11 - Wireless LANs Flashcards
1
Q
What is the IEEE number for Ethernet?
A
802.3
2
Q
What is the IEEE number for Wireless?
A
802.11
3
Q
Why are 802.11 WLANs always half duplex?
A
Because transmissions use the same frequency only one station can transmit at any time, otherwise collisions occur
4
Q
What is a BSS?
A
Basic Service Set. A wireless service area involving a group of devices formed around a fixed device
5
Q
What mode does an AP operate in?
A
Infrastructure mode
6
Q
What is a BSA?
A
Basic Service Area. The bounding area of the BSS where the APs signal is usable
7
Q
What does an AP use to advertise the existence of the BSS?
A
BSSID
8
Q
What is a BSSID?
A
Unique BSS Identifier, based on the APs own radio MAC address
9
Q
What is an SSID?
A
Service Set Identifier. A human readable name tag that identifies a wireless service
10
Q
What is an association and how is it formed?
A
A membership with the BSS. A potential client must send an association request to the AP which it can grant or deny
11
Q
What does the 802.11 standard refer to as the upstream wired Ethernet as?
A
The DS (Distribution System)
12
Q
What is an AP effectively doing when it serves multiple SSIDs?
A
Trunking VLANs over the air to wireless clients
13
Q
What is an ESS and what is it used for?
A
Extended Service Set.
For interconnecting APs placed at different geographic locations with a switched infrastructure
14
Q
What is roaming with respect to APs?
A
Moving from one AP to another automatically
15
Q
What must a client do as it roams from one AP to another?
A
Scan available channels to find the new AP (and BSS) to roam toward
16
Q
True/False: In ESS each AP offer its own BSS on its own channel, even with the same SSID
A
True
17
Q
What is an IBSS?
A
Independent BSS.
Allows two or more wireless clients to communicate directly with each other with no other means of network connectivity
18
Q
What is another name for an IBSS?
A
Ad hoc WLAN
19
Q
How could you extend the range of a wireless network?
A
Add an AP in repeater mode
20
Q
What is a WGB and what is it used for?
A
Workgroup Bridge.
It can be used to connect a device’s wired network adapter to a wireless network
21
Q
What are the two common types of WGBs?
A
- uWGB (universal). A single wired device can be bridged to a wireless network
- WGB. Cisco proprietary implementation allows multiple wired devices to be bridged
22
Q
What is an Outdoor Bridge?
A
APs can be configured to act as bridges for LANs. Outdoor bridged links involve special purpose antennas to achieve this over long distances
23
Q
What is a Mesh network?
A
Interconnected wireless APs in Mesh mode instead of being interconnected with switched infrastructure (Ethernet)
24
Q
What is the frequency of a wave measured as?
A
The number of times a signal makes one complete up and down cycle in 1 second
25
What is another way of describing Hz / Hertz?
Cycles per second
26
What frequency range category are 5Ghz and 2.4Ghz wireless in?
Microwave
27
What is an interesting property of 5ghz band channels?
They are non overlapping, so APs can use any channel number without affecting APs using any other channel numbers
28
What channels must be used in 2.4Ghz to avoid overlap between adjacent channels?
1, 6, 11
29
What is the primary function of an access point?
Bridge wireless data from air to a wired network
30
What is an Autonomous AP?
Self contained AP, fully equipped with both wired and wireless hardware
31
How are Autonomous APs natural extensions of a switched network?
They connect wireless SSIDs to wired VLANs at the access layer
32
True/False: Two clients connected to an AP cannot talk to each other without going through the full network connected to the AP?
False. They can communicate directly through the AP
33
True/False: SSIDs and their VLANs must be extended at Layer 2
True
34
What is Cisco Prime Infrastructure?
An AP management platform
35
What is Cisco Meraki?
Cloud based AP management platform
36
What is a WLC and why are they good?
Wireless LAN Controller. They separate out the management functions required of APs (RF management, auth, security) into a separate centralized controller to make autonomous APs easier to manage
37
What is a lightweight AP?
An AP that only performs the real-time functions of 802.11 such as sending and receiving frames, MAC etc
38
True/False: Generally a lightweight AP cannot usually operate on its own
True
39
What is Split MAC architecture?
When management and normal operations of an AP are split out into WLC and lightweight APs
40
What is CAPWAP?
Control and Provisioning of Wireless Access Points.
A tunneling protocol used to encapsulate data between the LAP and WLC within new IP packets
41
What are the two separate tunnels that are part of the CAPWAP relationship?
CAPWAP Control messages
| CAPWAP Data
42
What are CAPWAP control messages used for?
