Redundancy is ˚ used to provide availability. Encryption is used to provide confidentiality. RADIUS D. What regulation applies to credit card processing? A.

Which of the following are included in the five security solutions required to meet HIPAA regulations when implementing a WLAN? (Choose all that apply. Compliance with this document requires that WLANs not used for payment card processing be separated from the payment card processing segment by a firewall. confidentiality. The IEEE ˚ has no regulations for the credit card industry. Which of the following describes organizations that must comply with HIPAA regulations? A. C. You also have a network segment where credit card processing occurs. not a set of regulations. The five security solutions include authentication.) A. PCI DSS B. and D are incorrect. PCI DSS is the regulation used for the payment card industry. HIPAA regulations apply to the healthcare industry. Only hospitals D. PCI DSS is the regulation used for the payment card industry. and C are correct. C. Any organization that deals with patients C. IEEE D.Self Test Answers 445 ✓ ® A is correct. authorization. which includes credit cards. ® D is incorrect. B. WPA is a WLAN security certification. ® B. There is no requirement for attack surface reduction. ® B. and D are incorrect. Any healthcare provider who transmits health information in electronic form B. Attack surface reduction ✓ ® A. WPA ✓ ® A is correct. The IETF ˚ and FCC have no regulations for the credit card industry. PCI DSS is not currently a federal law. HIPAA C. Nonrepudiation D. 16. which includes credit cards. Accounting C. although attack surface ˚ reduction is a valid security principle. HIPAA regulations apply to the healthcare industry. 15. Only health insurance providers . You have placed the WLAN that your users use to browse the Internet behind a firewall separating it from the rest of your wired network. What regulation has driven you to set up the WLAN in this way? A. but is a set of guidelines put forth by the various credit card companies and many of the states in the United States. integrity. and nonrepudiation. Authentication B. 14.

In order to provide security while connecting to hotspots.446 Chapter 10: Security Tools and Solutions ✓ ® A is correct. The key should be 15 characters or longer and should be changed every few weeks or months. and this VPN would be used for all Internet communications. HIPAA regulations are not limited to hospitals or health insurance providers. you may recommend that all WLAN clients be configured with a VPN client. You may recommend that the organization implement WPA or WPA2 with a preshared key. ® B. no RADIUS servers are installed in the organization. This VPN client will connect to a VPN server at the organization’s headquarters. The IT director is concerned about his users connecting to public hotspots as well. Your answer may vary. Currently. HIPAA regulations apply to any healthcare provider who transmits health information in electronic form and operates in the United States. LAB ANSWER You are installing a WLAN that consists of three APs and thirteen wireless clients. and D are incorrect. What primary security solution will you recommend to the organization? What solution will you recommend for use when connecting to public hotspots? The following represents one possible solution to the lab. The end result is secure communications even at a public hotspot. Organizations that deal with patients but do not transfer patient ˚ information electronically have no requirement to comply with HIPAA regulations. . depending on the sensitivity of data on the network. The organization has informed you that the budget is limited. C.

02 Define WLAN Architectures Wireless Mesh Access Layers ✓ Q&A Two-Minute Drill Self Test .01 11.11 Advanced Wireless LAN Models CERTIFICATION OBJECTIVES 11.

This chapter presents these advanced WLAN architectures. some vendors insist that single-channel architecture is best. WLANs can grow to include thousands of APs and thousands of client stations. you may choose both centralized management and WLAN processing or only centralized management to control and administer large WLANs. . Next.and multiple-channel architectures as well as the evolution of WLAN architectures. CERTIFICATION OBJECTIVE 11. If you implement a very large WLAN using the simple concept of individually configured APs and clients. You will learn about the features and benefits of both single. mesh wireless access layers are presented and contrasted with traditional WLAN models. the more complex architectures actually provide simpler administration. If you instead implement a very large WLAN that uses complex architectures. Interestingly. In the end. WLAN power management features are briefly addressed so that you can understand how power-managed laptops (and other devices) can operate on a wireless network. Of course. more complex architectures are required. however. High-level deployment models are reviewed. Wireless Network Management Systems (WNMS).01 Define WLAN Architectures Choosing the best WLAN architecture for your needs is essential to the success of your WLAN implementation projects. These conclusions are based on the fact that a complex centralized architecture will allow for mass-management of APs on the network. and others argue that multiple-channel (or traditional) architecture is best. Finally.448 Chapter 11: Advanced Wireless LAN Models T he simplest WLANs consist of a few APs and several client stations. Vendors continue to release new architectures and argue over which architecture is the best. the ongoing administrative overhead will be tremendous. For example. and then specific solutions such as single-channel architecture and multiple-channel architecture are presented. As the network grows. such as those from Cisco. the ongoing administration of the network will be much less time consuming. can be used with the distributed model for centralized management. The decision is not getting any easier. I will review these architectures and then leave you to decide on the best solution for your situation. Of course. A simple decentralized architecture will not allow for the same management. they tend to argue for the architecture used by their solutions. In this section.

11 in a way other than the intelligent edge model. you can cheat and save the configuration from one AP and then load it onto another. Additionally. Another drawback is that. this section will present the WLAN models that have evolved over time. Configure the AP according to your needs and security policies. Repeat until all APs are configured. Bring the AP onto the network live. errors are frequently introduced into the implementation and maintenance processes. because thick APs are individually configured. One drawback to this type of WLAN is that implementation is very slow when you are implementing dozens or hundreds of APs. you will usually be locking yourself into that vendor’s hardware.11 specification) a WLAN. . manage. it is important to note that anything beyond the common intelligent edge model is beyond the scope of the IEEE standard. The process for implementing an intelligent edge architecture looks like this: 1. You can imagine the time involved if you have to set up each AP individually. This kind of AP contains the entire logic system needed to implement. Yes. I will start with the first model that was implemented using IEEE 802. fat or thick APs that are still used heavily today. this was your only choice.11 technology and then progress through the evolutionary stages of WLAN design models. intelligent edge. While the models did not necessarily evolve in a precisely sequential order as presented here. Intelligent Edge (Distributed) The first devices to be released to the market were the standard autonomous. the adoption of the differing models does seem to have followed a path much like this. These more advanced models may still utilize the standard for communications. but this trick would be the only trick up your sleeve when it comes to automation. but they implement the standard in a way not explicitly declared within the standard. 2. 3. Many networks around the world have more than 1000 APs. and secure (according to the original 802. The result is simple: anytime you use vendor hardware that implements 802. At stage one. The benefit of this type of WLAN is that implementation is very quick when you are implementing only one AP.Define WLAN Architectures 449 WLAN Architecture Evolution To put the pieces together.

The WNMSs usually supported the rollout of firmware so that the APs could be updated without having to visit each one individually.e. A hybrid AP is an AP that can perform some or all of the functions needed within a BSS and can also allow for some or all of these functions to be managed by the central controller. The things that are automatically configured may include the channel used by the AP. This model provided scalability but did not reduce the cost of the APs and did not offset any processing from the APs so that they could handle more stations at each AP. and the AP and controller will automatically synchronize without any intervention from the engineer. . This configuration allows the APs to handle more client stations and provides for simple implementation.. For example. change SNMP from default communities or SNMPv3 with username/password) so that the APs can be managed by WNMS. Centralized WLAN Architecture (Split MAC) That brings us to stage three: centralized WLAN architecture. and more. The difference is that hybrid APs are used instead of lightweight APs. You will still need to touch every single AP to provide the initial configuration (i. The WLAN switch contains all the logic for processing and managing the WLAN. Hybrid WLAN Architecture The hybrid WLAN architecture uses a WLAN controller like the centralized architecture and represents stage four. there is still the requirement of initial setup and configuration of the controller. The devices and software that provide this functionality are known as a WLAN Network Management System (WNMS). but moving forward it can be automatic. Of course. This networking model utilizes lightweight or thin APs and depends on a wired network connection to the WLAN switches. most of these systems allow you to connect the lightweight AP (sometimes called an access port to differentiate it from an access point) to the switch that is connected to the WLAN controller. In this model.450 Chapter 11: Advanced Wireless LAN Models WLAN Network Management Systems (Centralized Management/Distributed Processing) When we arrive at stage two in the evolution of WLAN management. autonomous APs are still used. we encounter centralized configuration management with distributed intelligence. the SSID. This stage provided much faster implementations of traditional fat APs and worked using SNMP or other proprietary communication protocols to configure and manage the APs across the network. the encryption methods used.

APs will be installed and power levels will be adjusted accordingly. antennas do not ever propagate the signals in a perfect hexagonal shape. consider the simple floor plan in Figure 11-1. A multichannel architecture is built with careful planning and maintained over time. Assuming this entire single-floor building needs coverage. and 11. In the real world.11n. MCA plans are often depicted with hexagons to represent the coverage of each omnidirectional antenna and AP pair. Figure 11-3 shows a more realistic view of an implementation pattern using MCA plans. This would mean that the switches that provide wired network functionality to wired clients will also have the capability to serve the needs of wireless APs so that specialty wireless switches/controllers are no longer needed as separate devices. however. multiple APs will be needed.11 PHYs that operate in the 2.4 GHz ISM band provide three nonoverlapping channels. the coverage area (cell) created by each antenna/AP pair is not a nice. the nonoverlapping channels are 1. Instead. Add-on cards provide the capabilities needed for WLAN management. but they are the same switches used for standard Ethernet communications. Strategically configuring APs to use these channels and then staggering the channel usage throughout a coverage area allows complete coverage of larger areas. the hexagon shape is useful as an early planning tool. I’ll focus on the 2. These integrated switches may be deployed in an access or distribution role. As an example. 6.4 GHz band here to make the explanations simpler. Today’s centralized and hybrid solutions usually depend on a connection from the wireless controller to a wired switch that actually has connections to the APs. In order to provide the highest data rates to all users. they form an ugly overlapping pattern that gets the job done. In the United States. clean hexagon matching up perfectly with another cell. Figure 11-2 shows a potential plan for covering the floor plan represented in Figure 11-1. As painful as it is to look at. Multiple-Channel Architecture The traditional WLAN architecture is the multiple-channel (multichannel) architecture (MCA). reducing the need for an extra wired switch. As you can see. The 802. . The future may see more development of multiport switches that have wireless controller functionality built in. The 5 GHz U-NII bands offer many more nonoverlapping channels with 802.Define WLAN Architectures 451 Unified WLAN Architecture The stage is now set for another evolutionary move where the wireless controlling functions are simply integrated into the standard wired switches used within our network cores.11a and 802.

452 Chapter 11: Advanced Wireless LAN Models FIGURE 11-1 380 Feet Floor plan of intended coverage area FIGURE 11-2 Hexagon coverage plan 6 240 Feet 1 1 6 11 11 1 1 6 6 .

and measures must be taken to reduce it. ■ It is more difficult to implement high client volume areas (such as conference and meeting rooms) within the context of a larger WLAN. ■ Adjacent-channel interference (interference among channels 1 and 6 or channels 6 and 11) is common. ■ Over time. Referring back to Figure 11-1. and this causes site surveys to be more difficult and time consuming. One of these bullets. you will usually need to install more than one AP in the area and. You could . channels 1 and 6 are already heavily represented in the area and channel 11 would certainly have some ghosting into the space as well. demands further explanation.Define WLAN Architectures 453 FIGURE 11-3 Realistic coverage plan 1 6 1 11 11 6 6 1 11 1 11 6 Several problems are introduced with the MCA solution: ■ Output power settings must vary at each AP. as you can see in Figure 11-3. implementing high client volume areas. consider this: What if you need to provide coverage for 32 client stations in that room in the lower-left corner of the floor plan? To do this. WLANs require manual or automated adjustments as the environment changes.

The basic concept of SCA is simple: forget about cell planning. depending on the vendor.11a or 802. Most newer clients already support dual-band radios.11n network using the 5 GHz band in that room. but this decision would prevent single-band client users from roaming in and out of the room. the issue is solved.454 Chapter 11: Advanced Wireless LAN Models provide a separate 802. Channel 1 could be used for FIGURE 11-4 Single-channel architecture representation 11 6 1 . For example. The end result is zero cell-size planning. just implement multiple APs using the same channel and control which APs are used to communicate at any moment with a centralized switch.4 GHz band radio only. zero initial configuration. and the ability to dedicate each SCA WLAN to a specific technology. Single-Channel Architecture Single-channel architecture (SCA) goes by many names. including Air Traffic Control (Meru) and Channel Blanketing (Extricom) among others. If roaming is not required. If roaming is required. but the odds are very high that a laptop purchased in 2007 or earlier will have a 2. you will have to perform very careful adjustments to output power settings and AP locations to provide the needed connection bandwidth in that room or you will have to upgrade all clients to support dual-band radios. Figure 11-4 shows the same floor plan represented in Figure 11-3 being covered with SCA.

as the SCA algorithms improve. The SCA vendors suggest that co-channel interference is removed because of the centralized algorithms that determine which APs should communicate at any given time. but it does not help when the client stations communicate with the APs. SCA has potential drawbacks: ■ Co-channel interference is eliminated only through the reduction of total bandwidth available in a given space.Define WLAN Architectures 455 traditional data. seamless. ■ Adjacent-channel interference may become a bigger issue and decrease overall throughput. Co-channel interference occurs when two wireless stations communicate on the same channel in order to participate in different BSSs. I think it’s important to talk about the first bullet point in more detail. This protects against co-channel interference on the downlink. frames may get through even though co-channel interference is high. client stations can also (and are more likely to) cause co-channel interference. this may become less of an issue. In the end. frames will not be transmitted at the same time if the centralized controller determines that the transmitting APs would interfere with each other. Many engineers mistakenly assume that co-channel interference only occurs among APs. SCA vendors usually state that co-channel interference is removed with their solutions. though this will not likely be a significant factor. there is no argument about the simplicity of roaming management in the SCA plan. With the MCA plans. but in smaller implementations. ■ Centralized roaming decisions require more powerful WLAN switches and may not scale well. however. A protocol analyzer located at either AP may be able to detect the other AP’s communications. these algorithms result in a potential reduction in overall throughput available on the WLAN. One of the most important benefits of SCA is that roaming is taken away from the clients and controlled by the WLAN switch. and secure. . Channel 6 could be used for voice data. MCA plans that are configured for proper channel separation may result in greater throughput than SCA plans. but the frames may still get through. This means that roaming is fast. Stated differently. two APs sufficiently separated can transmit a frame at the same time. and channel 11 could be used for location services or any other need. However. just like MCA. Questions remain about the scalability of this solution. Of course. With SCA plans. However. proving co-channel interference.

