IMPLEMENTACIÓN DE NAT

NAT = Network Address Translation

(Traducción de
Direcciones de Red)
PAT = Port Address Translation
(Traducción de Direcciones de
Puertos)
IMPLEMENTACIÓN DE NAT

Direcciones IP Públicas yPrivadas

Según el RFC (Request For

Comments) 1918, las direcciones IP
se clasifican en Públicas y Privadas.
IMPLEMENTACIÓN DE NAT

Direcciones IP Públicas yPrivadas

Bloques de IP privadas:

•10.0.0.0/8 (10.0.0.0 – 10.255.255.255)

•172.16.0.0/12 (172.16.0.0 – 172.31.255.255)
•192.168.0.0/16 (192.168.0.0 – 192.168.255.255)

Cualquier IP que no esté en ese rango se considera PÚBLICA

20104
IMPLEMENTACIÓN DE NAT

¿Las siguientes IP son públicas o privadas?

a) 11.105.33.102
b) 192.168.33.25
c) 200.33.145.1
d) 192.169.1.1
e) 172.17.3.207

20105
IMPLEMENTACIÓN DE NAT

¿Las siguientes IP son públicas o privadas?

a) 11.105.33.102 (Pública)
b) 192.168.33.25 (Privada)
c) 200.33.145.1 (Pública)
d) 192.169.1.1 (Pública)
e) 172.17.3.207 (Privada)
LAS IP PRIVADAS NO SON ENRUTABLES EN INTERNET

20106
IMPLEMENTACIÓN DE NAT

20107
IMPLEMENTACIÓN DE NAT

Existen varios tipos de NAT:

-Dynamic NAT
-Static NAT (1:1)
-PAT o NAT con Sobrecarga
-PAT o NAT con Sobrecarga sobre
múltiplesIP
-NAT-T
-Source NAT
-Entre otros

20108
IMPLEMENTACIÓN DE NAT

En esta presentación solo veremos 4

tipos:

-NAT Dinámico
-NAT Estático
-PAT(Overload)
-PAT(Overload) con múltiples IP
públicas

20109
IMPLEMENTACIÓN DE NAT CASO 1: NATDinámico

NATDINÁMICO

En el NAT dinámico, las direcciones

IP internas de cada cliente de una
LAN se asocian dinámicamente con
cada IP externa (pública).
 IMPLEMENTACIÓN DE NAT CASO 1: NATDinámico

Router(config)# ip nat pool RANGOPUBLICO 200.1.1.2 200.1.1.4 netmask 255.255.255.248

Router(config)# access-list 1 permit 192.168.0.0 0.0.0.255
Router(config)# ip nat inside source list 1 pool RANGOPUBLICO
Router(config)# interface FastEthernet0/0
Router(config-if)# ip nat inside
Router(config-if)# exit
Router(config)# interface FastEthernet0/1
Router(config-if)# ip nat outside
IMPLEMENTACIÓN DE NAT CASO 1: NATDinámico

VENTAJAS:
-Permite “esconder” las direcciones internas de
una LAN asociándolas con IP públicas.
-Asocia dinámicamente IP públicas a IP
privadas, permitiendo mantener un
direccionamiento privado dentro de la LAN

DESVENTAJAS:
-Por cada IP privada, debe existir una IP pública
-Solamente se pueden “natear” tantas IP
privadas como IP públicas se tengan
IMPLEMENTACIÓN DE NAT CASO 2: NATEstático

NATESTÁTICO

En el NAT estático es posible asignar

estáticamente una dirección IP pública única
a una dirección IP privada, asegurando
disponibilidad y acceso desde Internet hacia
un servidor ubicado en la LAN.

Este método puede convivir con otros

mecanismos de NAT
IMPLEMENTACIÓN DE NAT CASO 2: NATEstático

Router(config)# ip nat inside source static 192.168.0.10 200.1.1.5

Router(config)# interface FastEthernet0/0
Router(config-if)# ip nat inside
Router(config-if)# exit
Router(config)# interface FastEthernet0/1
Router(config-if)# ip nat outside
IMPLEMENTACIÓN DE NAT CASO 3: NAT con Sobrecarga (PAT)

NAT CON SOBRECARGA (PAT)

