a) In the context of wireless adapters
What are the three types of drivers available for wireless
client adapters? State their name and explain their operation
1. radio firmware, The firmware contained in the Flash memory of
the client adapter controls the radio2. a driver provides an
interface between a computer running a Windows operating system and
the client adapter3. client utilities. Two client utilities are
available for use with Cisco Aironet client adapters. They are the
Aironet Client Utility (ACU) and the Aironet Client Monitor (ACM).
These utilities are optional applications that interact with the
radio firmware to adjust client adapter settings and display
information about the adapter
2- In the context of the CISCO 3 layer hierarch design please
explain the concept of modularity and how it is applied to WLAN
design.
modularity in network design allows the user to create design
elements that can be replicated as the network grows. When a
network design element requires a change, the cost and complexity
of making the upgrade is constrained to a small subset of the
overall network. In large flat or meshed network architectures,
changes tend to impact a large number of systems.Modular
structuring of the network into small, easy-to-understand elements
also simplifies fault isolation. The user can easily understand the
transition points in the network, and thus identify failure
points.
3- In the context of Roaming State and explain the five steps to
ensure seamless roaming?
The following five steps to ensure seamless roaming:1) The
client sends out a request for association and immediately receives
a response from all access points within its coverage area.2) The
client decides which access point to associate with based on signal
quality, strength, the number of users associated, and the required
number of hops to reach the backbone.3) After an association is
established, the client's Media Access Control (MAC) address drops
into the table of the selected access point. If the client
encounters difficulty, it will roam for another access point. If no
other access point is available, the client will lower its data
transmission rate and try to maintain connection.4) After the
client roams to another access point, its MAC address drops into
the table of the new access point, which sends a broadcast message
basically stating that it received "MAC address X".5) The original
access point forwards any data it had for the client to the other
access point, which responds by sending the same to the client.
Security ch8There are four primary classes of threats to
wireless security:1. Unstructured threats- Unstructured threats
consist of inexperienced individuals using hacking tools. such as
shell scripts and password crackers.2. Structured threats-
Structured threats come from hackers. who are more highly motivated
and technically competent. These people know wireless system
vulnerabilities, and they can understand and develop exploit-code,
scripts, and programs.3. External threats- External threats are
organizations working from outside of the company. They do not have
authorized access to the wireless network. They work their way into
a network mainly from outside the building such as parking lots,
adjacent buildings or common areas. These are the type of threats
that people spend the most time and money protecting against.4.
Internal threats- Internal threats occur when someone has
authorized access to the network with either an account on a server
or physical access to the wire.
Wireless attack methods can be broken up into three
categories:1. Reconnaissance- Reconnaissance is the unauthorized
discovery and mapping of systems, services, or vulnerabilities. It
is also known as information gathering and it usually precedes an
actual access or DoS attack.2. Access attack- is the ability for an
unauthorized intruder to gain access to a device for which the
intruder does not have an account or password3. Denial of Service
(DoS)- DoS is when an attacker disables or corrupts wireless
networks, systems, or services, with the intent of denying the
service to authorized users. DoS attacks take many forms. In most
cases, performing the attack simply involves running a hack,
script, or tool
Wired equivalent privacy (WEP)The IEEE 802.11 standard includes
WEP to protect authorized users of a WLAN from casual
eavesdropping. The IEEE 802.11 WEP standard specified a 40-bit key,
so that WEP could be exported and used worldwide, as indicated .
Most vendors have extended WEP to 128 bits or more. When using WEP,
both the wireless client and the access point must have a matching
WEP key. WEP is based upon an existing and familiar encryption
type, Rivest Cipher 4 (RC4).
802.1x authentication types:Different authentication types are
supported when using 802.1x on a WLAN. LEAP Lightweight EAP (LEAP)
is also called EAP-Cisco. LEAP is the Cisco version of EAP. It is
used on networks that currently do not support EAP. The current
versions of EAP may not provide the functionality that is needed or
may be too demanding. This could compromise the performance of the
WLAN equipment. LEAP is a good choice when using Cisco equipment in
conjunction with operating systems like Windows 95, Windows 98,
Windows Me, Windows CE, Windows NT/2000/XP, and Linux. EAP-TLS
EAP-Transport Layer Security (EAP-TLS) is a labor-intensive
security option. EAP-TLS requires a digital certificate configured
on all WLAN Clients and on the Server. EAP-TLS is based on X.509
certificates. It is usually easier to use than PEAP, which is based
on EAP-TLS. PEAP Protected EAP (PEAP) is a draft EAP authentication
type that is designed to allow hybrid authentication. PEAP employs
server-side PKI authentication. For client-side authentication,
PEAP can use any other EAP authentication type. Because PEAP
establishes a secure tunnel via server-side authentication,
non-mutually authenticating EAP types can be used for client-side
authentication. Client-side authentication options include EAP-GTC
for one-time passwords and EAP-MD5 for password-based
authentication. EAP-MD5 Extensible Authentication Protocol MD5
(EAP-MD5) should not be used, because it does not provide mutual
authentication. EAP-MD5 is a one-way authentication that
essentially duplicates CHAP password protection on a WLAN. EAP-MD5
is used as a building block in EAP-TTLS. EAP-OTP EAP-One Time
Passwords (EAP-OTP) is also called EAP- Generic Token Card
(EAP-GTC). It is not recommended, since OTPs are not a form of
mutual authentication. EAP-SIM EAP-SIM uses the same smart card or
SIM that is used in GSM mobile phones to provide authentication.
