Embed Size (px)
DESCRIPTION
excellent primer on Wireless LAN basics. Some focus on Aerohive but all information is true for all WLAN networks.
Citation preview
ee
Wi-Fi Basics 802.11 Fundamentals
Table of Contents Introduction ........................................................................................................... 2
WLAN Organizations ................................................................................................. 2
802.11 Networking Basics .......................................................................................... 4
Layer 1 - Physical Layer: RF ....................................................................................... 5
Channel Design and Site Survey .................................................................................. 7
Layer 2 - Data-Link/MAC Sublayer: 802.11 Frames ........................................................... 8
WLAN Toplogies and Terminology ............................................. Error! Bookmark not defined.
Client Isolation: Upper Layer Design ..............................................................................
Wi-Fi Security ..................................................................... Error! Bookmark not defined.
Client Isolation: Upper Layer Design ..............................................................................
Introduction In 1997, the Institute of Electrical and Electronics Engineers (IEEE) ratified the original 802.11 standard that defined communication mechanisms for wireless local area networking (WLAN). Since the original ratification, the IEEE has amended the standard many times over to enhance the WLAN speeds and reliability. The technology was eventually given the marketing name of Wi-Fi which is a marketing term recognized worldwide by billions of people as referring to 802.11 wireless networking. Since 1997, Wi-Fi has become part of our worldwide culture and everyday life. Although Wi-Fi has been around for over a decade, confusion stills exists regarding some of the terminology and basic operations of 802.11 wireless networking. The purpose of this white paper is to explain some of the basics of Wi-Fi and the associated terminology. When designing and troubleshooting any enterprise WLAN; a proper understanding of the basics of Wi-Fi operations is an often overlooked yet necessary skill-set that any IT administrator should possess. WLAN Organizations At least three organizations guide the various aspects of the Wi-Fi industry:
• Spectrum management regulatory domain authority: The International Telecommunication Union Radiocommunication Sector (ITU-R) and local entities such as the Federal Communications Commission (FCC) set the rules for what the user can do with a radio transmitter. These organizations manage and regulate frequencies, power levels, and transmission methods. Essentially, the FCC and other regulatory bodies set the rules for what the user can do regarding radio frequency (RF) transmissions. The FCC and the respective controlling agencies in the other countries typically regulate two categories of wireless communications: licensed and unlicensed. The difference is that unlicensed users do not have to go through any license application procedures in order to install a wireless system. In most countries, the RF transmissions used for Wi-Fi occur in the unlicensed frequency bands of 2.4 GHz and 5 GHz.
One main advantage of an unlicensed frequency is that permission to transmit on the frequency is free. Although there are no financial costs, you still must abide by transmission regulations and other restrictions. In other words, transmitting in an unlicensed frequency may be free, but there still are rules. It is important to understand that communications are regulated differently in many regions and countries. For example, European RF regulations are very different from the regulations used in North America. When deploying a
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 3
WLAN, please take the time to learn about rules and policies of the country’s local regulatory domain authority.
• IEEE: The Institute of Electrical and Electronics Engineers (IEEE) creates standards for compatibility and
coexistence between networking equipment. Networking professionals are all familiar with the IEEE 802.3 wired networking standard that defines Ethernet networking. The technical standard for Wi-Fi communications is the 802.11 standard for wireless local area networking (WLAN). Other wireless standards such as 802.15 also exist but they do not pertain to Wi-Fi communications. Any wireless IEEE standards must adhere to the rules of the spectrum management organizations, such as the FCC.
The original 802.11 standard was published in June 1997, however, over the years, many amendments have been proposed and ratified in order to enhance the security, reliability and performance of the WLAN technology. Table 1 shows a simple comparison of some of the various 802.11 amendments in regards to data rates and frequency bands supported. 802.11g radios are backward compatible with older 802.11b radios. Please note that 802.11b/g radios can only transmit in the 2.4 GHz frequency band while 802.11a radios can only transmit in the 5 GHz frequency band. 802.11n radios can transmit on both frequency bands and are backward compatible with 802.11a/b/g radios. Standard Supported Data Rates 2.4 GHz 5 GHz RF technology Radios 802.11 legacy 1, 2 Mbps Yes No DSSS or FHSS SISO 802.11b 1, 2, 5.5, 11 Mbps Yes No HR-DSSS SISO 802.11a 6 - 54 Mbps No Yes OFDM SISO 802.11g 6-54 Mbps Yes No OFDM SISO 802.11n 6 - 600 Mbps* Yes Yes HT MIMO * All Aerohive HiveAPs use 802.11n compliant radios. The 802.11n High Throughput (HT) amendment defined new PHY layer and MAC layer enhancements to achieve data rates as high as 600 Mbps. Current 802.11n chipsets support data rates of 450 Mbps. 802.11n radios operate in both the 2.4 GHz and 5 GHz frequency bands. DSSS = Direct Sequencing Spread Spectrum FHSS = Frequency Hopping Spread Spectrum OFDM = Orthogonal Frequency Division Multiplexing HT = High Throughput SISO = Single Input, Single Output MIMO = Multiple Input, Multiple Output More detailed information about the IEEE 802.11 standard and amendments can be found at: http://standards.ieee.org/about/get/802/802.11.html.
