I’ve Taken CLSC—Now What? 40

I’ve Taken CLSC—Now What?

The accepted BCMSN chic follows abundant of the absolute covered in the antecedent Cisco LAN

Switching Configuration (CLSC) course. However, BCMSN has been massively reorganized

and covers a acceptable accord of added accountable matter. To ample in the gaps and accommodate a acceptable study

experience, actuality are some strategies to follow:

• Apprehend and abstraction through the Building Cisco Multilayer Switched Networks arbiter from

Cisco Press (ISBN 1-57870-093-0). This book carefully follows the absolute BCMSN course

material and will accord you a acceptable analysis of the capacity covered in the course.

12 Affiliate 1: All About the Cisco Certified Network Professional and Design Professional Certification

• Apprehend and abstraction the capacity in this book that were not covered in CLSC. Some chapters

to accede are

— Affiliate 2, “Campus Network Design Models”

— Affiliate 5, “Redundant Switch Links”

— Affiliate 6, “Trunking with ATM LANE”

— Affiliate 8, “Multilayer Switching”

• Use this book absolutely as declared in the aperture pages of anniversary of Capacity 2 through 13.

Each affiliate begins with a quiz that helps you appraise the basal capacity you charge to study.

The quiz additionally directs you to the adapted sections of the affiliate to access your

knowledge on specific capacity rather than acute you to apprehend the absolute chapter.

• Use Affiliate 14, “Scenarios for Final Preparation,” as a “last pass” strategy. After

reviewing all added material, quizzes, and “Q&A” sections at the end of anniversary chapter, set

aside time to go through the scenarios. Don’t apprehend to be able to acknowledgment all the scenario

questions after accepting to accredit to the capacity though. The scenarios were advised to

make you anticipate about a advanced array of capacity and to accommodate some added anatomy for

reviewing the book material.

I’ve Taken BCMSN—Now What?

I’ve Taken BCMSN—Now What?

For starters, you’ve taken the best aisle to adapt yourself. However, application and recalling

most of the actual covered in an instructor-led advance is difficult afterwards some time has passed.

To reinforce what you’ve abstruse in the course, actuality are some strategies to follow:

• Use this book absolutely as declared in the aperture pages of anniversary of Capacity 2 through 13.

Each affiliate begins with a quiz that helps you appraise the basal capacity you charge to study.

The quiz additionally directs you to the adapted sections of the affiliate to access your

knowledge on specific capacity rather than acute you to apprehend the absolute chapter.

• Be assertive to apprehend the sections of this book that are not accurately covered in the BCMSN

course. An archetype is Affiliate 6, “Trunking with ATM LANE,” which is not allotment of the

course. By attractive through the account of capacity and topics, you should be able to aces out

sections of the book that you are not so accustomed with.

• Use Affiliate 14, “Scenarios for Final Preparation,” as a “last pass” strategy. After

reviewing all added material, quizzes, and “Q&A” sections at the end of anniversary chapter, set

aside time to go through the scenarios. Don’t apprehend to be able to acknowledgment all the scenario

questions after accepting to accredit to the capacity though. The scenarios were advised to

make you anticipate about a advanced array of capacity and to accommodate some added anatomy for

reviewing the book material.

How to Use This Book to Pass the Exam

How to Use This Book to Pass the Exam

One way to use this book is to alpha at the alpha and apprehend it awning to cover. Although that

would advice you prepare, best bodies would not booty that abundant time, decidedly if you already

knew a lot about some of the capacity in the book.

CCNP

Prerequisites

or

or

Recommended Training

Select An Exam Path

CCNA Certification

Building Scalable Cisco

Networks (BSCN)

Building Cisco

Multilayer Switched

Networks (BCMSN)

Building Cisco

Remote Access

Networks (BCRAN)

BCMSN

E-Learning Edition

BCRAN

E-Learning Edition

Cisco Internetwork

Troubleshooting (CIT)

Single Exam Path Foundation Exam Path

Routing 640-503

Switching 640-504

Remote Access 640-505

Support 640-506

Foundation 2.0 640-509

Support 640-506

CCDP

Prerequisites

or

or

Recommended Training

Select An Exam Path

CCNA Certification

Building Scalable Cisco

Networks (BSCN)

Building Cisco

Multilayer Switched

Networks (BCMSN)

Building Cisco

Remote Access

Networks (BCRAN)

BCMSN

E-Learning Edition

BCRAN

E-Learning Edition

Cisco Internetwork

Design (CID)

Single Exam Path Foundation Exam Path

Routing 640-503

Switching 640-504

Remote Access 640-505

CID 640-025

Foundation 2.0 640-509

CID 640-025

CCDA Certification

10 Affiliate 1: All About the Cisco Certified Network Professional and Design Professional Certification

The blow of you ability appetite to accede a altered action on how to best use this book,

depending on what training you accept had. This book is advised to advice you get the best out

of the time you booty to study.

At the alpha of anniversary chapter, you are instructed on how to accomplish the best use of your time

reading that chapter, bold that you are not action to apprehend every detail. The instructions on

how to use anniversary affiliate are categorical in Figure 1-2.

Figure 1-2 How to Use Capacity 2 Through 13

Each of these capacity begins with a quiz, which is burst into subdivisions alleged “quizlets.”

If you get a aerial score, you ability artlessly analysis the “Foundation Summary” area at the end

of the chapter. If you account able-bodied on one quizlet but low on another, you are directed to the

section of the affiliate agnate to the quizlet on which your account was low. If you score

less than 50 percent on the all-embracing quiz, you should apprehend the accomplished chapter. Of course, these are

simply guidelines.

"Do I Know This Already?" quiz

Low

score

Medium

score

High score,

want more

review

High

score

Read

Foundation

Summary

Read

Foundation

Topics

Q&A Scenarios

Go to next

chapter

How to Use This Book to Pass the Exam 11

After commutual the amount capacity (Chapters 2 through 13), you accept several options for your

next abstraction activity. Affiliate 14, “Scenarios for Final Preparation,” can be acclimated to aggrandize your

thinking to added real-world examples. Network diagrams are presented, forth with questions

from a advanced ambit of switching capacity covered in the amount chapters.

If you appetite alike added final preparation, you can go over the abounding convenance questions located

in anniversary affiliate and on the testing agent on the accompanying CD. All pre-chapter quizzes and

chapter-ending questions, with answers, are in Appendix A, “Answers to the ‘Do I Know This

Already?’ Quizzes and Q&A Sections.” The CD includes testing software, as able-bodied as many

additional questions in the architecture of the Switching Exam. The questions should be a valuable

resource back assuming final preparations.

Recommended Training Aisle for CCNP and CCDP

Recommended Training Aisle for CCNP and CCDP

The recommended training aisle for the Cisco CCNP 2.0 and CCDP 2.0 able level

certifications is as follows:

• Building Scalable Cisco Networks (BSCN)—Covers the avant-garde acquisition protocols

and the ascent issues complex with a ample baffled arrangement with assorted protocols.

• Building Cisco Multilayer Switched Networks (BCMSN)—Covers the switch

infrastructure and the agreement in a ample arrangement environment.

• Building Cisco Alien Admission Networks (BCRAN)—Covers the dialup and RAS

issues complex in ample calibration alien admission designs and implementations.

The CCNP again requires Cisco Internetworking Troubleshooting (CIT) as the final course. The

CCDP requires Cisco Internetwork Design (CID) as the final course.

The recommended training courses will accord you the basics to canyon the exams for the CCNP or

CCDP track. Cisco’s exams, however, will not necessarily accord one-to-one with the

curriculum of a accustomed class. In essence, Cisco is not attractive at the exams as a “fact-stuffing

event” but rather as a barometer of how able-bodied you apperceive and can use the technology.

Figure 1-1 illustrates the training clue for CCNP and CCDP as of September 2000.

CCNP

Prerequisites

or

or

Recommended Training

Select An Exam Path

CCNA Certification

Building Scalable Cisco

Networks (BSCN)

Building Cisco

Multilayer Switched

Networks (BCMSN)

Building Cisco

Remote Access

Networks (BCRAN)

BCMSN

E-Learning Edition

BCRAN

E-Learning Edition

Cisco Internetwork

Troubleshooting (CIT)

Single Exam Aisle Foundation Exam Path

Routing 640-503

Switching 640-504

Remote Admission 640-505

Support 640-506

Foundation 2.0 640-509

Support 640-506

CCDP

Prerequisites

or

or

Recommended Training

Select An Exam Path

CCNA Certification

Building Scalable Cisco

Networks (BSCN)

Building Cisco

Multilayer Switched

Networks (BCMSN)

Building Cisco

Remote Access

Networks (BCRAN)

BCMSN

E-Learning Edition

BCRAN

E-Learning Edition

Cisco Internetwork

Design (CID)

Single Exam Aisle Foundation Exam Path

Routing 640-503

Switching 640-504

Remote Admission 640-505

CID 640-025Foundation 2.0 640-509

CID 640-025

Figure 1-1 CCNP/CCDP 2.0 Training/Exam Track

Topics on the Exam

Topics on the Exam

The afterward account outlines the assorted capacity that you will acceptable appointment on the exam. The

topics represent a abundant account for areas of focus but are not advised as a account of analysis question

topics. Each listed account may accept subitems that will be activated on.

Table 1-3 lists the assay capacity in the adjustment that they are begin aural this book.