EAP-SIM can easily ride on EAP-TLS. EAP-TTLS EAP-Tunneled Transport
Layer Security (EAP-TTLS) is an IETF draft authored by Funk
software and Certicom. EAP-TTLS provides similar functionality to
PEAP. EAP-TTLS protects passwords by using TLS, which is an
advanced form of Secure Socket Layer (SSL). EAP-TTLS currently
requires a Funk software RADIUS server. Kerberos Kerberos is not
part of the 802.1x standard, but it is being recommended by some
vendors. Kerberos is an authentication system enabling protected
communication over an open network, which uses a unique key called
a ticket. It requires service configuration. PEAP can support
Kerberos through EAP-Generic Security Service (EAP-GSS).
Antennas CH7.
An antenna: gives the wireless system three fundamental
properties. They are gain, direction, and polarization. Gain is a
measure of increase in power. Direction is the shape of the
transmission pattern.
The antennas used for WLANs have two functions:1. Receive: This
is the sink or terminator of a signal on a transmission medium. In
communications, it is a device that receives Information, control,
or other signals from a source.2. Transmit: This is the source or
generator of a signal on a transmission medium.
The bandwidth of an antenna is the band of frequencies, over
which it is considered to perform acceptably. The wider the range
of frequencies a band encompasses, the wider the bandwidth of the
antenna Beamwidth is a measurement used to describe directional
antennas. Beamwidth is sometimes called half-power beamwidth. It is
the total width in degrees of the main radiation lobe, at the angle
where the radiated power has fallen below that on the centreline of
the lobe, by 3 dB (half-power)
Polarization :
Polarization is the physical orientation of the element on the
antenna that actually emits the RF energy. Polarization is a
physical phenomenon of radio signal propagation.
There are two categories, or types, of polarization. They are
linear and circular.
antenna types include the following:1. Isotropic antenna This is
a hypothetical antenna that radiates or receives energy equally in
all directions. Isotropic antennas do not exist physically, but
they represent convenient reference antennas for expressing
directional properties of physical antennas
2. Dipole antenna This is usually a straight, center-fed,
one-half wavelength antenna.
3. Antenna array This is an assembly of antenna elements with
dimensions, spacing, and illumination sequence arranged in such a
way that the fields for the individual elements combine. This
combination produces a maximum intensity in a particular direction
and minimum field intensities in other directions.Diversity :
Diversity is the simultaneous operation of two or more systems
or parts of a system. Diversity is used to improve system
reliability. Multipath fading can cause temporary failures in even
the best-designed paths. Diversity is a possible solution to this
problem. Two types of diversity are as follows:1. Space Diversity2.
Frequency Diversity
Bridge ch6there are six options for configuring the root state
and related parameters on the BR350. These options correspond to
the following six roles, which a bridge can assume in a LAN: Root
bridge Non-root bridge with clients Non-root bridge without clients
Root access point Repeater access point Site survey client
Ethernet port :
This section describes how to configure the bridge Ethernet
port, using the Ethernet pages in the management system. The
Ethernet pages include the following
1. Ethernet Identification: Contains the basic locating and
identity information for the Ethernet port.2. Ethernet Hardware:
Contains the setting for the Ethernet port connection speed of the
bridge.3. Ethernet Advanced: Contains settings for the operational
status of the bridge Ethernet port.
ACCESS POINT 5: There are three basic models of Cisco APs1-
12002-11003-350
IOS and VxWorks are the two different operating systems
available on Cisco Aironet APs and bridges
An access point can be controlled and configured though command
line and Web interfaces. Management can also be done through
traditional protocols like SNMP. A variety of antenna options can
provide additional reach or speed, depending on the installation.
An access point can be single band, like an 1100 APThere are two
basic GUI interfaces . IOS VxWorks The 350 series AP and Bridge
currently use the VxWorks interface. The 1100 only uses the IOS
image. The 1200 Series is capable of either, however a IOS AP
should not be downgraded to VxWorks. Any AP that is running the IOS
image also contains the IOS CLI code common to Cisco routers and
switches. This makes an easy transition for existing Cisco network
administrators.The AP will get an IP address using DHCP, if
possible. If no DHCP server is available, a Cisco AP will use the
static IP address 10.0.0.1, by default.
HTTP:This feature enables Web-based GUI management by providing
support for HTML Web pages and Common Gateway Interface (CGI)
scripts using common Web browsers
The help files can be pointed to one of three possible
locations: Internet Cisco maintains up-to-date help for devices on
the Cisco website. While this location requires online access for
every occasion of needing online help, it offers the most
up-to-date information. File Server On multi-user networks, the
help files can be placed on the network file server. Hard Drive The
help files can be copied to the hard drive of the computer which is
used to manage the wireless LAN.