The CC-AP is called a HiveAP and these APs exist TABLE 11-1 MCA Positive: More control for the engineer Negative: More work for the engineer Positive: Results in less overengineering Negative: Implementation time is longer Positive: The network can be completely based on standards Negative: Bigger networks require more intensive site surveys SCA Negative: Less control for the engineer Positive: Less work for the engineer Negative: Results in more overengineering Positive: Implementation time is shorter Negative: Some proprietary code must be used Positive: The size of the network is irrelevant MCA Versus SCA . The differences between MCA and SCA are important and must be considered carefully when choosing a WLAN vendor. As with all nonstandard implementations. Now you have more information to help you make an informed decision.456 Chapter 11: Advanced Wireless LAN Models MCA and SCA Compared SCA solutions usually use the APs as simple radios. As you can see. however. remember that the Cooperative Control architecture will not be covered on the CWTS exam. I will present a high-level overview of this architecture here.11 MAC layer operations are handled entirely in the central switch or controller. the entire infrastructure may have to be replaced for future upgrades or repairs. Cooperative Control Another WLAN architecture. Table 11-1 provides a comparison of the positive and negative trade-offs between these two potential solutions. and the 802. the wireless technology professional should be cautious when selecting such solutions. CC-APs are a combination of a standard AP and specialized cooperative control protocols that provide similar functionality to that offered on WLANs that use a centralized controller or switch. both solutions have pros and cons. If the vendor should go out of business. illustrates the creativity of wireless vendors: it is called Cooperative Control. in order to expose you to a variety of options. Aerohive Networks developed the Cooperative Control Access Point (CC-AP) to address the limits of standard WLAN deployments. which is not covered on the CWTS exam.

you could say that mesh networking is like a multipoint-tomultipoint (MPtMP) model. The most important thing to remember about Hives is this: Hives are more proprietary than they are standard. and Quality of Service (QoS).02 Wireless Mesh Access Layers Another wireless networking model that is now more than a theory is the wireless mesh networking model. Additionally.com. In the database world. but you cannot connect any standard AP to the Hive. security. provides firmware updates. visit www. you have a one-to-one relationship model. data travels through each node so that each node is both a router/repeater and an end node at the same time. The benefits of a mesh networking model include ■ Communications within areas that would normally have many LOS obstructions ■ Data routing redundancy The first benefit is seen because mesh nodes are placed close enough to each other that a path will always be available around obstructions that would normally prevent wireless links. The HiveAPs are actual APs. In a mesh network. and the HiveManager is software running on a system that centrally configures the HiveAPs. To learn more about this architecture. Therefore. you learned about the PtP and PtMP models. all APs can connect to all other stations that are turned on and within range of each other. Two types of components work together to provide the cooperative control in a Hive: HiveAPs and a HiveManager. CERTIFICATION OBJECTIVE 11. Figure 11-5 illustrates this benefit. and supports monitoring and troubleshooting options. mesh networking capabilities. Notice that data can travel . In Chapter 1. However. and this is like the PtP model in WLANs. You also have a one-to-many relationship model and this is like the PtMP model in WLANs. You can connect any standard client to the Hive. The HiveManager software runs on a specialized appliance server. database theory also presents a many-to-many relationship model and this is much like the mesh networking model in WLANs.Aerohive.Wireless Mesh Access Layers 457 in Hives that share information for fast and secure roaming. radio channel and power management.

but there is still plenty of work to . This will be aided by both the 802. but this could change with evolving modulation schemes. it seems that the more wireless we implement. and the 802. The second benefit is also seen in Figure 11-5. the more wires we install.11n amendment for a MIMO PHY. The IEEE 802. and powerful processors at lower prices. there is data routing redundancy in that the route from A to F to E to D could be utilized. based WDS. frequency distribution.11s amendment is aimed at detailing just such a WDS. The 802.458 Chapter 11: Advanced Wireless LAN Models FIGURE 11-5 Solving LOS issues with mesh networking F E A D Interfering Obstacle B C from node A to node B and then to node C and finally to node D. Earlier in this book you learned that the normal distribution system for a WLAN is an Ethernet LAN.11s amendment for a meshof routes. If this were not a mesh network. This means that our future could see networks that are entirely wireless without a single Ethernet cable (or other wired standard) anywhere.11n amendment provides higher data rates that will be able to meet the needs of Remember that a primary smaller networks even at the infrastructure feature of mesh wireless is redundancy level. since the 802. However. Right now. there would be no clear path from node A to node D. the IEEE standard leaves the specification open so that a wireless distribution system (WDS) could also be used.11s amendment is currently in development and will specify a standard for wireless mesh networking. If the route mentioned previously (A to B to C to D) was to become unavailable.

(The route following to the needed resources is often called the backhaul. ■ Overengineering (needing more APs than a traditional deployment) may be required. the potential is exciting. Deployment is usually faster because the mesh network is self-building and self-healing. TABLE 11-2 Mesh Wireless Fast deployment Less planning Dynamic backhaul Fault-tolerant Greater cost (more APs are required) Traditional Wireless Medium to slow deployment More planning Fixed backhaul Non-fault-tolerant Lower cost Mesh Wireless Versus Traditional Wireless . The self-healing feature provides fault tolerance. scenarios may exist where one AP provides the only link available for two or more other APs.) Traditional WLANs have a single route out of the APs and onto the wired network. Mesh access layers often have dynamic backhauls that can adjust to individual mesh AP failures. You will notice that mesh wireless access layers provide fast deployment. ■ The backhaul and the access traffic share the same wireless medium. wireless mesh access layers are much like any other technology: there is good and bad. ■ Network delays may be increased if too many mesh hops exist between the client and the wired network. Additionally. While we are years and more likely decades from an entirely wireless infrastructure (and some suggest it will never come). it is also important to remember the potential negative aspects: ■ Mesh devices are usually proprietary in today’s implementations. While considering a mesh access layer. and the wireless technology professional must understand both in order to make an effective decision. As you can see.Wireless Mesh Access Layers 459 do and plenty of uses for those wires. This scenario reduces the true throughput for the APs passing through the single AP within the mesh. Mesh Wireless Versus Traditional Wireless Consider Table 11-2 in order to fully understand the key differences between mesh wireless access layers and traditional (intelligent edge) wireless.

11 WLAN devices in order to provide for longer battery life. it does not utilize any power management features. This mode is usually used by desktop computers that are using wireless connections and may be used by laptop computers as well. In the dozing state. WLAN Power Management Features The stations that participate in a WLAN and provide mobility to the end users will likely be battery powered. For this reason. The dozing state lasts a specific interval. Instead. Active Mode When a station is in active mode. It is not uncommon for a laptop user to disable power save features when connected to power so that network communications are more efficient. These operations are briefly explained in this section. and then the station switches to awake so that it can check for cached frames at the AP that are intended for it. much of the wireless NIC is disabled or powered down in order to save battery life. By disabling power save mode on static devices that are always plugged into power outlets. Figure 11-6 shows the device driver interface where power management settings can be configured on a Windows XP client station. Power Save Mode When a station is configured to use power save mode. you may also improve the performance of your WLAN overall. it alternates between two states: dozing and awake. the IEEE has defined a set of power save operations that are implemented in 802. This is because the APs will no longer have to cache frames for any stations in the wireless LAN that have the power save features disabled.460 Chapter 11: Advanced Wireless LAN Models Know that a wireless mesh access layer may share the same wireless medium for client data and for backhaul data. . The actual activity that takes place when a station is configured in power save mode is covered in the section “TIM/DTIM/ATIM” later in this chapter. the radio is left on at all times and frames that are destined for the station do not have to be cached at the AP.

Traffic Indication Map (TIM) Every station that is associated with an AP has an association identifier (AID). In order to implement U-APSD. this AID is used in the power management process. Both unscheduled and scheduled APSD procedures are documented in the 802. or the Ad-Hoc Traffic Indication Message window.11e-2005 amendment. it uses information known as the Traffic Indication Map. The intention of the WMM Power Save procedures is to provide longer battery life in QoS-demanding devices such as VoIP phones. the Delivery Traffic Indication Message.11 station uses power management. The following sections describe these concepts. QAPs (QoS APs) must be used. Within the .Wireless Mesh Access Layers 461 FIGURE 11-6 Power Management Wireless Configuration screen WMM Power Save (U-APSD) The WMM certification includes a power management function known as unscheduled automatic power-save delivery (U-APSD).11e. These are APs supporting 802. TIM/DTIM/ATIM When an 802. In infrastructure BSSs. Devices supporting U-APSD will support both legacy power management (as described in the “TIM/DTIM/ATIM” section) and triggered U-APSD.

When considering power management within a WLAN. Any station in the IBSS having frames buffered for any other station sends a unicast ATIM frame to the station for which the frames are destined. only every nth beacon contains a DTIM. Ad-Hoc Traffic Indication Message (ATIM) As you’ll remember. You’ll remember (from the last chapter) that beacon frames are transmitted at regular intervals. The station is not required to wake at every beacon frame interval and. then all stations would be required to wake for every third beacon. If the DTIM interval were every third beacon. this means that a station can predict when the next and future beacon frames will be transmitted. The recipient of the ATIM frame will acknowledge the frame and remain awake so that it can receive the buffered frames. The station can go into dozing mode and then wake at a time just before a beacon frame is transmitted so that it can inspect the frame to see if any cached frames are waiting at the AP that are destined for its AID. it is important to strike a balance between performance and endurance. While every beacon contains a TIM.11 standard specified the DTIM for managing these frame types. can balance performance versus power saving by waking at longer intervals (say.462 Chapter 11: Advanced Wireless LAN Models beacon frame transmitted by the AP is a Traffic Indication Map (TIM) that is really nothing more than the list of AIDs that currently have frames buffered at the AP. This TIM is used by all stations that are participating in power management and have their power save mode enabled. The ATIM is used in the IBSS WLAN. The AP indicates the DTIM interval to the stations so that they can be awake for every DTIM. The DTIM includes the same information that the TIM contains and additionally contains information about broadcast or multicast frames. This may be every third beacon or some other interval. every third beacon instead of every second beacon). ad hoc WLANs or IBSS WLANs do not have APs. The ATIM is a window of time (known also as the ATIM window) when all stations are required to be awake. While you may be able to . in fact. Stations not receiving an ATIM frame within the ATIM window will go back to dozing after the ATIM window expires. Figure 11-6 shows a slider that can be used to balance power management versus performance. Since this is the case. All stations must be awake when the DTIM is transmitted. Delivery Traffic Indication Message (DTIM) Some frames are intended to go to multiple specific stations (multicast) or all stations (broadcast). something other than the TIM and DTIM must be used to facilitate power management. The original 802.

you may want to lean more toward performance and further away from battery conservation. . you lessen the length of time in which the stations can operate on battery power. Additionally. CERTIFICATION SUMMARY This chapter provided you with an overview of the WLAN topologies and architectures that are available to today’s WLAN engineer.Certification Summary 463 greatly extend battery life by configuring your WLAN stations to wait for longer periods before waking.11 WLAN. For example. this will also degrade the performance of the WLAN. you learned about the power management capabilities of wireless stations in an 802. if you are using a laptop for VoIP communications. Equally. you will likely lean in the opposite direction. The balance is usually found by considering the use of the stations and then setting the power management capabilities accordingly. On the other hand. if you are using a laptop strictly for e-mail and web browsing. when you have the stations wake more frequently.

❑ Centralized WLANs use lightweight APs. ❑ The throughput-per-AP ratio is better for a well-designed MCA WLAN than for an SCA WLAN. ❑ MCA implementations require more time for site surveys and network planning. ❑ Single-channel architecture (SCA) uses proprietary algorithms to avoid co-channel interference. ❑ Multiple-channel architecture (MCA) uses traditional cell-sizing deployment models. Wireless Mesh Access Layers ❑ Mesh wireless access layers use APs that communicate with both clients and the infrastructure using the wireless medium. delays may be too great for real-time technologies such as VoIP or live media streaming. ❑ Like SCA. ❑ MCA implementations can be finely controlled. . ❑ Mesh wireless provides greater redundancy. because the communication routers are built dynamically among the mesh APs. ❑ MCA WLANs suffer from more co-channel interference than most SCA WLANs. mesh access layers require less planning. ❑ When multiple mesh hops exist between the clients and the infrastructure. but they will require ongoing tweaking as the environment changes.464 Chapter 11: Advanced Wireless LAN Models ✓ TWO-MINUTE DRILL Define WLAN Architectures ❑ Distributed WLANs use autonomous APs. but they are self-adjusting to environmental changes. ❑ The backhaul and the client services run across the wireless medium. ❑ SCA implementations may require the purchase of more hardware. which results in overengineering. ❑ SCA implementations are controlled algorithmically.

B. Which of the following are potentially positive aspects of MCA implementations? (Choose two. Shorter site survey times C. Shorter site survey times C. SCA D. WiMAX 3.) A. Longer site survey times B. Extensive overengineering 4. Mesh D. More ongoing maintenance D. MCA C. Which of the following are potentially negative aspects of MCA implementations? (Choose two. Less overengineering D. Read all the choices carefully because there might be more than one correct answer. Define WLAN Architectures 1. Next generation 2. Distributed B. More overengineering is possible. Greater control for the engineer B. . Improved security 5. Centralized C. Choose all correct answers for each question. Site surveys take longer. More APs may be required. C. What kind of WLANs use thick or fat APs? A. D. A wireless technology professional is calculating cell sizes for a WLAN deployment. Which one of the following is not a potentially negative aspect of SCA implementations? A. SCA B.Self Test 465 SELF TEST The following questions will help you measure your understanding of the material presented in this chapter. Less control is given to the engineer. What kind of architecture is she most likely prepping for? A.) A.

