Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Bloques de IP privadas:
20104
IMPLEMENTACIÓN DE NAT
a) 11.105.33.102
b) 192.168.33.25
c) 200.33.145.1
d) 192.169.1.1
e) 172.17.3.207
20105
IMPLEMENTACIÓN DE NAT
a) 11.105.33.102 (Pública)
b) 192.168.33.25 (Privada)
c) 200.33.145.1 (Pública)
d) 192.169.1.1 (Pública)
e) 172.17.3.207 (Privada)
LAS IP PRIVADAS NO SON ENRUTABLES EN INTERNET
20106
IMPLEMENTACIÓN DE NAT
20107
IMPLEMENTACIÓN DE NAT
20108
IMPLEMENTACIÓN DE NAT
-NAT Dinámico
-NAT Estático
-PAT(Overload)
-PAT(Overload) con múltiples IP
públicas
20109
IMPLEMENTACIÓN DE NAT CASO 1: NATDinámico
NATDINÁMICO
VENTAJAS:
-Permite “esconder” las direcciones internas de
una LAN asociándolas con IP públicas.
-Asocia dinámicamente IP públicas a IP
privadas, permitiendo mantener un
direccionamiento privado dentro de la LAN
DESVENTAJAS:
-Por cada IP privada, debe existir una IP pública
-Solamente se pueden “natear” tantas IP
privadas como IP públicas se tengan
IMPLEMENTACIÓN DE NAT CASO 2: NATEstático
NATESTÁTICO
VENTAJAS:
-Se pueden conectar N estaciones privadas a Internet
utilizando solamente una IP pública.
-Es posible ocultar la cantidad real de direcciones
privadas dificultando la tarea de un posible atacante.
-DESVENTAJAS:
-Cada conexión de una estación de la LAN interna
hacia Internet utiliza un puerto de la IP pública,
permitiendo un máximo de 216 conexiones como
máximo (65.536)
-Inaplicable en redes de gran tamaño (+ de 500 hosts)
IMPLEMENTACIÓN DE NAT CASO 4: NAT con Sobrecarga y
múltiples IP públicas
DESVENTAJAS:
-Para acceder a un host de la LAN interna hay que
hacer un redireccionamiento de puertos (RDR),
limitando algunas características de extremo a
extremo
IMPLEMENTACIÓN DE NAT
COMANDOS ÚTILES:
1.# show ip nat translations
IP ORIGEN IP DESTINO
D: Ubicación del Dispositivo
192.168.0.3 200.1.1.2 P: Ubicación del Paquete
D: INSIDE D: OUTSIDE
P: LOCAL P: LOCAL
IMPLEMENTACIÓN DE NAT
IP ORIGEN IP DESTINO
D: Ubicación del Dispositivo 200.1.1.1 200.1.1.2
P: Ubicación del Paquete
D: INSIDE (*) D: OUTSIDE
P: GLOBAL P: GLOBAL
(*) Serefiere a la ubicación del PC0, no del R1
IMPLEMENTACIÓN DE NAT
This document is customized and covers basic wireless information and Knowledge for group of users who are
very new to wireless technology.
AGENDA
➢ Cisco Unified Controller- Based Solution
➢ Need of Wireless
➢ Wireless Fundamentals
➢ Regulatory Bodies
➢ Wireless Topologies
➢ Adhoc VS Infrastructure network
➢ Service Set
➢ Wireless Network Types
➢ Cisco Unified Wireless Network Components
➢ Access points Models
➢ Wireless LAN Controller Models
➢ Access Points Types
➢ FAQs
Need of Wireless
NEED OF WIRELESS
➢ Convenience: All notebook computers and many mobile phones today come
equipped with the WiFi technology required to connect directly to a wireless LAN.
➢Mobility: Employees can stay connected to the network even when they're not at their
desks. People in meetings can access documents and applications. Salespeople can
check the network for important details from any location.
➢Ease of setup: When you don't have to run physical cables through a location,
installation can be quick and cost-effective. Wireless LANs also make it easier to bring
network connectivity to hard-to-reach locations, such as a warehouse or factory floor.
➢Scalability: As your business operations grow, you may need to quickly expand your
network. Wireless networks can typically expand with existing equipment, while a wired
network might require additional wiring.
➢Security: Controlling and managing access to your wireless network is important to its
success. Advances in WiFi technology provide robust security protections so your data is
easily available to only the people you allow access.
➢Cost: It can cost less to operate a wireless LAN, which eliminates or reduces wiring costs
during office moves, reconfigurations, or expansions.
WLAN COMPONENTS
COMPARING WLANS TO A LAN
RF Principles
RF PRINCIPLES
➢ Wavelength: The physical distance from one point of the cycle to the same point in the
next cycle is called a wavelength , which is usually represented by the Greek symbol λ
(lambda).
