A

Absorption Removes amplitude from a wave, essentially reducing the distance it can travel. access port A port connected to a host rather than to another switch and normally on only one VLAN. acknowledged (ACK) A response to some form of request. active scan The process of actively scanning for available wireless networks. Adaptive Frequency Hopping Spread Spectrum Technology A spread spectrum method used to improve resistance to RF, often used in Bluetooth technology. ad hoc When two computers...

Wireless Connection

Using Figures 7-11 through 7-18, you can step through a simple discovery and association process. 1. The AP sends beacons every 2 seconds, as shown in Figure 7-11. 2. Client A is passively scanning and hears the beacon. This enables the client to determine whether it can connect. You can see this in Figure 7-12. i Passively scanning. I heard a beacon and -< can connect. 3. A new client (Client B) arrives. Client B is already configured to look for the AP, so instead of passive scanning, it...

Acknowledgments

I would like to thank Brett Bartow for giving me another wonderful opportunity to work on this book and to work with a handful of exceptional people. I'd also like to thank my technical editors, Robert Marg and Bobby Corcoran, for the extremely difficult task that they underwent and for the continued support. Thanks for responding to all my extra emails You truly have made this a better book. I would like to give special recognition to Christopher Cleveland, Dayna Isley, Andrew Cupp, Mandie...

Adapter Information

Begin by looking at the adapter information shown in Figure 16-23. You find this information by clicking the Adapter Information button on the Diagnostics tab in the ADU interface. Two important pieces of information that you get from this output are the driver version and the card's MAC address. These can be used in troubleshooting. On the controller, you can enable a debug based on the client's MAC address to get specific information for that client. Also, the driver information can be used...

Adding Mobility with Roaming

More and more frequently, end users are expecting the ability to begin a transfer and then change locations seamlessly. This is where roaming functionality comes into play. Roaming is a big part of wireless networks. To facilitate this process, you need to be aware of some terms and options. This chapter introduces you to those terms and how the roaming process is configured. You should take the Do I Know This Already quiz first. If you score 80 percent or higher, you might want to skip to the...

Additional Wireless Technologies

Although the 802.11 wireless spectrum is the best-known technology, others are in use and, believe it or not, are very popular. The purpose of this chapter is to discuss some, not all, of the other wireless technologies and how they might interfere or interact with the 802.11 WLAN standards. These technologies include cordless phone technology, Bluetooth, ZigBee, WiMax, and some other odds and ends. You should take the Do I Know This Already quiz first. If you score 80 percent or higher, you...

Administration Options in the WCS

In the WCS interface, you have tabs or horizontal menus across the top that access various configuration elements, including these Each of these menus cascade to drop-down submenus that you can access. When you log in, the page you see is called the WCS Home, which has four primary tabs that we will discuss out of the six seen in Figure 18-2 General Provides information about the inventory, the coverage, and the client count Client Provides information about the top APs by client count, clients...

Advanced Statistics

The Advanced Statistics button gives information about the frames transmitted and received, as demonstrated in the sample output shown in Figure 16-24. N a ACK Frames 294 Retried FITS Frames 41 ACKFramBs 445 Retried Data Frames E5 Beacons Received 245 Authentication Time-Dut Frames Received OK 739 Authentication Rejects 9 Frames Received with Errors* S3 Association Time-Dut 9 CRC Errors 903 Association Refects Encryption ErTort 9 Standard MIC Dt 9 Duplicate Frames 2 Standard MID Erforit 9 AP...

Antenna Communications

In any wireless network, the capability to propagate the signal is key. Without that capability, the whole concept of a wireless network falls apart. In this chapter, you will learn about antenna principles, along with some common antenna and connector types. You should take the Do I Know This Already Quiz first. If you score 80 percent or higher, you may want to skip to the section Exam Preparation Tasks. If you score below 80 percent, you should review the entire chapter.

Antenna Connectors and Hardware

Cisco uses a connector called the RP-TNC, which stands for Reverse-Polarity Threaded Neill-Concelman, named for its inventor. Another type that Cisco uses is the N connector, invented in the 1940s by Paul Neill at Bell Labs. Different connecters are required because of government regulations. The vendor has to ensure that you use the right antenna with the right product. This doesn't mean that people can't make an antenna, but by using vendor-designed antennas, you can be sure that you are...

Ps in the CUWN

Another type of device in a CUWN is a lightweight access point (AP). The lightweight AP is controlled and monitored by the Cisco Wireless LAN Controller (WLC). The AP communicates using a special protocol called the Lightweight AP Protocol (LWAPP) to relay information to the WLC about the coverage, the interference that the AP is experiencing, and client data about associations, among other pieces of information. This is a management type of communication, and via LWAPP it is encrypted. Client...

Assigning Ports to a VLAN

After you have created the VLANs you plan to use, you need to manually assign them to a port and place the port in access mode. To do this, use the switchport access and switchport mode commands, as seen in Table 9-3. Defines the VLAN membership mode for the port switchport access vlan vlan-id Assigns the port to a VLAN switchport access vlan vlan-id Assigns the port to a VLAN The steps to assign a port to a VLAN are as follows Step 1. Access global configuration mode using the configure...

