ICND1 100-105

ICND1 100-105

Implementing a WLAN

This lesson is all about deployment options for wireless LANs using 802.11 topologies. We will describe the basic service area, as well as the extended service areas with overlapping cells for roaming to overcome the effects of distance and speed. The main components will be described including access points and wireless clients. Finally, we will lay out best practices in monitoring and troubleshooting common wireless issues.

802.11 Topology Building Blocks

The 802.11 specification provides several topologies or modes that can be used as a building block for WLANs. The first one is ad hoc mode, which is defined by the independent basic service set. This one is basically a peer-to-peer connectivity environment in which client devices connect wirelessly between each other. Coverage is limited and there are multiple security concerns to consider. However, this setup is suitable for a small office, home office, and smaller environments to connect, for example, laptops to a main PC or server.

Infrastructure mode requires clients to connect through access points. There are two infrastructure modes and the main difference there is scalability. In the basic service set, there is a single access point for connecting mobile clients or wireless clients. This single access point will have its own SSID to announce the availability of the wireless network and will suffer from scalability issues because wireless access points have a certain capacity and size in terms of the number of clients that you can accept, number of packets per second, throughput, etc.

If you want to scale to bigger and better numbers and provide more coverage in an extended area, then use the extended service set where two or more basic service sets are connected by a distribution system or a wired infrastructure. So you could actually be doing bridging between two access points in an extended service set, but that interconnecting network could be a wired network. Typically, the various access points in this mode share the same SSID to allow clients to roam around the coverage area.

Wireless Topology Building Blocks

So basic coverage within the context of what is known as a cell is provided by the basic service set. The size of the cell, which is nothing more than the area of the radiofrequency energy field created by the access point, is also known as the basic service area or BSA. Sometimes the terms BSA and BSS are used interchangeably. Clients are able to find the wireless network via its SSID, which is broadcasted by the access point. Clients could actually be configured with no SSID and be able to obtain or find information on all of the available BSAs. In the case of Windows and other operating systems, this would be a visual indication to users listing the available networks and allowing them to connect to either one.

In larger and more secured scenarios you may see more than one SSID per access point to identify different networks for different groups of users. It would be similar to a VLAN in a wired network. Multiple WLANs are accomplished by using different SSIDs; most likely different authentication mechanisms will be used per WLAN and traffic segregation is accomplished between WLANs.

If a single cell does not provide enough coverage, any number of cells can be added to extend the range. The range of the combined cells is known as the extended service area or ESA. In designing ESAs, it is recommended to define the number of access points based on throughput, expected traffic, and number of clients and also design some overlap between cells, typically 10 to 15 percent overlap to allow remote users to roam without losing radiofrequency connections.

Right at the edge there when you are losing connectivity because of weakened signals, you will enter the stronger signal of the next cell. Some provisions would also be needed in case that by roaming you are entering a different wired VLAN and therefore obtaining a different IP address via a DHCP server on that VLAN.

Wireless Topology Data Rates - 802.11b

802.11 standards including the one shown here, 802.11b, have a provision so that clients can have the ability to shift data rates while moving. This technique allows the same client to operate at, in the case of 11b, 11 Mbps and then shift to 5.5 Mbps and then 2 Mbps, finally communicating right outside of the ring at 1 Mbps. The rate shifting happens without losing the connection and without any interaction from the user. This also means that the access points have the ability to support multiple clients at multiple speeds depending on the location of each client, and so the different speeds will be accomplished based on and depending on the distance from the client to the access point.

Wireless Data Rages 802.11b

Remember the rules of .11 wireless technologies: higher data rates require stronger signals at the receiver and so that is why lower data rates have a greater range. That is also why we can still communicate at longer distances but at a lower bandwidth, 1 Mb per second in the case of 11b. Still, clients will be smart enough to communicate with the highest possible data rate according to distance. Clients could also reduce the data rate if there are transmission errors and transmission retries. Similar accounts have to apply to other 11 technologies like 11a and 11g.

Access Point Configuration

In designing the wireless network, we should plan for device and client configuration. Some basic parameters pertain at the access points. You will need to define at least the SSIDs, radiofrequency channels, and optionally power, which is a lot of times defined by the antenna and the hardware on the access points and authentication and security parameters. This is at the access point though. The client is a lot more plug and play because it only needs the radiofrequency information and the SSID, but remember clients are able to scan looking for available radiofrequencies, locate the radiofrequency channel, and they are usually able to initiate the connection with a new SSID and then discover the available SSIDs by looking at the broadcasted names as broadcasted by the access points.

