CWLF Cisco Wireless LAN Fundamentals Volume Version 1.0 Student Guide Text Part Number: xx-xxxx-xx Copyright © 2006, Cisco Systems, Inc All rights reserved Cisco Systems has more than 200 offices in the following countries and regions Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica Croatia • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia • Saudi Arabia Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan • Thailand • Turkey Ukraine • United Kingdom • United States ã Venezuela ã Vietnam ã Zimbabwe Copyright â 2006, Cisco Systems, Inc All rights reserved CCIP, the Cisco Powered Network mark, the Cisco Systems Verified logo, Cisco Unity, Fast Step, Follow Me Browsing, FormShare, Internet Quotient, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy, ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That’s Possible, The Fastest Way to Increase Your Internet Quotient, and iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherSwitch, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc and/or its affiliates in the U.S and certain other countries All other trademarks mentioned in this document or Web site are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0201R) Table of Contents Volume Module 8: Cisco Wireless Mesh Network Installation Lesson 1: Introducing Wireless Mesh Networking 8-3 Overview .8-3 Wireless Mesh Networking 8-4 Outdoor Wireless Mesh Solution Components 8-5 Adaptive Wireless Path Protocol .8-7 Mesh Applications .8-9 Lesson Self-Check 8-12 Summary 8-14 Lesson 2: Introducing the Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point 8-15 Overview 8-15 The Cisco Aironet 1500 Series 8-17 Power Solutions 8-18 Controller Intelligence .8-20 Mesh Management 8-23 Lesson Self-Check 8-27 Summary 8-29 Module 9: Security Lesson 1: Introducing 802.11 Security 9-3 WLAN Security 9-4 Wired Equivalent Privacy 9-8 Enhanced 802.11 Security 9-11 Wi-Fi Protected Access 9-21 Advanced Encryption Standard Encryption 9-36 Lesson Self-Check 9-37 Summary 9-39 Lesson 2: Defining Vulnerabilities of WLAN Security 9-41 Overview 9-41 Basic 802.11 Security Concerns .9-42 Documented WEP Attacks 9-45 Passive and Active Attacks .9-46 Lesson Self-Check 9-51 Summary 9-53 Lesson 3: Introducing Cisco Wireless Security Suite 9-55 Strong Authentication 9-56 Cisco LEAP .9-58 EAP-FAST 9-63 EAP-PEAP 9-67 Copyright © 2006, Cisco Systems, Inc Cisco Wireless LAN Fundamentals (CWLF) v1.0 EAP-TLS 9-73 Lesson Self-Check 9-78 Summary 9-80 Lesson 4: Configuring Cisco Secure ACS .9-81 Overview 9-81 Network Configuration 9-82 System Configuration 9-86 External User Database 9-90 Group Setup 9-95 User Setup 9-98 Lesson Self-Check 9-106 Summary 9-108 Lesson 5: Configuring Encryption and Authenticationon Autonomous Access Points 9-109 Overview 9-109 Securing the Access Point 9-111 Configuring the Access Point for Encryption and Authentication 9-116 Non-Root Device Configuration 9-124 Configuring MAC Authentication 9-127 Configuring the Client for Authentication and Encryption 9-129 Lesson Self-Check 9-138 Summary 9-140 Lesson 6: Configuring Encryption and Authentication on Lightweight Access Points 9-141 Overview 9-141 Security Policy Considerations 9-143 Open Authentication 9-144 Pre-Shared Key Authentication 9-145 Web Authentication 9-147 Public Key Infrastructure 9-152 802.1X 9-157 VPN 9-160 Cranite WirelessWall 9-170 Airfortress Secure Client 9-172 Lesson Self-Check 9-174 Summary 9-177 Module 10: Site Survey Preparation and Techniques Lesson 1: Determining the Deployment Requirements for a Site Survey 10-3 Overview 10-3 Methodology 10-5 Customer Requirements 10-7 Protocol Evaluation 10-9 Coverage 10-13 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Possible Problem Areas 10-16 Common Questions 10-17 Access Point Placement Guidelines .10-19 Enterprise Wireless Planning 10-20 Documentation 10-22 Lesson Self-Check 10-32 Summary .10-35 Preassessment Form 10-35 Lesson 2: Performing a Site Survey 10-39 Overview 10-39 Preparation .10-40 Access Point Placement 10-41 Coverage Parameters .10-44 Environmental Effects .10-49 Survey Mistakes 10-51 Lesson Self-Check 10-55 Summary .10-57 Module 11: Manual Site Survey Tools and Utilities Lesson 1: Identifying Site Survey Tools 11-3 Overview 11-3 Types of Access Points 11-4 Correct Surveying Equipment 11-5 Client Cards 11-7 Antennas 11-8 Antenna Cable Loss 11-10 Recommended Site Survey Equipment 11-11 Cisco Wireless Site Survey Kit 11-17 Lesson Self-Check 11-19 Summary .11-22 Lesson 2: Using Site Survey Utilities 11-23 Overview 11-23 Cisco Site Survey Tool 11-24 Cisco Aironet Site Survey Utility .11-25 AirMagnet Survey Pro Tool .11-32 Cisco IP Phone 7920 Site Survey Tool 11-35 Access Point Configuration .11-37 Access Point Statistics 11-40 Cisco 1000 Series Lightweight Access Point 11-42 Lesson Self-Check 11-43 Summary .11-45 Lesson 3: Using AirMagnet Site Survey Tool for a Manual Survey 11-47 Overview 11-47 Determining DSA Coverage 11-48 Copyright © 2006, Cisco Systems, Inc Cisco Wireless LAN Fundamentals (CWLF) v1.0 DSA Coverage Audit 11-52 Using the AirMagnet Site Survey 11-56 Add an Access Point Icon 11-66 Site Viewer Display Modes 11-69 Lesson Self-Check 11-79 Summary 11-81 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Module Cisco Wireless Mesh Network Installation Overview This module explores the Cisco Wireless Mesh Network solution Objectives Upon completing