Authentication and Encryption

Now that you understand some of the methods used to authenticate users, it's time to explore some encryption methods. The beginning of this chapter discussed WEP. The problem with WEP is that it can be broken easily. Therefore, other methods have been established in an effort to provide more strength in encryption. In the following sections, you will learn about Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement...

B

Backoff timer A random number that begins a countdown process while listening. bandwidth The frequency spectrum, measured in Hertz. Bandwidth can refer to data rates or the width of an RF channel. barker code Defines the use of 11 chips when encoding data. Basic Service Area (BSA) The coverage area of the AP. Basic Service Set (BSS) One device sets a network name and radio parameters, and the other uses it to connect. Basic Service Set Identifier (BSSID) Only one network that an AP is offering...

Bit key

I can't stress enough that these values are not what you think. You see, the key is combined with an initialization vector (IV), which is 24 bits. An IV is a block of bits that is used to produce a unique encryption key. When you add the 24-bit IV to the 40-bit key, the resulting size is 64 bits. When you combine the 24-bit IV with the 104-bit key, the result is 128 bits. When you combine the 24-bit IV with the 128-bit key, the result is 152 bits. This has been a sore spot for Windows users,...

Bridge

The sections that follow describe each of these modes in greater detail. Local Mode This is business as usual for an AP. In this mode, the AP scans all channels over a 180-sec-ond period for monitoring services, and it inspects management packets for intrusion detection system (IDS) signature matches. You can also use this mode for site surveys. When the AP scans channels, it jumps to each unassigned channel for 60 ms and then goes back to its assigned channel for 13 seconds. The purpose of...

C

Carrier Sense Multiple Access Collision Avoidance (CSMA CA) When a device wants to send, it must listen first. Similar to CSMA CD. Channel State Information (CSI) If the receiver is moving, the reflection characteristics change, and the beamforming can no longer be coordinated. chipping code A code used to represent bits. circular polarization Indicates that the wave circles as it moves forward. Cisco Client Extension Program (CCX) A no-cost licensing of technology for use in WLAN adapters and...

CCNA Wireless Official Exam Certification Guide

Published by Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing October 2008...

Centralized Authentication

Centralized authentication is the act of verifying the user's identity by a means other than the local definitions. In this scenario, a Public Key Infrastructure (PKI) is usually in place. PKI uses digital certificates that are cryptographically signed by a trusted third party. The trusted third party is called a Certificate Authority (CA). If you have ever been pulled over for speeding, you have most likely experienced a PKI infrastructure, so to speak. When the trooper comes to your window,...

CFPoll

These frames are also discussed in the paragraphs to follow. When an AP takes control of a network and shifts from DCF mode (every station for itself) to PCF mode (the AP is responsible for everyone sending), the AP lets all stations know that they should stop sending by issuing a beacon frame with a duration of 32768. When this happens and everyone stops sending, there is no longer a contention for the medium, because the AP is managing it. This is called a contention free window (CFW). The AP...

Cisco Published 640721 Iuwne Exam Topics Covered in This Part

Describe basics of spread spectrum technology (modulation, DSS, OFDM, MIMO, Channels reuse and overlap, Rate-shifting, CSMA CA) Describe the impact of various wireless technologies (Bluetooth, WiMAX, ZigBee, cordless phone) Describe wireless regulatory bodies, standards and certifications (FCC, ETSI, 802.11a b g n, WiFi Alliance) Describe WLAN RF principles (antenna types, RF gain loss, EIRP, refraction, reflection, ETC) Describe networking technologies used in wireless (SSID > WLAN_ID >...

Cisco Wireless LAN Adapters

Cisco offers enterprise class wireless LAN adapters in the PCI and cardbus form factors. The AIR-CB21AG-X-K9 is a cardbus model, and the AIR-PI21AG-A-K9 is the PCI model. These adapters support most advanced wireless security configurations when you use Cisco software to manage them. You can, however, use the Windows WZC, but it's better to use the ADU and Aironet System Tray Utility (ASTU) if you want all the features of the cards to be available to you. The ADU has more configuration...

Cisco Wireless Networks Architecture

In the past, wireless networks were deployed on an AP-by-AP basis, and the configuration for each AP was stored on the AP itself. Management solutions existed, but all in all this is not a scalable solution. The Cisco Unified Wireless Solution involves an AP that is managed by a controller device. The controller devices can manage multiple APs. The AP configuration is performed on the controller, and each AP added to the network gets its configuration from a controller. This makes it a more...

Client Devices

The Cisco wireless clients are covered in Chapter 16, Wireless Clients, in greater detail. However, it is still good to understand what is available. When you are on a Cisco wireless network, you can actually use most vendors' wireless clients. Cisco provides wireless software called the Aironet Desktop Utility (ADU). The ADU is specifically used to manage and configure the Cisco wireless cards. Those wireless cards are discussed in more detail in Chapter 16. There is a cardbus version as well...

Command

Vlan vlan-id Enter a VLAN ID, and enter config-vlan mode. Enter a new VLAN ID to create a VLAN, or enter an existing VLAN ID to modify that VLAN. name (Optional) Enter a name for the VLAN. If no name is entered for the VLAN, vlan-name the default is to append the VLAN ID with leading zeros to the word VLAN. The steps to create a VLAN are as follows Step 1. Access global configuration mode using the configure terminal command. Step 2. Create the VLAN using the vlan command. Step 3. Optionally...

Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. To check to see how well you have memorized the commands as a side effect of your other studies, cover the left side of Table 9-6 with a piece of paper, read the descriptions on the right side, and see whether you remember the command. Table 9-6 Chapter 9 Command Reference Table 9-6 Chapter 9 Command Reference Enables a port to act as a trunk port switchport trunk native vlan vlan-id

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the IOS Command Reference. The Command Reference describes these conventions as follows Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). Italic indicates arguments for which you supply actual values. Vertical bars...

Common Client Side Issues

Client-side issues arise frequently and are often expressed in vague ways, for example, I cannot get to the Internet. Okay, you might think, What does that mean The answer might not always be clear, but you can verify some values to quickly restore connectivity for end users. Note When I worked for a large service provider, we went through a transition from bridges to switches. During the initial deployment, none of the administrators on the local-area network knew about the Spanning Tree...

Configuring a Profile

You can set up a profile using Windows Vista in many ways. One method is to follow these steps Step 1. Click Start (that's the little round Windows logo if you're running Vista). Step 2. Right-click Network. Step 3. Click Properties. You see the Network and Sharing Center window, as shown in Figure 16-1. Step 4. Click Manage wireless networks in the left panel. The Manage wireless networks window appears. Here you can see all available wireless network connection profiles. If you have yet to...

Connecting to Preferred Networks

You can connect to preferred networks that the ADU has scanned for and found. In this case, you can enter security information and save it as a profile, or you can create a profile manually. To see what APs are nearby, select the Profile Management tab in ADU (see Figure 16-19), and then click the Scan button. To connect to an AP in the scan list, select it and click Activate. A Profile Management window appears. Its three tabs General, Security, and Advanced allow any special AP settings to be...

Contents at a Glance

Part I Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Part II Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Chapter 15 Chapter 16 Part III Chapter 17 Chapter 18 Introduction to Wireless Networking Concepts 5 Overview of the 802.11 WLAN Protocols 95 Wireless Traffic Flow and AP Discovery 113 Additional Wireless Technologies 131 Delivering Packets from the Wireless to Wired Network 143 Cisco Wireless Networks Architecture 167 Controller...

Controller Discovery and Association

When a lightweight AP boots up, it cannot function without a controller. In this chapter, you will learn about the Lightweight Access Point Protocol (LWAPP) and the modes in which it can operate. You will also learn about how an AP finds controllers on the network, chooses one to join with, and then retrieves its configuration. In addition, you will look at the ways to provide redundancy for your AP in the event that a controller goes down. Finally, when an AP is joined with a controller, it...

Controller redundancy

AP redundancy is seen when APs exist in the same RF domain. They are designed to self-heal when poor coverage exists. This involves increasing power levels by stepping up one or two levels or even changing the channel on which they operate. Controller redundancy is seen in multiple forms. One form of controller redundancy is having a primary, secondary, and tertiary controller, as shown in Figure 11-8. As you can see in the figure, Controller A is the primary controller for WLAN A. Controller C...

Creating Trunk Ports

The next task to accomplish is the trunk configuration. You normally perform this configuration on interfaces that connect between switches, on AP-to-controller interfaces where an AP is supporting more than on SSID, and on controller-to-switch interfaces, where the controller is supporting multiple SSIDs mapped to multiple dynamic interfaces. To enable trunking in the interface, use the switchport mode command. Next, use the switchport trunk command to set the native VLAN and the encapsulation...

D

Data frame A frame that contains data. deauthentication message When a client is connected to a wireless cell, either the client or the AP can leave the connection by sending this message. This message has information in the body about why it is leaving. deauthentication response A response to a deauthentication message. destination address (DA) A frame's final destination. Digital Enhanced Cordless Telecommunications (DECT) An ETSI standard for digital portable phones. Found in cordless...

DAP name

The join request message is sent to the primary controller only under what condition a. The controller is reachable. c. The primary controller has low load. 9. If no primed information is available, what does the AP look for next when trying to join a controller 10. When an AP retrieves its configuration file, where is it applied 11. How many backup controllers are in an N + 1 design 12. Which method is considered the most redundant

Data frames Frames that contain data

Now that you have an idea of what frames are used, it is helpful to see how these frames are sent. For this, you need to understand a few more terms that might be new to you. Because all the terms meld together to some degree, they are explained in context throughout the next section. Recall that wireless networks are half-duplex networks. If more than one device were to send at the same time, a collision would result. If a collision occurs, the data from both senders would be unreadable and...

Definition of Key Terms

Define the following key terms from this chapter, and check your answers in the Glossary FCC, IEEE, ETSI, bandwidth, Hz, ISM, UNII, channels, DSSS, OFDM, amplitude, phase, frequency, chipping code, Barker code, CCK, BPSK, QPSK, MIMO, DRS, CSMA CA, RTS, CTS This chapter covers the following subjects Wireless Standards and Regulatory Committees Looks at the wireless regulatory committess and some of their requirements. Wi-Fi Certification Discusses how Wi-Fi devices are certified for...

Delivering Packets from the Wireless to Wired Network

Much coordination is involved with the delivery of wireless packets to and from the wireless networks. This chapter focuses on delivery of packets to the wired network and the path that traffic will traverse. It is intended to give you a good understanding of what devices are involved and how they manipulate packets as they are transmitted. You should do the Do I Know This Already quiz first. If you score 80 percent or higher, you may way to skip to the section Exam Preparation Tasks. If you...

