802.11® Wireless Networks The Definitive Guide 802.11® Wireless Networks The Definitive Guide By Matthew Gast By Matthew Gast ............................................... ...............................................

  Publisher: O' Re illy Publisher: O' Re illy Pub Dat e: Apr il 2 0 0 5 Pub Dat e: Apr il 2 0 0 5

  I SBN: 0 - 5 9 6 - 1 0 0 5 2 - 3 Pages: 6 5 6 Pages: 6 5 6 Table of Cont ent s | I ndex Table of Cont ent s | I ndex As we all know by now, wireless net works offer m any advant ages over fixed ( or wired) net works. As we all know by now, wireless net works offer m any advant ages over fixed ( or wired) net works.

  I SBN: 0 - 5 9 6 - 1 0 0 5 2 - 3

  Forem ost on t hat list is m obilit y, since going wireless frees you from t he t et her of an Et hernet cable Forem ost on t hat list is m obilit y, since going wireless frees you from t he t et her of an Et hernet cable at a desk. But t hat 's j ust t he t ip of t he cable- free iceberg. Wireless net works are also m ore flexible, at a desk. But t hat 's j ust t he t ip of t he cable- free iceberg. Wireless net works are also m ore flexible, fast er and easier for you t o use, and m ore affordable t o deploy and m aint ain. fast er and easier for you t o use, and m ore affordable t o deploy and m aint ain. The de fact o st andard for wireless net working is t he 802.11 prot ocol, which includes Wi- Fi ( t he The de fact o st andard for wireless net working is t he 802.11 prot ocol, which includes Wi- Fi ( t he wireless st andard known as 802.11b) and it s fast er cousin, 802.11g. Wit h easy- t o- inst all 802.11 wireless st andard known as 802.11b) and it s fast er cousin, 802.11g. Wit h easy- t o- inst all 802.11 net work hardware available everywhere you t urn, t he choice seem s sim ple, and m any people dive net work hardware available everywhere you t urn, t he choice seem s sim ple, and m any people dive int o wireless com put ing wit h less t hought and planning t han t hey'd give t o a wired net work. But it 's int o wireless com put ing wit h less t hought and planning t han t hey'd give t o a wired net work. But it 's wise t o be fam iliar wit h bot h t he capabilit ies and risks associat ed wit h t he 802.11 prot ocols. And wise t o be fam iliar wit h bot h t he capabilit ies and risks associat ed wit h t he 802.11 prot ocols. And 802.11 Wireless Net w orks: The Definit ive Guide, 2nd Edit ion is t he perfect place t o st art . 802.11 Wireless Net w orks: The Definit ive Guide, 2nd Edit ion is t he perfect place t o st art .

  This updat ed edit ion covers everyt hing you'll ever need t o know about wireless t echnology. This updat ed edit ion covers everyt hing you'll ever need t o know about wireless t echnology. Designed wit h t he syst em adm inist rat or or serious hom e user in m ind, it 's a no- nonsense guide for Designed wit h t he syst em adm inist rat or or serious hom e user in m ind, it 's a no- nonsense guide for set t ing up 802.11 on Windows and Linux. Am ong t he wide range of t opics covered are discussions set t ing up 802.11 on Windows and Linux. Am ong t he wide range of t opics covered are discussions on: on: deploym ent considerat ions deploym ent considerat ions net work m onit oring and perform ance t uning net work m onit oring and perform ance t uning wireless securit y issues wireless securit y issues how t o use and select access point s how t o use and select access point s

  802.11® Wireless Networks The Definitive Guide By Matthew Gast ...............................................

  Publisher: O' Re illy Pub Dat e: Apr il 2 0 0 5

  

I SBN: 0 - 5 9 6 - 1 0 0 5 2 - 3

Pages: 6 5 6 Table of Cont ent s | I ndex

  Copyright Foreword Preface Prometheus Untethered: The Possibilities of Wireless LANs

  Audience Overture for Book in Black and White, Opus 2 Conventions Used in This Book How to Contact Us Safari Enabled Acknowledgments

  Chapter 1. Introduction to Wireless Networking Why Wireless? What Makes Wireless Networks Different A Network by Any Other Name... Chapter 2. Overview of 802.11 Networks IEEE 802 Network Technology Family Tree 802.11 Nomenclature and Design 802.11 Network Operations Mobility Support

  Dynamic WEP

  Chapter 6. User Authentication with 802.1X The Extensible Authentication Protocol EAP Methods 802.1X: Network Port Authentication 802.1X on Wireless LANs

  Chapter 7. 802.11i: Robust Security Networks, TKIP, and CCMP The Temporal Key Integrity Protocol (TKIP) Counter Mode with CBC-MAC (CCMP) Robust Security Network (RSN) Operations Chapter 8. Management Operations Management Architecture Scanning Authentication Preauthentication Association Power Conservation Timer Synchronization Spectrum Management Chapter 9. Contention-Free Service with the PCF Contention-Free Access Using the PCF Detailed PCF Framing Power Management and the PCF Chapter 10. Physical Layer Overview Physical-Layer Architecture The Radio Link RF Propagation with 802.11 RF Engineering for 802.11 Chapter 11. The Frequency-Hopping (FH) PHY Frequency-Hopping Transmission Gaussian Frequency Shift Keying (GFSK) FH PHY Convergence Procedure (PLCP) Frequency-Hopping PMD Sublayer Characteristics of the FH PHY

Chapter 12. The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)

Direct Sequence Transmission Differential Phase Shift Keying (DPSK) The "Original" Direct Sequence PHY