Table 1-3 CCNP/CCDP Switching Assay Topics

Chapter Topics

Chapter 2, “Campus Network Design Models” Switching Functionality, Campus Network Models,

Hierarchical Network Design, Cisco Products in the

Hierarchical Design, and Modular Network Design

Chapter 3, “Basic Switch and Port

Configuration”

Desktop Connectivity with Ethernet, Desktop

Connectivity with Token Ring, Connecting

Switches, Switch Management, and Switch Port

Configuration

Chapter 4, “VLANs and Trunking” Virtual LANs, VLAN Trunks, VLAN Trunk

Configuration, VLAN Trunking Protocol, VTP

Configuration, and VTP Pruning

Chapter 5, “Redundant Switch Links” Switch Port Aggregation, Spanning-Tree Protocol

(STP), STP Configuration, STP Design and Tuning,

and STP Convergence Tuning

Chapter 6, “Trunking with ATM LANE” ATM, LANE Operation, and LANE Configuration

Chapter 7, “InterVLAN Routing” InterVLAN Routing Design and interVLAN Routing

Configuration

Chapter 8, “Multilayer Switching” Multilayer Switching, Flow Masks, and Multilayer

Switching Configuration

Chapter 9, “Overview of Hot Standby Routing

Protocol”

Configuring HSRP Operations, HSRP Router Roles,

and HSRP Preempt Status

Chapter 10, “Multicasts” Multicast Methods and Characteristics, Multicast

and Ethernet Addressing, IGMP, Multicast

Technology on Routers and Switches, and Multicast

Routing Protocols

Chapter 11, “Configuring Multicast Networks” Multicast Planning, Multicast Configuration,

Configuring IGMP, and Configuring CGMP

Chapter 12, “Controlling Access in the

Campus Environment”

Access Policies, Managing Network Devices, Access

Layer Policy, Distribution Layer Policy, and Core

Layer Policy

continues

Chapter 13, “Monitoring and Troubleshooting” Monitoring Cisco Switches, Monitoring Commands,

General Troubleshooting Model, Troubleshooting

Commands, and Physical Layer Troubleshooting

Chapter 14, “Scenarios for Final Preparation” Case studies involving all areas of switching

technology

The assay itself is a computer-based assay with assorted choice, fill-in-the-blank, and list-inorder

style questions. The fill-in-the-blank questions charge be abounding in application the complete syntax

for the command, including dashes and the like. For the fill-in-the-blank questions, a asphalt button

is accustomed that can be acclimated to account a ample cardinal of commands in alphabetical order. This setup

is a absolute activity saver if you can’t bethink if there is a birr or an “s” at the end of a command.

Knowing the syntax is key, though, because the account contains some artificial commands as able-bodied as

the absolute ones.

As with best of the Cisco exams, you cannot “mark” and acknowledgment to a question. This requires that

you acknowledgment a catechism afore affective along, alike if it agency academic at an answer. Remember

that a bare acknowledgment is incorrect.

The assay can be taken at any Sylvan Prometric testing centermost (1-800-829-NETS or http://

www.2test.com).

What’s on the Switching Exam?

What’s on the Switching Exam?

As with added Cisco exams, the exact assay agreeable is not about known. In fact, Cisco makes

fairly accepted Switching Assay agreeable accessible to the accessible at www.cisco.com/warp/public/

10/wwtraining/certprog/testing/pdf/bcmsn.pdf

In accession to the accepted agreeable listed, this book is structured to awning the agreeable of the

Building Cisco Multilayer Switched Networks (BCMSN) course. This agreeable provides full

coverage of switching capacity that ability be encountered in either the Switching Assay or realworld

CCNP/CCDP workplace.

Other Cisco CertificationsOther Cisco Certifications

Other Cisco Certifications

The certifications mentioned so far are aggressive against acquisition and LAN switching. Cisco has

many added certifications, which are abbreviated in Table 1-2. Refer to Cisco’s web armpit at

www.cisco.com/warp/public/10/wwtraining/certprog/index.html for added information.

Additional Cisco Certifications

Certification Purpose, Prerequisites

CCNA-WAN Basic acceptance for Cisco WAN switches.

CCNP-WAN Intermediate acceptance for Cisco WAN switches. Requires

CCNA-WAN.

CCDP-WAN Architecture acceptance for Cisco WAN switches. Requires

CCNP-WAN.

CCIE-WAN Expert akin acceptance for Cisco WAN switches. No

prerequisite. Requires assay and lab.

CCIE-ISP Dial CCIE akin acceptance for Internet account provider (ISP) and

dial arrangement skills. No prerequisite. Requires assay and lab.

CCIE-SNA-IP Expert akin acceptance for Cisco articles and appearance acclimated for

melding SNA and IP networks. No prerequisite. Requires exam

and lab.

CCIE-Design Expert akin acceptance that covers architecture attempt accompanying to

the access, distribution, and amount layers of ample internetworks. It

also requires candidates to accept a absolute compassionate of

Campus Design, Multiservice, SNA-IP, and Arrangement Management

related architecture issues.

CCNP and CCDP specializations Several specialized certifications are accessible for CCNP and

CCDP (routing/switching). See www.cisco.com/warp/public/10/

wwtraining/certprog/special/course.html for added details.

Exams Appropriate for Certification

Exams Appropriate for Certification

To accredit for CCNP or CCDP, acknowledged achievement of a accumulation of exams is required. The

exams about bout the aforementioned capacity that are covered in one of the official Cisco courses.

Table 1-1 outlines the exams and the courses with which they are best carefully matched.

Table 1-1 Exam-to-Course Mappings

Certification

Exam

Number Name

Course Best Carefully Matching

Exam Requirements

CCNA 640-507 CCNA assay Interconnecting Cisco Network

Devices (ICND)

CCDA 640-441 CCDP Assay Designing Cisco Networks (DCN)

CCNP 640-503 Routing Assay Building Scalable Cisco Networks

(BSCN)

640-504 Switching Assay Building Cisco Multilayer Switched

Networks (BCMSN)

640-505 Remote Access

Exam

Building Cisco Remote Access

Networks (BCRAN)

640-509* Foundation

Exam

BSCN, BCMSN, and BCRAN

640-506 Support Assay Cisco Internetwork Troubleshooting

(CIT)

CCDP 640-503 Routing Assay Building Scalable Cisco Networks

(BSCN)

640-504 Switching Assay Building Cisco Multilayer Switched

Networks (BCMSN)

640-505 Remote Access Assay Building Cisco Remote Access

Networks (BCRAN)

640-509* Foundation Assay BSCN, BCMSN, and BCRAN

640-025 CID Assay Cisco Internetwork Design (CID)

*Exam 640-509 meets the aforementioned requirements as casual these three exams: 640-503, 640-504, and 640-505.

Overview of Cisco Certifications

Overview of Cisco Certifications

Cisco’s capital action abaft the accepted acceptance affairs is to accommodate a agency of

measuring the abilities of bodies alive for Cisco Resellers and Certified Partners. Cisco fulfills

only a baby allocation of its orders via absolute auction from Cisco; best times, a Cisco reseller is

involved.

Cisco has not attempted to become the alone antecedent for consulting and accomplishing services

for arrangement deployment application Cisco products. In 1996–97 Cisco boarded on a channel

program whereby business ally would be the eyes and aerial to the abate and midsize

businesses that Cisco could not anatomy a associate accord with. Instead, Cisco ally of all sizes

were accustomed the Cisco banderole into these abate companies. With that business model, there was

a abundant charge to accredit the accomplishment levels of the accomplice companies.

The Cisco Certified Internetworking Expert (CCIE) affairs was Cisco’s aboriginal cut at

certifications. Introduced in 1994, the CCIE was advised to be one of the best respected,

difficult-to-achieve certifications. To certify, a applicant had to canyon a accounting analysis offered at

Sylvan Prometric and again a two-day hands-on lab administered by Cisco.

Certifying resellers and casework ally by application the cardinal of active CCIEs as the gauge

worked able-bodied originally, partly because Cisco had decidedly beneath ally than it does today.

Cisco was application the cardinal of CCIEs on agents as allotment of the belief in free the akin of

partner cachet for the company, which in about-face dictated the abatement accustomed by the reseller when

buying from Cisco. The cardinal of resellers was growing and with Cisco’s charge to the

lower bank bazaar and abate admeasurement business, it bare to accept abate integrators sized

appropriately.

The CCIE acceptance fell abbreviate of the ambition of allowance to accredit resellers and added ally as

the cardinal of ally added to accommodate some abate integrators that were acceptable the

medium and baby business markets. Many abate resellers that provided turnkey solutions for

small businesses were not able to attain any amount of abatement because of their size. Cisco,

however, bare their abilities to abide to abduction the baby business market, which is one of

the better markets in the internetworking amphitheatre today.

Cisco bare certifications that were beneath accurate than the CCIE, which would acquiesce Cisco

more granularity in anticipation the abilities on agents at a accomplice company. Therefore, Cisco created

several added certifications: the CCNA, CCDA, CCNP, and CCDP.

Two categories of certifications were developed: one to accredit accomplishing abilities and the

other to accredit architecture skills. Resellers alive in a pre-sales ambiance charge added design

skills, admitting casework companies crave added accomplishing skills. So the CCNA and

CCNP accommodate implementation-oriented certifications; whereas, the CCDA and CCDP provide

design-oriented certifications.

Rather than aloof one akin of acceptance besides CCIE, Cisco created two added levels: an

Associate akin and a Professional level. CCNA is the added basic, and CCNP is the intermediate

level amid CCNA and CCIE. Likewise, CCDA is added basal than CCDP.

Overview of Cisco Certifications 5

Several of the certifications crave added certifications as a prerequsite. For instance,

CCNP acceptance requires CCNA first. Also, CCDP requires both CCDA and CCNA

certification. CCIE, however, does not crave any added acceptance above-mentioned to the accounting and lab

tests, mainly for actual reasons.

Cisco certifications accept become a abundant bare article in the internetworking world. The

CCNP and CCDP certifications are absolutely addition win-win bearings for you and for Cisco.

All About the Cisco Certified Network Professional and Design Professional Certification

All About the Cisco Certified

Network Professional and Design

Professional Certification

The Cisco Certified Arrangement Professional (CCNP) and Cisco Certified Architecture Professional

(CCDP) certifications are the additional akin of Cisco certifications and are acceptable popular

as added incentives become accessible to both acceptance holders and their employers.

Cisco has advised both the CCNP and CCDP certifications as affirmation that an individual

has completed a accurate aisle of testing in the arrangement arena.

The CCNP and CCDP advance crave the applicant to be adequate in avant-garde routing

techniques, switching techniques, and dialup or RAS technology. In accession to those

subjects, the CCNP charge be able to, afterwards a book, configure and troubleshoot a routed

and switched network. The CCDP charge authenticate the accomplishment to abstract a all-inclusive abundance of

user requirements and adapt a scalable architecture that fits the chump needs and

requirements.

The CCNP is a added “hands on” acceptance that involves testing for a array of routing

and switching skills. Both agreement and troubleshooting are covered. Short of the

CCIE, this acceptance is currently one of the best approved after.

The CCDP clue focuses on designing scalable networks application acquisition and switching

technologies. Testing involves the aforementioned array of exams and accountable amount as the CCNP

track, with the barring of the Support exam. Instead, the CCDP clue ends with the Cisco

Internetwork Architecture exam. Because this acceptance focuses on the architecture aspects of

internetworking, it is added ill-fitted for the pre-sales artist or the arrangement architect.

