Wireless networking
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Wireless Networking PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on
  • Presentation posted in: General

Wireless Networking. TGIF, April 18th, 2003 Alvin Chew ( [email protected] ) Kent Reuber ([email protected]). Outline. Wireless technology overview ITSS Wireless Net Department wireless nets Home wireless nets Questions. Wireless Technology Overview. Why Wireless?.

Download Presentation

Wireless Networking

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wireless Networking

TGIF, April 18th, 2003

Alvin Chew ([email protected])

Kent Reuber ([email protected])


Outline

  • Wireless technology overview

  • ITSS Wireless Net

  • Department wireless nets

  • Home wireless nets

  • Questions


Wireless Technology Overview


Why Wireless?

  • (+) No wires. Convenience, flexible. But…

    • (-) Relatively slow speeds, typically 5 Mbps with 802.11b. Nowhere near the 100 Mbps of typical wired connection.

    • (-) Wireless access points are hubs, not switches. Bandwidth is shared among wireless users. Think of it as phone party lines.

    • (-) Data is freely available “in the air”.

      • Traffic is easily sniffed.

      • Data is not encrypted unless the protocol is encrypted (e.g., SSL and Kerberos).

      • Stanford does not use WEP, because it can be cracked.


Wireless Terms

  • Access Point (or AP): device that sends and receives wireless signals. Usually directly connected to the wired net.

    • ITSS uses Cisco Aironet 350 AP’s.

  • SSID: the network name that Access Points broadcast.

    • ITSS uses “Stanford”.

    • Departments and home users may want to use other names.

    • Users can roam between access points with the same SSID.

  • Channel: radio frequency used by AP’s.

    • AP’s near one another should use different channels to minimize noise.

    • 802.11b: Channels 1, 6, and 11 don’t overlap. Channels 1, 4, 8, and 11 have only a little bit of overlap


Wireless “Alphabet Soup”

  • 802.11b:

    • Most common wireless protocol. Uses 2.4GHz frequency, with 11 Mbps bandwidth. (5 Mbps is more typical). ITSS wireless net and most other campus wireless is based on this.

  • 802.11a:

    • Uses 5.5GHz range, 54 Mbps bandwidth (~20 Mbps is typical performance). Produces to much radio power to be certified in medical areas. Unlikely to become a standard at Stanford.

  • 802.11g:

    • Uses 2.4GHz band and is compatible with 802.11b. Also 54 Mbps bandwidth (~20 Mbps typical). An emerging standard, but likely to grow in the future.


ITSS Wireless Net


ITSS Wireless NetOverview

  • Coverage map at http://wirelessnet.stanford.edu

  • Wireless net uses separate physical and logical network. (Separate switches, fiber, and address space.)

    • Prevents layer 2 attacks (e.g., broadcasts, IP/MAC spoofing) on wired net

    • Prevents wired broadcasts/multicasts from saturating wireless bandwidth

    • Don’t have to dedicate department roaming IP’s for wireless users

  • You still have to register wireless cards in NetDB.

    • provide the hardware address of the wireless card

    • enable “DHCP” and “roaming”.

  • Wireless card recommendations

    • Recommend Cisco and Apple cards which are available at the Bookstore.

    • Any “WiFi” certified card should work.


ITSS Wireless NetSecurity

  • Wireless networks are inherently insecure

    • Even with encryption, the data between client and AP’s are available for anyone to capture.

    • Most corporate wireless nets lie outside of firewalls.

  • ITSS Wireless doesn’t use WEP

    • Consumes client resources

    • Well-known security vulnerabilities

  • Other methods of wireless encryption are vendor-specific.

  • Stanford uses wireless authentication to protect campus resources.


ITSS Wireless NetAuthentication

  • Protects the institution, not the user

  • S/ident integration

    • If you have PC/Mac-Leland, you’re all set

    • First net activity should bring up PC/Mac-Leland automatically

  • Web-based authentication backup

    • First web page you get is the authentication page

    • Automatically redirects you to your requested page after login

  • Future Guest Login feature

    • Any SUNet ID user will be able to sponsor a guest wireless account


Department Wireless


My Department Wants Wireless!

  • Net-to-jack clients are eligible for 1 AP for every 16 wired ports.

  • “Wireless net-to-jack”: For non-net-to-jack clients, ITSS will do a survey, install, monitor, maintain, and upgrade your wireless network. Price is $31/month per AP.

  • Or….


Do-It-Yourself Options

  • Option 1: ITSS can place a “wireless entrance” switch in your building and that carries the ITSS Wireless net.

  • Option 2: Departments can put their wireless devices on their existing building net.

  • Both options require departments to purchase AP’s and switches. ITSS can recommend equipment, but departments will need to do their own survey and place access points.


Department Wireless Setup

  • ITSS Wireless net always uses “Stanford” as the SSID.

  • AP’s plugged into the building net shouldn’t use “Stanford”

    • This has caused problems when users roam between access points.

    • Putting the department/group/lab name as the SSID makes it clear to users who to call in case of trouble.


Recommended Cards and AP’s

  • 802.11b cards:

    • Apple Airport card, Cisco Aironet 350 PC Card

    • In principle, any card that adhere to the “WiFi” certification should work.

  • Access Points:

    • Cisco Aironet 350 AP’s for departments.


Home Wireless Nets


Keeping Your Neighbors Out

  • The range of wireless means that it’s very possible that your neighbors can use your wireless net too. And see all your traffic…

  • Precautions:

    • Most AP’s have MAC address filters so that only specific cards can associate. This is the most important thing to enable!

    • Most AP’s can also be set to not broadcast the SSID. (e.g., Apple Airports call this “Create a closed network”) That way, people have to know the name of your network in order to join.

    • Definitely want to use encrypted protocols whenever possible.

    • If available, consider turning down the power of your AP to restrict the range.


Setup 1: Stanford DSL and Stanford West

  • In both cases, you can request multiple IP addresses for home machines. You don’t need a DSL router.

  • We suggest that you purchase access points that do “bridging”, where traffic is simply forwarded between the wired and wireless sides of the access point without alteration.

    • Examples: Cisco Aironet 350, Linksys WAP11, Apple Airport.

  • We’ve seen a number of people on the campus or Stanford West who have installed Airport base stations with DHCP enabled on the Ethernet side, disrupting DHCP service.

    • Breaks DHCP for other users.

    • We shut down their connections…


Setup 2: Non-Stanford DSL or Cable Modem

  • In many cases, you only get one IP address.

  • Network Address Translation (NAT -- often provided by “DSL/wireless routers”) can be used to hide a network behind a single IP address:

    • Some wireless units do this by default. E.g., Apple Airport.

    • Note that NAT disrupts some Stanford services, especially WebAuth.

    • Also interferes with some VPN setups.


Questions???


  • Login