If you want to add security to this, and you will most of the times, then you would need to configure the various flavors and models of security, so you could use pre-shared keys in a WPA environment or per-user per-session keys using .1x or simply basic WEP encryption, which is seen less and less in corporate networks. If you use the more advanced security mechanisms like WPA and 802.1x and EIP, then you will also require services in the back-end, perhaps in the form of an AAA server with radio support and a digital certificate support.

Finally, wireless will give you layer 1 and layer 2 connectivity but layer 2 needs to be accomplished as well and so you will need to plan for the DHCP server to grant IP addresses and allow for IP connectivity. The wireless access points are typically DHCP servers as well.

Steps to Implement a Wireless Network

As we then the other technology, the basic approach to wireless implementations is to gradually configure the network and functions and then passed incrementally. If you follow this approach, then you will probably check and verify the local wired operation because you will be connecting your access points most likely to a LAN or wired switch.

Services on that network like DHCP services and Internet access services should be verified as well. Installation of the access point comes next, considering physical security and after conducting them with a site survey. Again, if we follow the incremental approach, then we will configure the access point with SSID only and no security and test our wireless clients under those scenarios. If connectivity works at layers 1 and 2, then you may want to add security in the form of encryption and authentication and then test again to verify operations and connectivity with the security infrastructure in place.

Wireless Clients

There are several form factors available to add wireless connectivity to existing devices. You can have USB type connectivity with self-contained devices that include antennas and wireless supplicant software, all of which enable wireless hardware usage and provide security options for authentication and encryption. Most new laptops will contain some form of wireless and in all cases transpoint to a plug and play type of automated configuration and association to wireless access points.

Newer Microsoft Windows operating systems have a basic wireless supplicant client called WZC or wireless zero configuration. This one will enable wireless plug and play; it will discover SSIDs being broadcasted and allow users to simply enter the matching security pre-shared key and identify the type of encryption, whether it is WEP or WPA based. This is suitable for a home office or small office type environment, but more functionality and a lot more capabilities are needed in a corporate environment.

That is why Cisco created the Cisco compatible extensions program to support the Cisco network additions and enhancements through wireless technologies. This is basically a certification program that ensures that vendors are building wireless clients with the Cisco extensions and enhancements in mind. This includes not only compatibility with Wi-Fi type technologies like 802.11, 802.1x, and WPA, but also with newer trends in transporting voice over wireless LANs. This includes things like call admission control and voice metrics for voice traffic and also quality of service mechanisms in the form of Wi-Fi multimedia or WMM. Cisco now offers a full-featured supplicant for both wired and wireless networks called Cisco Secure Services Client.

Common Wireless Network Issues

In terms of troubleshooting and common wireless network issues, some of them are actually related to the design phase. Without a proper site survey, you will not be able to identify sources of interference or areas with high volumes of clients that would require a different type of access point or different power. The range of the signals is going to be different in an indoor environment and an outdoor environment and so that needs to be considered. A good majority of the problems are related to poor planning and those are related to site service, radiofrequency interference, radios not enabled or poor antenna location are examples.

Other issues are related to configuration mistakes and errors. Some wireless clients may not even support a security mechanism being implemented in a certain network in terms of encryption and type of password. This is especially true knowing all of the flavors of extensible authentication protocols. Channel selection should be automatic; however, some clients may be configured to try on a certain specific and static channel, which may not be available. Even SSIDs, if not broadcasted, could be misspelled on the side of the client. These SSIDs are case sensitive. In general terms, following a layered approach to troubleshooting it should be easier to find these issues.

Wireless Troubleshooting

In following a layered approach, we can probably give some order to this list of troubleshooting steps; we can try to tackle layer 1 and follow a simple scenario with connectivity without security keys or authentication. We should also verify that radiofrequency interference is not present and there are several tools to find these sources of interference. Locating yourself near an access point is a good idea to discard range issues.

Also, try to establish direct connectivity to the access point considering line of site and avoiding or preventing other devices and obstacles that may be in the middle of the conversation. Remember, anywhere from microwave ovens to portable mobile wireless phones will be and can be sources of interference. Also consider the pace of changes in wireless technologies and consider upgrading the software of your access points; it may be outdated and buggy.