DETSI

DECT devices in the U.S. use what designation to differentiate them from European DECT devices 3. Bluetooth is designed to cover what type of area 4. How many Bluetooth devices can be paired 5. Bluetooth operates in which frequency band 6. What is the current Bluetooth standard 7. Which group is responsible for Bluetooth development 8. ZigBee is used for what common deployments (Choose all that apply.) 9. ZigBee operates in which frequency band 10. True or false WiMax interferes with 802.11...

Distributedcoordination interframe space DIFS Used for data frames and is the normal spacing between frames

Each of these has a specific purpose as defined by the IEEE. SIFS is used when you must send a frame quickly. For example, when a data frame is sent and must be acknowledged (ACK), the ACK should be sent before another station sends other data. Data frames use DIFS. The time value of DIFS is longer than SIFS, so the SIFS would preempt DIFS because it has a higher priority. Figure 7-1 illustrates the transmission of a frame. In the figure, Station A wants to send a frame. As the process goes,...

DN N

Which AP mode can you use for site surveys 14. In Monitor mode, which command can you use to change the value of the channels monitored a. config advanced channel-list b. config advanced 802.11b channel-list monitor c. config advanced 802.11b monitor channel-list d. config advanced monitor channel-list

Do I Know This Already Quiz

The Do I Know This Already quiz helps you determine your level of knowledge of this chapter's topics before you begin. Table 18-1 details the major topics discussed in this chapter and their corresponding quiz questions. Table 1B-1 Do I Know This Already Section-to-Question Mapping Table 1B-1 Do I Know This Already Section-to-Question Mapping 1. What are three benefits of the WCS 2. The Cisco Wireless Location Appliance can provide real-time tracking of up to how many clients 3. WCS licensing...

DOFDM

If a client wants to communicate with a device on another subnet, what device handles the communication 3. How many MAC addresses can be seen in an 802.11 frame 4. What protocol is the 802.11 frame encapsulated in when it is sent from the AP to the WLC 5. A VLAN is used to define a_and isolate a_. (Choose two.) 6. Clients see VLANs. True or False 7. How many VLANs typically are assigned to an access port on a switch 8. What are trunks normally used for b. Connections between switches and...

E

Effective Isotropic Radiated Power (EIRP) Used to estimate the service area of a device. The formula is as follows EIRP transmitter - cable loss + antenna gain elevation plane (E-plane) The vertical pattern does not propagate evenly. Enhanced Data Rate (EDR) A Bluetooth 2.0 feature providing up to three times the bandwidth for Bluetooth clients. exposed node issue When there are two wireless cells on the same channel and they are too close to each other. Extended Rate Physical (ERP) Devices...

Eapfast

Extensible Authentication Protocol-Flexible Authentication via Secure Tunnel (EAP-FAST) is a protocol that was developed by Cisco Systems. Its purpose was to address weaknesses in Lightweight Extensible Authentication Protocol (LEAP), another Cisco-developed EAP method. The concept of EAP-FAST is similar to EAP-TLS however, EAP-FAST does not use PKI. Instead, EAP-FAST uses a strong shared secret key called a Protected Access Credential (PAC) that is unique on every client. EAP-FAST negotiation...

Enterprise Wireless Management with the WCS and the Location Appliance

In the management scheme of things, the design of the Cisco Unified Wireless Networking (CUWN) enables management of lightweight access points (AP) via a controller. This central form of management allows for consistent policy among all devices from, the controller. However, when a company scales beyond the scope of management with a single controller, the Wireless Control System (WCS) steps in. In addition, the Cisco Wireless Location Appliance can help keep things under control. This chapter...

Exam Preparation Tasks Review All the Key Concepts

Review the most important topics from this chapter, noted with the Key Topics icon in the outer margin of the page. Table 13-2 lists a reference of these key topics and the page number where you can find each one. Table 13-2 Key Topics for Chapter 13 Table 13-2 Key Topics for Chapter 13 Configuring the Controller Using the Web Interface Creating an interface and creating a WLAN

Exam Preparation Tasks Review All the Key Topics

Review the most important topics from this chapter, denoted with the Key Topic icon. Table 12-2 lists these key topics and the page number where each one can be found. Table 12-2 Key Topics for Chapter 12 Table 12-2 Key Topics for Chapter 12 A client roaming in the same mobility group A client roaming in the same mobility domain List from the section Types of Roaming Requirements for controllers to support roaming

F

Federal Communications Commission (FCC) An independent U.S. government agency established by the Communications Act of 1934. It regulates interstate and international communications by radio, television, wire, satellite, and cable. The FCC's jurisdiction covers the 50 states, the District of Columbia, and U.S. possessions. Frame Check Sequence (FCS) Extra checksum characters added to a frame in a communication protocol for error detection and correction. free path loss The loss in signal...

Figure 129 Layer 3 Roaming

Normally when a client sends traffic, it is sent to a default gateway, assuming that it is leaving the subnet, and then on to the destination. The traffic makes its way back to the client, taking the reverse path that it traveled to get there. This means that if Controller1 sends traffic to Router1 and then to Server1, Server1 returns the traffic via Router1 and then Controller1, as shown in Figure 12-10. After the client roams to a new controller and a new AP, the return traffic is not...

