their access points. The IEEE 802.11h standard is supplementary to the MAC layer to comply with European regulations for 5-GHz WLANs. Most European radio regulations for the 5-GHz band require products to have TPC and DFS. TPC limits the transmitted power to the minimum that is needed to reach the farthest user. DFS selects the radio channel at the access point to minimize interference with other systems, particularly radar. The IEEE 802.11i standard specifies the improved security, encryption, and authentication for WLANs and the security enhancements to the current 802.11 MAC standard. The IEEE 802.11j standard adds channel selection for the 5-GHz band in Japan to conform to Japanese rules on operational mode, operational rate, radiated power, spurious emissions, and channel sense. In most parts of the world, Cisco products can be deployed without a user license (that is, unlicensed). In most countries, there is more than 800 MHz of available spectrum. The 5-GHz WLAN technology is also gaining popularity worldwide as more products become available in the UNII-1, UNII-2, and UNII-3 frequency bands. The operating frequency range varies worldwide from 5.150 GHz to 5.825 GHz, as does the maximum power, which is determined by the local regulating country. The Cisco Aironet products and the specific countries for which each product is currently certified for order and shipment are listed in the Wireless LAN Compliance Status at Wireless LAN Compliance Status. This document is important because not all products or versions of Cisco WLAN products are certified in all countries.
Web Links Wireless LAN Compliance Status http://standards.ieee.org/getieee802/

---

Content 6.3 Explaining Wireless LAN Technology Standards 6.3.7 General Office Wireless LAN Design In this general office design, 802.11g products with a maximum data rate of 54 Mbps are deployed. Throughput is data rate minus overhead. The throughput is about 50 percent or less of the data rate.

• Seven users per access point with no conference rooms provides 3.8 Mbps throughput per user.
• Seven users plus one conference room (ten users) equals 17 total users. This provides 1.5 Mbps throughput per user.

Figure shows the throughput calculations for 802.11b, 802.11g, and 802.11a wireless cells.

• 802.11b
  • 25 users per wireless cell
  • 278.5 kbps peak throughput per user
• 802.11g
  • 20 users per wireless cell
  • 1683 kbps peak throughput per user
• 802.11a
  • 15 users per wireless cell
  • 2188 kbps peak throughput per user

Higher data rates and the higher frequency of 802.11a result in smaller wireless cells. This approach means that fewer users in an office are within a wireless cell, which results in a higher average throughput per user.

---

Content 6.3 Explaining Wireless LAN Technology Standards 6.3.8 WLAN Security With the cost of 802.11b systems decreasing, it is inevitable that hackers will have many more unsecured WLANs to choose from. 802.11b sniffers enable network engineers to passively capture data packets so that they can be examined to correct system problems. But sniffers can also be used by hackers to capture data packets. "War driving” is the use of a cellular scanning device to look for cell phone numbers to exploit, or, more recently, driving around with a laptop and a wireless client card looking for an 802.11 system to exploit. It is possible to collect data and obtain sensitive network information, such as user login information, account numbers, and personnel records. Threats to WLAN security include the following:

• War drivers trying to find open access points for free Internet access
• Hackers trying to exploit weak encryption to access sensitive data via the WLAN
• Employees installing access points meant for home use without the necessary security configuration on the enterprise network

To secure a WLAN, the following steps are required:

• Authentication to ensure that legitimate clients and users access the network via trusted access points
• Encryption for providing privacy and confidentiality
• Protection from security risks and availability with intrusion detection and protection systems

Authentication and encryption protect the wireless data transmission. Intrusion detection systems monitor the wireless and wired network to detect and mitigate network attacks. Initially, IEEE 802.11 security relied on static keys for both encryption and authentication. The authentication method was not strong, and the keys were eventually compromised. Because the keys were administered statically, this method of security was not scalable to large enterprise environments. Cisco introduced enhancements that allowed using IEEE 802.1x authentication protocols and dynamic keys, including 802.1x Extensible Authentication Protocol (EAP). Cisco also introduced methods to overcome the exploitation of the encryption keys with key hashing (per-packet keying [PPK]) and message integrity checks (MIC). These methods are known as Cisco Key Integrity Protocol (CKIP) and Cisco Message Integrity Check (CMIC). The 802.11 committee began the process of upgrading the security of the WLAN. The Wi-Fi Alliance introduced WPA as an interim solution. This standard is a subset of the expected 802.11i security standard for WLANs that use 802.1x authentication and improved encryption. WPA consists of user authentication, MIC, Temporal Key Integrity Protocol (TKIP), and dynamic keys. It is similar to the Cisco enhancements but implemented differently. WPA also includes a passphrase or preshared key user authentication for home users, which is not recommended for enterprise security. Today, IEEE 802.11i has been ratified and Advanced Encryption Standard (AES) has replaced WEP as the latest and most secure method of encrypting data. Wireless intrusion detection systems are available to identify and protect the WLAN from attacks. The Wi-Fi Alliance certifies 802.11i devices under WPA2. Access points send out beacons announcing one or more SSIDs, data rates, and other information. The client scans all the channels and listens for beacons and responses from the access points. The client associates to the access point that has the strongest signal. If the signal becomes low, the client repeats the scan to associate with another access point (roaming). During association, the SSID, MAC address, and security settings are sent from the client to the access point and checked by the access point. User authentication is done via the 802.1x protocol. A supplicant for 802.1x or EAP is needed on the WLAN client. The access point is the authenticator, which communicates via RADIUS with an authentication, authorization, and accounting server such as Cisco Secure ACS. Lightweight access points communicate with the WLAN controller, which acts as the authenticator. The client and the authentication server implement different versions of EAP. The EAP messages pass through the access point as the authenticator. After authentication of the WLAN client, the data is sent encrypted. The basic encryption algorithm RC4 was originally used in WEP. TKIP made the RC4 encryption more secure through the increased size of initialization vector and per-packet key mixing while maintaining hardware compatibility. AES replaces RC4 with a more cryptographically robust algorithm. WPA uses TKIP, while WPA2 use AES or TKIP. There are different security requirements for different types of WLANs:

• For open access at hotspots, no encryption is required; only basic authentication is used.
• For the home user, at least basic security with WPA passphrase or preshared keys is recommended.
• For enterprises, enhanced security with 802.1x EAP authentication and TKIP or AES encryption is recommended. This is standardized as WPA or WPA2 and 802.11i security.

Security for a WLAN is just like security for any other network. Network security is a