INTRODUCTION TO WLAN:-
A wireless local area network (LAN) is a flexible data communications system implemented as an extension to, or as an alternative for, a wired LAN. Using radio frequency (RF) technology, wireless LANs transmit and receive data over the air, minimizing the need for wired connections. Thus, wireless LANs combine data connectivity with user mobility.
Wireless LANs have gained strong popularity in a number of vertical markets, including the health-care, retail, manufacturing, warehousing, and academia. These industries have profited from the productivity gains of using hand-held terminals and notebook computers to transmit real-time information to centralized hosts for processing. Today wireless LANs are becoming more widely recognized as a general-purpose connectivity alternative for a broad range of business customers. Business Research Group, a market research firm, predicts a six fold expansion of the worldwide wireless LAN market by the year 2000, reaching more than $2 billion in revenues.
WORKING OF WLAN:-
Wireless LANs use electromagnetic airwaves (radio or infrared) to communicate information from one point to another without relying on any physical connection. Radio waves are often referred to as radio carriers because they simply perform the function of delivering energy to a remote receiver. The data being transmitted is superimposed on the radio carrier so that it can be accurately extracted at the receiving end. This is generally referred to as modulation of the carrier by the information being transmitted. Once data is superimposed (modulated) onto the radio carrier, the radio signal occupies more than a single frequency, since the frequency or bit rate of the modulating information adds to the carrier.
Multiple radio carriers can exist in the same space at the same time without interfering with each other if the radio waves are transmitted on different radio frequencies. To extract data, a radio receiver tunes in one radio frequency while rejecting all other frequencies.
In a typical wireless LAN configuration, a transmitter/receiver (transceiver) device, called an access point, connects to the wired network from a fixed location using standard cabling. At a minimum, the access point receives, buffers, and transmits data between the wireless LAN and the wired network infrastructure. A single access point can support a small group of users and can function within a range of less than one hundred to several hundred feet. The access point (or the antenna attached to the access point) is usually mounted high but may be mounted essentially anywhere that is practical as long as the desired radio coverage is obtained.
End users access the wireless LAN through wireless-LAN adapters, which are implemented as PC cards in notebook or palmtop computers, as cards in desktop computers, or integrated within hand-held computers. wireless LAN adapters provide an interface between the client network operating system (NOS) and the airwaves via an antenna. The nature of the wireless connection is transparent to the NOS.
CONFIGURATION OF WLAN:-
Installation of wireless LAN :-
An 802.11b wireless network can operate in two modes:
(i) Without base station (ad-hoc)
(ii) With base station (infrastructure).
In ad-hoc mode, your computers talk directly to each other and do not need an access point. Access point is the device which can communicate to remote computer directly. In infrastructure mode, data transmitted by the sender computer first goes to the access point and then access point will send it to the destination computer. I.e. in infrastructure mode, network traffic passes through a wireless access point. And access point manages the traffic of the network. An infrastructure-mode wireless Ethernet segment can be easily added to a traditional wired network to make an integrated wired and wireless network.
Installing an ad-hoc network:-
Installing a simple ad-hoc network in a small area (such as in a home or small office) requires placing wireless network interface cards (NICs) in the PCs. They install just like any other NIC, but usually sport antennas that stick out of the computer’s case like little ears. PC-card versions are available for laptop and notebook computers.
Ad-hoc wireless network:-
Ad-hoc wireless networks are an inexpensive and flexible option. An 802.11b network in the ad-hoc mode is entirely wireless. Each workstation relates on a peer-to-peer basis with other workstations. You can add a wireless broadband router to an ad-hoc network to provide Internet access to computers on the network. An ad-hoc network is suitable only for very small installations where security is not an issue.
Installing an infrastructure-mode network:-
To install a larger network in infrastructure mode, both NICs and access points must be installed and configured. Placing access points to ensure proper coverage and performance can be tricky. For a smaller installation, simple trial and error will often find the best locations for access points. However, a large wireless network needs some organization. The best way to decide where to place access points is by performing a site survey. This is done by placing access points in various locations around the intended coverage area and recording signal strength and quality. Network and power connections must also be considered. Often the best place for some access points is on the ceiling. While an access point can easily be mounted on the ceiling, most buildings do not have Ethernet and power connections on the ceiling. A partial solution to this problem is to run just an Ethernet connection to the access point but to use an access point that can be powered through the Ethernet cable. These access points get power from a device in the wiring closet that provides DC power over the unused wire pairs in the UTP Ethernet cable. This feature eliminates the need to run an AC power cable to the access point, making installation easier. Access points and NICs must be configured after they’re installed. Most vendors supply configuration tools with their wireless products and some even provide for bulk configuration of access points on the same network. Access points can be configured via telnet, Web-based browsers, or SNMP; from a wireless station; or by using a serial console port built into the access point itself.
Infrastructure wireless network:-
For larger installations or for use in larger buildings, choose an infrastructure-mode wireless network. An 802.11b network in infrastructure mode depends on access points connected together. Each workstation communicates with an access point rather than directly with another workstation. Infrastructure mode is suitable for small-to-medium-sized wireless networks, but may not offer enough bandwidth for networks with heavy traffic. And, as with the ad-hoc network, security is still a concern.
TYPES OF WLAN:-
PEER TO PEER NETWORK:-
Wireless LANs can be simple or complex. At its most basic, two PCs equipped with wireless adapter cards can set up an independent network whenever they are within range of one another. This is called a peer-to-peer network. On-demand networks such as in this example require no administration or preconfiguration. In this case each client would only have access to the resources of the other client and not to a central server.
CLIENT AND ACCESS POINT:-
Installing an access point can extend the range of an ad hoc network, effectively doubling the range at which the devices can communicate. Since the access point is connected to the wired network each client would have access to server resources as well as to other clients. Each access point can accommodate many clients; the specific number depends on the number and nature of the transmissions involved. Many real-world applications exist where a single access point services from 15-50 client devices.
MULTIPLE ACCESS POINT AND EXTENSION POINT:-
Access points have a finite range, on the order of 500 feet indoor and 1000 feet outdoors. In a very large facility such as a warehouse, or on a college campus it will probably be necessary to install more than one access point. Access point positioning is accomplished by means of a site survey. The goal is to blanket the coverage area with overlapping coverage cells so that clients might range throughout the area without ever losing network contact. The ability of clients to move seamlessly among a cluster of access points is called roaming. Access points hand the client off from one to another in a way that is invisible to the client, ensuring unbroken connectivity.
Sometimes it is possible that an area with in a building, college campus or industrial complex may not have a wired LAN that supports the installation of the access point, an alternative method is to employ an extension point. An extension point may be considered as being similar to a repeater, extending the range of wireless access to a LAN by relaying signals from a client to an access point.
Both multiple access points and extension points can be used to extend wireless LAN access capabilities over a relatively large area. For either or both devices, their use enables clients to move within a large geographic area, in effect providing notebooks and PDAs with roaming capabilities.