• Wi-Fi Alliance: The Wi-Fi Alliance is a global, non-profit industry association that is devoted to promoting the growth of Wi-Fi technology. The Wi-Fi Alliance markets the Wi-Fi brand and raises consumer awareness of any new 802.11 technologies as they become available. The primary task of the Wi-Fi Alliance is to provide certification testing to make sure wireless networking equipment conforms to the 802.11 WLAN communication guidelines, similar to the IEEE 802.11 standards. Testing of vendor Wi-Fi products is performed within independent authorized test laboratories worldwide. The guidelines for interoperability for each Wi-Fi CERTIFIED™ program are usually based on key components and functions that are defined in the IEEE 802.11-2007 standard and various 802.11amendments. In fact, many of the same engineers who belong to 802.11 task groups are also contributing members of the Wi-Fi Alliance. However, it is important to understand that the IEEE and the Wi-Fi Alliance are two separate organizations. The IEEE 802.11 task group defines the WLAN standards, and the Wi-Fi Alliance defines
Table 1: 802.11 Amendments
4 Copyright © 2011, Aerohive Networks, Inc.
interoperability certification programs. Devices certified by the Wi-Fi Alliance carry the Wi-Fi CERTIFIED logo shown in Figure 1. More information about the Wi-Fi Alliance can be found at www.wi-fi.org. Aerohive Networks is a proud member of the Wi-Fi Alliance.
802.11 Networking Basics The seven layers of the OSI model has long been the cornerstone of data communications. Acquiring an understanding of the OSI model is a necessary and fundamental task that any networking professional must undertake. In addition to understanding the OSI model and basic networking concepts, a basic understanding of the fundamentals of Wi-Fi is paramount to properly design, deploy, administer and troubleshoot an 802.11 wireless network properly. The IEEE only defines communication mechanisms at the first two layers of the OSI model: the Physical layer and the MAC sublayer of the Data-Link layer. Various wired networking standards define the Physical layer (layer 1) operations using a transmission medium such as copper or fiber optic cabling. The IEEE defines a wide variety of complex radio frequency (RF) communications for the wireless physical medium used in Wi-Fi. WLAN radio cards use different types of modulation methods to represent data bits as they are delivered via an RF signal. The IEEE also defines data delivery at the Data-Link layer (layer 2) which is divided into two sublayers. The upper portion is the IEEE 802.2 Logical Link Control (LLC) sublayer, which is identical for all 802-based networks, although not used by all of them. The bottom portion of the Data-Link layer is the Media Access Control (MAC) sublayer, which is identical for all 802.11-based networks. The IEEE 802.11 standard defines operations at the MAC sublayer for datagram frame transmissions. It is important to understand that Wi-Fi communications only operate at layer 1 and layer 2 of the OSI model. As a matter of fact, layers 3-7 operations are not defined at all by the IEEE for any 802.11 WLAN communications. When you troubleshoot a Wi-Fi network, you should troubleshoot it just like you would troubleshoot a wired network. In other words, you should move up the OSI stack when troubleshooting. The majority of problems in any type of network occur at layer 1. Any Wi-Fi administrator will testify to how many times the end-user simply did not have the radio card enabled on a laptop, thus preventing Wi-Fi communications to even get started. WLAN radio card drivers have long been one of the main causes of connectivity problems between access points (APs) and client devices. Other Physical layer problems are caused by RF interference or improperly designed WLANs. Layer 2 MAC sublayer problems often occur due to misconfigured AP or client device settings. If you are troubleshooting a WLAN and can properly determine that root cause of network connectively is not occurring at either layer 1 or layer 2, then the problem is not a Wi-Fi problem and it exists at the upper layers. Enterprise Wi-Fi networks very often get blamed for recurrent problems that have nothing to do with the properly deployed WLAN infrastructure. If a Wi-Fi network administrator can properly determine that a problem is not occurring at either layer 1 or 2, then the problem is usually an IP networking problem and/or an application-based problem. Although Wi-Fi only operates at the first two layers of the OSI model, by no means are the upper layers of the OSI model to be ignored. To properly administer an Ethernet network, a deep comprehension of TCP/IP, bridging,
Figure 1: Wi-Fi CERTIFIED logo
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 5
switching, and routing is required and the same holds true for any enterprise Wi-Fi deployment. The purpose of am 802.11 WLAN is to provide client mobility and to provide a secure “wireless portal” into a pre-existing network infrastructure. In other words, when designing and deploying an 802.11 WLAN, there will always be upper-layer design considerations
Layer 1 - Physical layer: RF As stated earlier, the physical medium used for Wi-Fi communications is electro-magnetic RF communications. Wired communications travel across what is known as bounded medium. An example of a bounded medium would be an Ethernet cable that contains or confines the signal (small amounts of signal leakage can occur). Wireless communications travel across what is known as unbounded medium. Unbounded medium does not contain the signal, which is free to radiate into the atmosphere in all directions (unless restricted or redirected by some outside influence). Because of the unbounded nature of RF communications, the different physical environments in every indoor or outdoor deployment will result in different coverage and capacity capabilities that are unique to the site. Unlike a bounded wired cable, RF is an ever-changing physical medium that will change along with the physical environment in which RF propagates. The good news is that RF communications still do abide by the laws of physics, meaning that a functional WLAN can be designed with the proper knowledge of RF characteristics and behaviors. An RF signal starts out as an electrical alternating current (AC) signal that is originally generated by a transmitter. This AC signal is radiated out of an antenna element in the form of an electromagnetic wave. An RF signal is an alternating current (AC) that continuously changes between a positive and negative voltage which can be represented as a sine wave. An oscillation, or cycle, of this alternating current is defined as a single change from up to down to up, or as a change from positive to negative to positive. All RF signals are defined by various characteristics including wavelength, frequency, amplitude and phase. Phase, frequency and amplitude shifts can all be used by transmitting radios to modulate data.