Because both the CCNP and CCDP advance the aforementioned abject set of requirements (except the

final assay in the series), it is not suprising to acquisition that a CCNP can aftermath a solid, scalable

network design, while a CCDP can configure a router in a multiprotocol, routing, and

switching environment. The key affair is the focus of the applicant in the business world.

Neither CCNP nor CCDP acceptance is a “one analysis and you pass” blazon of exam. Instead,

each requires a alternation of either two or four exams. The exams are alone difficult

because of the abyss of compassionate bare for anniversary breadth of concentration. As well, each

certification requires the Cisco Certified Arrangement Associate (CCNA) acceptance as a

prerequisite.

The focus of this book is the alertness and casual of the Cisco CCNP Switching Exam

because this assay (or its content) is appropriate for either CCNP or CCDP.

Small Appointment and Home Wireless LANs


Small Appointment and Home Wireless LANs

It is abundant easier to install a wireless LAN at home than a active network. A archetypal homeowner

will not accede active cables throughout the house. It is time-consuming and requires stringing

wires through the walls, which can be catchy and frustrating.

Small Appointment and Home Wireless LANs 843

With a wireless LAN, advisers can accompany laptops home from assignment and abide alive aloof as

they do from their offices. For abounding professions, this makes it accessible for bodies to assignment from

home added effectively, whether it is to absorb a few added hours researching advice on the

Internet or to accredit telecommuting on a circadian basis.

Of course, with a wireless laptop, you absolutely can assignment from anyplace in the house. There is nothing

tying you bottomward to a board in a accurate room. You are chargeless to use the Internet or admission files on

other computers while able in a comfortable armchair in avant-garde of a TV, lounging on the patio breathing

fresh air, or sitting at a board in a quiet bedroom, aloof like you see in the commercials.

Wireless LANs at home are acceptable for PCs as well. Unlike companies, Ethernet cabling in homes

is about nonexistent. That makes wireless the best way to affix anchored PCs to the network.

You will accept abundant added adaptability in analysis a PC to any allotment of the abode after actuality near

the broadband modem.

Overall, a home wireless LAN is almost simple (refer to Figure H-7).

Figure H-7 Archetypal Home Wireless LAN Configuration

When installing a wireless LAN at home, booty into annual the afterward ideas:

■ Purchase a Wi-Fi router—With best home wireless LAN installations, you allegation a Wi-Fi

router, not aloof an admission point. The router includes Layer 3 functions on top of the access

point. For example, Linksys (a Cisco company) specializes in alms Wi-Fi routers for home

use. The router provides DHCP and NAT (Layer 3 functions), which are both all-important for

allowing assorted Wi-Fi networking devices, such as laptops, PCs, and printers, to allotment the

single broadband (DSL or cable modem) Internet connection. A distinct 802.11a/b/g Wi-Fi

router is about abundant to absolutely awning best homes. For example, a distinct dual-band router

provides abounding advantage and admirable achievement throughout my absolute two-story house

with a accomplished basement.

Broadband

Modem

Internet

Service

Provider

Wi-Fi

Router

A distinct Wi-Fi router centrally

located is about abundant to

cover a baby appointment or home.

DHCP Response

DHCP Request

844 Addendum H: Wireless LAN Solutions

■ Centralize the router installation—Install the router aural ability of the broadband modem,

using Ethernet application cable. If you accept not already accustomed a broadband connection,

consider accepting it installed about axial to the areas area you will be application the

wireless network. This is about the centermost of the home.

Ideally, install the broadband affiliation in the aforementioned allowance as any accessory (such as a

printer) that you appetite to affix to one of the Ethernet ports provided by the router.

In a home with two floors, accept accession on the attic area you will be using

the arrangement a college allotment of the time.

■ Configure aegis mechanisms—By default, best Wi-Fi routers do not accept any security

enabled, which agency that all abstracts packets are beatific unencrypted, in the clear. An unscrupulous

person sitting in a car alfresco your home, for example, can wirelessly adviser these

transmissions and see e-mail contents, usernames, and passwords. In addition, unauthorized

users can admission files on computers central the home and use the Internet through your

broadband ISP connection.

If you do not appetite this to happen, again actuate encryption supplied aural your

router. Active Equivalent Privacy (WEP) is bigger than nothing, but booty advantage of

the added avant-garde WPA or 802.11i if it is accessible on the router that you have

chosen.

This area lists added capacity and facts to annular out the advantage of the capacity in this chapter.

Unlike best of the Cisco Press Assay Certification Guides, this “Foundation Summary” does not

repeat advice presented in the “Foundation Topics” area of the chapter. Please booty the

time to apprehend and abstraction the capacity in the “Foundation Topics” area of this appendix, as able-bodied as

review items acclaimed with a Key Topic icon.

The Cisco SWAN framework offers a accumulating of apparatus that comprises a secure,

interoperable, and acquiescent wireless LAN solution. When deploying action wireless

solutions, be assertive to apparatus accurate aegis practices. Also, plan on acknowledging voice

services, because abounding companies are now alpha to booty advantage of the applicative assets in

efficiencies. Accessible wireless LANs can be actual complex, abnormally for the beyond venues, mainly

because of the allegation for user affidavit and announcement functions.

Memory Builders

The CCIE Routing and Switching accounting exam, like all Cisco CCIE accounting exams, covers a fairly

broad set of topics. This area provides some basal accoutrement to advice you exercise your anamnesis about

some of the broader capacity covered in this chapter.

Definitions

Next, booty a few moments to abode bottomward the definitions for the afterward terms:

client tracking, Cisco SWAN, Cisco WDS, Fast Defended Roaming, accessible wireless LAN,

radio administration aggregation, wireless LAN controller, Wireless LAN Threat Defense

Solution, WLSE, IP PBX

Further Reading

For added capacity apropos wireless LANs, accede account the afterward Cisco Press books:

■ Wireless Networks First-Step, by Jim Geier

■ 802.11 Wireless LAN Fundamentals, by Pejman Roshan and Jonathan Leary

Answers to “Do I Know This Already?” Quiz Questions

1. b. WDS is a accepted Cisco affection that eases the deployment, usage, and abutment of wireless

LANs. WDS is not hardware.

2. d. SWAN includes all the basal architecture blocks all-important to finer apparatus and

support a wireless LAN.

3. a. The Cisco Aironet 1000, 1100, and 1200 Series admission credibility are advised for calm use.

The Cisco Aironet 1300 is the alone SWAN admission point advised for alfresco use.

4. b. The Cisco Aironet 350 is an earlier admission point archetypal that was appear above-mentioned to the

ratification of 802.11g and 802.11e.

5. d. You should focus on Layer 2.

6. b. To abutment articulation services, the SNR allegation be at atomic 25 dB. At this SNR, the abstracts amount will

be optimal, which provides able performance. The advantage overlap allegation be at least

20 percent to abstain alone calls as users roam through the facility. An SNR of 20 dB would

provide acceptable abundant arresting advantage for data-only applications, but it is not acceptable abundant for

voice services.

7. c. Best RF arrest is in the 2.4-GHz band, which is the bandage that 802.11b/g uses. As a

result, you can abstain RF arrest by application 802.11a, which operates in the 5-GHz band.

Using added Wi-Fi phones or abbreviating the admission point abode ability will not help

counter RF interference.

8. b. If you attenuate the broadcasting of SSIDs with accessible wireless LANs, Microsoft Windows

on the user accessories does not affectation the arrangement to users. Therefore, it is best to advertisement the

beacons.

9. a. With accessible wireless LANs, a announcement basic is all-important to allegation users for access.

The aegis of a accessible wireless LAN, however, is about kept to a minimum to increase

the artlessness of the network. Action wireless LANs, though, accommodate best security

features and no announcement functions. The performance, admission point hardware, and management

mechanisms of accessible and action wireless LANs are about the same.

10. d. With baby appointment and home wireless LANs, a Wi-Fi router is all-important to accredit the

sharing of a accepted official IP abode (supplied by the ISP) amid assorted computers.

Thus, DHCP and NAT are needed. Both Wi-Fi routers and admission credibility can accomplish at the

same speed, accommodate the aforementioned akin of security, and accept the aforementioned longevity.


Public Wireless LANs

Public Wireless LANs

Many accessible venues, such as airports, coffee shops, hotels, and assemblage centers, action Wi-Fi

access to the Internet. This anatomy of arrangement is generally referred to as a accessible wireless LAN

(PWLAN). PWLANs acquiesce bodies who are abroad from their homes and offices to admission e-mail,

browse the Internet, and interface with accumulated applications. The abate accessible “hotspots” may

only accept a distinct admission point abutting anon to an ISP. Larger implementations usually have

numerous admission points, agnate to an action installation, and absorb user authentication

and announcement functions. In some cases, admission to the Internet is free. Other hotspots, abnormally those

offering civic roaming, allegation a fee for usage.

The accomplishing of a accessible wireless LAN is generally the best complex, as compared to other

networks, mainly because of the charge to adapt admission to the arrangement and to abutment a wide

variety of user interfaces. Figure H-6 illustrates the agreement of a PWLAN. Admission points

interconnect to an admission controller, which regulates admission to the Internet. A user, for

example, initially connects to an admission point and attempts to use their browser. The access

controller receives the browser’s URL appeal and, instead of abiding the requested page,

returns an HTML login page. The user enters their credentials, such as username and password,

and the ambassador again opens admission to the Internet for that user. If a user is not a subscriber, the

controller easily them off to a announcement arrangement to accumulated acquittal afore acceding admission to the

Internet.

Public Wireless LANs 841

Figure H-6 Typical Accessible Wireless LAN Configuration

When deploying PWLANs, accede the tips begin in Table H-4.

Table H-4 Accessible Wireless LAN Deployment Tips

Tip Justification Details

Offer an accessible user

interface

A PWLAN needs to serve a assorted population, and the connection

experience for users should be as accessible as application a adaptable phone. The

quandary is that PWLAN users do not use a frequently configured device.

As a result, adverse user accessory configurations are the base of most

problems, such as agitation abutting to the network. Be abiding the solution

interfaces with the widest accessible cardinal of users. This maximizes the

number of subscribers that the hotspot provider can attain. Best Wi-Fi

users today accept 802.11b applicant devices, but plan advanced for the larger

potential admeasurement of 802.11g and 802.11a and accede installing

access credibility that abutment 802.11b/g and 802.11a.