Es quizá el tipo de NAT más ampliamente

utilizado hoy en las organizaciones y
consiste en permitir que múltiples IP
privadas se conecten a Internet utilizando
una sola IP (sobrecargándola). Aquí la
traducción se hace en base a puertos.
IMPLEMENTACIÓN DE NAT CASO 3: NAT con Sobrecarga (PAT)

Router(config)# access-list 1permit 192.168.0.0 0.0.0.255

Router(config)# ip nat inside source list 1interface f0/1 overload
Router(config)# interface FastEthernet0/0
Router(config-if )# ip nat inside
Router(config-if)# exit
Router(config)# interface FastEthernet0/1
Router(config-if )# ip nat outside
IMPLEMENTACIÓN DE NAT CASO 3: NAT con Sobrecarga (PAT)

VENTAJAS:
-Se pueden conectar N estaciones privadas a Internet
utilizando solamente una IP pública.
-Es posible ocultar la cantidad real de direcciones
privadas dificultando la tarea de un posible atacante.

-DESVENTAJAS:
-Cada conexión de una estación de la LAN interna
hacia Internet utiliza un puerto de la IP pública,
permitiendo un máximo de 216 conexiones como
máximo (65.536)
-Inaplicable en redes de gran tamaño (+ de 500 hosts)
IMPLEMENTACIÓN DE NAT CASO 4: NAT con Sobrecarga y
múltiples IP públicas

NATCON SOBRECARGA YMÚLTIPLES IP

PÚBLICAS

Este tipo de NAT es una variación del PAT

tradicional pero se agrega un grupo de IP
públicas para hacer la traducción. Esto
permite tener más de 65536 conexiones
simultáneas (que es lo que permite una
sola IP).
 IMPLEMENTACIÓN DE NAT CASO 4: NAT con Sobrecarga y
múltiples IP públicas

Router(config)# ip nat pool RANGO_PAT_PUBLICO 200.1.1.1 200.1.1.4 netmask 255.255.255.248

Router(config)# access-list 1permit 192.168.0.00.0.0.255
Router(config)# ip nat inside source list 1pool RANGO_PAT_PUBLICO overload
Router(config)# interface FastEthernet0/0
Router(config-if )# ip nat inside
Router(config-if)# exit
Router(config)# interface FastEthernet0/1
Router(config-if )# ip nat outside
 IMPLEMENTACIÓN DE NAT CASO 4: NAT con Sobrecarga y
múltiples IP públicas
VENTAJAS:
-Permite la utilización de un rango de IP públicas y
balancear dinámicamente la carga de los puertos
hacia Internet
- Ideal para organizaciones con un gran número de hosts
que deben conectarse simultáneamente hacia Internet.
Consideremos un escenario donde hay 1000 hosts en la
LAN privada y 14 o 30 IP públicas.

DESVENTAJAS:
-Para acceder a un host de la LAN interna hay que
hacer un redireccionamiento de puertos (RDR),
limitando algunas características de extremo a
extremo
IMPLEMENTACIÓN DE NAT

COMANDOS ÚTILES:
1.# show ip nat translations

2.# show ip nat static

3.# debug ip nat

4.# clear ip nat translations *

 IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global

Tcp 200.1.1.1:3333 192.168.0.3:6500 200.1.1.1:3333 200.1.1.1.:3333
IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

Cuando quieras saber si una IP corresponde a

Inside local, Inside Global, Outside Local u
Outside Global, recuerda lo siguiente:

1. Inside u Outside se refiere a la ubicación del dispositivoque

generó el paquete
2. Local o Global se refiere a la ubicación actual delpaquete
IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

El PC192.168.0.3 se conecta mediante la IP pública

200.1.1.1 hacia Internet (simulado con PC1 con
200.1.1.2)
IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

INSIDE INSIDE OUTSIDE OUTSIDE

LOCAL GLOBAL LOCAL GLOBAL
IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

IP ORIGEN IP DESTINO
D: Ubicación del Dispositivo
192.168.0.3 200.1.1.2 P: Ubicación del Paquete
D: INSIDE D: OUTSIDE
P: LOCAL P: LOCAL
IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

IP ORIGEN IP DESTINO
D: Ubicación del Dispositivo 200.1.1.1 200.1.1.2
P: Ubicación del Paquete
D: INSIDE (*) D: OUTSIDE
P: GLOBAL P: GLOBAL
(*) Serefiere a la ubicación del PC0, no del R1
 IMPLEMENTACIÓN DE NAT

