IBM 内部 WLAN 培训资料(共276张)

1、IBM Networking ServicesIBM Internal Use OnlyJeri KorkkiExecutive IT ArchitectGlobal Solution ManagerVersion: 20 May 2005Education package for:IBM Network Consulting forWireless LAN IBM Networking ServicesIBM Internal Use OnlyIBM Intellectual Capital NoticeThis presentation is for IBM internal use on

2、ly Do not give a copy to IBM PartnersThis presentation has been prepared for training IBM Global Services practitioners. No copy or part of this presentation shall be given to outside IBM including IBM partners. However parts of this presentation can be given to IBM clients through paid consulting e

3、ngagements.IBM intellectual capital, the know-how, techniques, methodologies and information learned through consulting and services projects, is of great value to IBM. Intellectual capital is an asset and should be regarded in the same way as any physical asset. Send any feedback, corrections, comm

4、ents and suggestions for change to a Notes address:Jeri Korkki/Finland/IBMIBMFI2IBM Networking ServicesIBM Internal Use OnlyAgendaIBM Network Consulting for Wireless LAN The offeringWireless LAN StandardsWireless LAN BasicsWireless LAN RequirementsWireless LAN EvolutionWLAN Vendor PositioningWireles

5、s LAN ClientsWireless LAN Tools3IBM Networking ServicesIBM Internal Use OnlyIBM Network Consulting for wireless LANIBM Network Consulting for wireless LAN -offering contains following IC:Specification sheetSales presentation Customer presentationSales guide How to sell this consulting engagementSamp

6、le Statement of Work IBM legal approved sample SOW for customer engagementsData collection worksheet to collect initial input for solution definition workshopSolution Definition Workshop materials“How-to-run” guide for NS practitionersSolution Definition Workshop -foil setCase Study for a school sys

7、tem implementationIBM Technique PapersSecurity Enhanced Wireless LAN Architecture, Strategy and Policy for the Enterprise802.1x Authentication FrameworkLEAP Client (Laptop) ConfigurationCisco Access Point ConfigurationInstalling ACS for WLANsWindows Authentication from a Member ServerUsing Client Se

8、curity Software Version 5.0 with Tivoli Access Manager802.1x Implementation with Funk RADIUS serversIBM WECM V5.0 capabilities and its enhanced security applicationsEducation package: IBM Network Consulting for wireless LAN this presentationEducation package: Wireless IP CommunicationsThese material

9、s can be obtained from the ICM AssetWebhttps:/w3- Networking ServicesIBM Internal Use OnlySelected Non-IBM White Papers Below is a list of useful wireless LAN security related White Papers published by different vendors and associations. These White Papers are available free from the Web click the l

10、inks.Cisco SAFE: Wireless LAN Security in Depth version 2Cisco Overview of Structured Wireless-Aware NetworkSpread Spectrum Radios and RF SafetyWireless LAN Equipment in Medical Settings Addressing the Health Insurance Portability and Accountability Act RequirementsWireless Virtual LAN Deployment Gu

11、ide (AP1200)A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite802.1x and EAP-Based Authentication across Congested WAN Links Capacity Coverage & Deployment Considerations for IEEE 802.11g EAP-TLS Deployment Guide for Wireless LAN Networks Managing Airone

12、t Access Points and Bridges with CiscoWorksFunk SoftwareSecure Authentication, Access Control, and Data Privacy on Wireless LANsWi-Fi AllianceWPA2 Media BriefingWPA2 Q&A5IBM Networking ServicesIBM Internal Use OnlyAgendaWireless LAN Radio AccessWireless LAN StandardsWireless LAN BasicsWireless L

13、AN RequirementsWireless LAN EvolutionWireless LAN Vendor PositioningWireless LAN ClientsWireless LAN Tools6IBM Networking ServicesIBM Internal Use OnlyRadio Frequency Regulation and Licensing7IBM Networking ServicesIBM Internal Use OnlyFrequency Bands used for Wireless LAN systemsExtremelyLowVeryLow

14、LowMediumHigh VeryHighInfraredVisibleLightUltra-violetX-RaysAudioAM BroadcastShort Wave RadioFM BroadcastTelevisionInfrared wireless LANCellular (900 MHz)Cellular (1.8-1.9 GHz)902 - 928 MHzLegacy US Wireless LAN products2.4 - 2.4835 GHz (FCC)2.4 - 2.4835 GHz (ETSI Europe)2.4 - 2.497 GHz (TELEC Japan

15、)2.4 - 2.4835 GHz (MII)IEEE 802.11bIEEE 802.11g5.15 - 5.35 GHz (FCC UNII 1&2)5.15 - 5.35 GHz (ETSI Europe) 5.15 - 5.25 GHz (TELEC)5.15 - 5.25 GHz (Singapore)5.25 - 5.35 GHz (Taiwan)IEEE 802.11aHyperLAN2 (Europe)SuperHighUltraHighFCC - Federal Communications CommissionETSI - European Telecommunic

