We can set up dedicated wireless networks, just for printers, tablets, or just for IoT devices. And then we can keep these devices separated.
Security concerns
If they have the right antenna they can get into the building from outside of the building
Ad Hoc
Device to device (P2P)
WiFi printing
Apple AirDrop
Does not scale well
Infrastructure
Devices do not communicate directly
Ex: devices sending all the traffic to an access point, the access point is gonna do something with your traffic and then it will be forwarded to another machine.
Depends on the way wireless is deployed.
Scale well.
Access points (AP)
Radio interface on one side speaking Radio Frequencies (RF), and this is typically 2.4 - 5 GHz
On the other side of the AP we have an ethernet connection which is wired
This is serving like an antenna to the network.
Bridges wireless users to wired network
Bridge means forwarding traffic based on a layer two header while Routers forward traffic based on a layer 3 header looking at IP addresses.
Most WiFi networks use this
The alternative is Ad Hoc.
Wireless LAN Equipment
Wireless Access Point (WAP)
Gets you from wireless to wired.
How do you manage it?
If you have a large area and you've got 50 APs, each of those APs is going to have a different user account on it, because your are logging in locally. Beyond that, it's going to have a local configuration.
When you define a Security Set Identifier (SSID), which is a name for your wireless network, that configuration exists in one access point.
When you have 50 devices you have to maintain a spreadsheet of what all those IP addresses are and all the logins for all these devices and manage it one at a time. Not very practical.
Wireless LAN Controller (WLC)
The central control plane. You configure it one time and that WLC pushes the configuration out to your 50 APs for example.
It could be a physical device.
It could also be a line card which goes into a switch. SO some switches are modular.
When you buy a switch chassis, that chassis gets line cards, which are modular cards that are slide in to support different types of ports, the advantage of that modular switch is that you can install different ports with different capabilities
We have Line cards for services
An example of this service would be a WLC, so you can plug a card into a switch and it would run your entire wireless solution from there.
An alternative for this would be an Appliance that is adjacent to the chassis and is wired to it but not part of it.
This is an on-premise solution.
Cloud-based controller
Go to a web browser, type in the domain name of the cloud base controller, authenticate, and then you can see all your access points and you can do all your management from the cloud.
This is an example of an off-premise solution.
Wireless Clients
Devices that join the network
Wireless NIC
The requirement to join the network is having a Wireless NIC
Wireless Components
Security Set Identifier (SSID)
Essentially the name of the network
The first approach to do security when wireless networks were emerging.
Wireless Standards (B/A/G/N/AC/AX)
B: 2.4 GHz
A: 5 GHz
G: Speeds of A but backwards compatible
N: Multi in and multi out
AC: -
AX: -
Both the client and the infrastructure have to support these frequencies. For example, with 802.11 N we are supporting both 2.4 and 5 GHz.
WiFi Frequencies
2.4 GHz
5 GHz
Antenna (where are we sending communications)
Yagi
Looks like a pipe
If its far a way and the direction is known, Yagi allows us to send a very focus signal in almost like a spotlight.
The tube/cylinder is easy to install and is lightweight, not really impacted by the wind.
Omni
Send the signal in every direction
Gives us the ability to cover a big sphere
Parabolic
Very directional but is a bit more forgiving than the Yagi
Tend to be larger dishes. This could potentially impact your network reliability because of wind or other conditions.
Wirless Security
Wired Equivalent Privacy (WEP)
Clients now have to enter the secret key to authenticate and access protected data.
Keys are static (do not change).
Poor key management led to security vulnerabilities.
WiFi Protected Access (WPA)
Temporary Fix
Keys now are time-based, so it kind of got rid of one of the biggest issues of WEP.
WiFi Protected Access 2 (WPA 2)
Finalized edition of WPA, it is what we use today. (The most prominent)
Modes:
Preshared-key mode
Type the same key every time you want to jump on the network, very easy, but it is attackable, just like WEP.
Vast majority of use have got preshared-key setups
802.1.x
Implement a AAA server or a user database and we authenticate all users against that database, using the network hardware.
Also known as Extensible Authentication Protocol (EAP)
It is absolutely secure.
WiFi Protected Access 3 (WPA 3)
Requires hardware that's got WPA 3 capabilities in it on both the client side and the server.
Mesh
More complex Ad Hoc configuration
Data hops from one device to next
Imagine that we do not have a wire, maybe we have got a huge park outside of our building, I can drop access points around the park, we ideally would have to plug an ethernet cord to each AP which would be better because it would leave us with more airspace to talk to more users.
If we do not have a wire, what we can do is just hook power to each of these, and what they'll do is they'll connect to each other, so the radio devices from almost their own backbone of how they're going to communicate using certain radio frequencies, and then using other certain radio frequencies they're connecting to the users.
Benefits from multi-radio
Use one radio interface to listen and bring communication from our users
Use another radio interface to actually talk to our infrastructure.
/CAP/Network+/Visual%20Aids/Pasted%20image%2020241024113328.png)