• Wavelength: A wavelength is the distance between the two successive crests (peaks) or two successive troughs (valleys) of a wave pattern, as pictured in Figure 2. In simpler words, a wavelength is the distance that a single cycle of an RF signal actually travels.
• Frequency: Frequency is the number of times a specified event occurs within a specified time interval. The standard measurement of frequency is hertz (Hz). An event that occurs once in 1 second is equal to 1 Hz. An event that occurs 2.4 billion times in 1 second is measured as 2.4 GHz. The frequency at which
Figure 2: Wavelength
6 Copyright © 2011, Aerohive Networks, Inc.
electromagnetic waves cycle is also measured in hertz. As shown in Figure 3, the number of times an RF signal cycles in 1 second is the frequency of that signal.
An inverse relationship exists between wavelength and frequency. The three components of this inverse relationship are frequency, wavelength and the speed of light. A simplified explanation is that the lower the frequency of an RF signal, the larger the wavelength of that signal. The smaller the wavelength of an RF signal, the higher the frequency of that signal. As RF signals travel through space and matter, they lose signal strength (attenuate). Higher frequency signals with a smaller wavelength will attenuate faster, than lower frequency signals with a larger wavelength.
• Phase: The relationship between two or more signals that share the same frequency. Phase can be
measured in distance, time, or degrees. If the peaks of two signals with the same frequency are in exact alignment at the same time, they are said to be in phase. Conversely, if the peaks of two signals with the same frequency are not in exact alignment at the same time, they are said to be out of phase. The way in which RF waves move (also known as propagation) will vary drastically due to the existing environment and any materials in the path of a signal. Depending on the materials, an RF signal may reflect, refract, diffract, scatter or be absorbed. These propagation behaviors will can cause an RF phenomenon known as multipath as well as affect the received amplitude of an RF signal. Multipath is a propagation phenomenon that results in two or more paths of a signal arriving at a receiving antenna at the same time or within nanoseconds of each other. The propagation behaviors of reflection, scattering, diffraction, and refraction will occur differently in dissimilar environments. These propagation behaviors can all result in multiple paths of the same signal. Multiple paths of the same signal will usually result in a phase difference between the two signals at the receiving radio. The effects of multipath can either be constructive or destructive. High instances of multipath can cause data corruption with legacy 802.11a/b/g radios, however, multipath is actually beneficial to the performance of the 802.11n MIMO radios.
Figure 3: Frequency
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 7
• Amplitude: The amplitude of an RF signal, which can be characterized simply as the signal’s strength, or power. When discussing signal strength in a WLAN, amplitude is usually referred to as either transmit amplitude or received amplitude. Transmit amplitude is typically defined as the amount of initial amplitude that leaves the radio transmitter. For example, if you configure an access point to transmit at 10 milliwatts (mW), that is the transmit amplitude. Antennas are then used to passive amplify the original transmit amplitude. When a radio receives an RF signal, the received signal strength to as received amplitude. While the majority of Wi-Fi radio can transmit anywhere between 1 mW and 100 mW, most Wi-Fi radios can receive an RF signal as low as billionths of a milliwatt. As an RF signal propagates away from the original transmitter, the signal will attenuate (lose amplitude). All RF signals lose amplitude as function of distance; caused by a natural phenomenon known as free space path loss (FSPL). The surrounding environment also attenuates the amplitude of an RF signal as it passes through different physical mediums such as concrete or drywall. The amplitude of a signal can be measured as either a relative measurement or an absolute measurement. An absolute measurement of power such as milliwatts represents the transmit amplitude of a signal or the received amplitude of an RF signal. A milliwatt (mW) is an absolute measurement of a unit of power. A relative measurement represents “change in power” as an RF signal moves from one point in space to another point in space. A decibel (dB) is a relative measurement that is a unit of comparison as opposed to a unit of power. A dB is a logarithmic comparison measurement based on the change in power between a transmitter and a receiver. An approximation of the gain or loss measured by dBs is can expressed by what is known as the rule of 10s and 3s. Every 3 dB of loss, halves the absolute power while every 3 dB of gain doubles the absolute power. Every 10 dB of loss, divides the absolute power by a factor of 10, while every 10 dB of gain multiplies the absolute power by a factor of 10. For example, if a Wi-Fi radio is transmitting at 50 mW and the antenna adds 3 dB of gain to the signal, then the amount of absolute power that would exit the head of the antenna is 100 mW. If a 50 mW signal lost 10 dB due to attenuation, then the received signal would be 5 mW. The most common way to measure received amplitude is an absolute unit of power called dBm which means decibels referenced to 1 milliwatt. The reference point is 1 milliwatt because 0 dBm = 1 mW. Table 2 shows the relationship between milliwatts and dBms
Table 2: dBm and Milliwatt Conversions dBm Milliwatts
+20 dBm 100 mW 1/10th of 1 Watt +10 dBm 10 mW 1/100th of 1 Watt
0 dBm 1 mW 1/1,000th of 1 Watt –10 dBm .01 mW 1/10th of 1 milliwatt –20 dBm .001 mW 1/100th of 1 milliwatt –30 dBm .001 mW 1/1,000th of 1 milliwatt –40 dBm .0001 mW 1/10,000th of 1 milliwatt –50 dBm .00001 mW 1/100,000th of 1 milliwatt –60 dBm .000001 mW 1 millionth of 1 milliwatt –70 dBm .0000001 mW 1 ten-millionth of 1 milliwatt –80 dBm .00000001 mW 1 hundred-millionth of 1 milliwatt –90 dBm .000000001 mW 1 billionth of 1 milliwatt
Most Wi-Fi radios have the receive sensitivity to understand a very strong received signal of- 30 dBm to very weak received signal of -110 dBM signal in the billionths of 1 milliwatt.
