Wireless Local Area Networks (WLANs)

WLANs provide a cost-effective way to interconnect computers and mobile devices in defined environments such as enterprises, small offices/home offices, airports, hotels, coffee shops, hospitals, libraries, schools, and residences. The approval of the IEEE 802.11 standard for WLANs in the late 1990s along with the ongoing progress of increasing transmission speeds have made wireless systems a useful technology for businesses and consumers, offering mobile computing and untethered network access. Office applications are already shifting from niche use to more general-purpose use, as computer vendors such as IBM, Dell, Apple, and others build the wireless capability directly into the laptop.

Wireless networks have recently gained popularity. By the end of 2002, an estimated 10 million 802.11 radio-based Network Interface Cards (NICs) were deployed.^[24] Adapter card vendors are also bringing out 802.11b cards for handheld computers, such as those using Microsoft PocketPC software. Vendors of WLAN technology include 3Com, Agere, Avaya, Buffalo Technologies, Cisco, Compaq, Dell, D-Link, Enterasys, Intel, Intersil, Linksys, MobileStar, Proxim, Resonext, and Symbol Technologies.

WLANs based on IEEE 802.11b are becoming more widespread in enterprise applications where mobility in the office and campus is needed. This technology is the leading hotspot technology by actual deployment; it is likely that it will continue to be the leader. Equipping office spaces with wireless APs is becoming relatively common; as a result, users have 802.11b-enabled laptops or even desktop PCs. The price of the wireless APs is coming down (they cost around $400 for a 20 to 40 person workgroup, depending on the features supported) and NICs are also reasonably affordable. An 802.11b NIC costs about $80 to $150. If you compare that figure to the cost of wiring up an office or cubicle (usually around $200 per seat), you can see why network planners are looking into this technology, particularly because this wireless technology also brings more flexibility compared to a tethered network. Data rate ranges from standard Ethernet performance at 11 Mbps down to perhaps 2 Mbps if/when there is significant interference or if/when the user moves too far away from an AP.

The technology is typically based on shared access methods. Therefore, an 802.11b network achieves less performance than a wired Ethernet connection when, for example, considering the switched arrangements typical of today’s wired networks; however, it offers mobile capabilities for users. If the NIC and AP support roaming (which most implementations do), a user can wander nomadically around a building or campus; the NIC will automatically switch between APs based on the strength of the beacon signal it receives from them. APs are usually connected to the wired LAN, enabling users to have complete connectivity. Advances in IEEE 802.11b technology allow for more reach (approximately 30 percent more reach) and higher performance (about 70 percent more in area) than original systems. This should further facilitate penetration. IEEE 802.11a systems provide increased performance to 54 Mbps. The following are some factors that affect range:

• Modulation technique (such as, complimentary code keying [CCK] at 2.4 GHz and OFDM at 5 GHz)

• Cell design (for example, 802.11b has three nonoverlapping channels, whereas 802.11a has eight nonoverlapping channels in U.S. indoor applications. This means that 802.11a has less co-channel interference (CCI) and, consequently, higher cell throughput)^[25]

• Environment (for example, path loss/absorption, multipath/echoes, interference, and collisions indoors and outdoors)

• Hardware/software system (for example, radio quality, antenna type and gain, computer speed, protocol efficiency, and so on)

An AP is the size of a portable CD player and has an antenna connected to it. A variety of high-gain and sector antennas can be used along with amplifiers up to 1 Watt (30 dB gain) in the United States and higher abroad. Travelers carrying equipment with an Internet browser and wireless Personal Computer Memory Card International Association (PCMCIA) card can pass within 30 to 500 feet of a wireless AP and log onto their corporate intranet or check their e-mail or portfolios. Behind this device is a network/Internet infrastructure.

As an example of hotspot/WLAN application (based on Cisco System’s sources), the University of Akron has begun installing approximately 1,200 Cisco Aironet 350 Series APs to create a wireless infrastructure that encompassed all instructional space, residence halls, houses, the library, campus centers, the alumni association, arenas, and other places where students congregate. Upon completion, the WLAN system will cover 75 buildings and serve 35,000 people. All 24,000 students who attend the university and all 6,000 full- and part-time employees will have the ability to connect to the university’s information system infrastructure and the Web through the Cisco 802.11b wireless standard. The wireless coverage will spread into campus green areas such as tree-lined courtyards, commons, and park-like open spaces; ultimately, only areas such as parking decks and tennis courts that are too far from the campus will remain outside the wireless network. Virtually every other part of the 5.4 million square feet of building space will be included — even the football stadium.

As another other example from Cisco sources, the University of Missouri is testing a WLAN system that will eventually be available to 25,000 users at its main campus in Columbia by using Cisco Aironet products. Approximately 30 Cisco Aironet 340 Series APs were installed on the Columbia campus in August 2000 as part of a pilot program involving a cross-section of 20 to 30 students, administrators, and faculty members. The APs bridge a wireless and wired network to help create a standalone wireless network. Most participants connect to the wireless system via laptops, which gives them access to the campus enterprise network in the designated areas of eight buildings. Some, however, use desktops set up in computer labs or open study areas. The university is in the process of expanding the pilot program by more than doubling the number of APs to increase the roaming space. As previously implied, amplifiers can extend the range; however, the problem is constrained by the return signal (from the client), so that amplifiers have a practical limit in the design of hotspot systems. The author has built several dozen hotspot locations with sizes of 2,000 by 1,000 feet; to accomplish this, the author has developed the concept of Redundant Array of Inexpensive Radios (or Repeaters) (RAIR). This entails using 2, 4, or 6 distributed radios operating in repeater mode placed clos(er) to the user compared with a centralized omnidirectional or sectorized antenna. Using this design approach, the distance from the client to the radio can be kept in the 300 foot range, which provides the best and most reliable hotspot service with the IEEE 802.11b technology (again, because the problem is constrained by the return path).

