CCNA思科認(rèn)證助理網(wǎng)絡(luò)工程師課件：19 無線

WirelessLANsIntroducing

WLANsWirelessDataTechnologiesWirelessDataTechnologies(Cont.)WirelessLAN(WLAN)AWLANisasharednetwork.無線是共享網(wǎng)絡(luò)Anaccess

pointisashareddeviceandfunctionslikeasharedEthernethub.AP就是共享點(diǎn)，相當(dāng)于HUBDataistransmitted

overradiowaves.數(shù)據(jù)傳輸是無線電波Two-wayradiocommunications

(half-duplex)areused.

工作在半雙工Thesameradiofrequencyisused

forsendingandreceiving(transceiver).

相同的電波發(fā)送WLANEvolutionWarehousing倉庫Retail零售Healthcare衛(wèi)生保健Education教育Businesses商業(yè)Home家庭WhatAreWLANs?Theyare:Local本地的Inbuildingorcampusformobileusers建筑物和校園內(nèi)移動用戶Radioorinfrared無線電波和紅外NotrequiredtohaveRFlicensesinmostcountries

多數(shù)國家不要無線射頻許可Usingequipmentownedbycustomers

自己建立設(shè)備Theyarenot:WANorMAN

networksCellularphones

networksPacketdatatransmissionviacelluarphonenetworksCellulardigitalpacketdata(CDPD)

蜂窩移動Generalpacketradioservice(GPRS)

普通包分組交換2.5Gto3GservicesSimilaritiesBetweenWLANandLANAWLAN

isan802LAN.Transmitsdataovertheairvs.dataoverthewire

傳輸數(shù)據(jù)在無線網(wǎng)絡(luò)Lookslikeawirednetworktotheuser

像有線網(wǎng)絡(luò)Definesphysicalanddatalinklayer

定義了物理和數(shù)據(jù)鏈路層UsesMACaddresses

用MAC地址Thesameprotocols/applicationsrunoverbothWLANsandLANs.IP(network

layer)IPSec

VPNs(IP-based)Web,FTP,SNMP(applications)DifferencesBetweenWLANandLANWLANsuseradio

wavesasthephysicallayer.WLANsuseCSMA/CAinsteadofCSMA/CDtoaccessthenetwork.

用CSMA/CARadiowaveshaveproblemsthatarenotfoundonwires.Connectivityissues.Coverageproblems

覆蓋問題Multipathissues

信號問題Interference,noise

干擾問題Privacyissues.WLANsusemobileclients.Nophysicalconnection.無物理連接Battery-powered.要動力WLANsmustmeetcountry-specificRFregulations.WirelessLANsDescribingWLAN

TopologiesWLANTopologiesWirelessclientaccess客戶模式MobileuserconnectivityWirelessbridging無線橋LAN-to-LANconnectivityWirelessmesh

networking

無線網(wǎng)CombinationofbridginganduserconnectivityWLANandLANServiceSetIdentifier(SSID)SSIDisusedtologicallyseparateWLANs.SSID是邏輯的網(wǎng)絡(luò)TheSSIDmustmatchonclientandaccesspoint.在服務(wù)器和客戶端一樣AccesspointbroadcastsoneSSIDinbeacon.廣播在同一SSIDClientcanbeconfiguredwithoutSSID.客戶不配置SSIDClientassociationsteps:Clientsendsproberequest.

客戶發(fā)送請求Apointsendsproberesponse.

服務(wù)端發(fā)送回答Clientinitiatesassociation.

客戶發(fā)送連接Apointacceptsassociation.

服務(wù)端接受連接ApointaddsclientMACaddresstoassociationtable.

服務(wù)端加入MACWLANAccessTopologyWirelessRepeaterTopologyAlternativePeer-to-PeerTopologyServiceSetsandModesAdhocmodeIndependentBasicServiceSet(IBSS)中立基本服務(wù)Mobileclientsconnectdirectlywithoutanintermediateaccesspoint.Infrastructuremode下部結(jié)構(gòu)模式BasicServiceSetMobileclientsuseasingleaccesspointforconnectingtoeachotherortowirednetworkresources.ExtendedServicesSetTwoormoreBasicServiceSetsareconnectedbyacommondistributionsystem.ClientRoamingRoaming

withoutinterruption

requiresthe

sameSSIDonallaccesspoints.

