Wireless Local Area Network Design Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

802.11n wireless technology delivers throughput and coverage that will cause a seismic shift in enterprise use of wireless LANs. Where the "a," "b" and "g" versions of 802.11 supported casual PC connectivity or niche uses in a few industries, 802.11n will make wireless access to business-critical applications an everyday reality. 802.11n also cracks open use of Voice over Wireless LANs (VoWLAN) and wireless streaming media.

The 802.11n standard, as presently drafted, specifies data rates as high as 600 Mbps though Wi-Fi certified data rates will be less.. This means that the installed base of Cat 5/5e copper could obstruct 802.11n connections ("Official IEEE 802.11 working group project timelines". Sept. 19, 2009. http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm. Retrieved 2009-10-09. As 802.11n approaches widespread adoption, anyone who installs tests or troubleshoots a wireless LAN should be aware of its effect on the wired infrastructure. At a broad level, the purpose of this exercise is to provide flexible wireless connectivity throughout the FTL for a wide range of end systems.The WLAN should be upgradeable to cater for more users, wider geographical coverage, higher traffic loads and developing technology. The WLAN should also be resilient, secure and cost effective. Appropriate management and support facilities will also be required.

As mentioned above, the IEEE 802.11n standard stipulates a top data rate of 600 Mbps. No one expects that speed, but some vendors are claim data rates up to 300 Mbps. More skeptical observers opine that 100 Mbps is a more reasonable expectation for the maximum data rate and that average rates will be less. The reason is that many 802.11n networks will use the 2.4 GHz band for 802.11b/g compatibility. When this is the case the 802.11n Access Point downshifts to slower data rates that are compatible with legacy wireless clients (IEEE 802.11n-2009-Amendment 5: Enhancements for Higher Throughput. IEEE-SA. 29 October 2009. doi:10.1109/IEEESTD.2009.5307322).

Access Point vendors will make 802.11n speed the topic of specmanship for months to come. The cabling installer can remain detached from this debate and assume 100 Mbps to 200 Mbps is the boundary. The pertinent question for the cabling installer is, "What is the maximum data rate between the Access Point and the Ethernet switch?"

Wireless LANs are shared media. As such, only one wireless device may transmit at a time. The Ethernet link to an Access Point is a full duplex media, though, making its maximum data rate two times the maximum wireless data rate. Example: if the Wi-Fi 80211.n maximum date rate is 100 Mbps, the aggregate data rate on the cable will be twice that or 200 Mbps. If an 802.11n network achieves a maximum data rate of 200 Mbps then the aggregate rate on the cable would be twice that or 400 Mbps shown in Table 1.

The Cisco® Aironet® 1140 Series Access Point is a business-ready, 802.11n access point designed for simple deployment and energy efficiency. The high-performance platform, which offers at least six times the throughput of existing 802.11a/g networks, prepares the business for the next wave of mobile devices and applications (http://standards.ieee.org/announcements/ieee802.11n_2009amendment_ratified.html).

1.5 CAT 5E Installation Price List For FLT Company:

These prices are intended to enable you to accurately calculate the cost of a basic CAT5e network installation (Wi-Fi CERTIFIED n: Longer-Range, Faster-Throughput, Multimedia-Grade Wi-Fi® Networks" (registration required). Wi-Fi Alliance. September 2009. http://www.wi-fi.org/register.php?file=wp_Wi-Fi_CERTIFIED_n_Industry.pdf). The price of network points include all labour and materials including cable, face plates, back boxes and RJ45 modules. Trunking is charged separately (see below).