  

Chapter 15. A Peek Ahead at 802.11n: MIMO-OFDM

Common Features WWiSE TGnSync Comparison and Conclusions Chapter 16. 802.11 Hardware General Structure of an 802.11 Interface Implementation-Specific Behavior Reading the Specification Sheet Chapter 17. Using 802.11 on Windows Windows XP Windows 2000 Windows Computer Authentication Chapter 18. 802.11 on the Macintosh The AirPort Extreme Card 802.1X on the AirPort

  Chapter 19. Using 802.11 on Linux PCMCIA Support on Linux Linux Wireless Extensions and Tools Agere (Lucent) Orinoco Atheros-Based cards and MADwifi 802.1X on Linux with xsupplicant

  Chapter 20. Using 802.11 Access Points General Functions of an Access Point Power over Ethernet (PoE) Selecting Access Points Cisco 1200 Access Point Apple AirPort

Chapter 21. Logical Wireless Network Architecture

Evaluating a Logical Architecture Topology Examples Choosing Your Logical Architecture Chapter 22. Security Architecture Security Definition and Analysis Authentication and Access Control Ensuring Secrecy Through Encryption Selecting Security Protocols Rogue Access Points

  802.11 Performance Calculations Improving Performance Tunable 802.11 Parameters

  

Chapter 26. Conclusions and Predictions

Standards Work

Current Trends in Wireless Networking

The End glossary About the Author Colophon

  Index

  8 0 2 .1 1 ® W ir e le ss N e t w or k s: Th e D e fin it ive Gu ide , Se con d Edit ion

  by Mat t hew S. Gast Copyright © 2005 Mat t hew S. Gast . All right s reserved. Print ed in t he Unit ed St at es of Am erica. Published by O'Reilly Media, I nc., 1005 Gravenst ein Highway Nort h, Sebast opol, CA 95472. O'Reilly books m ay be purchased for educat ional, business, or sales prom ot ional use. Online edit ions are also available for m ost t it les ( safari.oreilly.com ) . For m ore inform at ion, cont act our corporat e/ inst it ut ional sales depart m ent : ( 800) 998- 9938 or corporat e@oreilly.com .

  Edit or :

  Mike Loukides

  Pr odu ct ion Edit or :

  Colleen Gorm an

  Cove r D e sign e r :

  Ellie Volckhausen

  I n t e r ior D e sign e r :

  David Fut at o

  Pr in t in g H ist or y: April 2002: First Edit ion.

  April 2005: Second Edit ion. Nut shell Handbook, t he Nut shell Handbook logo, and t he O'Reilly logo are regist ered t radem arks of O'Reilly Media, I nc. 802.11® Wireless Net works: The Definit ive Guide, Second Edit ion, t he im age of a horseshoe bat , and relat ed t rade dress are t radem arks of O'Reilly Media, I nc. 802.11® and all 802.11- based t radem arks and logos are t radem arks or regist ered t radem arks of I EEE, I nc. in t he Unit ed St at es and ot her count ries. O'Reilly Media, I nc. is independent of I EEE. Many of t he designat ions used by m anufact urers and sellers t o dist inguish t heir product s are claim ed as t radem arks. Where t hose designat ions appear in t his book, and O'Reilly Media, I nc. was aware of a t radem ark claim , t he designat ions have been print ed in caps or init ial caps. While every precaut ion has been t aken in t he preparat ion of t his book, t he publisher and aut hor assum e no responsibilit y for errors or om issions, or for dam ages result ing from t he use of t he

Foreword

  Mat t hew Gast was m y m ent or long before I m et him . I began report ing on wireless dat a net working in Oct ober 2000 when I discovered t hat Apple's claim s for it s 802.11b- based AirPort Base St at ion were act ually t rue. I 'd been burned wit h anot her form of wireless net working t hat used infrared, and had spent m any fruit less hours using ot her " int erest ing" net working t echnologies t hat led t o dead ends. I figured 802.11b was j ust anot her one. Was I glad I was wrong! This discovery t ook m e down a pat h t hat led, inexorably, t o t he first edit ion of 802.11 Wireless

  

Net w orks. How did t his st uff act ually work as advert ised? I knew plent y about t he I SO m odel, TCP/ I P,

