Wireless Networking Principles: Wi-Fi Architectures and CAPWAP Tunnels

Wi-Fi Principles

How Wi-Fi Works

A wireless access point (WAP) is connected to the rest of the network The WAP bridges the wireless and wired networks together Wireless client devices (laptops, phones, IoT devices, etc.) connect to the WAP to access the network In SOHO environments, the WAP is a built-in feature of the router In enterprise environments, WAPs are separate devices WAPs can either be managed individually as standalone devices, or centrally by a Wireless LAN Controller (WLC) ...

Wi-Fi Radio Channels

Wi-Fi uses radio channels in the 2.4 GHz, 5 GHZ, and 6 GHz bands A channel is actually a range frequencies Data is spread across the channel range In the 2.4 GHz band, most channels slightly overlap Starting with 5 GHz, channels can be "ganged up" ◦ Creates "wider" channels ◦ Offers clients more bandwidth

Wi-Fi 4 (802.11n)

• 802.11n
• Part of the unlicensed Industrial, Scientific, Medical (ISM) band ◦ 2.4 GHZ, 5 GHZ ◦ Up to 600 mb/s 14 overlapping channels ◦ Channels 1, 6, 11, and 14 are the only non-overlapping channels channels* ◦ Ch. 1 - 11 used in the US ◦ Ch. 12 - 13 also used by Europe ◦ Ch. 12 - 14 also used by Japan 2.4 GHZ ◦ Able to reach farther/provide more coverage ◦ Crowded - many devices use 2.4 GHz frequency band, which causes interference ◦ Microwaves, cordless phones, baby monitors 5 GHZ ◦ Shorter antenna / shorter distance than 2.4 GHZ ◦ Fewer interference sources than 2.4 GHZ ◦ Potential interference by weather stations and military radar *US only - other countries have different patterns

2.4 GHz and 5 GHz Wi-Fi Channels

Print 1 2 3 4 5 6 7 8 9 10 11 12 2.412 T 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472 14 Channel 2.484 Center Frequency (GHz) T T T T T T T T T T T T T . . : 22 MHz 2.4 GHz (802.11b/g/n) 1 6 11 5 GHz (802.11a/n/ac) 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 144 149 153 157 161 165

Wi-Fi 5 (802.11ac)

Non-overlappingWi-Fi 5 802.11ac 2.4 GHz, 5 GHZ ◦ Up to 3.5 gb/s ◦ 5 GHz is also part of the ISM band ◦ Weather stations and military radar share part of the band ◦ ◦ Might cause interference Up to 25 channels (depending on channel width) No channel overlap 2.4 GHz channels 1, 6, and 11 only ◦ Wi Fi 802.11ac

Wi-Fi 5 Channel Map

FCC Domain UNII-1 UNII-2 UNII-2-Extended UNII-3 ISM Weather Radar DFS Channels Per spatial stream (MUMO antenna) w/ 256-QAM: WiFi Channel # 36 40 44 48 52 56 60 64 100 104 108 112 116* 120 124 128 132* 149 153 157 161 165 ~ 200 mb/s 40 MHz ~ 433 mb/s 80 MHz ~ 867 mb/s 160 MHz Frequency 5170 MHz 5250 MHz 5330 5490 MHz MHz 5710 5735 MHz MHz 5815 5835 MHz MHz *Channels 116 and 132 are Doppler Radar channels that may be used in some cases. Credit: securityuncorked.com < 90 mb/s Channel Width 20 MHz B 136 140 144

Wi-Fi 6 (802.11ax)

Wi-Fi 6 802.11ax 2.4 GHz, 5 GHZ ® Wi-Fi 6E introduced 6 GHZ Up to 87 channels (depending on channel width) No channel overlap Up to 9.6 gb/s data rate · 160 MHz channel x 8 spatial streams, 1024-QAM Wi Fi 6 CERTIFIED

