Wireless LAN DESY Zeuthen 15 10 02 I
- Slides: 52
Wireless LAN @ DESY Zeuthen 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 1
Wireless LAN at DESY Zeuthen Agenda • • • 15. 10. 02 Applications (IEEE 802. 11) Wireless Technologies and Standards Components and Features Wireless LAN & Security WLAN ínstallation at DESY Zeuthen I. Meier: WLAN at DESY Zeuthen 2
Applications (IEEE 802. 11) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 3
Wireless Connections Router Ethernet HUB 15. 10. 02 Router Access Point 10 Mbps shared bandwidth 11 Mbps shared bandwidth CSMA/CD CSMA/CA I. Meier: WLAN at DESY Zeuthen 4
Mobile Office Internet Ø Home Office Ø Head Office Ø Branch Office Ø Airports Ø Convention Center Ø Hotels Ø Industries Ø Education Ø. . . 15. 10. 02 I. Meier: WLAN at DESY Zeuthen Hot Spots IP anywhere anytime 5
15. 10. 02 I. Meier: WLAN at DESY Zeuthen 6
Why Wireless LAN Ø Office mobility Ø Common areas, meeting rooms Ø Temporary offices Ø Office expansion Ø Quick installation Ø Cost effective alternative § Minimale infrastructure costs § Flexible growth 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 7
Wireless Technologies and Standards 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 8
Wireless Technologies • Wireless Personal Area Network IEEE 802. 15 (100 m) Bluetooth (10 m) Home. RF 1. 2 (100 m) Home. RF 2. 0 (100 m) Bandwidth: 0. 8 - 10 Mbps • Wireless Local Area Network IEEE 802. 11 (100 m) 802. 11 b 802. 11 a 802. 11 g Hiper. LAN-1 Hiper. LAN-2 Bandwidth: 1 – 54 (100) Mbps • Wide Area Network (GSM, GPRS: 2 km, UMTS: 1 km) GSM (9. 6 kbps) GPRS (14. 4 – 115 kbps) CDMA UMTS (14. 4 kbps – 2 Mbps) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 9
802. 11 Task Group Outline • • 802. 11 a 802. 11 b 802. 11 d 802. 11 e 802. 11 f 802. 11 g 802. 11 h • 802. 11 i • 802. 11 j 15. 10. 02 54 Mbps, 5 GHz (PHY for UNII), ratified in 1999 11 Mbps, 2. 4 GHz, ratified in 1999 additional regulatory domains MAC Enhancements, Quality of Service (Draft 4. 0) Inter Access Point Protocol (IAPP) (Draft 4. 0) higher datarate (> 20 Mbps), 2. 4 GHz (Draft 3. 0) Managed Spectrum for 802. 11 a, Dynamic Channel Selection and Transmit Power Control Mechanisms Authentication and Security 802. 11 a/Hiper. LAN Internetworking I. Meier: WLAN at DESY Zeuthen 10
802. 11 Task Group Outline Layer 3 and higher 802. 11 f 802. 11 WLAN Media Access Control (MAC) and Physical Layer (PHY) Specifications (1997, 1999) Inter Access Point Protocol MAC layer extensions 802. 11 d 802. 11 e 802. 11 i Regulatory Domains Quality of Service Security Extensions 2. 4 GHz PHYs 802. 11 b Physical Layer 2. 4 GHz, 11 Mbps 802. 11 g Physical Layer 2. 4 GHz, 54 Mbps 5 GHz PHYs 802. 11 a Highspeed Physical Layer, 5 GHz 15. 10. 02 802. 11 h Spectrum Managed 802. 11 a (DFS/TCP) I. Meier: WLAN at DESY Zeuthen 802. 11 j 802. 11 a/Hiperlan Internetworking 11
Wireless LAN Standards IEEE 802. 11 1 or 2 Mbps 2. 4 GHz IEEE WLAN IEEE 802. 11 b 1, 2, 5. 5, 11 Mbps (22+ Mbps in future) 2. 4 GHz IEEE WLAN IEEE 802. 11 g 1 – 54 Mbps 2. 4 GHz IEEE WLAN IEEE 802. 11 a 1 – 54 Mbps (100 Mbps in future) 5 GHz IEEE WLAN Hiper. LAN-1 24 Mbps 5. 2 GHz ETSI WLAN Hiper. LAN-2 20 - 54 Mbps 5. 2 GHz ETSI WLAN -- ATM Home. RF 1. 2 0. 8 or 1. 6 Mbps 2. 4 GHz Home. RF home Home. RF 2. 0 0. 8, 1. 6, 5, 10 Mbps 2. 4 GHz Home. RF home Bluetooth 1 Mbps 2. 4 GHz Bluetooth SIG personal 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 12
5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a 5 GHz UNII – Unlicensed National Information Infrastructure (USA) IEEE 802. 11 a 1 W 250 m. W 5. 000 5. 100 5. 200 5. 300 5. 400 5. 500 5. 600 5. 700 5. 800 5. 900 6. 000 GHz Aeronautical Satellite Radar, Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 13
5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a 5 GHz Spectrum Europe Hiper. LAN 1 W 200 m. W Indoor/Outdoor Indoor ISM 25 m. W 5. 000 5. 100 5. 200 5. 300 5. 400 5. 500 5. 600 5. 700 5. 800 5. 900 6. 000 GHz Aeronautical Satellite Radar, Space Aeron. Radionavigation, Radiolocation, Navigation FSS Research Navigation Maritime Navig. Amateur 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 14