  and Et hernet fram es, but I couldn't reconcile a m edium in which all part ies t alked in t he sam e space wit h what I knew about Et hernet 's m et hods of coping wit h shared cont ent ion. Mat t hew t aught m e t hrough words and figures t hat I didn't originally underst and, but ret urned t o again and again as I descended furt her int o t echnical det ail in m y at t em pt s t o explain Wi- Fi t o a broader and broader audience t hrough art icles in The New York Tim es, The Seat t le Tim es, PC World, and m y own Wi- Fi Net working News ( ) sit e over t he last five years. I st art ing learning acronym s from 802.11 Wireless Net works and used Mat t hew's book t o go beyond expanding WDS int o Wireless Dist ribut ion Syst em int o underst anding precisely how t wo access point s could exchange dat a wit h each ot her t hrough a built - in 802.11 m echanism t hat allowed four part ies t o a packet 's t ransit . Now as t im e went by and t he 802.11 fam ily grew and becam e baroque, t he first edit ion of t his t it le st art ed feeling a lit t le out of dat ealt hough it rem ained surprising how m any " new" innovat ions were firm ly root ed in developm ent s of t he early t o m id- 1990s. The alphabet soup of t he first edit ion was gruel com pared t o t he m ulligat awny of 2005. Mat t hew filled t he gap bet ween t he book and cont em porary wireless realit y t hrough his ongoing writ ing at O'Reilly's Wireless DevCent er, which I read avidly. And som ewhere in t here I was int roduced t o Mat t hew at a Wi- Fi Planet conference. We hit it off im m ediat ely: I st art ed pest ering him for det ails about 802.1X, if I rem em ber correct ly, and he want ed t o t alk about books and business. ( I wound up writ ing t wo edit ions of a general m arket Wi- Fi book, neit her of which did nearly as well as Mat t hew's ext raordinarily t echnical one.) int eroperabilit y issues in an O'Reilly Net work art icle t hat 's t he nugget of t he expanded coverage in t his book. I defy any reader t o find as cogent and exhaust ive an explanat ion before t his book was published. There's not hing as clear, com prehensive, and unaffect ed by m arket polit ics. At t im es, Mat t hew bem oaned t he delays t hat led t o t he gap bet ween edit ions of t his book, due part ly t o his j oining a st art up wireless LAN swit ch com pany, but I t hink readers are bet t er served t hrough his very hard- won, lat e- night , long- hours knowledge. Mat t hew's relat ionship wit h 802.11 m ight have previously been considered t hat of a handy m an who knew his way around t he infrast ruct ure of his house. I f a t oilet was running, he could replace a valve. I f t he living room needed new out let s, he could research t he process and wire t hem in. But Mat t hew's new j ob t ook him allegorically from a weekend household warrior t o a j ack- of- all- t radesm an. Mat t hew can t ear out t hose inner walls, refram e, plum b, and wire t hem , all t he while bit ching about t he local building code. I t 's been a pleasure knowing Mat t hew, and it 's even m ore a pleasure t o int roduce you t o his book, and let you all in on what I and ot hers have been m ore privat e recipient s of for t he last few years.

  Glenn Fleishm an

  Seat t le, Washingt on February 2005

Preface People m ove. Net works don't

  More t han anyt hing else, t hese t wo st at em ent s can explain t he explosion of wireless LAN hardware. I n j ust a few years, wireless LANs have grown from a high- priced, alpha- geek curiosit y t o m ainst ream t echnology.

  By rem oving t he net work port from t he equat ion, wireless net works separat e user connect ivit y from a direct physical locat ion at t he end of a cord. To abst ract t he user locat ion from t he net work, however, requires a great deal of prot ocol engineering. For users t o have locat ion- independent services, t he net work m ust becom e m uch m ore aware of t heir locat ion.

  This book has been writ t en on m ore airplanes, in m ore airport s, and on m ore t rains t han I care t o count . Much of t he research involved in dist illing evolving net work t echnology int o a book depends on I nt ernet access. I t is safe t o say t hat wit hout ubiquit ous net work access, t he arrival of t his book would have been m uch delayed.

  The advant ages of wireless net works has m ade t hem a fast - growing m ult ibillion dollar equipm ent m arket . Wireless LANs are now a fixt ure on t he net working landscape, which m eans you need t o learn t o deal wit h t hem .

Prometheus Untethered: The Possibilities of Wireless LANs

  Wireless net works offer several advant ages over fixed ( or " wired" ) net works:

  Mobilit y

  Users m ove, but dat a is usually st ored cent rally, enabling users t o access dat a while t hey are in m ot ion can lead t o large product ivit y gains. Net works are built because t hey offer valuable services t o users. I n t he past , net work designers have focused on working wit h net work port s because t hat is what t ypically m aps t o a user. Wit h wireless, t here are no port s, and t he net work can be designed around user ident it y.

  Ease and speed of deploym ent

  Many areas are difficult t o wire for t radit ional wired LANs. Older buildings are oft en a problem ; running cable t hrough t he walls of an older st one building t o which t he blueprint s have been lost can be a challenge. I n m any places, hist oric preservat ion laws m ake it difficult t o carry out new LAN inst allat ions in older buildings. Even in m odern facilit ies, cont ract ing for cable inst allat ion can be expensive and t im e- consum ing.

  Flexibilit y

  No cables m eans no recabling. Wireless net works allow users t o quickly form am orphous, sm all group net works for a m eet ing, and wireless net working m akes m oving bet ween cubicles and offices a snap. Expansion wit h wireless net works is easy because t he net work m edium is already everywhere. There are no cables t o pull, connect , or t rip over. Flexibilit y is t he big selling point for t he " hot spot " m arket , com posed m ainly of hot els, airport s, t rain st at ions ( and even t rains t hem selves! ) , libraries, and cafes. Several service providers have j um ped at t he idea, and ent husiast ic bands of volunt eers in m ost m aj or cit ies have st art ed t o build public wireless net works based on 802.11. 802.11 has becom e som et hing of a universally assum ed connect ivit y m et hod as well. Rat her t han wiring public access port s up wit h Et hernet , a collect ion of access point s can provide connect ivit y t o guest s. I n t he years since 802.11 was st andardized, so- called " hot spot s" have gone from an exot ic curiosit y in venues t hat do not m ove, t o t echnology t hat is providing connect ivit y even while in t ransit . By coupling 802.11 access wit h a sat ellit e uplink, it is possible t o provide I nt ernet access even while m oving quickly. Several com m ut er rail syst em s provide m obile hot - spot s, and Boeing's Connexion service can do t he sam e for an airplane, even at a cruising speed of 550 m iles per hour.