漫游要相同的SSIDLayer2vs.Layer3RoamingWirelessLANsExplainingWLANTechnologyandStandardsUnlicensedFrequencyBandsISM:Industry,scientific,andmedicalfrequencyband工業(yè)科學(xué)利用Nolicenserequired

沒有許可證Noexclusiveuse

不是專用Besteffort

盡力傳輸Interferencepossible

沖突產(chǎn)生RadioFrequencyTransmissionRadiofrequenciesareradiatedintotheairviaanantenna,creatingradio

waves.Radiowavesareabsorbedwhentheyarepropagatedthroughobjects(e.g.,walls).Radiowavesarereflectedbyobjects

(e.g.,metalsurfaces).Thisabsorptionandreflectioncancauseareasoflowsignalstrengthorlowsignalquality.無線頻率周期的發(fā)送通過天線當(dāng)它們通過障礙物時，被繁殖無線電波被吸收無線電波由對象反射這吸收和反射可能導(dǎo)致低信號強(qiáng)度或低信號質(zhì)量區(qū)域。RadioFrequencyTransmissionHigherdatarateshaveashortertransmissionrange.ThereceiverneedsmoresignalstrengthandbetterSNRtoretrieveinformation.Highertransmitpowerresultsingreaterdistance.Higherfrequenciesallowhigherdatarates.Higherfrequencieshaveashortertransmissionrange.更高的數(shù)據(jù)速率有一個更短的傳輸范圍接收器需要更多信號強(qiáng)度和更好的SNR檢索信息。更高傳送在長距離的電力結(jié)果更高的頻率允許更高的數(shù)據(jù)速率。更高的頻率有一個更短的傳輸范圍WLANRegulationandStandardizationRegulatoryagenciesFCC(UnitedStates)ETSI(Europe)StandardizationIEEE802.11/getieee802/CertficationofequipmentWi-FiAlliancecertifiesinteroperabilitybetweenproducts.Certificationsinclude802.11a,802.11b,802.11g,dual-bandproducts,andsecuritytesting.Certifiedproductscanbefoundat.?2005CiscoSystems,Inc.Allrightsreserved.802.11b802.11bStandardStandardwasratifiedinSeptember1999Operatesinthe2.4-GHzbandSpecifiesdirectsequencespreadspectrum(DSSS)Specifiesfour

dataratesupto11Mbps1,2,5.5,11MbpsProvidesspecificationsforvendorinteroperability(over

theair)Definesbasicsecurity,encryption,andauthenticationforthewirelesslinkIsthemostcommonlydeployedWLAN

standardChannelIdentifierChannelCenterFrequencyChannelFrequencyRange[MHz]RegulatoryDomainAmericasEurope,MiddleEast,andAsiaJapan12412MHz2401–2423XXX22417MHz2406–2428XXX32422MHz2411–2433XXX42427MHz2416–2438XXX52432MHz2421–2443XXX62437MHz2426–2448XXX72442MHz2431–2453XXX82447MHz2436–2458XXX92452MHz2441–2463XXX102457MHz2446–2468XXX112462MHz2451–2473XXX122467MHz2466–2478XX132472MHz2471–2483XX142484MHz2473–2495

X2.4-GHzChannels802.11b/g(2.4GHz)ChannelReuse

802.11bAccessPointCoverage?2005CiscoSystems,Inc.Allrightsreserved.802.11a802.11aStandardStandardwasratifiedSeptember1999Operatesinthe5-GHzbandUsesorthogonalfrequency-divisionmultiplexing(OFDM正交頻分復(fù)用技術(shù))Useseightdataratesofupto54Mbps6,9,12,18,24,36,48,54MbpsHasfrom12to23nonoverlappingchannels(FCC)Hasupto19nonoverlappingchannels(ETSI)RegulationsdifferentacrosscountriesTransmit(Tx)powercontrolanddynamicfrequencyselectionrequired(802.11h)802.11aChannelReuse802.11hDFSnotavailableManualchannelassignmentrequired802.11hDFSimplementedChannelassignmentdoneby

