CHAPTER 4

Wireless LANs
INTRODUCTION

Wireless networks can provide client mobility, the ability

to connect from any location and at any time, and the
ability to roam while staying connected. A Wireless LAN
(WLAN) is a classification of wireless network that is
commonly used in homes, offices, and campus
environments. Although it uses radio frequencies instead of
cables, it is commonly implemented in a switched network
environment and its frame format is similar to Ethernet.
BENEFITS OF WIRELESS

There are many benefits to supporting wireless

networking, both in the business environment and
at home. Some of the benefits include increased
flexibility, increased productivity, reduced costs,
and the ability to grow and adapt to changing
requirements.
WIRELESS TECHNOLOGIES

Wireless communications are used in a variety of

professions. Although the mix of wireless technologies is
continually expanding.

There are many types of wireless technologies available.

WIRELESS TECHNOLOGIES
WIRELESS NICs
The simplest wireless network
requires a minimum of two devices.
Each device must have a radio
transmitter and a radio receiver tuned
to the same frequencies.
However most wireless deployments
require:
 End devices with wireless NICs
 Infrastructure device, such as a
wireless router or wireless AP
WIRELESS NICs
To communicate wirelessly, end
devices require a wireless NIC that
incorporates a radio
transmitter/receiver and the
required software driver to make it
operational. Laptops, tablets, smart
phones now all include integrated
wireless NICs. However, if a device
does not have an integrated wireless
NIC, then a USB wireless adapter
can be used.
WIRELESS HOME ROUTER
The type of infrastructure device that
an end device associates and
authenticates with varies based on the
size and requirement of the WLAN.
For instance, a home user typically
interconnects wireless devices using a
small, wireless router. The wireless
router serves as:
 Access point - Provides
802.11a/b/g/n/ac wireless
access
 Switch - Provides a four-port,
full-duplex, 10/100/1000
Ethernet switch to connect
WIRELESS ACCESS POINTS
APs can be categorized as either autonomous APs or controller-based APs.

Autonomous APs
Autonomous APs, sometimes
referred to as heavy APs, are
standalone devices configured
using the Cisco CLI or a GUI.
Autonomous APs are useful in
situations where only a couple of
APs are required in the network.
Optionally, multiple APs can be
controlled using wireless domain
services (WDS) and managed
using CiscoWorks Wireless LAN
Solution Engine (WLSE).
WIRELESS ACCESS POINTS
APs can be categorized as either autonomous APs or controller-based APs.

Controller-Based APs
Controller-based APs are server-
dependent devices that require no
initial configuration. Cisco offers
two controller-based solutions.
Controller-based APs are useful
in situations where many APs are
required in the network. As more
APs are added, each AP is
automatically configured and
managed by a WLAN controller.
WIRELESS ANTENNAS

Most business class APs

require the use of external
antennas to make them fully-
functioning units. Cisco has
developed antennas
specifically designed for use
with 802.11 APs while
accommodating specific
deployment conditions,
including physical layout,
distance, and aesthetics.
WIRELESS ANTENNAS

Cisco Aironet APs can use:

 Omnidirectional Wi-Fi
Antennas - Factory Wi-Fi
gear often uses basic
dipole antennas, also
referred to as “rubber
duck” design, similar to
those used on walkie-
talkie radios.
Omnidirectional antennas
provide 360-degree
coverage and are ideal in
open office areas,
WIRELESS ANTENNAS

Cisco Aironet APs can use:

 Directional Wi-Fi
Antennas - Directional
antennas focus the radio
signal in a given
direction. This enhances
the signal to and from the
AP in the direction the
antenna is pointing,
providing stronger signal
strength in one direction
and less signal strength in
all other directions.
WIRELESS ANTENNAS

Cisco Aironet APs can use:

 Yagi antennas - Type of
directional radio antenna
that can be used for long-
distance Wi-Fi
networking. These
antennas are typically
used to extend the range
of outdoor hotspots in a
specific direction, or to
reach an outbuilding.
SECURING WIRELESS

The difficulties in keeping a wired network secure are

amplified with a wireless network. Security should be a
priority for anyone who uses or administers networks.
A WLAN is open to anyone within range of an AP and the
appropriate credentials to associate to it. With a wireless
NIC and knowledge of cracking techniques, an attacker
may not have to physically enter the workplace to gain
access to a WLAN.
SECURING WIRELESS

