Download - TGIF Wireless
-
8/8/2019 TGIF Wireless
1/20
Wireless Networking
TGIF, April 18th, 2003
Alvin Chew ([email protected])Kent Reuber ([email protected])
-
8/8/2019 TGIF Wireless
2/20
Outline
Wireless technology overview
ITSS Wireless Net Department wireless nets
Home wireless nets
Questions
-
8/8/2019 TGIF Wireless
3/20
Wireless TechnologyO
verview
-
8/8/2019 TGIF Wireless
4/20
Why Wireless? (+) No wires. Convenience, flexible. But
(-) Relatively slow speeds, typically 5 Mbps with
802.11b. Nowhere near the 100 Mbps of typical wiredconnection.
(-) Wireless access points are hubs, not switches.Bandwidth is shared among wireless users. Think of itas phone party lines.
(-) Data is freely available in the air. Traffic is easily sniffed.
Data is not encrypted unless the protocol is encrypted (e.g.,SSL and Kerberos).
Stanford does not use WEP, because it can be cracked.
-
8/8/2019 TGIF Wireless
5/20
Wireless Terms Access Point (or AP): device that sends and receives wireless signals.
Usually directly connected to the wired net.
ITSS uses Cisco Aironet 350 APs.
SSID: the network name that Access Points broadcast.
ITSS uses Stanford.
Departments and home users may want to use other names.
Users can roam between access points with the same SSID.
Channel: radio frequency used by APs.
APs near one another should use different channels to minimize noise.
802.11b: Channels 1, 6, and 11 dont overlap. Channels 1, 4, 8, and 11
have only a little bit of overlap
-
8/8/2019 TGIF Wireless
6/20
Wireless Alphabet Soup 802.11b:
Most common wireless protocol. Uses 2.4GHz frequency, with 11Mbps bandwidth. (5 Mbps is more typical). ITSS wireless net and
most other campus wireless is based on this. 802.11a:
Uses 5.5GHz range, 54 Mbps bandwidth (~20 Mbps is typicalperformance). Produces to much radio power to be certified inmedical areas. Unlikely to become a standard at Stanford.
802.11g: Uses 2.4GHz band and is compatible with 802.11b. Also 54 Mbps
bandwidth (~20 Mbps typical). An emerging standard, but likelyto grow in the future.
-
8/8/2019 TGIF Wireless
7/20
ITSS Wireless Net
-
8/8/2019 TGIF Wireless
8/20
ITSS Wireless NetOverview
Coverage map at http://wirelessnet.stanford.edu
Wireless net uses separate physical and logical network. (Separate
switches, fiber, and address space.)
Prevents layer 2 attacks (e.g., broadcasts, IP/MAC spoofing) on wired net
Prevents wired broadcasts/multicasts from saturating wireless bandwidth
Dont have to dedicate department roaming IPs for wireless users
You still have to register wireless cards in NetDB.
provide the hardware address of the wireless card
enable DHCP and roaming.
Wireless card recommendations
Recommend Cisco and Apple cards which are available at the Bookstore.
Any WiFi certified card should work.
-
8/8/2019 TGIF Wireless
9/20
ITSS Wireless NetSecurity
Wireless networks are inherently insecure
Even with encryption, the data between client and APs are
available for anyone to capture.
Most corporate wireless nets lie outside of firewalls.
ITSS Wireless doesnt use WEP
Consumes client resources
Well-known security vulnerabilities
Other methods of wireless encryption are vendor-specific.
Stanford uses wireless authentication to protect campus
resources.
-
8/8/2019 TGIF Wireless
10/20
ITSS Wireless NetAuthentication
Protects the institution, not the user
S/ident integration
If you have PC/Mac-Leland, youre all set First net activity should bring up PC/Mac-Leland automatically
Web-based authentication backup
First web page you get is the authentication page
Automatically redirects you to your requested page after login
Future Guest Login feature
Any SUNet ID user will be able to sponsor a guest wireless
account
-
8/8/2019 TGIF Wireless
11/20
Department Wireless
-
8/8/2019 TGIF Wireless
12/20
My Department Wants Wireless! Net-to-jack clients are eligible for 1 AP for
every 16 wired ports.
Wireless net-to-jack: For non-net-to-jackclients, ITSS will do a survey, install,monitor, maintain, and upgrade yourwireless network. Price is $31/month perAP.
Or.
-
8/8/2019 TGIF Wireless
13/20
Do-It-YourselfOptions
Option 1: ITSS can place a wireless entrance
switch in your building and that carries the ITSS
Wireless net. Option 2: Departments can put their wireless
devices on their existing building net.
Both options require departments to purchase
APs and switches. ITSS can recommend
equipment, but departments will need to do their
own survey and place access points.
-
8/8/2019 TGIF Wireless
14/20
Department Wireless Setup ITSS Wireless net always uses Stanford
as the SSID.
APs plugged into the building netshouldnt use Stanford
This has caused problems when users roambetween access points.
Putting the department/group/lab name as theSSID makes it clear to users who to call in caseof trouble.
-
8/8/2019 TGIF Wireless
15/20
Recommended Cards and APs 802.11b cards:
Apple Airport card, Cisco Aironet 350 PC Card
In principle, any card that adhere to the WiFi
certification should work.
Access Points:
Cisco Aironet 350 APs for departments.
-
8/8/2019 TGIF Wireless
16/20
Home Wireless Nets
-
8/8/2019 TGIF Wireless
17/20
Keeping Your NeighborsO
ut The range of wireless means that its very possible that
your neighbors can use your wireless net too. And see allyour traffic
Precautions: Most APs have MAC address filters so that only specific cards
can associate. This is the most important thing to enable!
Most APs can also be set to not broadcast the SSID. (e.g., AppleAirports call this Create a closed network) That way, people
have to know the name of your network in order to join. Definitely want to use encrypted protocols whenever possible.
If available, consider turning down the power of your AP to restrictthe range.
-
8/8/2019 TGIF Wireless
18/20
Setup 1: Stanford DSL and
Stanford West In both cases, you can request multiple IP addresses for
home machines. You dont need a DSL router.
We suggest that you purchase access points that dobridging, where traffic is simply forwarded between thewired and wireless sides of the access point withoutalteration. Examples: Cisco Aironet 350, Linksys WAP11, Apple Airport.
Weve seen a number of people on the campus or StanfordWest who have installed Airport base stations with DHCPenabled on the Ethernet side, disrupting DHCP service. Breaks DHCP for other users.
We shut down their connections
-
8/8/2019 TGIF Wireless
19/20
Setup 2: Non-Stanford DSL or
Cable Modem In many cases, you only get one IP address.
Network Address Translation (NAT -- often
provided by DSL/wireless routers) can be usedto hide a network behind a single IP address:
Some wireless units do this by default. E.g., Apple
Airport.
Note that NAT disrupts some Stanford services,especially WebAuth.
Also interferes with some VPN setups.
-
8/8/2019 TGIF Wireless
20/20
Questions???