16、ations Standards InstituteTELEC - Telecom Engineering Center (Japan)MII - Ministry of Information Industry (China)8IBM Networking ServicesIBM Internal Use Only2.4 GHz Industrial Scientific and Medical (ISM) frequency bandChannel IDCenter Frequency FCCETSI(EUR)TELEC(Japan)IsraelMII(China)12412XXXX224

17、17 XXXX32422 XXXXX4 2427 XXXXX5 2432 XXXXX6 2437 XXXXX7 2442 XXXXX8 2447 XXXXX9 2452 XXXXX10 2457 XXXX11 2462XXXX12 2467 XX13 2472 XX14 2484 XIEEE 802.11b standard allocated channelsLicense free in most countriesSome national restrictions apply: Available channels may be limited Outdoors use may not

18、 be not allowed Output power limitationsAll equipment must be type approved by national regulatorEquipment must be configured to match country regulationssee IBM Technique Paper: Regulatory aspects governing the wireless LAN deployment in EuropeCheck national regulations !Non-overlapping channels in

19、 North AmericaNon-overlapping channels in Europe9IBM Networking ServicesIBM Internal Use OnlyNon-overlapping channels in the 2.4 GHz frequency band2.400 GHz2.4835 GHz2.4372.4122.4172.4222.4272.4322.4422.4472.4522.4572.4622.4672.472Channel 1Channel 6Channel 11guard band12345678910111213142.4842.4 GHz

20、 ISM (2.4-2.4835 GHz) band available in most countries 2.4-2.497 GHz in JapanIEEE 802.11b standard defines channel numbering scheme for DSSS systems with 5 MHz channel separation Note: 802.11 Frequency hopping systems use different channel numbering scheme Some countries restrict channel usage (i.e.

21、 Israel), and Japan has wider 2.4 GHz ISM bandDSSS channels are 22 MHz wide with 1 MHz guard bands on both ends2.4 GHz ISM band allows maximum of three non-overlapping channelsguard bands(Japan only)EuropeChannel 1Channel 7Channel 13Channel 1410IBM Networking ServicesIBM Internal Use OnlyLicense Fre

22、e ISM Bands National differences5.1505.2505.3505.4705.7255.825100 MHz Bandwidth200 MHz BandwidthAustraliaChina/HKEuropeJapanNZ/IndiaS K/SingaporeTaiwanUSA200 mW Indoor/Indoor/Outdoor200 mW Indoor200 mW Indoor200 mW Indoor200 mW Indoor200 mW Indoor200 mWIndoor200 mWIndoor1 WIndoor/Outdoor4 WIndoor/Ou

23、tdoor1 W Indoor/Outdoor4 WIndoor/Outdoor100 mWIndoor/Outdoor4 WIndoor/Outdoor2/4 WIndoor/Outdoor1 WIndoor/Outdoor1 W Indoor/Outdoor1 W Indoor/Outdoor1 W Indoor/Outdoor1 W Indoor/Outdoor5.8 GHz not uniformly available across Europe and JapanMaybe infuture100 mW EIRP In/Outdoor10 mW EIRP Indoor100 mW

24、EIRPIn/Outdoor *10mW/MHz In/Outdoor100 mW EIRPIn/Outdoor100 mW EIRP In/Outdoor100 mW EIRPIn/Outdoor4 W EIRP In/Outdoor*) Some countries restrict outdoor use2.4002.48584 MHz BandwidthEven if the unlicensed ISM bands are made universally available there are national restrictions and therefore it is of

25、 utmost importance to know the local regulations before deploying wireless solutions. 2.49711IBM Networking ServicesIBM Internal Use OnlySpectrum Designation in the 5 GHz band5.1005.2005.3005.4005.5005.6005.7005.8005.9005.1505.1505.1505.2505.3505.3505.4705. 7255. 7255. 825JapanUSAEuropeIndoor 200 mW

26、 / Outdoor 1W EIRPIndoor 200 mW EIRPOutdoor 1W EIRPOutdoor 4W EIRPDFS = Dynamic Frequency selectionTPC = Transmit Power ControlFrequency in GHzDFS and TPCDFS and TPCMax peakTX powerMax meanTX powerNOTE: Restrictions apply to multiple EMEA countries, please see IBM Technique Paper:Regulatory aspects

27、governing the wireless LAN deployment in Europe12IBM Networking ServicesIBM Internal Use OnlyRadio Frequency Interference RFIWireless LANs operate in the unlicensed frequency bands that are free for all users. Access points that are close to each other and operate on the same channel cause interfere

