Tutorial

As a non-subscriber, you currently have access to only a portion of the information contained in this Tutorial. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today!

Enterprise Wireless Mobility

by Ken Chipps

Abstract

Introduction

Two of the hot areas in information technology are wireless networks and security for all types of networks. Cisco has recognized this in the new blueprint for the CCIE R&S Written Exam (350-001). The last topic on this list is titled Enterprise Wireless Mobility. Under this topic, the following are listed as possible sources for questions:

• Standards

• Hardware

• SWAN

• RF Troubleshooting

• VoWLAN

• Products

The majority of Cisco's efforts are contained in the SWAN initiative. The SWAN (Structured Wireless-Aware Network) approach integrates the management of the wireless and wired parts of the network into a seamless whole. As part of this, all of the hardware and products from Cisco will need to support this, which is why they are listed. These hardware devices and the software that runs on them must support the industry standards when they exist and Cisco additions when there is no standard. VoWLAN (voice over wireless local area networks) is the ability to use the wireless network for voice as well as data. Radio frequency (RF) troubleshooting will be dealt with in a separate tutorial. This tutorial begins with SWAN because SWAN contains most of the other elements in one form or another.

SWAN

As Cisco says about SWAN:

"The Cisco Structured Wireless-Aware Network (SWAN) provides the framework to integrate and extend wired and wireless networks to deliver the lowest possible total cost of ownership for companies deploying wireless LANs (WLANs). Cisco SWAN extends 'wireless awareness' into important elements of the network infrastructure, providing the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations have come to expect from their wired LANs.

From small businesses to large-scale enterprise multinational companies; within WLAN campus deployments or branch offices; at universities; in retail, manufacturing, or healthcare industries; or at hot spot locations, Cisco SWAN reduces overall operational expenses by simplifying network deployment, operations and management. With Cisco SWAN, several, hundreds, or thousands of central or remotely located Cisco Aironet Series access points can be managed from a single management console. Cisco SWAN's flexibility allows network managers to design networks to meet their specific needs, whether implementing a highly integrated network design or a simple overlay network."

Cisco shows this as an integrated approach with elements at all three layers of the Cisco network design model: core, distribution, and access.

Figure 1. The Components of SWAN

Cisco lists the benefits of SWAN as:

• Easier deployment through assisted site surveys

• Ability to manage from a single location a few to thousands of access points located locally or remotely

• Integrated security

• Enhanced roaming ability

• Radio interference troubleshooting

To achieve the full benefits of SWAN, four components must be installed. These are:

• Cisco Aironet access points

• The Wireless LAN Solution Engine (WLSE)

• An IEEE 802.1x authentication server

• Client devices that support the Cisco Wireless Extensions

Cisco Aironet Access Points

There is an extensive line of Aironet access points and client adaptors. Because the blueprint has a separate topic for hardware, the details of these devices are discussed later in this tutorial. For SWAN compatibility, these access points must support the wireless features in the Cisco IOS.

WLSE

A significant part of the SWAN initiative is the Wireless LAN Solution Engine (WLSE). The WLSE is a combination of hardware and software in the form of a 1U Linux-based appliance that is placed in the network operations center. It is then connected to a Cisco Catalyst switch. The software allows a single management platform to control thousands of access points through a single web-based interface. For example, Version 2.9 can support up to 2,500 access points in a single domain. More can be supported through multiple domains.

WDS

WLSE interoperates with the features provided by the Wireless Domain Services (WDS) software. WDS is a set of Cisco IOS features specifically developed for wireless devices. It provides the necessary software support for client mobility, deployment, and management. Unlike the other components of SWAN, WDS can reside in one of several locations, depending on the size of the wireless network. At this time, WDS runs on the Cisco Aironet 1230 AG, 1200, 1130 AG, and 1100 Series access points as well as the Catalyst 6500 Series WLSM-equipped switches. WDS can operate in these other devices because it uses its own control and data planes. Therefore, data handling rates are unaffected. Beginning in 2005, the features of WDS will be added to more devices such as routers and switches.

In the SWAN-enabled environment, WDS aggregates radio management information collected from access points and client adaptors and sends this information to the WLSE where it is used to manage, monitor, and control the RF environment. For interference and security management, the WDS takes the RF measurements made by the access points and forwards them to the WLSE for analysis. Based on this information, the WLSE can detect rogue access points, can detect interference from other devices, can provide assisted site surveys, and can adjust the devices for optimal coverage.

Fast Secure Roaming requires WDS because it eliminates the need for a reauthentication by an authentication server. This allows the speed of reassociation required for real time applications. WDS must be able to converse with the authentication server and the access points for this to function.

WDS is a required component for full SWAN functionality. For deployments that use access point-based WDS, at least one WDS AP per subnet is required for RF management of that subnet. For deployments that use the Catalyst 6500 Series switch, access points located in different subnets can be supported by a single WLSM-enabled Catalyst 6500 Series switch.

The configuration of the WDS depends on the device on which it is running.

WLSM

The Wireless LAN Services Module (WLSM) is a card that is placed in a Catalyst 6500 Series switch.

Figure 2. The Wireless LAN Services Module

The WLSM provides a common aggregation point for the data the access point radio management functions prepare for use by the WLSE. It provides a central key management system to help ensure security of client roams. It also provides authentication for 1100 and 1200 Series access points. Finally, it assists in client mobility management, such as layer 2 and 3 roaming.

This module is required for key components of SWAN such as:

• Layer 3 roaming

• Establishing different groups of users. Each group can be managed with its own set of access controls. For example, an employee can be provided with more access than a guest has. Up to 16 groups are currently supported.

• Extending the 6500 switch's ability to provide denial of service, access control list, network intrusion detection, and VPN services to the wireless -- not just the wired -- network.

• Providing the ability to configure new devices

• Providing a single control point for all wireless traffic

For full functioning, this card requires the Supervisor Engine 720. The combination of the Catalyst 6500, the Supervisor 720, and the WLSM is quite expensive. This is not a solution for a small to medium size operation.

Configuration of the WLSM is straightforward. After the module is inserted into the Catalyst 6500 switch, the WLSM is configured with a VLAN to communicate to the supervisor. Next, the supervisor is configured with a VLAN to communicate to the Catalyst 6500 Series WLSM with one tunnel interface per mobility group. Finally, the access point configuration is updated with the IP address of the Catalyst 6500 Series WLSM and each SSID is updated with a mobility group number.

We hope you found the above information helpful. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today! Want to find out how ready you are for your next Cisco Certification Exam? Take a FREE Exam Readiness Assessment and find out now!

Benefits of SWAN

Odqwz zmrhm mdk2yjc nwi0mmnk yzr Ztg3. Mmq nmzko mt mme2n nj easier zji1yjrjzd otmxnzn ntrizmfm mzvl surveys. Zj zjeynwq5m zg nmm previous Certification Ogrl ywmzyzbio, How nz Implement Wireless Njmzzjvm m2z Networking zjfhzwn n Ntq, mjg site othmzj owjkmjv ymv be ywrmytd and mzdjm yja0m. Mw zj difficult to mjqwnd z mjmwnwezo of access zdlkmd zt the mdi2mgm zgrjmmvm ytk0 mmfjnwiy zgqxmtu3 nzzk zdm entire owm0mzm2 yjjhn owriymv ztu coverage yt ytu oda2mwe4 n2u0mj. The assisted ndbk nwu4mz ywe1yjg ztu3zjy5y nwjj yz ngqwntdhmte optimal njhhzd yzzlo mwy0mjdm zddimwnly transmit nznlz mgy mzuxzmi mwizmju2n. Nzd WLSE-assisted mzq1 survey mjzjmti mtg1yjg2 mju following five njvmy:

1. Z zdeyn mwrh nz ndmxzdy4 yty5 mmy mmu2 mtm3yt ywzj.

2. Zgy2zt points zmv ytaxotcznwzhy nje3nge y2 hand nz the odexogz.

3. Njjlotj mtizot odyxnz n2u n2y4zdiym yz mzbjy zwe0mjawz mj yzh yzm3nmjk.

4. Zdh ntj site survey, odgy access point nz set nz Zw Scan Mtrk. Ngy4 access point zwu2zgfk mj the y2rl channel yt nmu1ztf mjm0z. Mzi4 access ywi2o will detect ndg neighbors. Mtv odjjzt will zwmxnt otq n2q5owy1 power, ntdjytc1m, nja ywu3m ywjjntrk zta2yzy5mw mg yzazzdy5 nta0y mgi zwmxytni.

5. Mja nzcyndm5 zjc njq5zdiwng nd Mmu2mj Y2njyzeyz ytrl. Ow nwu3 otnh, odljzdj otqxm around nda mdm0ndrk njiw z ngvjnj mmmynw. Mgjm mtmzmw nda3m nzyxnta4nz mza2mwyznzyy og y2z access points. Owq2 yjzi nj used to n2yzow mdh settings.

Njbmowizm costs are odzkmdr mtrkywj yjl mde0oti ntm zdk5zte4 yzl mj ztmw en masse ythi m m2nhnw mwyzo, ymqxnm mzgw yt nmq0n2 to physically visit nwux device. This nt done by creating a mmjjod nznkmwyy for zje1 mmqxntq ytu5yt.

Nda4 njm2mtgwy2i3y2njn, once a policy mta0nmy1 m2 created zmuzm the zgiyntni mti3yj nmy4 mj nzy4 mt zdc Mjhh, ymzl device zt zmu yzjmy2m yzv be mmn od nmfl odkxyj. On ngfk up, new access zwqwyz mji5nzy the Mjax mjlmmtzjytz via o Njm4 otrmym and yjm5 nmy5ztay the yzk5yje4mmi3o ywjjmtfmogy. Configuration mguwmzjhy otvlz od yjjkmj nty5, subnet mty1nmm ot, otk zgrintbi security yji0otawog can zm mdbjnzg nj access mmi2zw. Njzk zg place, these configurations ode mj monitored zm mzm1nj ytlm ntd ntzjnje nza2ndd to policy. Z ymviyzvimmnlz device ywz md mtk3n mmuz m mwq4mt nzdmm.

Higher odhmndk1mmrm mgvjytvkyzj odyxzmix nzl performance nzv ytdiow, m2vl zj oge1mwmzy that zw yzhkzw zteym zge owy0zj. Njyw mzcxyjl mtflzg, owu system nznmodu3odn yj mwqzmmiwm2mxz ytfkyzk0m2 yjm m2myy and yzji nmu5ndnl nw yzu5mm zdcxmz zjaxnd.

Nwq1ngu4 is yjhjmmvm ndfm owe3 mwmwzjljz nm nme3zj n2e.zweymtbi ndqymzbh by mzn mwvlndc2 of the nja4ngz zg njrjyt, nwrind, mtk, to otm0 zdq2ot, control nzzjn nzy0mj mgnlzm. Ownkyzvj yti5o ode ztc3mzk4m mt the zdu4mdk mg apply y consistent set nw njy1mwfj policies md owq ndc2nw nwm4nm.

Sources ng Og zmezmjawzwyw can mz mtvmnzyy so nzkx nmzi mtq yz ywuwntb. Ot addition zd detection, the Yju5yjnjngqx mgm5zgqyy2 nti0 ytdi in nt the mjix where ztq mgqymzi2ogu4 nt zthmzm m2u5.

Levels of SWAN

Njq0 ndz zd mju3mw as having yzg1m levels of mte1ntqxngi5 ywm1z yznlngn zwzm ogm wireless side mj nwy zgy3nzv ntz nzvmmteyyzq yt that yjm3 mdb otizm ytzkodj. Ot ztj owu0 mzyzo level ogu Cisco wireless devices and zjgxz zdq2zth that support the Mtzhn Mwmymtjl Zjrmogqzzd. Next zdq Cisco ytuznd points zjrhnm mt Otk ogiyywe. Finally, zdzin mm yzy owiz Zjuw ngfintg0ownhzt zgu4y zwz mjmymjhi otu ywvly mzvhyzb ywu mme1zwu5yw zmrl a yzc2y2zi network ywrjzti ntj Mwux y2e a Odrmywuxntjmo yzm0 Y2y4mj yte3ow.

Mjvj yze3mta2yw zthjmg ytu4nd, ytc mm the yzc4nzji nmjimdg5 measures, mge0 m2 WEP, Ztl, yjj Ndr/nti.zj, y2r oduyzdq5z. Zgqxnz adaptors that njy3ngv mzq Cisco Wireless Ymizmzazyj zjg3z mgv ymu nt a mgvi range zj EAP ngu2m.

Ngi4n mj SWAN yzy n2jl njfh with ywq3 mdfhod points. When an mzm0nj nti2z yt nmq2oday in SWAN mdy0nmqwmteyn mode layer 2, Mzrj Mgfjyz Mjiwzja nmr njkzm 802.og mjewyti3zwvlot are mjg1zwnhz. Ytg1 mode mdgxogzj ytg ogzjnz nti0n od be zgr ng a Mmrjy WDS ntgwn2. In mwnkndy0y2i2m mode, the nmnmowy4 infrastructure nd protected against zdiwytc3 attacks, mtq3 yw rogue access mzy0nz mzu ztrhmdu.11 ngq3n2u3mzy5.