Implement user

authentication and billing

For authentication, arrange a ambassador that regulates admission to the

protected arrangement casework you are accouterment to users. Whether you should

purchase a abstracted admission ambassador or use a “smart” admission point that

provides hotspot casework depends on your specific requirements. If there

are lots of hotspots with alone a few users at anniversary one, again it makes sense

to use lower-end admission credibility in the accessories and a abstracted ambassador at a

central point to serve the assorted hotspots. If you accept abounding users at the

hotspot, again an admission point with congenital access-control appearance is

preferable because it localizes ascendancy and improves performance.

continues

Access Points

Switch

Access

Controller

Access Points

Internet

Billing

System

Tip Justification Details

Disable Layer 2 aegis It is not applied to apparatus Layer 2 aegis as allotment of a PWLAN,

because it is not achievable or alike accessible in best cases to manage

passwords and accommodate adequate levels of interoperability. As a result,

disable link-level encryption, such as WEP and WPA, and await on public

users to defended their own admission through the use of VPNs and

SSL-based websites and e-mail systems.

Broadcast SSIDs With PWLANs, you appetite abeyant users to acquisition the network. Thus, be

certain to accredit broadcasting of SSIDs from admission points. Also, accord the

SSID a apparent name that distinguishes your hotspot from others.

Include DHCP casework As users roam to altered hotspots, their applicant accessories charge an IP address

that corresponds to the bounded network. To accredit adrift with as few enduser

actions as necessary, authorize DHCP casework to automatically assign

IP addresses to visiting users. Best versions of Windows operating

systems by absence actuate DHCP, so users apparently will not accept to do

anything.

Focus on increasing

capacity

Many hotspots, such as those at airports and assemblage centers, accept lots

of users in almost baby areas. The accumulated throughput requirements

of these densely busy areas can be actual ambitious on individual

access points, abnormally those based on the almost low-bandwidth

802.11b. As a result, pay appropriate absorption to appropriately allocation the PWLAN.

To break this problem, accede agreement the admission credibility afterpiece together

and blurred their address power. This provides college accommodation in a given

area by segmenting users.

Enable broadcasting of

SSIDs

In PWLANs, you should ensure that beacons beatific by the admission point

broadcast the SSID of the network. This enables Microsoft Windows to

identify and affectation the wireless arrangement to the user. If the SSIDs are not

broadcasted, again the user will apprehend that the arrangement is present, and the

user will accept to manually configure the SSID in Windows.

Monitor for RF

interference

As with any wireless LAN, RF arrest can be an issue. So, pay

special absorption to the achievability of RF arrest back deploying

PWLANs. The best accepted arrest sources in a accessible ambience are

other wireless LANs, mainly because of abutting adjacency of unrelated

public hotspots and appointment barrio with wireless LANs.

Applying Wireless LANs in Enterprises 839 Voice Services

Applying Wireless LANs in Enterprises 839

Voice Services

Voice account over wireless LANs is acceptable the analgesic appliance that is causing the industry to

explode. Many adaptable accessory makers are alpha to accommodate chip Wi-Fi in acute phones

and PDAs forth with cellular interfaces, and enterprises are alpha to accept the

significant advantages of application articulation services, forth with data, over wireless LANs. The Cisco

Wireless IP Buzz 7920, for instance, interfaces with 802.11b admission points. Incredible assets in

efficiency are accessible by accouterment advisers with wireless phones for use throughout the

enterprise, and the use of a accepted wireless LAN basement is acutely cost-effective for

supporting both articulation and abstracts services.

Figure H-5 illustrates a archetypal articulation over wireless LAN (VoWLAN) configuration. The Wi-Fi

phone communicates with an IP PBX. The IP PBX, such as a Cisco CallManager (CCM),

interfaces with the buzz by application IP and provides admission to the Public Switched Telephone

Network (PSTN). The IP PBX handles calls aural the ability and interfaces with the PSTN for

external calls. VoIP gateways are accessible to interface Wi-Fi phones to a bequest PBX.

Figure H-5 Articulation over Wireless LAN Configuration

When deploying articulation casework over wireless LANs, accede the suggestions begin in Table H-3.

Table H-3 Articulation over Wireless LAN Deployment Tips

Tip Justification Details

Perform authentic RF

site surveys

To abstain advantage holes and ensure able arresting levels, a company

should accomplish an authentic RF armpit analysis back chargeless the optimum

positioning of admission points. Cisco has guidelines for deploying Wi-Fi

phones, which call the charge for a minimum of 25-dB SNR with

approximately 20 percent overlap amid adjoining radio cells. This is

somewhat college SNR than what is bare for data-only applications.

continues

Access Points

Switch

IP PBX

Access Points

PSTN

V

Tip Justification Details

Choose admission credibility that

support fast roaming

Wi-Fi phones crave a fast handoff amid admission credibility as users

roam throughout the facility. In general, the handoff should be under

100 ms; however, it is best to architecture networks for adrift delays of

50 ms or less. The adrift delay, however, charge additionally booty into account

the cessation that the backend arrangement provides, because the Wi-Fi

phone is absolutely communicating with apparatus residing on the

wired network.

Carefully appraise RF

interference

The attendance of RF arrest can acutely agitate articulation casework on

wireless LANs. As a result, be assertive to accredit RF channels to the

wireless LAN to break abroad from arrest sources, such as microwave

ovens and cordless phones. It is additionally important to ensure that adjacent

access credibility are far abundant afar to abstain inter-access point interference.

In some cases, a aggregation should accede the use of 802.11a for

supporting articulation services, because the 5-GHz bandage is almost chargeless from

RF interference.

Enterprise Security

Enterprise Security

Security is one of the best important aspects of an action wireless LAN. Without proper

security mechanisms in place, a aggregation is accessible to hackers accepting admission to unauthorized

information and possibly antibacterial arrangement resources. The ambition of able aegis is to use a

combination of accurate aegis practices to ensure that the company’s advice systems assets

are safe.

To appropriately defended an action wireless LAN, aboriginal authorize wireless aegis polices. Before

installing the wireless LAN, accede requirements and authorize accurate aegis behavior that

provide able protection. These behavior should authorization aggregation ascendancy of the installation

of wireless LAN apparatus and abode architectural elements, such as encryption and

838 Appendix H: Wireless LAN Solutions

authentication protocols, banned of RF arising alfresco the facility, and admission point physical

mounting restrictions.

Most installations should focus on implementing Layer 2 security. Best companies deploying

wireless LANs apparatus Layer 2 aegis to administer aegis amid applicant accessories and access

points. In this case, the admission credibility affix anon to the accumulated network. This is a costeffective

method for accouterment aegis throughout the enterprise, abnormally back there are a

relatively ample cardinal of wireless users. Wi-Fi Protected Admission (WPA) is a acceptable encryption

mechanism to use for this purpose because it automatically assigns encryption keys periodically

to applicant devices.

If a cogent cardinal of visitors charge wireless admission to Internet services, however, it adeptness be

more applied to affix the admission credibility alfresco the DMZ and crave advisers to use VPN

client software to admission accumulated resources. Figure H-4 illustrates this approach. If many

employees charge wireless connections, however, this admission could be almost big-ticket due

to the cogent cardinal of VPN admission bare with the accumulated system.

Figure H-4 Public Wireless LAN Within an Enterprise

Most installations should try to absolute advancement of radio signals alfresco the facility. As a

precaution, accede designing the wireless LAN in a way that banned radio signals from being

received alfresco the facility. This minimizes the adeptness for a hacker to accessory with one of the

wireless LAN admission points. A aggregation can abate radio advancement alfresco the architecture by

properly adjustment antennas and abbreviation the address ability of admission points.

Secure Arrangement Un-Secure Network

Corporate

Network

Access Points

Access Points

Firewall

Applying Wireless LANs in Enterprises

Applying Wireless LANs in Enterprises

There are abounding applications for wireless LANs in enterprises. For example, a aggregation might

deploy a wireless LAN to activate its workforce. Larger enterprises, such as Microsoft, accept done

this and accomplished cogent allotment on advance through the accretion in efficiencies. The adeptness for

an agent to admission e-mail and added abstracts from anywhere aural the adeptness saves a

significant bulk of time and money. Employees are added advantageous and able to acknowledge to

specific contest faster. A sales representative, for example, can acknowledge to an analysis from a

customer while accessory a affair in the appointment allowance rather than cat-and-mouse until after

returning to the office.

Another use for wireless LANs in the action is to accommodate a wireless arrangement for customers

and consultants to calmly admission Internet casework while visiting the company’s facilities. In this

case, a aggregation places the admission credibility alfresco the DMZ and treats the arrangement as a public

network begin at archetypal Wi-Fi hotspots. The availability of networking casework in this situation

helps both the aggregation and its visitors by deepening the adeptness to communicate.

Reporting, Trending, Planning, and Troubleshooting

Reporting, Trending, Planning, and Troubleshooting

WLSE advance accomplishments fabricated by audience to aid in troubleshooting arrangement admission problems. For

example, a user abounding be accepting troubles advertence with an admission point. The ambassador or

help board can appearance contempo affairs with the applicative admission point and actuate the source

of the problem.

Self-Healing Functions

Self-Healing Functions

If an admission point fails, WLSE can automatically admission the ability and agnate coverage

of surrounding admission credibility to atone for the advantage hole. This bound fixes advantage hole

problems while the ambassador replaces the bootless admission point. WLSE additionally has a backup

mechanism that automatically takes over and notifies the ambassador if the primary WLSE fails.

Air/RF Scanning and Monitoring

Air/RF Scanning and Monitoring

Cisco Aironet admission credibility accept chip RF scanning and altitude appearance that

collect advice apropos the RF environment, which may accommodate rogue admission points

and users. WLSE analyzes this abstracts and provides letters and alerts back rogue accessories are

found or back RF advantage is not optimum. WLSE additionally helps actuate the antecedent of RF

interference. These appearance abate the charge to install committed analysis accessories to monitor

for rogue admission points.

Secure User Interface

Secure User Interface
WLSE includes a secure, role-based, HTML user interface to facilitate remote access to the
management functions. As a result, an administrator can use WLSE functions while sitting in an
office, when traveling, or from home. All communications between WLSE and the access points
is done via SSL.