28、nce. Also, devices such as cordless phones and some home appliances operating on 2.4 or 5 GHz band cause interference. RFI affects the performance of wireless LAN systemProperly conducted site survey can eliminate the risk of RFI2.4 and 5 GHz bands are unregulated in most countries of the world, how

29、ever: transmission power is regulated in all countries, outdoors use is limited in some countries Companies “own” the air space in their premises but interference often comes from outside from neighboring buildings, etc. companies need to define rules and carefully track placement of equipment to pr

30、event RFI there are technical solutions to continuously monitor the RFI level after installationWireless LANAccess PointChannel 1Channel 1Cordless phoneOperating in 2.4 or 5 GHz band RFI Interference13IBM Networking ServicesIBM Internal Use OnlyBest Practices To avoid Radio Frequency InterferenceThe

31、re are several sources of interfering signals that affect wireless LANs, including microwave ovens, wireless phones, Bluetooth enabled devices, and other wireless LANs. The most damaging of these are cordless phones that people are starting to use in homes and some companies. What can be done to avo

32、id radio frequency interference: 1. Analyze the potential for RFI Execute proper site survey to determine potential RFI sources before installing equipmentDeploy a solution that continuously monitors RF interference and rogue access points2. Prevent interfering devices from operating Eliminate inter

33、fering devices by turning them offEstablish company rules that decide which devices can operate and where 3. Provide adequate wireless LAN coverage (adequate field strength)Ensure that the WLAN has strong enough signals throughout the areas where users will resideUse antennas to shape the coverage a

34、rea and try to limit the signal where it is not needed4. Configure access points properly Set the access points to channels and power levels that avoid RF interference 5. Deploy 802.11a wireless LANs There is less solutions that use 5 GHz band802.11a has eight non-overlapping channels versus three i

35、n the 2.4 GHz band14IBM Networking ServicesIBM Internal Use OnlyRadio Frequency ShieldingWindow shields and shielding paint additives, mixed with regular paint, can reduce the transmission of radio waves through walls, ceilings and doors. This is an economical solution for protecting RFI interferenc

36、e or RF leaks out of wireless networks. Radio Shield Paint AdditiveMixed with regular paint to help shield wireless networks Will help block radio waves and interferenceEnvironmentally friendly Window ShieldVisible light transmittance of 55%Reduces leakage of radio waves through windows Helps shield

37、 from outside radio wave interferences Reduces UVA/UVB rays15IBM Networking ServicesIBM Internal Use OnlyDenial of Service attacksIn addition to radio frequency interference the wireless LANs are susceptible to over-the-air denial of service attacks. With new radio frequency monitoring tools and sys

38、tems the attacks can be easily identified. Preventing DoS attacks is difficult and countering them usually requires physical intervention. Different types of Denial of Services AttacksJamming a radio transmitter sends signal on wireless LAN frequency and disturbs or prevents its operation detect the

39、 signal source using RF monitoring tools and remove it Flooding continuously repeating probe and registration requests reduce system throughput detect the intruder with monitoring system and remove it Fake access points cause clients to associate with wrong access point locate the fake access point

40、with monitoring system and remove itAttempts to access management interface secure all management interfaces in access points to prevent malicious attacks, such as changing configuration and rebooting of access point16IBM Networking ServicesIBM Internal Use OnlyRF Safetyalso, see: Cisco White Paper:

41、 Spread Spectrum Radios and RF SafetyThere are concerns about health effects of cellular phones and wireless LAN systems. The effects of RF radiation from wireless LAN equipment to humans can not be definitely dismissed however there is no conclusive evidence of wireless LANs having a harmful effect

42、 either. WLAN equipment must by type approved and meet relevant standards ANSI C95.1-1991 IEEE Standard for safety levels with respect to human exposureFCC Office of Engineering and Technology Bulletin 65 evaluating compliance with the FCC guidelines for human exposureEN 55011 limits and methods of

43、measurement of radio disturbance characteristics of ISM radio-frequency equipment Wireless LANs operate with significantly lower power than cell phones (100 Mb/s)Considering physical and MAC layer standards to support wired data network speeds802.11p Vehicular wireless accessLooking at issues relati

44、ng to using Wi-Fi radios in cars to access stationary wireless access points802.11r Fast BSS TransitionAddressing handoff delay due to authentication802.11s Mesh networkingDeveloping support for multi-hop wireless networking to improve coverage and reduce installation costs36IBM Networking ServicesI

45、BM Internal Use OnlyWireless LAN Trends and DirectionsWireless local area network technology is evolving. The recent focus has been on security and manageability now we start seeing new developments and products that address enhanced functionality. Some early products are already on the market. Some