More control is given to the engineer. What functions are performed by the APs in most SCA implementations? A.11g APs in the same area without causing co-channel interference? A. Because they work well for representation in diagrams C. 75 to 80 percent of the 802. Because 802. What is a benefit of the SCA solutions provided by many vendors? A.11 MAC layer functions C. Autonomous 8. The entire 802. Fat D. Because AP/antenna pairs create coverage cells in exact hexagonal patterns B. What kind of APs are used on centralized WLANs? A. How many non-overlapping channels exist in the 2.11g APs provide shorter communication time slices C. Because the engineer enabled the “Use Hex-Radiation” setting in the APs D. Why can you place more 802. SCA is more standards-based than MCA. Why do MCA implementations use hexagons to represent the coverage patterns of AP and antenna pairs? A. 3 C. 1 B. Simple radio functions B.11a APs provide more non-overlapping channels 11.11 MAC layer functions D. Because 802. 5 D. Because 802.11? A. 7. 56 10. Lightweight B.466 Chapter 11: Advanced Wireless LAN Models 6. D. Fewer APs are needed to cover the same area as MCA.4 GHz spectrum used by 802. Thick C. B.11a APs than 802. Because 802.11a APs provide shorter communication time slices D. Only Network layer functions 9.11g APs provide more non-overlapping channels B. C. Because SCA radiates in a star pattern . Site survey time is greatly reduced.

Clients only C. Output power D. In a mesh wireless access layer. with what devices do the APs communicate using the wireless medium? A. The existence of multiple mesh hops B. What solution will you recommend and why? .000 square feet on a single floor. The single facility includes 27. The existence of a single mesh hop 15. Neither APs nor clients 14. High-gain antennas LAB QUESTION You are installing a WLAN for a medium-sized organization. and they do require fast roaming. Redundancy B. Antenna gain Wireless Mesh Access Layers 13. what can you adjust to fine-tune an MCA implementation? A. What scenario may result in the inability of mesh wireless access layers to service real-time applications such as voice and media streaming? A. Other APs only B. In addition to spacing AP and antenna pairs sufficiently apart. Other APs and clients D. What is a primary feature of mesh wireless access layers that is not included in most MCA solutions? A.11 protocols C. the organization does not want a site survey.Self Test 467 12. WPA settings B. 802. The entire space must be covered by the WLAN. Fragmentation threshold C. Due to time constraints. The implementation of MCA D. Wired backhaul D. The implementation of SCA C.

® B and D are incorrect. C. Distributed B. MCA uses cell sizing. Extensive overengineering ✓ ® A and C are correct. 802. Centralized WLANs use lightweight APs or access ports. SCA ˚ uses a lightweight type of AP that only acts as a radio and antenna. What kind of architecture is she most likely prepping for? A.). fat. A wireless technology professional is calculating cell sizes for a WLAN deployment. What kind of WLANs use thick or fat APs? A. More ongoing maintenance D. ® B. MCA C. Shorter survey times is a benefit of SCA. WiMAX ✓ ® B is correct. SCA D. Mesh D. SCA B. MCA may require more ongoing maintenance due to environmental changes. and D are incorrect. ® A. MCA does not require ˚ overengineering but is actually more precise than SCA. 2. or autonomous APs. Shorter site survey times C. . 3. Longer site survey times B. Next-generation wireless LANs refers generically to everything new (SCA. MCA requires more effort in the site survey due to complex cell sizing. Mesh does not use cell sizing. Next generation ✓ ® A is correct. Centralized C. C. Which of the following are potentially negative aspects of MCA implementations? (Choose two. SCA does not use cell sizing. etc.468 Chapter 11: Advanced Wireless LAN Models SELF TEST ANSWERS Define WLAN Architectures 1. Distributed WLANs use thick. and D are incorrect.11n.) A. ˚ WiMAX is not a WLAN technology but rather a wireless MAN solution.

MCA provides greater control for the engineer and less overengineering. Access ports may also be used. C. C. Autonomous ✓ ® A is correct. ® B and D are incorrect. D. Longer site survey times are usually seen by MCA. C. Less overengineering D. Which one of the following is not a potentially negative aspect of SCA implementations? A. ® B. More control is given to the engineer. ® A. but not SCA. Shorter site survey times C. and D are incorrect. More overengineering is possible. Which of the following are potentially positive aspects of MCA implementations? (Choose two. C. 5. Site surveys are actually shorter for SCA. Fat D. B. and D are incorrect. Thick C. Lightweight B. SCA is more standards-based than MCA. Improved security ✓ ® A and C are correct. not shorter. D. and D are incorrect. These APs are used in distributed WLANs. ✓ ® B is correct. ® A. Fewer APs are needed to cover the same area as MCA. Less control is given to the engineer. ˚ . These statements are all true of MCA.Self Test Answers 469 4. What is a benefit of the SCA solutions provided by many vendors? A. These are all potentially negative aspects of SCA.) A. C. Site survey time is greatly reduced. ˚ There is no security difference between MCA and SCA. Lightweight APs are used in centralized WLANs. ˚ 6. Greater control for the engineer B. ✓ ® B is correct. More APs may be required. What kind of APs are used on centralized WLANs? A. ˚ 7. Site surveys take longer. Site survey times are greatly reduced. B.

Because 802. C. 802. 5 D. Only Network layer functions ✓ ® A is correct. Why can you place more 802.11g APs provide more non-overlapping channels B.11g APs provide shorter communication time slices C.11a APs do provide far more non-overlapping channels than 802.11g APs provide fewer non-overlapping channels than ˚ 802. SCA implementations perform the MAC-layer and upper-layer ˚ functions (including the Network layer) at the WLAN controller or switch.11g APs. What functions are performed by the APs in most SCA implementations? A. and C are incorrect. How many non-overlapping channels exist in the 2. The entire 802.11 networks.11a APs than 802. There is no such concept as communication time slices in 802.4 GHz ISM band provides three non-overlapping channels.11a APs provide more non-overlapping channels ✓ ® D is correct. 11.11g APs in the same area without causing co-channel interference? A.11a APs. ® A. 1 B. and D are incorrect. Because SCA radiates in a star pattern . Because 802.4 GHz spectrum used by 802. 802. B. 75 to 80 percent of the 802. Because the engineer enabled the “Use Hex-Radiation” setting in the APs D.11 MAC layer functions C. 3 C. The 2.11? A. ˚ 10. C. Because they work well for representation in diagrams C. Why do MCA implementations use hexagons to represent the coverage patterns of AP and antenna pairs? A.11 MAC layer functions D. These answers are simply incorrect. and D are incorrect. Most SCA implementations use the APs as simple radios and antennas. Because 802.11a APs provide shorter communication time slices D. Because AP/antenna pairs create coverage cells in exact hexagonal patterns B. 9. Because 802. ® B. Simple radio functions B. ® A.470 Chapter 11: Advanced Wireless LAN Models 8. 56 ✓ ® B is correct.

and D are incorrect. with what devices do the APs communicate using the wireless medium? A. SCA does not radiate in a star pattern. Wireless Mesh Access Layers 13. WPA settings B. They simply look good in reports. Other APs and clients D.Self Test Answers 471 ✓ ® B is correct. WPA settings impact security and not coverage. C. ® A. In a mesh wireless access layer. Fragmentation threshold C. The implementation of SCA C. what can you adjust to fine-tune an MCA implementation? A. but SCA radiates in patterns identical to MCA. ® A. Neither APs nor clients ✓ ® C is correct. The implementation of MCA D. ® A. Antenna gain ✓ ® C is correct. Mesh access layers use the wireless medium for communications with both the clients and the other APs. Output power D. The existence of multiple mesh hops B. ˚ There is no such setting as “Use Hex-Radiation” in any AP. B. APs do not create cells in hexagonal patterns in any environment. Other APs only B. Hexagons should not be taken literally. These answers are simply incorrect. it can only be changed by replacing the antenna. ˚ 14. The existence of a single mesh hop . SCA is simply managed differently. What scenario may result in the inability of mesh wireless access layers to service real-time applications such as voice and media streaming? A. Clients only C. Fine-tuning of a WLAN cell can be achieved by adjusting the output power settings. Antenna gain cannot be “adjusted”. and D are incorrect. and D are incorrect. 12. In addition to spacing AP and antenna pairs sufficiently apart. The fragmentation ˚ threshold determines when frames should be fragmented and does not impact coverage. B.

the delay may be too great for real-time applications. . High-gain antennas ✓ ® A is correct. and D are incorrect. and they do require fast roaming. What is a primary feature of mesh wireless access layers that is not included in most MCA solutions? A. Redundancy B. What solution will you recommend and why? The following represents one possible solution to the lab. C. Wired backhaul D. The existence of ˚ a single mesh hop is usually acceptable for real-time communications. MCA solutions do use the 802.11 protocol. The SCA solution would require little in the way of a site survey and would allow for fast and secure roaming. 15. as the WLAN clients are unaware that roaming is actually occurring. Redundancy is a primary benefit of most wireless mesh access layers. SCA and MCA are not mesh solutions. Due to time constraints.000 square feet on a single floor. The single facility includes 27. 802.Your answer may vary. and support high-gain antennas.472 Chapter 11: Advanced Wireless LAN Models ✓ ® A is correct. The entire space must be covered by the WLAN. The size of the coverage area is irrelevant to an SCA solution. You may recommend using an SCA solution. When multiple wireless mesh hops exist between the client and the network infrastructure. C.11 protocols C. the organization does not want a site survey. implement a wired ˚ backhaul. ® B. You would simply need to ensure that the selected vendor supports fast roaming with its mesh solutions. ® B. An alternative solution may be to implement a wireless mesh access layer. LAB ANSWER You are installing a WLAN for a medium-sized organization. and D are incorrect.

A Wireless LAN Case Studies .

Certifications such as the Certified Wireless Technology Specialist. including ■ The problem ■ The solution ■ The implementation V As the implementation is presented. you will be presented with three case studies. network extensions. and Certified Ethical Hacker can also help prepare you for vendor-specific certifications such as CCNA Wireless and the Check Point Certified Security Administrator (CCSA). These case studies serve as a learning experience in lieu of hands-on opportunities. Convergence+.474 Appendix A: Wireless LAN Case Studies endor-neutral certifications provide an exceptional way to prepare for work in and prove knowledge related to an industry. If you are a seasoned professional in wireless networking and you’re using this book as a guide to refresh your memory for the CWTS exam. the basic steps taken in the site survey are offered. and they also sometimes face challenges similar to enterprise installations. one of the most difficult aspects of a vendor-neutral certification is the application of knowledge to real-world scenarios. and building-to-building links. the knowledge gained through earning the certification can quickly be lost. the testing and optimization phase is presented with coverage of final setting adjustments or last-minute tweaks required to make the network perform well. Each case study provides a learning experience applicable to three key applications of wireless technology: SOHO installations. These three applications also cover the majority of the concepts tested on the CWTS exam. . Performing a SOHO Implementation Small office and home office (SOHO) installations face challenges that are unique to the market. I’ve written this Appendix to help overcome this problem. However. In the following pages. Please remember that many CWTS candidates are working with wireless solutions for the very first time. All three case studies begin with an explanation of the application type and then move quickly to cover three learning areas related to that application. Without the application to specific hardware and software or practical scenarios. this information is followed by a summary of the actual installation and any problems encountered. Finally. you may find the examples in this Appendix rather simple.

The plaza is shown in Figure A-1. Jill has indicated that Internet connectivity is important and that they already have a DSL router providing approximately 2 Mbps of bandwidth. Ohio.Performing a SOHO Implementation 475 The following list represents challenges that are either unique to SOHO wireless installations or that are not universal to all wireless networks: ■ Neighbor network negotiations ■ Small IT staff. . I want to address one of the items here to ensure understanding. They lease space in a storefront plaza totaling 2360 square feet. Terry has decided to implement a wireless network. Jill states that all of this space must be covered. however. The company provides pet grooming services and offers an entire inventory of pet care products. Most enterprise headquarter installations take place on large. the facility is separated into three rooms: a main entry room. The Problem Jill and Terry run A-Z Pet Kare in New Des Moines. they certainly are not required in most enterprise headquarter installations. This separation allows for better (clear and quiet airwaves) wireless environments. The new network will allow him to carry a Pocket PC with him as he moves from area to area with customers. In order to better track their work. The following case study presents just such a scenario. These networks must frequently be implemented in noisy environments. This Pocket PC will run an application allowing him to check pricing and inventory as well as update the inventory from any location. neighbor network negotiations fall into that category of non-universal challenges. the pet grooming room. but she wants to be able to connect from her laptop so that she can update the A-Z Pet Kare Web sites with information about customer pets regardless of her current location in the facility. While it is entirely possible that enterprise installations will require neighbor network negotiations. SOHO installations often work in the exact opposite environment. For this reason. It’s much easier to plan a wireless network when you don’t have to address interference issues from neighboring networks. and a pet boarding room while the pets await their owners’ return. if any ■ Lower technology budgets ■ Less tolerance to financial loss Each of these factors will be present in the case study outlined in this section. While the space is small. dedicated campuses that are sufficiently separated from other buildings. It is a simple application requiring manual input from the user for all inventory management. That item is neighbor network negotiations. She says this is plenty of bandwidth.

this implementation starts with a proper site survey. Jill and Terry have communicated the following requirements: ■ They want to be able to assure their customers that customer information is secure. ■ Jill and Terry want to be able to access the network from home using their Internet connection. The laptop supports 802.476 Appendix A: Wireless LAN Case Studies FIGURE A-1 A-Z Pet Kare lease location Jim’s Books Great Subs A-Z Pet Kare Parking Area ProperAid In addition to these issues.11b/g networks. The only special hardware or software required is a VPN solution for connectivity from home. Now that the decision to implement a standard WLAN is final. but this connection must be secure. Of course. ■ The WLAN must work with the wireless radio built into Jill’s laptop. ■ The wireless network should not interfere with neighboring networks and cause inter-company conflicts. The Solution Based on the information presented by Jill and Terry. implementation can begin. . a standard WLAN should suffice.

Regardless of size. a site survey must be performed in order to ensure that the WLAN can operate as desired and to discover the best way to implement it. channel 6 was already utilized by two networks and both networks seemed to have strong signals. After monitoring for a few minutes. Finally. the wireless technology specialist can perform the installation. Following the site survey. Figure A-2 represents the wireless activity as discovered at the time of the survey. Site Survey Since the A-Z Pet Kare wireless network was a small installation. the engineer learned a number of important things about the environment. During the survey. a simple site survey was performed. Once the engineer determined that channels 1. 6. the network should be fully tested and optimized. the first step is the site survey. and 11 were all in use within the needed coverage area. the engineer immediately ruled out those channels. The next step was to look at channels 1 and 11 and find out which network’s signal was weaker from within the A-Z Pet Kare facility. he began the process of locating the different networks. As Figure A-2 shows. For this reason. the engineer determined that both channels 1 FIGURE A-2 NetStumbler detecting WLANs . The engineer ran NetStumbler on a laptop computer in order to find local WLANs that may cause interference or demand special considerations when installing the A-Z Pet Kare WLAN.Performing a SOHO Implementation 477 The Implementation With any WLAN implementation.