PRICE BAND A: 1-6 network points Single point £87.00 Double point £130.00

PRICE BAND B: 7-12 network points Single point £78.00 Double point £111.00

PRICE BAND C: 13 - 24 network points Single point £57.00 Double point £86.00

PRICE BAND D: 25 - 48 network points Per point £46.00

PRICE BAND E: 49+ network points Per point £42.00

Patch Panels

24Port 1U Standard Patch Panel: £49.00

48Port 2U Standard Patch Panel: £87.00

Wall cabinets

7U Wallbox (400mm Depth): £125.00

9U Wallbox (400mm Depth): £159.00

12U Wallbox (400mm Depth): £187.00

Mini Trunking

16mmx16mm (accommodates up to 4 network cables) £1.40 per metre

16mmx25mm (accommodates up to 6 network cables) £1.90 per metre

16mmx38mm(accommodates up to 10 network cables) £2.20 per metre

38mmx38mm (accommodates up to 20 network cables) £3.90 per metre

Dado Trunking

Mita Consort 100x40mm multicompartment £16.75 per metre

Mita Consort 100x50mm multicompartment £17.90 per metre

Mita Consort 100x60mm multicompartment £21.90 per metre

All prices shown include delivery and fitting when ordered as part of a Datacat installation, and are exclusive of VAT.

Wireless Security Issues In FLT Company:

In order to convince you that there are real issues to consider when implementing your WLAN, it is important to focus on the integrated security features present within 802.11n and their limitations.802.11n offers features and functionality that provide you with greater security in your wireless environment, however these security services are enabled for the most part through the wired equivalent privacy (WEP) mechanism to protect you at the link level during wireless transmissions that take place between the client and the access point. Note that WEP is not able to offer end-to-end security, but it does attempt to secure the actual radio transmission by encrypting the data channel.

Securing WLAN:

The most important issue when dealing with wireless security is to consider the fundamental security mechanisms in your wireless network. There are two primary means of adding security to your environment

(Figure 2):

1. Authentication-This mechanism has the objective of using WEP to enable your security to be verified by determining the actual information that defines each wireless workstation. It is necessary to yield access control to the network by restricting wireless workstation access to those clients who can properly authenticate themselves

to the server.

2. Privacy-WEP maintains an effective level of privacy when dealing with security for the data communication channels in your wireless network. It attempts to stop information from being "hacked" byattackers trying to eavesdrop on your data transmissions. The objective is to make certain that messages are not altered while moving from the wireless workstation to the access point or server. Essentially,this is the means that enables you to trust your information so that you can be reasonably certain your information is secure and reliable.

Fig: 3 Securing your WLAN

Authenticating Data

When a wireless user attempts to acquire access to your wired network infrastructure, there are two ways in which access can be obtained:

1. Open system-Any user in range of the access point can roam onto the system (as long as the router is not set up to filter out the unique MAC address of wireless workstations that are not supposed to have access).

2. Encrypted system-All data is scrambled and access barriers are put into place so that a hacker cannot eavesdrop on your data (Figure 4).

In an open system without encryption, a wireless workstation can join your WLAN by using identity types of verification methods. The actual access request in an open environment occurs when the wireless server replies with the service set identifier (SSID) for the WLAN. This means there isn't any actual authentication taking place; the wireless workstation simply roams onto the network. In contrast, you can see the differences spelled out between an open

versus closed system:

Because of the unique SSID set for a company, many people believe that nobody could actually roam onto a network without knowing what unique identifier defined the network. In fact, it is possible for a wireless user to leave the SSID as "NULL" or blank; then when he is in range of the access point, the wireless workstation automatically finds

and logs into the network. This means that basic systems of authentication are not sufficient to protect your network. This is why a combination of encryption and authentication is important in implementing your wireless security-but this still represents a small part of what needs to be done to provide a truly secure WLAN(IEEE 802.11n-2009-Amendment 5: Enhancements for Higher Throughput. IEEE-SA. 29 October 2009. doi:10.1109/IEEESTD.2009.530732).

2.2 Client Authentication in a Closed System

In the previous section we saw that when a wireless workstation replies to the access point with a null or empty string in place of the actual SSID, it is automatically authenticated into the open system. However, when working in a closed authentication environment, the wireless workstation must reply with the exact SSID in order to log into the wireless network. The client is only granted access if it replies with the exact SSID string that identifies the client to the server("Official IEEE 802.11 working group project timelines". Sept. 19, 2009. http://grouper.ieee.org/groups/802/11/Reports/802.11_Timelines.htm). Retrieved 2009-10-09..

Shared Key Authentication

The shared key authentication encryption mechanism uses the "challenge- response" mechanism. The idea is that each wireless client has an understanding of what is commonly referred to as a "shared secret."