Inside, Outside, Local, Global

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global

Tcp 200.1.1.1:3333 192.168.0.3:6500 200.1.1.1:3333 200.1.1.1.:3333
IMPLEMENTACIÓN DE NAT

INSIDE LOCAL: Dirección IP de la red LAN interna

(Privada, del RFC1918)

INSIDE GLOBAL: Dirección IP Pública del Router

OUTSIDE LOCAL: Dirección IP de una máquina externa según

como es vista desde la LAN, no siempre es una IPpública

OUTSIDE GLOBAL: Dirección IP Pública del servidor remoto

 Wireless

This document is customized and covers basic wireless information and Knowledge for group of users who are
very new to wireless technology.
AGENDA
➢ Cisco Unified Controller- Based Solution
➢ Need of Wireless
➢ Wireless Fundamentals
➢ Regulatory Bodies
➢ Wireless Topologies
➢ Adhoc VS Infrastructure network
➢ Service Set
➢ Wireless Network Types
➢ Cisco Unified Wireless Network Components
➢ Access points Models
➢ Wireless LAN Controller Models
➢ Access Points Types
➢ FAQs
Need of Wireless
NEED OF WIRELESS
➢ Convenience: All notebook computers and many mobile phones today come
equipped with the WiFi technology required to connect directly to a wireless LAN.

➢Mobility: Employees can stay connected to the network even when they're not at their
desks. People in meetings can access documents and applications. Salespeople can
check the network for important details from any location.

➢Ease of setup: When you don't have to run physical cables through a location,
installation can be quick and cost-effective. Wireless LANs also make it easier to bring
network connectivity to hard-to-reach locations, such as a warehouse or factory floor.

➢Scalability: As your business operations grow, you may need to quickly expand your
network. Wireless networks can typically expand with existing equipment, while a wired
network might require additional wiring.

➢Security: Controlling and managing access to your wireless network is important to its
success. Advances in WiFi technology provide robust security protections so your data is
easily available to only the people you allow access.

➢Cost: It can cost less to operate a wireless LAN, which eliminates or reduces wiring costs
during office moves, reconfigurations, or expansions.
WLAN COMPONENTS
COMPARING WLANS TO A LAN
RF Principles
RF PRINCIPLES

➢ Wavelength: The physical distance from one point of the cycle to the same point in the
next cycle is called a wavelength , which is usually represented by the Greek symbol λ
(lambda).

➢ Frequency : Number of times radio waves repeat their pattern per second. It is
measured in Hertz.

➢ Reflection: When the radio wave hits the obstacle at a low angle, the wave (the entire
wave, or part of it) might bounce on the obstacle. This phenomenon is called reflection.

➢ Multipath: A signal sent to a station travels in a straight line and reaches the destination.
A few microseconds later, copies of the same signal reflected on walls, ceiling, and
obstacles also reach the destination.

➢ Refraction: Refraction occurs when a wave changes direction. This change in direction
usually happens when a wave passes from one medium to another (from air to water, for
example).

➢ Scattering: Reflection also occurs in the air itself, bouncing on dust or micro drops of
water (humidity). These multiple reflections are described as scattering .
RF PRINCIPLES CONTINUE…

➢ Free Path Loss: Even without obstacles, a radio wave gets weaker as it moves away
from the emitting source because the energy of the wave spreads .

➢ RSSI: Because the RF wave might have been affected by obstacles in its path, it is
important to determine how much signal is received by the other endpoint. The value
that indicates the amount of power received is called Received Signal Strength
Indicator (RSSI).
WLAN COMPONENTS
RADIO FREQUENCIES
Regulatory Bodies
REGULATORY BODIES
➢ IEEE : It defines how the signal is sent carrying data over unlicensed
frequency band. IEEE maintains and creates technical standards and
protocols used by wireless LAN devices.

➢ Federal Communications Commission (FCC): In America and

other countries in America continents, FCC restrict the power and
frequency can be used in that region.

➢ ETSI (European Telecommunications Standards Institute):

Controls Frequency and power in Europe and other countries like Israel
and some other countries.

