WiFi Fundamentals

Wi-Fi, or Wireless Fidelity, is freedom: it allows you to connect to the Internet from your couch at home, a bed in a hotel room or a conference room at work without wires.

Wi-Fi is a wireless technology like a cell phone. Wi-Fi enabled computers send and receive data indoors and out; anywhere within the range of a base station.

Its just as fast as a cable modem connection.

Allows you to access the Internet while on the move ; you can remain online while moving from one area to another, without a disconnection or loss in coverage.

Sample WiFi Illustration

Components required – for a SOHO environment

A PC, laptop or PDA, running Windows 98 or above.

A wireless PCMCIA card, or a wireless adapter.

A Network Interface Card (optional) - Only if a LAN connection is required)

An Access Point - essentially a compact radio transmitter with an antenna that connects to a wired connection, such as an Ethernet, DSL, or Cable Network.

A valid internet connection.

Components required – for a larger environment

Multiple Access Points - To provide overlapping coverage throughout a site. Access points can be installed almost anywhere. Repeaters can be installed in areas where cabling is difficult.

Network switch - A device that joins multiple computers together. A set of Access Points can be connected to a single network switch.

Wireless LAN bridge (optional) – A wireless LAN workgroup bridge enables connection between two different hotspot networks.

Components required – for a larger environment

Authentication and Billing Server – Enables control access to the Wi-Fi hotspot network by conducting authentication checks similar to credit card or member ID authentication. Also tracks wireless usage for billing purposes and provides payment transaction services.

Wireless Access Gateway – A device which connects wireless subscribers to the wired network. It employs one Ethernet port to interface with the router (network side) and one wireless subscriber port that supports IEEE 802.11b/g standard (subscriber side)

IEEE Wireless StandardsWireless Standard

802.11b 802.11g 802.11a

Frequency Range 2.4 – 2.4835 GHz 2.4 – 2.4835 GHz 5.725 - 5.850 GHz

Max Speed 11 MBPS 54 MBPS 54 MBPS

Max Encryption 128 bit WEP 128 bit WEP 152 bit WEP

256 bit AES

Discrete Channels 3 3 8

Natively Compatible

802.11b, 802.11g 802.11b, 802.11g 802.11a

Potential user Entry level and home networks

Larger networks, small business

Large business concerned with security

Characteristics of an AP• We use Accton, DAX and SMC Access Points, which support

802.11b/g protocols.• AP antennas are either uni-directional (helical and patch) or omni-

directional.• The 3 discrete channels are 1, 6 and 11, each has an R/F range of

22MHz.• The transmission power of an AP is measured either in Milliwat or

DBM

• An AP can be identified based on a unique MAC address, an IP address, or an assigned name.

30 mw 15 dbm

67 mw 18 dbm

100 mw 20 dbm

Antenna Basics An antenna propagates and receives RF signals from the air and

makes them available to the receiver Frequency – Antennas should be tuned to either 2.4 GHz (802.11 b/g)

or 5 GHz (802.11a) Power - Antennas can handle specific amounts of power put out by

the transmitter. Antennas are generally rated >1W Radiation pattern – Defines the radio wave propagation of the

antenna. An isotropic pattern means the AP transmits radio waves in all directions equally (beach ball pattern)

Gain – Represents how well the antenna increases effective signal power, with decibels as unit of measure. For instance, AP transmitting at 100mw with 3 dB gain produces 200mw effective output. dBi is the gain relative to an isotropic source.

Antenna Basics SNR (Signal to Noise Ratio) – Ratio of amplitude of radio signal to

amplitude of noise in a transmission channel. The greater the ratio, the better the transmission.

Receiver sensitivity – A measurement of the weakest signal a receiver can receive and still correctly translate it into data.

Omni-directional antennas – Propagate RF signals in all directions equally in the horizonal plane, but limit range on the vertical plane. Radiation pattern resembles a doughnut with the antenna at the center of the hole.

Directional antenna - Transmits and receives RF energy more in one direction than others. Radiation pattern is similar to a flashlight or spotlight. The higher gain antennas have a narrower beam width, which limits coverage on the sides of the antennas.

WiFi Security Wireless Encryption methods operate strictly between the computer

and the AP.

SSID (Service Set ID) – A unique identifier that acts as a password when a device tries to connect to an AP. Sent in plain text.

WEP (Wired Equivalent Privacy) – Defined in the 802.11b standard. Designed to provide the same kind of security as a wired LAN. Uses a 40 or 64 bit key to encrypt data over radio waves.

WPA (Wifi Protected Access) – Provides a higher level of security than WEP. Uses RADIUS authentication and advanced encryption protocols. Will be compatible with the 802.11i standard.

