Vous êtes sur la page 1sur 149

BELDEN

SENDING ALL THE RIGHT SIGNALS


HiWP
HiWP
Hirschmann WLAN Professional i

1
JEN Agenda

• Basics
• Standards
•Data rates
•Operating Modes
• WLAN Models
•Science Stuff
• Antenna Types
• Antenna Selection Criteria
•Topologies

2
SENOING AU THE RIGHT SIGNALS

WIRELESS BASICS

3
Uses

• Untethered device/network access (roaming


clients)

•Replace standard cabling to reduce installation


costs

•Installations where standard cabling is not


possible

•Temporary Installations

As wireless technology is being refined more and more, it becomes a more


affordable, reliable solution to applications that before would be unfeasible. Either
physically or financially. We can now get useful data to and from places before
would be unthinkable. From the bottom of a mine shaft, across a factory floor,
around a mountain, even easily across a body of water without costly cables or
fiber runs.

4
4 Seamless Wired and Wireless

By utilizing standards based wireless products, you have seamless


integration between your devices.

With 802.11 wireless ethernet, we can seamlessly, invisibly and reliably integrate
data connectivity into new or existing networks.

Wireless Lan’s generally provide one of two roles:


Access Role – they provide wireless access to a wired resource or network
Distribution Role – they are used to extend or join multiple wired networks to
provide seamless connectivity

5
Nj CSMA/CA

Duplex - Explained

O Half Duplex - A device can only send or receive at a


given moment

O Full Duplex - A device can send and receive at the


same time

O Think of Half Duplex as a two way radio - Only one


person can talk at a time

O Think of Full Duplex as a cell phone - each person can


talk and listen at the same time

6
BELDEN Access Methods

•In wireless networks , collisions are always


possible. There are two methods used to help
avoid collisions.

• CSMA/ CA : Carrier Sense Multiple Access w/Collision


Avoidance
- Devices check to see if the medium is in use before
transmitting
- 2 internal timers present must both be counted down to 0
before transmission can take place (IFS, Random Back-off
Times)
• RTS/CTS : Request to Send/Clear to Send
- Devices send a “ Request to Send” message to the Access
Point
- When the Access Point is free to receive, it sends a “ Clear to
Send” message to the network so the device knows it is clear,
and the other devices know to wait

CSMA/CA is not necessarily the best method of collision avoidance, but it is the fastest with
less latency and overhead. Because of this, it is the default choice on a WLAN, unless
specific problems are detected.

7
m
SENDING All THE BIGHt SIGNALS
L. Hidden Node

s*
’ N

/
x* N •» \
/ \
S
/ S
/ \
/ \
V \
/ '
x •s \
/
\ \
/ / \ \
/ / \ \
/ / / s \
\
/ / /
/
\ \
/ / \
/ \ \ l
/ / S \
/ / \
I I I \
\
I I i / I
l

l
: I l
\ / /
\ \ I I i
\
\ \ s / / / /
\ \ /
\ / / I
\ \ / /
\ \
/ /
\ /
\ s /
\ / /
\ /
\ / /

/
/
\ /
/
V /
'
x /

8
m
SENDING All THE BIGHt SIGNALS
L. Hidden Node

s*
’ N

/
x*
N •»
/ x
' S
/ s
/ V
/
V
/ '
x N
/ \
/
/ /
/ /
/ / / s
/ / /
/
/ /
/ \
/ / s
/ / \
I I I
I I i /
l

l
:
\ / /
l \
\ /
\
\ \ s /
\ \ \ /
\ \ /
\ \
\ \ s /
\ \ /
/ /
\ /
\

/ /
/
V /
\
'
x /

9
N Wireless Operating Modes

•The 3 possible modes of operation in a wireless


network are:

• Access Point
• Access Client
• Point to (Multi) Point

•In most all instances, the application


requirements will clearly dictate which mode will
be needed.

10
BELDEN
StNtXNC AUIHE RttHI SIGNALS
Wireless Operating Modes

• Access Point

• A wireless infrastructure device (such as a BAT)


e e
• Creates the wireless network and defines all aspects of the
wireless network .

• Allows clients of all forms to connect to the wireless network


(laptops, barcode scanners , smart phones, tablet PC’s... )

• Defines any encryption methods and keys

• Defines which channel ( or frequency ) the wireless network


transmits on
‘- V
.
• Defines the SSID (Service Set Identifier ) ...

Other things the access point can control would be:


- MAC filtering
- Radius Authentication
- Per client bandwidth limitations
- Number of clients that can connect
- Firewall rules…

11
BELDEN
SEN01NG All THE RIGHT SIGNALS
Wireless Operating Modes

•Access Client
A wireless device designed to connect to a wireless network
(Laptop , tablet PC , barcode scanner or possibly a BAT
configured as an access client)

Per the 802.11 standard, client’s can only connect to an Access


Point ( although some “ Ad Hoc” solutions are available from some
manufacturers)

A client can only connect to one wireless network at a time

In an ESS (Extended Service Set), clients are allowed to roam


between different access points (if the clients supports this
feature)

y
Ah Hoc – 2 clients can connect to each to form a PAN (Personal Area Network)
An infrastructure device (Such as a BAT) running in access client mode is best suited for
applications where a single wired device is connected. Per the 802.11 specification the
client device performs a “MAC masquerading” functionality which may pose some issues in
some layer 2 discovery programs.

12
BELDEN
StNtXNC AUIHE RttHI SIGNALS
Access Client - MAC Masquerading W

Source:
MAC: 00:80:63: AA: BB CC 00:80:63:DD:EE:FF MAC: 00: 80 63 DD EE FF
Destination:
00:00:BC:11:22:33

Source:
Access Access 00:00:BC:44:55:66
Point Destination:
Client 00:00:BC:11:22:33

D9
Si
Si
MAC: 00: 00:BC:11:22:33
II
MAC: 00:00:BC: 44: 55:66

Some discovery programs that operate at the datalink layer (such as HiDiscovery) will not
be able to find more than one device connected to a client due to this MAC masquerading.
Also note, this is NOT a Hirschmann issue, ALL clients perform this function.
If the client AND access point are BAT devices, a proprietary work-around called “Client
Bridge Support” can be used

13
M BSS ( Basic Service Set)

• Basic Service Set

• A single access point and all of it’s connected clients

• Most basic form of a WLAN (Wireless LAN)

• Clients can intercommunicate (in most cases)

• No roaming can happen

14
BELDEN BSS ( Basic Service Set)
SEN01NG All THE RIGHT SIGNALS
' '

SSID: Hirschmann
Frequency: 2.4GHz
Channel: 1
Encryption: WPA/AES
Encryption key: supersecure

Access
Point

Wireless

i
Wireless
M Wireless Client
Client
'
f Client

In order for a client to connect to a WLAN, at a MINIMUM, the following must match
between the AP and the client:
- SSID
- Frequency/Channel being used for communication
- Encryption type and key

***Further criteria may be needed depending on the configuration of the AP

The access point will send out beacon frames containing:


- Configured beacon interval
- configured SSID
- BSSID
- Supported data rates
Default time interval is 0.1 seconds (100ms)

15
m Connection Phases
SENDING AU IHE RIGHT SIGNALS

Authentication and association

mobile station access point

1 probe request
>
2. probe response
<•
3. authentication open seq:1 _ >
4. authentication open seq:2
<
5. association request
>
6. association response
«
7. data
<

- Unauthenticated and unassociated


- Authenticated and unassociated
- Authenticated and associated

16
M ESS ( Extended Service Set)

• Extended Service Set

• Multiple interconnected access points sharing an SSID


and all of the connected clients

• Allows for soft roaming clients

• Used for large area coverage where constant connectivity


is required and not able to be facilitated with a single
access point

17
m L. ESS ( Extended Service Set)
SENDING All THE BIGHI SIGNALS

LAN
APP 3 IAPP

Acces Acces Acces Acces


Point SSID: Hirschmann
Point SSID : Hirschmann
Point SSID: Hirschmann
Point SSID : Hirschmann
Frequency: 2.4GHz Frequency: 2.4GHz Frequency: 2.4GHz Frequency: 2.4GHz
Channel: 1 Channel: 6 Channel: 11 Channel: 1
Encryption: WPA/AES Encryption : WPA/AES Encryption: WPA/ AES Encryption : WPA/AES
Encryption key: Encryption key: Encryption key: Encryption key:
supersecure supersecure supersecure supersecure

Wireless
1
Wireless Wireless
Client Client Client

In the Extended Service Set:


- All access points share the same SSID, encryption type and key but operate on different
channels
- When a client connects to an AP , the AP announces this to the other AP’s using IAPP
(Inter Access Point Protocol) messages. This allows the clients to roam between the
access points without needing to reauthenticate to each AP as it roams.
- Can also be used with a WLAN Controller for ease of administration/faulty device
replacement and add additional features to the WLAN

18
m L. ESS ( Extended Service Set)
SENDING All THE BIGHI SIGNALS

LAN
APP 3 IAPP

Acces Acces Acces Acces


Point SSID: Hirschmann
Point SSID : Hirschmann
Point SSID: Hirschmann
Point SSID : Hirschmann
Frequency: 2.4GHz Frequency: 2.4GHz Frequency: 2.4GHz Frequency: 2.4GHz
Channel: 1 Channel: 6 Channel: 11 Channel: 1
Encryption: WPA/AES Encryption : WPA/AES Encryption: WPA/ AES Encryption : WPA/AES
Encryption key: Encryption key: Encryption key: Encryption key:
supersecure supersecure supersecure supersecure

Wireless
1
Wireless Wireless
Client Client Client

Thin AP Model:
- The AP’s search for the WLAN Controller
- Once found, the WLAN Controller will give out a pre-determined config to the AP
- Firmware updates, config changes are all handled through the WLAN Controller
- If an AP fails, upon replacement the new unit finds the WLAN Controller, gets a config
and viola’
- It is also possible to have a Backup WLAN Controller for added redundancy
- From a security aspect, the controller configs can be set so once an AP gets a config it
will maintain this config for a certain amount of time, or until it loses power, or
immediately after losing communication to the controller.

19
4J IBSS (Independent Basic Service Set)

•Independent Basic Service Set

•“ Ad-Hoc mode”

•Decentralized architecture

• No access point or infrastructure devices

•Client to client communication (1:1 only)

•Supported by 802.11b only (standardized)

20
Point to (Multi) Point

•Infrastructure only mode

•Statically defined Access Point to Access Point


configuration

•Used for dedicated wireless “ backbone”

•Transparent to end devices

21
n L. Point to Point

5GHz
Channel 165
Encryption: WPA2/AES
Master Key: supersecure Slave
P2P Partners: P2P Partners:
Site B Site A
Site A Site B

r Physical WLAN settings - WLAN interface

I
Operation Rado I Performance -
Portto Port Jcientmode
--
f~1Point to Point partnm7H>?P?1 &int te>- Pni .-
PorttoPort flams ;
^ - 1
Enable ths Port -2 -Port charnel
-
Poentto Port operation mode:
Erter the WLAN access port lo be rterconnected via
© Off •TV«s access point can only commirecate vrth moWe Pcrtto-Port connection here
stations
Recognize by.
© On - Ths access port can also comriKneatevrth other access MAE address
ports to connect several local wreless networks
0 Slaton name
a Exclusive • Tho access port can only cornmmcate wth other 1 / Senal autocor/igmticn
access ports, mobfc stations cannot connect to this access
port frxjre WLAN bridge)
you use reeognbon by IMC addess . erter the WLAN
adapters MAC address and not the device MAC iaddess
Station name : SITE-A
oooooooooooo
(y Corfigwethe Portto-Point partners outsrie ties dialog n the
^
cooespondng table
Station name SITE-8

0 Do not forward between P2P Inks on the same rterface OK


Channel Selection Scheme: Master

OK | | Cancel .

In a point to Point model, all units are configured as access points. They must share:
- Frequency and channel
- Encryption type and key
SSID is irrelevant in P2P mode
1 unit is defined as the “Master”
The rest are defined as “Slave” units

Each unit gets it’s own “Station name”


They are then set with the partners they will communicate with (P2P partners)
Partners are defined either by MAC address or their station name (station name is
preferred due to ease of faulty device replacement)

22
m Point to Multipoint
SENDING AU IHE RIGHT SIGNALS

Slave
P2P Partners:
Site A
5GHz Site B
Channel 165
Encryption: WPA2 /AES
Key: supersecure Slave
P2P Partners:
Site A
Site C

Slave
P2P Partners:
Master Site A
P2P Partners:
Site D
Site B
SiteC Slave
SiteD P2P Partners:
Site E Site A* Site A
Site F Site E
SiteG
Slave
:ll^ J / Site
P2P Partners:
A
Site F

Slave
P2P Partners:
Site A
SiteG

- Up to 6 slave access points can be connected to a single Master access point (as of
HiLCOS 8.52)
- The master and ALL slaves share the same channel, and as such the bandwidth is shared
as well. This is a design criteria that must be paid attention to
- All units share the same encryption type and key as well

23
N WLAN Models - Summary

•If the application requires clients to connect


(laptops, notepads . ..), the access point/access
client model will be used

•If the application has moving clients , and the area


is too large to be covered by a single access
point, the access point/access client will be used
in an “ ESS” configuration

•“ Site to site” or “ building to building” connectivity


would use the Point to (Multi) Point model

24
BELPEN

WIRELESS STANDARDS

25
: dI>1: j Wireless Standards
-CT J

802.11a
802.11b
802.11g
802.11n
802.11e
802.11h
802.11i

26
N 802.11a

•5GHz Operation
• Up to 54Mbps data rates
• Up to 12 “ non-overlapping” channels
•20MHz channels
•Very commonly used for wireless “ backbone”
connections

- The 5Ghz frequency band is not very crowded, so the possibility of external interference
is greatly reduced
- Also because all 5GHz channels are “non-overlapping”, if external interference does
become an issue, it is very easy to work around

27
N 802.11b

•2.4GHz Operation
• Up to 11Mbps data rates
• Up to 3 “ non-overlapping” channels
•22MHz channels
•Very inexpensive and requires very little power

- Because 802.11b is very inexpensive and requires very little power, it is still commonly
used in hand-held, battery powered devices such as barcode scanners
- The 2.4Ghz band is very congested with other devices, cordless phones, bluetooth,
microwave ovens… so outside interference can be a big issue. Also as there are a
maximum of 3 non-overlapping channels, this issue can become very hard to work
around

28
N 802.11g

•2.4GHz Operation
• Up to 54Mbps data rates
• Up to 3 “ non-overlapping” channels
•22MHz channels
•Can operate in mixed mode with 802.11b devices

- Very popular for higher end handheld devices, such as smartphones, laptops, tablets…

29
802.11n

•2.4GHz or 5GHz
• Up to 600Mbps data rates
•Supports MiMo (Multiple Input Multiple Output)
•20MHz or 40MHz channels
•Frame Aggregation (increases throughput)
•Works very well in highly reflective areas due to
MiMo support (vs. 802.11a/b/g)

30
802.11e ( WMM/WME)

WMM - Wireless Multi-media


WME - Wireless Multimedia Extensions

• QoS for wireless

• 4 priority queues
- AC_BE: Best effort
- ACJ3 K : Background
- AC_VI: Video
- AC_VO: Voice

• Enables “ power-save” features

Originally WMM, later changed to WME, both are one in the same

31
N 802.11h

• Primarily a European Standard

•Implements TPC and DFS (Transmit Power


Control and Dynamic Frequency Selection)

•Allows 5GHz operation in areas where radar or


satellite communication could interfere with
wireless

32
802.11i

•Wireless security standard

•Details WPA 2 encryption method

•Uses AES cipher (Advanced Encryption


Standard)

• Highest level of non-proprietary wireless


encryption

• Always recommended to use if possible

33
MiMo

Multiple Input Multiple Output


• 802.11n allows for NxM spatial streams
• BAT300 products support 3x3 (3 output x 3 input)
Stream 1
Stream 2
Stream 3

Increases bandwidth
Also improves performance in highly reflective
areas

34
BELDEN
SCNOtNCAUIHEMSHTStSNAlS
MiMo - Multipath

// / / /
A 1

m
•• •
% irr.
M
UIMOAP 802.1 In
*
>.