➢ Wi-Fi Alliance: It ensures that wireless products that are available to

consumers provide the features that the products claim to have.
WLAN COMPONENTS
WI-FI CERTIFICATION

The Wi-Fi Alliance certifies Wi-Fi and the following product

compatibility:
▪ IEEE 802.11a/b/g/n/ac/ad-compatible
▪ IEEE 802.11i secure using WPA2™ and Extensible
Authentication Protocol (EAP)
▪ Wi-Fi Protected Setup (WPS) to simplify device connections
▪ Wi-Fi Direct to share media between devices
▪ Wi-Fi Passpoint to simplify securely connecting to Wi-Fi hotspot
networks
▪ Wi-Fi Miracast to seamlessly display video between devices
MEDICIONES RELATIVAS
 dB
 El decibelio o decibel,con símbolo dB, expresa
una razón entre cantidades y no una cantidad.
El decibel expresa cuantas veces más o cuantas
veces menos, pero no la cantidad exacta. Es
una expresión que no es lineal, sino logarítmica.
Es una unidad de medida relativa. En
audiofrecuencias un cambio de 1 decibel (dB)
es apenas (si hay suerte) notado.
DBI

Son los Decibeles de

ganancia sobre un
radiador isotrópico o una
Relación logarítmica entre
la potencia de emisión de
una antena en relación a
un radiador isotrópico.
DBM A MW
dBm mW dBm mW dBm mW
0 1 11 12.5 21 128
1 1.25 12 16 22 160
2 1.56 13 20 23 200
3 2 14 25 24 256
4 2.5 15 32 25 320
5 3.12 16 40 26 400
6 4 17 50 27 512
7 5 18 64 28 640
8 6.25 19 80 29 800
9 8 20 100 30 1 watt
10 10 36 4 Watts
REGLA DE 3S Y 10S
Incremento de 3dB =
Doblar la potencia de
Transmision (TX)
Decremento de 3dB =
Mitad de la Potencia
Incremento de 10dB =
Potencia x 10
Decremento de 10dB =
1/10 Potencia.
EIRP

 Esla cantidad de potencia que

emitiría una antena isotrópica teórica
(es decir, aquella que distribuye la
potencia exactamente igual en
todas direcciones) para producir la
densidad de potencia observada en
la dirección de máxima ganancia de
una antena. El PIRE tiene en cuenta
las perdidas de la línea de
transmisión y en los conectores e
incluye la ganancia de la antena.
EIRP

EIRP = Tx power (dBm) +

Antenna Gain (dBi) −
Cable Loss (dB)

𝑃𝑜𝑡𝑒𝑛𝑐𝑖𝑎
𝑑𝐵𝑚 = 10 log( )
1𝑚𝑊
Antenas
Este dispositivo nos permite
Transmitir y recibir las señales de
radio las envían a los Access Point y
Bridges para transformar en bits de
datos, dependiendo del alcance es la
antena a utilizar
RADIACIÓN EN LAS ANTENAS
Antenas Direccional
Estas antenas concentran la cobertura en una sola
dirección. El patrón es cónico parecido a la haz
de luz de una linterna.
La cobertura depende del Angulo de la señal y
puede ir desde 90° - Algo Direccional hasta 20°-
Bastante direccional.
POLARIZACIÓN
Tipos de antenas según la radiación
Linea de Vista
En los enlaces outdoor es muy importante que se
tenga linea de vista entre las antenas, para poder
establecer la comunicación.
Zona de Fresnel
La llamada zona de Fresnel es una zona de despeje adicional que hay que
tener en consideración además de haber una visibilidad directa entre las
dos antenas. .
Wireless Topologies
 WIRELESS TOPOLOGIES

➢ Wireless personal-area networks (WPAN): Have a short range (up to 5–10 meters),
commonly use the 802.15 family of specifications to connect two or a few devices with low
power consumption. Bluetooth is an example of WPAN protocol.

➢ Wireless local-area networks (WLAN): Consume more power but extend the connection
to about 300 feet (100 meters).

➢ Wireless metropolitan-area network (WMAN): Extend the range to a larger geographic

area, such as a city or suburb. WMANs typically use licensed frequencies . Although
implementations in the ISM bands can also be found. WiMAX is an example of WMAN protocol.