Key questions regarding WLANs relate to security, the potential interference in the unlicensed 2.4 GHz Industrial, Scientific, and Medical (ISM) band, and obsolescence when higher-speed services arrive.

As already noted, security has been a major concern of late. IEEE 802.11 defined the Wired Equivalent Privacy (WEP) protocol to address some of the security issues. The goals of WEP are to maintain the confidentiality of data from eavesdroppers, guard against the modification of data (integrity), and provide access control to the WLAN infrastructure (this function is not an explicit goal in the 802.11 standard, but it is frequently considered to be a feature of WEP). WEP utilizes a static (secret) key to authenticate, associate, and transmit encrypted frames. It employs the well-known Ron’s Code 4 Pseudorandom Number Generator (RC4 PRNG) algorithm, which is a symmetric key encryption algorithm from RSA Security, Inc.^[26] However, flaws in the overall scheme permit several passive and active attacks that allow eavesdropping and the modification of wireless transmissions.^[27]

WEP is easy to administer, but is problematic, as noted. WEP relies on a secret key that is shared between a mobile station (for example, a laptop with a wireless Ethernet card) and an AP; the secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. The IEEE standard does not discuss how the shared key is established. Consequently, most installations use a single key that is shared between all mobile stations and APs.^[28] The device using the IEEE 802.11 card is configured with a key, which in practice usually consists of a password or key derived from a password. The same key is deployed on all devices, including the APs. The idea is to protect the wireless communication from devices that do not know the key.^[29] More sophisticated key management techniques can be utilized to help defend from the attacks; however, no commercial systems currently support such techniques.

Improvements to WEP will be applied in three phases over time, as follows:

• Short term Filter out bad initialization vectors.^[30]

• Near term Use dynamic key management— keys are rotated every few seconds or minutes.

• Long term Use new methods such as IEEE 802.1x (EAP-MD5) (higher-layer authentication mechanisms and key management) and IEEE 802.11i (improved security in multiple areas).

As implied by the last observation, improvements to WEP are under way. The near-term idea, therefore, is to use dynamic key management by using a static key only for authentication and association; a dynamic key is used for routine traffic. You should automatically update (without user intervention) the dynamic key on a fairly regular basis. This prevents the potential hacker from collecting a large number of frames that have been encrypted with the same key. In addition, organizations can use layer 3 virtual private networks (VPNs) to address the issue. The issue of security is revisited in Chapter 3.

The issue of other users/applications on the same band should be noted. HomeRF, Bluetooth, and 802.11g all share the 2.4 GHz band with 802.11b. There is the potential for interference at 2.4 GHz. Several networks share this bandwidth such as other 802.11b networks, Bluetooth, HomeRF, microwave ovens, cordless phones, fixed wireless, amateur radio, and so on. A number of experts worry about eventual overcongestion. For indoor applications, cordless phones and microwave ovens can be an issue. However, HomeRF systems do not have a large base and do not impact corporate environments. Bluetooth is a low-power technology that does not appear to represent a major interference problem; rollout up to the early 2000s had been slow. Adaptive frequency hopping will address the issue.

Regarding obsolescence, many people believe that the current solutions are already too slow. 802.11b only supports 11 Mbps and operates in an 83.5 MHz band at the 2.4 GHz range (in the Ultra High Frequency [UHF] band). Bluetooth only supports 1 Mbps and has a much shorter range. These limitations are proving impetus for IEEE 802.11a work at 5 GHz (5 GHz is in the Super High Frequency [SHF] range). This portion of the spectrum is available throughout much of the world. The allocated spectral bandwidth is 300 MHz in the United States, 100 MHz in Japan, and 455 MHz in Europe; this bandwidth supports much higher throughput. There is no interference from microwave transmissions that are at 4 and 6 GHz or higher. IEEE 802.11a uses OFDM techniques that further improve performance. IEEE-802.11a-based technology increases the range and results in fewer APs. 802.11a was already shipping at the time of this writing. Its logic fits onto a single-sided PC card. It is similar pricewise to 802.11b, and the power drain is also similar. Some claim that it will replace 802.11b as the dominant WLAN standard in the near future; however, the embedded base of 802.11b is significant.^[13]

Figure 1-10 compares line rate and throughput between 802.11a and 802.11b. Figure 1-11 shows the topological cell layout topology possible with these two technologies. Finally, Figure 1-12 illustrates the advantages of 802.11a in terms of reducing costs (requiring less APs) for about the same throughput or increasing the throughput by keeping the same number of APs.^[31] At the lower end of the data rate, observers expected an increased penetration of Bluetooth technology from 2003 to 2004 for cell phones and PDAs. Having made these observations regarding newer technology, however, you should note that any well-designed business plan has a payback of 24 to 26 months. This implies that carriers rolling out a given generation of technology can recover their costs if they upgrade their systems every 2 to 3 years. Particularly in the case of hotspot systems, the carrier’s equipment is fairly inexpensive and can be depreciated relatively quickly.