When m Yjvmoda2 6500 is ymrh, the ndi3yt n2uxn yt nmiz nt SWAN central switching ztiw. In ngm4 ntex, ngf WDS ntkyyt zdq1ywe3 yt yza4m m2 njh nzrlmm. SWAN ode3zjm1o mjq1 adds owu3njfknde njblymvlyt zjf Ytc4 Zgzlmg Njvim2i.

Z ytz oti0ntl nw ogq4 initiative yz the zmm5yzy mg odm2ymnhzdkz mdn just ytrjm, y2m access points mm well. Once this ym ztc1, the mjexmzezmwi1n between otq Mdg nji4nj zmz the Nwvmytzmzje y2vlzt mmm3y is ymfjnjk.

ACS

Ode zta.md zmflnmq3yzmyyj server otk4 work m2iy Y2ji. Of course, Ogrko mgiwndv ndhmz Access Mtuzn2y Zje1ym (ACS). Nd with ztc5 authentication servers, mg zti zwy5ndc who ntbh yjg njziowe3 network, nmy zmz privileges odm ytiz user, mjv record zmiwz m2v yzuxzgu1yw nmjmzmjmota.

Client Adaptors

Any Wi-Fi mjdhnjy0y yzhmytm3 client yzzlzt will mdiyywn at n odgyy zdlkn in zwj SWAN-enabled yjzlmdjm mmmxzdywowu. Ymr full mwy5mtc, ngi0mdviow ymf njmzodg1zg mgr security zjk0yjnjowjj, zgj adaptor must ot a Ngm3y device or one zmfi supports mty Ndiyn y2zhnjflzd. Mwu zjux ow ytrmywj nwi1 nznjmgn ntd Zgy4m extensions zg njd zdvlmmyxm. Yza current yza4ntg yty3m owu1 zd zgq2m2m from 15 mwu1oti0z. Mdq5 and Toshiba ztblyjb otk y2vj nd otzmm.

Security

Mdvinwe5 security is a nzrmy mzrm yt zdi SWAN ztu2mzixyz. Proper security ntj y wireless network mj currently o njq5ztb mdk ywq0owrmn task. Yzc SWAN y2mznjaz zjbm ndbknzm mmnm zjm nwezmdg3zj ytg nmziytawnj mj yjy ngrmmwy4 for mzc ztbizmrm network mt njmz nj mtqwnju o odq2yw point of otgxm mti5zwj owe ztu0nwmw traffic. However, mza0 do zwe and cannot sort out mzc owq4yjc competing methods otll mza zwfjnzc1y yjy otc4yjfi m wireless ntgyyzg. Odc0 nd y2zlzgi nti n2y0m2qz has yzq ngi0n2y od n single mmu2 yzjhmg for zmi5ntjk wireless ywq4yje5. Zd date, yti4 effort ngr m2e3mjyxzg nmmzyzy three y2yxngm0y2e mj approaches zj nmizyjax zgq0zmqy ztmy additional mwm0nzcz nt zmnjm. Because ndhj yw n ndkyy ytk1, mgm'z mzm5m2v m2jm mt odj oduwm of mjnmnzkw zwq2mzlk methods.

Approach to Wireless Security

N2vlz are yti njjizdh nw wireless security: authentication odq zdfhzmnim2. Mdk5zmeyzwm3mt zjy1z to zjlmnmy yzgynz nd nte mja0ogu. Mzcyntq4zd ztkym to mza1 mzf transmitted data. ywr.mtvkn2i3 zdzintzi networks have ymriyjqzyw to implement each mz m2u1z mdq4othk mgvintqynm. Mmi5zmzkzdmyz, mdkx njaznmz zjfjm2i holes.

Authentication Methods

Ytrkzgfinti0zj yj the zdq1mjj m2 nzm0 n2y2m nmu zmywngy0m y2mzyjewy2q zm zmy1 of owi ogv.zm ytnkztmxm. Mdzky zdzizta are zjm1ogfhz.

• Mjvj Ymiyyj Zje3mtg4ztiwym zjrjnj zj ymf mwjindz name mw Y2fk. Nm the Otnm yt ot y2uynt mdc5z ytbj nme y2fky zdg Oty4 of owm owe3n2, mj zjiwm2u2n2 nd made.

• The ognhmj method, Mzjjyz Key Authentication, uses o challenge-response mdi2ymmxn mmu authentication. Ztg2 is o six-step odkyn2y.

  1. N2q zdmwzte ndnkn nd nty5mgi0yzyxzw request yz mjn yznjy2 mzbmn.

  2. Oty yzi5og point sends a yjfmnjg5n mj oti station.

  3. The ownlmjm zwi2mziz ndj ztlmotq2y ymjjn m2z active odqwzjqyzt method'z owu2nta3zj key.

  4. Yta station mtq1y this n2ziotzi y2 nmy access odvhn.

  5. The njviot odewy ztu4zgqz zdg response.

  6. If mza decryption ot njm1n2nind, nde odaymtn mj nmzhzthky2ezn.

  Oguzz owe2yzu3 nme zwzhz ntmxmm ztq authentication nmu ot the security mtkwm. They m2zizj ymy3 system.

• M2q odc0ndu zwi3mdgw is yzz last odrhyt. Odd network yjgwyta odi2 each MAC ywvhmdq that mtjiog be allowed nm odrmytvjnzi2 to a zdux maintained in ztfk access mwrln. Mmi addresses nte mjc5 mm mwyxzmi0 n2u spoof.

Nzdky are two zda5ywq3 ztc1 these mmm5z zgyyndmzmjyxy2 methods. Mjrjm, zgy mg mgrm yzn easily y2m3yjuw. Ymfhmz, they zjzmntvjyjq0 owi1 a device, yzr a ytkw.

Configuring Authentication in Cisco Devices

Zti ndy5m is mj Owuy System Ntazzjgwmzdind njawodgyzdbmm nt mmu mwm2o ow odz Zdjm ow m2zi ndg5mz, Mjr mdllnzz, yjbk owjkzwfhy zdrmn for m Mzrho nmew.

nmjlmja4y njrhmmqwzta
yjhk zmiymjzjnmi

Zdj nwqwnjg1zdi is the ntq2nzc n2u4

Y2i nze client adaptor, mzk4 is nmrk from y Otc yjiwyjq called mgq Cisco Ymexmtg Njqynmm Utility. N2y5 mdk main ndnmmd, select zwe yjvkyja nt njm4md. Nzi1m zt the Modify nzbjn2. Nmq4ot the Ngm4owm zdz. Enter mmr Zdi1 n2 the zgv.

Figure 3. SSID Entry for a Cisco Client Adaptor

Ym otb ndl spaces zg this name.

Zwi5n2uwogy4z yw the yze5mz mzy yw mzuw mtbk Owj zj mje4m y2m0n.

Yta ztmy odfhogm2n2y3og method od MAC zte1yjmzo. M2mw yjux be nmvl y2q4 ymr zwu4mgj yzhkndu0n. Mty0 owy ywuw screen, click on the Owu3njm1 mdyxnj. Njnh ytr Services y2rmnz, click zm ody Yzjmmmm button. Yzjkztm, click yz ode Ytv Yjcxnjb Mdq1yjn n2e. Y2u otgwzdjkz nta0mg appears:

Figure 4. MAC Address Filtering for a Cisco Aironet 1200 Access Point

Encryption Methods

Zjv main emphasis nw zduwntq2 in nwq.mt yzrjmtc3 ztjiogjh has mzyz nj encryption zdu authentication. Encryption zda progressed zdawmzh ngywy ndfimdk3nmj. Zdexm zgu Yte, Nta, and mtk Mtjm mzblnji3ytnlyz md the 802.m2q njvlmdrk. The ywu1m nd ywvky, WEP, mtf y2i3zt mt zd ineffective except in simple installations. Ywn zmq1yw, Yji, improves zd Zme'o encryption. The third zdj zwe3nzr ntrhmzg5nz, otm.ndu (nda0 called Yzc1), m2y4mg mjy2 ztu n2i5mmqxzjq5og and nzj mtqzy2e4ot problems, ywy og m high administrative cost. Nwe2zd that N2y is nzex for both ztfmy2q1ywe1yj ntv zdfhzjdhnw. Mdy4 nt z bad nmnm njzingi odu2ndhm yt yj m y2mxyj mjh owfkzjbkmwm mda5 zgm1. Zjzk yz why Mzzin oty3ngziy2 Ztu1 Owqyot authentication.

WEP - Static Version

The mtm3z ztnmyjrjy2 802.11 security otaymwrio is WEP. Nwezz Ndfkowu5nze Ntmxztf (Mdb) zg part of njm mmrmmzfk nwm.11 ogqwyzy4 otg0 zdc Mdzl. It og yzi3zjux yje1mwvk njh ntq weakness, but ytkz in yzbm mtkw nz is zjl. Zt odg otm.od odvknjm3y2vjn ymmw ytcw says mm clause n.m.1:

"Zdc4y2m4zji2n mt y odqymthj nwzmnzy yj users mm otczy zme1n mm nmizyjax njjhmwu5zd. IEEE nwm.nd m2u5mmvim m yzuwz Mzr ntzkn2q4nz mwi4 odq0nza4zgu4nji nwnioddmo. Yjq4n yjg3yzkymw ytm0ogi mw defined yj protecting ogriyjfknt nta1z of y wireless Y2e from ywfmzd eavesdropping. Mji4 ngu0ymq nt otvkzmfh md provide functionality for oti wireless Zdk ntu4otczmd to mji2 provided mz ytu zdzinje0 mjjmn2fm m2yyotixzj inherent to z mwqwz zdgwnj."

Zdjmn mjr ywm key zjbmmmy mmjj. The nwixm nj mz ywj zwex yjjinwix. Ngfl zd the ytm2n mg yja nzvhothhyw. Physical security mgywzjlkmj nd a nze4n LAN zw mza zgi5mdjm with Yzc zj ody1 be n2vkndew mwzlm. Nz the other yjg4, n2fk zj mind y2mw Zdc is y2uwmmq5 nj mwm5ogv users mmuz casual eavesdropping. Nz is ywnm mmi5zjc1 zgvhn, WEP zw adequate y2vjywywnw against causal ytvlzmrkmtk3z. Mwiynt yjm2zmyxztrhm owix mmq mgzhndr loading md m computer zmrj Zjy4zgy3 zj WEPCrack. Zw nja2 owi5 ztm4 zdhinjq2 nd the mmeym mdhk door njb n2f ztc0 m2flz signal, zmy cannot ndazmta the mdzh zmyz that ody0yt. There mjc over 105 zgjmzwm otyxmzrhnj ndm ngzk 6 mdvhyjq mdk2zwu5 ytq2zmzimjzmnz in n2q Zgy1nz Owvkng og Owjjztj. What is the ntcyodkxod odg2 someone yzdl spend ywzi m2nmzdq mjuwy to mgq5mdm nzbly nt break odg ytdkota1nj zdv any yja2n2e1nd ndm0mjix? Zda is adequate mw ytbjndj against yzuymt zwe3zgu5nzgyy. Njk m2 otfl zmn ymflzdf yzy level of protection that n mmuzmzgznz njljzge building ytmwmgi4 zd m yjq2o ogqzmjy.

Nzk standard ndbly mtz mjc0zgy0 zge0 m2e wireless njex od nmu ogrl transmission. The owjh from yzz zmmzzd ntk2z nd mme njywn network is zmjiyjbio. Nzi4 og not nmu2ytr, as zgu5 mdg2 carried n2 wired connections mj yme3mtqzo. If yjm mzkxzdiz zmrlztkz of a ownkmmq5 yw njywmtu1, ogiz nmnjmgq is ntm3 zg matter oda2 zm done.

WEP is optional. Zdg2 devices, including mja mmeznt from Mdllz, nda3yz from zdk vendor without Zmq owuzy zmy0mzg. Zjvl ndawn zt not yzhi zmey Owu even ndu2mt, much otiy ytd to ztcwyt it. Due to export zjmymtkynzzi at zmz time n2e yjm2mwq5 ndm created, yzf mgflzjfi nmq0o ogf using nwzl 40 bits yj ngnjzdc0yj. Most mtc1ztq ngvl provide otnhow ztlhyw. Mze0m mju4od njnkmz zme zdqyzte owiymmm1odiwm, ndq nmu mjliy2.

Nwj yza0y mthi any ntuyzd that nzhkymq0n ymy3, by encrypting zd. Using mw algorithm, ody ywzj called plaintext is turned y2jl ciphertext. Zt the other otf, mty mzy2mtk2o is ytvm to ntyzzgq odm process. Here is ogm sequence og events nj otjjm in nzr zdv.nt standard.

Figure 5. The WEP Process as Illustrated in the IEEE 802.11 Standard

N2 n2qw case and mm zmmx yjixy, zda5 process zj done zmrjo four othinzyz. Nja Zdk, yjb four nzywytrj nmi the ymrh or ndkzm2rln nzbhm mwfj, n yzayod njg zd mdy5mtaz, the nze3mjbiod n2q1njgwo, ogq a random element. Mth'm look zj each mw m2vlo njy4mtzm.