To solve particular problems of topology, the network designer might choose to use Extension Points to augment the network of access points. Extension Points look and function like access points, but they are not tethered to the wired network as are APs. EPs function just as their name implies: they extend the range of the network by relaying signals from a client to an AP or another EP. EPs may be strung together in order to pass along messaging from an AP to far-flung clients, just as humans in a bucket brigade pass pails of water hand-to-hand from a water source to a fire.
DIRECTIONAL ANTENNA NETWORK:-
One last item of wireless LAN equipment to consider is the directional antenna. Let’s suppose you had a wireless LAN in your building A and wanted to extend it to a leased building, B, one mile away. One solution might be to install a directional antenna on each building, each antenna targeting the other. The antenna on A is connected to your wired network via an access point. The antenna on B is similarly connected to an access point in that building, which enables wireless LAN connectivity in that facility.
PROTOCOLS:-
PROTOCOL STACK:-
The protocols used by all 802 variants, including Ethernet, have a certain commonality of structure. The physical layer is corresponds to that of OSI model fairly well, but data link layer in all the 802 protocols is split into two or more sub layers. In this, the Medium access control (MAC) sub layer determines how the channel is allocated, that is, and who gets to transmit next. Above it is the Logical Link Control (LLC) sub layer, whose job it is to hide the differences between the different 802 variants and make them indistinguishable as far as the network layer is concerned. The 802.11 protocol defines one Media Access Control layer (MAC) that interacts with three different Physical layers (PHYs). MAC sub layer of Data Link layer takes care of the radio access independent procedures.The PHY of the OSI model brings an interface to the network medium and provides the actual signalling function across the network. Figure x.x shows lowest protocol layers of IEEE 802.11 and 802.11b comparing them to other stacks.
The physical layer is separate from medium access sublayer to allow future upgrades when new frequency bands and modulation techniques become available.
PHYSICAL LAYER:-
FREQUENCY HOPPING SPREAD SPECTRUM:-
Under frequency-hoping spread spectrum communications, a narrowband carrier is shifted in this discrete increment of frequency. The frequency shift is based on a pattern generated by a code sequence that spreads transmission over a wide frequency band. This result in the name associated with this communications technique.
OPERATION:-
Fig. illustrates an example of frequency hopping spread spectrum communications. Note that the code or algorithms that define the manner by which frequencies change can be selected to avoid interference to or from other non-spread-spectrum communications systems. For example, if frequency band f1 to fn is used for frequency hopping but fx, where f1<>
FREQUENCY ALLOCATION:-
Although the standard specifies 79 nonoverlapped frequency channels, the actual number of channels used and their power and frequency assignment depend on the regulatory authority assignment of frequency usage in a particular country. Table 11-2 provides a comparison of a regulations in North America, Europe and
| Geographic Area | Frequency Band (MHz) | Hopping channels | Maximum transmit Power |
| | 2400-2483.5 | At least 75;79 used | 1W |
| | 2400-2483.5 | At least 20;79 used | 100mW |
| | 2471-2497 | At least 10;23 used | 10mW/MHz |
HOPPING CHANNELS:-
In addition to the entries in above table, you should note that different regulatory bodies restrict the number of hopping channels that can be used in other locations of the world. For example, in
MODULATION:
Under the IEEE 802.11 standard, frequency shift keying (FSK) is used for FHSS b because of its low cost and easy operation. In actuality, two versions are FSK specified, each more formally referred to as Gaussian-shaped FSK (GFSK). Under GFSK, which operates at 1 M symbols/s, non-return to zero (NRZ) data are filtered result is used to frequency modulate a carrier. To provide a 1-Mbps operating rate, which is mandatory, a two-level GFSK modulation method is used, with binary 1s and 0s modulated into one of two frequencies. To support the optional 2-Mbps data rate, four-level GFSK modulation method is employed, with pairs of bits modulated using one of four frequencies.
COMMUNICATION:
FHSS uses 79 channels each 1-MHz wide, starting at the low end of the 2.4_GHz ISM band. A pseudorandom number generator is used to produce the sequence of frequencies hopped to. As long as all stations use the same seed to the pseudorandom number generator and stay synchronized in time, they will hop to the same frequencies simultaneously. The amount of time spent at each frequency, which is same for each hop frequency, the dwell time, is an adjustable parameter, but must be less than 400 msec. FHSS’ randomization provides a fair way to allocate spectrum in the unregulated ISM band. It also provides a modicum of security since an intruder who does not know the hopping sequence or dwell time cannot eavesdrop on transmissions. Over longer distances, multipath fading can be an issue, and FHSS offers good resistance to it. It is also relatively insensitive to radio interference, which makes it popular for building-to-building links. Its main disadvantage is its low bandwidth.
FRAME FORMAT:
At the physical layer, FHSS transmits data using a predefined frame format. Fig. below illustrates the IEEE 802.11 standard frequency hopping spread spectrum frame format.
The FHSS preamble can be considered to include an 80-bit synchronization pattern used to detect the presence of a signal, resolve antenna diversity, and acquire symbol timing as well as a 16-bit start of frame delimiter (SFD) that provides symbol-level frame synchronization. Concerning the latter, the SFD contains four distinct quad-bit patterns that enable the results of all possible GFSK modulations to be verified. The FHSS frame header consists of three fields. The Length field, which is a 12-bit field, indicates the length of the payload field
| Preamble | SFD | Length | Signaling | CRC | Variable Data |
FHSS Frame Format
The second field in the header is a 4-bit Signaling field. One bi. Thus the maximum length of the variable data field is 4095 bytes.t in this field indicates whether the data rate is 1 or 2 Mbps, whereas the other three bits are reserved for future use. Finally, the third field in the header is a 16-bit cyclic redundancy check (CRC), which used the ITU-T generating polynomial as shown below:
G(X) = X^16 +X^12 + x^5 + 1
which is a shorthand representation for the bit sequence 1000100000010001.
Although FHSS can operate at either 1 or 2 Mbps, the preamble and header are always transmitted at 1 Mbps. Then, if the Signaling field indicates a 2-Mbps operation, the remainder of the frame is transmitted at that operating rate. Hopping Sequence To minimize the effect of multipath reflections, the frequency used by FHSS was developed to provide a minimum hop distance. By establishing a minimum frequency variation between hops, reflections from one hop have minimal effect on the next hop because it takes time for the reflections to arrive at a receiver, which will now hopefully be “looking” to receive information at a different frequency. In the
2402 + [b(i) +j] mod 79
DIRECT SEQUENCE SPREAD SPECTRUM:-
Under direct sequence spread spectrum communications, a carrier is modulated by a digital code, with the code bit rate being larger than the information bit rate. The code bits represent a redundant bit pattern generated by the direct sequence spread spectrum technology that is applied to each information bit to be transmitted. This bit pattern is referred to as a chip or chipping code. The longer the chip, the greater the resulting ability of a receiver to recover the original data. However, since each information bit is encoded into a sequence of bits, additional bandwidth is required.
OVERVIEW:-
The IEEE 802.11a standard operates at either 1 or 2 Mbps in the 2.4 GHz ISM frequency band. At physical layer, each information bit is modulated by an 11-bit sequence referred to as an 11-bit Barker sequence. The use of the Barker sequence results in an 11-MHz chipping rate and spreads RF energy across a wider bandwidth than would be required to transmit the original information bits. At the receiver, the 11-bit Barker sequence is used to dispread the RF input, enabling the original data to be recovered.
