○ Wireless NIC
Andrew Crouthamel Cisco CCNA Training Notes 72
○ Wireless Access Point (WAP), common for business use ■ Autonomous APs
● Individual APs that are configured independently ● Common for homes and small offices
■ Controller APs
● Require either a server (controller) to configure and operate, or communicate between themselves to select an AP to be the controller, or act as a “hive mind”
● Common for larger businesses and offices
○ Many business that sell AP solutions, Cisco/Meraki, Aruba, Aerohive, Netgear, SonicWALL, etc.
○ Antennas
■ Omnidirectional
● Standard “rubber duck” antenna most commercial products use ■ Directional
● Communicates in one direction, usually looks like a dish of some kind
■ Yagi
● Looks like an old TV antenna, a pseudo-triangle that points in one direction, used for long distances
● Modes
○ Ad hoc - When two devices connect directly (laptop to laptop for example) ○ Infrastructure - When devices connect to an AP
■ Basic Service Set (BSS)
● A single AP connecting all clients ● Common in homes and small offices ■ Extended Service Set (ESS)
● Multiple APs connecting clients
○ APs broadcast one or more Service Set Identification (SSID)
○ AP signal coverage overlaps to provide good quality coverage
○ APs use different channels to avoid data collisions ● Common in larger businesses and offices
● Header
○ Frame Control
■ Type of wireless frame, protocol version, power, security, etc. ○ Duration
■ The remaining duration needed to receive next frame ○ Address1
■ MAC of receiving device ○ Address2
Andrew Crouthamel Cisco CCNA Training Notes 73
○ Address3
■ Optional MAC of destination such as default gateway ○ Sequence Control
■ Sequence number and fragment number ○ Address4
■ Only used in ad hoc mode ○ Payload
■ Data from application ○ FCS
■ CRC for Layer 2 error detection
● Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA)
○ Similar to CSMA/CD but without collision detection since that is unreliable in wireless ○ Wifi is half-duplex ● Management frames ○ Used to connect to an AP ■ Discover ■ Authenticate ■ Associate ○ Association parameters
■ SSID - Network name ■ Password
■ Network mode - 802.11a/b/g/n/ac/ad ■ Security mode - WEP, WPA, WPA2
■ Channel settings - 11 in North America, 13 in Europe ● Discovering a network
○ Passive client - AP sends out SSID beacon, network shows on client for selection ○ Active client - AP does not send out SSID, client must be configured with
connection settings ● Security modes
○ Open - Anyone can connect
○ Shared key - Client must have the secret key
○ 802.1X - Username and password authentication checked against a local or remote server database, often used in large businesses
● Channel management methods
○ Direct-sequence spread spectrum (DSSS)
■ Spreads a signal over a larger frequency band reducing interference ■ A signal is multiplied by a known code, the receiver knows of the same
code and can reconstruct the signal
■ Used by 802.11b, cordless phones, CDMA cellular, GPS ○ Frequency-hopping spread spectrum (FHSS)
■ Similar to DSSS but rapidly changes frequency channels ■ Receiving node must know which channel to listen on
Andrew Crouthamel Cisco CCNA Training Notes 74
■ Used by walkie-talkies and 900 MHz cordless phones, Bluetooth ○ Orthogonal frequency-division multiplexing (OFDM)
■ Creates subchannels that are orthogonal to each other to allow overlapping
■ Very efficient at channel usage ■ Used by 802.11a/g/n/ac ● Channel selection
○ 1, 6, 11 are non-overlapping and good choices ○ Check nearby channel use though
○ Sometimes better to use 3 and 8 or similar ones “in-between” the main channels most people use
○ 802.11n can use channel bonding to turn two 20 MHz channels into one 40 MHz channel
● DoS attacks
○ Spoofed disconnect - Attacker sends “disassociate” commands to all clients, clients reconnect causing a lot of traffic
○ CTS flood - Attacker floods Clear to Send (CTS) frames to a bogus STA, clients wait until attacker stops sending CTS frames
● Rogue Access Points
○ Issue in offices, if someone brings in a home router and connects it at their desk ● Original mitigation techniques
○ SSID cloaking - Disable the SSID beacon, clients can still try to guess the connection
○ MAC address filtering - ACL of MAC addresses allowed on wireless network ● Authentication methods
○ Wired Equivalent Privacy (WEP) ■ Original 802.11 specification ■ Uses RC4 encryption
■ Can now be hacked within 5 minutes ○ Wi-Fi Protected Access (WPA)
■ Wi-Fi Alliance standard, uses WEP but with Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES) to encrypt data better
○ IEEE 802.11i/WPA2
■ Wi-Fi Alliance calls it WPA2 ■ Uses AES for encryption ■ Suggested setting
IOS Naming Scheme
● Software release families share code and apply to certain hardware ● Software releases within a family include 12.3, 12.4, 15.0, 15.1
Andrew Crouthamel Cisco CCNA Training Notes 75
● Bug fixes and feature additions to software releases are called IOS trains ● Software families may have two or more trains
● For example, 12.4 has two trains
○ Mainline - Always associated with a technology train (T)
○ Technology - Receives bug fixes from mainline as well as new features ○ 12.4 and 12.4T ● Number is composed of ○ Train number ○ Maintenance number ○ Rebuild number ○ 12.4(21a) ● Pre-v15 packages
○ IP Base - Entry-level package ○ IP Voice - VoIP features
○ Advanced Security - VPN features such as IPsec, firewall, IDS/IPS ○ Service Provider (SP) - SSH/SSL, ATM, MPLS, etc.
○ Enterprise Base - Appletalk, IPX, etc. ● 15.0 was released after 12.4
○ Improved features and hardware support ○ Consolidated features
○ Simplified numbering system ● 15.0 now has new release system
○ New releases, T trains available 2 or 3 times per year
○ Extended Maintenance (EM) releases every 16 to 20 months ○ EM releases include all features and fixes of T releases
○ EM for long term maintenance schedules, T for standard maintenance schedules ● Parts of a 12.4 image name
○ Image Name ○ Feature set
○ Run location and compression
○ Train number, maintenance release number, train identifier ○ File extension
● Parts of a 15.0 image name ○ Image Name
○ Image Designation
○ Run location and compression ○ Cisco signature
○ Major release, minor release, maintenance release, rebuild numbers ○ File extension