What is a Wireless Network?
A wireless network is a network by which communication between devices is performed over the air (OTA). For the CCNA you are expected to understand some of the fundamentals of IEEE 802.11 which is the underlying standard for which wireless networks are built. The 802.11 standard was introduced in 1997 and over time has been revised to increase the throughput and reliability of the signal.
You will see the term Wi-Fi denoted in a lot of wireless networks. The Wi-Fi Alliance was introduced shortly after the introduction of the 802.11 standard to provide a means for testing and approving products that are compatible with the 802.11. Going forwards we will refer to a wireless network as 802.11 WLAN (Wireless Local Area Network).
There are some issues with wireless transmission of which the 802.11 standard overcomes:
-
If more than one station transmits are the same time, interference is caused and transmission fails
-
All devices within the range of the wireless AP (Access Point) receive the frame (similar to an Ethernet hub) causing a privacy issue
-
Wireless communications are governed/regulated by numerous international and national bodies which means that wireless frequencies can vary between countries
Below is a list of the current 802.11 standards including their revisions:
RF (Radio Frequency)
802.11 WLAN technologies use radio frequencies to transmit over the air. To do this, the sender applies an alternating current to the antenna of the device creating electromagnetic fields that propagate as waves. These waves are measured in frequency and amplitude.
Amplitude
Amplitude is the measure of the maximum strength of the electromagnetic field. Looking at the below animation, the green wave has a lesser amplitude where as the red wave has a larger wave.
Frequency
This is the measure of up/down cycles of the wave over a unit of time. The most common measure of cycles is hertz (Hz). Looking at the below animation, we can see that the green wave has a higher frequency as compared to the red wave.
The following list shows how frequencies of a wave are written:
-
Hz - Cycles per second
-
KHz - 1000 cycles per second (Kilohertz)
-
MHz - 1,000,000 cycles per second (Megahertz)
-
GHz - 1,000,000,000 cycles per second (Gigahertz)
-
THz - 1,000,000,000,000 cycles per second (Terahertz)
Looking at the below image, we can see that there are 4 cycles within a 1 second capture of the wave. Therefore, the below wave is 4Hz and the period (amount of time per cycle) is 0.25.
Signal Coverage Issues
Absorption
This is where a signal is absorbed by a material (say the bricks in a wall) and turned into heat. The effects of the absorption causes a weakened signal.
Scattering
This is where the wave hits an uneven surface but also dust/smog. The signal hits the surface and bounces off of the surface in multiple, scattered waves.
Reflection
This is typically only seen with metal surfaces, where the signal is bounced back. When you go into a warehouse typically your mobile phone will lose all signal as the metal roof/walls are reflecting the waves from the mast away.
Refraction
When the wave is passed through a material it can sometimes be 'bent' by the medium due to the changing speed. For example when you put a straw in a glass of water it appears bent due to the light being refracted. The same thing happens with a wave passing through materials such as glass or water.
Diffraction
This happens when the wave hits an object and travels around it, causing blind spots for any devices that are behind that object.
Wi-Fi channels and RF Bands
RF Bands for 2.4GHz/5GHz
For 802.11 WLAN radio frequencies, the following bands are in use:
2.4 GHz - 2.400GHz to 2.4835GHz
5GHz - 5.150GHz to 5.825GHz however, this is split into 4 separate bands:
5.150GHz to 5.250GHz
5.250GHz to 5.350GHz
5.470GHz to 5.725GHz
5.725GHz to 5.825GHz
The 2.4GHz band can penetrate walls and other materials better than 5GHz, however, because 2.4GHz is used by more devices than 5GHz it is more prone to interference from neighbouring WLANs. The RF bands are divided up as channels and devices can communicate on one or more of these channels at a time.
2.4GHz Channels
The 2.4GHz band is split into a number of channels, each with a 22MHz range. Note that 2.4GHz bands overlap. In a small WLAN configuration with a single access point, any channel can be used. However, in larger designs with multiple access points any adjacent access points must use a non-overlapping channel to avoid interference. It is recommended to use channels 1, 6 and 11, see below:
5GHz Channels
Unlike 2.4GHz channels, the channels within the 5GHz band do not overlap which reduces the possibility of interference from neighbouring access points. Each channel is 20MHz in size, and there are gaps in the band between U-NII-2 and U-NII-2 Extended as these frequencies are reserved for other non 802.11 WLAN purposes.
Best Practices (2.4GHz)
Because of the overlapping nature of the 2.4GHz band, it is important to ensure that APs that are in range of one another are not using the same channel (with the exception of a repeater) to avoid causing interference which will result in collisions. You can also amend the antenna power to reduce the range of the RF being emitted from the AP. The below depicts a warehouse with a number of access points to provide wireless connectivity to mobile devices.
Looking at the top down view of the warehouse's AP placements, if we were to use the same channel on all access points there would be a huge amount of interference. By using different channels 1, 6 and 11 we have removed any concern of interference by not using overlapping channels.
Service Sets
Any device with wireless capabilities can send and receive frames. Therefore it is crucial to control the way that devices can connect to a certain 802.11 WLAN and also so ensure that the data sent over the air is secure. We use service sets to group devices together into a logical network segment where we devices can share frequencies, security settings and so on. 802.11 defines a number of different service set types which can be used to group devices together.