WORKING OF DSSS:-
To illustrate the operation of direct sequence spread spectrum communications, let’s assume that a 3-bit chip or chipping code is applied to each information bit. Under direct sequence spread spectrum communications, each information bit is module-2 added to each bit in mission of the information bits 101 based on a chipping code of 010. Note that because a 3-bit chipping code is used, the three information bits are transmitted as a sequence of 9 bits.
| Information bits | 101 |
| Chipping code | 010 |
| Transmitted bits (modulo/2 addition) | 1010101 |
In examining the entries in Table 11.1, note that the chipping code is modulo-2 added to each information bit. That is, the first information bit (1) is modulo-2 added to each bit in the chipping bit code (010). This modulo-2 addition process results in generation of the bit sequence 101, which is transmitted to represent the information bit of binary 1. Next, the second information bit (0) is modulo-2 added to each chipping code bit (010) to generate the bit sequence 010, which is transmitted to represent the second information bit, whose value is binary 0. Finally, the third information bit (1) is modulo-2 added to the chipping bit code to generate the 3-bit sequence 101, which is transmitted instead of the information bit value of binary 1.
If we use the +1s and -1s to represent binary 1s and 0s, we can better view the effect of a chipping code for the generation of direct sequence spread spectrum communications. Fig 11-2 illustrates the direct sequence spread spectrum transmission of the 3 information bits contained in table 11.1 through the use of the chipping code contained in the table.
Because the chipping code adds redundancy to the Information being transmitted, this permits a receiver to recover the original data if one or more bits are damaged during transmission. Of course, the ability to recover from transmission impairments depends on the length of the chipping code used and the length of the transmission impairment. However, when data can be recovered, it is done without the necessity to have the originator retransmit. Because a receiver without the applicable chipping code receives a signal that appears to represent low power wideband noise, direct sequence spread spectrum communications are also applicable for military communications where reliability and security are important considerations.
Continuing this examination of the IEEE 802.11 specification, a second physical layer supported by the standard is direct sequence, a second physical layer supported by the standard is direct sequence spread spectrum (DSSS). As mentioned at the beginning of this chapter, under DSSS, a signal is spread through the use of a sequence, which results in the use of a wider bandwidth with lower power density.
Although the original IEEE 802.11 standard, now referred to as the IEEE 802.11a specification, defined three physical layers, it should be noted that DSSS is the only physical layer specified for the recently 802.11b standard, data rates of 5.5 and 11 Mbps are supported. Thus in this section we will describe and discuss the use of DSSS with respect to both IEEE 802.11b standard uses the same 2.4- MHz bandwidth and channelization scheme as the 1-Mbps version of the IEEE 802.11a standard. The only difference between the two is the use of different chipping method, with the IEEE 802.11a standard using an 11-bit Barker chip and the IEEE 802.11b specification being based on the use of an 8-bit complimentary code keying (CCK) algorithm.
MODULATION:-
Two different modulation methods are supported by the IEEE 802.11a standard. At an operating rate of 1 Mbps, differential binary phase shift keying (DBPSK) is used. At an operating rate of 2 Mbps, differential quadrature phase-shift keying (DQPSK) is employed. Under DBPSK modulation, each bit is represented by one of two possible phase changes. In comparison, under DQPSK, the modulation process operates on pair of bits, modulating each bit pair into one of four possible phase changes.
FREQUENCY ALLOCATION:-
Similar to FHSS, the frequency allocations for DSSS can very based on different regulatory agencies. As an example of potential differences, table below lists the allowed center frequencies and the corresponding channel numbers for North America, Europe, and
| Channel Number | | | japan |
| 1 | 2412 | N/A | N/A |
| 2 | 2417 | N/A | N/A |
| 3 | 2422 | 2422 | N/A |
| 4 | 2427 | 2427 | N/A |
| 5 | 2432 | 2432 | N/A |
| 6 | 2437 | 2437 | N/A |
| 7 | 2442 | 2442 | N/A |
| 8 | 2447 | 2447 | N/A |
| 9 | 2452 | 2452 | N/A |
| 10 | 2457 | 2457 | N/A |
| 11 | 2462 | 2462 | N/A |
| 12 | N/A | N/A | 2484 |
FRAME FORMAT:
Bits
| Preamble (128) | SFD (16) | Signal (8) | Service (8) | Length (16) | CRC (16) | Data |
DSSS Frame Format
Fig illustrates the general DSSS frame format. The DSSS Preamble field consists of 128 bits and provides a mechanism for the receiving station to adjust to the incoming signal. This field is followed by the Start of Frame Delimiter (SFD) field. This 16-bit field is followed by an 8-bit Signal field. This field functions as a rate indication method that allows the receiver to use the applicable modulation method commensurate with the data rate of originator.
The fourth field in the DSS physical layer is the Service field. This 8-bit field is currently assigned the value hex 00 to signify IEEE 802.11 compliance, however, is actual use is presently reserved. The fifth field is the Length field. The function of this 16 bit field is to indicate the number of bytes in the Date field that follows the CRC field. Concerning the CRC field, this 16-bit field is used to protect the Signal Service, and Length fields.
INFRARED FREQUANCY (IF):-
IR was developed as a communications method for remote control approximately 30 years ago. Infrared (IR) communications systems use very high frequencies that are just below visible light in the electromagnetic spectrum. Like light, IR radiation cannot penetrate opaque objects, which limits its transmission capability to direct line of sight or diffuse method of communication.
OVERVIEW:-
The IR transmission employed under the IEEE 802.11a specification is based on the 850 – 950-nm range, which is nearly visible light. IR reception is based on diffuse IR transmission, which means that a clear line-of-sight path between transmitter and receiver is not required. However, the allowable range between stations is limited approximately 10 m, and the use of this layer is restricted to in-building application. Two speeds are permitted: 1 Mbps and 2 Mbps. At 1 Mbps, an encoding scheme is used in which a group of 4 bits is encoded as a 16-bit codeword containing fifteen 0s and a single 1, using what is called Gray Code. This code has the property that a small error in time synchronization leads to only a single bit error in the output. At 2 Mbps, the encoding takes 2 bits and produces 4-bit codeword, also with only a single 1, that is 0001,0010, 0100 or 1000. Infrared signals cannot penetrate walls, so cells in different rooms are well isolated from each other. Nevertheless, due to the low bandwidth ( and the fact that sunlight swamps infrared signals), this is not a popular option. Position of short light pulses carry information. Uppermost sequence contains four bits of data at 1 Mbps, which is encoded into a single 16-PPM symbol. In this example sequence “1001” corresponds to the pulse at tenth pulse slot from the right (the rightmost slot corresponds to sequence “0000”). Duration of modulating PPM-pulses is the same for both data rates for easier implementation.
At higher 2 Mbps data rate each pair of bits is encoded into a single 4-PPM symbol as shown in Figure 1.5. All four bit combinations are shown and we see that for example “11” is transmitted as a pulse at the last of the four pulse positions. Correspondingly pulse at the first place represents bit pair “00”.