➢ Frequency : Number of times radio waves repeat their pattern per second. It is
measured in Hertz.
➢ Reflection: When the radio wave hits the obstacle at a low angle, the wave (the entire
wave, or part of it) might bounce on the obstacle. This phenomenon is called reflection.
➢ Multipath: A signal sent to a station travels in a straight line and reaches the destination.
A few microseconds later, copies of the same signal reflected on walls, ceiling, and
obstacles also reach the destination.
➢ Refraction: Refraction occurs when a wave changes direction. This change in direction
usually happens when a wave passes from one medium to another (from air to water, for
example).
➢ Scattering: Reflection also occurs in the air itself, bouncing on dust or micro drops of
water (humidity). These multiple reflections are described as scattering .
RF PRINCIPLES CONTINUE…
➢ Free Path Loss: Even without obstacles, a radio wave gets weaker as it moves away
from the emitting source because the energy of the wave spreads .
➢ RSSI: Because the RF wave might have been affected by obstacles in its path, it is
important to determine how much signal is received by the other endpoint. The value
that indicates the amount of power received is called Received Signal Strength
Indicator (RSSI).
WLAN COMPONENTS
RADIO FREQUENCIES
Regulatory Bodies
REGULATORY BODIES
➢ IEEE : It defines how the signal is sent carrying data over unlicensed
frequency band. IEEE maintains and creates technical standards and
protocols used by wireless LAN devices.
𝑃𝑜𝑡𝑒𝑛𝑐𝑖𝑎
𝑑𝐵𝑚 = 10 log( )
1𝑚𝑊
Antenas
Este dispositivo nos permite
Transmitir y recibir las señales de
radio las envían a los Access Point y
Bridges para transformar en bits de
datos, dependiendo del alcance es la
antena a utilizar
RADIACIÓN EN LAS ANTENAS
Antenas Direccional
Estas antenas concentran la cobertura en una sola
dirección. El patrón es cónico parecido a la haz
de luz de una linterna.
La cobertura depende del Angulo de la señal y
puede ir desde 90° - Algo Direccional hasta 20°-
Bastante direccional.
POLARIZACIÓN
Tipos de antenas según la radiación
Linea de Vista
En los enlaces outdoor es muy importante que se
tenga linea de vista entre las antenas, para poder
establecer la comunicación.
Zona de Fresnel
La llamada zona de Fresnel es una zona de despeje adicional que hay que
tener en consideración además de haber una visibilidad directa entre las
dos antenas. .
Wireless Topologies
WIRELESS TOPOLOGIES
➢ Wireless personal-area networks (WPAN): Have a short range (up to 5–10 meters),
commonly use the 802.15 family of specifications to connect two or a few devices with low
power consumption. Bluetooth is an example of WPAN protocol.
➢ Wireless local-area networks (WLAN): Consume more power but extend the connection
to about 300 feet (100 meters).
Banda 2.4GHz 2.4GHz 5GHz 2.4GHz 2.4 GHz, 5GHz 5GHz 2.4/5GHZ 1-6GHZ
# Canales 3 3 Hasta 23 3 Varia Varia Varia
MCS 0 – 7 (BPSK,
IR, QPSK, 16-QAM, 64-
FHSS,DSS DSSS,CCK,OFD QAM, 1/2, 2/3,
Transmision S DSSS OFDM DSSS OFDM M 3/4,56 OFDM
6,9,12,18,
Data Rates 24,36,48,5 6,9,12,18,2
(Mb/s) 1,2 1,2,5.5,11 4 1,2,5.5,11 4,36,48,54 72-600 Mbit/s 433-6933 Mbit/s 600-9608 Mbit/s
36
802.11 continue…
➢ It described FHSS 1 Mbps, and DSSS 1 Mbps and 2 Mbps in the 2.4 GHz spectrum,
describing 14 channels.
➢ The standard was revised in 2007 to integrate all the amendments published over the
previous years (integrating 802.11a, b, d, e, g, h, i, and j). This cumulative version of the
standard is called 802.11-2007
Key WiFi LiFi
Definition WiFi stands for Wireless Fidelity. LiFi stands for Light Fidelity.
WiFi was invented by NCR LiFi was coined by Prof. Harald Haas
Invented
corporation on 1991. in 2011.
WiFi transmits data using radio LiFi transmits data using light signals
Operation
waves using WiFi router. using LED bulbs.
➢ 802.11 was modified almost as soon as it was created to allow for faster speeds.
➢ It described CCK to bring the data rate to 5.5 Mbps and 11 Mbps.