Wi-Fi 6E Channel Map

Band Channels BW 3 20 MHz 2.4 GHZ 1 40 MHZ 60 MHz of Spectrum & 3 Channels Allocated 25 20 MHZ 12 40 MHZ 5 GHZ 6 80 MHz 2 160 MHz 5170 MHz 5330 MHz 5490 MHz 5730 5735 MHz MHz 5835 MHz 59 20 MHZ 29 40 MHz 6 GHZ 14 80 MHz 7 160 MHz 5925 MHz 1200 MHz of Spectrum 59 channels 6425 MHz 6525 MHz 6875 MHz 712! MHz DFS 500 MHz of Spectrum & 25 Channels Allocated

Wi-Fi 7 (802.11be)

Wi-Fi 7 802.11be 2.4 GHZ, 5 GHZ, 6 GHZ Up to 46 gb/s max data rate 320 MHz channel width, 4096-QAM ◦ ◦ 16 spatial streams Up to 116 non-overlapping channels Driven by virtual reality (VR) applications, 8k video, large-scale IoT and gaming FOR THOSE ! ASUS GT-BE98 WiFi 7 Gaming Router

Wi-Fi 7 Channel Map

5925 20 2 20 1 3 20 15 V 20 19 11 20 113 15 20 17 19 20 21 23 20 25 27 20 29 20 33 35 20 37 39 20 141 43 20 145 47 20 149 51 20 53 55 20 57 59 20 61 63 20 65 67 20 69 71 20 173 75 20 177 79 20 81 83 20 85 87 20 89 91 20 93 20 197 99 20 101 103 20 105 107 20 109 = 20 113 115 20 117 119 20 121 123 1125 20 1129 131 20 1133 135 20 137 139 20 141 143 20 145 147 20 149 151 20 1153 155 20 157 20 161 163 20 165 20 169 171 20 1173 20 1177 179 20 181 183 20 185 187 20 1189 191 20 193 195 20 197 199 20 201 203 20 205 207 20 209 211 20 213 215 20 217 219 20 221 20 225 227 20 229 20 233 7125 O (802.11be) 320MHz 3 x 7 ×160MHz 14 × 80MHz 29 × 40MHz 59 × 20MHz 5945 159 167 175 V 20 127 95 31

Wi-Fi Security Levels

Wi-Fi Security

Side 2 Wi-Fi has two levels of security: Personal: . Configure a standalone WAP with a pre-shared key . The user must enter the key when connecting to the access point Enterprise: · WAPs act as 802.1x clients ◦ When end devices (supplicants) connect, their connection is put on hold · The user typically sees a captive portal where they must enter their credentials · The WAP (RADIUS client) forwards the authentication request to a RADIUS server . The RADIUS server informs the RADIUS client if the authentication request was successful, and if there are any policy restrictions to be applied ◦ If authentication is successful, the supplicant is allowed on the network Side 1

Comparison of WPA, WPA2, and WPA3

rat Feature WPA WPA2 WPA3 Encryption TKIP AES (CCMP) 128-bit key AES (CCMP) 192-bit key Authentication Pre-shared key (PSK) Enterprise (802.1x + RADIUS) PSK, Enterprise Simultaneous Authentication of Equals (SAE) replaces PSK, Enterprise Key Management TKIP - each packet has a new key Robust Security Network (AES CCMP) key management Forward Secrecy New key every session Protection Against Weak WEP keys, anti-replay packet sequencing TKIP vulnerabilities, stronger Brute-force attacks, offline dictionary attacks Introduced In 2003 2004 2018 Use Case Legacy devices Commonly used today High security environment

Wi-Fi Service Sets

Service Set Identifier (SSID)

The friendly name given to a wireless network Need not be unique Can be hidden (not advertised) . You can still connect to the WLAN if you know the SSID . You'll have to manually enter the SSID Daisy WiFi Connected, secured Properties Disconnect Back2Basics HOME-D59E XFINITY xfinitywifi 8 MariaSo66 8 NYYNYG Network & Internet settings Change settings, such as making a connection metered. Wi-Fi Airplane mode Mobile hotspot