FRAME FORMAT:-
| Preamble | SFD | Data Rate | DC level adjustment | Data |
Fig. above illustrates the IR physical layer frame format. The Synchronization and Start Delimiter (SFD) fields function similarly to those fields used in the DSSS and FHSS frames. However, instead of a Signaling field, the IR frame uses a Data Rate field to denote the data rate. This field is used to indicate if the operating rate is what is referred to as the 1-Mbps basic access rate or the enhance access rate of 2-Mbps. If we compare the frame formats for DSSS and FHSS frames with IR frames, we will note that Signal Field in first two frames is in same location as the Data Rate frames in IR frame. Thus, the terminology is changed, the field are positioned and function in same manner.
ORTHOGONAL FREQUENCY DIVISION MULTIPLEXING:-
The first of the high speed wireless LANs, 802.11a uses orthogonal frequency division multiplexing (OFDM) to deliver up to 54 Mbps in the wider 5-GHz ISM band. As the term FDM suggests, different frequencies are used – 52 of them, 48 for data and 4 for synchronization-not unlike ADSL. Since transmission are present on multiple frequencies at the same time, this technique is considered a form of spread spectrum, but different from both CDMA and FHSS. Splitting the signal into many into many narrow bands has some key advantages over using a single wide band, including better immunity to narrowband interference and the possibility of using noncontiguous bands. A complex encoding system is used, based on phase shift modulation for speeds up to 18Mbps and on QAM above that. AT 54 Mbps, 216 data bits are encoded into 288-bit symbols. This technique has a good spectrum efficiency in terms of bits/Hz and good immunity to multipath fading.
DATA LINK LAYER: -
This layer is divide in to two sub layer Medium Access Control (MAC) sub layer and Logical link control (LLC) .
Medium Access Control:-
The 802.11 Mac sub layer is protocol is quite different from that of Ethernet due to the inherent complexity of the wireless environment compared to that of a wired system. With Ethernet, a station just waits until the ether goes silent and starts transmitting. If it does not receive a noise burst back within the first 64 bytes, the frame has almost assuredly been delivered correctly. With wireless, this situation does not hold. MAC is on the physical layer and the and it supports three technology in physical layer those are Direct Sequence Spread Spectrum (DSSS), Frequency Hopping Spread Spectrum (FHSS) and Infrared Frequency (IF).
BASIC ACCESS METHOD:-
The IEEE 802.11 standard uses a variation of the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol to provide a wireless access capability. The CSMA/CA protocol avoids collisions instead of detecting a collision, like the CSMA/CD protocol used by the IEEE 802.3 (Ethernet) standard.
The variation of the CSMA/CA protocol used requires a station that has information to transmit to first “listen” to the medium. If the medium is busy, the station will defer its transmission. If the medium is available for a specified time, referred to as the distributed interframe space (DIFS), the station can transmit. Because it is possible that another station could transmit at approximately the same time, the acknowledgement that serves as an indicator to the originator that no collision occurred. Otherwise, if the sender does not receive an acknowledgement it will retransmit until it either receives an acknowledgement or a predefined number of retransmissions occur. Concerning the latter, if the sender cannot receive an acknowledgment after a fixed number of tries, it will abandon its effort, and the higher layer in the protocol stack will govern how the inability to transfer data is handled.
The access method used by the IEEE 802.11 standard is referred to as the distributed coordination function (DCF), which can be considered to represent a CSMA/CA protocol. The reason for the selection of an access scheme with an acknowledgment instead of the near-ubiquitous wired LANs Ethernet Carrier Sense Multiple Access/Collision Detection (CSMA/CD) scheme is that the latter is impractical for a wireless environment. This is so because a collision detection method would require a full duplex RF or IR pair of channels, which would be costly. In addition, unlike a wired LAN, where it is assumed that all stations can hear a collision, in a wireless environment this is not always true. Thus the IEEE had a sound basis for bypassing CSMA/CD for CSMA/CA scheme, which incorporates a positive acknowledgment.
PROBLEMS: -
To start with, there is the hidden station problem mentioned earlier and illustrated again in fig. Since not all station are within radio range of each other, transmissions going on in one part of a cell may not be received elsewhere in the same cell. In this example, station C is transmitting to station B. If A senses the channel, it will not hear anything and falsely conclude that it may not start transmitting to B.
Fig. Here B wants to send to C so it listens to the channel. When it hears a transmission, it falsely concludes that it may not send to C, even though A may be transmitting to D (not shown).
MINIMIZING COLLISION WITH DIFFERENT MODES: -
To deal with this problem, 802.11 support two modes of operation. The first, called DCF (Distributed Coordination Function), does not used any kind of central control (in that respect, similar to Ethernet). The other called PCF (Point Coordination Function), use the base station to control all activity in its cell. All implementations must support DCF but PCF is optional. We will now discuss these two modes in turn.
DISTRIBUTION COORDINATION FUNCTION:-
When DCF is employed, 802.11 use a protocol called CSMA/CA (CSMA with Collision Avoidance). In this protocol, both physical channel sensing and virtual channel sensing are used. Two methods of operation are supported by CSMA/CA. In first physical sensing method, when a station wants to transmit, it senses the channel. If it is idle, it just starts transmitting. It does not sense the channel while transmitting but emits its entire frame, which may will be destroyed at the receiver due to interference there. If the channel is busy, the sender defers until it goes idle and then starts transmitting. If a collision occurs, the colliding stations wait a random time, using the Ethernet binary exponential back ff algorithm, and then try again later.
The other mode of CSMA/CA operation is based on MACAW and uses virtual channel sensing, as illustrated in fig. In this example, A wants to send to B. C is a station within rage of A ( and possible within range of B, but that does not matter). D is a station within range of B but not within range of A.
The protocol starts when A decides it wants to send data to B. It begins by sending an RTS frame to B to request permission to send it a frame. When B receives this request, it may decide to grant permission, in which case it sends a CTS frame back. Upon receipt of the CTS, A now sends its frame and starts an ACK timer. Up on correct receipt of the data frame, B responds with an ACK frame, terminating the exchange. If A’s ACK timer expires before the ACK gets back to it, the whole protocol is run again.
Now let us consider this exchange from the viewpoint of C and D. C is within range of A, so it may receive the RTS frame. If it does, it realizes that someone is going to send data soon, so for the good of all it desists from transmitting anything until the exchange is completed. From the information provided the RTS request, it can estimate how long the sequence will take, including the final ACK, so it asserts a kind of virtual channel busy for itself, indicated by NAV (Network Allocation Vector) in fig. D does not hear the RTS, but it does hear the CTS, so it also assets the NAV signal for itself. Note that the NAV signals are not transmitted; they are just internal reminders to keep quiet for a certain period of time.
In contrast to wired networks, wireless networks are noisy and unreliable, into small part due to microwave ovens, which also use the unlicensed ISM bands. As a consequence, the probability of a frame making it through successfully decreases with frame length. If the probability of any bit being the error is p, then the probability of an n-bit frame being received entirely correct is (1-p)^n. For example, for p=0.0001, the probability of receiving a full Ethernet frame (12,144 bits) correctly is less than 30%. If p=0.00001, about one frame in 9 will be damaged. Even if p=0.000001, over 1% of the frames will be damaged, which amounts to almost a dozen per second, and more if frames shorter than the maximum are used. In summary, if a frame is too ling, it has very little chances of getting through undamaged and will probably have to be retransmitted.