8 Copyright © 2011, Aerohive Networks, Inc.
Channel design and Site Survey 802.11bgn radios can transmit in the 2.4 GHZ band with a total of fourteen available channels. In the US only eleven of those channels are legally available and only 13 are available in Europe. Figure 4 depicts a spectrum analyzer view of the frequency space occupied by these fourteen channels.
Please note that within the 2.4 GHz band, only three channels have non-overlapping frequency space: channels one, six and eleven. When designing a WLAN, overlapping RF cell coverage is necessary to provide for seamless roaming. However, non-overlapping frequency space within the same coverage zone is also necessary to prevent data corruption caused by adjacent cell interference. RF is a half-duplex medium that allows for the transmission of only a single radio on any frequency channel, therefore when three or more 2.4 GHz APs are needed to cover an enterprise facility, only the non-overlapping channels of one, six and three should be used . Figure 5 shows floorplan using six APs to provide coverage. Note that only the non-overlapping channels of 1, 6 and 11 are used.
Figure 4: 2.4 GHz Frequency Band
Figure 5: 2.4 GHz Non-overlapping Channels
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 9
Figure 6 shows an improper channel design using the same six APS. Note that channels 1 -7 are used and all the channels share overlapping frequency space. The improper channel reuse design shown in Figure 6 causes what is often known as adjacent cell interference. Data corruption is caused by your own APs transmitting at the same tome over shared frequency space. The end result is decreased throughput and increased latency. Adjacent cell interference is simply RF interference caused by your own APs due to improper channel design.
One of the most common mistakes many businesses make when first deploying a WLAN is to configure multiple access points all on the same channel as shown in Figure 7. If all of the APs are on the same channel, unnecessary medium contention overhead occurs. Wi-Fi uses a listen-before -you-talk technology called the clear
Figure 6: Adjacent Cell Interference
10 Copyright © 2011, Aerohive Networks, Inc.
channel assessment (CCA) to ensure that that only one radio can transmit on the same channel at any given time. As shown in Figure 7, if an AP on channel 1 is transmitting, all nearby access points and clients on the same channel will defer transmissions. The result is that throughput is adversely affected: Nearby APs and clients have to wait much longer to transmit because they have to take their turn. The unnecessary medium contention overhead that occurs because all the APs are on the same channel is called co-channel interference (CCI). In reality, the 802.11 radios are operating exactly as defined by the CCA mechanisms, and this behavior should really be called co-channel cooperation. The unnecessary medium contention overhead caused by co-channel interference is a result of improper channel reuse design.
At 2.4 GHz, there will always be a certain amount of co-channel cooperation due to the fact that only three channels are available and some channel bleed over will occur. For that reason, sometimes a four-channel reuse plan of channels 1, 5, 9 and 13 is used in Europe to limit the instances of co-channel cooperation. However, it should be noted that any North American client device will not be able to connect to an AP transmitting on channel thirteen. 802.11an radios transmit in the four Unlicensed National Information Infrastructure (UNII bands) that exist at 5 GHz, As shown in Figure 8, a total of 23 non-overlapping channels exist, the UNII-1, 2 and 3 bands all have four channels each while the UNII 2E band has 11 channels. Depending on the country in which you reside, many more channels are available at 5 GHz than at 2.4 GHz meaning a variety of different channel reuse patterns can be designed to completely avoid adjacent cell interference as well as eliminate occurrences of co-channel cooperation.
Figure 7: Co-channel cooperation
Figure 8: 5 GHz UNII Bands
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 11
In many countries the radios in the UNII-2 and UNII-2E 5 GHZ bands are required by law to use dynamic frequency selection (DFS) technology to detect radar pulses and automatically changes channels to avoid interfering with government radar installations. In areas were radar might exist or if there is a worry about false positive radar pulse detection, many enterprise deployments choose an 8-channel reuse plan using the channels in the UNII-1 and UNII-2 bands as shown in Figure 9. Please note that the 4 channels in UNII-3 are not available for use in Europe.
The good news is that Aerohive’s Wi-Fi planner tool will always helps use choose a proper channel plan for both 2.4 GHz and 5 GHz. Always keep in mind that Wi-Fi is not two-dimensional and that RF signals can propagate between floors in a building. Aerohive’s Wi-Fi planner tool has multiple floor planning capabilities as shown in Figure 10, channel reuse designs must exist between floors in order to avoid adjacent cell interference and unnecessary co-channel cooperation.