MAC Address Filtering – It is possible to program an AP to accept only certain MAC addresses and filter out all others.

Access Point Configuration Set the antennas of the AP at right angles to each other, preferably

in the horizontal and vertical positions.

They can be configured in the following ways :

o Web management – Connect the AP to your PC or switch LAN port, and ensure your PC is on the same subnet as the AP. Entering the AP’s IP Address in your browser will take you to the configuration screen.

o Configuration utility – The Access Point CD contains a configuration utility, which can be installed on your PC and used to configure connected APs.

o COM port – Some APs (DAX, for instance) can be connected to the PC via com port and configured using hyperterminal

Access Point ConfigurationSome important configuration parameters are :

IP Address, Subnet mask and default gateway – Our access points are in the 10.44 range. A default /8 subnet mask is preferred.

AP name – The name should identify the location of the AP.

SSID – All APs on an ESS should be set to the same SSID. We use ‘Microsense’.

Wireless channel – Set to either 1, 6 or 11, as appropriate.

WEP encryption – Disabled

DHCP client – Disabled, as we assign static IPs to our Access Points.

OS Support for PCMCIA cards

Win XP Win 2000 Win 98

Orinoco Plug n’ play Plug n’ play -

Accton Drivers required Drivers required -

Cisco Plug n’ play Drivers required -

Proxim - - Drivers required

User authentication in hotels

A user is authenticated and permitted to access the internet based on the MAC address of the PCMCIA card.

When the user inserts the PCMCIA card and browses, the signal is picked up by the nearest AP.

The user is taken to a default XML login page, currently hosted on a web server at Microsense Mumbai.

The user selects his hotel name and usage plan, and enters his name and room no.

The MAC address of the card is then added to an ‘accept’ list and the user is allowed to browse.

Billing details are stored on the hotel PMS (Property Management System) for Taj hotels, and on a central Microsense server for ITC hotels

For subsequent sessions, the MAC address is verified in the list and user is directly allowed to browse.

Manual AuthenticationTo be used when the Taj login page does not display.

Enter ‘203.199.75.20/nomxm/index.html’ in the address bar of your browser.

Click ‘Subscriber Add’. Enter the IP address of the hotel’s Nomadix Access Gateway, and

the MAC address of the PCMCIA card. Enter the expiration time in hours or minutes. Click ‘Submit’. Click ‘Cache Update’ and fill in the Nomadix IP address and card

MAC address. Click ‘Submit’. An ‘OK’ message is generated after each submit. An ‘ERR’

message would mean that the details were entered incorrectly. If this occurs, please re-enter the information

Nomadix Access GatewayAG2000w

This is a wireless gateway that connects the wireless clients on the subscriber end, to the RADIUS server and internet on the network end.

Supports the 802.11 b/g/a protocols.

Contains integrated hotspot connectivity.

Employs one ethernet port to interface with the network side, and one wireless subscriber port that supports 802.11b/g/a.

Supports upto 50 users.

Nomadix Access Gateway

HSG (HotSpot Gateway)

An Access Gateway designed for small to medium-sized HotSpots. Works with wired as well as wireless clients.

Supports 50 – 150 users

Employs one fast Ethernet port to interface with the network side, and two fast Ethernet ports to interface with the subscriber side.

Does not contain integrated HotSpot connectivity.

Nomadix Access Gateway

USG (Universal Subscriber Gateway)

Designed for large public-access HotSpots. Works with wireless as well as wired clients.

Supports upto 2000 users.

Contains one fast Ethernet port to interface with the subscriber side, one fast ethernet port to interface with the network side, and two DB9 ports for Management and to a hotel’s Property Management System.

Does not contain integrated HotSpot connectivity.

Salient features of AG2000 w

AAA services – Enables authentication using an internal or external web server. We use this to direct users to the Taj authentication page.

Access Control – Restricts access based on protocols or IP addresses.

DHCP – Assigns dynamic IP addresses to Wifi clients from a DHCP pool.

iNAT – Provision for a range of external public IP addresses, to allow multiple users to connect over the same VPN

Passthrough addresses – Specifies addresses that can circumvent the authentication process

SMTP redirection – Allows redirection SMTP email to a local SMTP relay server. This ensures no reconfiguration is required by the user to send mail.

Salient features of AG2000 w

SNMP – Allows SNMP protocol to function, to enable tracking. DAT – This feature allows users with any IP settings (static,

dynamic, with any IP address) to connect without reconfiguration. Subscriber Administration – Various options to add, delete a

subscriber by username or MAC, and list the current subscribers. Subscriber interface – Allows specification of billing plans, and

personalization of subscriber interface if inbuilt AAA is used. System – Various settings to manually add/delete ARP, route

settings, MAC filtering etc Wireless configuration – Allows configuration of wireless settings,

such as SSID, channel, rate, WEP encryption and others.

