无线网络基础知识

802.11 Architecture ： Ad-Hoc mode
STA 1 STA 2
STA 3
STA 4
802.11 Architecture ： Infrastructure mode
WLAN Distributed System Access Point (Fat AP)
STA 3
STA 1 STA 2
• AP’s MAC address, SSID, etc.
2. Choosing a Network
• The user selects from available networks • Common criteria:
• • • • User choice Strongest signal Most recently used (i.e. Windows client)
• Dynamic or Static setting (PSK) • Dynamic, specifies interactive communication with authentication server (EAP)
Open System Authentication
• The default authentication protocol for 802.11 • Authenticates anyone who requests authentication. - NULL authentication (no authentication at all)
Comparison - 802.11a & 802.11b/g
• 802.11b operates in the 2.4 GHz band • Supports bit rates up to 54Mbps • Uses the Direct Sequence Spread Spectrum (DSSS) • Only 3 non overlapping channels can be used without interference • Backward compatibility with 802.11 products • Better range as compared to 802.11a • 802.11a operates in the 5 GHz band • Supports bit rates up to 54 Mbps • Uses Orthogonal Frequency Division Multiplexing (OFDM) • Up to 8 non overlapping channels can be used without interference • No backward compatibility with the 802.11 and 802.11b/g products • Reduced range owing to higher operating frequency
application TCP IP LLC 802.3 MAC 802.3 PHY
Data Link
LLC 802.11 MAC 802.11 PHY
802.11 Frequency Bands
IEEE 802.11 Standards
Standard Spectrum Bit Rate Transmission Compatibility
2.4 GHz
54 Mbps
OFDM
802.11 / 802.11b
COMPARISON OF 802.11 SPECTRUM – Throughput & Channels
Approximate Throughput (Mbps) 6 NonOverlapping Channels 3
Data Rate (Mbps)
• AP’s MAC address (BSSID), Network name (Service Set Identifier or SSID)
• Active Scanning
• Station sends a Probe Request frame • AP responses with a Probe Response frame, which includes
1. 2. 3. 4.
Discover available network Select the Network to join Authentication Association
1. Discovering Available Network • Passive Scanning
• Each AP broadcasts periodically a Beacon frame, which includes:
Authentication Request (shared key) 128-byte “Challenge” text string, generated randomly “Challenge” text string, encrypted with shared key Station Note: “Challenge” is encrypted by WEP algorithm. Positive or negative response based on decryption result Access Point
Agenda
• • • • • 無線網路802.11介紹 無線網路安全 無線網路建置規劃 建置後維護及後續應用 Q&A
802.11 Standard • 802.11 refers to specifications developed by the IEEE for wireless LAN technology. • 802.11 specifies an over-the-air interface between a wireless client and a base station (AP) or between two wireless clients (Ad-hoc). • 802.11 is based on the Open System interconnection (OSI) model. • IEEE 802.11 framework defines the lowest two layers of the OSI model- the physical and the data link layers.
Reference Model
Protocol Architecture
fixed terminal mobile terminal A typical scenario server Ethernet access point
application TCP IP 802.11 covers only PHY and MAC LLC 802.11 MAC 802.11 PHY 802.3 MAC 802.3 PHY Logical link control
Authentication Request (open system) Authentication Response Station Access Point
Shared Key Authentication
The station and the AP agree on a shared secret key
• • • • Network name, “i.e. Corporate or Visitor” 32 octets long Similar to “Domain-ID” One network (ESS) has one SSID
More 802 .11 Terminology
Basic Service Set Identifier (BSSID)
Channel Allocation
Non Overlapping channels
Channel Reuse 802.11b
Channel Allocation - 5GHz Band
...
20MHz OFDM channels in 5 GHz band
20 MHz
• 802.11a provides for more channels that can be used verses 802.11b/g • For 802.11a, channels 36, 40, 44, 48, 52, 56, 60, 64, are available
802.11b 11
802.11g (with .11b clients in cell) 802.11g (no .11b clients in cell) 802.11a
54
8
3
54 54
22 25
3 8
ห้องสมุดไป่ตู้
Channel Reuse
• The 802.11b operates in the 2.4GHz band. • 14 channels (11 channels in US) • The transmitted signal uses approximately 30MHz which is approximately 1/3rd of the band. • Thus 802.11b provides only 3 non overlapping channels, i.e. channel number 1, 6 and 11. • These 3 channels can be reused and allocated to access points in different areas for effective channel re-use.
802.11 Architecture ： Distribution Systems
Database Email, etc.
LAN, Layer 2 VLAN switch network or Special purpose system
More 802 .11 Terminology
Service Set Identifier (SSID):
Extended Service Set
Ethernet, VLAN, or Aruba Mobility Controller
Viewed as single network “Corporate or Visitor” (SSID)
Steps to Join a Wireless Network
3. Authentication
• Authentication
• A station (client) proves its identity to the AP
• Three Mechanisms
• Open System Authentication • Shared Key Authentication • WPA (WiFi Protected Access)
無線網路簡介
概念、安全、建置與管理
ACELINE Technology 艾司科技股份有限公司 Technical Support Division
張偉翰/ Weber Chang weber@
Agenda
• • • • • 無線網路802.11介紹 無線網路安全 無線網路建置規劃 建置後維護及後續應用 Q&A
802.11
wavelength between 850 and 950 nm; 2.4 GHz 5.0 GHz
2 Mbps
Infrared / FHSS / DSSS OFDM
N/A
802.11a
54 Mbps
None
802.11b (Wi-Fi)
2.4 GHz
11 Mbps
DSSS
802.11
802.11g
“Cell Identifier” 6 octets long (MAC address format) One BSS has one SSID Value of BSSID is the same as the MAC address of the radio in the Access-Point • APs supporting multiple SSIDs have multiple BSSIDs • • • •