To deal with the problem of noisy channels, 802.11 allows frames to be fragmented into smaller pieces, each with its own checksum. The fragments are individually numbered and acknowledged using a stop-and-wait protocol (i.e., the sender may not transmit fragment k+1 until it has received the acknowledgement for fragment k). Once the channel has been acquired using RTS and CTS, multiple fragments can be sent in a row, as shown in fig. Sequence is called a fragment burst.
Fragmentation increases the throughput by restricting retransmissions to the bad fragments rather than the entire frame. The fragment size is not fixed by the standard but is a parameter of each cell and can be adjusted by the base station. The NAV mechanism keeps other stations quiet only until he next acknowledgement, but another mechanism (described below) is used to allow a whole fragment burst to be sent without interference.
POINT COORDINATION FUNCTION:-
In mode is PCF, in which the base station polls the other stations, asking them if they have any frames to send. Since transmission order is completely controlled by the base station in PCF mode, no collisions ever occur. The standard prescribes the mechanism for polling, but not the polling frequency, polling order, or even whether all stations need to get equal service.
The basic mechanism is for the base station to broadcast a beacon frame periodically (10 to 100 times per second). The beacon frame contains system parameters, such as hopping sequences and dwell times (for FHSS), clock synchronization, etc. It also invites new stations to sign up for polling service. Once a station has signed up for polling service at a certain rate, it is effectively guaranteed a certain fraction of the bandwidth, thus making it possible to give quality-of-service guarantees.
PCF and DCF can coexist within one cell
At first it might seem impossible to have central control and distributed control operating at the same time, but 802.11 provides a way to achieve this goal. It works by carefully defining the interframe time interval. After a frame has been sent, a certain amount of dead time is required before any station may send a frame. Four different intervals are defined, each for a specific purpose. The four intervals are depicted in fig.
Time Interframe spacing in 802.11
The shortest interval is SIFS (short interframe spacing). It is used to allow the parties in single dialog the chance to go first. This includes letting the receiver send CTS to respond to an RTS, letting the receiver send ACK for a fragment or full data frame, and letting the sender of a fragment burst transmit the next fragment without having to send an RTS again.
There is always exactly one station that is entitled to respond art a SOFS interval. If it fails to make use of it chance and a time PIFS ( PCF Interframe Spacing) elapses, the base station may send a beacon frame or poll frame. This mechanism allows a station sending a data frame or fragment sequence to finish its frame without anyone else getting in the way, but gives the base station a chance to grab the channel when the previous sender is done without having to complete with eager users.
If the base station has nothing to say and a time DIFS (DCF Inter frame Spacing) elapses, any station may attempt to acquire the channel to send a new frame. The contention rules apply, and binary exponential back off may be needed if a collision occurs.
The last time interval EIFS (Extended Interframe Spacing), is used only bya station that has just received ab bad or unknown frame to report the bad frame. The idea of giving this event the lowest priority is that since the receiver may have no idea of what is going on. It should wait a substantial time to avoid interfering with an ongoing dialog between two stations.
LOGICAL LINK CONTROL SUB LAYER:-
Logical Link Control (LLC) sub layer hides the differences between then various kinds of 802 network by providing a single format and interface to the network layer. This format, interface, and protocol are all closely base on the HDLC protocol. LLC makes upper half of the data link layer.
Typical usage of LLC is as follows. The network layer on the sending machine passes a packet to LLC, using the LLC access primitives. The LLC sub layer then adds an LLC header, containing sequence and acknowledgement numbers. The resulting structure is then inserted into the payload field of an 802 frame and transmitted. At the receiver, the reverse process takes place.
LLC provides three service options: unreliable datagram service, acknowledged service, and reliable connection-oriented service. The LLC header contains three fields: a destination access point, a source access point, and a control field. The access points tell which process the frame came from and where it is to be delivered, replacing the DIX Type field. The control field contains sequence and acknowledgement numbers, very much in the style of HDLC, but not identical to it. These fields are primarily used when a reliable connection is needed at the data link level would be used. For the Internet, best-efforts attempts to deliver IP packets are sufficient, so no acknowledgements at the LLC level are required.
FRAME FORMAT OF MAC DATA:-
FRAME TYPES:
The MAC layer supports three main types of frames: data frames, which are used to transmit information between stations; control frames, which are used to control access to the medium; and management frames, which are used to exchange management information between station at layer 2 but are not forwarded to upper layers in the protocol suite.
FRAME FORMAT:
Corresponding to different types of frames are variations in the format of IEEE 802.11 standard frames. This section examines the format and operation of several types of MAC frames.
MAC DATA:
Fig illustrates the format of the MAC data frame used to transmits information between stations. The portions of this frame in the form of several fields are used in other types of frames. In examining fig, we note that the frame body filed can be up
Bytes THE 802.11 DATA FRAME
| Version | Type | Subtype | To DS | From DS | MF | Retry | Pwr | More | W | O |
to a maximum of 2312 bytes in length. Thus this provides the ability to transport a maximum-length Ethernet frame, which has a 1500-byte Information field. Now let’s see each field and sub field of frame in detail.
CONTROL FIELD: The 16-bit Control field consists of 11 fields, with 8 being 1-bit field that when set, indicate that a specific feature or function is enabled. This section examines the use of each sub field within the Control field.
PROTOCOL VERSION SUB FILED: The 2-bit Protocol version sub field provides a mechanism to identify the version of the IEEE 802.11 standard. In the initial version of the standard, the protocol version field value is set to 0.
TYPE AND SUB TYPE SUB FIELD: The Type and Subtype sub fields provide 6 bits that identify the frame. The Type sub field is capable of identifying four types of frames; however, only three types are presently defined. The 4-bits Subtype sub field identifies a specific types of frame within Type category.
Table lists the Type and Subtype sub field values and description of what the values of the 6-bit positions indicate. In examining the entries in the “Subtype Description” column, note that the term beacon has nothing to do with a Token-Ring network. Instead, a beacon frames in periodically transmitted by an access point with the value of its clock at the time of transmission. This allows receiving stations to stay in synchronization with the AP’s clock.
ToDS Sub Field: This 1-bit filed is set to a value of 1 when the frame is addressed to an AP for forwarding to the distribution system. Otherwise, the bit is set to a value of 0.
FromDS Sub Field: The fromDS sub field is also a 1-bit field. The value of this field is set to q when the frame is received from the distribution system. Otherwise, the field value is set to 0.
MORE FRAGMENT SUB FIELD: This sub field is another 1-bit field. The value of this field is set to 1 when there are more fragments belonging to the same fragment following the current fragment. Thus this field lets the originator know that a frame represents a series of fragments into frame.