B 2
\\\\\

- Vs. 802.11a/b/g, MiMo allows for roughly a 10db better signal strength

35
BELDEN
SCNOtNC AU IHE RISHI SIGNALS
Standards Overview

TABLA PARA EXAMEN !!!ESTUDIAR

Frequency 5GHz 2.4GHz 2.4GHz 2.4/5GHZ

Data Rates 54Mbps 11Mbps 54Mbps 600Mbps

Modulation OFDM DSSS OFDM1 QAM, QPSK ,


BPSK
Transmit 1W2 10OmW2 10OmW2 lOOmW/IW2
power
Max non ¬
19 3 3 3/193
overlapping
channels

1 – DSSS is also used in 802.11b compatibility mode


2 – Output power varies by country
3- depending on channel availability per country
BELPEN

CHANNEL ALLOCATIONS

37
BELDEN
SENDING All IKE RIGHT SIGNALS
2.4GHz Channels

ESTUDIAR!!! Per 802.11 standards

2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472 2.462

I
5
I I
\ I
10
I

il 4
i i i I I
9
I r ri
3 8 13
i i [ i i i i f

2 7 12
i r j i i i i i i i i
1 \ / 6 \ / 1 1

- Each channel center frequency is separated by 5MHz


- And as mentioned earlier each channel has a frequency width of 22MHz
- As such you can have a maximum of 3 non-overlapping channels

38
.
k

Available U.S. channels (per FCC)

2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472 2.462

1 1 1 1 1 1 1 1 1 1
m mm
5

i ^ HIT O
t 3 |i 8 1
2 U 7 \
] \ / 6 \ / 11 \

- Each channel center frequency is separated by 5MHz


- And as mentioned earlier each channel has a frequency width of 22MHz
- As such you can have a maximum of 3 non-overlapping channels

39
BELDEN
SEN01NG All THE RIGHT SIGNALS
2.4GHz Channel Usage
**

1 6

11 1

Because of the overlapping with 2.4GHz channels, proper planning and usage is a MUST for
2.4GHz channels

40
n L. 5GHz Channels

Per 802.11 standards ESTUDIAR!!!


Band Channel Frequency (GHz) Use
36 5.180 Indoors
40 5.200 Indoors
UNII-1 5.220
44 Indoors
48 5.240 Indoors
52 5.260 Indoors/DFS *
56 5.280 Indoors/DFS *
60 5.300 Indoors/DFS *
64 5.320 Indoors/DFS*
100 5.500 DFS
104 5.520 DFS
108 5.540 DFS
UNII-2 112 5.560 DFS
116 5.580 DFS
120 5.600 DFS
124 5.620 DFS
128 5.640 DFS
132 5.660 DFS
136 5.680 DFS
140 5.700 DFS
149 5.745 149
153 5.765 153
UNII-3 157 5.785 157
161 5.805 161
165 5.825 165

41
n L. 5GHz Channels

Available U. S. channels (per FCC)


Band Channel Frequency (GHz) Use
36 5.180 Indoors
40 5.200 Indoors
UNII-1 5.220
44 Indoors
48 5.240 Indoors
52 5.260 Indoors/DFS *
56 5.280 Indoors/DFS *
UNII-2 60 5.300 Indoors/DFS *
64 5.320 Indoors/DFS *
149 5.745 149
153 5.765 153
UNII-3 157 5.785 157
161 5.805 161
165 5.825 165

42
SENDING All THE BIGHt SIGNALS
Channels/Output Powers

_
10 BAT-ti SBS7C0 Confaufor*on
how ulan
Channels Allowed By Regulatory Donain

Country Setting: Europe


Indoor -Only Operation: No

.
Allowed Channels for 2,4 GHz Operation:
.
ChanneKs ) 1< 2412 HHz ) 2 < 2417 HHz ) 3 < 2422 (1Hz >, 4 < 2427 HHz >, S < 2432 HHz )
>, 12(2467 .
HHz ) 13 < 2472 HHz ):
. .
6 (2437 HHz ), 7 < 2442 HHz ) .
8 < 2447 HHz > 9 < 24S 2 HHz >, 10 < 24S7 HHz ), 1K 2462 HHZ
EIRP linit 18 dBn < CCK >, 20 dBn ( OFDH )

.
Allowed Channels for 5 GHz Operation:
ChanneKs ) 36(5180 HHz ) 40 < S 200 NHz >
EIRP linit 23 dBn
. 44 < S220 HHz ), 48 < S 240 HHz ):
regulatory requirenent < s >:
indoor-only usage
configuration requirenent ( s ):
Indoor -Only-Operation nust be enabled
. .
ChanneKs ) 36(5180 HHz ) 40 < S 200 HHz ), 44 ( 5220 HHz ), 48 ( 5240 HHz ), 52(5260 HHz ), 56(5280 HHz ) 60( 5300 HHz ), 64 ( 5320 HHz ):
EIRP linit 23 dBn
DFS is enabled ( EN301893 -U1.6 on ULAN-1, EN301893 -U1.6 on ULAN-2, load threshold is configured to 80z >
regulatory requirenent ( s ):
indoor - only usage
naxinun frane transnission tine 10000 us
configuration requirenent ( s ):

.
Indoor -Only-Operation nust be disabled
ChanneKs ) 100( 5500 HHz ) 104(5520 HHz ), 108 (5540 HHz ), 112(5560 HHz ), 116(5580 HHz ), 132(5660 HHz >, 136(5680 HHz ), 140(5700 HHz ):
EIRP linit 30 dBn
.
DFS is enabled ( EN301893-U1.6 on ULAN-1 EN301893-U1.6 on ULAN- 2, load threshold is configured to 80x >
regulatory requirenent ( s ):
naxinun frane transnission tine 10000 us
configuration requirenent ( s ):
Indoor -Only-Operation nust be disabled

ransnit Powers Ooer Interfaces And Rates

3
ULAN-1 ULAN-2
20 dBn 20 dBn
20 dBn 20 dBn
20 dBn 20 dBn
20 dBn 20 dBn
20 dBn 20 dBn
20 dBn 20 dBn
18.5 dBn 18.5 dBn
17.5 dBn 17.5 dBn
tate of Aggregation ouer peers

eer Address Dir TID BPending HUBusy Sin BOut State

J\ MinSCMMANN OK Cancel

Via CLI:
- Set country code:
cd /setup/WLAN
set country ? (show list of countries)
set country XXX (XXX = number code for the appropriate country)
- Show WLAN Information for specific country code:
show wlan

43
SENOING AU THE RIGHT SIGNALS

ANTENNA SELECTION

44
• Omni directional antenna (Dipole)
• Horizontal 360° , Vertical up to 360°
• Used for mobile installations or cover areas (e.g. mobile phone)
• Lowest antenna gain, passive gain typically 3-6 dB

• Sector antenna (Semi directional)


• Typically symmetric horizontal and vertical from 45° -120°
• Used to cover areas (e.g. rooms, production halls, open places)
• Mid range antenna gain, passive gain typically 6-14 dB

• Directional antennas (Highly directional)


• Typically symmetric horizontal and vertical from 1° -18°
• Used for directed point to point connections over several Kilometers
• Highest antenna gain, passive gain typically 18-30 dB

Omni Directional Antenna:


Typical radiation pattern looks like a doughnut
Should be placed in the middle of the room, because it is covering the area in all directions

Sector Antenna:
Typical radiation pattern looks like a pice of cake
Should be placed in the corner of the room, because of it‘s radiation pattern.
Antenna types of this category are Yagi, Grid, Patch and Panel Antennas.

Directional Antenna:
Typical radiation pattern looks like a baseball bat.

There are special types like grid antennas (Yagi or Grid antennas) there biggest advantage is
the resistance to wind.

45
N Antenna Types

•Polarization

• Orientation of the RF waveform leaving the antenna


- Vertical
- Horizontal
- Circular

• Sending and receiving antennas should be the same


polarization for good results

• Reflected RF waves with have altered polarizations

46
Omni-Directional

•Typically used for area coverage

•Lower gain (shorter distances)


0 0
-20 30 -3D 30

%
R -V y.
l -150
150

Horizontal
150 -150
»
150

Vertical
150

Typically 3dbi – 8dbi gain

47
Sector

Wide area coverage

Typical slightly higher gain than omni-directional

-60

3o
'
eoi *

Horizontal Vertical

Typically 6dbi – 12dbi gain

48
Nj Medium Directional

• Higher gain levels

T
" Tighter radiation patterns
M
»
•> "" 40 » fa

-
' i

K
*

. / V !
.
/ \
N
«»/
*

ML* J / < \ 1 /.x \ \


\ /
/
r r
-

:
( i T
3}’
T I
'
v.
» « T

- <
l/J
/ ' ‘

M
> «
-< .
-

Horizontal Vertical

Typically 14dbi – 18dbi

49
Highly Directional

•Highest gain levels

•Very tight radiation pattern


ft
- , «

T 1

«»' • » ,w

IX «t IX «

Horizontal Vertical

Typically 19dbi - 25dbi

50
Specialty Antennas

Leaky Coax Omni - Hemispherical


• Length of coax cable designed •Ideal for AGV’s or other
to “ leak” in a controlled pattern roaming clients
the length of the cable