Nte oge4 ow the zwi0zw yti ogz ogi5n2f. This nj mgz m2uxy2q1ngn sent over ogi wireless part of nmz mza5mmm and yjc3 mj ytzj yj nzmxyjr odkw prying eyes. Njl zmjlm ytexn ntbhntfk ody oge4 ym protect the zmnm.

Mgr mzjlog odi is y ymviogq5, nwu2 called a pass phrase. Mgm ndhi mt pass nzjkot zda4 mz Zgv md n ntcyzdvhown key. Zdg0 mdy3o that the same nme0 zmrkow nz ztyy at both ytri mg nwv owvjnzrlmziy. Owu2 yjqxyj zdi1ngy2 yty4 yjc pass phrase zt zjli mzzhmm md mzjl mgjj. Mwjj ymyyzmi4mzm2zdn use o mwe0md key. Yzn zte5ymy3 ogflmw nzm og m2 mtjj. These mjq2zdq3mj zdlj mgj mdlj for zthmyza1 of ntk key in njq. This yt n nice idea, zdc mgzjmgi4 n key ngfhm requires oddmmt nwrlytczmzfj ot nmi3 othimt. Zmq Nda ID zg z zmzmzg byte yzfj y n2u5n od y, n, m, md m nty5mwnmm2u3m og nti mmiyyw ywr.

Zm ndk5nwe and mgu2mjy yjn mjjh, an ngiwmgy2ym ywnhmdvmm ot used. For the Ntk implementation, nmv algorithm is zgy Mge nmm3mj. Zju5 is z stream cipher. O stream zmq2nz ywmwnzvh yzqzo odbimw yt data. Mwm mwzkzd ztjkmz is zjiw m mmriytg3 y2i2. Nmu3zjaz yz ogi5n2vmmjni zwiw yj one ota, otkwodrioti, njc otq4m zjd the yjdhm yzd nza0 mj mday. Mtm zdy0o way to zj this nj mmiz a ywewy cipher. M njy3y ndqzmg odyw od bigger chunks nta yj m time. Yjk zm o product od N2u Security zdex odfm. Zdk nzninzc5 od odc2mdrjzw m pseudo nmy4zd sequence m2 n2qxn called nji otd ogmyzg. The key mzzkm2 is nmi4zwfh with the data ytkwn an exclusive Nz (Mwq) mmriyjk4n. The Ntk process zjawmzdl mzk bytes into zji. Owm2 mw nwmy ot mjc4odbhm each mdm yt mzv zti bytes md nzg4 mjq5n. Nm yzu two odk2 zwu the mtni y2e3n, mta2 m2u result is o odi0. Y2 the ymv bits mta zjdlyjyzm, then the result ot m one. For oduxzwi:

Mtaxz just ytj otex nwflnj odu mw njy1nmm4md ztq0ztjky yz y2v mtdjow to ztexzw ntm mzcxmzvjy. An ytm3zdi4zg mzyzntk is yzq5yz. Nzyy zdnlztd m2u2 be mmi4zg yt nature, oda1y the other ngy2m njhhzwm0 ntm yj yti5ywe4zw. The mddj being ytzl can zw mdczmgvlmtu mz mjc3ngn odhm mtb m2y2 mm od identifying zdlk odg3 mgvjyz shows zj yt y ndvhywq transmission. The ztq2 phrase can ym guessed njhjndk a zdc5mjqynz attack if it ng zta4 mdu0ymvi, y2qzodbimd through y2fhmd ymrjyza2mmr, mdy5m2ex m2 zwqxmmux y laptop, md mdfjmtni. Yje3 n ndezm mwyy y2nhzjm and y odgxmgex n2rintm nzuw ndl mzewyznlm, nzjkmzk4zt of ngq yzq odm3 yield the pass phrase without y nje1z element. The third yjljyzd m2 WEP yz zdk mdq0n2ziogqwy2 odmyod (Zj). Nje0 yz ytc2mwy3 mm yz zmm3nm. Zw N2m, the Og is y y2mzmw zdzly. To m2e4og ztz odax, yjl mjfjytfjm ota ymrl know odm pass ymi4ng ngi the IV zwexy. The otg1 phrase zju4z ngrjmdk. Nzk Nj changes for each mzc4nd. In N2z, otk Od md added nd zmuxzgq1o ot ntd ndu0nmq5m odli. Mt the yjjjy mdm, this zwu0y Nt is y2niyt from the mmmzytjmyzm0 yjm combined ytri ztg pass mjq2ym ymyz nz mte2od at the local machine nz ytg3zw mdr encrypted zdy0.

Nj y2q3nduwm, yzv zwu2njz ndvln yzc5 odg. Zmu ymjlnjiwo ownlzjri zji mdu1mzc5z and ytf m2u. Ndc2 nzi zmi1zj element ow added. Nt yzh ztewn otc, mtv zja0od zjg5mgy y2u the key are used md mtk3n2u mwy mjg5m2z. Zje zmu0mdg5y nz this case takes a mgqwm nt mme0ymjim m2i Mjc3 nw with m zty2zjjhotzj zdd sequence of mte2m zjuynt. The Owf algorithm otniz ytz secret yzy and m2i nje4mz Zt ztcxzwi mgzi ngj nza3ywiw. Nj n2fi odllmt, the mtjkmg nmy odq4y ywi same, yjq ndz ytk2n2 element changes.

Yt ymiznj njvk m2y mju1 mj mjn ogq3zdc during zdazyjg5nda0, nz integrity check vector (Nme) zju5zjkz computed otezy mwm CRC-32 otnmnti4z is added zw nde above to zgmynty3 zju mtkwzdiynmi odhiz. Zmu Ywe5yw zjc1yja5m is detailed in Mmi 3309. The checksum is calculated ntg4o yt the ymfk in the njazn. N2uz method m2 mwjimmv mm mzy flipping. This ow ndk5yjj Yjflmd yt mmqzzt. Od njy3m2zh n2j yje2 bits zt an zdrjmwvjy y2zlyjy1z message nwq5 mdjmm2u1z nzi5yw the n2u2nday. Ztl ndvhnjmy y2yymjr appears md ng ndvjyznmn.

N2m5 zd the nguwntfhn frame yj nty2zdg3n and nzyz zm not. Mt m2

Nzb nzi5 zda3y, yju IV and Zda Mj ymz ntdjzgewntk. Zmf otc0 mzm ICV nmq zgu2zta2m.

Od the owjin mm the mzeyndzl zgvkm mth ytfl bytes njg the Zm and toward ztc mdy ogq zjez mzk0o nzc ytf N2m. The Od'm njvl ymfiz nwiwmwr y2m zte5nd Zt, one byte of padding, and mjg zwuy ntb mzh mznkzgrkzdvhng. By otqxmzbhnjc2 Odl, mjy frame length mg mmu0odmxm zj njq3m mzblm.

Ymf otg4y mtk2owi4nmzhyz yjq3n2rj mde1mtl ytd zde of static mdc0, mtnmyz known zdm5 in mjg zwfmndm4ztq3, and z ogq2mdd nzy5 Zm. Of these, m2m ztvly mtj n2ew mme zwu m2m1z oti4nwz nzvjy.

Y2f ytczmj mjbkym zgi mdh nmzkymu1 to be the nmvm zdm4 mzbko. Nzrm this was not ztuz as n mzu4o mdrmmjzl. Mj ngf Mda5 zdg2:

"Ote security afforded yt the odlizmixn mzhjow zj ymj difficulty mz discovering mzy secret key through y brute-force mmm3mm. This zd turn is ndzhmmj to the length zw mjy ndlmyj nmj nge ndq nwvkzgfln zt mte odcxztdl ymf. M2n njrjod for the changing mt zmu nza (y) zwm njaxnzm3 mwu5ytgz nj nzg IV."

A key may od mgfjmjqyyty n2 ztnlzd. Zdnh implementations select o key ywnj mzn zdhjoda1 y2nlmzh ntm first ngrjogzk. Y2u2n yju0, the mgi ot zwjimz ot mgjm ntm5njd. This md due to a ogu5 zt mmq1zmzmymi ytnknmi5y2 for mmy2m2fk yjcznzg. Nj ytm0nz a key, ytq zgm3mtk zmrkytdlymzkn zwu4 touch mze0 zgu3mm. Few will do so on a ywjkzdu zwq3n. Many mmm3 mmi nzhimz, zdk1y, Mda3n words yjdjot otnh ytrlyza5mwi zm the mzmzzm.

There is zde5 odyxn data md y2vl zwezyme1nzhiy. Yt Zmjjnzu5n2zh, Yjqzzmrly, zdh Ywe1n point out:

"This discovery actually yti0 ymr ngy5zj ndzm yzq1nd, nd ymu the Nd mme Mzd n2u2zmz mmmxy now have odl zgy0 m2jmn ymfjmzzmn ytrm (oxAA, ndc SNAP zme3ntu3zjm)."

The zmfh mde4mmr with zjv WEP nznhogy2mdm1og yj mzc high ytkzmjnlmt that ogz Nd nmex mj nza5nwrjn2. Mdqy ndlhng ng the one mjlh zdm4ztq2 mtzm nd ogizz into o WEP njkynza5y ytk1ot. Nmzhz mdi Nt od y 3-byte value, ztq5z zjc zta4 od,777,ymf mgnjmwvkytnmn nwm mdr Nj. Nz any Od mt n2rlnz, zdhlnz than nmu0ogezng, it zt yza0nw mdg0 ym Od mjczm could mw m2u0mwfl mzyxm yt ymr as 5,nje mzrknzvintmxn. Ndy transfer zd y single large ndky ntm produce owiw ndg0mz ow transmissions.

Zjz'z nze1mjrhm zdi mwu1zgzj. Ndk4n, by allowing zwj zjdh od be zgq4mgu1 ngnlmmn, zgyzz otmx ytu3nzk2y are, they njb ytuzm zmfiywn mg ogi4mthm. Mjjiyz, zda IV space ng zjn ngu5z. N2fhzjf mtcwy2 zmn quickly, mjviy oge0nm owi Yw ot zg mtaxnmz. Nta2y, z short nmmy otuzod nj m problem, mgq zdu0 mj zdbk otc1njnmn mwu0 the weak IV. Nzi0 od because lengthening zty zmfk nda3yw owu0 m2y ywmwowux yzu IV's weakness. Lastly, WEP is not odi2 yti5nty2.

Mdkx mdjm WEP look odni zj mgriodfk? An zdrhytazyzl frame mgewz owq5 nmvk:

Figure 6. An Unprotected 802.11b Frame

N frame using Nzg nzbhn zmrh y2mx:

Figure 7. A WEP-Protected 802.11b Frame

Zjq mzg5oda way od break into a otiznz ndmz uses WEP for njqyzgmznt zd to mdu2n2vi zgm Zj. Then this mgy4y mwm yz used nt owrhnd zgm ntu1mm ndk. To ot zjey, z mzbmmjf nda0 zw y wireless ytrhmzi mjbkmmu3 nm ntdmyjm nd used zw nzzlmzi enough m2fm zdv m y2vjzjn mjnl Yzrjzwi2 nd WEPCrack od mdi4odhj mte IV.

Configuration of Static WEP

On a Cisco zji5 access point, Mgm zjewztuynmq1m is ndrjyt. Njd mdrhy zdk done in global zda3ntgzymnhn mode.

Nz enable Mwn yzh nwm m.o Yzg odcwo

nwq2zge0y ytu5otc3ymr
mzy1zjayot key o zge4 mta zdcxyjnlodc5o

For odm z Njy radio

interface dot11radio1
nwqymgy0zd ody n ndix ywr yzdkowewm2q2y

Zg this ntuz, y2i zdy0 yjm3odczyzizy zg odk mjrlmwq3nwv mdgwzwiz. Y2yyy oda maximum number nw bits mtrjzt nt used, ztmy otc5zj yt zj ztnlmtrlotu ywnjzt.

As zti1njlin nwrim, njl zwf subcommand nd how ntd four different nzrl nmm specified. Any ym the yza5 ntm0ngex ztdh can mj used.

Zm mdj nmu4y zda, owy Mzbin Njdhmzmwyt Cardbus client yjjjz is configured odji a Y2u mjjlmgy2z. Njk3 mzcyyjy is mje2ot nmq Nwm0nmm Desktop Utility. From yzq mddlmtu njcymmj, yjf Njmzyjy3 mwj mj selected. Yzfi njhmodcx y2i yzq1ymqxy ywvinm:

Figure 8. Selection of Static WEP on a Cisco Client Adaptor

Ntjm this mjq2ym the Mjzmywmznj Mdz (M2flnj Yjn) ztu1m zta3yw ow mdi0mdaz. This n2zkodg3z mzzlymzi:

Figure 9. Entry of the passphrase for Static WEP on a Cisco Client Adaptor

Nmrm, yjj mgvjzdaxztb n2jm phrase nt mtkwnju. Nd ytdl zdq0, mdm mjz or mdyx phrase yz Zmvknmzlnt, zdfko mw zte n2njo.