Attacks can be generated by

outsiders, disgruntled
employees, and even
unintentionally by employees.
Wireless networks are
specifically susceptible to
several threats, including:
 Wireless intruders
 Rogue APs
 Interception of data
 DoS attacks
DoS Attack
Wireless DoS attacks can
be the result of:
 Improperly configured
devices - Configuration
errors can disable the
WLAN. For instance, an
administrator could
accidently alter a
configuration and disable
the network, or an
intruder with
administrator privileges
could intentionally
disable a WLAN.
DoS Attack
Wireless DoS attacks can
be the result of:
 A malicious user
intentionally interfering
with the wireless
communication - Their
goal is to disable the
wireless network
completely or to the
point where no
legitimate device can
access the medium.
DoS Attack
Wireless DoS attacks can
be the result of:
 Accidental interference -
WLANs operate in the
unlicensed frequency bands
and; therefore, all wireless
networks, regardless of
security features, are prone
to interference from other
wireless devices.
Accidental interference
may occur from such
devices as microwave
ovens, cordless phones,
baby monitors, and more.
DoS Attack
To minimize the risk of a
DoS attack due to
improperly configured
devices and malicious
attack, harden all devices,
keep passwords secure,
create backups, and ensure
that all configuration
changes are incorporated
off-hours.
Rogue Access Points
A rogue AP is an AP or
wireless router that has
either been:
 Connected to a corporate
network without explicit
authorization and against
corporate policy. Anyone
with access to the
premises can install
(maliciously or non-
maliciously) an
inexpensive wireless
router that can potentially
allow access to a secure
Rogue Access Points
A rogue AP is an AP or
wireless router that has
either been:
 Connected or enabled by
an attacker to capture
client data such as the
MAC addresses of clients
(both wireless and
wired), or to capture and
disguise data packets, to
gain access to network
resources, or to launch
man-in-the-middle
attack.
Man-in-the-Middle Attack

One of the more

sophisticated attacks a
malicious user can use is
called a man-in-the-
middle (MITM) attack.
There are many ways in
which to create a MITM
attack.
Man-in-the-Middle Attack

A popular wireless MITM

attack is called the “evil twin
AP” attack, where an
attacker introduces a rogue
AP and configures it with the
same SSID as a legitimate
AP. Locations offering free
Wi-Fi, such as airports,
cafes, and restaurants, are
hotbeds for this type of
attack due to the open
authentication.
Planning a Wireless Router
Implementation

Most home wireless routers are ready for service out of

the box. They do not require any additional
configuration. However, wireless router default IP
addresses, usernames, and passwords can easily be found
on the Internet. Just enter the search phrase “default
wireless router ip address” or “default wireless router
passwords” to see a listing of many websites that provide
this information. Therefore, your first priority should be
to change these defaults for security reasons.
Planning a Wireless Router
Implementation
Before installing a wireless
router, consider changing
the following default
settings:
 Internet Connection - IP
address assignment for
the Internet connection is
normally set by the ISP
through DHCP, as shown
in the figure. However,
you will statically
configure this address in
Planning a Wireless Router
Implementation
Before installing a wireless
router, consider changing
the following default
settings:
 DHCP Settings -
Wireless routers come
with DHCP already
configured for the
WLAN and LAN
connections. However, it
is a security best practice
to change the default
Planning a Wireless Router
Implementation
Before installing a wireless
router, consider changing
the following default
settings:
 SSID Name - The name
of the WLAN network
will be set to default
name, which should be
changed.
Planning a Wireless Router
Implementation
Before installing a wireless
router, consider changing
the following default
settings:
 WLAN Security - Out
of the box, home
wireless routers will
have no encryption and
no security password.
The WLAN will be open
and available for any
wireless device to
Planning a Wireless Router
Implementation
Before installing a wireless
router, consider changing
the following default
settings:
 Management Access -
The default passwords to
access any brand of
wireless router are
readily available on the
Internet. Therefore, the
password should be
changed to prevent
Connecting the Wireless Router the
Internet
A wireless router has
several ports to connect
wired devices. For example,
the wireless router in the
figure has a USB port, an
Internet port, and four LAN
ports. The Internet port is
an Ethernet port that is used
to connect the router to a
service provider device such
as a DSL or cable modem.
Logging in to the Router

To gain access to the

wireless router’s
configuration GUI,
open a web browser.
In the Address field,
enter the default
private IP address for
your wireless router. 
Configuring IP Addressing

In a home or small
office network, you
would normally leave
the Internet connection
set to automatic. 
Configuring Wireless Settings

After establishing the

connection to a router, it is
good practice to configure
some basic settings to help
secure the wireless network:
 Network Mode
 Network Name (SSID)
 Standard Channel
 Wireless Security
Configuring Management Access

Although we changed the

management address to
access the router to
10.10.10.1, the password
is still set to the default.
For Packet Tracer wireless
router s, you change the
administrative password
in the Administration tab
Connecting Wireless Clients

When the AP or wireless

router has been
configured, test wireless
connectivity by
configuring a wireless
client to access the
WLAN, as shown in the
figure. Verify that the
client has successfully
connected to the correct
wireless network,
especially because there
may be many WLANs