Figure 1624 Advanced Statistics

If you note a high count of retries, it is probably due to a high number of collisions. High numbers of RTS CTS (provided in relation to the total number of frames transmitted) may indicate frame errors and bad link quality. You can use the Advanced Statistics to trou-bleshoot authentication issues as well as encryption problems. Authentication Rejects indicates that you are in fact talking to a server that is rejecting the authentication attempt. Authentication Time-Outs could indicate a...

Frame bridging

Part of the control traffic that is sent back and forth via LWAPP is information that provides radio resource management (RRM). This RRM engine monitors the radio resources, performs dynamic channel assignments, provides detection and avoidance of interference, and provides the dynamic transmit power control (TPC) that was discussed in Chapter 1, Introduction to Wireless Networking Concepts. Also, whenever coverage holes (such as when one AP goes down) are detected by another access point, the...

G

Generic Token Card (GTC) Authenticates the user inside an encrypted tunnel. Global System for Mobile Communication (GSM) A digital mobile telephony system that uses a variation of time-division multiple access (TDMA). The most widely used of the three digital wireless telephony technologies (TDMA, GSM, and CDMA). GSM operates at either the 900-MHz or 1800-MHz frequency band. Group Master Key (GMK) Used by the AP to generate a group random number. Group Temporal Key (GTK) Generated by the GMK...

Gh

Point) devices, 177 H-REAP mode (APs), 204 header fields for wireless frames, 118120 hidden node issue, troubleshooting, 410 history of wireless technology, 8 horizontal plane, 73 horizontal polarization, 71 IBSS (Independent Basic Service Set), 55 IEEE (Institute of Electrical and Electronics Engineers), 27 IOS-to-LWAPP conversion utility, 269 ISM (industry, scientific, and frequency bands), 9 isotropic radiator, 74 IV (initialization vector), 336

H

Hertz (Hz) Used to measure bandwidth. Hertz measures the number of cycles per second. One Hertz is one cycle per second. hidden node issue When more than one client tries to send on the same channel at the same time. They are in range of the AP but not each other. hidden node problem When two devices cannot hear each other. horizontal plane (H-plane) The horizontal plane of an omnidirectional polarized antenna, opposite the E-plane. horizontal polarization The wave goes left and right in a...

How an Lwapp Ap Receives Its Configuration

After joining, the AP moves to an image data phase, as shown in Figure 11-6, but only if the image on the AP is not the same as the image on the controller. If they are the same, this step is skipped and the image is used. The controller upgrades or downgrades the AP at this point, and then it resets the AP. After a reset, the process begins again. The code is downloaded in LWAPP messages. After the process of discovery and join happen and the image is the same on the controller and the AP, the...

How the Air Port Extreme Tool Works

When you access the main AirPort configuration interface in Mac OSX 10.5 and above, you can disable the card, join networks, and even perform advanced configurations. To access the main AirPort interface, click the Open Apple icon and select System Preferences > Network. If you want to create a profile, select the Network Name drop-down menu. Here you can choose Join Other Network or Create Network. The Create Network option allows you to set up an ad hoc network of computer-to-computer...

Tools for Final Preparation

This section describes the available tools and how to access them. Exam Engine and Questions on the CD The CD in the back of the book includes an exam engine software that displays and grades a set of exam-realistic questions. The question database includes simulation (sim) questions, drag-and-drop questions, and many scenario-based questions that require the same level of analysis as the questions on the CCNA Wireless exam. Using the exam engine, you can either study by practicing using the...

How the Network Manager Tool Works

When you click Connect, the NetworkManager tool sends discovery messages using the selected profile parameters. If for some reason an invalid parameter is entered in the NetworkManager tool, a message box appears, requesting the correct parameter. A connection does not take place until the parameters in the profile match. When they match, a connection can take place. When a connection cannot take place due to invalid parameters, it is still added to the list of available networks. However, it...

How the WZC Tool Works

When a Windows-based computer boots up, the Wireless Zero Configuration reports any network that is being broadcast, usually via a balloon window at the bottom right of the screen. This is because when a WZC client attempts to access a network, it uses an active scanning process. This differs from other methods, such as passive scanning, which is used by other clients. Note The concept of passive scanning simply involves the client's waiting until it hears a beacon from an access point. With...

How This Book Is Organized

Although you can read this book cover to cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters to cover just the material that you need more work with. If you do intend to read all the chapters, the order in the book is an excellent sequence to use. Part I, Wireless LAN Fundamentals, consists of Chapters 1 through 9, which cover the following topics Chapter 1, Introduction to Wireless Networking Concepts This chapter discusses the basics of...

HREAP Mode

H-REAP mode is designed to be used when you have APs across a WAN and you want to use the controller at a central site. The big issue is that the controller is connected via a WAN link, so you must follow certain guidelines The link cannot be any slower than 128 kbps. Roundtrip latency cannot be more than 100 ms roundtrip. The AP needs to get a 4-MB code update across the WAN link. The AP needs to communicate with the controller for only a short time during the initial phase, and then it can...