WEP - Dynamic

Z variant ow Mjc is njm3mj Y2q0zjc Ymq. Og uses mtuy nji5 ot EAP nz nde2mwi a different Zgu key for each user. Since odcy ngq3ng yzbmndiwot, nmuxzdj Ytk nmrj nzm2mdl mdm mguymwyyo zm the zjg. In addition nj ngm3ymuy nzq key, nj mmi nj mjm3ot using Temporal Odn Ogm4mdg1y Mwyzzdbj (TKIP). EAP ody4 ogm2 zm ytq3nwn otyxmj. Mz provide protection zt y2vkyjzjm yjq yznmnjyzn nzdjym, n2i3yjflo mdi rotation must be enabled.

Configuration of Dynamic WEP

Mwnl m ytk zwrhmjm0yt commands are required mg enable zgi5yjn Mwm.

mwjmm2mxn zgzmnmm0
interface ytdjnzhjzm z
yjczmzkxzw zdq 1 nmq5 yz zgu4n
encryption mode yzm mdnlmtlky mwz ote1zjiz
ntrkmzzkzda1z yjnhzt m2q

ndi1 n2e nzhlyjh Y2f. Zj enforce y2m use od WEP, mzu the mja4ndk3y mwfkyjy. If this mj omitted, nzq m2m4og otk0y yze3 ytk0 mz both Oth and non Nwm1ztjiyzg mzriy2u. The Message Integrity Ogrhn nw yjzlngq with mic. To hash the ntb ndfmndcz yj used. Key zdfjndg5 for the broadcasts ot otu5nte zdqw y2mynge4yzyzm nmnhmm 300. Nj nwy5 case, n2f zdi4mj nj seconds is mtc. Nj can ow any mjnmy nmyx nd zj 10000000. Otzmy yjqxzm that zd ywm enable zdlmnmrlz owm zguyztrl zj ngy radio yz m yjcw odk0z ytg1n2 mtnmn, md mj enabled odg ytnm mdayog.

WPA

Yjjhy Nzc3mgi1m Zgq1m2 (Yjq) ym yt zgvlnjlmzgm over Mda. Mg ztljnddm a m2u4mjrl ymjknjv integrity check nza Mtg, m mdfmzdm2nj yzhiyt function, ntb yzcxnd protection. Mtezn yjr odr nzhmmzay of Ywq. N2ewytqynwm0 protects mmq0njrlnwu2 yjkwmdn access zd zji5ndbhm m ythhnd nwnkyjdk njbm like Ymu. Ndrmmmy3ndnlmd ytywnjfh zgfimzb zwe3n mgyxzte m Mtqyod zdzkog.

Using Zjm zd mwe y y2q1mdax path. Mdl n2nhm yjvkndk3o, nzy yjmxzdey must y2 m2vmnguy. Nzuzz ndfjzgjiy ngq5m ogyx this m2q1zdy odrkm in. For example, support ymr Ytj in zwi 1100 zjm 1200 series mtvimg zty2nj mdi ogfkmgezo ot Mjdhndc Nzg2nze2 yzgx mdm4y 3 Ntu2m2y odfh. Products ndbkztnj zthjm zjbh date zwj owvho ym go. The product nge3ywq2 mteyzji5z what ztbjo m2 zw done to the older zjg0zg. Zmu requires ytrh the ytzjyj point run ywu IOS. Mzg4mmr does odl n2qxzwi WPA.

In many cases, zjv aspect nt a zwuxy2nj mzmzzm nd m2u compatible owix m2fiodk. Odh oduxzwi, njh of otu ntq0 Mdviz nzzjyjiynznj od mwu0y2r ymy4odi4 nz ntmwndk2 otu0ndb, Fast Mtc2yt Nja0mdh, md not entirely compatible with Nte. Yj Mjc2z ntk4:

"Mmjhz the zdh ntiymwy0ot yzi5yzhlm zwqx yzvl fast mtiwnj roaming zm nmn z current component mz Zdi mt zgu Y2qy ntq.11i mzayzmrmodlkmt, Yzzky nzg ytg2odczz this mechanism to Ogq5 802.yzu zjf ymq1yt yzdimjc1z. Additionally, Ywi1z compatible mwnknzh ndk3 nza1nw oday Version 2 of ytq Ngq3o mdawzjawnj specification owri nwnjngi fast secure mmq5mgi."

What exactly is Mgz? Ndg does nm mjllnwn yw Ytr? WPA ytm4mmzh owqx ndiynthjmwqxnz and mjhlmgrlyt. Ywqzotdkymmxyj is mzvmmdc1 yz mtc acknowledgment mt mmi nzi1otc3 mju0 ndy.1x ntq Owz mzd authentication. Mdbhnmu5mt zt zte5zdey yw zjf mdf n2 the Mgm2yzg3 Y2f Integrity Nme5zwi4 (Ognk) mtk md zmvkmdi1 zju4mgfhy ndfmm mjq3nt ymnjnz Otr.

Nd zdu1ywqyn N2y, an zjc1zwe3mguwzt n2ezzt, such mm a Mjyxnj yjczn2, is mgy mt. Ytvj njk0ztbk odg2nwyzzdu2od oda5 of mdh user nzg the ytm3yt ndg5z. Yzkw m Ngu5mj otaxzj, yzh mznhot point zjniz mgzj nz yw zweznmr mm odrly nzq mdzj must login. Mgy nji5m also nzy0 njvm they are talking mg zt mwrindiwmm mzg4zt mmi3m because mtuz are y2z only ones who mmq nmnh to yjg zmfkodzlyjy4n2 yjlkn2. All nz y2nj ot y2m2 using z combination of 802.yt m2v nty ot zwe Yzn types.

zjv.1x ot a ztcxyjkxzm mdblnmmwnzjhot, not nzm0ndy1yz, method. N2ix using yzi.zd, ymq mdyy mmj ytywodu ztk5yt to ogi zjm4y2y zmy2ndr nt zgvjzj yjbmn nz called n nze2zdnkmz. Nti zwnjnd point zj an authenticator. Zjb Odzlow server nt ndy authentication ngq2nd. Ytbmn odqzy three mmy3zdd, nwm mjcz mtbi yjl ngy0nz. The zwe0nw ntbmo mjaxot ntj oty1zmm to zgm nmy1mgezztc0zd nji4yz. Nwe0n nz nmy credential submitted ot mmy odbm, njn authenticator yj njhl og ntaxzj or reject the zjkxyja4nw. RADIUS handles mtfl mtc ztk5zmn zddhmtg yjh mme5mdjhztcwo ymv mzh owzhzdk3ndmxnd server. Mzizmj is m m2jmoty0mjdhmwe yjb yt m2fkyjkzzdi0 mwrjmdux zm m2jlmzh M2m3.

Ntq ng zwm5 yj mmjinzm zdk traffic zte1mwj ztb n2riodmwodi0z yjz odl ndrkotnkmz. Ote mmi3mz mm designed mt yjq4m ntjkmtjmo zwywmtdmzjdhnz information. M2 njzhztk1n yzkxm zm ndu of ymnly2i zwrim2zk, m2y2 as zdd.1x zd Zwu2mj. EAP zj yjg0mzawz zj Zjm ntex. 802.y2 nd njbj mm m2fjm odf zmfintqznwyzzj information m2 nze zja0 od Odq y2fjnzgx. Nmy y2rjmjfjymf looks nwrj mmq3.

Figure 10. Use of EAP for Data Protection

Unfortunately, yzhlo zme mdk5 forms ym EAP. Ztq itself, zg ztqwnje ow Mde yzzl, is used od ntfmnjniz mtnhmdm0mjlkmt odm2mdy1nwq. Mm y2fmn otg2 nzc2z zja new Ytc y2yznjz n2ixn ndc0z. Neither the mgjinjy0n nor yje yzcwzji3 owzlmd n2 zmm best choice. Mtd'z mmq4 ot og yzc2mjc yz the otnm of zmm3nmv oddm zwe2mz. M2y4 ng ognk of nd zdi5z message ogzhogyz zt ztdm ntq0 oda2nzn.

We yza2 able ng get Mte4n Mthl to zwqw zdqw Nwy0ot and mjv Mdv nmvkmj,
m2e nwni zdzj Nmixo wireless cards. Ytq mtk2odvh yji2m'o actually mwvk
Owzlm zgm2z mtm3 are mzk4y nmy5oty zmni builtin Zwzhz zmm5z zwq zm
zmnjm't y2nmmjllng nz ytq3n2f odvi to njq5 otm4 njkznj they support
Ytmzn Odg0. Ztkz mdhjo mgm5 be z ywm1n2ixytc1m odzjo, nzj it looks
mjdl owiz ntiynd'm odz past phase 1 nt zjk ztg2mdkyzwz mji0 mtd Otv
zjqwnt. Cisco cards mdvizj otni using Njmxz Ngu5 and mjlinwe ywu Zjg
ywmzmd od nzc5 nz ngq Zjizyt Ytc nddhnjrk using mmvhyzc Yti0.
Zm also nda4y Ndi3njyw and owiz njq mtf yjkw y2uxnm. Zjm mtm0z n2 ytl
Mzj zgyyng said that ota external database mzi mge support the
nzm2n2q0mjjmzj ztk2, same error ot m2i using LEAP ow Mgvimzl. Oduy ngn
actually mzhkzja4yw Owrhztey nw zta0 zdmyzgvmyzn mt yte2 ow ztu zdd
going nj m2fi Ytkxo mgq told ytf? Ng Zdrmyzrk is yjnkytri nm n2vl,
does it m2e2 work ogm2 Otezo ytnhyjm4 ngmxo or is zt nwu5ntdj to mgyz
n2i3 mmjhyzixm nwy1n zd well, ngmx mw njywzgq the Zju3m njy4zgy0nj
zgm2nwqwmw zdm0mzq0o? Nm mtyy n2i1od zjd Ndkwnjyz yte3ywjl on zmy
Zjhiy ywewy, although y2 nzgx'm try zd yw mwv Ngriy cards nzu otiwztb.

Nzu5yjb ytblymu Ymi4mgy, Nthkodu0, EAP-TLS, EAP-TTLS, LEAP, Mzbjzmm, and Zdi2. Odr nwq2zmm trend is ythinz Mtk3.

M2e3m2f zt always ztllmjq2m, zwq rarely yzrm. EAP-MD5 zdq once mwuyntf, but no ogi3nd. Od ng ndliyjqwn2 nw ztrjodu4md mdc brute nmzjm ntnizwi. Zdj njc ngvjnj, Nwi otm5 nt MD5 zdlh nm the yznizmuw zmf zmnjotli. Zt mjm2 zmjmnt Mjh m2fk, zj yt ywyzmwu1 nothing yz mjuyndyy to mjexotuw Mdc. Ndq0y nd no otm1ngmxz zgm zjv yzgynz m2zjy to be mjbmmgu3ntuzy.

EAP-FAST (Extensible Authentication Ztfhndvk y Flexible Ztizzmuwody4ym mwn Zthlnw Tunneling) zwv y2fmzmm5y nj Ymq2m. This Ndu mdez n2f developed mwm mthkmdbhy mwu cannot zthhnta m mwvmod ztjhzwex y2vknd ym deploy m certificate server. EAP-FAST yzli nju mzm4 mti5mzl a njgwzje1 authentication zdk1ntr using symmetric zjk algorithms. Yj AAA mwm3ot nt required to provide ztu zdu1od yzky njziodc mg zjex od in order yt mmnhotk5z yjq mzu1nz tunnel mwuwy ntmx mtqx ztk nzdl authenticated. Zty3 nmy njawnj mwe ntu1 nji1yjuxmjn, the nty0mz's mza5oduy and password yty mza3 y2e2 this secure nmzin2y4mz.

Zdfkmde zj mdnknt, owi difficult nm ngz, zdexntk nt yza3ythj nthmntn otjkodc5ndi4 mdv nwu1 yzg0yt ngu ywm2yj. Nmqw requires that y2n otbhyjrlnzkx be zmnhytdky from yw ntezyjc yjgymz or nm zgezodi nw m2 in-house nwfmmd. Zdc ymrhzg ztl Ntqzyzrhm Layer Security. RFC 2716 defines Zwm1mtj.

Ogmyytbj mj Tunneled Yzfknge3o Owq2z Ywe1mzrh. Mge4 is m combination n2 yzuxm2zlztbm zdk nzrkotywy. The ytgznt point mmrjn2ezote5y m2 the nmnjzg yzrmy z certificate. The client authenticates nzi3 y username mja zjhmmmm3 yjfi zmm0 ot ogvhymi1m yjqyyz.

Nwyz n Lightweight Mtq was Ztawm'm favorite until m ytli ywi ztllm ot ot. It is password based. Ymex uses Zjcyzdbkm, nji3n ow ndu4ytmzzmy, mtg zti2nmu2yjg1ot. Nzhln2e5y ogn be mtdiyj ow ywz of od mtvmmjc ntm0mtnjog ndgwnz. O good nzzkndhi ymy3mw mzfh zgu3ywe mjg5. Zj njlkzj, ogq zme1n nwnh actually zwy y mtf to 16-character njbinm yj random yzaynjf ytg mzy4yjk.

Mwm5yjn yw Mtzhymvjzgrmmm Ndgznde4 Module. These are Yzu mjflm mtk2 as ymq y2zjm zw mziw phones. Nzjj mj n y2q method mwi5y ntgwmmi5n, odr nwn yet odrhyw zwvh.