Carrying authenticated/encrypted exchanges used to configure an AP and manage its operations.
43
What are CAPWAP data messages used for?
Packets traveling to and from wireless clients that are associated with the AP. Not encrypted by default.
44
What is DTLS?
Datagram Transport Layer Security. Used under CAPWAP when data encryption is enabled for an AP to protect packets
45
What legacy Cisco proprietary solution is CAPWAP based on?
LWAPP. Lightweight Access Point Protocol
46
What must every AP and WLC authenticate with each other using?
Digital Certificates e.g. X.509
47
True/False: An AP and WLC cannot be separated logically or geographically, they must be in the same subnet / location
False. CAPAP tunneling allows them to be separated and breaks dependence on Layer 2 connectivity between them
48
Why are trunk links not needed for an AP using CAPWAP?
Because all VLANs its supports are encapsulated and tunneled as Layer 3 IP packets rather than individual L2 VLANs
49
What is Unified / Centralized WLC deployment?
When you place the WLC in a central location to maximize the number of APs joined to it
50
How many APs does a WLC typically support?
6000
51
What is a Cloud based WLC deployment and how many APs would it typically support?
Where the WLC exists as a virtual machine rather than physical device e.g inside a data center in a private cloud.
Around 3000
52
What is an Embedded WLC deployment and where would you use it?
When the WLC is co-located with a stack of switches.
Used on small campuses or distributed branch locations where the number of APs is small. Can support around 200 APs
53
What is Cisco Mobility Express WLC deployment and where would you use it?
WLC function co-located with an AP that is installed at the site. Supports around 100 APs.
Small scale environments where you might not need to invest in dedicated WLCs at all
54
What is Local mode for a lightweight AP?
Default lightweight mode that offers one or more functioning BSSs on a specific channel.
When not transmitting AP will scan to measure noise, interference, rogue devices etc
55
What is Monitor mode for a lightweight AP?
The AP does not transmit at all but receiver enabled to check for IDS events, rogue access points and positions of stations, etc
56
What is FlexConnect mode for a lightweight AP?
An AP at a remote site can local switch traffic between an SSID and VLAN if its CAPWAP tunnel to the WLC is down
57
What is Sniffer mode for a lightweight AP?
An AP that dedicates its radios to receiving 802.11 traffic from other sources and forwards it to a host running network analyzer software
58
What is Rogue detector mode for a lightweight AP?
An AP dedicating itself to detecting rogue devices by correlating MAC addresses heard on the wired network with those over air. Rogue devices are those that appear on both networks
59
What is Bridge mode for a lightweight AP?
AP becomes a dedicated bridge (PtP or PtMP) between two networks. Can be used to link two locations separated by distance. Multiple APs in bridge mode can form a mesh network
60
What is Flex+Bridge mode for a lightweight AP?
FlexConnect operation enabled on a mesh AP
61
What is SE-Connect mode for a lightweight AP?
AP dedicated to spectrum analysis on all wireless channels
62
With respect to Security, what should a client do with management frames sent by an AP?
Authenticate them to ensure the AP is actually a legitimate expected AP
63
What is an AP group key used for?
A key maintained by the AP that it uses when it needs to send encrypted data to all clients in its cell at one time, with each client using the same group key to decrypt the data
64
What is a MIC?
Message Integrity Check that prevents against data tampering
65
What cipher algorithm does WEP use?
RC4
66
What type of security method is WEP?
Shared-key
67
How does an AP test the clients knowledge of a WEP key?
Sends it a random challenge phrase that it must encrypt with the WEP key and return the result to the AP
68
What is EAP?
Extensible Authentication Protocol.
Defines a set of common functions that actual methods can use to authenticate users
69
What is the difference between Open/WEP authentication at the AP and EAP?
With 802.1x the client uses open authentication to associate with the AP, then the actual client authentication process occurs at a dedicated authentication server
70
What is an 802.1x Supplicant?
The device requesting access
71
What is an 802.1x Authenticator?
The network device that provides access to the network (usually WLC)
72
What is an 802.1x Authentication Server?
The device that takes the user / client credentials and permits or denies network access based on a user db and policies (e.g. RADIUS server)
73
What is LEAP?
Lightweight EAP.
Protocol that tried to overcome WEP weaknesses by using dynamic WEP keys that changed frequently but was still vulnerable
74
What is EAP-FAST?
EAP Flexible Authentication by Secure Tunneling.
Authentication credentials protected by passing a PAC (Protected Access Credential) between the AS and the supplicant. Uses inner and outer authentication for both authenticating the supplicant and the end user through the resulting tunnel
75
What is a PAC?
Protected Access Credential.