Because each company had two APs very close to each other and configured for adjacent channel usage. the engineer’s communications worked and the surrounding organizations adjusted FIGURE A-3 WLAN activity before installing the A-Z Pet Kare network AP on Channel 1 AP on Channel 6 Great Subs A-Z Pet Kare Jim’s Books Parking Area AP on Channel 6 ProperAid AP on Channel 11 . it is very important in negotiations such as these that the engineer clearly communicates that he or she will not be performing the reconfiguration. He pointed out to ProperAid and Jim’s Books that their networks were both configured in such a way that they were causing adjacent channel interference with themselves. With a better picture of the wireless activity. He explained that they would both be better off if they used channels 1 and 11. The interference is not critical. their performance was suffering. To do this. Of course. the engineer needed to discover the source of the network signals for channels 1 and 11. the engineer could negotiate with either of the organizations in order to acquire frequency space for the new A-Z Pet Kare WLAN.478 Appendix A: Wireless LAN Case Studies and 11 have SNRs (signal-to-noise ratios) fluctuating between about 6 and 12. he simply walked around with his laptop and observed as the signal strength increased or decreased for each channel. the engineer decided on a different negotiation tactic. but that he can provide suggestions for those who will be doing the work. In order to negotiate with the WLAN owners. Since the networks provide about the same level of signal coverage in the intended space. In this case. Figure A-3 shows the results of the engineer’s efforts. but the networks will perform better without it.

The latter solution would normally be acceptable.Performing a SOHO Implementation 479 their networks. The WLAN router was not compatible with PoE standards. if it is not enabled by default. and the A-Z Pet Kare network was no different. Additionally. the ProperAid and Jim’s Books networks were far enough apart that with the new channel settings and the output power levels set appropriately. they did not interfere with each other. this solution was less expensive than implementing a PoE device. you will encounter problems. from whom Jill and Terry were leasing the space. ■ Configure the wireless network to use WPA2-PSK with a 20-character passphrase. since it is more common to have Power over Ethernet (PoE)–capable switches in enterprise environments. In a large enterprise installation.11g wireless router on channel 6 in the center of the 2360-square-foot space. During the site survey. ■ Enable backward compatibility with 802. The following plan was devised for the A-Z Pet Kare wireless network: ■ Install an 802. PoE is seldom included in the switches. the engineer had noted a power outlet in the middle of the coverage space and on the ceiling. as no power had been run to the power plug. and the cost of purchasing one that would be compatible was well outside the available budget. Since he paid for the power line. but it was actually a façade. the building owner. The engineer assumed the power outlet worked. this problem may have been much smaller. ■ Use standard omnidirectional diversity antennas. For this reason. However. but this SOHO installation was different. In fact. As the engineer was installing the wireless router. This change completely freed channel 6 for his client to utilize. This action will provide compatibility with the Pocket PC device. in a SOHO implementation. apologized for the inconvenience and hired an electrician to run the power line at his cost. since most SOHO switches are simple consumer-grade switches or less capable business-class switches.11b. ■ Ensure that the wireless router supports VPN connections. The engineer had two methods for solving the problem: run the power line to the power outlet or purchase and install an inline PoE power injector. Of course. the engineer had verified that they would not cause problems for other networks. . the engineer chose to have the power line run to the outlet. he encountered a power supply problem. Installation During most WLAN installations.

the engineer found that the WLAN router had not been configured with the proper routing information to reach the server. He was able to connect to the VPN server within the WLAN router without any problems. and the data rate was more than acceptable from each location. Next. the network install was complete. Figure A-4 shows the resulting network. Next. the engineer began the testing process.480 Appendix A: Wireless LAN Case Studies With the power outlet repaired. he used his 3G wireless card to connect to the Internet and test the VPN connection. the engineer installed the configured WLAN router (the radio was set to channel 6 and the WPA2-PSK passphrase was entered) and mounted it on the ceiling in the center of the coverage area. he reconfigured the DSL router to forward VPN connections to the WLAN router so that the internal VPN server could be utilized. On further inspection. he created the accounts on the WLAN router that could be used for VPN connections—one for Jill and one for Terry. He used his laptop computer and NetStumbler to view the signal strength from each location within the intended coverage space. however. FIGURE A-4 Customer Management Server Terry’s Desktop Computer Final A-Z Pet Kare network Wired Switch Internal Wired Router DSL Router Terry’s Pocket PC WLAN Router Jill’s Laptop . Finally. With this last change. he was not able to access resources on the server located in the office. Testing and Optimization With the network installed. The coverage was complete.

He was converting a building that was configured for a mixture of warehousing and office space into mostly office space. The Problem John is the owner of a manufacturing company that was experiencing explosive growth. to run a connection into a new area can cost anywhere from several hundred to many thousand dollars.Extending an Existing Network 481 Extending an Existing Network Network extensions can be very costly when cable runs are required. Figure A-5 shows the size and wired network coverage provisions when the project began. few organizations will accept this method as a feasible installation. In the future. In the end. The space labeled as “Area needing wired ports” was used for storage until this conversion began. due to the cosmetic frustration of such a solution (and the greater likelihood of cable damage). the 75-foot space between the two areas will be used for storage and the two areas on either side will be used for office space. If not for the desire for cosmetically appealing solutions. All of this makes wireless network extensions very appealing. FIGURE A-5 500 Feet Current and needed wired networking ports Area with wired ports 75 Feet Area needing wired ports . the cable could be run along the junction of the floors and walls. However. and costs could be reduced. Additionally. cable runs are limited to approximately 100 meters without the use of repeaters or additional switches.

11a (OFDM) wireless APs that can be configured in bridge mode and use them to create the network extension link. ■ The wireless link must be secure. standard APs running in bridge mode were selected. in a space separated from other companies and networks.11a channels were free for use. ■ The entire project cannot cost more than $2000. ■ The wireless network extension must not interfere with the 802. The desire to avoid interference with the 802. as sensitive company information will be traversing the link between the original wired network and the new wired network extension. all of the 802. The Solution Due to the nature of the installation and the cost constraints. . To keep the budget low. The site survey must verify that the frequency space needed is available and that sufficient RF line of sight exists between the original network and the new extended area.11a devices.11b portable devices was the driver behind the choice of the 802. but he had heard that network extensions could be implemented with wireless solutions. The Implementation The implementation of the wireless network extension role is usually one of the simpler installations.482 Appendix A: Wireless LAN Case Studies John did not want to use wireless networking as the access method for the office workers. The following constraints were included in the initial request: ■ Wireless access will not be provided for office workers. the engineer verified the RF activity in the implementation area. Using a Wi-Spy DBx device. which supports spectrum analysis in the 5 GHz band.11b portable devices used for inventory management. As usual. He wanted to perform an installation of just such a network. and her laptop she determined that no significant activity was present. the solution was simple: purchase two 802. Site Survey During the site survey. instead of purchasing more expensive specially designed WLAN bridges (which range from $300 to $5000).

Apparently the RF cable was absorbing more of the signal amplitude than expected. Once the devices were configured. since this area would contain the new entry doors into the warehouse. The other laptop was configured with an FTP client that reported the throughput of the connection. . she determined that absolute line of site would not be needed. she noticed that the link was weaker than expected. In actuality. She indicated that the APs should be installed within the office space and that RF cable should be run to antennas installed in the 75-foot barrier space that would eventually be used for warehouse storage. the engineer used a laptop on either end of the link. they were taken onsite to perform the installation. the engineer noted a throughput rating of approximately 22 Mbps. Installation The installation went smoothly with only a minor problem. However. since the link had to travel only about 75 feet from antenna to antenna. Drawing on this information. she decided to install the APs closer to the lower walls in the diagram. Her first inclination was to install the antennas in the center of the warehouse area. In order to comply with the company’s request. After the engineer installed the APs and ran the RF cables to antennas mounted on the walls within the warehouse area. She also determined that semidirectional antennas would be sufficient as long as the dBi was 12 dB or greater. the APs were configured to use a preshared key with WPA2. The engineer configured the 802. she learned that the middle area would be full of metal shelving in dozens of rows. but after talks with the warehouse manager. One laptop was configured with an FTP server and a larger 100MB file for downloading.Extending an Existing Network 483 Next. Figure A-6 shows the resulting implementation. this throughput was deemed sufficient.11a APs while offsite and tested their connections before visiting the client site. Testing and Optimization In order to test the link for effective operations. After downloading the file. she looked at the location to ensure RF line of sight was present. This problem was easily resolved by adjusting the output power setting on the APs. Given the number of users in both spaces and need for communications across the link. the lower area—as seen in Figure A-6—would be open.

The link will span a distance of approximately 0.11g wireless bridges from Cisco. The new location is strategically located next door to their largest client. The requirements are few but important: ■ The throughput available on the link must never drop below 10 Mbps. he wants to create a wireless link using license-free technology based on 802. WPA or WPA2 with preshared keys is not acceptable. The owner of the company wants to connect the new location with the old location to form a single network. The Problem The Systems Education Company has just opened a new office location. ■ The link must be available 24×7. Instead.4 miles. he does not want to pay the high cost of leased lines and he does not want to use the Internet as the backbone for a VPN connection. This recommendation is based on preliminary analysis that showed heavy 802. however.11a activity at one end . The Solution The engineer recommends 802.11 standards. ■ The link must be very secure.484 Appendix A: Wireless LAN Case Studies FIGURE A-6 500 Feet Final network extension implementation Area with wired ports Area needing wired ports Wired Router AP in bridge mode AP in bridge mode Wired Router Creating a Building-to-Building Link It’s interesting to note that building-to-building links are very much like network extensions. The key difference is that they tend to span greater distances.

This printout helps the engineer locate potential interference sources in the line of the link. The Implementation The sensitivity of longer-distance outdoor links demands that a detailed site survey be performed. thorough testing should be performed to ensure consistent operations. the engineer first visits an online mapping site to view the space between the two endpoints of the building-to-building link. Figure A-7 shows the annotated map from maps. Additional issues such as blocking buildings or trees may also need to be addressed.com. In order to provide more accurate specifications. After the link is created. Site Survey To begin the site survey. the engineer says that a link budget site survey would be needed. FIGURE A-7 Map of the link route . He further recommends that certificate-based authentication and encryption be utilized for the connection.Google.Creating a Building-to-Building Link 485 of the link.

. The line of sight is clear even from a standing position on top of both buildings. Installation Before the engineer can install the antennas at each location. The laptops are installed and configured to run tests for 24 hours. however. building codes must be checked. A 15-foot pole on top of the existing building will be approximately 34 feet tall. To make the installation go as quickly as possible. The resulting link is able to communicate at 36 Mbps due to the use of high-gain antennas. They each use their cell phones to communicate with each other while using low-powered telescopes to view the line of sight. One potential problem area stands out during the drive. This block introduces several trees that may cause problems in the future. the engineer drives the route between the two points. This action will result in less than 5 percent first Fresnel zone blockage. Next. The link was monitored over the next year periodically to ensure consistent communications during seasonal changes. An engineer travels to each end of the link and installs the bridge and antenna. noting any possible problem areas such as tall trees that could result in interference in the future. Testing and Optimization At each end of the link. This data rate should result in throughput at approximately 19–22 Mbps. including the building. On return the next day. One engineer is located at each end of the link. To resolve this issue. This blockage is mostly due to the elevation of the rightmost building in Figure A-7. the engineers align the antennas using a simple signal strength–based alignment tool. is less than 40 feet. The engineer simply notes this fact so that he will remember to calculate extra clearance for them. the engineers note that the data rate never dropped below 36 Mbps and the throughput was consistently between 18 and 24 Mbps. the engineer plans to install the antenna for the rightmost building on a mounting pole that is approximately 15 feet high. the engineers calculate that approximately 35 percent of the first Fresnel zone is blocked by buildings or trees. and that is the last block between the two buildings on the right side in Figure A-7. since the leftmost building is nearly twice as tall. and it continues to operate effectively. the engineers connect laptops to test the throughput and consistency of the link. The engineer speaks with the county engineer’s office and discovers that no permit will be needed in order to install a pole for antenna mounting as long as the pole height. the WLAN bridges are preconfigured offsite. The next phase of the site survey requires assistance.486 Appendix A: Wireless LAN Case Studies Next.

B About the CD .

MasterExam MasterExam provides you with a simulation of the actual exam. however. To run MasterExam use Start | All Programs | LearnKey | MasterExam. the type of questions.488 Appendix B: About the CD T he CD-ROM included with this book comes complete with MasterExam and the electronic version of the book. including hints. browse the electronic book and the CertCam video training directly from the CD without installation. You may. browse to the CD and click on the LaunchTraining. You have the option to take an open-book exam. From the opening screen you may install MasterExam by clicking the MasterExam link. Installing and Running MasterExam If your computer CD-ROM drive is configured to auto run. a digital clock display will appear in the bottom right-hand corner of your screen.exe icon. references. When you launch MasterExam. . If the auto run feature did not launch your CD. or the timed MasterExam simulation. The number of questions. the CD-ROM will automatically start up upon inserting the disk. The electronic book requires Adobe Acrobat Reader. This will begin the installation process and create a program group named LearnKey. and answers. a closed-book exam. simply click the Bonus MasterExam link on the main launch page and follow the directions to the free online registration. and the time allowed are intended to be an accurate representation of the exam environment. The software is easy to install on any Windows 2000/ XP/Vista computer and must be installed to access the MasterExam feature. System Requirements Software requires Windows 2000 or higher and Internet Explorer 6. To register for the bonus MasterExam. The clock will continue to count down to zero unless you choose to end the exam before the time expires.0 or above and 20MB of hard disk space for full installation.

com.exe file.avi clips are recorded and produced using TechSmith’s Camtasia Producer. If the . Help A help file is provided through the help button on the main page in the lower lefthand corner.mhprofessional.avi clips provide detailed examples of key certification objectives in audio video format direct from the author of the book.service@mcgraw-hill. use the Start | All Programs | LearnKey| Uninstall option to remove MasterExam. Electronic Book The entire contents of the Study Guide are provided in PDF.avi codec to compress the clips. Removing Installation(s) MasterExam is installed to your hard drive. For customers outside the fifty United States. or CertCams please visit www. ExamSim uses TechSmith’s special . Adobe’s Acrobat Reader has been included on the CD.CertCam Video Training 489 CertCam Video Training CertCam . For best results removing programs. You can access the clips directly from the CertCam table of contents by clicking the CertCam link on the main launch page.avi clips can be very large. Because . Technical Support For questions regarding the content of the electronic book.com. . MasterExam. The file named tsccvid.com or email customer. These clips walk you step-by-step through various system configurations. An individual help feature is also available through MasterExam.dll is copied to your Windows\System folder during the first auto run. email international_cs@mcgraw-hill. The CertCam .avi clip runs with audio but no video. and double click on the tscc. Browse to the Programs\CertCams folder. you may need to re-install the file from the CD-ROM.