5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a • Hiper. LAN – – 15. 10. 02 ETSI (European Telecommunications Standards Institute) standard Ratified in 1996 Hiper. LAN-1 5 GHz radio band up to 24 Mbps Hiper. LAN-2 5 GHz radio band up to 54 Mbps connection-oriented protocol for sharing access among end-user devices I. Meier: WLAN at DESY Zeuthen 15
5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a • IEEE 802. 11 a – 5 GHz radio band up to 54 Mbps (100 Mbps in future) – Orthogonal Frequency-Division Multiplexing (OFDM) – 3 UNII bands per 100 MHz bandwidth and 4 nonoverlapping channels of 20 MHz – each 20 MHz channel comprises 52 300 -k. Hz-wide subchannels – 48 subchannels for data transmission, 4 subchannels for error correction – UNII-1: 15. 10. 02 5. 15 -5. 25 GHz frequency range maximum transmit power: 50 m. W maximum antenna gain: 6 d. Bi only indoors I. Meier: WLAN at DESY Zeuthen 16
5 GHz Frequence Band – Hiper. LAN & IEEE 802. 11 a – UNII-2: 5. 25 -5. 35 GHz frequency range maximum transmit power: 250 m. W removeable antennas possible maximum antenna gain: 6 d. Bi indoors and outdoors – UNII-3: 5. 725 -5. 825 GHz frequency range maximum transmit power: 1 W removeable antennas maximum antenna gain: 23 d. Bi for point-to-point installations 6 d. Bi for point-to-multipoint inst. only outdoors 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 17
Hiper. LAN – IEEE 802. 11 a Implementation Comparison • Hiper. LAN/2 & 802. 11 a share common components – Similar Physical Layer (Orthogonal-Frequency-Division-Multiplexing modulation (OFDM), similar radio) • different MAC implementation – Hiper. LAN/2: – 802. 11 a: – Hiperlan/2: 15. 10. 02 Qo. S and Radio Link Control Features MAC classic Ethernet uses ATM like scheme I. Meier: WLAN at DESY Zeuthen 18
2. 4 GHz Frequence Band– IEEE 802. 11 g • • provides higher data rates at 2. 4 GHz similar speeds as 802. 11 a backward compatible with 802. 11 b modulation – – BPSK (Binary Phase Shift Keying) 1 Mbps QPSK (differential Quaternary Phase Shift Keying) 2 Mbps CCK (Complementary Code Keying) 5. 5 Mbps, 11 Mbps OFDM (Orthogonal Frequency Devision Multiplexing) 12 – 54 Mbps • same modulation as 802. 11 a (OFDM) • Draft-Status (3. 0) • more information: IEEE 802. 11 website www. ieee 802. org/11 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 19
2. 4 GHz Frequence Band– IEEE 802. 11 b • IEEE 802. 11 b Standard – 2. 4 GHz-ISM-Band (Industrial, Scientific and Medical) – frequency spectrum classed as unlicensed anyone can use it as it complies with FCC regulations (public radio spectrum) – max. transmit power of radios, type of encoding and frequency modulation – WECA (Wireless Ethernet Compatibilty Alliance) Wi-Fi (Wireless. Fidelity) compliant devices – LLC-Layer (Logical-Link-Control Layer 2) – 48 bit MAC address (classic Ethernet) – max. 11 Mbps – Wireless LAN Radio Frequency Methods • FHSS (Frequency Hopping Spread Spectrum) 2 Mbps • DSSS (Direct-Sequence-Spread-Spectrum) 1, 2, 5. 5, 11 Mbps 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 20
2. 4 GHz Frequence Band– IEEE 802. 11 b • spread spectrum technology – 2. 4 GHz ISM band has other primary owners, operates at 600 W power level; IEEE 802. 11 b: max. 100 m. W – spread-spectrum-technology power signal after spread spectrum F Spectrum after modulation F frequence – non-sensitive against narrow-band interference (e. g. noise) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 21
2. 4 GHz Frequence Band– IEEE 802. 11 b • 2 different types of layer 1 physical interfaces – Frequency-hopping architecture – Direct-sequencing architecture (single-frequency approach) DSSS • Frequency Hopping – 2. 4 GHz ISM band provides 83. 5 MHz of available frequency spectrum – frequency-hopping-architecture: transmit radio on 1 of 79 x 1 -MHz-wide frequencies (channel) for max. 0. 4 sec – interference tolerant network – one channel stumbles across an interference => because frequencyhopping data retransmission is realized on another frequency – achievable data rate: 2 Mbps 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 22