I

Now the remote sites can't communicate with each other or the central site. This can be a major issue to contend with. The solution is to deploy a mesh network such as the one illustrated in Figure 4-11. The mesh solution is appropriate when connectivity is important, because multiple paths can be used. The IEEE is currently working on a mesh standard (802.11s). However, the solution discussed here is a Cisco solution in which a wireless controller, also shown in Figure 4-11, is involved. When...

1

Independent Basic Service Set (IBSS) When two machines do not need a central device to speak to each other. Industry, Scientific, and Medical (ISM) frequency bands Use of spread spectrum in the commercial market. infrastructure Refers to assets that support a network. infrastructure device The access point (AP). infrastructure MFP Management Frame Protection performed by APs. initialization vector (IV) A block of bits that is used to produce a unique encryption key. Institute for Electrical and...

Introduction to the WCS

The Cisco WCS is a browser-based software application that offers the capability to manage multiple controller deployments through a single interface. Benefits of the WCS include the following The WCS is based on a licensing system. Licensing enables single-server deployments of up to 500 APs to 2500 APs being supported. You can even obtain a 30-day demo license that is fully functional for up to 10 APs. The Cisco Wireless Location Appliance, accessed via the WCS interface, provides mapping of...

Jkl

Authentication Protocol), 345 lightning arrestors, 89 link budget, 44 Linux, configuring as wireless client, 304-305 local mode (APs), 203 LOS (Fixed Line of Sight), 41, 138 LWAPP (Lightweight AP Protocol), 172, 192 converting to, 269-274 image data phase, 200 join request messages, 197, 200 controller discovery, 196-197 Layer 2 mode, 193-194 Layer 3 mode, 194-195

Key

The controllers need to be in the same mobility domain. Topii The controllers need to run the same code version. The controllers need to operate in the same LWAPP mode. Access control lists (ACL) in the network need to be the same. The SSID (WLAN) needs to be the same. Let's return to Layer 2 versus Layer 3 roaming. Here is the simple explanation. Layer 2 roaming happens when the user roams to a different AP and keeps his existing IP address. Layer 3 roaming occurs when a client leaves an AP...

Key Topic

Figure 7-8 Authentications and Association Leaving and Returning When a client is connected to a wireless cell, either the client or the AP can leave the connection by sending a deauthentication message. The deauthentication message has information in the body as to why it is leaving. In addition, a client can send a disassociation message, which disassociates the client from the cell but keeps the client authenticated. The next time a client comes back to the wireless cell, it can simply send...

L

Layer 3 LWAPP mode The default LWAPP mode on most Cisco devices. lightning arrestor Prevents surges from reaching the RF equipment by the device's shunting effect. Lightweight Access Point Protocol (LWAPP) A protocol used for communication between a lightweight AP and a wireless controller. lightweight AP An AP that receives configuration from a controller and cannot function without the controller. Lightweight Extensible Authentication Protocol (LEAP) Uses a proprietary algorithm to create the...

M

Management frame Used to join and leave a wireless cell. Management Frame Protection (MFP) A method used to detect spoofed management frames in which valid frames contain a hash that spoofed frames would not. master controller Configured in the GUI interface by choosing CONTROLLER > Advanced > Master Controller Mode. Maximum Transmission Unit (MTU) The largest frame size supported on an interface. Message Integrity Check (MIC) A cryptographic hash in each management frame used to ensure...

Maintaining Wireless Networks

Part of the day-to-day management of a wireless network involves working with images of the controllers and access points (AP). Cisco recommends that all controllers run the same version of code. In turn, the APs associated with a controller run the same version of code as the controller. Hence, upgrading or downgrading a controller puts all the APs on the same version as well. In this chapter, you will learn the steps required to upgrade a controller, upgrade an AP, upgrade the Wireless...

Make Driver Installation Diskettes Indicates that you will export these to a removable device such as a USB drive and

In the following example, you will install the drivers and the client utility. The process is pretty simple. It's best to start by inserting the card. You may see the Windows Found New Hardware Wizard, as shown in Figure 16-13. If you see this, close it. You don't need it. After you have closed the Found New Hardware Wizard, continue with the installation by selecting the type of install you want to perform. In this case, it's the default option Install Client Utilities and Driver, as shown...

Management Frame Protection

One method of Management Frame Protection (MFP) is Infrastructure MFP. With this method, each management frame includes a cryptographic hash called a Message Integrity Check (MIC). The MIC is added to each frame before the Frame Check Sequence (FCS). When this is enabled, each WLAN has a unique key sent to each radio on the AP. Then, the AP sends management frames, and the network knows that this AP is in protection mode. If the frame were altered, or if someone spoofs the SSID of the WLAN and...

Migrating Standalone APs to LWAPP

Many Cisco APs are capable of operating in both autonomous mode and lightweight mode. APs that can do both usually ship in standalone mode. Some may choose to use these APs in standalone mode. Others might immediately convert them to Lightweight Access Point Protocol (LWAPP)-capable APs and integrate them into a network designed after the Cisco Unified Wireless Network (CUWN). In this chapter, you will learn how to access a standalone AP, how to configure it in standalone mode, and how to...

