802.11

The core WLAN standard is IEEE 802.11, sometimes known as Wi-Fi because

this was the first standard championed by the Wi-Fi Alliance. Wi-Fi is short for

Wireless Fidelity, a retro/hip reference to Hi-Fi. The IEEE ratified 802.11 in 1997.

In much the same way that Ethernet was standardized by 802.3 with subsequent

iterations of improved Ethernet getting extra letters to distinguish them from

the original (such as 802.3u, 802.3z, 802.3ae, and so on), the subsequent variations

and improvements to 802.11 are distinguished by a letter as well. The ones

you want to remember are 802.11a, 802.11b, and 802.11g. There are a couple

others in the works; you have probably seen 802.11n gear in stores. The

 The WLAN standards you should know, and some of the relevant info

about each. (Some of the terms and acronyms will be explained in later sections.)

11-Mbps FHSS n/a 11Mbps n/a 11Mbps per

stream

5.0GHz

11 channels in the 2.4GHz band. The 11 channels available were used in a random,

rapid sequence to statistically avoid interference from other devices using

the same frequencies. This “skipping around” the channels is called Frequency

Hopping Spread Spectrum (FHSS). In reality, a lot of the data was lost to interference

anyway, and a more sophisticated system was engineered for 802.11a.

802.11a uses a much higher frequency (5GHz) and a fancy method of using the

available channels, called Orthogonal Frequency Division Multiplexing

(OFDM). The science of how OFDM works is well beyond the scope of this

exam, but you should know the term and which standards it applies to. A big

advantage of the 5GHz band is that it is immune to common 2.4GHz emissions,

such as from cordless phones, baby monitors, microwave ovens, and many of the

wireless conveniences we take for granted that can really interfere with WLAN

transmissions in the 2.4GHz range. A disadvantage is that the higher frequencies

are more easily absorbed by structures and furniture, reducing the effective

range. However, the way OFDM works actually gives it a range advantage in

these office-type surroundings; in addition, higher frequencies mean smaller

antennas, which means we can increase the antenna gain (sort of like turning up

the listening volume). These things improve the range and so balance out the

range loss of the higher frequencies. It was mostly enterprise customers who

liked (and often still like) 802.11a, in part because it never caught on with the

general public so the risk of interference and security breaches was reduced.

802.11b, although later in the standards list, was actually in the market before

802.11a. 802.11b is back in the 2.4GHz range, so interference sources are a concern,

but now we have another method of using the available channels called

Direct Sequence Spread Spectrum (DSSS). Again, the complex science behind

how it works is not of concern for the CCNA exams, but you need to understand

a little about it. There are eleven channels within the frequency band assigned

to this standard by the FCC. Typically, only three of these channels (channels 1,

6, and 11) are ever used because all 11 channels overlap each other. When two

APs use channels that are adjacent or close together (say, 2 and 3) or the APs

themselves are close enough together to “jam” each other, the signals from one

channel get stepped on, interfered with, and generally disrupted by the other.

Channels 1, 6, and 11 do not overlap each other.

2 3 4 5 6 7 8 9 10 11

2.4832 GHz

By sticking to these three channels, the frequencies are far enough apart that it

is very unlikely that they will interfere with each other, so less data is lost. In an

environment where you have multiple APs (as in most business implementations),

you take advantage of this by having your different access points using

different channels, consequently overlapping their coverage area without overlapping

the channels they use that could cause interference. 

APs to connect to and get free Internet access. Of those 12 APs in

my neighborhood, 4 of them are completely unsecured and I could connect,

use their Internet service, or snoop around their home network if I

chose to.

looking for interesting or useful information such as credit card numbers

or other protected data, or else they just want to mess up someone’s network

out of malice or boredom. Being able to claim that they took down

Yahoo! for an hour gives them bragging rights; putting their former

employer offline is an act of revenge.

Usually, the hacker has spent some time with easily available software

tools intercepting the signaling between existing APs and clients.

Even if there is some security in place, given enough time, weak authentication

and encryption can be cracked. After the hacker has the necessary

information, the hacker can set up a rogue AP with the correct SSID and

authentication keys. Clients then associate with the device, and now the

hacker has direct access to all the information coming through that AP.

These scenarios make a business network admin freak out. For quite a while,

businesses were not implementing WLANs because they knew that the lack of

security was a major issue.

WLAN Security Methods

There are three main ways to apply security to WLANs:

the AP also has to prove to the client that it is a legitimate (that is, not

WLAN Security

key without actually sending the key; this small mathematical miracle

means that hackers can’t simply intercept the key and use it to gain access.

data, encrypting it into a stream of gibberish that only another device

with the correct key and decryption formula can unscramble. If hackers

intercept encrypted data, they are unlikely to be able to decrypt it without

the key. I didn’t say it was impossible—there are some weak encryption

schemes out there that can be cracked relatively quickly. The strong

encryption schemes are strong enough that it would take years to crack

them, at which point most data would no longer be worth the trouble.

against unauthorized use of the WLAN. These systems are typically

implemented as part of a Lightweight architecture. One of my favorites

is a system that detects a new AP in the system, interrogates it, and causes

it to shut down if it is classified as a rogue AP. Cisco’s Structured

Wireless-Aware Network architecture (SWAN) includes several devices

and tools that improve the manageability and security of WLANs. Learn

more about SWAN at www.cisco.com/go/swan.