• Ideal for conveyor, rail or mining •Low gain, low profile


applications

(XM* contactor
iCoeor* too
ln>Mf CO
*
(COOM> <
r>

51
Selection Criteria

•Gain must be enough for the distances needed

•Coverage pattern must meet application needs

• Physical security

•Down tilt angles must be sufficient

52
BELIE EN Gain

Highly Directional
f -

Sector

? -o —

Using the Hirschmann WLAN Distance Calculator or up coming BAT Planner you can
determine what antenna gains may be needed

53
Coverage Pattern

Sector
Antenna 45-
6
90°

Assembly line

Assembly lines may include video control to scan barcodes from parts of the final products.
The antenna should cover the needed area. In this example there is a potential to use a
antenna with much lower horizontal and vertical angel of beam.
BELDEN Coverage Pattern

r
Sector
l rS (
AGVs or normal vehicles
rS 1 rS
v_ y

Antenna 75-
9 °
° n
1 1

1 1

A sector antenna is used to cover the whole hall. The vehicles are using a fixed
omnidirectional antenna e.g. to transmit provisioning data or to steer avgs around the hall.
BELDEN
SEN01NG All THE RIGHT SIGNALS
Physical Security
»
*

Store
IT ClosetI
AP using Omni - directional Antenna

- As an example, assume a store wants to add wifi access for in-store use only. It would be
relatively easy to simply choose an omni-directional antenna to ensure store coverage
- If someone has access to the RF signals, i.e. a hacker, they can then start to try to
penetrate the wifi network
- In this case, the parking lot has very good access to the network and would be an easy
target

56
BELDEN
SEN01NG All THE RIGHT SIGNALS
Physical Security
» »

Store IT Closet
AP using Sector Antenna

By choosing a sector style antenna, we can get just as good store coverage, more than
likely better performance, since the sector style antennas typical have a slightly higher gain
than omni-directional antennas, and also eliminate the unnecessary “bleeding” of the RF
signal into unneeded areas. If a hacker would want to try and penetrate the network in this
scenario, they would more than likely need to be in the building.

57
: qlm
SENDING AU IHE RIGHT SIGNALS
Down -tilt angles

10 Meters
m

Each antennas radiation pattern MUST reach the opposing antenna to facilitate
connectivity. If one antenna is at a higher elevation, the antennas must be angled toward
each other

58
BELDEN
SEN01NG All THE RIGHT SIGNALS
Down-tilt angles
**

In this example, using directional anntennas between 2 points the solution is very easy. But
let’s assume a more complex scenario…

59
BELDEN
SEN01NG All THE RIGHT SIGNALS
Down-tilt angles
**

Repeate
Station

Location 1 Location 2

How would we choose antennas for this scenario


- The customer wants connectivity between Locations 1 & 2, but there is an obvious
obstruction in between
- The logical choice would be create a repeater station to work around the obstruction
- What about antenna types? Omni Directional, directional?

60
BELDEN
SENOING All THE RIGHT SIGNALS
Down-tilt angles
**

Repeate
Station

Location 1 Location 2

Let’s assume using Omni-directional. This is usually the first thought as it gives good
coverage, and is usually a novices first “catch all” choice

61
RELC EN Down-tilt angles
SENDING All IKE RIGHT SIGNALS

Repeate
Station

Location 1 Location 2

Let’s assume using Omni-directional. This is usually the first thought as it gives good
coverage, and is usually a novices first “catch all” choice

62
BELDEN
SEN01NG All THE RIGHT SIGNALS
Down-tilt angles
**

Repeate
Station

Location 1 Location 2

The antennas radiation pattern MUST reach in both directions.

63
BELDEN
SEN01NG All THE RIGHT SIGNALS
Down-tilt angles
**

Repeate
Station

Location 1 Location 2

- The most efficient solution would be to use medium to highly directional antennas,
angled to ensure proper connectivity
- Also note, at the repeater station, 2 radios would be needed. Either in a single unit (such
as the BAT54-RAIL), or 2 separate units (2x BAT300-RAIL)
- This design also give better performance. Instead of sharing a single radio connection at
the repeater station with both locations. Locations 1 & 2 now have a dedicated link to
the repeater station so the overall throughput would be much better

64
SENOING AU THE RIGHT SIGNALS

DATA RATES

65
M Wireless Data Rates

•Wireless connections are not just “ On or Off”

•As the Signal to Noise ratio drops, the data rate


decreases

•Must be calculated/tested to ensure enough


throughput for the application

•As the data decreases, the receiver's sensitivity


increases in order to stay connected to a smaller
signal level

66
00
m

D
m

73
0)

03
flJ

<• BB
12 Mbps

18 Mbps

24 Mbps

36 Mbps

48 Mbps

54 Mbps
6 Mbps

9 Mbps

3
cn
>
(/
3.
Q
0)
- As the Signal-Noise (SNR) ratio get lower, the receiver must lower its data rates to
maintain connection
- Each device has different characteristics on the receiver sensitivity. Should be found on
data sheet or technical manual for calculation
- SNR can be effected most commonly by:
- Distance from the transmitter (Free Space Path Loss)
- Background noise levels (interference)
- Environmental objects (attenuation)
67
BELDEN
SCNOtNC AU IHE RISHI SIGNALS
802.11 Data Rates

802.11a 802.11b 802.11 g 802.11n

20MHz 40MHz

6Mbps 1Mbps 6Mbps 15Mbps 30Mbps

9Mbps 2Mbps 9Mbps 30Mbps 60Mbps

12Mbps 5.5Mbps 12Mbps 45Mbps 90Mbps

18Mbps 11Mbps 18Mbps 60Mbps 120Mbps

24Mbps 24Mbps 90Mbps 180Mbps

36Mbps 36Mbps 120Mbps 240Mbps

48Mbps 48Mbps 135Mbps 270Mbps

54Mbps 54Mbps 150Mbps 300Mbps

68
SENOING AU THE RIGHT SIGNALS

RF CHARACTERISTICS

69
RF Fundamentals

pg0l Amplitude Frequency

Gain A (Lambda)
db

Reflection Loss dbi dbm

Wavelength
Attenuation
Fresnel Zone
SNR

Refraction Free Space Path Loss

When designing and troubleshooting RF systems, there are a lot of terms, definitions and
formulas to be aware of. This is just a sample of some of the terms and definitions we will
discuss. Also note that most of these items have an associated mathematical formula as
well.

70
RF Fundamentals - Wavelength

A=clf
A = wavelength

c = speed of light (299,792,458 m/s)


- Wavelength (A )- / = frequency

Wavelength - The distance between two identical points in


adjacent cycles of an RF waveform.

Wavelength is inversely related to frequency

Wavelength is the basis of all RF calculations and theory. With wavelength we can find the
frequency of a waveform, choose proper equipment for an RF system such as cables,
connectors, antennas… we can also calculate theoretical maximum distances and data
rates that will be available in a certain application. With the formula here, we can also find
the wavelength if we know the frequency, as waveform and frequency are inversely but
proportionately related.
Formula:
λ = Lambda
c = Speed of light (because RF signals travel at the speed of light)
f = Frequency

71
RF Fundamentals - Wavelength

Y\ /\ • Wavelength

• Used to calculate:

- Antenna length

-Spatial placement of antennas

- Fresnel Zone

- Free Space Path Loss...

Wavelength is directly used in the design of all RF antennas. Spatial placement is used in
certain applications were there may be certain phenomenon such as reflections for
example. Fresnel Zone is used to determine antenna height in a long distance point to
point application as well as Free Space Path Loss.

72
BELPEN RF Fundamentals - Wavelength

Longer Wavelength

0
1 cycle per second (1Hz)
seconds second

Shorter Wavelength

.
2 cycles per second (2Hz)
seconds s cond

In the first example (Top), we see a signal with a frequency of 1 Hertz. This means that the
RF wave has a cycle period of 1 second or 1 cycle per second.

In the second example (Bottom), we see a signal with a frequency of 2 Hertz. This mean
that this RF wave has a cycle period of ½ a second or 2 cycles per second.

By comparing the two waveforms, we can see the inverse relationship between waveform
and frequency. The 1 Hertz (Top) waveform has a longer waveform than the 2 Hertz
(Bottom) waveform.

73
RF Fundamentals - Frequency

Amplitude

/=c/A
A = wavelength

c = speed of light (299,792,458 m/s)

/ = frequency

Frequency is how many cycles or waves per second

Frequency is inversely related to wavelength

Frequency is a measure of cycles per second. As an example, a 2.4GHz waveform


(commonly used in 802.11 wireless networks) completes 2.4 Billion cycles per second.