this module, you will be able to perform an initial configuration of a WLAN This ability includes being able to meet these objectives: „ Define wireless mesh networking and concepts „ Define the components, features, and functionality of the Cisco Aironet 1500 Series 8-2 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Lesson Introducing Wireless Mesh Networking Overview This lesson is an introduction to wireless mesh networking and concepts Objectives Upon completing this lesson, you will be able to define wireless mesh networking and concepts This ability includes being able to meet these objectives: „ Define wireless mesh networking „ Identify Cisco wireless mesh networking components „ Define Adaptive Wireless Path Protocol „ Identify wireless mesh applications Wireless Mesh Networking This topic defines wireless mesh networking Wireless Mesh Networking Defined Mesh is a network topology where devices are connected with many redundant connections between nodes The Internet is a good example of a mesh network Si Si Mesh Controller © 2006 Cisco Systems, Inc All rights reserved CWLF v1.0—m8-2 Mesh networking infrastructure is decentralized and inexpensive, as each node need only transmit as far as the next node Nodes act as repeaters to transmit data from nearby nodes to peers that are too far away to reach, resulting in a network that can span a large distance, especially over rough or difficult terrain Mesh networks are also extremely reliable, as each node is connected to several other nodes If one node drops out of the network, due to hardware failure or any other reason, its neighbors simply find another route Extra capacity can be installed by simply adding more nodes A wireless mesh is a mesh network like any other Connections between access point nodes are formed with a radio This allows many possible paths from a given node to other nodes Paths through the mesh network can change in response to traffic loads, radio conditions, or traffic prioritization Wireless mesh networks differ from other wireless networks in that only a subset of the nodes need to be connected to the wired network The network can cover more distance by using nodes that are not connected to the wired network Unlicensed bandwidth and wireless routing allow micro-cells to interconnect over wireless backhaul links, reducing costs 8-4 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Display Mode: Merged Signal Level Using Access Point Channel Filter Select Channels to limit view to a single channel © 2005 Cisco Systems, Inc All rights reserved Select or deselect APs individually from the channel list CWLF v1.0—m11-24 This view shows the channel filter tab Only data that is collected on the selected channels will be rendered in the data display area 11-70 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Display Mode: Merged Link Speed Select ‘Speed’ from drop-down menu © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-25 This view shows the display of link speed Data is merged together from all data elements that are selected by the filters The speed display shows the maximum link rate that is supported during the data traffic flow between the SiteViewer station and the test access point(s) during the survey walkabout The view also shows the speed data for an active survey in IEEE 802.11a mode The display shows the maximum data rate supported at each location For this scenario, the green line shows the boundary for the cell that was created by the access point in the lower left corner of the office, where the minimum service level is specified at 24 Mbps Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-71 Display Mode: Merged Signal-to-Noise Ratio Select ‘Noise’ from drop-down menu © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-26 This view shows the signal-to-noise ratio data display The signal-to-noise value is computed from the signal and noise-level data sets, and is displayed in accordance with the legend Some designers use the signal-to-noise ratio as a coverage quality indicator and define the boundary of coverage as all areas that have a signal-to-noise value above a certain threshold, such as 25 dB 11-72 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Display Mode – Retry Rate / Loss Rate © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-27 The AirMagnet Site Survey tool also provides retry rate and a loss rate view The figure illustrates the retry rate The number of retries per packet is indicated by color The values are displayed in accordance with the legend Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-73 Display Mode: Multiple Factor Split Screen Select the grid icon to use the 4-way view © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-28 In the figure the split-screen mode is shown, in which four different views can be simultaneously displayed This mode allows very easy visual comparison of the different measurement factors 11-74 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Location Specific Details Let mouse hover over any point of the map to see real data for that point © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-29 Let mouse hover over any point to see real data for that point Signal strength, signal to noise ratio, lost packets, data retries and many other values are displayed Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-75 