As usual, different vendors were keen to get their product to market and start

making money, so there were some nonstandardized security systems in place

before the standards came out, but things have settled down somewhat into a

fairly consistent and pretty secure standard that most vendors are supporting. It

goes without saying that if you do not actually apply the security, it is not secure!

The Wired Equivalent Privacy (WEP) standard was introduced as part of

802.11. WEP uses a static preshared key system, meaning that all the APs and

all the clients must have the same key string configured in order to authenticate

and transmit encrypted data. The problems with this are that it is an administrative

headache to change the keys, which means they don’t change often,

which is not good. On top of that, the encryption method used was pretty weak.

These factors meant that a hacker could intercept lots of authentication

weak encryption. From that point it is a pretty simple matter to crack the

encryption, read the data, or connect to the network at will.

Some additional (not part of the standard) features were introduced by manufacturers

to bolster the flaws in WEP. Most APs allow you to choose not to

broadcast the SSID, which means that a client wanting to connect must know

the SSID. This is not going to fool a serious hacker; it is still perfectly possible

to capture WLAN traffic and determine the SSID in use. Another supplementary

security feature was the capability to filter which Media Access Control

(MAC) addresses (of client wireless NICs) could connect to the AP. The premise

was that no two MACs are the same, so only a short list of authorized MACs

needed to be added to the APs list. Unfortunately, it is a trivial matter to change

the source MAC with software, so after we learn an authorized MAC, we can

pretend to be that MAC.

Because its security features really deter only honest people, WEP should not

be considered a viable security method in current WLAN deployments.

Being one of the major stakeholders in the success of wireless for enterprise customers,

Cisco worked out an interim set of solutions to the problems WEP had.

In cooperation with the Wi-Fi Alliance, Cisco utilized components of the IEEE

802.1x authentication protocol and its own Extensible Authentication Protocol

(EAP) to significantly increase WLAN security. The three key improvements

that Cisco’s solution offered were the following:

solution to the problem of keying. Instead of a preshared key that all

devices must be manually configured with (and that as a consequence seldom

changes), dynamic keying allows the key to be secretly agreed upon

by the devices themselves, without administrative effort beyond setting it

up. Cisco used a proprietary method of dynamic keying.

IEEE authentication scheme, requiring the user to supply a username/

password package when attempting to connect. This added another

layer of complexity to the task of hacking in, because somehow the username

and password had to be learned. 802.1x is quite difficult to circumvent

if it’s properly configured, but it is somewhat complex to set up.

key could change with every packet sent, so that even if the hacker

figures out the key, all the hacker can read is that one packet. This operation

obviously adds significant overhead to packet processing, but processing

power was getting better and cheaper all the time, so the benefits

outweighed the drawbacks.

Cisco was out of the gate fast with a hybrid of proprietary and standards-based

protocols to address WLAN security, because the IEEE standards ratification

process was slower than the market demand. While Cisco was doing their own

thing on their products, the Wi-Fi Alliance kept one eye on what the IEEE was

likely to implement, so that they weren’t too far off base when the standard did

come out, and put forth a WLAN industry-standard (in contrast to IEEE standard)

security scheme called Wi-Fi Protected Access (WPA).

WPA set the same basic goals as Cisco’s solution, but with differences in how it

was executed. Dynamic keying was achieved using the Temporal Key Integrity

Protocol (TKIP) standard. WPA does device authentication either with simple

preshared keying or 802.1x authentication. This worked well for both the consumer

and business markets because the typical consumer could not set up an

802.1x system, whereas most businesses could and wanted the extra security.

One other benefit of WPA was its sponsorship by the Wi-Fi Alliance, which had

proved that its certification program could guarantee that Wi-Fi–certified

devices would work together reliably.

In 2005, the IEEE ratified the 802.11i security standard, which included features

for dynamic keying, authentication, and very strong encryption using the

Advanced Encryption Standard (AES) algorithm. Although functionally similar

to the Cisco and WPA systems, 802.11i is not backward compatible, and provides

much stronger encryption.

The Wi-Fi Alliance continues to certify equipment for compliance with the

802.11i standard, but they call it WPA2. This continues the positive association

with the success of WPA in the minds of consumers and IT managers, but causes

some confusion as to whether they are two different standards. They aren’t.!!

1. Verify the existing wired network—Check that Dynamic Host

2. Install the first AP—Assign the AP an IP address and mask and a default

3. Configure the wireless settings—Change the default SSID to something

in accordance with your local security policy (typically not the company

4. Install and configure one wireless client—Verify that it can connect.

5. Verify that the client works—In the absence of security configuration,

. Is the AP close to the center of the area where the clients are?

. Is there an interference source close by (microwave, cordless phone,

. Is the AP or the client close to a large metal structure (filing cabinet,

. Is the AP’s coverage area adequate to reach the client? Try moving

6. Configure the desired security features on both AP and client (it’s recommended

7. Verify that the client can still connect to resources in the presence of