74
M RF Fundamentals - Amplitude

•Amplitude

• Independent of frequency and/or wavelength

• Strength of an RF waveform

• Greater or Higher amplitude means longer distances

• Measured as Watts or decibels in RF communications

If we compare RF waveforms to sound waves, Amplitude would be the “Loudness” of the


waveform. Just like sound waves, the amplitude or “loudness” effects the distance the RF
waveform can effectively travel.

75
BELPEN RF Fundamentals - Amplitude

Higher
Amplitude

Original
Amplitude

Lower
Amplitude

As you can see in the above examples, all three waveforms have the same wavelength and
frequency, but they all three have different amplitudes. Because of this they would all have
different effective distances they could be transmitted.

76
N RF Fundamentals - Phase

•Phase

• Phase is relative only to time in an RF waveform

• Can be effected or altered by outside interference ( such


as an RF waveform traveling through different materials
such as walls, windows, water... )

• Independent of amplitude or frequency

• Very important to consider in RF communications

77
RF Fundamentals - Phase

Original
Waveform Average
Signal

Inverted
Waveform

-2+2=0

Two waveforms 180° apart (Inverted) have cancelling effects.

In the above example, we have two waveforms of identical frequency and amplitude. The
Inverted (lower) waveform is inverted or known as 180 degrees out of phase in relation to
the original (Top) signal. Because of this Phase difference, if the two signals were both
received by an RF device, the two would have cancelling effects on each other. In the right
example of the two superimposed on top of one another, the effective combined
waveform of the two would be no waveform at all. Just like adding a positive and negative
of the same number. The sum would be zero.

78
RF Fundamentals - Phase

Because of RF reflections, we have to be


careful of Phase in a wireless system

/X

II
i\
r

In RF communications, there is a phenomenon known as reflection, which will be covered


in greater detail later on in the course. Because of this phenomenon, in certain applications
this can be a huge factor in effective RF communications. Especially in enclosed areas with
highly reflective materials, such as metal walls or shelving of a warehouse.

79
N RF Fundamentals - Free Space Path Loss

•Free Space Path Loss

• Reduction of power (amplitude) due to the natural


expansion of the RF waveform through the air

• As an RF waveform is transmitted through the air, the


farther it gets from it’s point of origin, the wider the
waveform becomes.

• Because of this natural spreading, the waveforms


amplitude becomes smaller and smaller

Free Space Path loss can be compared to dropping an object into a standing pool of water.
It causes ripples of water to go out in all directions away from the point where the object
entered the water. As the waves travel outwards, they become smaller and smaller, losing
amplitude (or height).

80
• Free Space Path Loss

• Formula:

(2,4GHz) FSPL (dB) = 100 + 20 Log (D) DISTANCE

(5GHz) FSPL (dB) = 105 + 20 Log (D)

D = distance in Kilometers

5GHz
4 kilometers

I
117 (db) = 105 + 20 Log (4)

To figure out the free space path loss, we use one of the formulas above.
Note that D = distance in Kilometers, so…
Once we know the frequency, distance and calculate the Free Space Path Loss, we can start
to figure out what or link budget is and what antenna gain or amplification will be needed
for our RF link.
It is a good idea to add a factor of 10 to the Free Space Path loss. While this seems
excessive, tolerances in radio hardware, losses due to math rounding and even weather
make this reserve a good idea.

81
M RF Fundamentals - Gain

•RF Gain

• Increase in the signal level (Amplitude) or a


concentration of a signal

• Passive or Active

• Intentional or Unintentional

82
RF Fundamentals - Gain

Active Gain

• Active gain is achieved by placing an amplifier in the RF


line to increase the Amplitude of the original signal

• Must be careful not to exceed FCC power requirements

100mW
Signal
\37
f
1 Watt
Signal
T 7
\j —
, J
A
''

Access
Point
RF
Amplifier
'
A
^
"
Antenna

Active gain can be compared to sound waves going through a megaphone. The waves of
sound from your voice get amplified and retransmitted through the air with a greater
amplitude than the original waveform.

83
RF Fundamentals - Gain

Passive Gain

• Passive gain is not an increase in signal Amplitude, but


rather concentrating a signal in a desired direction

• Intentional ( Directional antennas); Unintentional


( Reflections from objects such as metal walls)

Directional
Antei na

Omni-Directional
Antenna

Passive gain is comparable to cupping you hands around your mouth. The sound is not
louder and the amplitude is not greater, but appears to be because the sounds waves are
concentrated in a desired direction. In RF communication this could be caused
unintentionally by objects such as walls. If an antenna was inadvertently mounted too close
to a metal studded wall, this could cause unintentional passive gain.

84
RF Fundamentals - Loss

> Loss

Intentional or Unintentional reduction of an RF signal


amplitude

Intentional Loss is used to stay within regulatory (FCC)


output perimeters

\ / ~\ /X i
1 Watt \ / 1/2 Watt \ _/ ^
Sign3 tVy
' Si9nal A 3dbi

_
Access
..
Point
RF
.
Attenuator
^ ^Antenna
"
Antenna

The FCC states that maximum output of an intended radiator (antenna) is 1 Watt. As we
will see later on, a gain of 3db doubles the output power. In this example, we already have
a 1 Watt signal being transmitted into a 3db antenna, so we must cut the power in half to
stay within FCC regulations. We can do this with an attenuator. Note also that most modern
802.11 radios have settings to reduce output power as well so an external attenuator may
not be necessary.

85
RF Fundamentals - Loss

• Unintentional loss cannot be avoided

• By using properly planned and matching


equipment it can and should be kept to a minimum
(Using all 50ohm cables and connectors, low loss
or ultra low loss cables ... )
100mW 50mW Signal
> Signal attenuated by

Point Antenna

Losses introduced through connectors and cabling must be calculated into the overall link
budget also. If using longer RF cabling, ultra low loss cable could be considered to help
reduce unwanted losses. More about choosing the correct cables later on in this course.

86
RF Fundamentals - Reflection

Reflection

• The bouncing of an RF wave off of a smooth non-


absorptive surface.

• Changes the angle the RF wave travels

• Can lead to other RF phenomena such as multipath or


gain (unintentional)

Incoming Reflected
RF Wave RF Wave

Reflection is very easily explained in the analogy of looking into a mirror. If you look at the
mirror at an angle, you do not see yourself, but whatever is located at the same angle in
the opposite direction.

87
RF Fundamentals - Scattering

•Scattering

• Scattering happens when an RF waveform strikes an


uneven surface. The result is the waveform gets divided
into many smaller RF waveforms.

• Can be thought of as multiple reflections happening in a


small area.

Scattering is nothing more than multiple reflections. These reflections typically happen in a
small area causing the original waveform to be divided into many smaller waveforms, but
can also be reflected at different angles from the original waveform. Scattering can cause
dead areas in an RF coverage area.

88
N RF Fundamentals - Absorption

• Absorption

• Absorption happens when an object cannot reflect RF


waveforms but rather turns the RF energy into some
amount of heat energy

• Mostly occurs with organic objects

• An object can absorb some of the energy, while allowing


the rest to pass through.

• Results in a lower amplitude waveform than the original

Absorption is most commonly used and seen in microwave ovens. When an object is
heated in a microwave oven, the water particles present in the object absorb the RF
radiation. Because of this absorption, the object becomes heated, thus allowing us to cook
foods with RF waves. Because of the much lower power outputs used in RF
communication, this phenomenon happens on a much smaller scale.

89
Ilk®

RF MATH AND
MEASUREMENTS

90
Units of Measure - Watt

• Watt

• Basic unit of power measurement

• 1 Watt = 1 volt at 1 amp

• In RF is used to measure the strength of an RF


waveform

P=IxE
- P = Power in Watts
- I = current in Amps
- E = Voltage

The Watt is named after an 18th century Scottish inventor, James Watt. If either, or both the
volts or amps increase, so does the watts. Most commonly used to measure the output of
a light bulb. A typical household light bulb puts out 60 watts at 120vac. Knowing the Watts
(60) and the Voltage (120v) we know that the light bulb draws .5 amps.

Explain “PIE” Pyramid

91
M Units of Measure - Milliwatt

•Milliwatt

• 1/1000 of a Watt (.001watts)

• Most common unit of measure for an RF radio system

• Abbreviated as mW

In an RF radio system, only small amounts of power are typically required. Because of this,
the RF waves are typically measured in milliwatts, or thousandths of a watt.