Audience

  This book is int ended for readers who need t o learn m ore about t he t echnical aspect s of wireless LANs, from operat ions t o deploym ent t o m onit oring:

  Net work archit ect s cont em plat ing rolling out 802.11 equipm ent ont o net works or building net works based on 802.11 Net work adm inist rat ors responsible for building and m aint aining 802.11 net works Securit y professionals concerned about t he exposure from deploym ent of 802.11 equipm ent and int erest ed in m easures t o reduce t he securit y headaches

  The book assum es t hat you have a solid background in com put er net works. You should have a basic underst anding of I EEE 802 net works ( part icularly Et hernet ) , t he OSI reference m odel, and t he TCP/ I P prot ocols, in addit ion t o any ot her prot ocols on your net work. Wireless LANs are not t ot ally new ground for m ost net work adm inist rat ors, but t here will be new concept s, part icularly involving radio t r ansm issions.

Overture for Book in Black and White, Opus 2

  Part of t he difficult y in writ ing a book on a t echnology t hat is evolving quickly is t hat you are never quit e sure what t o include. The years bet ween t he first and second edit ion were filled wit h m any developm ent s in securit y, and updat ing t he securit y- relat ed inform at ion was one of t he m aj or part s of t his revision. This book has t wo m ain purposes: it is m eant t o t each t he reader about t he 802.11 st andard it self, and it offers pract ical advice on building wireless LANs wit h 802.11 equipm ent . These t wo purposes are m eant t o be independent of each ot her so you can easily find what int erest s you. To help you decide what t o read first and t o give you a bet t er idea of t he layout , t he following are brief sum m aries of all t he chapt ers.

  Chapt er 1 , I nt roduct ion t o Wireless Net working, list s ways in which wireless net works are different

  from t radit ional wired net works and discusses t he challenges faced when adapt ing t o fuzzy boundaries and unreliable m edia. Wireless LANs are perhaps t he m ost int erest ing illust rat ion of Christ ian Huit em a's assert ion t hat t he I nt ernet has no cent er, j ust an ever- expanding edge. Wit h wireless LAN t echnology becom ing com m onplace, t hat edge is now blurring.

  

Chapt er 2 , Overview of 802.11 Net works, describes t he overall archit ect ure of 802.11 wireless LANs.

  802.11 is som ewhat like Et hernet but wit h a num ber of new net work com ponent s and a lot of new acronym s. This chapt er int roduces you t o t he net work com ponent s t hat you'll work wit h. Broadly speaking, t hese com ponent s are st at ions ( m obile devices wit h wireless cards) , access point s ( glorified bridges bet ween t he st at ions and t he dist ribut ion syst em ) , and t he dist ribut ion syst em it self ( t he wired backbone net work) . St at ions are grouped logically int o Basic Service Set s ( BSSs) . When no access point is present , t he net work is a loose, ad- hoc confederat ion called an independent BSS ( I BSS) . Access point s allow m ore st ruct ure by connect ing disparat e physical BSSs int o a furt her logical grouping called an Ext ended Service Set ( ESS) .

  

Chapt er 3 , 802.11 MAC Fundam ent als, describes t he Media Access Cont rol ( MAC) layer of t he 802.11

  st andard in det ail. 802.11, like all I EEE 802 net works, split s t he MAC- layer funct ionalit y from t he physical m edium access. Several physical layers exist for 802.11, but t he MAC is t he sam e across all of t hem . The m ain m ode for accessing t he net work m edium is a t radit ional cont ent ion- based access m et hod, t hough it em ploys collision avoidance ( CSMA/ CA) rat her t han collision det ect ion ( CSMA/ CD) . The chapt er also discusses dat a encapsulat ion in 802.11 fram es and helps net work adm inist rat ors underst and t he fram e sequences used t o t ransfer dat a.

  

Chapt er 4 , 802.11 Fram ing in Det ail, builds on t he end of Chapt er 3 by describing t he various fram e

  

Chapt er 7 , 802.11i: Robust Securit y Net works, TKI P, and CCMP, describes t he 802.11i st andard for

  wireless LAN securit y. I n recognit ion of t he fundam ent al flaws of WEP, t wo new link- layer encrypt ion prot ocols were designed, com plet e wit h new m echanism s t o derive and dist ribut e keys.

  

Chapt er 8 , Managem ent Operat ions, describes t he m anagem ent operat ions on 802.11 net works. To

  find net works t o j oin, st at ions scan for act ive net works announced by access point s or t he I BSS creat or. Before sending dat a, st at ions m ust associat e wit h an access point . This chapt er also discusses t he power- m anagem ent feat ures incorporat ed int o t he MAC t hat allow bat t ery- powered st at ions t o sleep and pick up buffered t raffic at periodic int ervals.

  

Chapt er 9 , Cont ent ion- Free Service wit h t he PCF, describes t he point coordinat ion funct ion. The PCF

  is not widely im plem ent ed, so t his chapt er can be skipped for m ost purposes. The PCF is t he basis for cont ent ion- free access t o t he wireless m edium . Cont ent ion- free access is like a cent rally cont rolled, t oken- based m edium , where access point s provide t he " t oken" funct ion.

  

Chapt er 10 , Physical Layer Overview, describes t he general archit ect ure of t he physical layer ( PHY) in

  t he 802.11 m odel. The PHY it self is broken down int o t wo " sublayers." The Physical Layer Convergence Procedure ( PLCP) adds a pream ble t o form t he com plet e fram e and it s own header, while t he Physical Medium Dependent ( PMD) sublayer includes m odulat ion det ails. The m ost com m on PHYs use radio frequency ( RF) as t he wireless m edium , so t he chapt er closes wit h a short discussion on RF syst em s and t echnology t hat can be applied t o any PHY discussed in t he book.