490 Appendix B: About the CD LearnKey Technical Support For technical problems with the software (installation. please visit www.com.learnkey. or call toll free 1-800-482-8244. operation. email techsupport@learnkey.com. removing installations). .

Glossary .

11a.1X authentication.11b nor 802.11g Similar to 802.11b are compatible in that both client types can connect to an 802. 802.11-based wireless networks.11 802. and 802. FHSS.11a standard is an amendment to the original IEEE 802.11b PHY as the HR/DSSS PHY.11i utilizes 802.11 technologies.11-based network. 3DES uses DES encryption three times with three key variants.11 standard and specifies use of the unlicensed 5 GHz band. including 802. 802. 802. which uses .11a The 802.11e Defines a set of Quality of Service (QoS) standards for 802. 802.11b. 802.11i provides recommendations for stronger security in an 802. operate. These standards are intended to provide optimized and prioritized bandwidth for network-intensive applications such as streaming media and Voice over IP.11g access point (AP) when the AP is configured in mixed mode.11b. and Infrared. The CWNP program refers to the 802. This standard supports data rates of up to 54 Mbps and uses OFDM technology.11a PHY as the OFDM PHY. 802.11g. The original 802. Simplified. 802. 802.11 standard uses a form of OFDM modulation for wireless communications called the extended rate PHY (ERP). This IEEE amendment to the 802.4 GHz band and provides up to 54 Mbps data rates. 802.11b A revision of the IEEE 802.11g is compatible with 802.11 specification provided for lower-bandwidth capabilities of 1 and 2 Mbps and specified the medium access control and physical layers of DSSS.11g works in the 2.11 standard defining the use of high rate/ direct sequence spread spectrum (HR/DSSS) and supporting data rates up to 11 Mbps.11 is the base standard specified by the IEEE on which all 802. and each key is 64 bits in length.492 Glossary 3DES An encryption standard based on the Data Encryption Standard (DES) that uses stronger keys and key processing and is still supported by many systems today.11g PHY as the ERP PHY. The CWNP program refers to the 802. Neither 802.11i Referred to as WPA2 by the Wi-Fi Alliance. 802. 802.11g and 802.11i recommends the use of AES encryption and helps to prevent attacks that are easily formed against the older WEP specification. The CWNP program refers to the 802. 802.11a. 3DES is mostly used with VPNs in wireless LANs.

in which only one antenna is used at a time.1X An IEEE standard for port-based access control. 802. active gain In a wireless network. Utilizing various implementations of the Extensible Authentication Protocol (EAP). This term should not be confused with antenna diversity. The popular term for this solution is multiple input/multiple output (MIMO). In active mode. Preshared keys (PSKs) may also be used. 802. Active mode is specified in the 802. 802. and an authentication server such as a RADIUS server. absorption The process in which radiated RF energy is retained by material rather than reflected off or passed through. access point (AP) A device that provides (wireless) access to a wired network and/or the Internet.Glossary 493 some form of the Extensible Authentication Protocol (EAP).1X provides the authentication framework to determine if a client should be allowed access through a wired or wireless port. It is an actual increase in the RF signal amplitude before entering the antenna.11 standard. The standard provides access through the port if authentication succeeds and denies access should authentication fail. active mode One of two power management modes in which a wireless client may operate.11n Multipath has traditionally been viewed as a problem in wireless networks. the gain that is caused by an amplifier.11n PHY as the HT PHY. as multiple antennas are used for communications. . 802. RF energy can be absorbed into moisture in the air or visible physical objects. An AP may also act as the center of a wireless-only network when no wired networks are present. the wireless client is always powered on and listening for wireless communications intended for the device. Many APs can also act as bridges and repeaters by changing a configuration setting. Their aim is to provide standards for deployment of wireless metropolitan area networks (WMANs). The CWNP program refers to the 802. but 802.11n devices will take advantage of this to increase bandwidth through spatial multiplexing using the new high-throughput (HT) physical layer (PHY).16 The IEEE broadband wireless access working group.

AES is based on the Rijndael cipher. . amplification The increase in amplitude of an RF signal. With 802. The antenna receives AC signals from the transmitter and propagates them as RF waves. AES limits Rijndael in that AES uses keys of 128. among other things. 192.11i standard devices. association The relationship that is created between a wireless client and the access point. Attenuation is the weakening of a signal’s amplitude. 128-bit AES is used. attenuation The opposite of amplification. It also receives RF waves and transmits them to the receiver as AC signals. Only one antenna is used at a time.494 Glossary ad hoc mode A mode of operation for Wi-Fi networks in which devices communicate directly with each other without the use of an access point. Advanced Encryption Standard (AES) Also known as Rijndael.S. Also known as an independent basic service set (IBSS). attack surface A term used to reference the totality of the attack points in your network or system. The amplitude of an RF wave increases as the signal power increases. antennas propagate the radio frequency waves into the air and receive them from other antennas. However. amplitude The strength or power of any wave. and 256 bits in length and Rijndael can use keys in any multiple of 32 bits. and this should not be confused with MIMO or 802. antenna diversity The use of multiple antennas to overcome multipath problems. antenna A device that transmits and/or receives radio signals. In a wireless network.11n. government for encryption purposes and is used by WPA2 or 802. AES is a block cipher adopted by the U. with a low of 128 and high of 256 bits.11i or WPA2. Attack surface reduction is the reduction of this surface size by removing unneeded systems and/or interfaces.

and others divide each channel into subcarriers or subchannels. In an infrastructure network (having an access point). the access point (AP) and/or wireless controller is usually the authenticator. Some wireless technologies use the entire channel as a single carrier. basic service set identifier (BSSID) Not to be confused with the SSID. channel A defined frequency range used for communications in wireless networks and with wireless devices. it is the process a station uses to provide its identity to another station (such as a client to an access point). authentication server (AS) The server. In an ad hoc network. The IEEE 802. Conflicts are avoided by placing each wireless AP on a channel that is sufficiently separated from the other channels used in the same cell or coverage area. .1X authentication. the BSSID is a unique identifier that is used to identify a unique network of Wi-Fi devices. it offers a 32-bit bus and is based on PCI. colocation The act of placing multiple wireless infrastructure devices in the same coverage area while avoiding conflicts. the first station in the IBSS (independent basic service set) generates a random 48-bit value for the BSSID. Two forms of the BSS exist: ad hoc and infrastructure.1X implementation. CardBus An interface available on most newer laptop computers. authenticator The proxy device that grants or denies access to a network based on 802. In a wireless network. basic service set (BSS) A group of Wi-Fi (802. that authenticates the clients. in an 802. co-channel interference Interference caused by using the same channels to deploy different networks in overlapping cells or coverage areas. PCMCIA devices usually function in a CardBus slot. Similar to PCMCIA in form factor. In a wireless network.11 standard defines two forms of authentication for wireless LANS: open system and shared key. the MAC address of the access point is used. RADIUS servers usually play the role of the authentication server. In a wireless network.Glossary 495 authentication The process of identity verification.11) stations that function as a wireless network.

In the technology community. Zero decibels is ten to the power of zero tenths. It is a symmetric encryption algorithm. or ten. given the directionality of the antenna. cracker A person using hacking skills to perform illegal or unethical activities. meaning it uses the same algorithm to encrypt as it uses to decrypt. Three decibels is ten to the power of three tenths. dBi A relative measurement of the gain of an antenna. The gain is compared to that of a theoretical isotropic radiator. in PDAs. it doubles the output power of the RF energy in the intended direction of propagation. This encryption standard has been replaced by the Advanced Encryption Standard (AES). denial of service (DoS) An attack designed to overwhelm or shut down a system so that service is denied to valid users. dBm Decibels to milliwatts (dBm) is a measurement of power where 0 decibels is equal to 1 milliwatt. and for device interfaces such as Bluetooth or Wi-Fi. the lay community is mostly unfamiliar with the term cracker as it relates to computer crimes. or one. DES may be used in VPN technologies providing security on wireless links. the power is transmitted at 100 mW. Data Encryption Standard (DES) An encryption standard adopted by the U. A distributed DoS (DDoS) attack uses many machines to attack one system or network. Used in cameras. For example. though the lay community often sees a hacker as one who performs technical actions with ill intent. Decibel is a convenient unit for expressing exponential power gain and loss of an RF signal. decibel (dB) A numerical unit designed to avoid the direct use of exponential numbers. dBm is often used to express antenna gain or the output power of an RF system. if an antenna with 3 dBi of gain receives 50 mW of power to transmit.S. data rates The raw speeds of communication in a networked system. or about 2. The total speed (data rate) is reduced for data throughput because of management overhead. If an antenna has a gain of 3 dBi. federal government in 1976. Ten decibels is ten to the power of ten tenths. cracker is not synonymous with hacker.496 Glossary Compact Flash (CF) A form of storage medium or device interfaces for small devices and portable situations. . in fact.

fast secure roaming (FSR) Roaming solutions. Diffraction is the action of RF waves turning or bending around direct sequence spread spectrum (DSSS) One of the two types of spread spectrum technologies used in wireless LANs. encryption An algorithmic-based procedure used to convert plaintext (or plain information) into ciphertext (or encoded information) that can then be decrypted to retrieve the original information. but AES.11 standards. 3DES. and adaptive rate selection. often after transfer or after a period of time in storage. data rate shifting. Vendors reference DRS by differing names.11i standard specifies the use of EAP for authentication purposes. Many different algorithms exist. data rate switching (DRS) The process used by client stations to adjust to lower data rates as the signal strength of the AP or wireless network weakens. DES. Used by realtime or time-sensitive applications such as Voice over IP (VoIP). in wireless LANs. electromagnetic wave The combination of electric and magnetic wave forms to create a new wave used to carry information in wireless systems. that allow for client roaming without the loss of upper-layer communications. Extensible Authentication Protocol (EAP) A widely used authentication mechanism. . and RC4 are among the most common. EAP authentication is often used in wireless networks based on the 802. European Telecommunications Standards Institute (ETSI) A nonprofit organization that establishes telecommunications standards for Europe. The 802. including automatic rate selection. extended service set (ESS) One or more basic service sets connected together through a distribution system and appearing as a single network to the client stations.Glossary 497 diffraction obstacles. DSSS uses single channels for communications and provides greater bandwidth than frequency hopping spread spectrum (FHSS) systems.

. FHSS does not provide the faster data rates of DSSS. that defines telecommunications regulations. and to the technology community.000 hertz is one million cycles in one second. in the United States.000. One cycle in one second is equal to one hertz. the wave front broadens. FHSS uses many different frequencies and hops between them at specified intervals.498 Glossary Federal Communications Commission (FCC) The governing body. four-way handshake The process used by two 802. These individuals may perform penetration testing or software security testing for organizations. hidden node A situation in which a wireless client can be seen by the access point but not by the other wireless clients on the network. hertz A standard measurement of frequencies. causing a thinning or weakening of the RF wave strength at any given point. and if the same hash results.11i-based security. they are criminals. Therefore. they are computer experts. whereas crackers are the criminals. hacker An individual with in-depth knowledge of computer systems.11 client stations to authenticate and associate with each other when implementing 802. frequency hopping spread spectrum (FHSS) One of two types of spread spectrum technologies used in wireless LANs. 1. the data has not changed (it has integrity). This can result in collisions and reduced network throughput. To the lay person. As the wave propagates. gain (1) The focusing of the lobes of an antenna in a specific direction. Data is passed through the algorithm to generate a hash (sometimes called a message digest). free space path loss (FSPL) The loss incurred naturally as a wireless signal (RF wave) propagates through space. The data can be evaluated later. Fresnel zones A series of ovular zones around the main signal of an RF transmission. hash A one-way algorithm that generates a code often used for integrity analysis. (2) The increasing of an RF signal’s strength through some means. The first Fresnel zone should remain 60–80 percent unblocked to provide effective communication links.

They have specified the 802. independent basic service set (IBSS) IBSS is the technical term for an ad hoc wireless network.Glossary 499 highly directional antennas Antennas that focus most of their energy in a particular direction. infrastructure mode The nontechnical phrase for a wireless network that is operating as a BSS (basic service set) or ESS (extended service set). WiMAX is said to provide a last-mile solution for remote areas. including the capture of user data such as logons and passwords. IEEE (Institute of Electrical and Electronics Engineers) An organization responsible for creating standards in the electronics and computer markets. last mile A phrase used to refer to the provision of network access in areas that are unreached by wired technology (or any existing connection). the endpoint connects to no other network and is therefore the “last” mile). infrared A portion of the electromagnetic spectrum that lies between the visible light and the microwave. Last mile can also refer to any connection to an endpoint (in other words. hijacking An attack where a user’s layer 2 and/or layer 3 connections are removed from an authorized network and placed on a rogue network. and other wireless technologies have also served this need in the past. an access point is utilized. interference A term used to define the conflict created when two or more sources of RF energy on the same frequency propagate in the same coverage area. It is said to be a red light that the human eye cannot perceive.11 standards and others related to wireless networking. These include parabolic dish and grid antennas. . initialization vector (IV) Used in encryption systems to make a message unique based on random or pseudo-random numbers. The attacker may perform this attack for many reasons. An IBSS does not use an access point. Interference can be caused by other wireless devices or microwave ovens and even incidental devices such as motors. When in infrastructure mode.