2. 4 GHz Frequence Band– IEEE 802. 11 b • Direct-Sequence-Spread-Spectrum (DSSS) – 11 x 22 -MHz overlapping channels of 83. 5 MHz (2. 4 GHz – 2. 4835 GHz) – 3 x 22 -MHz-wide non-overlapping channels – large bandwidth & modulation based on Complementary Code Keying (CCK) primary reason for higher data rates (11 Mbps) – 3 channels without overlap 3 Access Points can be used to provide aggregate data rate of combination of the 3 available channels – 11/22/33 Mbps data rate 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 23
WLAN Media Access Control Router broadcast-domain 15. 10. 02 Router Ethernet HUB Access Point broadcast-domain 10 Mbps shared bandwidth 11 Mbps shared bandwidth CSMA/CD CSMA/CA I. Meier: WLAN at DESY Zeuthen 24
WLAN Media Access Control • CSMA/CA - Carrier-Sense-Multiple-Access with Collision Avoidence • frames – data frames – control frames (RTS, - CTS-, ACK-frames) – management frames (beacon frames) • frame format Praeambel PLCP-header MAC-data CRC – Praeambel: - 80 bit synchronization sequence - 16 bit start-delimeter-frame – PLCP-header: - contains information about encryption on physical layer, packet length 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 25
WLAN Media Access Control – MAC-data field frame duration address 1 address 2 address 3 control sequence control address 4 frame body CRC • control frames • RTS • CTS • ACK Request to Send packet Clear to Send packet Acknowledgement packet frame format Byte 2 Frame Control 15. 10. 02 2 Duration 6 Receiver 6 Sender I. Meier: WLAN at DESY Zeuthen 4 CRC 26
Wireless LAN Components and Features 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 27
WLAN Components • • Bridge Access Point Workgroup-Bridge NIC (WLAN Network Interface Card (ISA, PCI, PCMCIA)) • Router with WLAN-extension (x. DSL-Router, ISDN-Router) 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 28
WLAN Components and Features Wired LAN Building A WLAN Bridge Point-to-point WLAN Bridge L 2 Access Switch Access Point-to-multipoint Workgroup Bridge L 2 Access Switch Building B 15. 10. 02 ISA, PCI or PCMCI Building C I. Meier: WLAN at DESY Zeuthen 29
WLAN Components and Features • • • point-to-point and point-to-multipoint installation inline power over Ethernet, up to 100 m with Cat. 5 selectable transmit power (1, 5, 20, 30, 50, 100 m. W) antenna flexibility variable data rate (1, 2, 5. 5, 11 Mbps) aggregate bandwidth 33 Mbps hot standby implementation, increase availability roaming load balancing • but: – no Quality of Service – Voice over IP & multimedia applications supported on „best efford“ 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 30
Availability LAN active standby • access points with identical configuration • hot standby access point per RF channel • transparent failover from active to standby access point 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 31
Roaming • Media Access Control – CSMA/CA • Beacon Frames – are broadcast from access point at regular intervals – contain access-point information (e. g. Service Set Identifier (SSID), supported data rates and Radio Frequency Methods (FHSS, DSSS), capacity) AP-A AP-B – client triggers „Roaming Event“ (max. retries) starting scanning process for available access points – new association to AP-B based on criteria such • Signal strength 20% better? • Fewer hops to backbone? • Count of associations (AP-B) + 4 < count of associations (AP-A)? 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 32
Load Balancing • • • only 3 non-overlapping cells available max. Bandwidth for single client 11 Mbps load balance criteria – – 15. 10. 02 signal strength number of users transmit load hops to backbone AP AP AP 1 6 11 I. Meier: WLAN at DESY Zeuthen 33
Wireless LAN & Security 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 34
Wireless LAN & Security „. . . As standardized by the IEEE, security for 802. 11 networks can be simplified into two main components: encryption and authentication. The implementation of these components has been proven and documented as insecure by the security community at large. . “ SAFE: Wireless LAN Security in Depth, White Paper Cisco Systems, Inc. , 2001 http: //www. cisco. com/go/safe 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 35