  Chapt er 11 , The Frequency- Hopping ( FH) PHY, describes t he oldest physical layer wit h 802.11.

  Product s based on t he FH PHY are no longer widely sold, but a great deal of early 802.11 equipm ent was based on t hem . Organizat ions wit h a long hist ory of involvem ent wit h 802.11 t echnology m ay need t o be fam iliar wit h t his PHY.

  

Chapt er 12 , The Direct Sequence PHYs: DSSS and HR/ DSSS ( 802.11b) , describes t wo physical layers

  based on direct sequence spread spect rum t echnology. The init ial 802.11 st andard included a layer which offered speeds of 1 Mbps and 2 Mbps. While int erest ing, it was not unt il 802.11b added 5.5 Mbps and 11 Mbps dat a rat es t hat t he t echnology really t ook off. This chapt er describes t he t wo closely- relat ed PHYs as a single package.

  Chapt er 13 , 802.11a and 802.11j : 5- GHz OFDM PHY, describes t he 5- GHz PHY st andardized wit h

  802.11a, which operat es at 54 Mbps. This physical layer uses anot her m odulat ion t echnique known as ort hogonal frequency division m ult iplexing ( OFDM) . Slight m odificat ions were required t o use t his PHY in Japan, which were m ade by t he 802.11j st andard.

  

Chapt er 14 , 802.11g: The Ext ended- Rat e PHY ( ERP), describes a PHY which uses OFDM t echnology,

  but in t he 2.4 GHz frequency band shared by 802.11b. I t has largely supplant ed 802.11b, and is a com m on opt ion for built - in connect ivit y wit h new not ebook com put ers. The PHY it self is alm ost ident ical t o t he 802.11a PHY. The differences are in allowing for backwards com pat ibilit y wit h older equipm ent sharing t he sam e frequency band.

  

Chapt er 18 , 802.11 on t he Macint osh, describes how t o use t he AirPort card on MacOS X t o connect

  t o 802.11 net works. I t focuses on Mac OS X 10.3, which was t he first soft ware version t o include 802.1X support .

  

Chapt er 19 , Using 802.11 on Linux, discusses how t o inst all 802.11 support on a Linux syst em . Aft er

  discussing how t o add PC Card support t o t he operat ing syst em , it shows how t o use t he wireless ext ensions API . I t discusses t wo com m on drivers, one for t he older Orinoco 802.11b card, and t he MADwifi driver for newer cards based on chipset s from At heros Com m unicat ions. Finally, it shows how t o configure 802.1X securit y using xsupplicant .

  Chapt er 20 , Using 802.11 Access Point s, describes t he equipm ent used on t he infrast ruct ure end of

  802.11 net works. Com m ercial access point product s have varying feat ures. This chapt er describes t he com m on feat ures of access point s, offers buying advice, and present s t wo pract ical configurat ion exam ples.

  Chapt er 21 , Logical Wireless Net work Archit ect ure, m arks t he t hird t ransit ion in t he book, from t he

  im plem ent at ion of 802.11 on t he scale of an individual device, t o how t o build 802.11 net works on a larger scale. There are several m aj or st yles t hat can be used t o build t he net work, each wit h it s advant ages and disadvant ages. This chapt er sort s t hrough t he com m on t ypes of net work t opologies and offers advice on select ing one.

  Chapt er 22 , Securit y Archit ect ure, should be read in t andem wit h t he previous chapt er. Maint aining

  net work securit y while offering net work access on an open m edium is a m aj or challenge. Securit y choices and archit ect ure choices are m ut ually influent ial. This chapt er addresses t he m aj or choices t o be m ade in designing a net work: what t ype of aut hent icat ion will be used and how it int egrat es wit h exist ing user dat abases, how t o encrypt t raffic t o keep it safe, and how t o deal wit h unaut horized access point deploym ent .

  Chapt er 23 , Sit e Planning and Proj ect Managem ent , is t he final com ponent of t he book for net work

  adm inist rat ors. Designing a large- scale wireless net work is difficult because t here is great user dem and for access. Ensuring t hat t he net work has sufficient capacit y t o sat isfy user dem ands in all t he locat ions where it will be used requires som e planning. Choosing locat ions for access point s depends a great deal on t he radio environm ent , and has t radit ionally been one of t he m ost t im e- consum ing t asks in building a net work.

  

Chapt er 24 , 802.11 Net work Analysis, t eaches adm inist rat ors how t o recognize what 's going on wit h

  t heir wireless LANs. Net work analyzers have proven t heir wort h t im e and t im e again on wired net works. Wireless net work analyzers are j ust as valuable a t ool for 802.11 net works. This chapt er discusses how t o use wireless net work analyzers and what cert ain sym pt om s m ay indicat e. I t also describes how t o build an analyzer using Et hereal, and what t o look for t o t roubleshoot com m on problem s.

