CCDA 640-864 Summary Notes – Chapter 5 – Day 10

Networking 3 Minutes

Exam Topic 2 – Part 1: Cisco Unified Wireless Network (UWN) Architecture

Benefits:

  • Deliivers scalable, manageable and secure WLANs
  • Combines wired and wireless network
  • Reduced Total Cost of Ownership (TCO)
  • Enhanced visibility and control
  • Dynamic RF management
  • WLAN Security
  • Mobility
  • Enhanced productivity and collaboration

Network Elements:

  • Client devices
  • access points – access to the network
  • network unification – controllers
  • network management – Wireless Control System (WCS)
  • mobility services like guest access, location services, voice and thread detection

LWAPP (Lightweight Access Point Protocol)

  • IETF Standard RFC draft
  • Controls setup, authentication and operation between contoller and AP
  • Uses AES for authentication and encryption between AP and Controller
  • Messages can be transported in bothL2 andL3 tunnels
    • L2LWAPP Tunnels
      • First method
      • APs did not need IP
      • WLC needed to be in every subnet in  which the APs resided
      • LWAPP uses EtherType code 0xBBBB
      • Deprecated
    • L3 LWAPP Tunnels
      • Prefered
      • Messages from the WLC  use UDP ports 12222 for control and 12223 for data messages
      • Used between the LWAP and WLC
      • WLC does not need to reside in the same segment as APs
      • Transport modes:
        • L2
          • LWAPP uses proprietary code to communicate with AP
        • L3
          • LWAPP uses IP to communicate with AP 
          • IP collected from DHCP server
          • DHCP server a must

CAPWAP (Control and Provisioning for Wireless Access Point)

  • IETF Standard
  • Controls setup, authentication and operation between contoller and AP
  • Uses Datagram Transport Layer Security (DTLS) for authentication and encryption between AP andController
  • Has a Dynamic maximum transmission unit (MTU) discovery mechanism
  • From the Controller :UDP port 5246 for control messages and 5247 for data messages
  • From the AP: ephemeral (short time) UDP Port thats from a hash between the AP MAC
  • Uses L2 Tunnel between the LWAP and WLC
  • APs get IP via DHCP

Cisco Unified Wireless Network Split-MAC Architecture

  • Control and data messages are split
  • APs communicate withWLC using control messages over wired network
    • With a WLC, the AP uses a CAPWAP tunnel to the WLC. The WLC has a 802.1Q trunk to the LAN switch (data vlan, voice vlan and management vlan )
  • Data messages are encapsulated and forwarded to and from wireless clients
  • LWAP MAc Functions:
    • 802.11: Beacon probe response
    • 802.11 Control: Packet acknowledgment and transmission
    • 802.11e (QoS): Frame queuing and packet prioritization
    • 802.11i (security): MAC layer data encryption/decryption
  • WLC MAC Functions
    • 802.11 MAC Management: Association requests and actions
    • 802.11e Resource Reservation: Reserve resources for applications
    • 802.11i (security): Authentication and key management

Local MAC

  • Moves MAC management from WLC to AP
  • Supported by CAPWAP
  • Allows termination of client traffic at the wired port of AP
    • Refered to as autonomous AP
    • Autonomous AP acts as a 802.1q translational bridge with a trunk to the LAN switch (data vlan, voice vlan and management vlan )
  • LWAP MAc Functions:
    • 802.11: Beacon probe response
    • 802.11 Control: Packet acknowledgment and transmission
    • 802.11e (QoS): Frame queuing and packet prioritization
    • 802.11i (security): MAC layer data encryption/decryption
    • 802.11 MAC Management: Association requests and actions
  • WLC MAC Functions
    • 802.11: Proxy association requests
    • 802.11e Resource Reservation: Reserve resources for applications
    • 802.11i (security): Authentication and key management

AP Modes:

  • Local Mode
    • Default
    • AP measures noise floor and interference and scans for IDS threats @ 180 seconds for a duration of 60 ms
    • Scanning occures in unused channels
  • Hybrid Remote Edge AP (H-REAP) mode
    • LWAP can reside across a WAN link and communicate with WLC
    • Allows local MAC
    • Supported: 1130, 1140, 1240AB, and 1250AG series
  • Monitor Mode:
    • CAPWAP APs can exclude themselves form handling data traffic
    • APs act as  dedicated sensors for location based services, rogue AP detection  and IDS
    • AP cannot serve clients
    • AP continupously cycles through all configured channels listening for approx 60ms
  • Rogue detector (RD) mode
    • Monitor rogueAPs
      • RD sees all VLANS in network
      • RD is connected to a trunk port
      • LAN switch sends all the rogue AP / client MAC to RD
      • RD sends the MACs to WLC to compare the MACs with the ones that the WLC APs has heard
      • If match, WLC knows that the rogue AP where the clients are connected  is in the wired network
    • APs do not transmit or contain rogue APs
  • Sniffer mode
    • CAPWAP functions as sniffer. Captures and forwards all packets on a particular channel to a remote machine runningAeroPeek (third party network analyzer software)
      • Aeropeek supports decoding of data packets
    • Can only be enabled if running aeropeek
  • Bridge mode
    • Provides for high bandwidth bridging connectivity
    • Supported:
      • point-to-point bridging
      • point-to-multipoint bridging
      • point-to-point wireless access with integrated wireless backhaul
      • point-to-multipoint wireless access with integrated wireless backhaul.

 

Published by CyberSecFaith

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s