➢ Wireless wide-area network (WWAN): Provide connectivity over a wide geographical

area. Usually, WWANs are networks used for mobile phone and data service and are operated
by carriers. WWANs typically use licensed frequencies.
Adhoc Vs Infrastructure Network
ADHOC VS INFRASTRUCTURE
NETWORK
➢ Adhoc Mode:
 Also known as Peer-to-Peer network.
 A first station defines the radio parameters and a connection
name; the other stations just need to detect the connection and
adjust their own parameters to connect to the first station and to
each other.
 As soon as wireless devices connect to each other over a wireless
network, a Basic Service Set (BSS) is formed.
 The wireless network they form is called an Independent Basic
Service Set (IBSS).
 ADHOC VS INFRASTRUCTURE
NETWORK CONTINUE…

➢ Infrastructure Mode: The AP functions as a translational

bridge between 802.3 wired media and 802.11 wireless
media.
 BSS is the service provided by the AP.
Service Set
 SERVICE SET
➢ Basic Service Area (BSA) :
 Wireless Cell created by an AP – CISCO term.

➢ Independent basic service set ( IBSSD):

 Wireless network created by a Laptop.
 Used in ADHOC Connection.

➢ Basic service set – (BSS):

 As soon as wireless devices (called “stations” in the 802.11 standard) connect to each other over a
wireless network a BSS is formed.

➢ Distribution System (DS):

 The wired section of the network that can be reached through the AP.
➢ Extended service set – (ESS):
 When the distribution system links two APs, or two cells, the group is called extended service set.
 Allows mobility roaming of wireless devices within a distributed system.

➢ Service Set Identifier – (SSID):

 Wireless Workgroup or Domain Name or simply a wireless network.
 ASCI string providing a name to a wireless network.
SERVICE SET CONTINUE…

➢ Basic Service Set Identifier –(BSSID):

 AP Radio MAC address associated with a SSID.

➢ Multiple Basic Service Set Identifier –(MBSSID):

 Having multiple SSIDs configured.
Wireless Network Types
WIRELESS NETWORK TYPES

802.11 802.11b 802.11a 802.11g 802.11n 802.11ac (wifi 5) 802.11ax (wifi6)

Ratificado 1997 1999 1999 2003 2009 2014 2019

Banda 2.4GHz 2.4GHz 5GHz 2.4GHz 2.4 GHz, 5GHz 5GHz 2.4/5GHZ 1-6GHZ
# Canales 3 3 Hasta 23 3 Varia Varia Varia

MCS 0 – 7 (BPSK,
IR, QPSK, 16-QAM, 64-
FHSS,DSS DSSS,CCK,OFD QAM, 1/2, 2/3,
Transmision S DSSS OFDM DSSS OFDM M 3/4,56 OFDM

6,9,12,18,
Data Rates 24,36,48,5 6,9,12,18,2
(Mb/s) 1,2 1,2,5.5,11 4 1,2,5.5,11 4,36,48,54 72-600 Mbit/s 433-6933 Mbit/s 600-9608 Mbit/s

36
802.11 continue…

➢ The first version of the 802.11 standard, released in 1997,

➢ It described FHSS 1 Mbps, and DSSS 1 Mbps and 2 Mbps in the 2.4 GHz spectrum,
describing 14 channels.

➢ 802.11 is a rich family of protocols.

➢ The standard was revised in 2007 to integrate all the amendments published over the
previous years (integrating 802.11a, b, d, e, g, h, i, and j). This cumulative version of the
standard is called 802.11-2007
 Key WiFi LiFi
Definition WiFi stands for Wireless Fidelity. LiFi stands for Light Fidelity.

WiFi was invented by NCR LiFi was coined by Prof. Harald Haas
Invented
corporation on 1991. in 2011.

WiFi transmits data using radio LiFi transmits data using light signals
Operation
waves using WiFi router. using LED bulbs.

Device WLAN 802.11/b/g/n/ac/d standard

IrDA compliant devices.
Compliance compliant devices.

Data Transfer WiFi transfer speed ranges from 150

LiFi transfer speed is about 1 Gbps.
Speed Mbps to 2 Gbps.

10,000 times radio frequency

Frequency 2.4Ghz, 4.9Ghz and 5Ghz.
spectrum.
WiFi coverage area is upto 32 LiFi coverage area is about 10
Coverage
meters. meters.
Routers, Modems and access LED bulb, LED driver and photo
Components
points. detector.

Used in internet browsing using WiFi Used in airlines, under sea

Applications
hotspot. explorations.
CHANNEL MANAGEMENT
SELECTING CHANNELS
802.11b continue…

➢ 802.11 was modified almost as soon as it was created to allow for faster speeds.

