Wireless Networks

Wireless Overview

Wireless network access is prominent everywhere today. WiFi, local area networks are available in most coffee shops, hotels, small and large businesses, educational institutions and the typical home network as well. The trend toward wireless networking started well before the current explosion of portable wireless devices like smart phones, tablets, and e-readers. The popularity of wireless local area networks comes from the fact that wireless ethernet offers flexibility, the ability to connect from anywhere there is a wireless signal versus being tethered to a cable; scalability, in that additional wireless users do not require additional networking hardware like switches and cables; and affordability in that radio waves are cheaper than running ethernet cables. Wireless networking has also benefited from agreed upon industry standards and advances in wireless bandwidth speeds. One of the challenges to wireless local area networks has been maintaining a high level of network and data security, which has proved to be difficult with a medium that travels across open air waves. Today there is a variety of methods in securing and encrypting wireless networks.

Wireless Standards

The ITU, IEEE and the WiFi Alliance are organizations that promote worldwide wireless standards which help vendors manufacture wireless devices that are interoperable with one another. In the chart below, you can see that the IEEE 802.11b, g, and n standards all operate at the 2.4 Ghz frequency range and as a result of the organizations listed above, the IEEE 802.11b, g, and n standards are all backwards compatible with one another. This allows the possibility of a laptop with an 802.11g wireless network card to work on an 802.11n wireless network, and so on.


IEEE Standards Radio Frequency Bandwidth Speed Signal Distance
802.11a 5 Ghz Up to 54 Mbps under 150 ft or 35 m
802.11b 2.4 Ghz Up to 11 Mbps under 150 ft or 35 m
802.11g 2.4 Ghz Up to 54 Mbps under 150 ft or 35 m
802.11n 2.4 Ghz Up to 200+ Mbps under 300 ft or 70 m

 

The chart above points to some obvious advantages and disadvantages, like bandwidth speeds, between the different wireless technologies. But what about the differences between 802.11.a and 802.11g? They both use OFDM modulation techniques to achieve speeds up to 54 Mbps. So what is the difference between the 5Ghz (802.11a) and 2.4 Ghz (802.11bgn) radio frequencies? When 802.11a was developed the idea of moving wireless devices away from the the 2.4 Ghz frequency was considered a benefit. Many wireless devices at that time, like wireless phones used the same 2.4 Ghz frequency range which caused interference.

The Wireless Network

The wireless network requires a wireless networking device for clients to connect to like a switch without the ethernet cables, a wireless access point is a wireless networking device that connects clients to the network wirelessly. A wireless router is a powerful networking device, in that it combines the abilities of a wireless access point and a router, into one networking device capable of routing, DHCP services, NAT services, and more. Many home networks have wireless routers, that when improperly configured, and not secured, can become a network security risk.

A wireless client is a device with a wireless network interface card (NIC) configured to connect to the wireless access point or wireless router. The client can be a portable device like a tablet, PDA, laptop or phone, or it can be a stationary device like a desktop computer with a wireless NIC installed.

SSID – The SSID or service set identifier is the name identifier of the wireless network, and it is used to connect to that wireless network.  The wireless access point or router can broadcast the SSID and wireless clients in range of the WAP/router will see the wireless network identified by the SSID and can then attempt to connect to that wireless network. Network administrators can choose to not broadcast the SSID and in that case wireless clients within range of the WAP/router will be able to see detect that there is a wireless device, but will not know the SSID. Many people mistakenly see this as a form of wireless network security preventing clients from connecting to the wireless network. While it is true that the SSID is needed to connect to the network, it is an easy process for a hacker to use available software tools to discover the hidden SSID.

Video Tutorials

 In part1, I discuss the wireless network topology and connecting to a Linksys wireless router’s default settings 

In part 2, I configure the Linksys router’s internet and wireless interfaces IP as well as the DHCP server scope, and SSID

In part 3, I configure the router’s wireless security settings and WPA2 encryption

STP

STP Overview

STP or Spanning Tree Protocol is a protocol used on switches that prevents Layer 2 Switching Loops and Layer 2 Broadcast Storms. This is very necessary in large networks that are designed to have redundancy like backup switches and multiple paths across the network. Redundancy is a great thing for a network to have, but it can create physical loops by having more than one physical path or link across the network. When there are redundant links or paths for data to travel, then the data can circulate back around the network repeatedly in a layer 2 switching loop. This has the potential to effectively shutdown the network, because unlike packets at Layer 3 which have TTL values and a limited lifespan on the network, Layer 2 broadcasts do not have TTL values and will therefore loop endlessly on the network.

STP solves this problem by automatically blocking redundant or duplicate paths (ports) from switch to switch, thus closing the loops. If a path to a switch becomes unavailable, STP can reopen a closed port creating a new path. For this process to work, switches in the network communicate with one another, and share STP messages, called BPDUs, or Bridge Protocol Data Units.

The Root Bridge

The root bridge is the switch that is at the top of the Spanning Tree. The Spanning Tree Algorithm (STA) calculates the costs of all the paths in the network starting from the root bridge. The root bridge is determined by an election process in which the switch with the lowest bridge ID (BID) is elected root bridge. The BID is determined by two factors:

1. The BID is the lowest bridge priority number plus the VLAN ID, which by default would be 32768 plus the default VLAN 1, would be 32768+1=32769
2. or, if the BIDs on all the switches are identical. The switch with the lowest MAC Address becomes the root bridge

How to pick the root bridge?