Fig. Illustrates the frame fragmentation process. Note that fragments 0,1,and 2 would have their More Fragments sub field values set to 1 in the MAC header in each fragment in this example. The fragmentation transmission process under the IEEE 802.11 standard is based on a simple send-and-wait algorithm. Under this algorithm, the transmitting station cannot send a new fragment until it either receives an ACK for the prior segment or decides that the fragment was retransmitted a predefined number of times and drops the entire frame.
RETRY SUBFIELD: This 1-bit field is set to indicate that the frame is fragment representing the retransmission of a previously transmitted fragment. The receiving station uses this field to recognize duplicate transmission that can occur if an ACK packet is lost.
POWER MANAGEMENT SUB FIELD: IEEE 802.11 stations can be in one of two power modes; power save or active. A station that is active when transmitting a frame can change its power status from active to power saves.
Through the use of the Power Management sub field, a station can indicate its power state. This information is used by the access point, which continuously maintains a record of stations working in the power save mode. The AP will then buffer packets addressed to such stations until they either specifically request packets by transmitting a polling request or change their power state.
Another technique used to transmit buffered frames to a station in its power save mode of operation is obtained through then the used of beacon frames. The AP will periodically transmit information concerning which stations operating in a power save mode have frames buffered by the access point as part of its beacon frames. Such stations will then wake up to receive the beacon frame and note that there is a frame stored at the AP awaiting delivery. The station will then remain in an active power state and transmit a polling message to the AP retrieve those frames.
MORE DATA SUB FIELD: As its name implies, the More Data sub field indicates that more frames are following the current frame. This 1-bit sub field is set by the AP to indicate that there are more frames buffered to a particular station. Remember, buffering at the AP occurs when destination station is in its power save mode of operation. The destination station can then use this information to decide if it should continue polling or if the station should change it Power Management Sub field to active.
WEO SUB FIELD: The IEEE 802.11 committee responsible for development of the wireless standard addressed security through the addition of authentication and encryption, collectively referred to as wired equivalent privacy (WEP). The setting of the WEP sub field indicates that the body of the frame is encrypted according to the WEP algorithm.
The WEP algorithm uses a pseudorandom number generator that is initialized by a 40-bit secret key. This results in the generation of a key sequence of pseudorandom bits whose length is equal to the largest possible packet. These bits are then modulo-s added to the frame bits to encrypt the frame. Each frame is transmitted with an initialization vector, which restarts the pseudorandom number generator ton provide a new key sequence for the subsequent frame. Thus this technique is very difficult for a brute force attack to compromise. Because a station needs to have knowledge of the key to correctly decrypt data, the key in effect becomes an authentication mechanism.
ORDER SUB FIELD: The last position in the Control field is the 1-bit order sub field. The setting of this bit indicates that the frame is being transmitted using what is referred to as the strictly ordered service class. The use of this bit position is to accommodate the DEC LAT protocol that can not accept change of ordering between unicast and multicast frames. Thus, for the vast majority of wireless applications, this sub field will not be used. Now that you have an appreciation for the sub fields within the Control field, let’s continue our examination of the MAC data frame.
DURATION/ID FIELD: The meaning of this field depends on the type of frame. In power save poll message, this field indicates the station identification (ID). In all other types of frames, this field indicates the Duration value, which represents the time in microseconds required to transmit a frame and its interval to the next frame.
ADDRESS FIELDS: A frame can contain up to four addresses depending on the setting of the To DS and FromDS bits in the Control field. These address fields are labeled address 1 through address 4.
The use of address fields based on the settings of the ToDs and FromDS bits in the Control fields is summarized in table. In examining table, we note that Address a always indicates the recipient address. This address can be the destination address (DA), the basic service set ID (BSSID), or the recipients address (RA). If the ToDS bit is set Address 1 contains the AP address. When the ToDS bit is not set, the value of the Address 1 contains the station address. All stations filter on the Address a field value.
Address 2 is always used to identify the station transmitting the packet. If the FromDS bit is set, the value in the Address 2 field is the AP address; otherwise, it represents the station address. The Address 3 field also depends on the ToDS and FromDS bit settings. When the FromDS bit in the Control field is set to a value of 1,the Address 3 field contains the original source address (SA), If the frame has the ToDS bit set, then the Address 3 field contains the destination address (DA).
SEQUENCE CONTROL FIELD: The 2-byte Sequence Control field functions as a mechanism to represent the order of different fragments that are part of the frame. As illustrated previously in fig, the Sequence control field consists of two sub fields: Fragment Number and Sequence Number. This sub field is used to define the frame and the number of the fragment that is part of frame.
FRAME BODY FIELD: The Frame Body field is used to transport actual information between stations. As indicated in fig, this field can vary in length up to 2312 bytes.
CRC FIELD: The last field in the MAC data frame is the CRC field. This field is 4 bytes in length and is used to contain a 32-bit CRC.
SERVICES OF WLAN:-
The 802.11 standard states that each conformant wireless LAN must provide nine services. These are dividing into two categories: five distribution services and four station services. The distribution services relate to managing cell membership and interacting with stations outside the cell. In contrast, the station services relate to activity within a single cell.
The five distribution services are provided by the base stations and deal with station mobility as they enter and leave cells, attaching themselves to and detaching themselves from base stations. They are as follows:
ASSOCIATION: This service is used by mobile stations to connect themselves to base stations. Typically, it is used just after a station moves within the radio range of the base station. Upon arrival, it announces its identity and capabilities. The capabilities include the data rates supported, need for PCF services (i.e. polling), and power management requirements. The base station may accepted, it must then authenticate itself.
DISASSOCIATION: Either the station or the base station may disassociate, thus breaking the relationship. A station should use this service before shutting down or leaving, but the base station may also use it before going down for maintenance.
REASSOCIATION: A station may change its preferred base station using this service. This facility is useful for mobile stations moving from one cell to another. If it is used correctly, no data will be lost as a consequence of the handover. (But 802.11, like Ethernet, is just a best-efforts service.)
DISTRIBUTION: This services determines how to route frames sent to the base station. If the destination is local to the base station, the frames can be sent out directly over the air. Otherwise, they will have to be forwarded over the wired network.
INTEGRATION: If a frame needs to be sent through a non 802.11 network with a different addressing scheme or frame format, this service handles the translation from the 802.11 format to the format required by the destination network.
The remaining four services are intracell (i.e. relate to actions within a single cell). They used after association has taken place and are as follows.
AUTHENTICATION: Because wireless communication can easily be sent or received by unauthorized stations, a station must authenticate itself before it is permitted to send data. After a mobile station has been associated by the base station (i.e. accepted into its cell), the base station sends a special challenge frame to it to see if the mobile station knows the secret key (password) that has been assigned to it, It proves its knowledge of the secret key by encrypting the challenge frame and sending it back to the base station. If the result is correct, the mobile is fully enrolled in the cell. In the initial standard, the base station does not have to prove its identity to the mobile station, but work to repair this defect in the standard is underway.
DEAUTHENTICATION: When a previously authenticated station wants to leave the network, it is deauthenticated. After deauthentication, it may no longer use the network.
PRIVACY: For information sent over a wireless LAN to be kept confidential, it must be encrypted. This service manages the encryption and decryption. The encryption algorithm specified is RC$, invented by Ronald Rivest of M.I.T.