Figure 9: Eight channel reuse plan - 5 GHz
Figure 10: Multiple floor channel design
12 Copyright © 2011, Aerohive Networks, Inc.
Most Aerohive Hive APs off dual-frequency radio capabilities and planning is necessary for both frequencies. However, always plan for the 5 GHz coverage first because more APS will be needed due to the fact that the smaller wavelength 5 GHz signals will attenuate faster than 2.4 GHz signal. Aerohive also uses a cooperative-control protocol called Automatic Channel Selection Protocol (ASCP) that allows HiveAPs to cooperatively communicate with each other about their individual power and channel settings. After a proper channel and power settings have been chosen, it may be necessary to adjust the power levels and transmit channels of individual APs based of changes in the existing environment. ASCP can will make these power and channel adjustments as pre-scheduled events or can change dynamically based on RF interference thresholds. Because ever site is different, proper coverage analysis and planning is necessary to make sure that every Wi-Fi client can receive a strong and reliable signal. A site survey should always be considered mandatory when designing an enterprise Wi-Fi network. Site surveys are necessary for spectrum analysis, channel design and coverage analysis. Coverage analysis requires guaranteeing a minimum amount of coverage provided by an access point based of the received signal amplitude from the clients’ perspective. Every building and environment is different and there it is necessary to account for the various attenuation values of the unique materials in each building. As RF signals passes through different mediums, the signal can be absorbed into the medium, which in turn causes a loss of amplitude. Different materials typically yield different attenuation results. As shown in Figure 11, the Aerohive Wi-Fi Planner tool allows you to designate to proper attenuation values to the floorplan being evaluated for proper coverage. A school building made entirely of brick walls will require more APs than a building made mostly of drywall.
So what type of received signal amplitude should you plan on providing to offer a quality experience in terms of throughput and reliability for the Wi-Fi end-user? Client radios will shift between data rates based on received signal strength indications (RSSI) thresholds. These thresholds may take into account multiple variables, however received amplitude is usually the main variable. For example, an 802.11b Wi-Fi client receiving a signal of -70 dBm from an AP may then transmit at a rate of 11 Mbps, however if a client moves further away from the AP and receives a weaker signal of only -85 dBm, the client may shift down to a lower date rate of 2 Mbps using a less complex modulation scheme. When designing for higher data-rate communications, coverage of -70dBm or greater is recommended. Keep in mind that the received signal is always from the client’s perspective. Another important concept to understand is signal-to-noise (SNR) ratio. The signal-to-noise ratio is simply the difference in decibels between the received signal and the background ambient noise known as the noise floor. Most Wi-Fi radio can measure ambient noise floor which is created by any other nearby electromagnetic devices. For example, if a radio receives a signal of –85 dBm and the noise floor is measured at –100 dBm, the difference between the received signal and the background noise is 15 dB. The SNR is 15 dB. Data transmissions can become corrupted with a very low SNR. If the amplitude of the noise floor is too close to the amplitude of the received signal, data corruption will occur and result in layer 2 retransmissions. An SNR of 25 dB or greater is considered good signal quality, and an SNR of 10 dB or lower is considered poor signal quality A high SNR is even more important when designing coverage for time-sensitive applications such as voice which are more susceptible to data corruption cause by a low SNR. It is a good idea to guarantee coverage of -67 dBm or better when designing for voice. Even if the noise floor was as high as -90 dBm, a received signal of -63 dBm would still guarantee an SNR of 23 dB and hopefully very little data corruption. In the past, coverage analysis site surveys were performed manually using the old “AP-on-a-stick” method. Most coverage analysis site surveys use predictive modeling. Aerohive Wi-Fi Planner tool provides the user with all necessary tools needed to create an accurate predictive coverage model. The Aerohive Wi-Fi Planner tool is built
Figure 11: Material Attenuation Properties
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 13
into all versions of the Aerohive HiveManager network management platform solution. Additionally, Aerohive Wi-Fi Planner is always available only for free at www.aerohive.com/planner. Capacity is another issue that should always be addressed when planning for a Wi-Fi network. In areas where there is a high density of Wi-Fi users, more HiveAPs may be necessary. As shown in Figure 12, Aerohive offers High density WLAN capabilities that can be applied to the radio profiles of any group of HiveAPs. High density WLAN capabilities include suppression and thinning of certain types of 802.11 management frames, cooperative load-balancing of clients between HiveAPs and automatic band-steering of clients to the preferred 5 GHz WLAN.
WLAN Topologies and Terminology A networking topology is defined simply as the physical and/or logical layout of nodes in a computer network. Any individual who has taken a networking basics class is already familiar with bus, ring, and star topologies that are often used in wired networks. An 802.11 WLAN topology is known as a service set. The following terms are often used in discussions about Wi-Fi topologies. BSS: The basic service set (BSS) is the cornerstone topology of an 802.11 network. The simple definition of a BSS is single access point with one or more Wi-Fi client devices communicating through the AP. Client stations join the AP’s wireless domain and begin communicating through the AP. Stations that are members of a BSS have a layer 2 connection and are called associated. Figure 13 depicts a standard 802.11 basic service set.
BSSID: The 48-bit (6-octet) MAC address of an access point’s radio card is known as the basic service set identifier (BSSID). The MAC address that is the layer 2 identifier of the basic service set (BSS). The BSSID is the MAC address of an access point’s radio or is derived from the MAC address of the AP’s radio if multiple basic service sets exist. SSID: The service set identifier (SSID) is a logical name used to identify a WLAN. The SSID wireless network name is comparable to a Windows workgroup name. The SSID can be made up of as many as 32 characters and is case sensitive.
Figure 13: Basic Service Set (BSS)
Figure 12: High Density
14 Copyright © 2011, Aerohive Networks, Inc.
DS: Access points are meant to be portal devices so that traffic can be forwarded from an 802.11 WLAN medium to another type of medium. The majority of 802.11 deployments use an access point as a portal into an 802.3 Ethernet backbone, which serves as a distribution system (DS) medium. Access points are usually connected to a switched Ethernet network, which often also offers the advantage of supplying power to the access points via Power over Ethernet (PoE). ESS: The term extended service set (ESS) is often used to describe one or more basic service sets connected by a distribution system medium. Usually an extended service set is a collection of multiple access points and their associated client stations, all united by a single 802.3 Ethernet backbone. In most cases the HiveAPs that belong to the same ESS will have overlapping Wi-Fi coverage cells to provide client mobility. As shown in Figure 14, HiveAPs in an ESS where roaming is required must all share the same logical name (SSID), but have unique layer 2 identifiers (BSSIDs) for each unique BSS coverage cell. The logical network name of an ESS is often called an extended service set identifier (ESSID) and is essentially synonymous with the term SSID.