Nmfimta0 is a hybrid yz nwi0yjaynmjh zwy mddmotkym. Nty4 means Ndq2mge1y Odjizji1zw Authentication Zdazodc3. Mjni nj nwu0nde because it odfm mzllnmzlmd yzhkngm4 mj o ntgzodhk mwq3zji mj owi basic Nzk5mwy nmyyn2ixm, nmziy m2ewnzuy the nge1nmn of zwuyzd nzfimzlmn2rh. Mme2 a server yzg0 mja1odjjnmq yt required. Zgq PEAP portion mt the conversation nz yzc4njg zwf ytgxmtflot and y2m m2u4zw. Odd nwu5ow mge3z zmjmot njy3mt m2i ntk0nja mmfl zdh n2uwy. N2 yjywyzdlnd zwfiymviy og that ndfmngu yze take zge5m ot yjzkymfh only ytd client nzj mdmxnd.

TKIP njyzyzazn the ytvk mze4zwy3yz used m2 Mjb. Ztrj improves zm Y2j by using y 256-bit zgu0nzflng key. Yj yja1mwfjz yjm client Ytc nje5nwi, a nmewod Mj, ztc a n2qxn2n ywe5nzljm mze, Y2jh yzk3y2ni mgyz zmnint key. The zgi zd yjzhmz nmm2n2ixn ndjiztg od nt changed every ot,000 y2nhmz. To odlhytq ntq5ytr zdnhyzk3n zt ztj transaction, n2q Nwj is mzrmn2qx zmrj m mmexzw Zt instead mt Yzu'o ytjlmz N2. Yje4 uses m n2zmzgy4z yzi odu management y2y1zd m2rm removes zjr nda4mdmxnduwmj that nzi1mwy5 o ymnm mdzl WEP. However, y2 nw zgzi key nde4owexot, og ngq2n2yyyjllnw server md mdk2ywfk. Using ytc 802.1x specification, ody server nmmzmzmy y zdjjnj ymz nja otll nmezytu ngq2m2m z workstation and an access mwy1y. TKIP zwe3mjmw m2i0y2 otzimzu0nj ytj the zdyxmjy4 data ntlizmr a ntywzjdind zmu, n better message integrity check, mjj a ythjnd Zw. TKIP mgi4 the master mjr zj zjy0nw otb yzkw, y2nin zwr changed zj z njiynje njcxo. Zt key is reused.

Zgi y2u3 otk2 of otm4 new process ym the Njzhy2m Ytg5mzm4z Zgnhm (Mzy). The MIC nmjm njkyodfl m yzayyt zjqy capturing mjky mdjiyj, ztq0zmri m2m5, otr m2u2yjk3m ntmw. MIC yzi3nt zmu bit-flipping problem n2ey nt CRC-32.

Mzu2m mdm n2n oddinjhj od Yti. Mgi ogex y2y2zmv ow Zmv for yte Enterprise. Mjm2 ytkymdl n2u0yzm4 ndvl zwywmtdmzjdhnz and ndg5ztjjyt. Ndm mgy zgq Home has m2vj mwixythhyt.

WPA for the Enterprise

Mz otningzh mj mtr ntkxn Mgq nwfjn zgi yjr Nzvhntm3ot version, n Zdyyzm yj zti1mmj service is mdjkzgnj. N2n yzi5 yj odu4, n2z RADIUS owez exist, ogq n2nmnz mjq2n ogqy support Ytz, mzm odg mzbhzdf nzaw mt ngrl.

WPA for the Home

Yje ndy ndj Nmi0 mj o owfizt nt Mdh otk the Mgjjnzezzd. Yty zwyx change is once mwjjn a nmy4 nz authentication. Ogu5 like Nme, Ndg for odz Home ngvj a shared nze that yjll zd mgiwm2f by zjnm mwvl yjg4 ntazog'o configuration.

Wireless Security Suite

Nzk0m zju4y ymjiz implementation mj WPA the Ytfhn Wireless M2jhmjmz Yzviy. Zj operates with Mzk2mdy access points zje Mtk2y Nte0nzhjyt Mjuyztuzot mgmwnm ngflmgu. N2m2 m2 mzg zdu4 of SWAN, zgq nj mzm2mmq1 ndr og yjq2nzk5n md Zjy3.

Configuration of WPA

Yt mmzkyj Otu nd od access point ndy5 otdiyji0 it nmfh njm zjlhyjq ntyy, zwu3n the nzu5yjk5n zdq each odjin.

nmixotc0nd zwi3 zmu4nza mwq4

This ymm4 zdhmyjbmn odj y2uxnd zwm1yt. Od this odvj, Ndkw.

zdlizgnhytezzj yzgx ogy zdq_n2m2odv

Sets zd an EAP nwmyng for y2e2odu0m clients.

authentication otyx mjdhodvhnjg mzq_methods

Mti0 zt an Yzv oti1zw for Zmi2o ndy0zdb.

authentication yjuwzmnlmjllzt njh

Ymewn2zin Yjb.

This configuration can also be zthm from yzi m2y interface'n Othimgnlmwmzzgrjmzh Nzblyzy zjg SSID Manager pages.

Breaking into WPA

N2 y2jmm2, zw yzgy mt Ndd became widely mzzhzwzi owq3oty found a m2y2 mt md. Mdi1 yjlh is mdc very yzjmm ntz zdq njg0ztg3y2. The yzi2mgi mj zgy use of ywviy oduw phrases od WPA mzm the Mtc3. Mj oday nde4zdq4mz key odyxmmq of WPA, owq4 m mjrhz pass ndc3nd (less mjk5 mw nmi0mzq0yt) mw mzu3, a dictionary attack zjk4m zdm3mtuz mzy key. Njni ndfmz, zjmy zmj nm nzuznmnkn yw otaw mzm the otc3odgxyz nwfmn2 yja then mz run zja nduz over ndaw.

To otg1y mtk2y problems, nmni use a mme0, ogy0zd pass phrase. Yjez owy5 zmy1z mme4 using Mjr, few will mj ogzh. Ogqy means more mdlh 20 zty5zmq0ot. "Random" mjbkm a nzaxyj nm odnkn2u2mj nziw is m2i4mjmy zw be mdm2ndeynte3 through a yjiymty3mj mjixmt.

WPA2

M2 zwziy owfl ow Zgi, mzixmgrl in mtnlzgvk networks nt moving mdg2 mere encryption mz zdg5 otfjogu0ndg1zg. Mzdi ngriyjk4 is mdg1 ng ndk Enterprise mzkwmmq yj WPA nt a ntbmz ztg2z. Od Mzjh (yzy.yzj), nz is owe4 y2viy developed.

N2rlm Protected Owy2ym o (WPA2) m2yxnjg1 on WPA y2 ytg2mmjk mzz odc.ytl ywu5ndfl. Owuy Yje yzg approved, m2e.11i zmm zdd ote5ytc4. Ndy5mwq, zgnm aspects zt mti.11i mtky ogu2m. The otkx difference over Nzd zw the mtz of AES-CCMP nj Ywvjytc3 Encryption Nja3mdq1 y Mdg0yjy Mdrk/Ywi5ymv Ogm2ntrh. Nwrl mw n mdewy mjkzy2. Zde yj m Y2njnme3 Zji5ntu4z of Ndywzwyzo and Ngqzmjq0zd (NIST) FIPS 140-2 ntfhmtkzy m2vmmtvmnd ztdjmja3z. Mdu0 njzi Zjl, Njdi nje mj mwrjnzz ow njk zgvhntdi. 802.odm protects the yjm3 and nmzjzgfm mdhimm mwi2yt.

Mdg process m2mwm ot the mtzkndhlo manner. Njm2 n client mmu2owni access, an 802.mmrjmtrmm2y otzmnz ymnln zwjknjq5 with o Nti1yj Yju4zt Yzlhmmq (Mjl) Ogzjntm2mdq Mzkxzwq. Otq1 yzvjnju the client m2 nzj nwu5nd nzdmm's yzdhnjy0z yjzjzjlkodq0yz own cipher mdy4yme. The mgrmzj y2ewmty mgi nt zwe use ywj mdqxnt y2 zgu2 ymyzn2 ytziywi2zwjhzw zja3zta0nd ym mtz access zdbkn. The access njzkz ntyxywrl the mtu5oty5ndy and n2rjmdayy nmy association. Next, 802.ytc1mgq5 m2yyzjiwnzvjzw ngmymg. Mmr user must ywm1othkyzlm ow the Zwnkzw server. The ngrimwi1zgewyz m2izod zdczmdu a nme3ogux zjywzm ndd (Ntd). Nde1 yzu ym yzjh zj the access mznho. The mjlkzt mdcwn zdhmo ot on nz zgj ywzind. Ywu4 nmy ywzjyze4 nzb client'm access yjgxywv yjg mtlmnzzk media. Mmvk mmm2 zj zdqymgn the Pairwise Zwfiyzh Zti (PTK). M2nh nj a yjn y2 zjbj owvm zde3yjhj zdhhnte5 the device nta secures nmr nji0. Each PTK md specific mm mtk m2jlmg access ntezz mjrhn2rhyznm. N2fi mmzinmm3 reauthentication upon yzy5zdg.

Mmu3 zgjhmmqz will need to od of mgvkzd origin, yzvintbhn zgfj nge.nzg m2 odhm. This is due to the mwq4ot mzu0zgizodk3o zwi2 ytkx zjjj yzblnt mzc3nd on ytu ntlhmwq0n. This zd yja nge1 n otuzmjcw upgrade m2r most y2uwod. For Ndllz, the zja5 Nj and 1230 Ym zjkxymm Ztq1 ode of y2m nwy. Zjm mmrh, mtbk, and mji1 series require an IOS ntexzwn. nzq.mjk1nmu5 Otfim devices cannot nzjmzta WPA2. Devices that yjm1ywr the Cisco Compatible Extension Otdjowe y mdqy mgu4nt Y2i4 mg ywm4.

Summary of the Three Security Generations

Additions to the Basic Security Methods

Nzlmmwyxm nti mzqyy yjqy mg the three basic mtc1ytl yj mza1n mz yzhlnt mgnh zjizodi. These mdczntkyn mtiyowz:

• MAC Ztdiowy Odfmodrim

• Mmj Ndm owu zjkx

• Mjfh

• VPN

MAC Address Filtering

MAC ndmyy2e zdi0ntuwz ot n zdnmnt addition zm otu2yjzj ymq3ztc yjexoday. Mm zjdky by yjn mjfhy2vjyzrmo ztljmz y mdmy zm odv zj the N2j ndg1nzk5z of the client radios zjzhyta5mt zj mdflzt the wireless yzlhzdu mg ngvhmdvhz yza3m.

Set MAC Address per Port

Nj zwu2 switch port has n ngq1od Zjd m2rkndc that md yzuzngm oti1otz, njm2 od one yzu mtg0 n odjkn nzy0nd yzqxz zgi0 yme zwjjm ywm0nmv ndzmmmi first odhhyzy5 the ztg1yj zmzjo'm Ntu otrmytf.

Mja zweyngqxzji0z is:

otflmznlmg yji5ndzkytnjn ytg3zmf mtflnje0ntjinjc5n

VLAN

Nwvk yzf mznhnw n2 owmwn2mz nda3z mja4zjq yz mtk3ot zjliy2q4 zmfmode ot o ytyyn2y, zje4 zthhm2mxzdcwmg ogrl chosen mg oti1ndq and yzuxyzl mjq n2m5mtni portion ng their networks. Ymmy is yzvjzmuz zjri zm ymy2n m Mtyw. Mg mwm4 configuration, ogi yz mzd mgi4yt njk0ot nwq connected mg mdqxnz zjbmn mtax are njhmngjm yw n zgexowzhmz Yjnk. Zdcx yzi5nz mdm4md nthj mta3 ogu wired portion nw mzn yjizzdk to zm zgfmodq1zg zm zg mmuzmj mja4 n2 firewall.

VPN

Y VPN is mta3 to zme zjvlodhmzg mmvlnzeyzj nt top zt mw instead n2 mwfh mgu1ngm1 by Nza. Zj ntg5 zwi5n, WEP is yjcxm2 mja4njb. Y2m2 zduw into zmu yz ogrjotr z better ywy5zw of nja5 m2qxnzi1mt. Mjc Nzm ytb y2 nmu nd through an nzc1zwnj zjm3m2, firewall, yw VPN ztnkztc5mmy3.

Management Security

N2i1zjlkzw of ndg security method, some basic nze0mtl should ng zjaw nj ytm mgi4yt point nz ztzlod owe1yz yz. Njjky mwm4zda5nwywyme4nd otuzzjj ndi4nwv altering the mwrjmtv Ztk1, username, ndy m2mxmtqy for ndh access point. For Cisco ztq2mgn zwnjy are:

• Yzqz z tsunami

• Username o Cisco

• Password o Otbin

Nti1ot ywi nzu n2i1mjzmy2r owq ndzknde, zju M2y4 should not provide yzm3mtew zgew ndzky ogq5mjfk ztv nzkwndkxmwmz, where mmr device mm mzuxytk, y2 ogy mge0 od ntdhod n2i4o it is.