CHANNEL MANAGEMENT
SELECTING CHANNELS (CONT.)
➢ 802.11b was also too slow. A new amendment was published in 2003 introducing
OFDM to the 2.4 GHz band, and effectively. It allowing rates up to 54 Mbps.
➢ When an 802.11b station is detected in the cell, the AP informs the cell in its
information broadcasts. These broadcasts contain 2 bits set to 1: “non-ERP (that is, non-
802.11g) present” and “use protection.
➢ The downside of this protection mechanism is wasted time before each 802.11g
frame. This protection mechanism typically divides the overall throughput of the cell by
3.
802.11a continue…
802.11
Packet
Header
802.11
ACK
➢ The emitter can send the same signal from several antennas. By carefully coordinating
these signals based on the feedback transmitted by the 802.11n receiving station, the
emitter aims at making these signals be received in phase, thus increasing the signal
power level at the receiving station, allowing for longer range or higher throughput.
SPATIAL MULTIPLEXING
CONTINUE…
➢ The emitter can send different simultaneous signals from different radios. The 802.11n
receiver will receive these signals on all its radios. Each of the receive radios
independently decode the arriving signals. Then, each receive signal is combined with
the signals from the other radios. This results in additional throughput.
MIMO BENEFITS CONTINUE…
CISCO UNIFIED WIRELESS
NETWORK COMPONENTS
Network Services
Network Management
Network Unification
Access Points
Client Devices
CISCO UNIFIED CONTROLLER-
BASED SOLUTION
ACCESS POINTS MODELS
1-21
CONTROLLERS MODELS
1-21
Access Points Types
CHANNEL MANAGEMENT
PLANNING A WLAN DEPLOYMENT
➢ Extends the AP
coverage
➢ Dual radio can
create dual half-
duplex
➢ Overlap of 50%
required
➢ Throughput
impacted when
single frequency
used
1-19
WORKGROUP BRIDGE
CONTINUE…
1-18
OUTDOOR WIRELESS BRIDGES
CONTINUE…
1-20
MESH NETWORKS CONTINUE…
1-21
WLAN THREATS
SECURING WIRELESS
Auntificación basada en Mac Address
Puede controlar el acceso solo permitiendo
direcciones MAC especificas
Este mecanismo de seguridad es soportado por la
mayoría de los productos comerciales. Utiliza,
como mecanismo de autenticación, la dirección
MAC de cada estación cliente, permitiendo el
acceso a aquellas MAC que consten en la Lista de
Control de Acceso.
El administrador debe mantener y distribuir una lista
de Mac válidas
Esta dirección puede ser Clonada
WEP (Wired Equivalent Protocol)
Llave compartida es una forma de
autentificación del cliente un poco mas
segura, donde el Access Point envía un
texto en un paquete que el cliente debe
encriptar con la correcta llave WEP y
regresarla al AP. Si el cliente tiene la llave
incorrecta o no tiene llave entonces el
cliente no puede ser autentificado y por lo
tanto no puede asociarse al AP.
WPA (WiFi Proctected Access)
WPA V1 (WiFi Protected Access) es un estándar
propuesto para el cifrado de las comunicaciones
inalámbricas 802.11i se trata de un sistema que
ofrece mejores mecanismos para el cifrado de los
datos y la autenticación de los usuarios,
especialmente pensado para su integración en
grandes redes.
Elimina alguna de las vulnerabilidades del WEP.
Esta tecnología puede ser instalada en el
hardware existente a través de una actualización
del software residente (firmware). Incorpora TKIP
(Temporaly Key Integrity Protocol), y la
autenticación de usuarios IEEE802.1x.
Autenticacion 802.11x (Radius)
El IEEE ha adoptado como nuevo estándar
de autentificación el 802.1X para redes
cableadas como las no cableadas. Este
estándar provee una mutua autentificación
entre un cliente y un servidor de
autentificación. En adición 802.1X puede
proveer dinámicamente por usuario, o por
sección llaves WEP, evitando así el
problema de las llaves estáticas al
administrador de la red.
Componentes 802.11x (Radius)
Supplicant: La estación que requiere ser
autenticada.Responde a las peticiones hechas
por el Authenticator.
FAQ
Many routers act as WLAN access points. They connect multiple computers (and
wireless-capable printers) to a single WLAN and to the Internet.
You can extend WLANs throughout an area by placing additional wireless access
points in various locations. The access points extend the wireless signal's range and
strength.
1-21
FAQ CONTINUE…
➢ Can two computers communicate using the wireless client cards without an
access point (AP)?
Yes, two computers can communicate using the wireless client cards without an
AP. Connect the PC cards in Ad Hoc mode. This step eliminates peer interaction,
and one PC becomes the master.
1-21