92
M Units of Measure - Decibel (db)

• Decibel (db)

• 1/10 of a Bel

• A unit-less, logarithmic representation used to express


the ratio between two measurements of the same unit

• Usually written with a suffix to imply the reference


measurement unit (dbm, dbi, dbv... )

• Used to express very large ratios as a simple number

93
BELPEN Units of Measure - Decibel (db)

• Decibel

• Rule of 10 ’s and 3’s

- A gain of 3db doubles the output power


- A loss of 3db halves the output power
- A gain of 10db magnifies the output power by 10
- A loss of 10db is 1/10th the output power

• Example:
100mW output power from an Access Point
3db cable loss
10db gain antenna
100mw - 3db + 10db = 500mW

The rule of 10’s and 3’s is a very quick an efficient method of finding the output power of
an RF system.

As you can see, a gain of 3db double’s the output power. A loss or reduction by 3db cuts
the power output in half.

For the rule of 10’s, a gain of 10db multiplies the output power by a factor of 10. A
reduction of 10db would be 1/10th of the output power.

94
BELPEN Units of Measure - Decibel (db)

• Rule of 10’s and 3’s

dB Equation in 10's and 3's

1 + 10 - 3 - 3 - 3
2 + 3 + 3 + 3 + 3 - 10
3 +3
4 + 10 - 3 - 3
5 + 3 + 3 + 3 + 3 + 3 - 10
6 +3+3
7 + 10 -3
8 + 1 0 + 1 0 - 3 -3 - 3 - 3
9 +3+3+3
10 + 10

By using these equations of 10’s and 3’s, we can find the output power of a system without
using any complex physics equations. Give example…

95
BELDEN
SENDING All IKE RIGHT SIGNALS
Units of Measure - dbm

dbm mW dbm

Represent a measurement of power 1 0.0


in relation to milliwatts

10 10.00
Used for link budget calculations

Formula: 20 13.01
dbm = 10log10(Pmw)
30 14.77

40 16.02

50 16.99

100 20.00

96
M Units of Measure - dbi

•dbi

• Decibels as compared to an isotropic radiator (antenna).

• dbi is used to express the power gain of an antenna

• Isotropic radiator is an ideal, theoretical antenna that


radiates the same power in all directions equally.

• (More on Isotropic in a later section)

97
N Units of Measure - SNR

•SNR

• Signal - to - Noise Ratio

• Power level of the RF signal as measured against any


RF “ noise” that may be in the area

• Used to determine the “ usable” amount of RF signal in a


given area

• Also used to determine link budgets

Imagine having a conversation in a room full of people. If no one else is talking, your can
converse very easily. As the people in the room begin talking, your conversation starts to
drown out. Because of this, to have your conversation be as loud or effective, you must talk
louder over the background noise.

98
I
m
m SNR - General Figures

30db + Very Good


25 - 30dB Good
20 - 25dB Decent
15 - 20dB Adequate
10 - 15dB Poor
10dB or less No signal

SNR = 10log10 (Psignal/Pnoise)

99
M Units of Measure - Receive Sensitivity

• Receive Sensitivity

• Minimum amount of power that the receiver circuitry


can effectively discern

• Used to calculate link budgets

• Listed as dbm

• Proportional to data rate (lower sensitivity = lower data


rates)

Receive sensitivity is basically how well the receiver can “Listen” for an RF signal. This
determines how far the link can be carried, and at what data rates the link will be at. As
distance increases, the receiver must increase its sensitivity to be able to listen closer,
because of this, when sensitivity is increased, data rate is typically lowered when this
happens. Most RF equipment has a chart listing the sensitivity for the specified data rates
to help in link budget calculations.

100
BELDEN
SCNOtNC AU IHE RISHI SIGNALS
Units of Measure - Fresnel Zone

• Fresnel Zone

• A calculated zone of RF between 2 RF devices

• Pointed Ellipsoid Shaped (Football-Shaped)

• Used to determine area of interference and/or “ RF Line


of Site”

• Help determine the required height of the antennas


between 2 RF devices

101
BELDEN
SENDING All IKE RIGHT SIGNALS
Units of Measure - Fresnel Zone

• Formula:

R = 0.5 x V( A x d)

R = Radius of Fresnel Zone


A = Wavelength of signal in meters
d = Distance between RF transceivers in meters

R = 0.5 x V (.05 x 4000)


R = 7 meters

- 4km -
5GHz

Radius of Fresnel Zone


(

Since the radius of the Fresnel Zone in this example is 7 meters, our antennas would need
to be located at least 7 meters above the highest obstruction in the RF path. This ensures
there will be no interference from reflections and diffractions.

5GHz Wavelength = .05


2.4GHz wavelength = .125

102
: dI>1: Units of Measure - Fresnel Zone
M

Fresnel Zone

• Some RF links can go relatively long distances

• Because of this, the curvature of the earth must also be


considered in links greater than 2km.

- 4km -
5GHz

Radius of Fresnel Zone


i —
.
Earth Curvature

103
BELPEN
SENDING All IKE RIGHT SIGNALS
Units of Measure - Fresnel Zone

• Formula:

E = d2 x 0.0147

E = Curvature of the Earth


d - distance in kilometers

E = 42 x 0.0147
E = 0.24
- 4km —
5GHz

Radius of Fresnel Zone



n^

Earth Curvature

We find that the average earth curvature is almost 1/4 meter. We must add this to the
Fresnel Zone calculation for our overall mast height.

104
Units of Measure - Fresnel Zone

Mast Height

• Mast Height will now be calculated using the radius of


the Fresnel Zone, Earth Curvature, safety factor and
height of tallest obstruction

Mast Height = R+E+S+O 7 + 24 + 1 + 0 = 8.24


R = Fresnel Zone
E = Earth Curvature
S = safety Factor (typically 1 meter)
O = Height of obstruction (ifan

^
5 GHz

Radius of Fresnel Zone

Earth Curvature

105
l|Li|N Link Budget Calculations

• Link Budget

• When looking at an RF Application, the link budget must


be calculated to find :

- Antenna gain needed

- Access Point attenuation (if needed)

- Cable type to use

- Available Data Rates

Link Budget planning is an integral part of designing a point to point RF system. Along with
link budget planning, you will use most of the fundamental units and formulas that have
been covered so far.

106
M Link Budget Calculations

•Link Budget

• To begin a link budget calculation for an application,


several pieces of information are needed.

• Distance of Point-to-Point link

• Mounting criteria for access points and antennas

• Cable type to be used

• Attenuation factors of each piece of equipment between


access point output and antenna input

Before we begin a link budget calculation, we have to have an idea of how much cable will
need to be used between the access point and antenna, attenuation factors of the cable,
surge arrestors and other devices in the hard-wired link. As well as a data sheet for the
access point listing the receive sensitivity for the various available data rates and the
output powers available for the available channels/frequencies.

It is recommended to do a link budget calculation before purchasing any equipment for the
application, as there are quite a few variables that can effect the performance and
reliability of the RF link.

107
SENOING AU THE RIGHT SIGNALS

TOPOLOGIES/ USES

108
Topologies

Stand alone Access point

Used to gain wireless access to a device or devices

In industrial applications, most commonly for


programming /maintenance use

t;
mo

This would also be an example of a BSS (Basic Service Set)

109
mmm Topologies ( roaming clients , AGV’s,
forklifts...)

M— — (Siy

<em
^
< l

This example depicts the use of an ESS (Extended Service Set).


- By using multiple access points connected to a wired backbone, the forklift is able to
seamlessly roam between all the access points
- Allows bigger area coverage using multiple access points
- Constant connectivity to the client(s)
- In this model, the AP’s would be considered “thick” AP’s, meaning each one gets
configured individually to be a part of the ESS

110
mmm Topologies (roaming clients , AGV ’s,
forklifts...)

^^ Tr
77
7 Lu
(?

4 pi) pi) ii

jfd» .
4
^ ^
(i
ii

Here we’ve added a WLC (Wireless LAN Controller)


- Still forms an ESS
- AP’s would be considered “thin” AP’s, meaning only the controller gets configured
- Controller hands out configs as the AP’s are added to the network (manually or
automatically, depending on the controller config)
- Eases administration
- If an AP’s gets replaced or added, the WLC hands out a new config and no need to touch
anything else
- If an AP gets stolen, the config is lost and no information about the network can be
gathered
- Centralized management, error logs…

111
N Multiple SSID’s

•Some Access Points support the use of Multiple


SSID’s per radio

• Allows for the use of different encryption types per SSID


(possibly to support legacy equipment)

• Each SSID can be configured with a maximum data rate


- Aids in the allocation of bandwidth per clients

• May also be used in conjunction with VLAN’s (if


equipment supports it.)