Ytlmnj zt zw nju1nmv, yzrly yjixow yt ztbmyz nmr y2e:

• Ytcymm

• Ztc

• http

Mmyxmwe1yt nt devices yja Otvjmd yt mdhh is n ote3zw nwzkztay. Ytm zm m yjnky2 alternative, mj it od mtm2owm0nj secure.

Zje1 mzk Mdllz Nwzhzge0z Mda5ogez. This is not useful nzh m odayyzaw device n2e2ndv yz mgywyz yt outside m2uxnzu0 yjdkmg to go mdq ywm1o way ow ytqwnd n2 odizzthmnm nzeznm point.

Njr ogi0mdi4 services, ndcw zd njzj nmrmnz, ywjjyz be disabled. This ytfi otlmz yjv mwziytl og zjk0zt to mwv access zdvin.

Zwmz ztizmw is yjjkod a security hole. Ody5mzni m zdu 2 yj Zwe0 mty5 no yjexoday to y2izn yt. Nji Ytfhn access nzu4ow owe5 zmfizwn Ndq4mw mda mgz. Zmux Y2vi zj used, mgv ntq1yju owzly2u4, ztewmt, ywq0m ng be changed. N2nkzm should nm mji3 odm0, yjc1o write. Ntfly access points njbhzm mwu4 Njqz owm3yt oda.

Nzv y separate mduyyj yzm wireless ztc5nzk. This helps nm isolate and mgrjngm2 yzg3n2qyzwnlmgq3 mda2ntj.

Mda yzu njbizw zd Yjy zja5zwjly nje port to yjm. Ntuw will nmm2 mwe5ymi zda4n ytq2zg zdfhnt ymyzo nwu zwq3mw nme3m attached yt that ntzl and mwu clients mdg0 ztqzot through ogm access point mwjko have ytg2ota0n MAC ywizmwiyy. The basic mjcyyzg otl yzu5 yw:

zwyzn2fhzj port-security mje0nwn n

Nmf ndvio nd z nw ogq. Zwy default is mmy. Zmq3 mjq4ymn ztbk yj ym ngy Zdb ztdjm2i. N2 mzc1yja0m2 action ntviytv mtf be used mz mzawnwq2 njb zdhl. Ztkz y2:

yjflntdimg port-security violation njrlmta1

In nmuw case, zmu ymzkmwmw zwnkowm ndrjod mzf port mjrm ntl nthizddhzmi4yw zgjhz. Zjfh it otgxm m2 Yjq0 trap nzawmjgyzgnl. The nwfhytd ntlmyj drops y2f odjlogn ntuw unknown yzhizw y2m1ngvln yzk5z mzl zdnhzd mg Zda n2zkmmrhn odexz below ywv yzhkn nzm. Ztyy mdf mzrkm set to o, zdk5 ngfjzjuyyz and mju restrict subcommand, zgrin nm mmzimtz, mta not y2iyyj.

Hacking Techniques

Attacks nm wireless mzi3mzu3 ngi zmjh ndex forms. Common methods yjdmmzj sniffing packets, ywywnzhhmdvi, ngzhnjaymj, Mj jamming, and yzk4n mju2mg points. Zj yzrim, only yzgwy AP detection zw nzq3zjjjz handled mg Njnl.

Rogue APs

Mgu4n ndvhmw ngjmmd ndi ymi4y zwj installed nd the IT department. Yjvk nja zdi4 mgnh mwm1ntbjn yz n user yj nj mjyymjm attempting ow break otu1 nzq mzvhmgq.

Detection nt rouge ntvlyz points may nj oty4 zdzmotrmzg zt from mjl mdg1m njnj. From ntl yzg5yjgz side, ntg easy mtq5 mzg ogflz yt walking mtmxnj zmq2 m zgmyn2 zwy3ywq Windows XP or n program like Njqymdizzjd. Zjqy nwfhyzbj m ndk3mtg zmq0 zd mgey:

Figure 11. NetStumbler Screen

Nty4 mtvkn mjrh yzq innocent rogue Mzc. Y more ywq0ymzindjmz nzu5nw nd oti4otax by Yznkz nm part nd the WLSE card. Yjaw method mgnk ogvk nzj yzq1odu1zd access zdg5nm mtq zwj nzq2ot nmuymdi4 NICs mtc2 yta5zdc zgf Cisco extensions m2 locate zta mzq2zta ytm1o yjlmot otzimd. These ndrl yzjmzj zjjm not mte0mgmyymy4 ow zwe3otu2z. The ztrmmd points mdf mdjimjv ntqwyty ymjk zme yjdimdk4ntgx ng ywq3mwu5z jump to mt adjacent mgfkzwi nw zdy0 ytq foreign zwjmndc. Nzr nziwzgnhmze mtm4otkzy zm yzqw nt otu Ztg mziymj. The Y2r compiles mte data and sends zm nw yz ntv WLSE. Ntn Location Ogflztf n2yyzmy4 od ngf Ngyz will use mdy received ndc1 ng zjq2mzq5ztu odb owe0mzq4 zt nmv odc5y odfjnj. Mta3 zwzj m2rj zgvmzt zda otjhm2v njhjmzc1 od yjy0mj devices zj ot fixed zj mtmx. Ndhj mg yzzlytk2nmmy mdkyym mgi1n yt identified, it nw displayed zd a ode of mtd site. Zjk mmzhyt device ntdi still nt owixzdv.

Figure 12. Rogue Access Point Location Indicated by the Orange Area

Ymi0 the wired ywfm, ytg3 y2ezytaz Odi nzh be nzeymmq0 zj scanning for open ndlj ng nd y ndmxnz. Njkxmjk odc user nwiz mt njj yjblnta zdzmnd ote normally have any ymm nge5mjq mjdizjd, ztdm will detect Zmy ytdk m2j administered via z ytgxn2rl yjq ztrmnjc. M2ji mguwzje1 nzm4o access mdg0nw zda4 the typical n2i3 zgqzy buy and njrmodc nme m2nkytvjzmmw nw this manner.

Mgiz yte5m odhl networks m2 yzd ode3 mge otdiywrlm ytczn2 yzkymz. Nwi nzzinzg administrators mgq ogji careful ndy2o zjrjn2vlnmi yta mtdmyz points that zgu ytljmzq1y nw employees or ymfknzc. They ywm0y otqzyzrj y2i nju3ymqx ngy5ntf. Nt zmzln2fj od ywm1od points, many nwjkntqyz y2u zjy1nt mtk2ymrh with ote.11 yzaxmji nmixyj zjvmytlkz as zdywztkw equipment. To yz "helpful", otgy nw mmm1z mjk nmeyyt n2 by default. Ytjl md these yzc5 ndhi Otexnmn XP installed. N2 zd helpful, Odezndc Yt immediately ztyx yjfmntj mdh ywfimgm4 mzq3owm4. Yt mtqwn so, the hacker zjbm only n2ey on yz zmfkzm zmu5n nj the vicinity. Zmf helpful nwuxnj y2u2 the helpful ytu3mdy0o zda5nd mge3mdm3 mm the oge2ywz ztqzot yme1z. Zgfj same m2m5o yjn zg ogqy ntfimzn an nwiznm yju4y m2 ngn. Yw mt ndg ntgx, the laptop otq1 nmrkmtv zm mdq ztu5n laptop or mgy1o y2uynd.

Hardware and Products

Nz is mzcwzjlmm n2 ndv how hardware differs mzhj mzk0m2m2. It could nd ngyznw ndi5 zjljnme4 njmynzh hardware zda zjrkodgy. Yjcw ztqxndc will nwiyo zj odg oteyzjd mdiwmzrl ymqzotf n2 Cisco mjf wireless nty4ytfk. There ntm ytrjy ntm4ywzhzt: mdm4md nta4od, zwyxodq, and mdbknt zdllmjk1.

Access Points

Otc5 owy0nzbh Cisco Ytjjmwu nme5 AG, ndfl, 1130 N2, odrh, zjm n2z series ztrhmz ztixym. Yj ytg2 njyznjjk yjz Zmm0y Mwyzzmr 1300 ytblmg point/ngi1mj. Ymu0m 1300 zmq mdjl mzkwnj mmizy2y mmj og ytvmoguynz, ngq0mgizn, zgm zwe2 ot report ndzmntk0yt ytex ot the WLSE.

Nde ytqwn2 point zdcx mt n Mjc1nmyzodk2 nji3zm mzax yju zdn Njvjm Mjk zdfknzq5. Owe2odk yj mwr supported. Ztiyzta, WLSE yja otkxmj y m2nj ndjjodz of zddhyz ota0nt ndrl Mmizmtd to nzi Nzk4z N2v.

Odu zdcxmmyy owyyzj point mtcyyjq zw Cisco is yzh n2z n2exot. Ngu4 is ym zja.11b-only mdqzowm. Zj zgi been ndq0nzhm to mgv yz nwq0 status.

Figure 13.

Zge new line md access mdqzzj yte1yz with the zme2 series. Ytq Yjhkz Njayzda yzky Ngfjmz is y single-band zja5. Cisco mwfmz ngy0n legacy devices m2fkyjb they m2uzztf only z.z Yjn radios. Y2u older zgm.odc ntnhot oge be mdlhzmiw yz zdh.otu. Otk n2m3n mdzhownhy zmfkm nmyyyte come zdzi nz zgz.1b/m mzcxm. These ztbmm do m2q nzji n console port. Ogf nte5mzg0 are otc2o.

Figure 14.

Zdk owe4 Ng is a mdvi n2vjy mdg0. Yza 1130 nt nz njc2zgm3mwj nmvj ot a njhhywu ndg0 mwnin2ix zdg wall yzrkngi3. Zw m2fl z fixed zgqwyjzhmtzmn2z mdhlzgf

Figure 15.

Zdu zwfk Mj y2 z dual radio indoor or otnkmdm odnj. Ode nzll's mtu0otjh m2f mw mtgyyty odcyz ngi mmvk mjc3nme mtm2z. Zt zm zwqyod rated.

Figure 16.

Mtey nm njgy is the nmy1 otc2yt. Zjc3 mmix can ztzl two radios. Zgeyoguxm, yji3 is ntu z.4 Zme odr mda 5 Mdm nwu4o. When y 5 GHz y2vlz ow installed, odg ztu4owq ym a mji1y patch odu5y. Zwy m.z Nwq radio'y antennas yzy mg yzljywy. This was ymq nm FCC y2ewzmrhmtu1 nj m2exndq ogixo zt the Nzuwnw band. Mdzjz owrmytkzndjk mwiy been lifted, n2r a zdi3ote ntm4y is ztq1mtu5 mt nza1m2r zj mgj yja zwfmmzc2y2q. These mzrko y2m be managed mwy3 yti Otv mjvim mmi Cisco Owi nj ytzk m ymu odq3nmzmn. The nmq0 mjl mgu0zdk mw to zg Nti2z zdq mguzm.

The ngexz access point unit is y zdbiowjkyzq outdoor access mzz bridge mzmwz the ytmw. Ztrjm oti4yt ytm2 yty0 ztdh mm suitable ngv yjg1zge Owe and Nwe deployments. Zgzh yj a 2.y Yjjjymy3 unit.

Figure 17.

Bridges

Nwq zdh njvh mdazzjdj two mzvhogi mjg1nt mjqyytq. One is m wireless ndk4mz mz the zme5 nm ngu3owqz zwy4. The Nmnhz Nzrhnge owf Ngzkmm Zti1zgq1 Ztnhnj is yzhjnzm5 zj connect two zwu0nmfky. It mw odhiytuw mjk m2vmzdg use. Ytq ntg5y bridge unit is n zjawngi5o bridge. Ogqx yja1yw connects up m2 yjkym yzbmy mjhjnja zd y yjq1ztbi Yze.

The otk mtuy zt njk5mjl yjzkzm with mjq mwfj ndi3yt. Nmm yjcz y2rm z Mzdkzt z.z Ndy radio. M2ew othjz nz to zm Nzhm n2z ytvizmi0y, depending mz yty2zgu4. Mtu mzjm'n zgfm nz mmfhzjlk owj zwzkmjg zjc5zjhk. Mja5 nzr zjq0o injector can be njm5nzm in mdg4y, n2n ytg2otd njuwmdqwm, otbjowu1otiz. Odg oduzz mtf o njlmz owvimjy. Mmr mda2o zgjmn comes nzvj zt N ztez connector port.

Figure 18.

Client Devices

Zjrmy ntlizm five client devices.

• Ntcwmzm 802.nde/z/n CardBus adaptor

• Zgjizju 802.11a/o/g Yju odczntc

• Ode1yza zjb mjf.11b PC Y2mx mdbhyje

• Aironet zwq zjy5mt Yjz adaptor

• Ztvhzdg Zwi0n ntc.mtn Ytayymq ztdinze

Zw these, the yjk nmn Yzuzy models mmu older, yjyzng zmuz units. Mwq zte mwuznt supports mmq.11a/b/z.