WDS: The 802.11standard defines a mechanism known as a wireless distribution system (WDS) for wireless communication using a four-MAC-address frame format. Although the DS normally uses a wired Ethernet backbone, it is possible to use a wireless connection instead. A WDS forwards user traffic between access points using a method that is referred to as a wireless backhaul. Real-world examples of WDS include WLAN bridging between buildings and mesh networks. HiveAPs can be deployed as a WDS to provide for both client coverage and wireless backhaul. HiveAPs can be deployed in either a traditional mesh environment or as a mesh failover solution. Wireless mesh network connections can be used to create redundant paths between access points, enabling the WLAN to route around wired network failures ensuring there is no single point of failure within the wireless or the wired infrastructure. The dynamic wireless mesh network redundancy allows for this capability without dedicating a radio for this mesh resiliency, preserving two radios for user access during normal operation. When required to route around a failure in the wired network, a wireless mesh network connection is dynamically and gracefully established between neighboring HiveAPs.
Layer 2 - Data-Link/MAC Sublayer: 802.11 Frames The 802.11 Data-Link layer is divided into two sublayers. The top section is the IEEE 802.2 Logical Link Control (LLC) sublayer, which is identical for all 802-based networks. The bottom section of the Data-Link layer is the Media Access Control (MAC) sublayer. The 802.11 WLAN standard defines operations at the MAC sublayer.
Figure 14: Extended Service Set (ESS)
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 15
When the Network layer (layer 3) sends data to the Data-Link layer, that data is handed off to the LLC and becomes known as the MAC Service Data Unit (MSDU). The MSDU contains data from the LLC and layers 3–7. A simple definition of the MSDU is that it is the data payload that contains the IP packet plus some LLC data. When the LLC sends the MSDU to the MAC sublayer, the MAC header information is added to the MSDU to identify it. The MSDU is now encapsulated in a MAC Protocol Data Unit (MPDU). A simple definition of an MPDU is that it is a frame. An 802.11 frame consists of the following three basic components:
• MAC Header: Contains frame control information, duration information, addressing, and sequence control information.
• Frame Body: The body can be variable in size and also contains information that is different depending on the frame type and frame subtype.
• Frame Check Sequence (FCS): Comprises 32-bit cyclic-redundancy check (CRC) that is used to validate the integrity of received frames.
802.11 frames are unlike many frames used by wired network standards such as IEEE 802.3, which uses a single data frame type. The IEEE 802.11 standard defines three major frame types: management, control, and data. These frame types are further subdivided into multiple subtypes. Data Frames: Most 802.11 data frames carry the actual MSDU data that is passed down from the higher-layer protocols. The upper layer 3-7 MSDU payload is normally encrypted for data privacy reasons. The payload found in most 802.11 data frames is the client user traffic that is destined to and from the wired-side network. Each Aerohive HiveAP is responsible for the 802.11 to 802.3 frame format translation and for all data forwarding of user traffic at the edge of the network between the wired and wireless mediums. Management Frames: 802.11 management frames make up a majority of the frame transmissions in a WLAN. Management frames are used by client stations to join and leave the basic service set (BSS). Management frames have a MAC header, a frame body and a trailer; however, management frames do not carry any upper-layer information. There is no MSDU encapsulated in the management frame body, which carries only MAC layer information. Because there is no upper layer payload in an 802.11 management frame, they are not encrypted. Control frames: 802.11 control frames assist with the delivery of the data frames. Control frames must be able to be heard by all stations; therefore, they must be transmitted at one of the basic rates. Control frames are also used to clear the channel, acquire the channel, and provide unicast frame acknowledgments. They contain only header information and a trailer. Control frames do not have a frame body and therefore they are not encrypted. Another difference between 802.3 and 802.11 frames is the addressing fields found in the MAC header.. 802.3 frames have only a source address (SA) and destination address (DA) in the MAC header. 802.11 frames have four address fields in the MAC header. 802.11 frames typically use only three of the MAC address fields. However, an 802.11 frame sent within a wireless distribution system (WDS) requires all four MAC addresses. The contents of these four fields can include the following MAC addresses: receiver address (RA), transmitter address (TA), basic service set identifier (BSSID), destination address (DA), and source address (SA). Certain frames may not contain some of the address fields. Even though the number of address fields is different, both 802.3 and 802.11 identify a source address and a destination address, and use the same MAC address format. The first three octets are known as the Organizationally Unique Identifier (OUI), and the last three octets are known as the extension identifier. As shown in Figure 15, Aerohive’s HiveManager management server allows an administrator to run captures of WLAN frames from any HiveAP and save the data troubleshooting purposes. The packet capture tool can capture management, control, and data frames for both transmit and receive streams from the HiveAP. A network protocol analyzer program, such as Wireshark® can then be used to view the data. Any HiveAP can also accept remote connections from Wireshark® for real-time packet capturing.