Security Policy Monitoring

Security Policy Monitoring

WLSE monitors the arrangement via SNMP and ensures that all admission credibility are configured to ensure

adherence to aegis policies. If an abnormal agreement is found, WLSE issues alerts via

e-mail, Syslog, or SNMP allurement notifications. This precludes addition from authoritative use of a rogue

access point to attach to the accumulated network. WLSE detects abnormal agreement of the rogue

device and promptly alerts the administrator.

Intrusion Detection System

Intrusion Detection System
WLSE detects unauthorized access points and tracks wireless clients participating in the wireless
LAN. For example, WLSE detects clients spoofing authorized MAC addresses, excessive probe
requests, and unusual deauthentication frames that indicate potential man-in-the-middle or DoS
attacks.

Fault Status

Fault Status

WLSE displays a appearance of all admission credibility and accessory groups, with blush coding and accumulation icons

that announce accountability status. Accountability notifications are done via Syslog messages, SNMP traps, and

e-mail. This is abnormally important with wireless LANs, because a adulterated admission point, possibly

due to a burst antenna, could go disregarded for weeks or months if no ecology functions are

available. Users in this bearings tend to acclimate to the consistent advantage aperture by affective to a

different allotment of the ability to advance connectivity. Careful ecology of the accountability cachet of

access credibility eliminates this problem.

Customizable Thresholds

Customizable Thresholds
Administrators can define a variety of faults and performance thresholds, such as network load,
RF usage, errors, and clients associations, and specify actions and fault priorities. If data traffic
836 Appendix H: Wireless LAN Solutions
through a particular access point reaches capacity, for instance, WLSE can send an alert to the
administrator via SNMP.

Multiple Service Set Identifier Support

Multiple Service Set Identifier Support
WLSE allows the configuration of up to eight broadcast SSIDs per access point radio. Each SSID
can be assigned to a particular VLAN, facilitating the use of VLANs to separate user traffic. The
SSID “public,” for example, may tie to the VLAN connecting to the Internet from outside the
DMZ of the company network.

VLAN Configuration cisco

VLAN Configuration
WLSE allows administrators to centrally configure and monitor VLANs on access points. This
feature enables the administrator to separate traffic among different groups of users associating
with the same access point. For example, one VLAN may be assigned to public users, and a
different VLAN may be provided for staff members.

Dynamic Grouping

Dynamic Grouping
Administrators can group access points that span different subnets into different groups to enable
more intuitive network management. For example, one group of access points may be named
“public,” and another group may be named “Engineering,” regardless of where the access points
physically reside on the network. This is similar to the concept of multiple VLANs at Layer 2.

Centralized Firmware UpdatesCentralized Firmware Updates

Centralized Firmware Updates

WLSE allows administrators to amend firmware on admission credibility and bridges on an alone or

group basis. Timely firmware updates are analytical for ensuring optimum performance, reliability,

and aegis of the network.

Assisted Armpit Surveys

Assisted Armpit Surveys

WLSE’s assisted armpit analysis apparatus automatically identifies optimal RF channels and address power

and periodically assesses achievement with account to baseline site-survey settings. These features

ease wireless LAN accession by abbreviation the accomplishment bare to accomplish RF testing in the facility

prior to installing the network. WLSE generates notifications to the ambassador back applicable

configuration updates are all-important as the RF dynamics of the ability change over time.

Automatic Access Point Configuration

Automatic Admission Point Configuration

WLSE automatically discovers and configures Cisco Aironet admission credibility based on admission point

type, subnet, and software version. This eliminates the charge to manually configure anniversary admission point

separately. WLSE allows the ambassador to amend any of the admission point configurations, such as

NOTE While the accepted CCIE Routing and Switching accounting assay adapt does not

typically account products, wireless is the alone such case in which the adapt does mention

products. Obviously, the artefact mix will change over time, with accelerated changes in the Cisco

WLAN artefact mix acceptable amid the achievement date of this chapter, advertisement date,

and into the aboriginal activity of this book. You may appetite to focus added on the types of features

implemented by types of products. You can additionally accredit to http://www.cisco.com/en/US/partner/

products/hw/wireless/index.html for added advice on artefact changes (requires a CCO

username/password).

Cisco Structured Wireless-Aware Network 835

WPA aegis settings, SSID, and RF channel. WLSE can additionally accomplish accumulation upgrades of earlier Cisco

access credibility active VxWorks to newer Cisco IOS Software versions. WLSE food the aftermost four

configuration versions for anniversary admission point so that an ambassador can calmly disengage changes.

CiscoWorks Wireless LAN Solution EngineCiscoWorks Wireless LAN Solution Engine

CiscoWorks Wireless LAN Solution Engine
CiscoWorks WLSE is a centralized network management system for Cisco Aironet solutions.
WLSE is a key component of SWAN and consists of the following features:
■ Automatic access point configuration
■ Assisted site surveys
■ Centralized firmware updates
■ Dynamic grouping
■ VLAN configuration
■ Multiple service set identifier (SSID) support
■ Customizable thresholds
■ Fault status
■ Intrusion detection system
■ Security policy monitoring
■ Secure user interface
■ Air/RF scanning and monitoring
■ Self-healing functions
■ Reporting, trending, planning, and troubleshooting
These features are discussed, in turn, in the following sections.

Cisco SWAN Hardware

Cisco SWAN Hardware

When architectonics a wireless LAN based on Cisco SWAN, a aggregation charge accept apparatus designed

to fit into the architecture. Cisco SWAN includes the apparatus declared in Table H-2.

Table H-2

Cisco SWAN Hardware

Hardware Type Function

Cisco Aironet Series access

points

These admission points, which charge run Cisco IOS Software to be allotment of

SWAN, are a binding basic of Cisco SWAN. They enable

roaming throughout the arrangement and interconnect wireless LAN users

to the active network.

Management and security

servers

Cisco SWAN requires the use of the CiscoWorks Wireless LAN

Solution Engine (WLSE) and an IEEE 802.1x affidavit server,

such as Cisco Secure Admission Control Server (ACS), for management

and aegis of the wireless LAN.

Wireless LAN applicant accessories The applicant accessories charge be Wi-Fi certified or IEEE 802.11 client

adapters. Cisco Aironet or Cisco-compatible applicant devices, which are

optional, action added features, such as bigger security, enhanced

interoperability, and continued radio management.

Infrastructure accessories Cisco incorporates wireless capabilities into its switches and routers,

such as the Cisco Catalyst 6500 Series Wireless LAN Services Module

(WLSM), which creates a unified arrangement arrangement that interoperates

effectively with Cisco SWAN admission points. WLSM allows no accident of

Layer 3 connectivity as users roam from admission point to admission point

across a ample campus. Each WLSM supports up to 300 admission points

and 6000 wireless clients.

Intrusion Apprehension System

Intrusion Apprehension System

Cisco SWAN includes the Wireless LAN Threat Defense Solution, which includes an intrusion

detection arrangement (IDS) (refer to Figure H-2). This safeguards the wireless LAN from malicious

and crooked access. For example, the IDS detects and suppresses rogue admission credibility by

disallowing them to accredit with the network, and identifies detached audience through

MAC abode affiliation tables. The IDS integrates with the Cisco Self-Defending Network, the

Cisco eyes for arrangement security.

830

Appendix H: Wireless LAN Solutions

Figure H-2

Cisco Wireless LAN Threat Defense Solution

The IDS provides an alternative adequacy for application Cisco Aironet and Cisco-compatible client

devices to continuously browse and adviser the RF environment. The applicant accessories assignment jointly

with Cisco Aironet admission credibility to consistently admeasurement RF activity. This client-assisted rogue

access point scanning and ecology increases rogue admission point apprehension and enhances the

security of the network. As apparent in Figure H-3, the radio administration (RM) aspect in the client

device identifies a rogue admission point and letters accordant allegation to WLSE. The RM element

looks for admission point configurations that announce a rogue, such as an crooked SSID and

MAC address.

Si Si

Si

Si

Si

RM RM

Rogue

Access Point

Switch-

Based

WDS

RM = Radio Management

Si

RM RM

RM

Rogue

Access Point

Access Point-

Based WDS

Rogue

Access Point

RM = Radio Management

Figure H-3

Cisco IDS with Applicant Scanning

Cisco Wireless LAN Hardware

Cisco Wireless LAN Hardware

Cisco has a complete band of wireless LAN accouterments that addresses the needs of enterprises, public

networks, and homes. The afterward account identifies anniversary of these devices, by category, that integrate

into SWAN:

Access points

:

Cisco Aironet 1300 Series

—A multifunctional basic that provides access

point and arch functionality for arrangement admission aural an alfresco campus

area. The 1300 Series supports the 802.11b/g standards.

Cisco Aironet 1230AG Series

—Has bifold antenna connectors for extending range,

with alternative antennas for action solutions.

Cisco Aironet 1200 Series

—Includes a dual-slot architectonics that allows flexibility

when configuring radio cards for action solutions. For example, it can include

any aggregate of radio agenda technology, such as 802.11a and 802.11g.

Cisco Aironet 1130AG Series

—Includes chip antennas and bifold 802.11a/g

radios for action solutions.

Cisco Aironet 1100 Series

—Offers an easy-to-install, single-band, 802.11b/g

access point for action solutions.

Cisco Structured Wireless-Aware Network

833

Cisco Aironet 350 Series

—Designed for baby and medium-sized businesses,

provides an ideal band-aid for barter who admiration a non-upgradeable IEEE 802.11b

solution. Supports the 802.11b standard.

Wireless bridges and workgroup bridges

:

Cisco Aironet 1400 Series Wireless Bridge

—Connects assorted LANs in a

metropolitan area. Supports both point-to-point and point-to-multipoint configurations,

with abstracts ante up to 54 Mbps.

Cisco Aironet 1300 Series Alfresco Admission Point/Bridge

—A multifunctional

component that provides admission point, bridge, and workgroup arch functionality

for arrangement admission aural an alfresco campus area. Supports the 802.11b/g

standards.

Lightweight admission points

—Formerly an Airespace product, the Cisco 1000 Series

Lightweight Admission Point is an 802.11a/b/g, zero-touch agreement and management

access point for action solutions. Works in affiliation with a Cisco Wireless LAN

Controller and alternative Cisco Wireless Control System (WCS) to abutment real-time

intrusion ecology in accession to abstracts traffic.

Cisco wireless LAN applicant adapters

:

Cisco Aironet 802.11a/b/g Wireless CardBus Adapter

—Designed for laptops

and book PCs.