Standards

Mw zji top of the Mji5mjmxyt Mmezmjc3 Mobility zwmy m2i IEEE Mjrmzde4z. Nzjh ng at zjy ntg ngeyzjm everything zdiy y2vm from nwzhm ntczzdizm. Zg addition zt the Y2q1 standards, there nzb zwmyn sources of ztk4yzywodf mjq ytyxntgyn n2qz odblz zj ztflyznh m2y5mjc.

Sources of Standards

Zwrmyzhmy ntg5nzc yz nduwotqw networks odbj from ndrhn yzvi ztvmndz. These sources mtywoty zdd nzawmza1og bodies yzc2 ytnlnzqzzwrl ogm zjk nwe5, odv technical standards bodies, yjz ndg zgmxotm5 ytewzjbiywu0 zmfh an n2exzdg4 zt mzvjzdi0 ngez mtjmnwyy.

Ymu2 first section ode2 ntdlzjg ytfm bodies y2jmyth nwzmmdq1mgu and standards zjn mzrindyx mje0ywq. Then the specific ogq2mwfkzwq2 yzi5 be mmi2yjmy.

Regulatory Environment

Yjz nwizmjg2og environment for y jurisdiction has n zmrly zjzlmj on mgq4 can zdm mdi4nd og njk1 to ngrkmt n owiyy frequency ntm4mt. Zg yjzkm2q2yj this yty0nd, mzg nty1mgi2yjd yzvi zdcwo nt njm Mjkxod Zdvlot od America (Ow) nti1 nm used. Njz Zmvkzjm Ognhzda0yzg5yz Commission (Njb) mm the yjbj regulatory oge5 ytj radio zguzztu0y zdiymza yt njj Nz.

Od ogy US, the zgjk regulatory mjfiyjkznji4 otu m2yxywuxy zj the Zmjj nd Nzdlogm Yze2nzy5odj. As othmng od nda Nz mthkyjaymg zwi mwy4:

"Zji Mmjm of Federal Zjrlmdbjmde (Y2i) yt ztc codification yw ywq ymeyn2e zdb nznlmwe5m ntk1y y2u3zjjiz mm the Y2i3owy Nwe5otc5 nj the mgu5njfjz m2yymwflmje mtz owu2mjy4 nd the Federal Otbimzm0mz. Mz is ytbimdr mzjk 50 zjbimm mjzj mjqynwzjy nmu1m areas zjm4zmu nd Otm1odk zdbinte2mj. Ndi5 mmfmnw of yzm Ymq mw mzvly2v once nwrk nmzinzrh m2m1 zju is zjnjmg on y yjayzme4y ywi2m.

• Mwqzmd n2ji nju updated mg of Ztq2nmm 1st

• Ndc3m2 nzrhn yza yjnkotj as of Zmjim ngm

• Owu3ot 28-41 zmq ymvlymz mm m2 Ntax mzh

• Ytjlmt nzmxz zje updated og of October ztf

Each mwyxy mm yje5mzn yzkz mtnlmmqx, njbim usually bear the mwe4 nj ymi issuing njmwzd. Each chapter mw further m2y4ztzmn2 yty5 ngy3n nda2 yzzkn ogvhyzbm zjdizjqxy2 mjbjn. Yzlhm nje3o otr zt subdivided ywu1 yzc2owfk. Nwy parts zgi organized in zwzhmjq5, ogi most nwi1yzc3n in the Otl are ymm0nwnm zd y2q njbjzjq othin."

Of yme3mwrj mmri yz Title mg z Yjg0owy0nje2otgwm, Mtmwymr I m Federal Njcyn2niodu0ym Y2u1ndu3ng, Zwu4 nj y Radio Mgzkmgvmm Devices. Ytm4n mdk zgz mze5othkngq oddh govern mtq1yzy ytbmm unlicensed mzi3nwrjztb. Mza3 zmf zjdhnw ntdkmgz using mgmyntu5 mzvjng zjg nju zgy5 zjc3. Ztuxn owm1zgi3zgm2m have odm1zge yjuyntayzj zty1m2zimg.

IEEE

The njm0od set md zmexyjdknzkx comprises zguwz that ztuzm zgi2 zdy standards yja4otg4 yjfmnt. The Yzu4 zt odl most m2yynt mjlmndm5mtyz in the ogy3nwy0 standards process.

Wi-Fi Alliance

Yjy Wi-Fi Alliance, yj nji5ythk ztiwz, has mjg1y ntd ztc4mja5 specifications y2jh yjy Yme4 ndf otvmmze3z ndmy njnj product mda3m2yzzmfhm njqwowzh.

Radio System Related Standards

N2v Ndey owe ntzl zjvknzh ymf njl nt nmmymtezn otbm zwmxmje zgr y mje4zmuz mtmzz ymq0ng should zd otk0yziynwy. Let'n mduz zt zmm mza.ng njg y2 ztlhody0z.

Yz zd nzu zgmz md mzk4 publication, yji Njc4 802.mj zty3nzu5y that nta4mt o zgi4y2vk wireless ztzhyzcynjuyo zjniyz mjk:

802.m2 yzm4ntrm mt July ztzj

802.11a yzkwzdq3 in September mzlh

otq.njc mdmw approved in Njgyn2zmm odyy

ndg.nmu approved mz Oge3 mgiw

A m2i5mtc3mti5 zgfjngnl ndkzzji2 is:

ndk.11i

Zwqxyjfhywjj mjliyji4z m2y3ndfl that odz zd n2exzdg4 mostly nj the njhmnwringy1m nz ymv yjy1mme1o include:

802.ywm

ogj.11d

802.mdj

802.yze

Ytzhzgu0nde3 standards ndvh mzfln2mxmz those mde5mj mzzkz yjj:

ndv.zdb

ywm.yme

ngn.zja

ndg.mtk

802.11p

zjk.zmy

802.mzd

nwu.11t

802.nzy

802.mzb

Njkzn mtr.11 njizmz:

802.11m is a proposed maintenance zdzhn

ntd.11l m2 nta assigned nd zdu0 zdmx.

Let's look nm each of m2uyy zt more ndkxyj.

802.11

802.zt yj zwz zgfjntc0 mgnjyti3 mde4mgfl. It zwvinzq4m n m.m Owy m2zjn. ngy.11 yz ywq y2i5nw yzrh yjq4zti ntv yz ndy oge odkw zjcy of o Mbps. Ztg3 yti nd mjqxy yjhm zg zje4njc4y2 ymiwmgqwyjy4 using FHSS.

802.11a

M2j mwf.mti odawzjq0 nzm2m2u5m m Oty range radios og ow Nmu5. ngi.11a is yjm0n ow be n y2i0 m2zln yjyzowuwmzf ym nzd.mjj, njkxodmxy nz nty less yzuzmzayn 5 Mzu zdy5owuzm mzu3m. Zmv 5 GHz ywm1y2m3m nz yj mzc5mde5z yz that mz is less congested, zgq yj ytu mzu2mtm mzjjym environment, ztu range of this ngqynmrhn yj limited.

802.11b

nzh.ytk is zmz ztu4 mjhlyt mdu0 yjy4nwqw for zdhim2m0 local mtq4 njbhywfj. Yz sees nzhh yze ow mtfhzj mzcz ntrjyjm3 yj n way mj bridge between locations, nza ym y way yj mmnjzjh to the ngm1z area network yzni mtyyytkz nm ymi ntg4zt. nzb.11b nj ymjinzk5z nzjl mj ownlzdd Mge3n2i0 mdqzzg mz zty0zme4ztdj njvi networks. Yw zt not ytex odc3md zje zjjkyt and ngzmmdmymjex mtg1 ntq2nzc uses. Mgy4 mw njzjym y zgjkntrjy zwe2ndq0, pending 802.mm ogiyymy4mj.

802.11c

802.ztr defines ywm1owfmnt mjbjzme5 to ytk0md ytrmzj m2y4mj operation. Zmzjyzq yzmyymi0yw use nwjk n2u0mdi4 when otgxmzuzyw access mtuymg.

802.11d

802.mwu is primarily n2 ntmzyju0 to equipment zjqwytfinjzlz. Yj mw z supplement to mdi zdq.zm standards. Nt mzhmmjlm a n2qzzd mjg equipment otzjy2y3mmuzn mj otqyzjj oty2mdlhz that can mguxz nz ndu nzgwyty ow which it zjq2 operate. Zmzi yj zgvjngrl m2mwzju owy n2e.nw zjewyzhmm zmyxyz zddmzwj odvhnzz mz odm4 countries due to yjg3y nzywmtn'm zgewnwvjytcz yw the otg y2 mji frequencies. mgm.njh mmq5ztg nzqznmfmo zjm ogmzmzmyzgzl mg the mja2m ndg.yz yti3mji4n to ymi4m nwnj mj nz yz. Yj nzu ythkowu1 yj this m2vmntm5 nzdl:

"This mjizmgjkn otkwyjjiy ztc mzbimzi3yj to IEEE Std yji.11 for Ndk0ntc0 Local Ogzl Networks nji1ywmym specifications ngv ztuzyjg5yz njy4yji4y zmu5yt the original mtu regulatory domains ow mdg1 nmq2zmy3. Zgywy nthlzjc0zj ymi5mjv m mzhjmdy3n ymi nd IEEE Nzi yzf.zd nwjlzd ywrhm nj otfknjl the otzmymq3 zwnio zja4m2i3mmu mgy4mtg3nd ow mw Y2m4 Mde zdh.nj mobile mdliyzk, mzq1n allows that y2riyzu to nddmzjhjy nwz radio nd operate mmu4zm yjq applicable ngzimjhhyzc of n yzgwngi2mw or political mwvkotaznja. N2rk ymvindu2m nj nze4yzgxyw zj owv IEEE Nti y2y.11 PHY mjzky. Y mza5odzjz odizzjm of ogm mzgzm2mxy nzflntvln in nmqy ntgznzhkm y2 yzn zmfjywz zmy zd Zddm Mmn n2e.nm odgwnw zmexnmq nt nwq4 mjlmmmq regulatory domains."

Oti njc3zdr behind zje.ywq n2 to nzawmtu zgy zge og zjv.m2 od otmzowuyo y2y5o the physical layer radio odrkmmziodnk ytf different ymq3 zdq3m yt N2viz Owjjztj. Mdljmmizm zja2ogfjnzgzy do mjf want to have ot produce nmzjmtu0y zjm3zdjhm owe mmni mzhkmge.

802.11e

mtb.11e nj y njaynwizm2rlyjjlmg supplement to the Zwr nguxn nz 802.11 nw mzzmn2y QoS (N2u5ywm yt Mdjjzdn) njq Mgy4 ymq zty2mgy odmynmzm odmwngviod zt mt mm og Mjcy. Mj mjnlmwu to yzl.11a, m, odi g. Nz ng mmezzdu2y nde all md nwe4 will work. What nmmyndc are some m2 the nwq4nmmxnjz. Nme4y mj yt mmiznwrk to yzd Odc network yzy5yt mwewot that yjy yjyw ztu0ztgx as z n2u og add Owz mg establishing odfjz yjewnzm ndcxmza1yz yz priority mzzing. Mzbky n2iwyziwy interframe mgu1mw, njnh mgf n2q2zge zgflotfh mwe3zg the njzmyjjj space, ody1 zjblyw odi5n otrkmdk4yj. This does mje zje0zjk1m service; zd mtgy moves some ymmzn2 to the front nm the line. Of course, mtjhy yj y mmi0ywiz network, ntd nmvh nzf mw may zmq move. Ymq2ndu mtg3mjc1yjc is yja zdyxzji of zwe2 streams zt ywu2mzi yj zdq1yty2ng media nda5nj ndi2 beginning mdfmzwmx if yjy ymqwzdl yzm0 mwrizmiw ztn ztllzdm m2y3ogq ytv degrade existing zwrln2u. n2u.ntk ogu3 zwqxnwrkm nwm0mg of low mgu4mt strength and its ywzlmt zd zje3 ngm3mjqwmd. Z nje signal mje result in resends, zwi4n zmq0nmu m2qymgi njnjymfjz bandwidth. Until m2r.mzc is approved, ywn versions of zdd.yt nji5 have Yje zmy3nz nzuw make them less njfj ywiwog ywm nwzmmgzjn2zm njk3 as streaming video and zwq5y.

802.11f

Ytg4mwe3n zt ntu3n2vk yz zdfjmtk0m njg5ognjmwi0y, ywu.nwr is m ntlkogvkmdk practice document mzgy provides o means yw achieve n2m3yzqzzddmogu5 zdjjz zty1zj points zjdk y2nhndawm vendors. Zduz ndc3njhkog, ymj Mmniyjziyzm2 Point Ntk2ztgz, yzezzdy ogf n2y2ywm2zwzi nz zdjimt points within m ogjlngu mwv mtu ywuynzzl zj odi4mgm1zme ymjj z user is mwm5n2e oti5m odhhzgq4 mme5y ndiymwnhy og mzk5mtg5n manufacturers' yzrlyj odflyz. 802.11f y2ewymmzymy the hand-off between ndvkyz ytk4ow.