Simulation Simulation button to open Simulation dialogue box © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-30 The simulation screen allows you to change the channel, SSID, and transmit power settings for a specific access point Adjust the noise floor to simulate noise or large numbers of clients 11-76 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Quick Recalibration Click ruler icon to measure or recalibrate map dimensions © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-31 A user can measure any distance on the map, or use the measurement tool to recalibrate the map dimensions To recalibrate, use the tool to measure an area of pre-known size, and enter the known dimensions into the dialogue box Surveyor will then recalibrate the map dimensions according to these calculations Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-77 References Airmagnet Site Survey Application Note http://www.airmagnet.com/assets/Site.Survey.pdf © 2005 Cisco Systems, Inc All rights reserved 11-78 Cisco Wireless LAN Fundamentals (CWLF) v1.0 CWLF v1.0—m11-32 Copyright © 2006, Cisco Systems, Inc Lesson Self-Check Use the questions here to review what you learned in this lesson The correct answers and solutions are found in the Lesson Self-Check Answer Key Q1) What does DSA stand for? (Source: Determining DSA Coverage) Q2) What is the targeted standard overlap between wireless cells of coverage? (Source: DSA Coverage Audit) A) B) C) D) percent 10 percent 15 percent 20 percent Q3) What must be imported in order to use AirMagnet Surveyor to conduct a site survey? (Source: Using AirMagnet Site Surveyor) Q4) Access point icons are drag and droppable (Source: Add Access Point Icon) A) B) Q5) True False How many different type views are there and what are they? (Source: Site Viewer and Display Modes) Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-79 Lesson Self-Check Answer Key 11-80 Q1) Designated Service Area Q2) D Q3) Floor Plan Q4) True Q5) 7, Loss Rate, Signal, Noise, Speed, Signal to Noise, Channel Interference and Retry Rate Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Summary This topic summarizes the key points discussed in this lesson Summary A DSA is an area where the survey will be performed and WLAN coverage is desired We discussed overlap between adjacent access points for good hand offs during client roaming We reviewed the process of surveying with the AirMagnet site survey tool We discussed both passive and active surveying with the AirMagnet site survey tool We viewed sample results with different filters of the AirMagnet site survey tool © 2005 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-34 A DSA is an area where the survey will be performed and WLAN coverage is desired We discussed overlap between adjacent access points for good hand offs during client roaming We reviewed the process of surveying with the AirMagnet site survey tool We discussed both passive and active surveying with the AirMagnet site survey tool We viewed sample results with different filters of the AirMagnet site survey tool Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-81 11-82 Cisco Wireless LAN Fundamentals (CWLF) v1.0 Copyright © 2006, Cisco Systems, Inc Module Summary This topic summarizes the key points that were discussed in this module Module Summary • A well equipped site survey case should include access points, access point mounting bracket for each antenna, client cards, several antennas, attenuators, cables, access point markers or tape, measuring devices, camera, battery pack, charger, zip ties, duct tape, bailing wire, electrical tape, two-sided tape, Velcro, and paper clips are common components in the kit of a good engineer • Cisco WCS, CiscoWorks WLSE, Cisco Aironet Site Survey Utility, and AirMagnet Surveyor are software tools available to help the site survey engineer conduct the site survey • We learned the procedures to complete a manuals site survey using AirMagnet Surveyor © 2006 Cisco Systems, Inc All rights reserved CWLF v1.0—m11-1 A well equipped site survey case should include access points, access point mounting bracket for each antenna, client cards, several antennas, attenuators, cables, access point markers or tape, measuring devices, camera, battery pack, charger, zip ties, duct tape, bailing wire, electrical tape, two-sided tape, Velcro, and paper clips are common components in the kit of a good engineer Cisco WCS, CiscoWorks WLSE, Cisco Aironet Site Survey Utility, and AirMagnet Surveyor are software tools available to help the site survey engineer conduct the site survey We learned the procedures to complete a manuals site survey using AirMagnet Surveyor Copyright © 2006, Cisco Systems, Inc Manual Site Survey Tools and Utilities 11-83 11-84 Cisco Wireless LAN Fundamentals (CWLF) Copyright © 2006, Cisco Systems, Inc ... 10 -32 Summary . 10 -35 Preassessment Form 10 -35 Lesson 2: Performing a Site Survey 10 -39 Overview 10 -39 Preparation . 10 - 40 Access... cipher 9 - 10 Cisco Wireless LAN Fundamentals (CWLF) v1 .0 Copyright © 200 6, Cisco Systems, Inc Enhanced 802 .11 Security This topic describes how enhanced 802 .11 security improves on basic 802 .11 security... 9 -12 Cisco Wireless LAN Fundamentals (CWLF) v1 .0 Copyright © 200 6, Cisco Systems, Inc  802 .1X for WLANs 802 .1X for 802 .11 • 802 .11 i specifies use of 802 .1X for client authentication • Based on