Monitoring with the WCS

You can use the WCS to monitor the wireless network. You can use the monitoring pages to view controllers, APs, and more. Figure 18-20 shows the Monitor menu. An alarm summary, shown in Figure 18-20, is available and refreshes every 15 seconds. Fields that are clear indicate no alarms. Red is critical, orange is a major alarm, and yellow is a minor alarm. By clicking an alarm, you can get more details on the situation. Another valuable resource in the WCS is the capability to troubleshoot...

N

N+1 A method of controller redundancy a controller plus one for backup. N+N Two active controllers that can back each other up. N+N+1 Two controllers backing each other up, with a dedicated backup as a last resort. native VLAN The VLAN on a trunk that does not get tagged. NAV Norton AntiVirus. N connector A type of antenna connector. network manager A graphical user interface (GUI) tool that enables the creation of wireless profiles in Linux. node Another term for an access point in a mesh...

Numerics

526 Wireless Express Controller, 281 802.1x, 338-339 802.11, 8, 100 APs, network infrastructure mode, 55 control frames, 123-124 headers, 118-120 management frames, 121-123 sending, 116-118 network infrastructure networks, 55 802.11a, 106-108 802.11b, 100 802.11g, 101-105 802.11n, 108-109 900-MHz band, 11 1130AG series AP, 177 1240AG series AP, 178 1250AG series AP, 178 1300 series AP bridge, 179 1400 series wireless bridge, 180

O

Omnidirectional antenna An antenna type that does not focus a signal in one direction. one-floor concept The signal propagates wider from side to side than from top to bottom. Therefore, the signal can offer coverage to the floor it is placed on rather than to the floor above or below the AP. Orthogonal Frequency Division Multiplexing (OFDM) Defines a number of channels in a frequency range. Not considered a spread spectrum technology but is used for modulation in a wireless network....

Open Authentication

Open authentication is a simple as it gets. The term authentication is used loosely here because it's part of the association process, although there really isn't any authentication per se. Figure 17-3 illustrates this process, picking up after the initial probe request and response. The client sends an authentication request to the AP, and the AP replies with a confirmation and registers the client. Then the association request and confirmation take place. WEP is taking place in the figure....

Other Types of Interference

Other types of interference can occur in the same frequency ranges. These devices might not be the most obvious, but they should be considered. They can include the following Microwaves (operate at 1 to 40 GHz) Wireless X11 cameras (operate at 2.4 GHz) Radar systems (operate at 2 to 4 GHz for moderate-range surveillance, terminal traffic control, and long-range weather and at 4 to 8 GHz for long-range tracking and airborne weather systems) Motion sensors (operate at 2.4 GHz) Fluorescent...

Overview of the 80211 WLAN Protocols

The wireless space consists of numerous protocols. Specifically in the WLAN area, the Institute of Engineers Electrical and Electronic Engineers (IEEE) has created several protocols within the 802.11 category to facilitate the networking process. These protocols define the data rates, the modulation techniques, and more. An understanding of these protocols is essential for any administrator of wireless networks. In this chapter, you will learn about the 802.11 family of protocols, including...

P

Pairwise Master Key (PMK) A wireless security key. Pairwise Transient Key (PTK) This type of key confirms the PMK between two devices, establishes a temporal key to be used for message encryption, authenticates the negotiated parameters, and creates keying material for the next phase, called the two-way group key handshake. parabolic dish Has a very narrow path and is very focused in its radiation pattern. passive scan A scan in which wireless clients mark the channels on which a beacon is...

Wireless LAN Fundamentals

Chapter 1 Introduction to Wireless Networking Concepts Chapter 4 WLAN Technologies and Topologies Chapter 5 Antenna Communications Chapter 6 Overview of the 802.11 WLAN Protocols Chapter 7 Wireless Traffic Flow and AP Discovery Chapter 8 Additional Wireless Technologies Chapter 9 Delivering Packets from the Wireless to Wired Network This chapter covers the following subjects Wireless Local-Area Networks A brief history of wireless networking and some of the basic concepts. How Bandwidth Is...

Cisco Wireless LANs

Chapter 10 Cisco Wireless Networks Architecture Chapter 11 Controller Discovery and Association Chapter 12 Adding Mobility with Roaming Chapter 13 Simple Network Configuration and Monitoring with the Cisco Controller Chapter 14 Migrating Standalone APs to LWAPP Chapter 15 Cisco Mobility Express This chapter covers the following subjects The Need for Centralized Control Briefly discusses the need for centralized control in a wireless deployment. The Cisco Solution Looks at the Cisco Unified...

WLAN Maintenance and Administration

Chapter 17 Securing the Wireless Network Chapter 18 Enterprise Wireless Management with the WCS and the Location Appliance Chapter 19 Maintaining Wireless Networks Chapter 20 Troubleshooting Wireless Networks This chapter covers the following subjects Threats to Wireless Networks Discusses threats to wireless networks. Simple Authentications Looks at basic wireless security. Centralized Authentication Shows how centralized authentication works using various EAP methods. Authentication and...

Peap

As you've seen with EAP-TLS, certificates are required on both the client and the server. With EAP-FAST, no certificates are required rather, the PAC takes care of things. With Protected EAP (PEAP), only a server-side certificate is used. This server-side certificate is used to create a tunnel, and then the real authentication takes place inside. The PEAP method was jointly developed by Cisco Systems, Microsoft, and RSA. PEAP uses Microsoft Challenge Handshake Authentication Protocol version 2...

