A wireless LAN (WLAN) is a network composed of at least one WAP and at least one computer or handheld device that can connect to the WAP. Usually these networks are Ethernet based, but they can be based off other networking architectures. In order to ensure compatibility,the WAP and other wireless devices must all use the same IEEE 802.11 WLAN standard. These standards are collectively referred to as 802.11x (not to be confused with 802.1X), and they are defined by the data link layer of the OSI model. The term “WLAN” is often used interchangeably with Wi-Fi. However, Wi-Fi refers to a trademark created by the Wi-Fi Alliance. Wi-Fi products and technologies are based on the WLAN standards. These WLAN standards dictate the frequency (or frequencies) used, speed, and so on. Table 3-4 shows the most common standards and their maximum data transfer rate and frequency.
In the United States, 802.11b and g have 11 usable channels, starting with channel 1 centered at 2.412 GHz and ending with channel 11 centered at 2.462 GHz. This is a smaller range than some other countries use.
Many of the channels in a WLAN overlap. To avoid this, organizations may put, for example, three separate WAPs on channels 1, 6, and 11, respectively. This keeps them from overlapping and interfering with each other. If two WAPs on channels 4 and 5 are in close proximity to each other, there will be a decent amount of interference. It’s also wise to keep WLAN WAPs away from Bluetooth devices and Bluetooth access points, because Bluetooth also uses the 2.4 GHz frequency range.
It should go without saying that compatibility is key. However, many WAPs are backward compatible. For example, an 802.11g WAP might also allow 802.11b connections. Perhaps it even allows 802.11a connections, which would be an example of wireless bridging. But generally, companies are looking for the fastest compatible speed possible from all of their wireless networking equipment—and today, that means 802.11n. 802.11n is superior to older WLAN standards in the following ways:
• Multiple-Input Multiple-Output (MIMO): This means that wireless devices can have more antennas, up to four maximum.
• Frame aggregation: This is the sending of two or more frames of data in a single transmission.By aggregating frames, the amount of data transferred on the data link layer can be doubled in the 802.11n standard.
• Channel bonding: Here, two channels that do not overlap are used together in an effort to double the physical data rate (PHY). Channel bandwidth therefore becomes 40 MHz instead of the previously used 20 MHz.
Of course, all this great technology can be easily manipulated if it is not protected. To mitigate risk, encryption should be used. There are several types of encryption available for wireless networks, but the most secure is WPA2 when used with AES, as shown in Table 3-5. Without the proper encryption turned on at the client, and without knowledge of the correct key or pass phrase, a client computer will not be able to connect to the WAP.
WEP also has 128-bit and 256-bit versions, but these versions are not commonly found in wireless network hardware. WEP in general is an out of date protocol, and it is not recommended. However, if there are no other options available to you, WEP is far superior to no encryption!
Another way to secure a wireless connection is to use 802.1X. IEEE 802.1X is port-based network access control (PNAC). This provides strong authentication to devices that need to connect to the WLAN; it can also be used for regular wired LANs. There are three components to an 802.1X set-up. The first is the supplicant, or the computer that is attempting to connect to the WLAN. The second is the authenticator, or the wireless access point. The third is the authentication server; often this will be a RADIUS server, which enables advanced authentication techniques. RADIUS servers can be setup within Windows Server 2003 products by installing the Internet Authentication Service (IAS). Windows Server 2008 includes RADIUS within the Network Policy Server (NPS).
There several different ways to connect to a wireless network—primarily infrastructure mode and ad-hoc mode:
• Infrastructure mode is more common. It occurs when wireless clients connect to and are authenticated by a wireless access point, which can be expanded by creating a wireless distribution system—a group of WAPs interconnected wirelessly. When utilizing infrastructure mode, the base unit (normally a WAP) will be configured with a service set identifier (SSID). This then becomes the name of the wireless network, and it is broadcast over the airwaves. Thus, when clients want to connect to the WAP, they can identify it by the SSID.
• Ad-hoc mode is less common, and it is used more often in a handheld computer environment.Ad-hoc (also referred to as peer-to-peer or P2P) networks occur when all of the clients communicate directly with each other. There is no “base” so to speak, meaning a wireless access point. Generally, this type of network is configured so that two individual wireless devices can connect to each other and communicate, perhaps privately.
EXAMINE WIRELESS NETWORKING SETTINGS
In the following exercise, we will access the D-Link DIR-655 emulator and show some standard wireless configurations. To do so, perform these steps:
1. Log in to the DIR-655 emulator and view basic settings:
a. Connect to a router. The username cannot be changed, and the password is blank, meaning there is no password. This displays the main Device Information page. Examine this page. Note the LAN IP address of the device. It should be 192.168.0.1, the default for D-Link WAPs. If a client wants to connect to this device, it has to be confi gured via DHCP or statically, but it will need to be on the 192.168.0 network.
b. Scroll down and examine the wireless settings. Wireless should be enabled by default. Note the mode, channel width, channel used, and so on.
2. Modify the SSID:
a. Click the Setup link on the top banner.
b. Click the Wireless Settings link on the left side.
c. Click the Manual Wireless Network Setup button. This should display the Wireless page.
d. Look for the Wireless Network Name. This is the SSID. The default for D-Link devices is none other than dlink. It is highly recommended that you modify the default SSID on any WAP. Change it now to something a bit
3. Modify the wireless configuration:
a. Examine the 802.11 Mode drop-down menu. Note the variety of settings. Modify this so that it says 802.11n only.
b. Deselect the Enable Auto Channel Scan checkbox. This should enable the Wireless Channel drop-down menu. Select channel 11, which is centered at 2.462 GHz. Subsequent WAPs should be set to channel 6 and channel 1 in order to avoid channel overlapping.
c. Modify the Channel Width setting to 40 MHz. This will incorporate channel bonding.
4. Enable encryption:
a. At the Security Mode drop-down menu, select WPA-Personal. This should display additional WPA information. You would only select WPA-Enterprise if you had the aforementioned RADIUS server available.
b. Scroll down, and in the WPA Mode drop-down menu, select WPA2 Only.
c. In the Cipher Type drop-down menu, select AES.
d. Finally, type in a complex Pre-Shared Key. This is the pass-phrase that clients need to enter in order to connect to the WLAN.
This is the highest level of security this device offers (aside from WPA-Enterprise). Your configuration should look similar to Figure 3-8.
5. Disable the SSID:
a. When all clients are connected to the WAP, the SSID should be disabled. This will not allow new connections to the WAP unless the person knows the SSID name, but computers that have already connected may continue to do so.
b. To do this, click the Invisible radio button in the Visibility Status field.
Figure 3-8 D-Link DIR-655 wireless configuration
6. Save the settings:
a. At this point, you should save the settings. The emulator doesn’t allow anything to be saved. It reverts back to defaults when you log out or disconnect from the Web site, so clicking Save Settings won’t do anything. But on an actual DIR-655, the settings would save and a reboot would be necessary.
b. It’s also important to back up the confi guration. This can be done by clicking Tools on the top banner, then System on the left side and selecting Save Configuration; this is a real time saver in case you have to reset the unit.
It is also wise to update the device to the latest fi rmware. Save your settings before doing so because they will be lost when the upgrade is complete; if saved, they can later be loaded back in.