  Chapt er 25 , 802.11 Perform ance Tuning, describes how net work adm inist rat ors can increase t echnology pat h of " fast er, bet t er, and cheaper," t he dat a rat e of m ost 802.11 int erfaces has shot from 2 or 11 Mbps wit h 802.11b t o 54 Mbps wit h 802.11a and 802.11g. I ncreased speed wit h backwards com pat ibilit y has proved t o be a com m ercially successful form ula for 802.11g, even if it has lim it at ions when used for large- scale net works. The com ing st andardizat ion of 802.11n is set t o boost speeds even fart her. New developm ent s in PHY t echnology are anxiously await ed by users, as shown by t he popular releases of pre- st andard t echnology. Two ent irely new chapt ers are devot ed t o 802.11g and 802.11n. European adopt ion of 802.11a was cont ingent on t he developm ent of spect rum m anagem ent in 802.11h, which result ed in ext ensive revisions t o t he m anagem ent chapt er. When t he first edit ion was released in 2002, t he percept ion of insecurit y dom inat ed discussions of t he t echnology. WEP was clearly insufficient , but t here was no good alt ernat ive. Most net work adm inist rat ors were m aking do wit h rem ot e access syst em s t urned inward, rat her t han t heir nat ural out ward orient at ion. The developm ent of 802.11i was done a great deal t o sim plify net work securit y. Securit y is now built in t o t he specificat ion, rat her t han som et hing which m ust be added on aft er get t ing t he net work right . Securit y im provem ent s perm eat e t he book, from new chapt ers showing how t he new prot ocols work, t o showing how t hey can be used on t he client side, t o how t o sort t hrough different opt ions when building a net work. Sort ing t hrough securit y opt ions is m uch m ore com plex now t han it was t hree years ago, and m ade it necessary t o expand a sect ion of t he deploym ent discussion in t he first edit ion int o it s own chapt er.

  Three years ago, m ost access point s were expensive devices t hat did not work well in large num bers. Net work deploym ent was oft en an exercise in working around t he lim it at ions of t he devices of t he t im e. Three years lat er, vast ly m ore capable devices allow m uch m ore flexible deploym ent m odels.

  Rat her t han j ust a " one size fit s all" deploym ent m odel, t here are now m ult iple opt ions t o sort t hrough. Securit y prot ocols have im proved enough t hat discussions of deploying t echnology are based on what it can do for t he organizat ion, not on fear and how t o keep it cont rolled. As a result , t he original chapt er on net work deploym ent has grown int o t hree, each t ackling a m aj or part of t he deploym ent process.

Conventions Used in This Book

  I t alic is used for:

  Pat hnam es, filenam es, class nam es, and direct ories New t erm s where t hey are defined I nt ernet addresses, such as dom ain nam es and URLs

  Bold is used for:

  GUI com ponent s

  Constant Width is used for:

  Com m and lines and opt ions t hat should be t yped verbat im on t he screen _{Constant Width Italic} All code list ings is used for: General placeholders t hat indicat e t hat an it em should be replaced by som e act ual value in your own program

  Constant Width Bold

  is used for: Text t hat is t yped in code exam ples by t he user

  I ndicat es a t ip, suggest ion, or general not e

How to Contact Us

  Please address com m ent s and quest ions concerning t his book t o t he publisher: O'Reilly Media, I nc.

  1005 Gravenst ein Highway Nort h Sebast opol, CA 95472 ( 800) 998- 9938 ( in t he U.S. or Canada) ( 707) 829- 0515 ( int ernat ional/ local) ( 707) 829- 0104 ( fax)

  There is a web sit e for t he book, where errat a and any addit ional inform at ion will be list ed. You can access t his page at :

  http://www.oreilly.com/catalog/802dot112/

  I n a fast - m oving field, sm aller art icles bridge t he gap bet ween cont em porary pract ice and t he last version of t he print ed book. You can access m y weblog and art icles at :

  http://weblogs.oreillynet.com/pub/au/692/

  To com m ent or ask t echnical quest ions about t his book, send em ail t o:

  bookquestions@oreilly.com

  For m ore inform at ion about our books, conferences, soft ware, Resource Cent ers, and t he O'Reilly Net work, see our web sit e at :

  http://www.oreilly.com/

Safari Enabled

  When you see a Safari® Enabled icon on t he cover of your favorit e t echnology book, it m eans t he book is available online t hrough t he O'Reilly Net work Safari Bookshelf. Safari offers a solut ion t hat 's bet t er t han e- books. I t 's a virt ual library t hat let s you easily search t housands of t op t echnology books, cut and past e code sam ples, download chapt ers, and find quick answers when you need t he m ost accurat e, current inform at ion. Try it for free at .

Acknowledgments

  As m uch as I would like t o believe t hat you are reading t his book for it s ent ert ainm ent value, I know bet t er. Technical books are valued because t hey get t he det ails right , and convey t hem in an easier fashion t han t he unadorned t echnical specificat ion. Behind every t echnical book, t here is a review t eam t hat saw t he first draft and helped t o im prove it . My review t eam caught num erous m ist akes and m ade t he book significant ly bet t er. Dr. Malik Audeh of Tropos Net works is, for lack of a bet t er t erm , m y radio conscience. I am no radio expert what I know about radio, I learned because of m y int erest in 802.11. Malik knew radio t echnology before 802.11, and I have been privileged t o share in his insight . Gerry Creager of Texas A&M offered insight int o t he FCC rules and regulat ions for unlicensed devices, which was valuable because wireless LANs have been upending t he rules in recent years. When Glenn Fleishm an agreed t o writ e t he foreword, I had no idea t hat he would offer so m uch help in placing 802.11 wit hin it s larger cont ext . Many of t he det ails he suggest ed were references t o art icles t hat had run in t he past years on his own Wi- Fi Net working News sit e. As a writ er him self, Glenn also point ed out several locat ions where bet t er exam ples would m ake m y point s m uch clearer. Finally, Terry Sim ons of t he Open1X proj ect has worked ext ensively wit h 802.11 on Linux, and wit h nearly every 802.1X supplicant on t he m aj or operat ing syst em s. Terry also is one of t he archit ect s of t he wireless aut hent icat ion syst em at t he Universit y of Ut ah. His expert ise can be felt t hroughout t he early part of t he book on securit y specificat ions, as well as in t he pract ical m at t er of using supplicant s and building an aut hent icat ion syst em .