➢ 802.11b was published in 1999

➢ It described CCK to bring the data rate to 5.5 Mbps and 11 Mbps.
CHANNEL MANAGEMENT
SELECTING CHANNELS (CONT.)

The solution to 802.11b interference is to use nonoverlapping

channels 1, 6, and 11.
CHANNEL MANAGEMENT
SELECTING CHANNELS (CONT.)
Channel bonding combines two 20 MHz channels into
one 40 MHz channel.
802.11g continue…

➢ 802.11b was also too slow. A new amendment was published in 2003 introducing
OFDM to the 2.4 GHz band, and effectively. It allowing rates up to 54 Mbps.

➢ 802.11g is built to be backward compatible with 802.11b

➢ When an 802.11b station is detected in the cell, the AP informs the cell in its
information broadcasts. These broadcasts contain 2 bits set to 1: “non-ERP (that is, non-
802.11g) present” and “use protection.

➢ The downside of this protection mechanism is wasted time before each 802.11g
frame. This protection mechanism typically divides the overall throughput of the cell by
3.
802.11a continue…

➢ The 802.11a amendment was published in 1999.

➢ 802.11a uses OFDM only (6 Mbps to 54 Mbps).

➢ 802.11a offers up to 23 nonoverlapping channels.

➢ Channels are 20 MHz apart.

 802.11N

Primary 802.11n Components

40-MHz Channels Improved MAC Multiple-Input, Multiple-
Efficiency Output (MIMO)
Two adjacent 20-MHz MAC aggregation packs Maximal Ratio Combining
channels are smaller packets into a (MRC)
combined to create a single unit. Beam forming
single 40-MHz Block acknowledgment
channel. Spatial multiplexing
improves throughput.
802.11N CHANNEL
AGGREGATION CONTINUE…

➢ 802.11g and 802.11a

use 20-Mhz channels.
➢ 802.11n aggregates
two carriers to
increase the
throughput
BLOCK ACKNOWLEDGMENT
CONTINUE…

➢ 802.11 requires acknowledgment of each frame.

802.11
Packet
Header

802.11
ACK

➢ 802.11n uses block acknowledgment for constituent frames.

802.11n Packet 802.11n Packet 802.11n Packet

Header Header Header
802.11n
ACK
MAXIMAL RATIO COMBINING
CONTINUE…
➢ MRC is used by the receiver with multiple antennas to optimally combine
energies from multiple receive chains. An algorithm eliminates out-of-phase
signal degradation.
TRANSMIT BEAMFORMING
CONTINUE…

➢ The emitter can send the same signal from several antennas. By carefully coordinating
these signals based on the feedback transmitted by the 802.11n receiving station, the
emitter aims at making these signals be received in phase, thus increasing the signal
power level at the receiving station, allowing for longer range or higher throughput.
SPATIAL MULTIPLEXING
CONTINUE…

➢ The emitter can send different simultaneous signals from different radios. The 802.11n
receiver will receive these signals on all its radios. Each of the receive radios
independently decode the arriving signals. Then, each receive signal is combined with
the signals from the other radios. This results in additional throughput.
MIMO BENEFITS CONTINUE…
CISCO UNIFIED WIRELESS
NETWORK COMPONENTS
Network Services

Network Management

Network Unification

Access Points

Client Devices
CISCO UNIFIED CONTROLLER-
BASED SOLUTION
ACCESS POINTS MODELS

1-21
CONTROLLERS MODELS

1-21
Access Points Types
CHANNEL MANAGEMENT
PLANNING A WLAN DEPLOYMENT

▪ If APs are to use existing

wiring, or if there are
locations where APs cannot
be placed, note these
locations on the map.
▪ Position APs above
obstructions.
▪ Position APs vertically near
the ceiling in the center of
each coverage area, if
possible.
▪ Position APs in locations
where users are expected to
be.
STANDALONE AND LIGHTWEIGHT
APS
REPEATERS CONTINUE…

➢ Extends the AP
coverage
➢ Dual radio can
create dual half-
duplex
➢ Overlap of 50%
required
➢ Throughput
impacted when
single frequency
used

1-19
WORKGROUP BRIDGE
CONTINUE…

➢ A WGB provides wireless

connection from Ethernet
port.
➢ Several devices can benefit if
the WGB is connected to a
hub or a switch.