Cisco Aironet 802.11a/b/g Wireless PCI Adapter

—Designed for desktop and

point-of-sale devices.

Cisco Aironet 350 Wireless LAN Applicant Adapter—Available in both PC Card

(PCMCIA) and PCI anatomy factors and supports 802.11b connections.

— Cisco Aironet 5-GHz 54-Mbps Wireless LAN Applicant Adapter (CB20A)—

Compliant with 802.11a and supports CardBus standards.

■ Wireless LAN controllers:

— Cisco 4100 Series Wireless LAN Controller—Works in affiliation with the

Cisco 1000 Series Lightweight admission credibility and Cisco WCS to accommodate systemwide

functions, such as advance detection, RF management, and aegis policy

management. Ideal for medium-to-large action facilities.

— Cisco 2000 Series Wireless LAN Controller—Similar to the 4100 Series, but is

best for small-to-medium action accessories because they abutment beneath admission points.

NOTE While the accepted CCIE Routing and Switching accounting assay adapt does not

typically account products, wireless is the alone such case in which the adapt does mention

products. Obviously, the artefact mix will change over time, with accelerated changes in the Cisco

WLAN artefact mix acceptable amid the achievement date of this chapter, advertisement date,

and into the aboriginal activity of this book. You may appetite to focus added on the types of features

implemented by types of products. You can additionally accredit to http://www.cisco.com/en/US/partner/

products/hw/wireless/index.html for added advice on artefact changes (requires a CCO

username/password).

Wireless Domain Services-Fast Defended Adrift (FSR)-Radio administration aggregation-Client tracking

Wireless Domain Services

Wireless Domain Casework (WDS) is a set of Cisco IOS Software appearance that enhances and

simplifies wireless LAN applicant mobility, security, deployment, and management. WDS offers the

following primary casework for SWAN:

Fast Defended Adrift (FSR)

—For time-sensitive applications, enables a wireless applicant to

securely roam amid admission credibility in the aforementioned subnet or amid subnets, enhances channel

scanning, and provides fast IEEE 802.1X rekeying. Admission point handoff times are aural 50 ms,

which is acute for able VoIP applications while users are adrift about the facility.

Radio administration aggregation

—Reduces the bandwidth all-important for radio management

information, such as admission point cachet messages, that is beatific beyond the network, by eliminating

redundant administration information. Radio administration advice is beatific to the CiscoWorks

WLSE and provides the base for ecology functions, such as rogue admission point detection

and location.

Client tracking

—Records applicant affidavit and adrift events, which are beatific to the

CiscoWorks WLSE to adviser applicant associations to specific admission points.

Figure H-1 illustrates how the FSR affection of WDS works:

1.

AP1 charge initially 802.1x accredit with the WDS accessory to authorize a defended connection.

The antecedent applicant affidavit goes to a axial AAA server to accredit the user and

authorize specific services. This occurs in about 500 ms.

2.

When the applicant roams, the applicant informs WDS that adrift is demography place, and WDS sends

the applicative key to the new admission point (AP2 in this example). The handoff time between

the admission credibility is about 50 ms.


WAN
AP1
Switch-Based WDS
AP2
Cisco Secure
Access Control
Server (AAA Server)
2
Fast Secure Layer 3 Roaming
Note: Because the WDS handles roaming and reauthentication, the WAN link is not used

Figure H-1
Cisco SWAN Fast Secure Roaming

Cisco Structured Wireless-Aware Network

Cisco Structured Wireless-Aware Network

Cisco Structured Wireless-Aware Network (SWAN) is a framework for amalgam active and

wireless networks based on the Cisco Systems artefact band of wireless LAN products. SWAN

is an architectonics that embodies the services, protocols, and accoutrement all-important to arrange effective

solutions with basal absolute amount of ownership.

This area added explains the SWAN components.

Wireless LAN Solutions

Wireless LAN Solutions
The application of wireless LANs, especially for supporting voice, requires careful selection of
components, device configuration, and management. This is important to create a solution that
offers required levels of performance and security that enable the lowest total cost of ownership.
This chapter focuses on deploying wireless LANs for various applications.

Multipath

Multipath

Multipath arrest occurs back an RF arresting takes altered paths back breeding from one

wireless base to another. While the arresting is en route, walls, chairs, desks, and added items get

in the way and account the arresting to animation in altered directions. A allocation of the arresting ability go

directly to the destination, and addition allotment ability animation from a armchair to the ceiling, and again to

the destination. As a result, some of the arresting will appointment delay, because it has to biking over a

longer aisle to the receiver.

Multipath causes the advice symbols accustomed by an 802.11 arresting to overlap, which causes

the receiver to accept adversity demodulating the signal. This aftereffect is generally referred to as

intersymbol arrest (ISI). Because the appearance of the arresting conveys the advice being

transmitted, the receiver will demodulate errored data. If the delays are abundant enough, bit errors in

the packet will occur. The receiver will not be able to analyze the symbols and adapt the

corresponding $.25 correctly. As a result, the sending base will accept to retransmit the affected

frames.

Because of retransmissions, users appointment lower throughput back multipath is significant. The

reduction in throughput depends on the environment. As examples, 802.11 signals in homes and

offices ability appointment 50 nanoseconds of multipath delay, while signals in a accomplishment plant

could appointment multipath adjournment as continued as 300 nanoseconds. Based on these values, multipath is

not too abundant of a botheration in homes and offices. Metal accouterment and racks in a plant, however,

provide a lot of cogitating surfaces from which RF signals may animation and booty aberrant paths. Thus,be wary of multipath problems in warehouses, processing plants, and other areas full of irregular,
metal obstacles.
Antenna diversity can aid in combating multipath propagation. An access point may implement
a spatial diversity antenna system, which consists of two antennas that interchangeably receive
and transmit radio signals. An access point receives a signal on both antennas, but because of
multipath propagation and interference, the same signal often does not reach both antennas at
the same time and strength. The access point then performs internal calculations to optimize the
received signal. The main benefits of spatial diversity antenna systems are improved coverage
and signal reception.

WEP, TKIP, association ID, AES, WPA, SNR, spread spectrum, RF channel, FHSS, beacon, DSSS, OFDM, multipath, 802.11a, 802.11b, 802.11g, 802.11n

This area lists added accommodation and facts to annular out the advantage of the accommodation in this chapter.

Unlike best of the Cisco Press Assay Certification Guides, this “Foundation Summary” does not

repeat advice presented in the “Foundation Topics” area of the chapter. Please booty the

time to apprehend and abstraction the accommodation in the “Foundation Topics” area of the chapter, as able-bodied as

review items acclaimed with a Key Topic icon.

The 802.11 accepted is a actual important base for compassionate the operation and configuration

options for a wireless LAN solution. Best wireless LANs accommodate admission points, which interface

wireless users to a concrete arrangement and advanced 802.11 abstracts frames amid wireless users that

are associated with assorted admission points. Ad hoc wireless LANs, however, do not use access

points, and acquiesce wireless users to accelerate abstracts frames anon to anniversary other.

There are several agreement ambit that you can set in admission credibility and radio cards to

optimize performance. For example, breach and RTS/CTS functions can advance the

throughput of a wireless LAN in some situations. Radio after-effects are actual altered from signals that

travel over a alive medium. RF interference, multipath propagation, and assorted sources of

attenuation affect radio after-effects and account errors in anatomy transmissions. You charge be acquainted of these

issues and plan wireless LAN deployment accordingly.

The new 802.11i accepted offers solid aegis for wireless LANs, with TKIP and AES replacing

the accessible WEP protocol. The 802.11 standards accommodate several concrete layers with varying

degrees of interoperability and performance.

Memory Builders

The CCIE Routing and Switching accounting exam, like all Cisco CCIE accounting exams, covers a fairly

broad set of topics. This area provides some basal accoutrement to advice you exercise your anamnesis about

some of the broader accommodation covered in this chapter.

Definitions

Next, booty a few moments to address bottomward the definitions for the afterward terms:

infrastructure mode, ad hoc mode, acquiescent scanning, DTIM interval, alive scanning,

SSID, power-save mode, RTS/CTS, fragmentation, address power, distributed

coordination function, point allocation function, arrangement allocation vector, WEP,

TKIP, affiliation ID, AES, WPA, SNR, advance spectrum, RF channel, FHSS,

beacon, DSSS, OFDM, multipath, 802.11a, 802.11b, 802.11g, 802.11n

Answers to “Do I Know This Already?” Quiz Questions 823

Further Reading

For added accommodation apropos wireless LANs, accede account the afterward Cisco Press books:

■ Wireless Networks First-Step, by Jim Geier

■ 802.11 Wireless LAN Fundamentals, by Pejman Roshan and Jonathan Leary

Answers to “Do I Know This Already?” Quiz Questions

1. a. 802.11a offers the accomplished accommodation because it has 12 nonoverlapping RF channels, as

compared to alone 3 for 802.11b and 802.11g.

2. b. Wireless accessories in an basement approach agreement affix to an admission point, which

provides a wireless articulation amid the user accessories and the admission point. All abstracts frames must

travel through the admission point, alike admitting the abstracts cartage is amid two wireless users.

Data frames biking anon amid anniversary added alone back ad hoc approach is implemented.

3. c. Repeaters alone accept and again retransmit 802.11 frames that they receive. This provides

a alike abstracts anatomy for every abstracts anatomy received, which doubles the cardinal of data

frames beatific over the network.

4. a. The 802.11 claim for a accepting base to accelerate an acceptance for every data

frame introduces cogent aerial on the wireless network. This lowers throughput. Only

802.11 abstracts frames beatific with aegis mechanisms enabled use RTS/CTS. 802.11 doesn’t

implement advanced absurdity correction, so there is no back-up in abstracts frames.

5. d. All 802.11 wireless LANs charge apparatus beacons to advertise the attendance of the

network and facilitate affiliation and power-save functions. The administration of the transmission

of beacons amid all ad hoc stations is all-important to ensure that beacons are still beatific if a

particular base becomes unavailable.

6. a. In basement approach configurations, the admission point operates on a accurate RF channel.

Radio cards periodically chase for beacons by scanning all RF channels. The radio agenda automatically

tunes the RF approach of the admission point above-mentioned to abutting with the admission point.

7. b. The DTIM breach defines the cardinal of beacons that are beatific afore multicast frames are

sent by the admission point. A sleeping base again knows to break alive best to accept the

multicast frames.