Security Mechanisms SSID AP-Auth none WEP static SSID AP-Auth WEP static WEP dynamic WEP 15. 10. 02 VPN dynamic (EAP) Service Set Identifier Access Point Authentication (open/shared key authentication) Wired Equivalent Privacy (encryption) static key dynamic key derivation EAP (Extensible Authentication Protocol) / LEAP (Ligth EAP) I. Meier: WLAN at DESY Zeuthen 36
Network Selection Service Set Identifier (SSID) • defines the name of the network, ASCII-string • SSID is not a security mechanism • transmitted as clear text in Probe & Probe Response frames • „Broadcast SSID“ disabled stops SSID in beacon frames only • association to dedicated networks/access points 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 37
Access Point Authentication • Open authentication open authentication = „null“ authentication request packet authentication response packet • Shared Key Authentication and static WEP-encryption challenge text packet for authentication cryptographically insecure plaintext and corresponding encrypted text are visible 15. 10. 02 authentication request packet challenge text packet (plaintext) challenge response packet with predet. WEP authentication response packet I. Meier: WLAN at DESY Zeuthen 38
Static Wired Equivalent Privacy (WEP) header: use key 3 data: encrypted using key 3 trailer Key 1 = 123. . . Key 2 = 432. . . Key 3 = 987. . . trailer data: encrypted using key 2 header: use key 2 Key 1 = 123. . . Key 2 = 432. . . Key 3 = 987. . . • knowledge of WEP key required • key needs to be changed frequently • key distribution and management problematic 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 39
MAC Authentication • MAC address filter on Access Points • Cisco supports centralized configuration and management of permitted MAC addresses in RADIUS database (Remote Access Dial-In User Service) • easily spoofed 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 40
2 nd Generation Security Mechanisms • WLAN IEEE 802. 11 b is in secure • security extensions necessary Backend infrastructure (kerberos, RADIUS, . . . ) IEEE 802. 1 x TLS GSS_API IKE LEAP Method Layer EAP APIs VPN EAP Layer NDIS APIs PPP 15. 10. 02 802. 3 802. 11 . . . I. Meier: WLAN at DESY Zeuthen Media Layer 41
EAP/LEAP • EAP - Extensible Authentication Protocol (centralized authentication and dynamic key distribution) • LEAP – Ligth Extensible Authentication Protocol (Cisco) EAP/LEAP RADIUS Radius Sever client – – – 15. 10. 02 client authenticates to access point which disables all further IP requests next step: user network logon (username, password; Radius-Server) WEP session key calculation based on username/password Radius server sends key to access point Access point enables network connection I. Meier: WLAN at DESY Zeuthen 42
VPN - Virtual Private Network • support a variety of cryptographically strong options to authenticate the client at the VPN concentrator • encrypted IP-tunnel client – VPN concentrator • Triple DES encryption • connection access point – VPN concentrator is not authenticated 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 43
WLAN installation at DESY Zeuthen 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 44
deficits • security policies – – security zones Firewall Intrusion Detection System (IDS) mobile computing notebooks, PDA, Bluetooth • „Benutzerordnung“ • central notebook support (MS Windows/Linux) – – 15. 10. 02 system installation/administration security patches root password application software I. Meier: WLAN at DESY Zeuthen 45
Supported network features • network access - Ethernet analogous modem ISDN DSL WLAN DHCP - RADIUS - EAP - VLAN • IEEE 802. 11 b (11 Mbps, 2. 4 GHz) • support meetings, workshops, conferences • seminar room SR 1, SR 2, SR 3, Foyer 15. 10. 02 I. Meier: WLAN at DESY Zeuthen 46
Network Structure (Phase I, August 2002) GWIN-Router 34 Mbit/s Remote Access Server 10/100 Mbit/s Telecom 100 Mbit/s dial-in/mobile user 56 kbit/s (anal. Modem) 64/128 kbit/s (ISDN) Backbone Router/Switch Gigabit Ethernet SAP-User Access Switch (Layer 2 Switch) 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 47