1-18
OUTDOOR WIRELESS BRIDGES
CONTINUE…

➢ Extend the LAN by

linking LANs
➢ Usually a few miles
range
➢ Point to point or hub
and spoke

1-20
MESH NETWORKS CONTINUE…

➢ Devices are connected with redundant connection between nodes; no

single point of failure

1-21
WLAN THREATS
SECURING WIRELESS
Auntificación basada en Mac Address
Puede controlar el acceso solo permitiendo
direcciones MAC especificas
Este mecanismo de seguridad es soportado por la
mayoría de los productos comerciales. Utiliza,
como mecanismo de autenticación, la dirección
MAC de cada estación cliente, permitiendo el
acceso a aquellas MAC que consten en la Lista de
Control de Acceso.
El administrador debe mantener y distribuir una lista
de Mac válidas
Esta dirección puede ser Clonada
WEP (Wired Equivalent Protocol)
Llave compartida es una forma de
autentificación del cliente un poco mas
segura, donde el Access Point envía un
texto en un paquete que el cliente debe
encriptar con la correcta llave WEP y
regresarla al AP. Si el cliente tiene la llave
incorrecta o no tiene llave entonces el
cliente no puede ser autentificado y por lo
tanto no puede asociarse al AP.
WPA (WiFi Proctected Access)
WPA V1 (WiFi Protected Access) es un estándar
propuesto para el cifrado de las comunicaciones
inalámbricas 802.11i se trata de un sistema que
ofrece mejores mecanismos para el cifrado de los
datos y la autenticación de los usuarios,
especialmente pensado para su integración en
grandes redes.
Elimina alguna de las vulnerabilidades del WEP.
Esta tecnología puede ser instalada en el
hardware existente a través de una actualización
del software residente (firmware). Incorpora TKIP
(Temporaly Key Integrity Protocol), y la
autenticación de usuarios IEEE802.1x.
Autenticacion 802.11x (Radius)
El IEEE ha adoptado como nuevo estándar
de autentificación el 802.1X para redes
cableadas como las no cableadas. Este
estándar provee una mutua autentificación
entre un cliente y un servidor de
autentificación. En adición 802.1X puede
proveer dinámicamente por usuario, o por
sección llaves WEP, evitando así el
problema de las llaves estáticas al
administrador de la red.
Componentes 802.11x (Radius)
Supplicant: La estación que requiere ser
autenticada.Responde a las peticiones hechas
por el Authenticator.

Authenticator: El dispositivo que hace posible que

el Supplicant se autentique. Controla el acceso
físico a la red basado en el estado de
autenticación del cliente. Actúa como
intermediario entre el cliente y el servidor
deautenticación.

Authentication Server: El dispositivo que

proporciona el servicio de autenticación al
Authenticator. Determina si el Supplicant está
autorizado para acceder a la red a partir de las
credenciales que éste proporciona.
 ➢ What is a Wireless Network?
A wireless local-area network (WLAN) uses radio waves to connect devices, such as
laptops, to the Internet and to your business network and applications

➢ How Far Does the Signal Reach?

A wireless router or access point's signal typically extends up to approximately 300
feet.

➢ Who Uses WLANs?

WLANs are frequently offered in public places such as cafes, hotels, and airport
lounges. In addition, many businesses have wireless networks throughout their office
buildings or campuses for employee and guest use.

➢ What Equipment Do I Need?

Most laptops have built-in wireless networking. If yours doesn't, you'll need a wireless
network adapter card, which is typically inexpensive and easy to install.

FAQ
Many routers act as WLAN access points. They connect multiple computers (and
wireless-capable printers) to a single WLAN and to the Internet.
You can extend WLANs throughout an area by placing additional wireless access
points in various locations. The access points extend the wireless signal's range and
strength.

1-21
FAQ CONTINUE…

➢ How Can I Secure a WLAN?

There are many ways to secure your WLAN, including:
 Data encryption, which only gives authorized users access to information over
your wireless network
 User authentication, which identifies computers trying to access the network
 Secure access for visitors and guests
 Control systems, which protect the laptops and other devices that use the
network

➢ Can two computers communicate using the wireless client cards without an
access point (AP)?
 Yes, two computers can communicate using the wireless client cards without an
AP. Connect the PC cards in Ad Hoc mode. This step eliminates peer interaction,
and one PC becomes the master.

➢ Can you share the internet between two computers?

 No, you cannot share the internet. You need to install additional software to
share an internet connection.

1-21