A form of shared secret generated by the AS and used for mutual authentication
76
What is PEAP?
Protected EAP. Has inner and outer authentication like EAP-FAST, but the AS presents a digital certificate to authenticate itself with the supplicant in the outer authentication.
If the supplicant is happy, it will form a TLS tunnel to be used for subsequent inner client authentication and encryption key exchange
77
What is EAP-TLS?
EAP-TLS goes a step further from relying on clients to authenticate digital certificates presented by the AS by requiring certificates on the AS and on every client device.
Highly secure but complex. Requires a PKI to implement effectively for certificate supply and revocation
78
What is TKIP?
Temporal Key Integrity Protocol.
Contains TKIP sequence counter to prevent frame replay attack. Now deprecated. Used in WPA, WPA2
79
What is CCMP?
Counter/CBC-MAC protocol consisting of two algorithms
- AES Counter mode encryption
- Cipher Block Chaining Message Authentication Code used as a MIC
Used in WPA, WPA2
Requires devices to have hardware support (WPA2)
80
What is GCMP?
Galois/Counter Mode protocol consisting of two algorithms
- AES counter mode encryption
- Galois MAC used as a MIC
Used in WPA3
81
What are PMFs?
Protected Management Frames used to secure important 802.11 management frames between APs and clients
82
What is SAE?
Simultaneous Authentication of Equals
83
What two client modes do all WPA versions support?
- PSK (Pre Shared Key) aka Personal mode
| - 802.1x aka Enterprise mode
84
How does PSK mode function?
They secret key string is never sent over the air. A four way handshake procedure takes place that uses the PSK to construct and exchange encryption key material, then subsequently authenticate the client and secure frames
85
How does WPA3 avoid the eavesdropping attacks associated with WPA and WPA2 Personal (PSK) modes?
By strengthening key exchange between clients and APs using SAE in which the client and AP can initiate the authentication process equally and simultaneously.
WPA3 also uses forward secrecy to prevent attackers being able to un-encrypt data that has already been transmitted over the air
86
What does an AP map each VLAN to?
A WLAN and BSS
87
What must the wired Ethernet interface on a lightweight AP be paired with to be fully functional?
A WLC
88
What are multiple VLANs extended from the WLC to the AP carried over?
CAPWAP tunnel
89
What does a lightweight AP need in terms of a link to connect to network infrastructure and terminate its end of the tunnel?
An Access link
90
How are ports and interfaces distinguished differently when talking about WLCs?
For WLCs a port refers to physical connections made to an external wired or switched network.
Interfaces refers to logical connections made internally within the controller
91
What is a WLC Service port used for?
Out of band management, system recovery, and initial boot functions.
Always connects to switch port in Access mode
92
What is a WLC Distribution System port used for?
Normal AP and management traffic.
Usually connects in 802.1Q Trunk mode
93
What is a WLC Redundancy port used for?
To connect to a peer controller for HA (high availability)
94
True/False: The WLC service port only supports a single VLAN
True
95
Which WLC ports do the CAPWAP tunnels extending to each AP pass across?
Distribution System ports
96
What is name for the wired system that connects APs together?
Distribution System (DS)
97
What mode should Distribution System ports on a WLC always operate in and why?
802.1Q Trunking mode.
Because they must carry data that is associated with many different VLANs
98
What is a LAG?
Link Aggregation Group.
A bundle of WLC distribution ports configured to operate as a single logical group / EtherChannel, with traffic being able to be load balanced across the ports.
99
What is a WLC Management interface?
Used to terminate CAPWAP tunnels and for normal management traffic such as:
- RADIUS
- WLC to WLC communication
- Web / SSH sessions
- SNMP
- NTP
100
What is a WLC Virtual interface?
Used for client facing operations.
It is the IP address facing wireless clients when the control is relaying DHCP requests, client web auth and supporting client mobility
101
What is a WLC Service port interface?
Interface bound to a service port and used for out of band management
102
What is a WLC Dynamic interface?
Connects VLAN to a WLAN
103
What type of controller interface type is used to connect a VLAN to a WLAN?
Dynamic interface
104
What class of address should you configure on a WLC virtual interface?
Unique nonroutable IP such as a private address
105
Why should each controller in a mobility group use the same virtual interface address?
Appear to operate as a cluster as clients roam from controller to controller
106
True/False: You only need one dynamic interface to support multiple WLANs
False.
You must create one dynamic interface for each WLAN offered by the controller's APs and map the interface to the WLAN
107
What is the downside of creating too many WLANs?
A channel can be starved of any usable airtime. Clients will have difficulty transmitting their own data because the channel is too busy with beacon transmissions coming from the AP