Network Structure (Phase II, October 2002) GWIN-Router 34 Mbit/s Remote Access Server 100 Mbit/s Telecom Firewall dial-in/mobile user Gigabit Ethernet 56 kbit/s (anal. Modem) 64/128 kbit/s Gigabit Ethernet (ISDN) Backbone Router/Switch Gigabit Ethernet Access Switch (Layer 2 Switch) SAP-User 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 48
Network Structure (Phase III) GWIN-Router 34 Mbit/s Remote Access Server 100 Mbit/s Telecom dial-in/mobile user 56 kbit/s (anal. Modem) 64/128 kbit/s Firewall Gigabit Ethernet (ISDN) Access Point Gigabit Ethernet Backbone Router/Switch WLAN user Gigabit Ethernet Access Switch (Layer 2 Switch) SAP-User 10/1000 Mbit/s PC-Cluster Batch-Farm 15. 10. 02 Server I. Meier: WLAN at DESY Zeuthen 49
Abbreviations • ETSI • • IEEE ITU Reg. TP TKG WRC Bluetooth SIG RR • • Wi-Fi ÍSM-Band • UNII-Band 15. 10. 02 European Telecommunication Standards Institute ( Hiperlan 1/2) Institute of Electrical and Electronic Engineers, Inc. International Telecommunication Union (CCITT, CCIR) Regulierungsbehörde für Telekommunikation und Post Telekommunikationsgesetz World Radio Conference (Verwaltung der Funkfrequenzen) Bluetooth Special Interest Group Radio Regulations (weltweit gültiges Regelwerk für den Funkverkehr, vom WRC erarbeitet) Wireless-Fidelity 2. 4 GHz Frequence-Band for Industrial, Scientific and Medical, unlicensed 5 -GHz Frequence-Band for Unlicensed-National-Information. Infrastructure I. Meier: WLAN at DESY Zeuthen 50
Abbreviations • • • DSSS WEP RC 4 • IPSec • • • VPN DES 3 DES 15. 10. 02 Direct Sequencing Spread Spectrum Wired Equivalent Privacy (40/128 bit encryption) encryption algorithm invented by Ron Rivest of RSA Data Security Inc. (RSADSI) IP Security Protocol (framework of open standards for secure communication over IP networks) Vitual Private Network Data Encryption Standard Triple DES, encrypts data 3 times with up to 3 different keys I. Meier: WLAN at DESY Zeuthen 51
Abbreviations • • • SSID AP CSMA/CD CSMA/CA EAP/802. 1 X • • • LEAP MIC TKIP EAP-TLS RADIUS DHCP 15. 10. 02 Service Set Identifier (32 char ASCII-string) Access Point Carrier-Sense-Multiple-Access with Collision Detection Carrier-Sense-Multiple-Access with Collision-Avoidence Extensible Authentication Protocol (centralized authentication and dynamic key distribution) Ligth Extensible Authentication Protocol (Cisco) Message-Integrity-Protocol Temporal-Key- Integrity-Protocol EAP Transport Level Security Remote Access Dial-In User Service Dynamic Host Configuration protocol I. Meier: WLAN at DESY Zeuthen 52
- Telecommunications the internet and wireless technology
- Wireless lan protocols
- Lan switching and wireless
- Juniper wlm series wireless lan managers
- Wireless lan protocols
- Wireless lan 802
- What does a wireless lan (wlan) act as to a wired network?
- Fujitsu air conditioner wifi adapter
- High speed wireless lan
- Lan 1232
- Junos space cross provisioning platform spec
- Desy summer student
- Desy wap
- Desy wifi
- Walter winter desy
- Desy sax
- Desy summer student program
- Alps desy
- Bf desy
- Desy hostel
- Michael ebert desy
- Desy transport
- Popca
- Desy photon science
- Indico desy
- Quelle
- Wirelessmon
- Cordless systems and wireless local loop
- Sachin katti
- Wlcca
- Which is host element in wireless
- Skymanage
- Local wireless networks
- Wifi transceiver block diagram
- Torino wireless
- Lmds architecture
- Wireless access solutions
- Wireless sensor network ppt
- Soho router definition
- Integrated wireless technologies
- Wireless communication research topics
- Thomas d'otreppe de bouvette
- What is wireless pan
- Gast 802 11 wireless networks "torrent"
- Microsoft wireless router module
- Constrained nodes and constrained networks
- Mobile and wireless communication syllabus
- Paging in wireless communication
- Wireless mobile computing and mobile commerce
- Android wireless application development
- Wireless vulnerability assessment
- Kismet wireless
- Wifi bluetooth nfc