MIC uses a keyed hash. Wireless networks can allow or disallow device connectivity based on the MAC address of the device. Many wireless devices. Often measured in decibels in wireless networks. mini-PCI A form factor used for devices mostly in laptop computers. MIMO takes advantage of multipath to improve bandwidth. Examples of possible mesh networks include Wi-Fi-based mesh.500 Glossary line of sight (LOS) Visual LOS is the ability to see along a virtual line between two points. and this is known as MAC filtering. loss The lowering of a signal’s strength. message integrity code (MIC) The IEEE term used for a message authentication code. However. This can result in signal loss because of the signals arriving out of phase or at differing times. Multiple Input/Multiple Output (MIMO) A technology. upon which 802. mesh network A mesh network is a network having two or more paths to any node. it is a hash used for verification of data integrity. which means that both the encryption key and the message (data) are passed through the hashing algorithm to generate the hash. ZigBee. TCP/IP. and other routed protocols. milliwatt 1/1000 of a watt. multipath RF signals arrive at a receiver from a single transmitter but along different paths. that takes advantage of the normally detrimental problem of . installed in laptops.11n is based. are actually mini-PCI adapters. These different paths are the direct path and reflected paths. RF LOS must also consider the Fresnel zones to ensure effective communications. Used to measure RF signal strength because of the low levels of strength needed to communicate on wireless networks. modulation The process used to transmit information on a carrier signal by varying one or more of the properties of the signal. MAC filtering Each networking device has a Media Access Control (MAC) address that is unique to the device.

open system authentication The default authentication for the IEEE 802. omnidirectional antennas Antennas that radio energy in a donut fashion around the antenna.1X port-based authentication solutions suggested in 802. near/far A term used to describe the problem that arises when wireless nodes are far from the access point transmitting with low power and other wireless nodes are closer to the access point or transmitting with higher power. Some wireless network interface cards (NICs) use PCMCIA interfaces. therefore. PCMCIA devices are often called PC Card devices. Open system authentication is used with 802. The receiving station (again. point-to-multipoint A wireless link that includes multiple points connecting to a single central point. This is much like a star network topology in that all the sites communicate back to the central location. Shared-key authentication is the alternative. These include dipole and rubber-ducky antenna types.11i.11 specification. This results in the far node not being “seen” by the access point and. PCI Peripheral Component Interconnect (PCI) is a high-speed connection port for devices attached to computers. Some wireless network interface cards (NICs) use PCI slots for their interface connections. point-to-point other system. the access point in an infrastructure network) sends back a frame that either authenticates access or denies access to the authenticating station. The authenticating station sends a frame to the other station (an access point in infrastructure mode) requesting authentication and containing the authenticating station’s identification. having difficulty communicating. PCMCIA cards often function in the newer CardBus slots on modern laptop computers.Glossary 501 multipath to create more data bandwidth in wireless networks by reducing bit error rates and improving throughput. A wireless link where one system connects directly with only one . PCMCIA Personal Computer Memory Card International Association (PCMCIA) is an interface used to connect devices to laptop computers. Today.

and accounting (AAA) service for applications such as wireless network access. power save mode One of two power management modes in which a wireless client may operate. Antennas are usually said to be vertically or horizontally polarized. range A term used to describe the distance a communications link supports. radio frequency (RF) A generic phrase used to refer to radio-based technology. authorization. reflection A behavior of RF signals where most of the signal is bounced off an obstacle and focused in a different direction. RFID is also used for many tracking purposes and automatic payment processing and inventory management. the concept is the same: the access point negotiates the best security that is compatible with the access point and the connecting client. the direction of the RF signal. PoE can be used to power access points and other wireless devices in locations where local power outlets are not available. In power save mode. RADIUS can also be used in relation to virtual private networks (VPNs) and remote access dial-up connections. At different ranges. the lower the data rate. While vendors use different names for it. RADIUS (Remote Authentication Dial-In User Service) An authentication. For example. Power over Ethernet (PoE) A technology that allows for the transmission of power over standard Ethernet cables. wireless link properties must change. radio frequency identification (RFID) A technology used for identification without the need for UPC (Universal Product Code) labels. to a great extent. the client wakes at predetermined intervals to check for packets intended for the client. .502 Glossary polarization The plane of the electrical field in an RF signal. push-button security A newer security technology used in many wireless devices. the greater the distance. This polarization determines.

roaming The act of disconnecting and then connecting to another access point. RF shadow The space behind an obstacle that diffracts the RF signal. SDIO Secure Digital Input/Output (SDIO) is an interface for connecting devices to hosts such as PDAs or computers. rogue access point An access point that is installed. shared-key authentication A form of authentication for wireless networks where each station is aware of a secret key. This can cause an extreme reduction in signal strength and is often caused by obstacles that have smaller edges or sizes than the RF wavelength. These antennas include patch. there is often a space behind the obstacle (the side opposite the transmitter) that has no RF coverage. Seamless roaming allows you to transfer from one access point to another while continuing to transfer data. either intentionally or unintentionally. This lack of coverage is called RF shadow. These can be used to gain access to your wired network or to gather information from users who connect to the rogue access point. panel. scattering A behavior of RF signals where the signal is split and reflected in different directions. semidirectional antennas Antennas that focus a larger portion of their transmitted energy in a specified general direction. without losing the link state. Ratio of the wireless signal to the RF energy noise .Glossary 503 refraction A behavior of RF signals where some of the signal is reflected but much of the signal passes through the obstacle and is redirected out the other side so that the direction of the signal changes. Using shared-key authentication requires the use of WEP (Wired Equivalent Privacy) encryption. When the RF signal is diffracted around an obstacle. signal to noise ratio (SNR) floor in an environment. in a wireless network. without the authorization of the network support staff. There are wireless network interface cards (NICs) that connect through SDIO interfaces. and Yagi.

this is usually one-half the data rate of the system. TKIP is certified in the WPA certification. There are many VPN protocols. the requirements that are technical in nature. Voice over IP (VoIP) A technology that allows for voice communications over Internet Protocol (IP) networks. 48-bit initialization vectors (IVs). such as that the system must be 802. Temporal Key Integrity Protocol (TKIP) A protocol created to repair the weaknesses found in WEP (Wired Equivalent Privacy). . SSH. SOHO (Small Office/Home Office) A term used to describe small businesses that have just a few users and home offices where individuals work out of their own homes. and naked IPSec. technical requirements In a technology project. memory sticks. the engineer must understand intermediate to advanced RF behavior and have the needed tools to test the behavior in the specific environment. virtual private networking (VPN) A term used to explain the process of creating an encrypted network link across an untrusted network for data transfer. LT2P/IPSec. Wireless VoIP simply uses wireless technology to implement the IP network and then wireless VoIP client devices to communicate on this network. including PPTP.504 Glossary site survey A set of procedures performed to ensure accurate coverage of RF energy in a given area and the fulfillment of user needs within the area. Improvements include 128-bit encryption keys. throughput The actual bandwidth available for transfer of business or organizational traffic rather than traffic resulting from network management overhead. Universal Serial Bus (USB) An interface for connecting devices to personal computers and other electronic hosts.11g-compatible. In wireless networks. and a message integrity code (MIC). To perform a site survey. and mice and keyboards. external drives. Technical requirements are determined to ensure proper technology is selected and implemented. Common USB devices include wireless interfaces.

This organization created the Wi-Fi. WiMAX A term used to refer to the WiMAX Forum’s specifications for 802. These devices usually allow for separation of public and private networks internally. Wired Equivalent Privacy (WEP) The security protocol defined by the base 802. This protocol is known to be very weak and easily attacked with simple. use the newer WPA or.11 IEEE standard. They generally act as a wireless client to the wireless network and act as a wireless access point to the remote wireless clients. preferably. . usually while driving slowly through a community or business district. WPA. as the throughput is seldom useful enough for streaming video. and wireless scanning software such as NetStumbler. among others.11g) connections with one or more computers. and accounting internally. widely available tools. and the two should not be confused. WPA2 technology. images) on a media server and display the media on a video screen. wireless bridge A device that creates a wireless connection between two separate networks and performs no routing—only forwarding.16 wireless MAN implementations. wireless presentation gateway A device that connects directly to a monitor or projection unit and receives video signals over wireless (usually 802.Glossary 505 wardriving The act of discovering wireless networks. Tools used include PDAs. and WPA2 certifications. This is not the same as Wi-Fi. audio. wireless media gateway A device that can access media (video. wireless hotspot gateway A device that can share network access and provide authentication. authorization. laptop computers. Wi-Fi Alliance An organization that creates certification programs to verify interoperability among hardware based on IEEE standards and recommendations. wireless print server A device that can share printers on a wireless network. wireless repeaters Wireless devices that can extend the range of a wireless network by “repeating” the signal. They are used mostly for delivering slideshow presentations. If at all possible.

Wireless switches are often called wireless controllers. possibly. This certification requires the use of Temporal Key Integrity Protocol (TKIP) and AES. between two wireless networks.11i hardware could be developed that included interoperability between multiple vendors. and WPA-Enterprise uses 802. WPA2 comes in personal and enterprise certifications. Similar to WPA. WPAPersonal uses preshared keys.1X/EAP.11i-compatible equipment.506 Glossary wireless routers A device that routes between a wireless network and a wired network or. WPA2 The Wi-Fi Alliance’s certification for 802. wireless switch Usually a switch to which wireless access points connect and by which they are managed. . WPA (Wi-Fi Protected Access) The Wi-Fi Alliance created the WPA certification to provide a standard against which pre-802. WPA uses Temporal Key Integrity Protocol (TKIP) but is not as secure as WPA2.

99–100 form factors for. 127–145 adjustable power levels with. 134 cabled. 176 adjacent-channel interference. 61 highly directional. 334 administration. See Australian Communications and Media Authority (ACMA) active Ethernet splitters. 247 isotropic-radiator. 456. 135. 451–454. WLAN. 111. 134 antenna types for. 50–51 analysis. 134 rogue. 396 security of. 456. 281–284 cooperative-control. 177 mounting of. 173–174. André-Marie. 132 access ports. 318 upgradeability of. 232 detachable. 365.INDEX A AAA (authentication. 329 omnidirectional. See Authentication and Key Management (AKM) all-band interference. 105–106 active site surveys. 66 access points (APs). 247–248 theft of. 449 thin. 318 accounting. 60 analog signals. 145. 240 AKM. 162 active gain. 169 antennas. 168 lightning arrestors. 155. 453. 141–144 configuring/installing. 134. of WLANs. 178–179 multiple. 192. 114. 462–463 adapters: gaming. 145. 316 angled polarization. See Aironet Client Utility (ACU) ad hoc mode. 239–241 ACU. 177–178 amplitude. 145 mounting options for. 3 amplifiers. 136 lightweight. 287 functionality of. 112 Ad-Hoc Traffic Indication Map (ATIM). 448–457 Cooperative Control. 178–179 polarization of. 247 in site surveys. 151 amplifiers for. 379–380 ACMA. 194 cables for. 59 “amendment certified. 175–176 considerations for. 174–175. 169–171 grid. 207–208 PCI and MiniPCI wireless. 59. 158 and dynamic rate switching. 60 active mode. 135–136 multiple. 193–195 pigtail. 230 AP. 460 active scanning. 172–173 placement of. 112. authorization. 95–97. 145 compatibility of. 168–171 gain/loss in. 370–371 ad hoc power save mode. 176–177 connectors for. 132–133 thick. 411–412 aggressive load balancing. 293–294 PoE support for. 315. 247 omnidirectional/dipole. 239–240 Aironet Desktop Utility (ADU). 134–135 QoS with. 379–380 absorption. 455 adjustment stage (of troubleshooting). 134 applications of. 169 semidirectional. and accounting). 314–316 ADU. See association identifier (AID) Aironet Client Utility (ACU). network. 177–178 attached. 193. 139–140 placement of. 457 direct/distributed connections with. 134 alignment of. 151–152 diversity of. 129–131 configuration methods for. 145. 454–456 . 457 evolution of. 323 AID. See access points (APs) architectures. 449–451 multiple-channel. 232. 450 mesh. 92 Ampère. 155 operational modes of. 115 application layer (of OSI). 136–139 autonomous. 100–101 ad hoc networks. 320 external. See Aironet Desktop Utility (ADU) advanced encryption standard (AES). 167–175 for access points.” 18 americas. 145. See authenticator Apple LocalTalk networks. 36 APs. 456 single-channel.

See wireless media gateways centralized WLAN architecture. See collision detection (CD) ceiling mounts.508 CWTS Certified Wireless Technology Specialist Study Guide ARIB. 29. 108 authentication: and association. 474–480 CC-APs. 432. 484–486 network extension. antenna. 105–106 association identifier (AID). 484–486 built-in switches or hubs. 143 brute-force attacks. 112 building-to-building connectivity. 325 azimuth charts. 32–33 basic service set (BSS). 412–415 authentication server (AS). 428 authorization. 229 C CA. 314–315 bandwidth: analyzing network. 61 BGP. 242 assisted site surveys. 176 bluetooth: and FHSS. 411–412 cracking. 112. 451 types of Wi-Fi. See Continuous Aware Mode (CAM) cameras. Tom. 415 channel interference. 90–93 Chappe. 399 bridge mode. 462 beamwidth. 134 attack surface reduction. 35 blue boxing. 474 China. See Compact Flash (CF cards) challenge passwords. 378. 379 Wi-Fi. 237. 288–289 business requirements. 108 authenticated/unassociated connectivity. 52 case studies. 392 PSK/passphrase. 192 . See Cooperative Control Access Points (CC-APs) CCMP/AES (Counter Mode with Cipher Block Chaining–Message Authentication Code/Advanced Encryption Standard). 414 authenticator (AP). 134 centralized management. 22 ATIM. 274–281 Buffalo Technology WZR-RS-G54. 413. 428 Australian Communications and Media Authority (ACMA). 481–484 small office/home office installation. See basic service set (BSS) budgetary constraints. 233 Buffalo Technology Air Station. 407–408 BSS. 115 carrier sense multiple access with collision avoidance (CSMA/CA). See wireless standards and certifications CF cards. 146–147 built-in wireless device configuration. Roberta. 239 association. 92 chipsets. See Ad-Hoc Traffic Indication Map (ATIM) attached antennas. 379–380 CCMP/AES. 209 capacity. 178 cell size. statement of. 33 browser-based configurations. 14. 238 autonomous access points. 461–462 Association of Radio Industries and Businesses (ARIB) (Japanese). 450 CertCam video training. Wi-Fi. 149 Bragg. 365–366 defined. 145 availability: data. wireless. 112. 413. 33. See Check Point Certified Security Administrator (CCSA) CD. 196–198 Carpenter. 248 backup storage point. 26. 379–380. 427 carrier sense. authentication and. 459 CAM. 166–167 buffering. 400 wireless. 325–327 and data rates. 414 authority. 395–397 audio. 460 Axence NetTools. 270. 213 broadcasts. 115–116 carrier waves. 393 automated site surveys. 415–416 Authentication and Key Management (AKM). 433. See Border Gateway Protocol (BGP) binary data. 87 awake state. 58 backhaul. 93–95 overlapping/nonoverlapping. 142. 15 and WPANs. 97 varying definitions of. 97 Border Gateway Protocol (BGP). security. See collision avoidance (CA) cabled antennas. 160 auditing. 463 beacon frames. 95–97 channels: colocation of. Claude. 489 certifications. 318 centralized media sharing devices. 87–88 CardBus PC cards. 140 bridges: and security. 194 cables: for antennas. 411–412 CCSA. 474–486 building-to-building link. 401 backups. 176–177 and signal loss. 93 and PANs. 52 Check Point Certified Security Administrator (CCSA). 23 authenticated/associated connectivity. 61 B baby monitors. 450 centralized management tools. See Association of Radio Industries and Businesses (ARIB) assessing WLANs. 237. 151–152 workgroup. 7–8. 107–108 and authorization/accounting. 104 battery life. 193.