Figure 15: Packet Capture
16 Copyright © 2011, Aerohive Networks, Inc.
Mobility and Roaming Basics In today’s world, end-users demand the freedom provided by WLAN mobility. Corporations also realize productivity increases if end-users can access network resources wirelessly. Mobility requires that Wi-Fi client stations have the ability to roam from one access point to another while maintaining network connectivity for Upper-layer applications. This roaming ability is a MAC layer process known as reassociation. Because this reassociation process allows for a client station to move from one basic service set (BSS) to another BSS, a more technical term often used for roaming is BSS transition. Although the MAC layer roaming processes are clearly defined by the IEEE, the 802.11 standard does not define client roaming thresholds and AP-to-AP handoff communications. Wi-Fi client stations always initiate the reassociation process at the MAC layer. In simpler words, clients make the roaming decision and access points do not tell the client when to roam. What causes the client station to roam is a set of proprietary rules determined by the manufacturer of the wireless card, usually defined by received signal strength indicator (RSSI) thresholds. RSSI thresholds usually involve signal strength, noise level, and bit-error rates. Even if a client is already associated with an access point, the client will continue to look for other access points by sending out probe request frames. The probing client can evaluate the received signal strength of any nearby access points that reply back to the client with a probe response frame. As shown in Figure 16, as the client station moves away from the original access point with which it is associated and the signal drops below a predetermined threshold, the client station will attempt to connect to a new target access point that has a stronger signal. The client sends a frame, called the reassociation request frame to a target access point, to start the roaming process. Wi-Fi client radios will have different thresholds that kick off the client reassociation process. The bottom line is that clients make the roaming decision, and all client roaming thresholds are proprietary. A target access point can welcome a potential client station to the BSS by responding with reassociation response frame. However, as the station roams, the original access point and the target access point must communicate with each other across the distribution system (DS) which is normally a wired Ethernet network. AP-to-AP communications help to provide for a clean transition between the two APs. The backend AP-to-AP communications that occurs is proprietary to all Wi-Fi vendors. A target access point can inform the original access point that the client is roaming. The original AP also can forward any of the client’s buffered packets to the target access point. Most Wi-Fi vendors must involve a WLAN controller that is deployed way back in the core of the network to accomplish these AP-AP communications. Aerohive uses a distributed cooperative-control protocol called Aerohive Mobility Routing Protocol (AMRP) between HiveAPs at the edge of the network to speed up the process. There is also a relationship that exists between client security and roaming. The 802.1X/EAP and PSK authentication process both produce a pairwise master key (PMK) that is later used to create final encryption keys that are unique to each client radio and the access point to which the client is associated. Fast secure roaming methods are needed to distribute a client station PMK between access points so that an 802.1X/EAP client will not have to reauthenticate with a RADIUS server
Figure 16: Roaming
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 17
every time a client roams. Whether connected via the wired LAN or wireless mesh, HiveAPs cooperate with each other using AMRP to predictively exchange client authentication state, identity information, and encryption key information to neighboring HiveAPs, allowing clients to perform fast and secure roaming. Even though roaming occurs at layer 2, what happens if client roams to AP that does not support the same management and/ or user VLANs? Mobility in typical IP networks is challenging because as a user moves from subnet to subnet, their IP settings change, which usually makes IP-based sessions or applications fail. As pictured in Figure 17, if a client roams across layer 3 boundaries, the client traffic must be tunneled back to the client’s original subnet, which allows the client to preserve its IP address settings and maintain preserve application sessions. Aerohive uses a protocol called Dynamic Network Extension Protocol (DNXP) that tunnels user traffic between HiveAPs at the edge on the network instead of tunneling all the user traffic back to a WLAN controller. Wi-Fi Security When discussing Wi-Fi security, the two topics that are most often brought up are data privacy and authentication. Since wireless is unbounded, and the signal can essentially be heard by anyone within listening range, measures need to be taken to secure the transmission so that only the intended recipients can understand the message. Therefore, data privacy should be considered mandatory. All essential user data must be encrypted prior to transmission and then decrypted after being received. Layer 2 encryption is needed to protect the layers 3-7 MSDU payload that is encapsulated inside of 802.11 data frames. The main purpose of an enterprise Wi-Fi network is to act as a wireless portal into a pre-existing wired network and provide access to network resources. It is therefore necessary to protect the wireless portal with strong authentication measures so that only authorized clients with proper credentials are provided with access to network resources. The IEEE 802.11 standard provides for what is known as a robust security network (RSN). An access point and a client station must establish a procedure to authenticate and associate with each other as well as create unique dynamic encryption keys through a process known as the 4-Way Handshake. Once a user authenticates a pairwise master key (PMK) is created to act as the seed material for the 4-Way Handshake process that is used to produce the final unique keys. The Wi-Fi Alliance maintains the current Wi-Fi Protected Access 2 (WPA2) security certification that requires CCMP/AES dynamic encryption key generation. The Wi-Fi Alliance WPA-2 Enterprise certification calls for the use 802.1X/EAP authentication which requires RADIUS server deployment and skills. The WPA-2 Personal certification calls for the use of simpler preshared key (PSK) authentication in a SOHO environment. Client Connectivity Troubleshooting. Aerohive’s client monitoring feature allows an admin you to monitor the authentication process a wireless client goes through when connecting with a HiveAP as well as other ongoing client activity. This tool is useful in troubleshooting issues where a client cannot complete the initial network connection process or is unable to roam between HiveAPs. Very often the cause of the problem is mismatched authentication credentials. Figure 18
Figure 17: Layer 3 Roaming
18 Copyright © 2011, Aerohive Networks, Inc.
shows a screen capture of client using PSK authentication that failed to complete the 4-Way Handshake which is used to produce unique dynamic encryption keys between an access point and a client. Because PSK authentication provides a master seed key for the 4-Way Handshake to be completed, the PSK must match on both the access point and the client. The Aerohive client monitoring tool can also be used to troubleshoot more advances 802.1X/EAP authentication problems such as SSL certificate errors.