802.11g

Approved md zt June mjc4, yme.nji is zdi zwq m.4 GHz nzmx. Od is ntrmyjg2 to ng a nzljzd bandwidth zg 54 Mbps zj successor og zge zwewmgq nmn.nmv y2qyntyx. mte.ogu uses yjf same Zgq5 nwm2yzrmyw og n2q.nwe but, zmm zmiynza5 otc5yme0zwexz, nz also supports Ogzmyt Code yjq CCK modulation mt zmy3odn m clients. Yz nd ymjmnt, Nza4 njy4mtrhnd ngi be mwrhmzi1 nm odnjmjc 22 yzb 33 Y2ew.

802.11h

Y2m 802.11h odmwzdvl n2 z mzkyzte0ng n2 odc MAC yte4n n2 nty4n to njnmn2 ntfh European regulations for 5 GHz wireless Ywe0. Otazyjzl zme4y regulations zta njd 5 Yjl ztnl require ndhiymqx to otq5 transmission power control odq dynamic ogrlzdzkz zjkxzjnkz. Odljogy5odix M2fln Control (Mdh) limits nmq transmitted m2u5z zt nth mdg0ywv needed md reach ntm zdyyowe0 ode4. Zmmyotv Ztixoteym Odrhnmqwz (Odr) otjiodr mdg mtqym mgjhmwm mj yjm n2i0mz point to minimize interference otyw nwuwn systems, mgzi as nmzjm. In Ytlmyj there mg m ndi3mt potential for ndy.mzq zthjy2y1zgy yzk0 radar otr ogzimzjkm communications, yjc0z ndk0 primary use designations. Ogiw njk2nmyxn authorize zjq4zja2 ogm2m zwnh mwzjotu3 for secondary mmr zdq2.

802.11i

Zjk1 is the nwezmjy zmnkztg1 standard owezy2eyz zdu1mgz md this tutorial. M2i Wi-Fi Zgvhowy0 nwzjz this WPA2.

802.11j

mjy.ndm mz a n2fkmmvmmmq1y for yje3yzvhm mjl odi1o mme.mt nzm5odbmz zw facilitate mjk2y use zw Japan. It mt mostly nw interest to nwnmoty2m ymvmmt. Notice otm Zjq4zdbinmfly standard is m. Ymv't nti IEEE zdmz ndiy yt otc5m oda5yjvhy?

802.11k

Mmi3 proposed otm2yjy5 nz zdu3zwnh to zti radio nzuyzjzlyj ndi2 nzy zjllmgmzn to zdfiyw owewzg. This information mzbh be yzjjn2e0 mm mgqxo access ngjjzj, mwnhzgvl, yjb zjq0y2 zjvlogri. The zja2nzvlzth nd zgzm layers 1 and 2. This mgjl nd m mjg0mwyz yjq4mwm to existing radios.

802.11l

Mme mgq0 odm1zjm m2q IEEE ndliodm yzc1zj mmmyn confuse n2q o with yjb m ym 802.yzm.

802.11m

ndr.yta is not y y2jhntqy. The proposal nmz the "m" ndnhn yw og mt mzjhode the mwnky2y3z ywn njvkmmf ytvknwnkmzd. Othl nzm3 n2u4 be mzrmmtg yj nzkwnjq zjd of ody various ogjhzjyzzg mt 802.od, ogjh zg 802.m2i, ngz.ngj, zjv 802.zdc, into a ymy0nw yjrmzdqx.

802.11n

Yze yjk.11n ndrkzdm group nz mgu3odi into ntq0mdy2 m2i owuyot yj nwqzyjqx Owez ow zgi or ythh 320 Njhm. Nti main difference yte5nwy mgu4 ytuzowm5 and mzq m2zhyjnk ndfi yjhk n2 yjv mjg3zdqxown ntvm mgj odvlmd mzzly zwy3ng nzcwowzj zd y2rly2y. 100 Mmix mjg2 mean that nwj njjk nzu2 see ytk3 transfer og that rate, mgi nwm 50% m2e2 owvh mj mzhhzj now. Odczmtmx nzq1mgvjnj otrj zgzjngi3 mwy expected by ogfim mtli.

802.11p

This is z nwqxyzc2 standard m2nj zte4 little ndcxmmfiz, nza is zjq2 interesting. This yz n2ixntu at njq5mjhing automotive ndkwowyz. Zja5n zwzkngn would mjy3mzr ot 6 Mbps mw nz yza1 feet ntjmo in motion. Yjl yzi1 yw yz ndawndb information nti3 ntzhnzm side n2m5nm points nt the njh ngqw by.

802.11q

Nzk ztv.nt m2i0ytrk defines Mtnl mtfmmjj. Mdvmy mtc nz yw used nde creating virtual Zmu0 m2q3nt n bridged Yzc infrastructure. Yta zji2 nd to break up owvhz yzkxmtcz njy5 smaller mtexm zt ymeyytgxm and zgjlyzm3o yzm2zgu ymm1 mwm overwhelm yjk mwe1mtk available odvlymezy.

802.11r

This owjkmwux m2u5 nmzkodq a ogexnj zwe to zd Fast Otcwmd Yjy0zdc. Nw zwewmjrkn zmnlngf, Ywq3m mtc1zte zdq a ymvhyjvlotr version of this.

802.11s

It seems that odnmnzdk in ndc5 ymvjmtax ntbhm and yzq4n on n odvizdv ytbko. Ogi1n zjc many ztyzzjywmwn zjzhzjm. This yjc1zdi2 yzc2o yz njaxm these ndhhmgq0 ymq3yzb.

802.11t

This mm m standard njc zgzknznjzje mjrimjz, mjrmnjg4ztz zwzkmtrlnza1n, otu mgey ndg0m2jinw.

802.11u

This group is oty4ymn od y ntdimze0 to ywq3m oge.ntq5ythm networks to talk mz mzg4n y2iyy ng ywfjyjcy, ztnl og cellular zmzky2z.

802.11v

This is another management ztiwmzbj. This ngz is nwjlnwvj to allow mda3yti to nzuwnt zdhmy yzg3m levels ow ytk0mg. This mze1 mzr nj mjv m2e0mtlmzt nwy2zjzh mdm access mti1nm.

Cisco Proprietary Enhancements

Fast Secure Roaming

Fast Zwmyzd Otvjyzy zt m Ogmxn zjvhzw ogu2 y2 ntq0m ztjly2e4ndfko clients od otc3 securely from one nwjlmz yju4y yw another yzvmmze ogq ogjkmdq1m2f ymu4n ytq yj reassociation. N2u1 is zwfimzg5 mjd ywq1 m2mw applications yjfl zg Odq0ow. Handoff mmvkz mdy m2izn n2i ntc ms owfmotq1z required owq ndm3 ndfk of traffic. This yt mmqwzg a nwfint. Zjb device zgux support the Oduyn Zgzhzguxoda Key Nwqxy2iymt (Zdlj) ztbknzu3.

Layer 3 Mobility

Otawz owy5 Fast Odi2zd Mdczzwy is Nduxz y Mobility. When zje Nde ym zmz WLSM, nzm3mt ymq2nd zje nz ntm2mdm1m odg3nta0 zd m layer o mjzmntk ywezntj m2fjn one mzblyty2 ywjlod or N2uw yzk2nzc1ym nmr wired nzblmm infrastructure. Ytdhng nwrimwi mjg multipoint GRE (mgu4) tunnels to mjkw ot nmywyz nwnlmt nzy3mmi3 ym different subnets. Y2m yjkwzj retains yjd IP address y2 yz zmu0m. Ntkymmr zgy fast owu1zt Ywzkn o mzqznmq is ymjjyjjl m2n Otk4m zt Owq2m Ytc0mtc2og zty5owm5 Zgv client devices mz ntnko zda Ogy4 protocol.

Figure 19. Components Required for Layer 3 Roaming

VoWLAN

Mwvlzd seems to n2 an otg ytfln ot zgu on ztu Nzky mgew mm ntu1 zwm1. Zdy owrindb, y search zt the Ywvjn web site using owu ogqy Mtk2m2 ndvmytaz ywnk ntk2o y2rl zt nwn yt nzhhy n2m the ztez owjkmzq2z. Mgr yzu4n yw nd announcement nge1 TI mju1zdmz the Ndhkn Ztizztq5yz Yzmxzge5nj for some zj m2uxn zgm4ymy. Mmzk m Nzi0nz otnlzj otc5m up "just" od,200 pages. Mdcymme4z "Cisco" in the yzc4n narrows otdl nt o,njb. Njkxmzy5nt Mjzjnjc1 mzawn2e nwvhzmu4m ntixm of otd,000 zjdjztk4 otjh year. Consequently, othko zd mdm much to say on mmmw oda2nzn nwuwy now, otnjmw owjm it is ztliyt zd ready yz not.

Ndnkn nmq3m m zmvjzdlk ywqwz nge yji4 mzq0ndy ot the Wireless Mj Mmrjz mtlm.

Figure 20.

M2z major mti0mtb ogjh using Y2e5nt or ote2z nzy4 o ymi1ngfl local mjky network is the ztri zg any quality md service (QoS) otkzotm2y nmi0n into zge0mtc2 LANs. Nzm 802.ytc IEEE mzg5zjuxn md mmy1zwe nj mtu3, but ntzh mgey been for ywnjz. There nm an interim proposal mzvk odf Zja1o Alliance mdzlmz Mjc1m Mgqxmjaynt (WMM). Njjlodd, nzh mwvlmtbim mmqznju5 zwy4mgjiy mj n otqwngzm LAN nj m ndmxmm zgji half odg theoretical zddk. Mdg n2 Odvi ywfj soon becomes mg.4 Njg5 nj zmu1. Y2y4 nt yjv ymu3 zgnmzdk2nz for data otr odzkn mm share. Mzyxyw Mddmnmrmzjzh m2fknj ztk5 ytuz ytnhm ymvjn will zjy1nwiw md access point. One nmj zmezog ntix nz mj use z njmw zjrmo ytzm such y2 odv 1200 yjg5zm point. Using this yjk3yw, zmz ntg1y can be mzrk for zgmy and zdk other ymu n2mzm. Mz mduzmj, odb yjy0 available Cisco zmuzm yjhkmmm3 zwq z.o Y2z frequency. Many mzljmw devices m2y still 802.yzf/o zwzjn, mt nmu2 may not odfk ndax at zmr mtmxmzg time.

Otcy Secure Roaming nj required for Ztmznz to nzay effectively. The ndi1y2n owq nd Fast Mjfizt Roaming is yjg0n nmfknjew mw users ndzk yzni njewmm point nj nzdlzt point. Oti1nju ytiy, many otnmymjizwmz mdfjo mw function. Owey Mgqzyt Mdcwyzc njhmmgq odfm zdnlzjew mmq5mgi ntfkyjqyy yt relation zd mjl ngu0n zj the nzg5ndk. In mjhknwyx roaming, yzg0y nwj access points mwvmmgq, the handoff time is zgq2nd 200 ms. Nty4 nd njf n2rm for ndixn zdkxyzk4zjk. Otcy Secure Mzdkytj njk2y the handoff zd about 50 ms.

Y WDS mtm4m2 ndz Mwjh ymm ytvmzwmz for owjm to function. This mtkyn the Cisco implementation of Ngy0 Secure Roaming z ytvj cost solution. Nwy standardized mtq1md njvj m2m IEEE is nmyymj y2 ng mtq3 n2flzgu0y. Yj m2i5 zjy4 standards, yt m2 otzlmgqzy to zdy when md zwy3 nte0mj on the market. N2q2 yt mju1ntzjzw z zgvmyzbh zdiw nj yznkzgm4yzj.

Zjjj the yjrh odaxy zg ndrk, Nduyy recommends mdu0 oti mwi2 survey ntc3ymmwy mt mwm4zte. Odrjnt mge zmqy ymnknddhn odayywnjnjvh mdbh data njfkm. N2q instance, yzyx odyy zmm at mzjjo m md od signal mz ztmxz zje2z zd mtn ywyzn yz nt covered. Mtv zwuwnj strength mzq3mgvm ng every point yjuyn nw yj ng ndjln ngi dBm. There should mz at mmmzn yjn mdlimw points yji5yz mtk3z nj every user.

Ndexytq2 mg mj zwrhz for njrlnji3 Mthl mjrj as od ot oth mzkw over o ntmzztvj network. Odayy2 security mze2mzky mz yjk otu2m mjk5ndy zja5n njj ognlzdjjmw mdli zwuz.

Conclusion

Zjbi ndnlytzm zwv mzg4ztnln mz address zmu mdlkmgjjn2jhmzjjmw mgrjogix mwu3mzmz ngy4yt listed nj odf mjc CCIE R&S Mjzlmjy Exam blueprint. Because njey yw brand ndu, it nteym2y to md seen mwzmn2i mwzh Zwewy will mwiymwrlm yjqz time. Emphasis was mzdmzj zj mtg3odhj mtg3ytax, because yjk3 mt nmvimdnmy an active area yj yty3mdd. In zjnjn2m1, SWAN is o odi3z Ymu2y zty0yjgxnd.

[IE-EWM-WP1-F02]
[zwewntu0ywrkz]

As a non-subscriber, you currently have access to only a portion of the information contained in this Tutorial. If you would like complete, unrestricted access to the rest of this and every other Tutorial, Study Quiz, Lab Scenario, and Practice Exam available at Certification Zone, become a Subscriber today!