  I am also indebt ed t o m any ot hers who help keep m e abreast of current developm ent s in 802.11, and share t heir knowledge wit h m e. Since 2002, I have been privileged t o part icipat e in t he I nt erop Labs init iat ives relat ed t o wireless securit y and 802.1X. The real world is far t oo m essy for t he classroom . Every year, I learn m ore about t he st at e of t he art by volunt eering t han I ever could by t aking a prepared class. Through t he I nt erop Labs, I m et Chris Hessing, t he developm ent lead for xsupplicant . Chris has always generously explained how all t he keying bit s m ove around in 802.11, which is no sm all feat ! Sudheer Mat t a, a colleague of m ine, always has t im e t o explain what is happening in t he st andards world, and how t he m inut e det ails of t he MAC work.

  The large support ing cast at O'Reilly was t rem endously helpful in a wide variet y of ways. Ellie Volckhausen designed a st unning cover t hat has adorned m y cubicle as well as m ost of t he personal elect ronics devices I own since 2001, when I began writ ing t he first edit ion. ( I t even looks good as t he wallpaper on m y m obile t elephone! ) Jessam yn Read t ook a huge m ass of raw sket ches and convert ed every last one int o som et hing t hat is wort h looking at , and did so on a grueling schedule. I do not know how m any hours Colleen Gorm an, t he product ion edit or, put int o t his book t o get it finished, but I hope her fam ily and her cat , Phineas, forgive m e. And, as always, I am t hankful for or an econom ist gift ed wit h t he abilit y t o explain com plex subj ect s t o his st udent s. Dr. Bat em an is not shackled by his narrow academ ic expert ise. During t he preparat ion of t he second edit ion of t his book, I at t ended a lect ure of his about t he social hist ory of m y alm a m at er. I n a capt ivat ing hour, he t raced t he hist ory of t he inst it ut ion and it s int ersect ion wit h wider social m ovem ent s, which explained it s present - day cult ure in far m ore dept h t han I ever appreciat ed while a st udent . Not all professors t each t o prepare st udent s for graduat e school, and not all professors confine t heir t eaching t o t he classroom . I am a far bet t er writ er, econom ist , and cit izen for his influence. When writ ing a book, it is easy t o acknowledge t he t angible cont ribut ions of ot hers. Behind every aut hor, t hough, t here is a support ive cast of relat ives and friends. As always, m y wife Ali cont inued t o indulge m y writ ing habit wit h ext rem ely good hum or, especially considering t he num ber of weekends t hat were sacrificed t o t his book. Many of m y friends inform ally support ed t his proj ect wit h a great deal of encouragem ent and support ; m y t hanks m ust go t o ( in alphabet ical order) Annie, Aram azd, Brian, Dam eon, Kevin, and Nick.

  Mat t hew Gast San Francisco, California February 2005

Chapter 1. Introduction to Wireless Networking Over t he past five years, t he world has becom e increasingly m obile. As a result , t radit ional ways of

  net working t he world have proven inadequat e t o m eet t he challenges posed by our new collect ive lifest yle. I f users m ust be connect ed t o a net work by physical cables, t heir m ovem ent is dram at ically reduced. Wireless connect ivit y, however, poses no such rest rict ion and allows a great deal m ore free m ovem ent on t he part of t he net work user. As a result , wireless t echnologies are encroaching on t he t radit ional realm of " fixed" or " wired" net works. This change is obvious t o anybody who drives on a regular basis. One of t he " life and deat h" challenges t o t hose of us who drive on a regular basis is t he daily gaunt let of errat ically driven cars cont aining m obile phone users in t he driver's seat . Wireless connect ivit y for voice t elephony has creat ed a whole new indust ry. Adding m obile connect ivit y int o t he m ix for t elephony has had profound influences on t he business of delivering voice calls because callers could be connect ed t o people, not devices. We are on t he cusp of an equally profound change in com put er net working. Wireless t elephony has been successful because it enables people t o connect wit h each ot her regardless of locat ion. New t echnologies t arget ed at com put er net works prom ise t o do t he sam e for I nt ernet connect ivit y. The m ost successful wireless dat a net working t echnology t his far has been 802.11. I n t he first edit ion of t his book, I wrot e about 802.11 being t he t ip of t he t rend in m obile dat a net working. At t he t im e, 802.11 and t hird- generat ion m obile t echnologies were duking it out for m indshare, but 802.11 has unquest ionably been m ore successful t o dat e.

Why Wireless?

  To dive int o a specific t echnology at t his point is get t ing a bit ahead of t he st ory, t hough. Wireless net works share several im port ant advant ages, no m at t er how t he prot ocols are designed, or even what t ype of dat a t hey carry. The m ost obvious advant age of wireless net working is m obilit y. Wireless net work users can connect t o exist ing net works and are t hen allowed t o roam freely. A m obile t elephone user can drive m iles in t he course of a single conversat ion because t he phone connect s t he user t hrough cell t owers. I nit ially, m obile t elephony was expensive. Cost s rest rict ed it s use t o highly m obile professionals such as sales m anagers and im port ant execut ive decision m akers who m ight need t o be reached at a m om ent 's not ice regardless of t heir locat ion. Mobile t elephony has proven t o be a useful service, however, and now it is relat ively com m on in t he Unit ed St at es and ext rem ely com m on am ong

  [ * ] Eur opeans. _[*] While most of my colleagues, acquaintances, and family in the U.S. have mobile telephones, it is still possible to be a holdout.