It is a good idea to not leave the root bridge election process up to the mere chance of a switch having the lowest MAC address. Ideally the root bridge should be a robust switch at the center of the network close to resources that users will need access to. The thing to remember is that the root bridge will block ports in order to close off loops, creating paths for traffic to flow. These layer 2 paths need to be as short as possible. For STP to function properly, the end-to-end layer 2 network diameter should be no more than 7 switches. If there are more than 7 switches for data to traverse in the network, then the STP timers will not function correctly and ports could start flapping from forwarding to blocking which would create loops in the network.

Path Cost

The root bridge calculates which paths are the best paths in the network and which paths are redundant paths, needing to be blocked. This is done by assigning a cost value based on the speed of the switchports. So, if the root bridge is connected to another switch by way of a gigabit port, the cost for that link is assigned a value of a 4, and if that switch is connected to another switch by way of a fast ethernet port then that link is assigned a value of a 19. The entire path cost is 4 + 19 = 23.

The cost of the link is based on the speed of the port. Here is the list of port costs:
10 Gig = 2,
1 Gig = 4,
100 Mb = 19,
10 Mb = 100

IOS Commands

switch#show spanning-tree
switch#debug spanning-tree events

Lowering the bridge priority number can change the root bridge election process because the switch with the lowest bridge priority number is elected the root bridge. The default bridge priority number is 32768. In the first command below, you can manually change the bridge priority number. The following two commands automatically set the priority number to a lower than default predefined number

switch(config)#spanning-tree vlan 1 priority <num>
switch(config)#spanning-tree vlan 1 root primary
switch(config)#spanning-tree vlan 1 root secondary

The following commands allow you to manually change the cost of a port, which is normally based on port speed. This can change which ports, and therefore paths, that the root bridge will elect to block in order to close a loop.

switch(config)#interface fa0/1
switch(config-if)#spanning-tree cost <num>

The following commands change the port priority number which can change which ports, between two designated ports, on the same segment, will be put into a blocking state. To do this, you will need to lower the priority number to a number lower than the default of 128.

switch(config-if)#spanning-tree port-priority <num>
or in Packet Tracer,
switch(config-if)#spanning-tree vlan <num> port-priority <num>

Video Tutorials

Click here to download the packet tracer files used in the video: STP1-begin-step4.zip , STP1-begin-step4-STP-OFF.zip

In part 1, I demonstrate how STP prevents Broadcast Storms in large networks with redundant switches

In part 2, I discuss the BID -bridge ID, and the STP root bridge election process

In part 3, I demonstrate how to force the STP root bridge election by changing the bridge priority number

VTP

Overview

VLAN Trunking Protocol allows switches to share VLAN information dynamically. This way an administrator only needs to change VLAN information on one switch and it will automatically propagate to other switches in the VTP domain. This does not replace the need to assign specific switchports to specific VLANs, but it does reduce the administrative time it would take to configure VLAN changes on all switches in a large network. {loadposition adposition5}In order to implement VTP you need to know how the protocol operates and functions and how to configure it. For VTP to begin functioning the participating switches must be configured with the same VTP domain name. A VTP domain can support only 255 VLANs. Switches running VTP can be configured for three different modes: server, client, and transparent. A switch with VTP enabled is in server mode by default. VTP advertisements are sent every 5 minutes by default, or when there is a change in configuration revision number caused by the addition or deletion of a VLAN on a server.

VTP Modes

Server Mode – In VTP server mode you can create, modify and delete vlans. VLAN information is synchronized with other VTP servers and clients on the VTP domain. You can have multiple VTP servers in the VTP domain and VLAN information is synchronized according to the server with the highest configuration revision number. VLAN information is stored in the the vlan.dat file in NVRAM/Flash memory.

Client Mode – Switches in VTP client mode receive and synchronize VLAN database information from other VTP servers and VTP clients in the VTP domain. A VTP client can update a VTP server if it has a higher configuration revision number. VLAN information is stored in the “Running-Config” or DRAM. If a switch in client mode is restarted then all VLAN information, including the VTP revision number on the switch is lost and must be relearned from the VTP server once the client has restarted.

Transparent Mode – Switches in transparent mode receive updates from other servers and clients but do not participate in the VTP Domain, rather they allow the VTP updates and advertisements, to pass through the switch on to other switches in the VTP domain. Transparent mode switches do not synchronize their VLAN information with other VTP servers and clients, but maintain their own separate VLAN configurations.

Video Tutorial

In this video tutorial, I demonstrate how VTP shares VLAN information by configuring a VTP server and a VTP client, and then connecting them together with a trunk. The demonstration is easy to follow along with, in Packet Tracer. Here are the starter files for Parts 2 and 3: VTP2-begin.zipVTP3-begin.zip

In this tutorial, I cover setting up switches as a VTP server and a VTP client

 In this tutorial, I cover setting up a switch in VTP transparent mode

In this tutorial, I demonstrate how a VTP client can actually change a VTP server if the client has the higher revision number