The access point creates a random type of challenge that is transmitted to the wireless workstation. The wireless workstation then uses the encryption or WEP key it shares with the access point. The challenge is itself encrypted and then replies with the answer to the access point, which then deciphers that answer sent by the client. Based on the result, the client is granted access only if the deciphered answer is the same expected value as the random challenge (Securing Wi-Fi Wireless Networks with Today's Technologies". Wi-Fi Alliance. 2003-02-06. http://www.wi-fi.org/files/wp_4_Securing%20Wireless%20Networks_2-6-03.pdf. Retrieved 2009-11-30).


Data is encrypted using the RC4 cipher. Note that the wireless workstation does not authenticate the access point, so that there is no verifiable means to make certain that the client is effectively talking to an authorized

access point on the WLAN.The problem is that it is possible for attacks to occur when hackers attempt to "spoof" authorized access points in order to "trick" wireless workstations or mobile users into inadvertently connecting to the hacker's access point, thus compromising the wireless network and stealing important information (Securing Wi-Fi Wireless Networks with Today's Technologies". Wi-Fi Alliance. 2003-02-06. http://www.wi-fi.org/files/wp_4_Securing%20Wireless%20Networks_2-6-03.pdf. Retrieved 2009-11-30).

Ensuring Privacy

As we concentrate on the issues pertinent in wireless security, it is imperative to deal with the issue of privacy. The 802.11 standard can deal with privacy issues through using cryptographic mechanisms in its wireless connectivity. The WEP mechanism ensures privacy through its use of the RC4 symmetric-key cipher algorithm to create a pseudorandom data sequence. WEP makes it possible for data to be protected from interception (or really understood) between transmission points along the wireless network (Figure 5). WEP is useful for all data in the WLAN, to protect and make your data channel private. The idea is to protect datawhen flowing through:

_ Transmission control protocol/Internet protocol (TCP/IP)

_ Internet packet exchange (IPX)

_ Hyper text transfer protocol (HTTP)

WEP is designed to permit privacy by supporting cryptographic keys ranging in size from 40 to 104 bits. The idea is that by increasing the size of the key, you proportionally increase your level of security. For example, a secure setup includes a 104-bit WEP key using 128-bit RC4.

In practice, when you employ a key size in excess of 80 bits, it makes brute force hacker attacks very lengthy, time consuming, and generally unrealistic as a form of breaking into a network without being detected.

In fact, with 80-bit keys, the number of possible keys is so great that even the most powerful computers produced today would not be powerful enough to break the code.

Unfortunately, in my experience, most companies don't use these keys for even the simplest form of protection on their network. Most WLAN implementations use only 40-bit keys. Most hacker attacks are successful on implementations that use 40-bit WEP keys; the majority of WLANs are at serious risk of being compromised.

2.3 Keeping Data Intact:

To maintain privacy, the 802.11 standard was designed specifically to reject any message altered in transit, either by accident or by design. To ensure that data privacy has been maintained, the cyclic redundancy check (CRC) technique is used as a form of encryption. This setup requires that each encrypted packet is "sealed" in a bubble using the RC4 key encryption to scramble the transmission. Only when the packets are received are they decrypted; a CRC check is computed to ensure that it matches the CRC value before it was sent. Should the CRC value not match, then you have a receive error that defines an integrity violation and the packet is thrown away as corrupt (802.11 X Wireless Network in a Business Environment -- Pros and Cons.". NetworkBits.net. http://networkbits.net/wireless-printing/80211-g-pros-cons-of-a-wireless-network-in-a-business-environment/. Retrieved 2008-04-08).

Managing Keys

One of the problems with the 802.11 standard is that it has no good way of managing keys (Figure 6). The administrators who take care of your wireless network are responsible for several methods of managing keys

with respect to:

_ Creating keys

_ Distributing keys among wireless users

_ Archiving/storing keys so that they don't fall into the hands of a hacker

_ Auditing who has what cryptographic keys

_ Terminating keys that have become compromised

What happens if nobody takes care of these key management issues? Your wireless network is highly vulnerable to a hacker attack. These insecurities include:

_ WEP keys are not unique and can be compromised

_ Factory default passwords are prominently posted on hacker sites.