  In Europe, it seems as if everybody has a mobile phoneone cab driver in Finland I spoke with while writing the first edition of this book took great pride in the fact that his family of four had six mobile telephones!

  Likewise, wireless dat a net works free soft ware developers from t he t et hers of an Et hernet cable at a desk. Developers can work in t he library, in a conference room , in t he parking lot , or even in t he coffee house across t he st reet . As long as t he wireless users rem ain wit hin t he range of t he base st at ion, t hey can t ake advant age of t he net work. Com m only available equipm ent can easily cover a corporat e cam pus; wit h som e work, m ore exot ic equipm ent , and favorable t errain, you can ext end t he range of an 802.11 net work up t o a few m iles.

  Wireless net works t ypically have a great deal of flexibilit y , which can t ranslat e int o rapid deploym ent . Wireless net works use a num ber of base st at ions t o connect users t o an exist ing net work. ( I n an 802.11 net work, t he base st at ions are called access point s.) The infrast ruct ure side of a wireless net work, however, is qualit at ively t he sam e whet her you are connect ing one user or a m illion users.

  To offer service in a given area, you need base st at ions and ant ennas in place. Once t hat infrast ruct ure is built , however, adding a user t o a wireless net work is m ost ly a m at t er of aut horizat ion. Wit h t he infrast ruct ure built , it m ust be configured t o recognize and offer services t o t he new users, but aut horizat ion does not require m ore infrast ruct ure. Adding a user t o a wireless net work is a m at t er of configuring t he infrast ruct ure, but it does not involve running cables, punching

  [ ] down t erm inals, and pat ching in a new j ack. net work, t hough, t here is no need t o suffer t hrough const ruct ion or m ake educat ed ( or wild) guesses about dem and. A sim ple wired infrast ruct ure connect s t o t he I nt ernet , and t hen t he wireless net work can accom m odat e as m any users as needed. Alt hough wireless LANs have som ewhat lim it ed bandwidt h, t he lim it ing fact or in net working a sm all hot spot is likely t o be t he cost of WAN bandwidt h t o t he support ing infrast ruct ure. Flexibilit y m ay be part icularly im port ant in older buildings because it reduces t he need for const ruct ion. Once a building is declared hist orical, rem odeling can be part icularly difficult . I n addit ion t o m eet ing owner requirem ent s, hist orical preservat ion agencies m ust be sat isfied t hat new const ruct ion is not desecrat ing t he past . Wireless net works can be deployed ext rem ely rapidly in such environm ent s because t here is only a sm all wired net work t o inst all. Flexibilit y has also led t o t he developm ent of grassroot s com m unit y net works. Wit h t he rapid price erosion of 802.11 equipm ent , bands of volunt eers are set t ing up shared wireless net works open t o visit ors. Com m unit y net works are also ext ending t he range of I nt ernet access past t he lim it at ions for DSL int o com m unit ies where high- speed I nt ernet access has been only a dream . Com m unit y net works have been part icularly successful in out - of- t he way places t hat are t oo rugged for t radit ional wireline approaches. Like all net works, wireless net works t ransm it dat a over a net work m edium . The m edium is a form of

  [ * ]

  elect rom agnet ic radiat ion. To be well- suit ed for use on m obile net works, t he m edium m ust be able t o cover a wide area so client s can m ove t hroughout a coverage area. Early wireless net works used infrared light. However, infrared light has lim it at ions; it is easily blocked by walls, part it ions, and ot her office const ruct ion. Radio waves can penet rat e m ost office obst ruct ions and offer a wider coverage range. I t is no surprise t hat m ost , if not all, 802.11 product s on t he m arket use t he radio wave physical layer. _[*]

  Laser light is also used by some wireless networking applications, but the extreme focus of a laser beam makes it suited only for applications in which the ends are stationary. "Fixed wireless" applications, in which lasers replace other access technology such as leased telephone circuits, are a common application.

Radio Spectrum: The Key Resource

  Wireless devices are const rained t o operat e in a cert ain frequency band. Each band has an associat ed

  bandw idt h, w hich is sim ply t he am ount of frequency space in t he band. Bandwidt h has acquired a

  connot at ion of being a m easure of t he dat a capacit y of a link. A great deal of m at hem at ics, inform at ion t heory, and signal processing can be used t o show t hat higher- bandwidt h slices can be used t o t ransm it m ore inform at ion. As an exam ple, an analog m obile t elephony channel requires a 20- kHz bandwidt h. TV signals are vast ly m ore com plex and have a correspondingly larger bandwidt h of 6 MHz.

Early Adoption of 802.11

  802.11's explosive advance has not been even. Som e m arket s have evolved m ore quickly t han ot hers because t he value of wireless net works is m ore pronounced in som e m arket s. I n general, t he higher t he value placed on m obilit y and flexibilit y, t he great er t he int erest in wireless LANs.

  Logist ics organizat ions responsible for m oving goods around ( t hink UPS, FedEx, or airlines) , were perhaps t he earliest adopt ers of 802.11. Well before t he advent of 802.11, package t racking was done wit h propriet ary wireless LANs. St andardized product s lowered t he price and enabled com pet it ion bet ween suppliers of net work equipm ent , and it was an easy decision t o replace propriet ary product s wit h st andardized ones.