DATA DELIVERY: Finally, data transmission is what it is all about, so 802.11 naturally provide a way to transmit and receive data. Since 802.11 is modeled on Ethernet and transmission over Ethernet is not guaranteed to be 100% reliable, transmission over 802.11 is not guaranteed to be reliable either. Higher layer must deal with detecting and correcting errors.
DEPLOYMENT OF WLAN:-
WLAN installations offer companies a way to improve their business operations and increase revenues. Approaching a WLAN deployment in steps or phases can help make this process faster and more efficient. The best way to add wireless connectivity is to start small and plan with an eye toward expansion.
Establish a Security Program:-
Tasks: Address, authentication and encryption concern.
Implement Basic Industry Standard Security
- Service set identifier (SSID): Configure clients with the correct SSID to access their WLAN. The key should be shared only with those having legitimate need to access the network.
- Media access control (MAC): Filtering addresses restricts WLAN access to computers that are on a list you create for each access point on your WLAN. This should be enabled.
- Wired equivalent privacy (WEP): Encryption scheme that protects WLAN data streams between clients and APs as specified by the 802.11 standard. This should be turned on, but it should be realized that flaws have been discovered in this mechanism.
Implement Advanced Industry Standard Security
(Recommended) Implement the highest level of security feasible in your environment, including:
- IEEE 802.1X: A security standard featuring a port-based authentication framework and dynamic distribution of session keys for WEP encryption. A WPA: Wi-Fi Protected Access* is a security standard that solves the encryption issues of WEP by utilizing TKIP (Temporal key integrity protocol), which wraps around WEP and closes the security holes of WEP. WPA also includes the authentication benefits of 802.1X.
- EAP: Extensible authentication protocol (EAP) is a point-to-point protocol that supports multiple authentication methods. The support for EAP types depends on the OS being supported.
Consider Proprietary Security
Consider utilizing a proprietary security solution to protect your WLAN. Implementation, however, will generally restrict you to a single vendor. As recognized industry leaders of client and infrastructure systems, Intel and Cisco are working together to enable a protected, interoperable, and manageable wireless mobility ecosystem.
- Cisco* Compatible Extensions add security, performance, and manageability benefits to a wireless LAN consisting of Cisco Aironet* infrastructure and compatible third-party clients.
Other Security Considerations
- Rogue access point: Perform regular network audits to identify rogue access points and disable or reconfigure them appropriately. Rogue access points are those installed without the IT departments knowledge and are generally not configured with any security settings, which leaves an open door for unauthorized access.
- Virtual private network (VPN): This technology offers additional security by creating a tunnel that shields your data from the outside world. A common security policy for many corporations is to require clients to use VPN to access the corporate network through any wireless access point.
For more information on protecting your WLAN, visit our WLAN Security pages.
Deploy the WLAN
Tasks: Select and purchase equipment, and provide wireless adapters to participants.
- Set up the infrastructure side: After determining which WLAN Technology products are right for you, purchase the appropriate number of access points for your pilot. Choose among the top providers, especially those that will provide solid product support. Choose access point units that offer interchangeable antenna options (for example, omni-directional and directional antennas). These accommodate different spaces so you can fine tune reception for optimal reach. Access point units need electricity. Larger installations do best using power over existing Ethernet/Cat-5 cabling to avoid expensive retrofitting of electrical wiring. Make sure the units you buy support Power over Ethernet or purchase products that provide this.
Set up the client side: Install network interface cards (NIC), or provide users with Intel® Centrino™ mobile technology-based notebooks. Create auto-installers to install all the WLAN drivers, VPN software, etc. in participants' notebook PCs. For more information on deploying your WLAN.
Provide User Training:-
Tasks: Train participants and gather data.
- Train: Set up a training session for the participants. Make it easy and mandatory for users to get training on their new systems — preferably at the same time they receive their wireless-enabled notebook PCs. Set appropriate user expectations for support and how they should request it. Then train participants to actually call, report, and get help.
Gather data: Gather user feedback from the beginning of the pilot. This can be even more important than technical feedback. Consider an informal system in which IT personnel roam the wireless zones for immediate input from users. You might also schedule interviews or drop-in lunch meetings to gather comments and reactions. Collect intermediate metrics for ROI reporting and address technical issues as needed during the pilot. Make sure to closely monitor the WLAN access and be prepared to react quickly to seal security leaks or handle other problems.
Step 5: Initiate an Audit Program and Broaden WLAN
Tasks: Evaluate the pilot and broaden WLAN reach.
- Evaluation: Gather and report findings and ROI values. Review ways you can improve systems to meet needs that the pilot didn't address, such as additional access points, smoother setup, or user support. Report the findings to stakeholders to get approval for broader deployments. And communicate outcomes to all your pilot users because they need to know what became of their efforts to help.
Broaden WLAN reach: With an eye to the larger organization, return to Step 1 and reassess the questions and decisions you made for the pilot in light of scaling the WLAN to include more zones. Decide whether to deploy wireless across the entire network, or expand it selectively to serve the next level of mobile user needs. Standardize security access across the site no matter how large the WLAN gets so users won't run into lockout problems as they roam.
SECURITY:
It is potentially much easier to compromise security in the WLAN environment than in the fixed LAN environment because data is transmitted through the air using radio waves and can be received by any WLAN client in the vicinity of the access point.
Radio waves travel through ceilings, floors and walls so transmitted data may reach unintended recipients on different floors and even outside the building itself. Similarly, there is no way to guarantee that a WLAN transmission will reach only a single recipient.
This has led to the so-called ‘drive by hacking’ where individuals gain access to data emanating from the WLANs of buildings. This has done much to create public alarm about the security of WLANs an indeed ALLnet’s survey found that this is still a major concern for organizations today.
However, practical measures can be implemented that will all but eliminate security breaches. The first of these is to do with the positioning of the access points-clearly, if they are situated away from an outside wall, there is less chance of transmission leaving the building. There are also a number of security measures that will prevent even transmissions outside of the building from being intercepted.
802.11b defines two mechanisms for control and privacy on WLANs. Service Set Identifiers (SSIDs) and Wired Equipment Privgacy (WEP).
SERVICE SET IDENTIFIERS (SSIDs):
An SSID is common name for the devices in a WLAN subsystem and services to logically segment that subsystem. However, access points are usually set to broadcast SSID’s and their use as a handle to permit/deny access is dangerous because it is typically not well secured.
WIRED EQUIVALANCE PRIVACY (WEP):
WEP offers mechanism for securing WLAN data streams and uses the same key algorithms for both encryption and decryption of data. It aims to provide access control to prevent unauthorized users from gaining access to the network and privacy that protects WLAN data streams by encrypting them and allowing decryption only by users with the correct keys.
With WEP, a static key is applied to the data. This is then encrypted, sent and decrypted at the other end. Part of the key is in the Initialization Vector, contained in the first part of the header of every IP packet, and is sent unencrypted. This is where the flaws start to appear.
First of all, static keys can easily be compromised if a single user loses their key. Also, a hacker in a wireless environment can’sniff’ packets being sent through the air and, over a period of time as short as 35 seconds on a busy network, can get sufficient data to reconstruct the key.
