Wireless Ethernet LANs (WLAN) are just about everywhere today - McDonald's, pay phones, hotels, your neighbor's house, and even the accounting department. Sadly, in most cases this access is completely insecure, resulting in user data being transmitted for anyone to see and open access to your private data network. The focus of this series is to give you a solid understanding of the 802.11 PHY and MAC, 802.11 security issues, and a viable, inexpensive solution for providing secure wireless private and public network access using Cisco IOS features and open source Unix/Linux applications. This article will review the 802.11 architecture and the PHY standards for 802.11a, b, and g and performance expectations.
Work on proprietary wireless Ethernet began in the mid-1980, with the creation of the IEEE standards project 802.11 in 1990. The IEEE project's scope was to develop specifications for OSI-RM Layer 1 (PHY) and Media Access Control (MAC), a sub-layer of Layer 2. There are 19 standards that make up 802.11 protocol. The most commonly identified are:
- 802.11b, approved in 1999
- 802.11a, approved in 1999
- 802.11g, approved in 2003
The IEEE architecture defines two operational architectures: ad-hoc and infrastructure. The ad-hoc approach provides for a peer-to-peer topology where nodes interact directly with each other. The idea here is that a group of computers want to locally exchange information (i.e., meeting in a conference room) and require no other "wired" LAN access. A good wired example of this is a group of nodes connected to a standalone hub. Devices connected together in an ad-hoc topology are referred to as an independent basic service set (IBSS). In an IBSS, one of the members is "elected" Master and functions as the base station for the ad-hoc network using the Spokesman Election Algorithm (SEA). Once the IBSS is established, the peering nodes broadcast identity information so the peers can establish who is who.
The 802.11 infrastructure architecture works on a cellular topology. The architecture is constructed of wireless access points (APs). The AP serves as the bridge device between the wireless and wired network. A wireless "cell" is a physical area covered by a single AP running on a specific RF channel (in a single AP environment the channel selection may be dynamic). Each AP cell is known as a basic service set (BSS). In a multi-AP environment, BSSs are connected through a distribution system (DS), which is basically a LAN. Ideally, APs should be connected to a switch or bridge port. This ensures performance, dedicating the LAN port's bandwidth only to the wireless nodes.
The collection of all of the AP cells is called an extended service set (ESS). Nodes join the ESS (and IBSS for that matter) by joining the network using the ESS's service set identifier (SSID), which is defined on each of the APs in the ESS. The SSID can be announced by the AP or not. But to join the ESS, the user needs to know it. Once a node has joined the ESS, it moves throughout the ESS associating and disassociating itself to the different BSSs in much the same way cellular phones move between cell sites. The APs are stationary and the nodes are mobile. Each AP sends out a beacon approximately every 10 ms. Each node runs a MAC layer scan function (this can be passive, where the node just listens, or active, where the node listens and transmits probe messages) to accesses the signal strength and signal-to-noise ratio between the node and the AP. During the handoff process of AP disassociation and reassociation, the node will experience some network latency, during which the node is unable to send or receive network data. However, unlike a cellular call, which can often drop during the transition, the wireless node will recover from this brief latency period, thanks to TCP retransmissions.
Tomorrow - The 802.x protocols examined