Basic Service Set (BSS)

Simple WLAN with ONE: · Wireless access point · SSID (AP advertises itself) · Channel · BSSID (MAC address of AP) Typically can accommodate up to 10 clients Usually an extension of the LAN Traffic might also be routed straight to the Internet BSS SSID: "my wifi” ..... 90 AP1 BSSID: 4c4e.354f.0040

Extended Service Set (ESS)

Both Siches troom for slice below Several interconnected BSSs acting as one APs that are physically close to each other will use different channels · Avoid interfering with each other All participating BSSs use the same SSID . To the client, the ESS appears as a single BSS Depending on the product, the ESS might provide several SSIDs . Each WAP in the ESS can accept connections to any or all of the SSIDs . To the client, each SSID appears to be a different system, with its own security and network settings APs in an ESS are typically managed by a separate WLAN controller · The controller sends configuration information, including load balancing user traffic, to the APs · Controller traffic and user data is tunneled between the controller and AP(s) Can have thousands of active clients . Depending on the product, each AP can handle 50 - 500+ concurrent clients per radio

ESS Example

2 BSS1 BSS2 SSID: "my wifi" SSID: "my wifi" AP1 AP2 BSSID: 4c4e.354f.0040 BSSID: 4c4e.354f.0041 ESS 1. CISCO

Cisco Wireless Architectures

Wireless Access Point (WAP)

AKA Access Point, AP Can be single, dual, or tri-band Can support 10 - 500+ simultaneous Wi-Fi clients Can be standalone or WLC-controlled Cisco Lightweight Access Point (LAP) is WLC-controlled Can be PoE or separately powered Has at least one RJ-45 Ethernet port Might have its own console port

Wireless LAN Controller (WLC)

Monitors and manages wireless access points Connects the WAPs to the wired network Communicates with each WAP via a dual CAPWAP tunnel One tunnel for control ◦ ◦ One tunnel for data - --- --

Cisco Lightweight Access Point (LAP) Connections

Side 1 Cisco LAPs connect to access switch ports These ports are placed in a dedicated LAP management VLAN The WLC connects to the same VLAN to manage the LAPs and receive their Wi-Fi client traffic . The WLC can be part of the switch, or a separate device - Side 2 VLAN

WLC - LAP Communications

Each LAP creates a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel to the WLC ◦ CAPWAP is an IETF standard that replaced Cisco's proprietary Lightweight Access Point Protocol (LWAPP) Each CAPWAP tunnel is actually two encrypted tunnels, one for control and one for data All CAPWAP tunnels travel across the same VLAN to the WLC One side! VLAN 1

Trunk Port Connections

Used by a WLC to connect to its local access switch side 1 ◦ Needed because the WLC routes LAP traffic from the CAPWAP tunnels to the various VLANs Can also be used by autonomous WAPs configured with multiple SSIDs ◦ Each SSID is assigned to its own VLAN ◦ The WAP uses a trunk link to send and receive all VLAN traffic to/from the switch VLAN 8 VLAN 9 VLAN 6 VLAN 7 VLAN 7 VLAN 8 VLAN 6 Trunk link VLAN 9 side 2

Link Aggregation Group (LAG)

Side 1 + 2 Used to bundle multiple trunk links between a WLC and a switch ◦ Increases Wi-Fi client traffic throughput Can be automatically configured using either LACP or PAgp Link Aggregation Protocol (LACP) ◦ Standards-based, vendor neutral VLAN 6 VLAN 7 VLAN 8 VLAN 9 ◦ Good for multi-vendor environments VLAN 7 VLAN 8 ◦ Preferred in most implementations VLAN 6 LAG Port Aggregation Protocol (PAgp) · Cisco proprietary Note: Cisco's term for LAG is "EtherChannel" Side 2

1