8. c. With the broadcast allocation function, an 802.11 base apart decides to

access the average if the average is abandoned (no carrier detected) and the arrangement allocation

vector (NAV) amount is zero. The NAV is set afterwards the radio agenda receives a frame, which

includes a continuance ID advertence the amount of time that the radio agenda charge delay above-mentioned to

attempting to admission the medium. This allows 802.11 functions, such as RTS/CTS, to

complete afore a radio agenda accesses and ties up the medium.

9. c. Public wireless LANs do not apparatus Layer 2 security, such as 802.11i, WPA, and WEP.

As a result, users should accomplish use of VPNs, which offers end-to-end encryption.

10. a. A 6-dBi antenna has 3-dB accretion as compared to a 3-dBi antenna, which finer doubles

the address power. This stronger arresting campaign farther.

RF Interference

RF Interference

Because of the use of radio waves, wireless LANs are affected to several sources of RF

interference. Interfering signals account adjournment and abate throughput. If no 802.11 frame

transmissions are in action back the arrest is present, again the aftereffect will be medium

access delays. In some cases, this adjournment can be indefinite.

RF arrest causes abstracts frames in alteration to become corrupted, consistent in a retransmission.

The destination disregards the admission frame, because its error-checking apparatus indicates

errors in the frame. As a result, the destination abject does not accelerate an acknowledgement.

After a aeon of time, the sending abject retransmits the frame. This adds adjournment and cuts

throughput.

RF arrest in the 2.4-GHz bandage comes from bake ovens, cordless phones, Bluetooth

devices, and added wireless LANs. Most bake ovens, for instance, arise RF activity over

roughly one third of the 2.4-GHz band. The absolute frequencies that this involves, however, vary

from one bake oven to another. If an admission point is set to a approach that avalanche aural the

affected frequencies, again cogent arrest and abatement in throughput will occur.

Microwave oven arrest can action for abounding tens of anxiety abroad from the bake oven—

farther if you are application a directional antenna aggressive against the arrest source. It is

generally possible, though, to tune the admission point to a approach area the arrest is

minimal.

Cordless phones that accomplish in the 2.4-GHz bandage are popular, and they can account abrogating impacts

similar to bake ovens. Arrest is worse back accession is actively application the phone, but

remote buzz stations about acquaint wirelessly with the abject base alike back no alarm is

taking place. In addition, some cordless phones that use abundance bent account interference

across the absolute 2.4-GHz band, authoritative it absurd to tune the admission point abroad from the

interference. The alone band-aid in such situations, if you appetite to accumulate the phones, is physical

separation. If the arrest is still causing cogent interference, again accede replacing the

phones with 900-MHz or 5.8-GHz phones.

Another antecedent of RF arrest is a adjoining wireless LAN operating aural the aforementioned part

of the abundance bandage you are using—for example, a adjacent wireless LAN amid in the same

office complex. Back deploying your wireless LAN, it is important to abstain allotment channels

to admission credibility that overlap with the adjoining admission points. Otherwise, achievement of both

networks will suffer.

Because of the abeyant for RF arrest and its abrogating appulse on performance, it is very

important to assay the attendance of abeyant RF arrest afore you install a wireless LAN.

This is about done through an antecedent RF armpit analysis that measures the attendance of interference

sources to actuate abeyant problems. If too abounding issues accompanying to arrest exist, again you

should accede application a wireless LAN that operates in a altered bandage of frequencies. For

example, accede application 802.11a instead of 802.11b/g.

FCC Rules

FCC Rules
In general, the U.S. FCC does not require users to license wireless LAN products, assuming that
the user does not exceed certain emission limits. The FCC uses Effective Isotropic Radiated Power
(EIRP) as a factor for determining whether a wireless LAN is in compliance with regulatory rules.
EIRP equals the transmit power (in dBm) minus cable and connector losses (in dB) and plus the
antenna gain (in dB). For 802.11b/g access points and radio cards, the EIRP can be up to 36 dBm,
which includes a transmit power up to 30 dBm (4 watts) and 6-dBi antenna gain.
In addition, the user must obtain FCC licensing for the wireless LAN solution when using
antennas or amplifiers that are not part of the access point vendor’s products certified with the
FCC. This is necessary to ensure that the proposed wireless system will not interfere with existing
systems at the location of operation. Regulatory agencies in other countries have similar rules, but
they differ slightly depending on the country. As mentioned earlier, research your country’s rules
and deploy your systems based on them.

Orthogonal Frequency Division Multiplexing

Orthogonal Frequency Division Multiplexing
OFDM is not a form of spread spectrum. Instead, OFDM divides a data signal across 48 separate
subcarriers within a 20-MHz channel to provide transmissions of 6, 9, 12, 18, 24, 36, 48, or
54 Mbps. Data rates of 6 Mbps, 12 Mbps, and 24 Mbps are mandatory for all 802.11-compliant
products. OFDM is extremely efficient, which enables it to provide the higher data rates. In
addition, OFDM is highly immune to multipath propagation problems that cause significant
performance issues with spread-spectrum techniques.
An 802.11a modulator converts the binary signal into an analog OFDM waveform through the use
of different modulation types, depending on which data rate is chosen. For example, with 6-Mbps
operation, the PMD uses binary phase shift keying (BPSK), which shifts the phase of the transmit
center frequency to represent different data bit patterns. The higher data rates, such as 54 Mbps,
employ quadrature amplitude modulation (QAM) to represent data bits by varying the transmit
center frequency with different amplitude levels in addition to phase shifts.
Table G-6 summarizes the primary attributes of the various wireless LAN technologies.
Table G-6 Wireless LAN Technology Comparison
Spread Spectrum? Max Data Rate Standards
FHSS Yes 2 Mbps 802.11 FHSS
DSSS Yes 11 Mbps 802.11b
OFDM No 54 Mbps 802.11a and 802.11g

Spread Spectrum-Abundance bent advance spectrum (FHSS)-Absolute arrangement advance spectrum (DSSS)

Spread Spectrum

In 1985, the U.S. FCC adopted regulations that specify the availability of license-free frequency

bands in the 900-MHz, 2.4-GHz, and 5-GHz portions of the abundance spectrum. To be compliant

with the rules for these bands, however, accessories charge use advance spectrum or OFDM methods

to advance the arresting ability over a almost advanced allocation of the abundance spectrum. This approach

promotes abundance reuse—otherwise accepted as sharing—of these bands by assorted users, with

a low statistical anticipation of interference.

Spread spectrum was the aboriginal adjustment in use by wireless LAN vendors. There are two types of

spread spectrum:

■ Abundance bent advance spectrum (FHSS)—With FHSS in the 2.4-GHz band, for

example, the transceiver periodically tunes its transmitter and receiver to a altered carrier

frequency aural about 84 MHz of bandwidth. Bent from one abundance to

another is done according to a bent arrangement programmed in anniversary of the stations. The

other stations accepting the frames tune their receivers to a specific abundance based on the

Table G-5 Correlation of SNR Values to Wireless LAN Performance

KEY

POINT SNR Value Arresting Indication (Windows XP) Performance

> 40 dB Excellent arresting backbone (5 bars); always

connected with the admission point

Extremely fast web browsing and

file download

25–40 dB Actual acceptable arresting backbone (3 to 4 bars);

always affiliated with the admission point

Very fast web browsing and file

download

15–25 dB Low arresting backbone (2 bars); always

connected with the admission point

Usually fast web browsing and file

download

10–15 dB Actual low arresting backbone (1 bar); sometimes

disconnected from the admission point

Mostly apathetic web browsing and file

download

5–10 dB No arresting backbone (no bars); not connected

with the admission point

No arrangement services

818 Appendix G: IEEE 802.11 Fundamentals

hopping sequence. The RF arresting occupies about a 2-MHz channel. Because the

hopping occurs actual generally (many times per second) and analogously over the absolute band, the

signal appears to absorb the absolute 84 MHz. The 802.11 abundance bent concrete layer

standard enables abstracts ante of 1 Mbps and 2 Mbps.

■ Absolute arrangement advance spectrum (DSSS)—DSSS uses a coding address to advance the

signal over the abundance spectrum. 802.11b uses absolute sequence, which spreads the carrier

signal over about one third (30 MHz) of the 2.4-GHz band. With DSSS, a chipping

code represents anniversary abstracts bit that needs transmission. This increases the arresting amount by the

number of $.25 in the chipping cipher (11 total). The access in arresting amount finer spreads

the RF signal. The differences amid abundance bent and absolute arrangement had been

under agitation for a cardinal of years, but the 802.11 alive accumulation assuredly called direct

sequence for extending the antecedent 1-Mbps and 2-Mbps 802.11 abstracts ante to accommodate ante up

to 11 Mbps.

Signal-to-Noise Ratio

Signal-to-Noise Ratio

If babble at the radio agenda is high, the radio agenda will accept adversity convalescent the signal, which

results in $.25 errors and retransmissions. An important arresting altitude is the signal-to-noise

ratio (SNR). The SNR (in dB) at a accurate point in the arrangement is artlessly the arresting power

(in dBm) bare the babble ability (in dBm). A arresting ability of –65 dBm and babble ability of

–90 dBm yields an SNR of 25 dB. The babble ability is annihilation added than signals corresponding

to the admission point or radio card.

RF Arresting Concepts 817

Table G-5 includes several SNR ethics and the consistent achievement of an 802.11b network

while application a Windows XP laptop browsing websites and downloading files. The after-effects in

Table G-5 characterize accepted end-user performance. The use of SNR to ascertain the ambit abuttals of

an admission point radio corpuscle is added able than either abstracts ante or arresting amplitudes. The higher

degrees of babble account added errors in frames and agnate retransmissions. Note that

Windows XP shows an adumbration of the arresting backbone in a alternation of confined on a graph, assuming no

bars as poor affection and bristles confined as the best quality.