SSID (Service Set Identifier) is a human-readable string is used to identify service sets and is broadcast as beacon packets to be seen by users on their devices. Each service set can either be BSS (Basic Service Set) or ESS (Extended Service Set) of which we will look into below:
BSS - Independent
This is a wireless network in which two or more devices connect directly to one another without using an AP. Examples of an independent BSS include services such as Apple's AirDrop feature to share files between devices. Note that IBSS is limited to a small number of devices ideal for features such as nearby file sharing. The below diagram shows an IBSS (Independent Basic Service Set) connected directly to share content:
BSS - Infrastructure
This BSS allows for clients to connect to each other via an access point and is the most common type of service set seen. A BSSID (Basic Service Set Identifier) is used to uniquely identify the AP using the MAC address of the AP's radio module. Other APs can share the SSID however the BSSID will always be unique. Devices associated with the BSS are referred to as "clients" or more commonly "stations". Be careful not to confuse BSS with BSA (Basic Service Area) as this is only used to define the area around the AP where the signal is usable. Note that devices within a BSS can only communicate via the AP and not directly with each other.
ESS
An ESS (Extended Service Set) allows us to create larger WLANs by connecting APs together using a wired network. Each AP has the same SSID but a unique BSSID which allows clients/stations to pass between APs without having to reconnect (roaming). Each BSA should overlap with one another by around 10-15%. Each AP must use a different channel to avoid interference.
BSS - Mesh
A mesh basic service set can be used when it is difficult to place Ethernet wiring to each AP like with ESS. MAPs (Mesh Access Points) use two radios, one for the BSS to provide wireless access to clients and the other for creating a backhaul wireless network between each MAP. At least one AP is connected to the wired network and is referred to as the RAP (Root Access Point). Going back to what we know about mesh topologies a meshed WLAN allows for a highly redundant and stable WLAN.
The tablet in the bottom right of the above diagram has multiple paths to use to reach the RAP, and a protocol is used to determine the best path (similar to dynamic routing protocols in a wired network).
Distribution System
Wireless APs are an extension to a wired network to allow wireless clients to access the network. The wired network that is upstream to the WLAN is called a DS (Distribution System). APs translate the frames from wireless media into frames suitable for transmission across a wired Ethernet network. Another key component of the DS is the mapping of VLANs within the APs. APs can provide multiple VLANs each with their own SSID. The wired connection will then be configured as a trunk to allow VLAN tagged frames to be correctly forwarded. We haven't covered VLANs yet but this will be in later articles, so don't worry about VLAN concepts right now.
The below diagram defines the demarcation point between the DS, BSS and the internet. Note there is only one VLAN in this topology so the port on the L3 switch will be an access port for VLAN 10.
If multiple VLANs are required for different networks, say a Guest network and a Management network. We can use a 802.1Q trunk port on the wired link between the switch and the AP. The AP can then be configured with a number of SSIDs mapped to the specific VLAN IDs. Note that the BSSID increments for each additional SSID.
Encryption
As we have covered, 802.11 WLAN connected devices transmit over the air using RF bands. These RF bands are picked up by every device with wireless capability. This makes a WLAN particularly susceptible to a sniffing attack where a malicious user listens in on wireless transmissions. If the data being transmitted was not encrypted, it could easily be re-assembled by the malicious user.
802.11 has a number of technologies within the standard to combat possible attacks by implementing encryption within the AP-client relationship. See below:
WEP (Deprecated)
Released in 1997, WEP (Wired Equivalent Privacy) was quicky found to be easily broken. This was ultimately replaced by WPA/TKIP. WEP should not be used on a wireless network.
WPA/TKIP (Deprecated)
WPA (Wi-Fi Protected Access) was released in 1999 to replace WEP however was not standardised for wireless hardware until 2003. WPA introduced a new encryption method, TKIP (Temporal Key Integrity Protocol) and was intended to be an interim fix to the easily broken WEP encryption. WPA/TKIP is now deprecated as of 2012. The new standard introduced a number of additional features to help secure the WLAN per the below:
-
Temporal Keys - used to defect social engineering attacks
-
Sequencing - to defeat replay and injection attacks
-
Key Mixing - to defeat known IV collisions and weak-key attacks
-
Enhanced Data Integrity (MIC) - to defeat bit-flipping and forgery attacks
-
TKIP Countermeasures - to address constraints of TKIP MIC
-
Longer initialisation vector (IV) - The IV size is doubled from 24 bits to 48 bits, making brute force attacks on all WEP keys virtually impossible
WPA2/AES
Introduced in 2004, WPA2 implemented the AES (Advanced Encryption Standard) based encryption which uses a block cipher to encrypt data between two wireless devices. The key-length is 128 bits which provides further security over TKIP. WPA2 uses AES-CCMP (Counter Mode CBC-MAC Protocol).
WPA3 /AES
Introduced in 2018, WPA3 includes the AES-CCMP protocol however introduces a new one, AES-GCMP (Galois/Counter Mode Protocol). This consists of two encryption algorithms which provides even further security over AES-CCMP. The key length for AES-GCMP is 256 bits.
Stream Cipher vs Block Cipher
A stream cipher encrypts a data stream one bit (or byte) at a time. A block cipher on the other hand encrypts a block of plaintext and is used to produce a "ciphertext" block of equal length.
Stream Cipher: WEP & WPA
Block Cipher: WPA2 & WPA3