112
m L. Multiple SSID’s
SENDING All THE HIGH! SIGNALS

Multiple SSID’s
SSID: Production SSID: Public
Frequency: 2.4GHz Frequency: 2.4GHz
Channel: 1 Channel: 1
Encryption: WPA/AES Encryption: WPA/AES
Encryption key: Encryption key:
supersecure kindofeasytoremember

MCC
SSID: Accounting
( Master )
SSID: Engineering
Frequency: 2.4GHz
Frequency: 2.4GHz
Channel: 1
Channel: 1
Encryption: WPA/AES
Encryption: WPA/AES
Encryption key:
Encryption key:
acavemancouldrememberit
i: supercrypticandrandom

113
SENDING All THE BIGHt SIGNALS
Multiple SSID’s

W* BAT 54 -Rail Dual Band Client with backgroun. .. ? X

Corrt xe: Herfaces »


Logical WLAN settings WLAN interface 1 Net. .. ? X
LAN
^
| WAN | Modem VLAN Span Tree |
Network Transmoswn
VLAN settngs
Packet size i1.550 byte
»\ Please note! -
IP LAN 1: Ethernet 1(No)
Mrmun transmt rate These settngs are only usefd in a VLAN network
You shotid only change them i you are aware of the ^ LAN - 2. Ethernet 2 (oj
Noy) -
Maxxmxn transmt rate Auto r consequences of these changes t is easdy possfcle to T" WLAN - 1: Wreless LAN l - Network 1(No)
lock yourself out of tho router here As a resul. the device y WIAN-2' Wreless LAN 2 Network 1 (No)
Broadcast rate |2 «S/J may only be accessMe after resettng
'T P2P - 1- 1: Pont -to -Pomt 1 •1 (No)
|2.3«7
RTS threshold byte VLAN modde enabled -- -
y py i fc Pont -to Pont 1•2 (No)
I- Use long preamble for 802 11b This table holds the defntion of al VLANs used --
" jr P2P 1 3: Pont-to -Pont 1 •3 (No)

Network table -- - -
IT P2P 1 4: Pont to Pont 1 4 (No)
1r P2P -1 S: Pont -to -Pont 1 •S (No)
-
This table holds VLAN -related configuration <ems for every port y P2P -1-6: Pont -to -Pont 1 - 6 (No)
OK Cancel the device has y P2P -2-1: Pont -to -Pont 2 1(No)
Port table r y P2P -2-2:Pont -to-Pont 2 2 (No)
T -- - -
P2P 2 3: Pont to Pont 2 3 (No)
VLANtaggng mode 8100
--
T P2P - 2 4: Pont -to -Pont 2 •4 (No)
-
T P2P -2 S: Pont -to Pont 2 •5 (No)
- - - -
'S~ P2P - 2 6: Pont to Pont 2 8 (No)
ft Network 2 (No)
WPA or Private WEP settings
Network 3 (No)
Interface Encryption Method / Key 1 Key 1/passphrase WPA session key type WPA version Authentication DefaJt key dent EAP m < > CK Network 4 (No)
Network 5 (No)
--
Wreless LAN 2 Network 1
Wreless LAN 1 Network 2
Activated
Activated
WEP 128 (104 bit)
WEP128 (104 bit)
0x 149827654381286583492736402 TKIP /AES
L008063FCF 350 TKIP /AES
WPAl
WPA1
Open system
Open system
Key 1
Key 1
US
TLS
Cancel Network 6 (No)
Wreless LAN 1- Network 3 Activated WEP128 (104 bit) L008063FCF 350 TKIP /AfS WPA 1 Open system Key 1 TLS Network 7 (No)
Wreless LAN 1 - Network 4 Activated WEP128 (104 bit) L008063FCF 35D TKIP /AES WPA1 Open system Key 1 US Network 8 (No)

l< I
-
Wreless LAN 1 Network S Activated WEP128 (104 bit) L008063FCE 35D TKIP /AES WPAl Open system Key 1 TLS
>
iv
Network 2 (No)
Network 3 (No)
Edit ... Network 4 (No)
Networks (No)
'i~ WLAN-2-6: Wreless LAN 2 - Network 6 (No)
T" WLAN- 2 -7: Wreless LAN 2 •Network 7 (No)
'3“ WLAN -2 -8: Wreless LAN 2 - Network 8 (No)

These functions can be used to spread or allocate bandwidth to certain devices, limit
access to certain resources and safely provide support for legacy devices (WEP).

114
m L. Multiple SSID’s and VLAN’s
SENDING All THE HIGH! SIGNALS

Multiple SSID’s with VLAN tagging per SSID


SSID: Production SSID: Public
Frequency: 2.4GHz Frequency: 2.4GHz
Channel: 1 Channel: 1
Encryption: WEP128 Encryption: WPA/AES
Encryption key: SI Encryption key:
notsecureatall Kindofeasytoremember
VLAN100 VLAN50

•»

SSID: Accounting
SSID: Engineering
Frequency: 2.4GHz
Frequency: 2.4GHz
Channel: 1
Channel: 1
Encryption: WPA/AES o tD
Encryption key: ' Encryption: WPA/AES
Encryption key:
acavemancouldrememberit
VLAN3900 C supercrypticandrandom
VLAN200

115
BELDEN Topologies

Dual Band P2P connections using Spanning Tree for


redundancy

5GHz

LANA LAN B
B

116
Topologies

Point to Multi-Point Topology


1 1
r
1
Slave

\
Slave

L *
z
Slave
4r
Slave

Here is an example of a Point to Multipoint topology


- Commonly used as a wireless backbone
- Stationary building to building, or site to site connectivity

117
BELPEN
SENOING AU THE RIGHT SIGNALS
Topoloqies
U
I

Point to Multi-Point Topology

54 Slave
Master

Maste

Slave
Video Server

- One design requirement is bandwidth planning


- In a high bandwidth application (such as hi-def video), in a point to multipoint
application such as this example, muiltiple units sharing the same master radio may
over be too much bandwidth for a single radio.
- Using a dual radio unit as the master and dividing the slave’s amongst these dual radios
may be must more feasible, reliable and will provide better performance

118
BEIXEN
StNCUNG AU IHE BtGHl SIGNALS
Topologies

Slave Slave

Master | Master |

Master
/ 4

%
> \
Slave
i
%* T *1
|
M

Slave
r »|
[

Hybrid Point to (Multi)point used to create a redundant static mesh network.

119
Topologies

2 Point to Point connections ( WDS - Wireless Distribution System)

5GHz Backbone

4 H
r
Wireless
Repeater
/

Remote Remote

fl
LAN
PLC PLC

120
SENOING AU THE RIGHT SIGNALS

SECURITY

121
BELDEN
SENDING AU THE RIGHT SIGNALS
Security
»

MB

Security features:

* Access-control list
Closed network
WEP
802.1x / EAP
802.11
IPSec
WPA /TKIP
^3
802.11i/AES ( WPA2 )
LEPS

WAN

DSL mode LAN Firewall with intrusion


detection, Denial-of-
Service protection, port
and protocol filters

122
JEN ACL

• ACL - Access Control List

• Access to the wireless LAN only for "approved"


wireless LAN clients.

• Maintenance of a MAC address list in the access


point.

• Maintenance of a MAC address list by RADIUS .

123
N Closed network

• No active communication of the SSID (wireless


LAN network name) by the access point

• Wireless LAN cannot be "found", e.g. by


"Windows zero configuration"

• No access possible with "ANY" SSID

124
M Weaknesses of ACL and closed network

• Neither ACL nor closed networks are a 100%


solution for access control.

• The 802.11 protocol definition calls for both MAC


addresses as well as the ESSID to be
transferred unencrypted in data and
management frames over the air.

• Special wireless LAN sniffer programs can be


used to spy out the information which are
included in every WLAN packet. This information
can then be faked to the client stations.

125
WEP (wired equivalent privacy)

• IEEE 802.11b describes WEP64 (40 bits).

• However, most wireless LAN adapters also


support WEP128 (104 bits) and some WEP152
(128 bits).

• Symmetric encryption method with static PSK


(pre-shared key).

• Encryption using an RC4 algorithm.

126
Structure of WEP encryption

-Data as clear text-


Message IVC

XOR

Key stream = RC4 (IV/WEP key)

IV encrypted data

Data packet that is to be


transmitted

127
N Weaknesses of WEP

• WEP is vulnerable to certain kinds of passive


attacks based on "known plain text" and
"dictionaries".

• Initial Vector (IV) too short.

• With WEP there is a large number of weak keys


due to a short IV.

• WEP does not include any key management;


key allocation occurs manually and all stations
use the same key.

128
: dI>1: 802.1x / EAP
M

RADIUS => Remote Authentication Dial In User


Service
• Authentication
• Authorization
• Accounting

Often called AAA Service

Defined in RFC 2856

Communication over UDP port 1812 (standard)

129
N 802.1 x / EAP

• There is no fixed key stored on the client.