46、 of the new developments in the wireless LAN area are: Voice over WLAN Ability to use wireless LAN infrastructure for mobile telephonyLocation Based Services Ability to determine the location of any client device in the wireless LAN networkRFID Radio Frequency Identification Ability to detect and de

47、termine the location of active RFID tags in the WLAN network Mesh networking Mesh networking allows wireless interconnection of WLAN access points (eliminates cabling)MiMo (multiple input, multiple output) MiMO technology uses number of antennas to send multiple signals as a way to significantly inc

48、rease the speed and range of a wireless network Outdoor WLAN access points Access points to provide outdoor WLAN coverage. Some products use mesh networking, sectorized and smart antennas.Smart Antennas Smart antenna actively searches an area for Wi-Fi signals, and can blend several weak signals int

49、o a strong signal without any prompting from the user. 37IBM Networking ServicesIBM Internal Use OnlyAgendaWireless LAN Radio AccessWireless LAN StandardsWireless LAN BasicsWireless LAN RequirementsWireless LAN EvolutionWireless LAN Vendor PositioningWireless LAN ClientsWireless LAN Tools38IBM Netwo

50、rking ServicesIBM Internal Use OnlyWireless LAN basicsWireless LAN ConfigurationsAd-hoc networkAd-hoc peer-to-peer WLAN networks can be convenient for demonstrations, but they have limited reach and involve security risks they are not recommended for business use. Mesh networking, where all devices

51、act as a repeaters, is a special form of P2P networking with specialized communication software.Enterprises use infrastructure wireless LAN networks for wireless connectivity WLAN access points connect wireless enabled devices to wired enterprise IntranetEnterprise IntranetEthernetswitchCisco AP 120

52、0Full FunctionAccess PointsEthernetcablesInfrastructure network39IBM Networking ServicesIBM Internal Use OnlyWireless LAN basicsWireless LAN Range and Coverage 11 Mbps 2 Mbps 1 Mbps 36 Mbps 12 Mbps 6 Mbps 5.5 Mbps48 Mbps 18 Mbps 9 Mbps54 MbpsWireless LAN coverage area and shape varies based on trans

53、mission power, types of antennas used and materials between and around access points and wireless LAN clients. Distances up to 100 meters can be achieved in open space although the transmission speed decreases as a function of distance. Coverage area - distance and shape - varies from site to siteCo

54、verage area is affected by materials between and around mobile devices and access points802.11a coverage is typically significantly smaller than 802.11b and 802.11g802.11g coverage is typically superior to 802.11b due to more effective modulation techniqueShape of the coverage area can be altered wi

55、th antennasSpeed is related to distance and adjusts automaticallyProper Site survey is essential to ensure desired coverage 24 Mbps 124 meters 802.11g 802.11b40IBM Networking ServicesIBM Internal Use OnlyWireless LAN basicsWireless LAN RangeDataRateMbps802.11a(40 mW with 6 dBi diversity patch antenn

56、a) Range Modulation802.11g(30 mW with 2,2 dbi diversity dipole antenna) Range802.11b(100 mW with 2,2 dbi diversity dipole antenna) Range5413 m (45 ft)OFDM 27 m (90 ft)4815 m (50 ft)OFDM 29 m (95 ft)3619 m (65 ft)OFDM 30 m (100 ft)2426 m (85 ft)OFDM 42 m (140 ft)1833 m (110 ft)OFDM 54 m (180 ft)1239

57、m (130 ft)OFDM 64 m (210 ft)11DSSS/CCK 48 m (160 ft) 48 m (160 ft)945 m (150 ft)OFDM 76 m (250 ft)650 m (165 ft)OFDM 91 m (300 ft)5.5DSSS/CCK 67 m (220 ft) 67 m (220 ft)2DSSS/DQPSK 82 m (270 ft) 82 m (270 ft)1DSSS/BPSK124m (410 ft)124m (410 ft)Selection of DSSS or OFDM modulation has an effect of ma

58、ximum transmit power and capability of the receiver. Note the range difference for 802.11a relative to 802.11g. Also note the superior range of OFDM data rates relative to DSS data rates in 802.11g. Environmental factors have dramatic impact on range and coverage areasRates stated below are approxim

59、ationsProper Site survey is essential to ensure desired coverageCisco AP 1200Full FunctionAccess PointsOFDM = Orthogonal Frequency Division Multiplexing, DSSS = Direct-sequence Spread Spectrum, CCK = Complementary Code Keying, QPSK = Quadrature Phase Shift Keying, BPSK = Bi-phase Shift Keying41IBM N

60、etworking ServicesIBM Internal Use OnlyWireless LAN basicsBuilt-in antennas in access pointsSome vendors have built in antennas into their wireless LAN access points. There are different types of designs and implementations. An antenna is a critical part of a wireless LAN access point and while built-in antenn