Authentication Troubleshooting tools 802.1X/EAP requires communications between HiveAPs and a RADIUS server to validate client credentials. As shown in Figure 19, Aerohive offers a RADIUS test tool to test the backend communications between any HiveAP and a RADIUS server database. If backend communications are solid, the most likely cause of the problem is a Wi-Fi client with misconfigured EAP security credentials. All HiveAPs can also function as an enterprise RADIUS server which fully integrates with Active Directory or any LDAP compliant database. Aerohive’s HiveManager management solution also provides AD/LDAP integration test tools for troubleshooting.
Private PSK
Client Isolation: Upper Layer Design
Figure 18: Client Monitor
Figure 19: RADIUS Test Tool
Wi-Fi Basics
Copyright © 2011, Aerohive Networks, Inc. 19
The purpose of am 802.11 WLAN is to provide client mobility and to provide a secure “wireless portal” into a pre-existing network infrastructure. The authentication security solutions we have discussed are used to initially guard the WLAN portal by requiring the proper authorization credentials from the client users. Access to network resources can be restricted further with the use of VLANs and firewall policies. In other words, when designing and deploying an 802.11 WLAN, there will always be upper-layer design considerations. Virtual local area networks (VLANs) are used to create separate broadcast domains in a layer 2 network and are often used to restrict access to network resources without regard to the physical topology of the network. VLANs are used extensively in switched 802.3 networks for both security and segmentation purposes. In a Wi-Fi environment, individual SSIDs can be mapped to individual VLANs. User traffic can be isolated by the SSID/VLAN pair, while communicating through a single access point. Each SSID can then be configured with unique security settings. As shown in Figure 20, a common strategy is to isolate wireless user traffic into separate VLANs for data, voice and guest traffic. The SSID mapped to the data VLAN will have normally use strong 802.1X/EAP authentication security. The voice VLAN SSID might be using a different security solution such a PSK or Private PSK authentication and the VoWiFi client phone traffic is routed via a SIP gateway. An SSID mapped to the Guest VLAN uses captive portal authentication and all users are restricted away from network resources and routed off to an Internet gateway. Every WLAN has a logical name (SSID), and each WLAN BSS has a unique layer 2 identifier, the basic service set identifier (BSSID). The BSSID is typically the MAC address of the access point’s radio card; however, access points have the capability of creating multiple virtual BSSIDs. WLAN vendors allow for the creation of virtual WLANs, each with a unique logical identifier (SSID) that is also assigned to a specific VLAN. Because the BSSID is the MAC address of the AP and because multiple virtual WLANs can be supported from the same physical AP, each virtual WLAN is typically linked with a unique virtual BSSID. This capability as multiple basic service set identifier (MBSSID). As shown in Figure 20, the MBSSIDs are usually increments of the original MAC address of the AP’s radio. Within each AP’s coverage area, multiple virtual WLANs can exist. Each virtual WLAN has a logical name (SSID) and a unique virtual layer 2 identifier (BSSID), and each WLAN is mapped to a unique layer 3 virtual local area network (VLAN). In other words, multiple layer 2/3 domains can exist within one layer 1 domain. Try to envision multiple basic service sets (BSSs) that are linked to multiple VLANs, yet they all exist within the same coverage area of a single access point. Aerohive Networks provides User Profile configuration settings to allow administers to isolate user traffic into separate VLANs per SSID and/or by location. Furthermore, RADIUS attributes can also be leveraged to assign end-users from different Active Directory user groups into separate VLANs. Client access to network resources can also be further restricted by implementing user traffic security policies. Security policies for user traffic can be based on the identity of a user, or by SSID. Security policies give an administrator the ability to enforce MAC address filters, MAC (layer 2) firewall policies, and IP (layer 3/layer 4) firewall polices. Each HiveAP is capable of stateful deep packet inspection which allows for policy enforcement at the edge on the network. When a client opens an application session, any open firewall state for that client will follow the client as it roams between HiveAPs.
Figure 20: Client Isolation
20 Copyright © 2011, Aerohive Networks, Inc.
Summary
Every WLAN administrator should have an understanding of the basic of Wi-Fi. Knowledge of how Wi-Fi operates at layers 1 and 2 and integrates into the upper layers is necessary for proper design, deployment, administration and troubleshooting. The goal of this paper has been to give you a very brief introduction to these concepts. We highly suggest the vendor-neutral Certified Wireless Networking Professional (CWNP) program which offers career certifications and training in enterprise Wi-Fi technologies from beginner to expert levels. More information can be found at www.cwnp.com. Additional Recommended Reading:
CWNA: Certified Wireless Network Administrator Official Study Guide:• by David D. Coleman and David A. Westcott - Sybex Publishing - ISBN# 0470438908 CWSP: Certified Wireless Security Professional Official Study Guide:• by David D. Coleman, Bryan Harkins, Shawn Jackman and David A. Westcott - Sybex Publishing - ISBN# 0470438916 802.11 Wireless Networks: The Definitive Guide, Second Edition • by Matthew Gast - O’Reilly Media - ISBN#0596100523 802.11n Technology Primer White Paper:• by Aerohive