272 data classification. 371 data flood attacks. 334 configuring devices. 199–203 updating. 157–159 connectivity: intermittent. 26. 139 channel. 203–205 Universal Serial Bus. 361–362 data flow analysis. 455 Code Red worm. 232 client devices. See carrier sense multiple access with collision avoidance (CSMA/CA) CTS. 287–288 PCI. 208 console-to-Internet connections. 129–131 compliance: with certification. and availability (CIA) ciphertext. 324 co-channel interference. 373–374 controlled ports. 98 wireless. integrity. removing. 394 collision avoidance (CA). 115 collision management. See IEEE 802. 205–207 wireless presentation gateways. 12–13 WLAN installation for. updating. of IEEE 802. 456. 19 Compact Flash (CF) cards. 423–426 confidentiality. 111 contractors.Index 509 CIA. 397–401 data link layer (of OSI). 158 client-to-VPN. 423–424 datagrams. 34–35 overhead. 284–286 client load balancing. 141. 414 controllers. 314–315 connections: to access points. 393. 289–292 console-to-console. 164 clear to send (CTS). 141–142 console-to-console connections. 142 communications: networking. 208 constraints. 322. 25 clause 33. 231 Wi-Fi. 378. 91 corporate data access: wireless applications for. 155–158 Cooperative Control Access Points (CC-APs). 208 console-to-Internet. 364–365 CSMA/CA. 427 D D-Link ANT24-0400. 149–150 wireless display. 201–203 connectors: for antennas. 135 data access. 193–195 Secure Digital Input Output. 296 requirements for. 232–234 consumer hardware. 95. 198–199 wireless IP phones. 231. wireless. 289–292 PC card. of access points. 284–293 built-in wireless device configuration. 93–95 OFDM and HR/DSSS. 195–196 drivers. 175–176 and signal loss. 272 Counter Mode with Cipher Block Chaining–Message Authentication Code (CCMP)/Advanced Encryption Standard (AES). 232 testing.3-2005. 288–289 client-to-VPN connection configuration. 270–271 clause 8. 365–366 encryption. 404 Cisco Systems. 413. 316 configuration stage (of troubleshooting). 4–15 See also wireless communications communications Act of 1934. 213 client drivers: installing. 300 client installation. 102. clause 8 of clause 14 systems. 115–116 collision detection (CD). 231 Data Security Standard (DSS). 30 with security. 199–203 gaming adapters. 196–198 Compact Flash cards. 87. 412. 419 configuration settings. 27. 97–98 data security. 32 . 379. Inc. 208 Ethernet. 192 IP cameras. See clear to send (CTS) CWNP program. 210–211 wireless print servers. Wi-Fi. 12–13. 61 console configuration. See Ethernet connection(s) and firewalls. 154 classrooms. 25 clause 15 systems. 289–292 clients. 37 data rates. 10–11. 130 CWSP Certification Official Study Guide. 142–144 client connectivity requirements. 207–208 hotspot gateways. 457 cordless phones. 128–129 D-Link DWL-G730AP. corporate. 173 D-Link DES-1316. 411–412 coverage: RF. 211–212 workgroup bridges. 209 PCI and MiniPCI. 58. 192–213 CardBus PC cards. 195 and software. See confidentiality. 207. Second Edition. 212–213 internals of. 296–297 lack of. See command-line interface (CLI) client-application configurations. 203–205 client-to-VPN connection configuration. WLAN. 319 Continuous Aware Mode (CAM). 300 CNET Labs. 114. 323 client software. 26. 132 Cisco WRE54G range extender.. 113–114 command-line interface (CLI). 114 CLI.11. 207. 88 cracking: authentication. 163 D-Link DSM-G600. 115 colocation: of access points. 195–196 compatibility.

130 extended rate physical layer/orthogonal frequency division multiplexing (ERP/OFDM) devices. 115 Ethernet ports. 17. 192 extended service set (ESS). 430 entry point. antenna. See enterprise wireless gateways (EWGs) ExpressCard. 192. collision management in. 3–4. 91–92 and 802. 165–167 enterprise encryption gateways (EEGs). 398–399 environmental factors (of radio frequency). 279–281 Dynamic Rate Switching (DRS). 320 RF. 364–365 RSNA security. 427 drivers. 110 Faraday. 198 extended rate physical layer (ERP). 72–73 standard for. 113–114. 358. 425 decibels (dB). 199–203 DRS. 56 eavesdropping. 167 enterprise hardware. See electrostatic discharge (ESD) wrist straps ESS. See distribution system (DS) DSS. 147. 98–100. 334–335 WLAN. 414. See denial-of-service (DoS) attacks downfade. 192 ESD. 70 DC pickers. 333 enterprise-class devices. 360–362 Department of Defense–Global Information Grid (DOD-GIG). 295 E EAP. 324–325 installation in areas beyond limits of. 252–253 detachable antennas. 3 . 64–65 digital data. 449 distributed processing. 56–59 equivalent isotropically radiated power (EIRP).11b. 151–152 determine phase (of project). 319 enterprise wireless gateways (EWGs). 58 EMEA. 67 DMZ pass-through. 450 distribution system (DS). 13–14 EWGs. 233–234 design phase (of project). See direct sequence spread spectrum (DSSS) DTIM. client. See Delivery Traffic Indication Map (DTIM) dynamic DNS. 158 direct sequence spread spectrum (DSSS). 70 dBm (milliwatt decibels). 460 Dreger. 404–418 cracking. 295 define phase (of project). 194 elevation charts. 104–105 Extensible Authentication Protocol (EAP). 396–397 Ethernet splitters. 27. 167 end-user mobility. 328 dozing state. 462 denial-of-service (DoS) attacks. 147 documentation: of recommendations. 165–167 enterprises. 272 engagement stage (of troubleshooting). 409–418 WEP. 354–357 EEGs. 69 ERP. 287 F fail-over response. data. See Department of Defense–Global Information Grid (DOD-GIG) DoS attacks. 27 physical layer for. of problem. 158 distributed architecture. 294 wireless repeaters and lack of. 11. 298–299 diagnosis. 68–70 dBi (isotropic decibels). 234–235 DOD-GIG. 162 European Telecommunications Standards Institute (ETSI). 248–249 of troubleshooting. 162 de-identified data. 153 Ethernet networks. See extended rate physical layer (ERP) ERP/OFDM (extended rate physical layer/orthogonal frequency division multiplexing) devices. 29. wireless. 110 distributed access points. 408 diffraction.510 CWTS Certified Wireless Technology Specialist Study Guide dB (decibels). 109–111 diversity: antenna. 172–173 direct-connected access points. See Extensible Authentication Protocol (EAP) earth bulge. 230 encryption. 22 EVDO (Verizon WISP). 250–252 deliver phase (of project). 157–159 dissociation. 92 employees. security policies for. 253 Delivery Traffic Indication Map (DTIM). See enterprise encryption gateways (EEGs) EIRP. 54–59 environmental interference. 12–13. Richard. See extended service set (ESS) Ethernet connection(s): analysis of. See equivalent isotropically radiated power (EIRP) electromagnetic waves. 248 elevators. 338 dictionary attacks. 35 digital signal. 253–254 device upgrades. Michael. 25 display connections. See Data Security Standard (DSS) DSSS. 52 electrostatic discharge (ESD) wrist straps. 51 dipole antennas. 410. 130 channels used by. 405–409 encryption gateways. See Dynamic Rate Switching (DRS) DS. 415 external antennas. 134. 374 empty data floods. 361 enclosures. 162 DC taps. 68–70 decreased throughput.

89. 175 group knowledge. 232. 91 and data rates. 160 grid antenna. 416–418 hardware: infrastructure. 170–171 frequency(-ies): defined. 19–22 FHSS. 67. 174–175. 212–213 hotspots: wardriving vs. port. 247 highly private data. 416–418 free bandwidth monitor. 98 ranges of. 90. 410–411 compliance with. See high throughput (HT) PHY hubs. 156 on wireless routers. 433 high rate/DSSS (HR/DSSS). 93 IEEE 802. See frequency hopping spread spectrum (FHSS) field-programmable gate arrays. 320–321 of WLAN requirements. 25 Fresnel. 163 IEEE 802. 110–111 Federal Communications Commission (FCC). 315 5 GHz band. data. See Internet Authentication Service (IAS) IBSS. Sir William. 418 H handshake. 325 free space path loss. 270–271 help desk. 169–171 RF signal. 147 firmware updates. 17 IEEE 802. 72–73 standard for.11 state machine.11a: about. 450 I IAS. 169 hosts. regulatory domain. 26–27 channels used by. SSID. 354 wireless applications for. 361–362 forwarding. Heinrich. 17. 92 hopping sequences. 210–211 . 4 hertz (measurement). 8–9 WLAN installation for. 4 hidden nodes. 34 hotspot gateways. 157–161 wireless presentation. 167 enterprise wireless. 337–338 hashing algorithms.3af. 54–57 FT. 393 Health Insurance Portability and Accountability Act (HIPAA). 130 highly directional antennas. 50 Wi-Fi. 146–147 hybrid WLAN architecture. 18. 457 HiveManager. 337 hardware/software model (of troubleshooting). 252 group temporal key (GTK). 17 high throughput (HT) PHY. 107 IEEE 802.1X Authentication and Key Management (AKM). 192 G gain: in antennas. 407–408 firewalls: and Internet connections. 456. 225–235 of WLANs. 424 SPI. 8. See regulatory domain governing bodies graphics. 425–426 healthcare. 451 5. 98 development of. use of. 164 IEEE 802. See Institute of Electrical and Electronics Engineers (IEEE) IEEE 802. 130 HT PHY. 55 fresnel zones. 165–167 hotspot. 88–90 frequency hopping spread spectrum (FHSS): hopping sequences for. 92 clause 8 of. See Health Insurance Portability and Accountability Act (HIPAA) HiveAP. 242 identity verification. 270 HR/DSSS (high rate/DSSS). 92–93 horizontal polarization. Augustin-Jean. 317–320 placement problems with. 74. 132. 372–373 Herschel. 73 standard for. 352–353. 412–415 IEEE 802. 212–213 wireless media. 95 task group for. 401–403. 244–246. 147–148 four-way handshake. 15.11 standard: channels used by. 93. 411.Index 511 Fast Basic Service Set Transition (FT). See independent basic service set (IBSS) ICV. 428–429 governing bodies. See Integrity Check Value (ICV) identification: of interference sources.3-2005. 372 IEEE. 61. 357–359 HIPAA. 299–300. 411. 293–294 troubleshooting problems with. 329–331 hiding. 12. 17 ranges of. four-way. 29 fault-tolerance. 149–150 and PCI compliance. 89 floods. 411. 28. 113–114 physical layer for. 60 gaming adapters. 92–93 physical layer for. 91–92 colocation of. 21 Hertz. 130 channels used by. 405. 398 hijacking.8 GHz band. router. 53. 147. 457 hop time. 8. 30 and data rates. 207–208 gateways: enterprise encryption.11a/b/g adapters. clause 33. 3. See Fast Basic Service Set Transition (FT) functional security policies.

11e. 419 Integrity Check Value (ICV). 162–163 installation: client. 377 infrared (IR): discovery of. 209 Internet service providers (ISP). 12. 17 IEEE 802. 114. routers for connecting to the. 455 environmental. 322–327 analyzing network bandwidth. 323–324 possible solutions. 15 IPS. 93. 131 about. 95–97. regulation of wireless. 59 removing. 114. 426 IP cameras. See IP Security (IPSec) IR. 271–272 Layer 1 (of OSI model). 96 channels used by. 149 intermittent connectivity. 462 indoor usage. 101–102 infrastructure power save mode. See Internal Telecommunication Union Radiocommunication Sector (ITU-R) IV. of managers and users.11r.11i. 205–207 IP Security (IPSec). 231 infrastructure hardware. 26 channel overlap of. 103. 274–284 access points configuration/ installation. 209 IP phones. 160 interviewing. 284–293 infrastructure. See Interior Gateway Routing Protocol (IGRP) impact analysis. 326 testing tools. 455 channel. 320–321 locating. 321 narrowband vs. 419 IP telephony. 131 and data rates. 22 K keys: hierarchy of.11n: about.11k. 274–281 testing implementation. PoE. 94 and wireless mesh networking. 98 ranges of. 56–59 identifying sources of. 89. all-band. 33 law enforcement. 20. 13–14. 98 ranges of. 63 Infrared Data Association (IrDA).11g. 4 physical layer specification for. 27 channel overlap of. 17 IEEE 802.11s. 70 “interesting frames. 149–150 Internet Authentication Service (IAS). 378. 321–322 Interior Gateway Routing Protocol (IGRP). 13–14 Israel. 335 Layer 2 (of OSI model). 272 latency. See Intrusion prevention systems (IPS) IPSec. 379. See Infrared Data Association (IrDA) ISM band. 22 Industrial Scientific Medical (ISM) band. 23–24 Internet. 74 RF behavior vs. 458 IEEE 802. 281–284 router configuration/installation. 270–271 information security. 3 infrastructure capacity and utilization analysis. 18. 11–12. 28 IEEE 802. See local area networks (LANs) last-mile data delivery. 95–97 co-channel. 244–246. 168 ISP (Internet service providers). 449 intentional radiators. 274–284 WLAN. 112–113 initialization vector (IV). 16–18 integrity. 18. 22 Japanese Ministry of Internal Affairs and Communications (MIC). 92 ITU-R.. 407 intelligent edge architecture. 93. See infrared (IR) IrDA. 98 ranges of. 29–30 IEEE 802. 325 wired-side limitations. 326–327 PHY limitations. See initialization vector (IV) J Japan. 95 task group for. 28 backward compatibility of. 157 Internet cameras.512 CWTS Certified Wireless Technology Specialist Study Guide IEEE 802. 61–62 independent basic service set (IBSS). 410 IEEE 802. 226–230 intrusion prevention systems (IPS). 406 L LANs. 406 injectors. 336 . 296–297 Internal Telecommunication Union Radiocommunication Sector (ITU-R). 453. 16.” 408 interference: adjacent-channel. 393. 130. 324–325 infrastructure connectivity requirements. 428 impedance mismatch. 412–415 keystream. 3. 92 and data rates. 90 industrial sites. 418 management of. 13–14 Internet Streaming Services. 29.11b: about. 92 Japanese Association of Radio Industries and Businesses (ARIB). 15. 96 channels used by. 95 task group for. 284 infrastructure mode. 458–459 IGRP. 317–320 infrastructure installation. See Industrial Scientific Medical (ISM) band isotropic radiators. 268–301 Institute of Electrical and Electronics Engineers (IEEE). 29 IEEE 802. 92 and data rates. 69.