Physical Connections and LEDs

Trouble usually happens between Layer 1 and Layer 3 of the OSI reference model. That is not to say that trouble does not occur at Layers 4 through 7, but Layers 1 through 3 are the layers where network administrators have the most hands on. Working your way up can often prove to be a time saver. Starting at Layer 1, physical connectivity can often save valuable time. You can begin by visually examining the physical connections. Keep in mind all that is involved in the path of your traffic. This...

Preshared Key Authentication with Wired Equivalent Privacy

With static WEP you don't authenticate users you simply verify that they have a key. You don't know who they are, just that they know your key. The process of WEP authentication is as follows Step 1. A client sends an authentication request. Figure 17-4 Configuring Open Authentication Figure 17-4 Configuring Open Authentication The AP sends an authentication response containing clear-text challenge text. The client uses the text received to respond with an encrypted authentication packet. The...

Qr

Quadrature Phase Shift Keying (QPSK) A version of frequency modulation in which the phase of the carrier wave is modulated to encode bits of digital information in each phase change. radiation pattern The direction of the RF propagation. Radio Resource Management (RRM) A software feature of the Cisco controller that acts as a built-in RF engineer to consistently provide real-time RF management of your wireless network. RAM Random-access memory, used during operation. Lost when the system...

Recall the Facts

As with most exams, you must recall many facts, concepts, and definitions to do well on the test. This section suggests a couple of tasks that should help you remember all the details Review and repeat, as needed, the activities in the Exam Preparation Tasks section at the end of each chapter. Most of these activities help refine your knowledge of a topic while also helping you memorize the facts. Using the Exam Engine, answer all the questions in the Book database. This question database...

Red poor

By default, the output is displayed in dB or dBm, as shown in Figure 16-26. You can change this to display as a percentage, as shown in Figure 16-27. The decibels display unit is recommended because it gives a much more precise view. You can also maximize the window and increase the Time in seconds value (up to 60 seconds) to view more information over a greater period of time. Also, Cisco's TAC asks for the information in dB or dBm. Figure 16-27 CSSU Display in Percentage Figure 16-27 CSSU...

References

Cisco Wireless Services Module (WiSM) http tinyurl.com 6mngkj Migrate to the Cisco Unified Wireless Network http tinyurl.com 5uo78w Cisco Unified Wireless Network Secure Wireless Access for Business-Critical Mobility http tinyurl.com 687nff This chapter covers the following subjects

References in This Chapter

Cisco Systems, Cisco Aironet Antennas and Accessories Reference Guide, http tinyurl. com 2v2dp2 This chapter covers the following subjects The 802.11 Protocol Family Overview A brief overview of the 802.11 family of WLAN protocols. The Original 802.11 Protocol A look at the The 802.11b Protocol A look at the 802.11b The 802.11g Protocol A look at the 802.11g protocol and how it operates with 802.11b clients. The 802.11a Protocol A look at the 802.11a protocol. The 802.11n Protocol A look at the...

Review All the Key Topics

Review the most important topics from this chapter, denoted with the Key Topic icon. Table 2-5 lists these key topics and the page number where you can find each one. FCC antenna requirements versus Cisco standards (point-to-point) FCC antenna requirements versus Cisco standards (point-to-multipoint) Cisco versus ETSI EIRP standards (point-to-point and point-to-multipoint)

Rogue APs

A rogue AP is not part of the corporate infrastructure. It could be an AP that's been brought in from home or an AP that's in a neighboring network. A rogue AP is not always bad. It could be an AP that's part of the corporate domain yet still operating in autonomous mode. Part of an administrator's job is determining if the AP is supposed to be there. Fortunately, you don't have to do all the work yourself. A few functions of the AP's software can detect rogue APs and even indicate if they are...

S

Scattering The signal is sent in many different directions. This can be caused by an object that has reflective yet jagged edges, or dust particles in the air and water. Secure Services Client Administration Utilities (SSCAU) A component of Cisco Secure Services Client (SSC) client software that enables the administrator to create complex profiles. Service Set Identifier (SSID) The name of a wireless network. Short Interframe Space (SIFS) For higher priority. Used for ACKs, among other things....

Securing the Wireless Network

It's usually obvious that wireless networks can be less secure than wired networks. This calls for a great deal of thought when you deploy a wireless network. What security do you need What security measures can you perform What are the security capabilities of your equipment Should you authenticate users when they access the network Should you encrypt traffic over the wireless space As you can see, there are many options to think about. But let's break this into small parts. First, who are...

Site Survey Utility

The Site Survey Utility (CSSU) is the optional software set that you select using a checkbox during installation. This can be a handy tool for troubleshooting. As stated earlier in this chapter, it doesn't link to a map however, it can give you handy information about the signal you are receiving. To access the CSSU, choose Start > All Programs > Cisco Aironet > Aironet Site Survey Utility. The utility dynamically represents your connection to the wireless network. As shown in Figure...

SSC Groups

In the SSC, connections are logically grouped with a name. You can create your own groups, as well as move connections between groups. You can also add basic wireless connections (PSK-based), but not secured or wired connections. Note The user interface of SSC talks about profiles. For administrators, the Secure Services Client Administration Utility (SSCAU) talks about networks. A network can be a wireless connection, a home type like the ones created with the SSC, or an enterprise type, based...