Correlation of SNR Ethics to Wireless LAN Performance

KEY

POINT SNR Value Arresting Adumbration (Windows XP) Performance

> 40 dB Excellent arresting backbone (5 bars); always

connected with the admission point

Extremely fast web browsing and

file download

25–40 dB Very acceptable arresting backbone (3 to 4 bars);

always affiliated with the admission point

Very fast web browsing and file

download

15–25 dB Low arresting backbone (2 bars); always

connected with the admission point

Usually fast web browsing and file

download

10–15 dB Very low arresting backbone (1 bar); sometimes

disconnected from the admission point

Mostly apathetic web browsing and file

download

5–10 dB No arresting backbone (no bars); not connected

with the admission point

No arrangement services

Gain wireless security

Gain

The apparatus of a wireless LAN action capricious degrees of gain, which represents how abundant a

signal changes from one point to another. The accretion in dB is artlessly the arresting akin at the achievement of

a accessory (in dBm) bare the arresting akin at the ascribe of the accessory (in dBm). The decibel is a unit

that represents change in arresting amplitude. A arresting adventures a accretion of 3 dB, for example, when

it increases from 50 mW (17 dBm) to 100 mW (20 dBm). An amplifier or antenna may action this

gain to the signal.

Attenuation, or loss, is the changed abstraction to gain. If the arresting goes from 20 dBm to 17 dBm, then

the arresting adventures abrasion of 3 dB. This can additionally be bidding as –3 dB gain. Antenna

cabling and obstacles in a facility, such as walls and furniture, acquaint attenuation. In addition,

freespace loss, which is abased on abundance and aisle distance, is a anatomy of attenuation. The

freespace accident occurs due to abrasion of the air average and contributes to the majority of the

total accident from the transmitter to the receiver.

With wireless LANs, the RF arresting amplitude charge be of a specific minimum bulk afore the

radio agenda will ascertain the signal. This bulk depends on the 802.11 concrete band and abstracts bulk in

use, but is about –85 dBm.

Antennas accept gain, which impacts directivity. An omnidirectional antenna, for instance, has a

gain of 6 dB, or more, depending on the antenna design. Higher-gain antennas become more

directive, with college assets accouterment narrower beamwidths and best range, as apparent in allotment B

of Figure G-4. Antenna accretion comes from absorption a accustomed bulk of RF ability into a narrower

pattern, or beamwidth—again, abundant as a flashlight does.

RF Arresting Characteristics

RF Arresting Characteristics

RF signals are circadian and alter in time continuously. The cardinal of cycles that action in the signal

per additional is its frequency, which can alter throughout what is referred to as the frequency

spectrum. The assemblage of abundance is hertz (Hz), and wireless LAN signals abatement almost into the

2.4-GHz and 5-GHz portions of the abundance spectrum. The action of accentuation causes the

RF arresting to absorb a allocation of the abundance spectrum, which is accepted as bandwidth.

In accession to frequency, an RF arresting at any time has specific amplitude. There are abounding means to

represent arresting amplitude, but the best accepted with RF systems is arresting power. The applicable

unit for ability is watt (W) or decibels about to 1 milliwatt (dBm). The FCC has rules for

maximum transmitter achievement depending on the accepted in use. For example, the maximum

transceiver achievement for 802.11b is 1 W. In general, college address ability enables longer-range

operation.

Most wireless LAN systems accept RF signals that abatement into the milliwatt (mW) range, which makes

the accession and multiplication of RF signals mathematically difficult. As a result, it is

Appendix G: IEEE 802.11 Fundamentals

advantageous to catechumen watts to dBm, which is a logarithmic amount that references the signal

power to 1 mW. The about-face blueprint is as follows:

dBm = 10 log (mW)

For example, 100 mW equals 20 dBm.

Modulation

Modulation

An RF arresting has characteristics that accredit it to be beatific from an antenna, through the air medium,

and accustomed by addition antenna at the destination. RF signals are analog in nature. A computer,

though, uses agenda signals to represent $.25 of information.

Before transmitting abstracts through the air, the transceiver aural the radio cards and admission points

must catechumen agenda signals into analog signals acceptable for manual through the air medium.

As allotment of accepting an 802.11 frame, a radio agenda or admission point charge catechumen the analog signal

back into a agenda anatomy that is accepted by the accretion device. This about-face action is

known as accentuation and demodulation, respectively.

802.11 defines several types of modulation, depending on which concrete band and abstracts rate

is in use by the 802.11 station. In general, it is accessible to attune an RF carrier arresting by

changing its amplitude, frequency, or phase, as apparent in Figure G-9. For example, 802.11b uses

phase about-face keying (PSK) to represent agenda data. 802.11a and 802.11g, though, apparatus a

combination of amplitude and appearance shifts, which is referred to as quadrature amplitude

modulation (QAM).

Figure G-9 Attributes of an RF Signal

Amplitude

Time

Frequency = 1/T

Reference

Phase

RF Signal Concepts

RF Signal Concepts
A major difference between wireless and wired networks is that wireless LANs use radio waves
to transport information through the air. This introduces several new concepts, especially dealing
with RF signals. When you are deploying wireless LANs, you must understand the attributes
associated with RF signals in order to configure access points, avoid RF interference, and
troubleshoot problems as they arise.
The key RF signal attributes that you need to understand are as follows:
■ Modulation
■ RF signal characteristics
■ Gain
■ Signal-to-noise ratio (SNR)
■ Spread spectrum
■ Orthogonal frequency division multiplexing (OFDM)
■ FCC rules
■ RF interference
■ Multipath
The sections that follow describe each of these in more detail.

Comparing Wireless Security

Comparing Wireless Security

There are abounding options accessible for security, and you will charge to accomplish a accommodation on which one

to use. Table G-4 compares the assorted aegis mechanisms.

Table G-4 Wireless Aegis Mechanisms

Strength Keys Standardization

WEP Can able with freely

available tools

Static keys accepted to

both the radio cards and

access point

Part of antecedent 802.11 standard

TKIP Adequate aegis for

most wireless LANs

Unique keys automatically

assigned to radio cards,

and keys change

periodically

Included in the 802.11i standard

AES Very strong, acceptable enough

for some government

systems

Unique keys automatically

assigned to radio cards,

and keys change

periodically

Included in the 802.11i standard

WPA Adequate for best wireless

LANs and acceptable abundant for

some government systems

Unique keys automatically

assigned to radio cards,

and keys change

periodically

Ratified by the Wi-Fi Alliance

Virtual Private Networks security

Virtual Private Networks

To absolutely defended wireless connections, abounding companies crave the use of VPN software on each

user accessory to encrypt all communications amid the user accessory and the alien system. The

use of VPN software is abnormally important back users are communicating over accessible wireless

LANs. Accessible Wi-Fi hotspots, for instance, do not apparatus any encryption over the wireless

portion of the network. The VPN charge assure abstracts traffic.

In fact, some companies amusement all wireless users as admitting they are operating from a public

network—even those users who are central the company’s building. In this case, the wireless LAN

access credibility affix to a administration arrangement that avalanche alfresco the firewall. This approach,

however, ability crave an abstract cardinal of VPN connections, which can be cher to deploy

and support. For centralized communications, it is accessible to absolutely defended wireless users through the

use of Layer 2 mechanisms.

Shared Key Authentication security

Shared Key Authentication
802.11 shared key authentication goes a step further than open system authentication by using the
common WEP key to authenticate radio cards. This is a four-way handshaking process:
1. The radio card sends an authentication request.
2. The access point responds with an authentication frame containing challenge text, which is a
string of unencrypted text.
3. The radio card encrypts the challenge text with the WEP key and sends the result to the access
point.
4. The access point decrypts the challenge text with the common WEP key. If the challenge text
is the same text that the access point initially sent, then the access point assumes that the radio
card has the correct WEP key and that the radio card is a legitimate user.
Unfortunately, shared key authentication is easy to hack. In fact, a hacker can use freely
available tools to readily find the WEP key. As a result, it is strongly advisable to not use shared
key authentication.

WPA wireless cisco security

WPA

Before the acceptance of the 802.11i standard, the Wi-Fi Alliance appear the Wi-Fi Protected

Access (WPA) standard, which best wireless LAN vendors rapidly adopted. WPA is absolutely a

snapshot of the pre-ratified 802.11i accepted involving TKIP and IEEE 802.1x standards. Eventually,

the Wi-Fi Alliance appear WPA2, which includes AES. This apery of standards has been

effective for end users because the Wi-Fi Alliance requires appropriate interoperability testing

before a wireless LAN bell-ringer can affirmation that its radio cards and admission credibility are Wi-Fi Alliance

certified.

Open Arrangement Authentication

Open Arrangement Authentication

Open arrangement affidavit is the absence approach that 802.11 uses to accredit radio cards to an

access point. In this mode, a radio agenda sends an affidavit anatomy to the admission point, and the

access point allotment an affidavit response. This anatomy of affidavit does not action any real

security. It is mainly allotment of the accepted as a baseline affidavit method.

When in the action of abutting a network, the radio agenda completes accessible arrangement authentication

with the two-way handshaking action declared beforehand in the chapter. The radio agenda begins

by sending an affidavit anatomy to the admission point, and the admission point responds with an

authentication frame. No accreditation are anesthetized during accessible arrangement authentication; however,

some vendors ability apparatus accoutrement that charge be met to accredit stations.

TKIP wireless cisco security

TKIP

The 802.11i alive accumulation has bigger the aegis of 802.11 wireless LANs with an amend to

the 802.11 accepted in 2004. The Banausic Key Integrity Protocol, for example, fixes the keyreuse

problem of WEP. The TKIP action begins with a 128-bit “temporal key” aggregate among

clients and admission points. TKIP combines the banausic key with the client’s MAC abode and then

adds a almost ample 16-octet initialization agent to aftermath the key acclimated to encrypt data. This

procedure ensures that anniversary base uses altered key strings to encrypt data.

TKIP uses RC4 to accomplish the absolute encryption of abstracts frames, which is the aforementioned as WEP. A

major aberration from WEP, however, is that TKIP changes banausic keys periodically, according

to a ambience configured in the admission point by an administrator. This provides a dynamic

distribution adjustment that decidedly enhances arrangement security.

AES wireless cisco security

AES

In accession to the TKIP solution, the 802.11i accepted includes the Advanced Encryption Standard

protocol. AES offers abundant stronger encryption than WEP or TKIP. In fact, the U.S. Commerce

Department’s National Institutes of Standards and Technology (NIST) alignment chose AES to

replace the crumbling Data Encryption Accepted (DES). AES is now a Federal Advice Processing

Standard, FIPS Publication 197, that defines a cryptographic algorithm for use by U.S. government

organizations to assure sensitive, characterless information. The secretary of business accustomed the

adoption of AES as an official government accepted in May, 2002. Some of the earlier admission points

and radio cards do not abutment AES because it requires a specialized algebraic coprocessor.