132 Linksys WAP54G. See multiple input/multiple output (MIMO) MIMO diversity. 59 NAS. 450 line of sight (LOS). 272 mobility domain identifier (MDID). 399 network security policy(-ies). 211 Lucent Registry Crack. See mobility domain identifier (MDID) media gateways. See Network Address Translation (NAT) Neesus Datacom algorithm. 195 MiniPCIe wireless adapters. 68 MIMO. 490 legacy security. 366–369 man-in-the-middle attacks. attacks on. 195 Ministry of Internal Affairs and Communications (MIC) (Japanese). 327–329 multiple access. 53–54 lightning arrestors. 322. 211 NetStumbler. 245 middle U-NII band. 6–7. 12–13 wireless. 336 LearnKey technical support. 147–148 network-attached storage (NAS). 374 mixed business model. 133. 4 milliwatts (mW). See also wireless local area networks LOS. See multichannel architecture (MCA) MDID. 110–111.. 178–179 MPtMP (multipoint-to-multipoint) mode. 63. 26 managers. 5 WLAN installation for end-user. 317–318 split. 209 network bandwidth. 176 Nadel. 68 N N-type connectors. 278 microwave ovens. 229 megabytes per second (MBps or MB/sec). 457 multichannel architecture (MCA). 22 Mitnick. 2 municipalities. 481–484 network infrastructure. 408 Netgear. 102–105 narrowband interference. 252–253 Determine (phase 4). 361. 400–401 load balancing. 229–230 manual site surveys. 37 network management systems. 270–271 mobility: end-user. James Clerk. 488–490 Maxwell. 9 mobile offices. 21 light: concept of. of antennas. 12. 177 lightweight access points. 196–198 network layer (of OSI). interviewing. 427 motivations for. 229 mBps (megabytes per second). Brian. 29 modems. 229 mesh access layers. 7. Kevin. 28. 71. 89–91 military applications. Grant. 235 network extensions. 427–431 network traversal. 298 network Address Translation (NAT). See message integrity check (MIC) Microsoft Active Directory network. 136 live storage. 324 naming (of network). 432–433 MAC model(s): single. 145. 150 network interface cards (NICs). 271–272 mW (milliwatts). 403 license-free bands. 156 management interface. 411 Method 4D. 145 message integrity check (MIC). See line of sight (LOS) loss: in antennas. 242–243. remote. 51 modulation. 60–62 lower U-NII band. 3. 34. 318–319 MAC spoofing. 253 Design (phase 2). 22 MIC. See Ministry of Internal Affairs and Communications (MIC). 91 LPT ports. 51 Moerschel. 269–270. 323 local area networks (LANs). 4 MB/sec (megabytes per second). 138. 246. 115 multiple access points. 28. 226–227. 457 “muni” networks. 169–171 RF signal. 253–254 MIC. 157–161 megabits per second (Mbps). 178 Master International Frequency Register. 250–254 Define (phase 1). 3 RF behavior vs.Index 513 Layer 3 (of OSI model). 451–454. 74 multipoint-to-multipoint (MPtMP) mode. 237–241 mast mounts. 137. 229 mbps (megabits per second). 63 light waves. 102 netprint devices. 409 M MAC address. 456 multipath. 403. 399–400 . 250–252 Deliver (phase 3). 329 multiple input/multiple output (MIMO). 110 MAC filtering. 9–10. 67 MiniPCI wireless adapters. 229 MCA. 362–364 management traffic. 450 Network Security. 358 manageability. 89. 374–376 mounting. 457–460 mesh access points. See network-attached storage (NAS) NAT. 58. 53–54 Linksys brand. 325–327 network documentation. 155 multiple antennas. 24 MasterExam CD-ROM. 366–367. antenna.

193–195 PCMCIA. See Personal Computer Memory Card International Association cards (PCMCIA) PDs. 130 physical security. 394 Payment Card Industry (PCI). 230. 322–327 infrastructure hardware. 155–158 enterprise-class. 22 omnidirectional antennas. 98 O Occupational Safety and Health Administration (OSHA). 26. See Occupational Safety and Health Administration (OSHA) OSI model. 97 personal Computer Memory Card International Association (PCMCIA) cards. regulation of wireless. 224–254 documenting recommendations in. 411. 247. 73 OSHA. 14 pigtail adapters. 193. 416. See Open Shortest Path First (OSPF) out-of-phase signals. 9 pairwise master key (PMK). See network interface cards (NICs) 900 GHz band. 22 OFDM. 249–254 requirements identification in. 126 access points. 366. 236–248 PMK. wireless. 234 Ofcom (Office of Communications). 293 naming. See wireless organizations Orinoco 11 b/g Gold card. 60 passive scanning. See Powered Devices (PDs) PEAP. 9 phone phreaking. 90–91 colocation of. 366. 113–114 and 802. 419 nulling. 248–249 project plans in. 61. 36–38 OSI model of. 423–424 PC card client device installation. 328 outdoor usage. 27. 248 one-way authentication. 329–331 noise floor. 36–38 terminology. 100–102 optimization. 284–286 PCI wireless adapters. 414–416 passwords. 32 PAE. See public key infrastructure (PKI) plaintext. See Payment Card Industry (PCI) PCI client device installation. 415 patch antennas. 197–198 philanthropist model. 225–235 site surveys in. 144–151 (see also routers) networks: connecting to. 404. 126–180 about. 33. See port access entity (PAE) paid access. 232. 31 PKI. See Power over Ethernet (PoE) . 34–35 models of. 174 patch management. 31–38 communications in. 172–173. 61. 418 panel antennas.11a. 176 phones: cordless. 157–161 Power over Ethernet devices. 335–337 P packets. 161–165 repeaters. 14–15. 130 channels used by.514 CWTS Certified Wireless Technology Specialist Study Guide networking. 3. 91 wireless Internet. 323 infrastructure capacity and utilization analysis. 430–431 piconet. 58. 167–179 (see also antennas) bridges. 59. 205–207 physical layers (PHYs). 196–198 PCI. of wireless LANs. 237 overhead communications. 71 nonce (number used once). 149 Open Systems Interconnection (OSI) model: of networking. 174 passive gain. 22 overengineering. See personal area networks (PANs) parabolic dish. 17–18 terminology. 127–145 (see also access points) antennas. 287–289 orthogonal frequency division multiplexing (OFDM). 416 nonrepudiation. 174 PANs. 173. 322. 415 Open Shortest Path First (OSPF). See pairwise master key (PMK) PoE. 102–105 NICs. See Open Systems Interconnection (OSI) model OSPF. 323–324 technology for. 317–331 client load balancing. 156 personal area networks (PANs). 369–371 per-user rules. 241 passphrase authentication. 418 pairwise transient key (PTK). 287–288 PC cards. 327–331 organizations. 36–38 of troubleshooting. 37 limitations of. 32–34 networking devices. 328 operational modes. 407 planning the wireless LAN. 317–320 interference issues. 151–152 controllers/switches.See orthogonal frequency division multiplexing (OFDM) Office of Communications (Ofcom). 176 PIN-based security. 153–154 routers. 393. 320–322 resolving multipath and hidden node problems. 415 peer-to-peer attacks. 106 passive site surveys. 27 physical layer for. wireless. 173. 165–167 media gateways. 89 nodes.

231 power management. See point-to-point (PTP) mode public data. 154. 53–59 signal characteristics for. 51 radiators: intentional. 34 PSE. documenting. 233–234 regulatory domain governing bodies. 165 point-of-presence (POP) carts. 19–22 Japanese Association of Radio Industries and Businesses. 55–57 functionality of. 139–140 repeaters. 28. 252 project plan. 53–54 mathematical concepts related to. 211 private data. 210–211 presentation layer (of OSI). 403–404 Q Quality of Service (QoS). 457 wireless applications for. 398 public key infrastructure (PKI). 414 port forwarding.Index 515 PoE injectors. 162–163 PoE switches. 294 . 163. 270 point-to-point (PTP) mode: wireless applications for. 7. 249–254 project scope. 211–212 printer sharing devices. 20–21 behavior of. 69. 162 PPPoE. 133. 249 recommendations. 22 Japanese Ministry of Internal Affairs and Communications. 23–24 Remote Access Dial-In User Service (RADIUS) servers. 109–110 recommendation sheets. 58 range. 168 radio frequency(-ies) (RF). 148–149 ports. antenna. 413 power levels: adjustable. 50–74 available. 52 coverage requirements of. 158. 153–154. 88. 270 polarization. 87. See PPP over Ethernet (PPPoE) pre-authentication. 67–71 physical layer technologies for. 253 project planning. 408–409 REACT troubleshooting method. See preshared key (PSK) PTK. 412. 22 Office of Communications and European Telecommunications Standards Institute. 66 refraction. 134 R radiation. See pairwise transient key (PTK) PTMP mode. 237–238 presentation gateways. 460–463 Power over Ethernet (PoE). 156–157 remote control interfaces. 63. See role-based access control (RBAC) RC4 encryption. 62–67 and carrier waves. 366. 134. 22 at measurement points. 31. See point-to-multipoint (PTMP) mode PTP mode. Wi-Fi. 8–9 push-button security. 171 output. 54. 64 regulatory constraints. 156 power save mode. 15. 164 PPP over Ethernet (PPPoE). 11 point-to-multipoint (PTMP) mode: multi-. 169 pole mounts. 460 power saving modes. See Remote Access Dial-In User Service (RADIUS) servers rain. 251–252 project definition. 93–95 range extenders. ignoring. 22 UN Internal Telecommunication Union Radiocommunication Sector. 178 POP (point-of-presence) carts. 8 wireless bridges in. 398 probe requests. 72–74 range/speed factors of. 159 remote manageability. 11 port access entity (PAE). 114 protocol analyzers. 100 RBAC. 399 public wireless hotspots. 405–406. 152 WLAN installation for. 251 project management. 355 protocols. 67. 153. 147–148 port triggering. 23 Federal Communications Commission. 70 isotropic. 105–106 project charter. 59–67 See also RF signal characteristics radio measurements. 253 protection mechanisms. 161–165 for access points. 56–59 and Fresnel zones. 111–113 Power Sourcing Equipment (PSE). 50–51 environmental interference with. AP. of wireless switches. 241–243. 113–116 and line of sight. 231 defined. 331–335 reassociation. 415–416 print servers. 411 re-injection attacks. 22 requirements for. 294 rate-adjustment ranges. 412 port-based authentication. See Power Sourcing Equipment (PSE) PSK. 108 predictive site surveys. 19–24 Australian Communications and Media Authority. 156 repeater mode. 29–30 RADIUS servers. 251 project evaluation. 164 Powered Devices (PDs). 136 FCC regulation of wireless. 152 WLAN installation for. 36 preshared key (PSK). 7–8 wireless bridges in. 248–249 reflection. 134–135 and wireless switches.

231 interviewing managers and users about. 416–418 IEEE 802. 412. 328 weak. Mark. 374–376 peer-to-peer. 36 7 dBi antennas.11. 393–395 process of. 412–415 IEEE 802. 371–374 and Windows client vulnerabilities. 11 role-based access control (RBAC). 418 PSK/passphrase authentication. 415–416 TKIP and RC4. 413. 18. 395 requirements of. 358–360 security auditing. 362–364 motivations for. 150 for connecting to the Internet. 247 shadow. 376–380. 428 roaming. 231 for security. 410–411 key hierarchies. 274–281 for connecting to existing network infrastructure. 412. 103–105 disabling. 428 security compliance (with regulations). 59–62 RF behavior. 352–353 MAC spoofing. 392–434 of access points. 427. 433 session layer (of OSI). 234–235 for infrastructure connectivity and power. 314 myths about Wi-Fi. 414 defined. See robust security network (RSN) RSNA. 432–434 policies for network. 156–157 updating. 149 RSN. 411 rogue access points. See single-channel architecture (SCA) scanning. 418–422 encryption. 364–365 hijacking. 393. 230–231 selecting technologies for. 403 push-button. 297–298 at wireless receiver. 352–380 authentication cracking. 29 techniques for. 357–359 identifying and preventing. 232 and constraints. 149–150 firewalls on. 225–235 for client connectivity. 139 rough order estimates. 195 security. 401–422 advanced. 58. 211–212 service set identifier (SSID). 61 gain and loss. See radio frequency(-ies) (RF) RF generators.1X AKM. 396 rogue detection systems. 366–369 management interface exploits.516 CWTS Certified Wireless Technology Specialist Study Guide requirements identification. 132–133 analysis of. 149 routers. 320 RF jamming attacks. 172 S SANS Security Policy Project. 377 SSID hiding. 369–371 social engineering. 146–147 configuration methods for. 330 rubber ducky antennas. 377 standards for. See robust security network association (RSNA) security RTS/CTS. 14