This means that no matter which access point you are using, you are vulnerable if you have left your default administrative password unchanged since deploying your WLAN. Bad keys. Never make a key all zeros or all ones for the sake of convenience. Those types of keys are the first detected by a hacker looking

to see how easy it will be to gain access to your wireless network. Factory defaults must always be changed as they are the easiest and

simplest ways for a hacker to gain access. The greatest difficulty is that the problem with managing keys grows

in proportion with the size of your organization and the number of keys you will need to keep track of your wireless workforce.

2.4 Attack Patterns:

Wireless attacks are either active or passive, as shown in Figure: 7

Active Attack Patterns

An active attack constitutes a pattern where a hacker attempts to modify your data channel, messages, or files. With constant vigilance you will be able to catch this type of attack; however it is difficult to prevent this

type of attack without actually pulling the plug of your WLAN.Active attacks include: denial of service (DoS) and message alteration.

Denial of service attacks A DoS or distributed denial of service (DDoS) is an active attack pattern that prevents legitimate users from using their wireless network. There are a number of risks because these attacks prevent local and remote users from using your network resources. Besides the problems with destroying your network connectivity,you also lose business opportunities, revenue, and good public opinion.

Message alteration In this type of attack, the hacker alters the real message by either adding, erasing, or changing the sequence of the message. This removes the trust factor of your message and makes all your traffic unusable.

Passive Attacks

In these attacks, an unauthorized user acquires access to your network data sources. There is no alteration of message content, but it is possibleto eavesdrop on the transmission. Passive attacks are meant not to disrupt,

but to acquire information flowing across your wireless network (Wireless Fidelity (WiFi) Technology". ITAA. January 2004. http://www.itaa.org/isec/docs/innovation/wifiwhitepaper.pdf. Retrieved 2009-11-30).

Replay In this type of passive attack, the hacker intercepts or eavesdrops on your data channel. The hacker does not do anything to compromise your systems at first, but can resend altered messages to an authorized user pretending to be the system host.

Eavesdropping This is a passive attack in which the hacker listens to all your network transmissions in an effort to acquire information flowing from one wireless workstation to the access point (Wireless technology is irreplaceable for providing access in remote and scarcely populated regions". http://www.apc.org/en/news/strategic/world/wireless-technology-irreplaceable-providing-access. Retrieved 2008-03-10).

Traffic analysis The hacker analyzes your traffic pattern through this type of passive attack to determine what network patterns exist. He can then use all the information acquired to gain information about the traffic from each user on your wireless network.

Wi-Fi Channels Use In FLT Company:

If two access points that use the same RF channel are too close, the overlap in their signals will cause interference, possibly confusing wireless cards in the overlapping area. To avoid this potential scenario, it is important that wireless deployments be carefully designed and coordinated. It is also critical to make sure that deployment does not cause conflicts with other pre-existing wireless implementations.

Four Channels 3D Diagram Overlapping Three Channels

Fig 8: Three channels on a single floor

3.2 Antennas Types And Dipole Antenna Radiation Pattern:

Antennas generally fall into two categories:



Side View (E)

Side View (E)

Top View (E)

Top View (H)Fig 9: Radiate RF energy equally in all horizontal directions Fig 10: Radiate RF energy predominantly in one directio http://www.trevormarshall.com/byte_articles/dipole-az-el.gif

3.3 Solution logical Design Company FLT Office:

3.4 Physical Design and radiation pattern of FLT company:


Our architecture and design offer small offices a groundbreaking network implementation using WLAN as the primary access method. With the entire infrastructure in a single device, we eliminate excess wiring, dramatically simplify network implementation, and increase agility. In addition, based on our hypothetical small office outlined above, we estimate a 43 percent savings over four years in network setup and maintenance costs by using the small office network in a box instead of a traditional wired setup. Our network in a box implementation has shown us that WLANs can achieve the performance, reliability, QoS, and manageability needed to deliver converged services, and we will continue to investigate new applications of this technology.


ACL access control list ATM asynchronous transfer mode

DHCP Dynamic Host Configuration Protocol QoS Quality of Service

RADIUS Remote Authentication Dial In User Service SSID service set identifier

TDM time-division multiplexing VoIP Voice over Internet Protocol

VPN virtual private network WLAN wireless LAN

Wi-Fi* wireless fidelity