At this point, the key can be added to the device and the hacker is now able to access all available corporate resources and wreak whatever damage he wants.
DYNAMIC WEP KEY ALLOCATION:
A simple means of addressing this problem is to implements a process called Dynamic WEP key Allocation. This does exactly what it says on the tin: WEP keys are allocated dynamically, and can be changed as often as necessary to prevent the full key falling into the wrong hands. Dynamic WEP Key Allocation can be implemented on a WLAN using various third party tools in software or hardware.
AUTHENTICATION:
Authentication technologies confirm that a user is indeed who they say they are and a number of considerations need to be borne in mind:
Centralized management to create a single repository for all keys, which then don’t have to be distributed to each access point.
User based rather than device based authentication which minimizes the risks of intrusion through loss or theft of device.
Mutual authentication using the Extensible Authentication Protocol (EAP), a general protocol for authentication that supports multiple authentication methods and specified as part of the IEEE 802.1 x specifications.
Using EAP, a mobile user connects to a WLAN through an access point, which requests the identity of the user and transmits that identity to an authentication server such as RADIUS (Remote Authentication Dial-in User Service). The server asks the access point for proof of identity, which the access point gets from the user and the sends back to the server to complete the authentication. Use of such authentication systems ensures that a user does not inadvertently connect to a rogue access point and mitigates against’ man in the middle’ authentication attacks. A variety EAP authentication schemes are available of which EAP-TLS (Extensible Authentication Protocol – Transport Layer Security) is the best available, offering mutual authentication, but at a high cost. EAP – TTLS (Extensible Authentication Protocol – Tunneled Transport Layer Security) promises much but is currently a draft specification and therefore not yet widely supported.
It is important that EAP is disabled if a public WLAN hotspot is the means of access. In this case, secure IP VPN client software or an SSL VPN should be employed for access to corporate systems to ensure secure, tunnelled remote access.
VIRTUAL PRIVATE NETWORKS (VPNs):
Further security measures can be put in place by implementing industry standard security encryption with a new or existing IPSec Virtual Private Network (VPN) over the WLAN. This encrypts data to whatever level of security is required, e.g. 3 DES (Triple Data Encryption Standard) or AES (Advance Encryption Standard). A VPN allows encrypted access to network resources for authorized users, ensuring no unauthorized individuals can gain entry.
ADDITIONAL SECURITY MEASURES:
The security measures outlined above are generally considered by most organizations to be sufficient. However, in some situation – or for organizations with very strict security policies – many additional security measures and procedures can be applied. Where this is the case, ALLnet’s specialist security team is on hand to advise.
APPLICATION OF WLAN:-
WLANs are most likely used in office, hospital of school environments. These provide challenging environments for WLAN planners. WLAN is also used outdoors as city, town, suburb or block wide networks.
Offices:
Small offices require one access point. The traveling workers find it easy to enter the different offices since they only need to power up their laptops not needing even unbreakable electricity that the desktops do. The internet connection of a small office is nowadays normally up to 2 Mbps. The capacity of any access point is enough to satisfy that. If the office moves no or little investments are lost because the LAN cable of the computers is air, not a physical one. Taking the access point equals taking the network with.
Larger offices need careful planning. Questions like how much of the computers are kept in the physical network, who will have a laptop and for what purpose will rise. Not every worker is willing to have a laptop, since it may indicate working at home. Where should the WLAN network reach?
If the two offices are close by WLAN offers a possibility of connecting them with the air interface. The offices across the street can be thus connected to each other without any external, most likely hired and costly, cabling. The maximum distance for such a connection n
Hospitals:
Laptops with WLAN are being used in hospitals. The doctors carry laptops, not recording cassette players. They type the orders directly at the patient to the hospital servers. Previously this would have taken at least hours as the dictations of the doctors were typed by assistants to the computers. This real time aspect is a benefit for the whole health care organization and the patients.
Hospitals are full of electronic devices. Many of them are sensitive to radio frequencies like from GSM phones. A GSM call witnessed by the author made the steady heart beat on EKG analyzer look very different. WLAN, as described earlier, uses low amplitude communication hidden in pseudo noise. This means that the sensitive hospital equipment is not disturbed by the WLAN connections at all.
Training:
Another use for wireless LANs involves training at private organizations and colleges and universities. Although many classrooms are permanently wired, in a dynamic training environment, the addition of new training classes when existing wired classrooms are all in use or reserved can be easily supported by wireless LANs. Thus wirelesses LANs add both flexibility and responsiveness to the networking requirements of different applications.
Advantage of WLAN:-
The widespread reliance on networking in business and the meteoric growth of the Internet and online services are strong testimonies to the benefits of shared data and shared resources. With wireless LANs, users can access shared information without looking for a place to plug in, and network managers can set up or augment networks without installing or moving wires. Wireless LANs offer the following productivity, convenience, and cost advantages over traditional wired networks:
- Mobility: Wireless LAN systems can provide LAN users with access to real-time information anywhere in their organization. This mobility supports productivity and service opportunities not possible with wired networks.
- Installation Speed and Simplicity: Installing a wireless LAN system can be fast and easy and can eliminate the need to pull cable through walls and ceilings.
- Installation Flexibility: Wireless technology allows the network to go where wire cannot go.
- Reduced Cost-of-Ownership: While the initial investment required for wireless LAN hardware can be higher than the cost of wired LAN hardware, overall installation expenses and life-cycle costs can be significantly lower. Long-term cost benefits are greatest in dynamic environments requiring frequent moves and changes.
- Scalability: Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Configurations are easily changed and range from peer-to-peer networks suitable for a small number of users to full infrastructure networks of thousands of users that enable roaming over a broad area.
Disadvantage of WLAN:-
The biggest disadvantages of WLAN are actually disadvantages of the laptop computers. The laptops are still some what heavy to carry. The user interface with the mouse in the middle with several different implementations is nothing good. They just twist the right or left arm significantly. Using an external mouse requires a GSM phone size extra equipment being carried with.
The biggest nuisance is the Windows operating system when moving from one environment to another. There in no easy way to change the environment. The IP address and related configuration is in the system file which is loaded into the memory. First all changes would require a reboot. The changes would require an additional program like TCP/IP Switcher or remembering a number of configuration data somehow.
The configuration of Netscape is easier. It is possible to configure user profiles and take them into use one by one.
The prices of WLAN equipment are coming down all the time, but powerful laptops are still quite expensive. Also equipping the laptops with cameras and microphones requires investment.
So far to my knowledge there are no applications that really would benefit of WLAN or be specially programmed to work over WLAN. The same applications would naturally work with desktops too, because WLAN stackwise is only on the two first layers of OSI stack. A special WLAN application would be for example a video stream that adapts to the altering transmission rate.
CONCLUSION: -
Planning your network with wireless LAN and save a lost of expense and inconvenience later, by consider following factors:
Ø Security Requirements
Ø Bandwidth Requirements
Ø Environmental factors that may interfere with wireless transmission
Ø Ease of installation
Ø Total number of network users
Ø Number of laptop users who will want wireless connection
TO DOWN LOAD REPORT AND PPT