Dynamic

Frequency

Selection(DFS)Onlyfrequencybandscanbeselected?2005CiscoSystems,Inc.Allrightsreserved.802.11g802.11gStandardStandardwasratifiedJune2003Operatesinthe2.4-GHzbandas802.11bSamethreenonoverlappingchannels:1,6,11DSSS(CCK)andOFDMtransmission12data

ratesofupto54Mbps1,2,5.5,11Mbps(DSSS/802.11b)6,9,12,18,24,36,48,54Mbps(OFDM)Fullbackwardcompatiblityto802.11bstandard802.11gProtectionMechanismProblem:802.11bstationscannotdecode802.11gradiosignals.802.11b/gaccesspointcommunicateswith802.11bclientswithmax.11Mbps.802.11b/gaccesspointcommunicateswith802.11gclientswithmax.54Mbps.802.11b/gaccesspointactivatesRTS/CTStoavoidcollisionswhen802.11bclientsarepresent.802.11bclientlearnsfromCTSframethedurationofthe802.11gtransmission.Reducedthroughputiscausedbyadditionaloverhead.?2005CiscoSystems,Inc.Allrightsreserved.802.11StandardsComparison802.11StandardsComparison802.11b802.11g802.11aRatified199920031999Frequency

band2.4GHz2.4GHz5GHzNoofchannels33Upto23TransmissionDSSSDSSSOFDMOFDMData

rates

[Mbps]1,2,5.5,111,2,5.5,116,9,12,18,24,36,48,546,9,12,18,24,36,48,54Throughput[Mbps]Upto6Upto22Upto28RangeComparisonsRatifiedIEEE802.11Standards802.11:WLAN1and2Mbpsat2.4

GHz802.11a:WLAN54-Mbpsat5

GHz802.11b:WLAN11-Mbpsat2.4

GHz802.11d:Multipleregulatorydomains802.11e:Qualityofservice802.11f:Inter-AccessPointProtocol(IAPP)802.11g:WLAN54-Mbpsat2.4

GHz802.11h:DynamicFrequencySelection(DFS) TransmitPowerControl(TPC)at

5

GHz802.11i:Security802.11j:5-GHzchannels

forJapan/getieee802/?2005CiscoSystems,Inc.Allrightsreserved.WLANSecurityWLAN

SecurityThreatsMitigatingtheThreatsControlandIntegrityPrivacyandConfidentialityProtectionandAvailabilityAuthenticationEncryptionIntrusionDetectionSystem

(IDS)Ensurethatlegitimateclients

associatewithtrustedaccesspoints.Protectdataasitistransmittedandreceived.Trackandmitigateunauthorizedaccessandnetworkattacks.EvolutionofWLANSecurityNostrongauthenticationStatic,

breakablekeysNotscalableInitial

(1997)Encryption(WEP)Interim

(2001)802.1xEAPDynamickeysImprovedencryptionUser

authentication802.1xEAP(LEAP,PEAP)RADIUSInterim

(2003)Wi-FiProtectedAccess(WPA)StandardizedImprovedencryptionStrong,userauthentication(e.g.,LEAP,PEAP,EAP-FAST)PresentWirelessIDSIEEE802.11iWPA2(2004)Identificationandprotectionagainstattacks,DoSAESstrongencryptionAuthenticationDynamickeymanagementWirelessClientAssociationAccesspointssendoutbeaconsannouncingSSID,datarates,

andotherinformation.AP發(fā)送明確的SSIDClientscansall

channels.

客戶控制隧道Clientlistensforbeaconsandresponsesfrom

accesspoints.

客戶監(jiān)聽響應(yīng)Clientassociatestoaccesspointwithstrongest

signal.

客戶發(fā)送連接信號給APClientwillrepeatscanifsignalbecomeslowtoreassociate

to

anotheraccesspoint(roaming).漫游時在發(fā)連接DuringassociationSSID,MAC

address

andsecuritysettingsare

sentfromtheclienttotheaccess