Features of a Hub

Hubs work on the TCP/IP physical layer. Used to extend an ethernet wire to allow more end

stations to communicate with each other, as if they were on the same segment.

Does not manipulate or view the traffic that crosses it.

Devices are on the same collision and broadcast domain.

Devices share the same bandwidth

Bridges and Layer 2 Switches

Bridges and Layer 2 switches function on the data-link layer.

In a switch, frame-forwarding is handled by specialized hardware called ASICs. They support greater speeds and low latency

Creates a MAC address table based on source address of frames, and uses this to forward frames to the appropriate segment.

All devices are on the same broadcast domain, but on different collision domains.

Switches contain a greater number of ports than bridges.

Ethernet Standards

Thin Ethernet, 10 Base 2

Thick Ethernet, 10 Base 5

Twisted Pair Ethernet, 10 Base T

Fast Ethernet, 100 Base T

Gigabit Ethernet, 1000 Base T

Speed 10 Mbps 10 Mbps 10 Mbps 100 Mbps 1000 Mbps

Max Length

185 m 500 m 100 m 100 m 100 m

Cable RG-58 type coax, 50 ohm

impedance

RG-58 type coax,

50 ohm impedance

UTP. RJ-45

Connectors

UTP. RJ-45

Connectors

UTP. RJ-45 Connectors

Connectors & ConnectionsRJ-11 – Contain 2 or 4 contacts. Used for telephone wires. RJ-45 – Contain 8 contacts. Used for Ethernet cables.

Straight-through cables – RJ-45 connectors on both ends show all of the wires in the same order. Used for :

- Switch to router cabling- Switch to PC or server cabling- Hub to PC or Server

Crossover cables – Connectors on both ends show that some of the wires on one side of the cable are crossed to a different pin on the other side. Used for :

- Switch to switch cabling- Switch to hub- Hub to Hub- Router to router- PC to PC

CAT 5, 6 and 7 CAT5 Cable – CAT 5 is the 5th generation of Ethernet

cabling. Is a multi-twisted cable consisting of 4 pairs of copper wires. Its supports Fast Ethernet.

CAT5e Cable – Stands for Cat5 enhanced. Ordinary CAT5 utilize only 2 of 4 pairs for Fast Ethernet. CAT6 supports all 4 pairs and supports Gigabit Ethernet (1000mbps). Is backward compatible with CAT 5.

Cat6 Cable – Similar to CAT5e, but has improvements which enable a higher Signal-to-noise ratio, allowing higher reliability and higher data rates.

IP Address BasicsClass A addresses : 0-network.host.host.hostInitial Byte – 0 – 127

Class B – 10-network.network.host.hostInitial Byte – 128 – 191

Class C – 110-network.network.network.hostInitial Byte – 192 - 223

Private IP – Used on a internal LAN which is not accessed by the public. 10.0.0.0 – 10.255.255.255172.16.0.0 – 172.31.255.255192.168.0.0 – 192.168.255.255

Public IP – Used for direct access to public networks, such as the internet.

IP Address BasicsSubnet Mask : A 32 bit figure, similar to IP addresses. Accompanies

the IP address and is used to divide a network into subnets. A ‘1’ bit indicates ‘network’ and ‘0’ indicates ‘host’. A valid subnet mask has the leftmost bits to 1 and rightmost bits to 0.

Port Numbers - Below 1024 – Well-known ports - Above 1024 – Dynamically assigned ports FTP – 21Telnet – 23SMTP – 25DNS – 53TFTP – 69HTTP - 80SNMP – 161

PMS Server (Fidelio) Contains the hotel billing information A windows-based machine, connected to the Nomadix

network end, acts as interface for PMS. The connection is through RS-232 serial port.

Authentication by Fidelio User’s last name and room no. is sent to Fidelio. Based on room no, Fidelio invokes the username string. This string is compared to the last name as entered by user. If

it matches, user is authenticated and MAC address added to MAC table.

Hitting Alt+F4 on the PMS server will display the exact authentication process

Mail Server Is usually installed on the PMS interface server.

Is used for SMTP redirection, which is a feature of Nomadix.

Regardless of the server the user has configured, mails are redirected to the configured mail server.

User does not need to make any configuration changes in his e-mail client. Changing the user server settings to include the IP of the mail server will not make a difference.

Mail Server Mail server may hang, or processing delayed, if a

large amount of spam, or virus-infected mails are sent.

Would also hang if the server machine itself is infected by a virus.

In certain hotels, admin users are given a separate connection to the internet, so do not use our mail server.

In other cases, admin users’ MAC addresses are added to Nomadix with unlimited access, so are redirected to out mail server.