• The client must authenticate to a RADIUS server


(TLS or TTLS).

• Dynamic negotiation of the key using EAP


(extensible authentication protocol)

• Regular key change via the EAP tunnel. -> No IV


collisions (key repetition)

130
IEEE 802.1x/EAP with WEP / WPA /IEEE
802.11i fWPA 9) r * —

Authenticator Encryption using WEP


/ WPA / IEEE 802.11i

Authentication o
EAP-over-LAN
using •4 (EAPOL) 4
RADIUS, Supplicant
802.1x / EAP
•* ** •*

131
BELDEN
SENDING All IKE RIGHT SIGNALS
IEEE 802.1x/EAP with WEP

Client RADIUS-Seiver

5> )

WLAN login

EAP/802. Ixjchallange
- — M

; message master secret ;

session-key

normal) data- transmission


naMdal

new session-key

normal data- transmission


^

132
m L. Structure of IEEE 802.1x /EAP check
SENDING All THE BIGHt SIGNALS

r* li;-3a

'
A

V EAPoL- TLS
4: Oient
Certificate

WEPikey rollever

802 1x Acce&k Point

*
' LAN Switch
EAPcver RADIUS"
33?

tr- ^KJ
m1 If
' III
' Servers & Printers
Certification RADIUS
Authority Authenticator Server
(user database)
Server
Certificate

133
WM IEEE 802.1x/EAP security

• Based on known issues with the WEP encryption


the usage even with 802.1x is not
recommended.

• Offers the best authentication method for wired


and wireless network at the moment

• Multilevel certificates are possible

134
Nj IEEE 802.1x/EAP methods

• EAP and IEEE 802.1x provide the framework for


authentication.
• Actual verification of user and station identity is
determined by the EAP method.
• The most important methods use either digital
certificates or passwords for this.

EAP method Supplicant Authenticator Authentication server


EAP TLS Certificate ' Server certificate
Interface to certification
authority
EAP TTLS Password ' Server certificate
Interface to certification
authority, user database
EAP MD5 Password - User database

135
BELDEN
SSNOtNG AU THE BIGHT SIGNALS
Integrated Radius server 802.1x

When a BAT access


point is configured as a
Configure: |RADIUS Serve
General | Forwardng | EAP
.
J Neu Hirschmann LANconfig (Configuration.Icf
BQ
| Options |

RADIUS server it can i RADIUS service


Authentication port: fo
provide its own Accounting port [0

information on Accounting nterim interval |0 seconds

RADSEC service
authorized users to RADSEC port fo
other access points. RADIUS/RADSEC dents
The data ot the cfcents which shal be communeate with the
server can be entered at the folowng table

Clients |
I User database
The data ot the users which shal be authenticated by the
server can be entered at the folowng table

User table ... I


The server wi check authentication requests aganst the
folowng tables

Use the WLAN station table on MAC address requests

h HWSCHMANN OK | Abbrechen

136
BELDEN
StNOMCAUlHEBtSHTSICNAlS
Integrated Radius server access control list
**

C? Neu Hirschniann LANconfig (Configuration Icf .


When a BAT access Configure: |Wieless LAN
point is configured as a 3ene>el | Security Stations | 80211VWEP | IEEE 802 IX | WLC |

RADIUS server it can Filter stations


Data traffic between the wireless LAN and your local network

provide its own can be restricted as requred by excluding individual stations, or


ordy enabing specified stations

Fler function
information on C Hter out data from the Isted stations, transfer al other data
(
• transfer data from the listed stations, authenticate al other
authorized users to data via RADIUS or Nter it out

..
Stations. I
other access points.
Authentication via RADIUS
Server IP address: |141 1 1.1
Server port: |l.812
Shared secret: r
Source IP address: ||NTRANET 3
Backup server IP address: 1192168 2001
Backup server port: M.812
Backup server secret: r
Source IP address: |DMZ

h MinSCMMAHN | OK | Abbrechen |

137
IPsec over wireless LAN

• Encrypting wireless LAN communications with


VPN IPsec technology.

• Use of secure encryption algorithms such as


AES, blowfish or 3DES.

• IPsec is a "tried and tested", secure technology.


• Higher configuration overhead.
• Requires high performance from devices.
• Eagle VPN products could be used
• VPN performance of the BAT device will be to
slow for a WLAN encryption

138
WPA (WiFi protected access)

• Specification of WPA by WiFi Alliance

• TKIP and MIC ("Michael") encryption methods as


alternative to WEP

• Standardized handshake procedure between


client and access point in order to
determine/transfer session key (without RADIUS
server)

139
BELCEN TKIP ( temporary key integrity protocol)

• TKIP is a "transitional solution" on existing WEP /RC4 hardware

• Encryption algorithm with RC4 without the disadvantages of WEP

• Significantly larger address space of IV (now 48 bits)

• Integrity checking of data packets ("Michael")

• Individual key between client and AP

• TKIP is not standardized for the IEEE 802.11n based products


• WEP, WPA and IEEE802.11i with RC4 / TKIP based encryption may not
work anymore.
• All BAT products based on the HiLCOS supporting AES encryption
methods

140
IEEE 802.11i (WPA 2 )

• The new wireless LAN security standard

• WPA is parent standard of 802.11i

• WPA 2 is the implementation of the widely


stipulated IEEE 802.11i standard

• AES-CCM encryption method

• Encryption and integrity checking with AES

• According to IEEE 802.11i AES must be


supported, TKIP is optional

WPA2 and IEEE802.11i differ. WPA2 was invented again from the WiFi alliance after
the IEEE 802.11i standard was ratified. The HiLCOS based devices support both
authentication methods

141
IEEE 802.11i (WPA 2 )

• AES-CCM should be implemented in hardware


although a software implementation is possible
(with performance loss)

• Authentication of the client to the access point

• Individual key between every client and AP

• AES complies with the Federal Information


Standard 140-2

142
Nj WPA - IEEE 802.11i ( WPA 2)

IEEE 802.11i
WPA version WPA
(WPA 2)
Authentication PSK PSK
Personal
mode Encryption TKIP/ MIC AES-CCMP

802.1x/
Authentication 802.1x/ EAP
Enterprise EAP
mode
Encryption TKIP/ MIC AES-CCMP

143
BELDEN
SENDING All IKE RIGHT SIGNALS
IEEE 802.11i - client to AP

Authentication process:
• Encrypted exchange of
PSK
Pre-Shared
Key.: ******* • Establishment of
encrypted connection

• AES hardware
Pre-Shared / \ Pre-Shared encryption (128bit)
******* \ *******

• Each connection
receives a session key
ID ?
and is thus secure
Pre-Shared
| 0y .
*******
^ ;»
LAN /
Internet

144
Nj IEEE 802.11i - client to AP

Authentication process:
• Encrypted exchange of
PSK
• Establishment of
encrypted connection
• AES hardware encryption
(128bit)
• Each connection receives
a session key and is thus
riDOK?) secure


I
L ^jFgjsessionjSgyX,^^
i rZ )
C Internet
^

^ 0.34 6/8/2014 145

145
M Security in a wireless LAN

WEP WPA 802.11i


Encryption Uses 'soft ' keys. Better encryption with Security equivalent
Can be cracked TKIP and MIC. to VPN with AES.
with tools in a very Theoretically very
short time . long time between
key repetition.
Algorithm 40bit/104bit/128bit 128bit RC4 (TKIP) 128bitAES
RC4
Manual key Automatic key Automatic key
distribution, man- calculation due to calculation, AES in
in-the-middle keyphrase. hardware.
attacks possible
Authentication Key initially Encrypted key Encrypted key
transferred in plain exchange exchange
text over the link.

146
Nj Migration from WEP to IEEE 802.11i

• Converting an operational wireless LAN


infrastructure to the new 802.11i security
standard.
• What about
• 802.11b client adapters
• PDA without WPA support
• MDE devices (e. g. barcode scanners)
• .. . ?

• Solution: Wireless LAN with multiple SSIDs

147
BELDEN
SENDING AU 1HE RIGHT SIGNALS
Migration
^
from WEP to IEEE 802.11i

Up to 8 SSIDs per wireless LAN interface are possible. This infrastructure can be
facilitated by VLAN tagging in order to assign user groups to the appropriate
security level.
WEP128 security,
to connect as
many
clients as ^ 3
/ ,

possible./ **

*
Maximum security
through 802.11i / AES

< Sy
SP' in
WPA / TKIP acceptable Open network will
security with high encryption.
performance for clients
without AES support.

Bild ersetzten

148
Questions?

149