Introduction to Wireless Networks

The only options you have to hack WPA or WPA 2 are to use a dictionary file (which is basically a big list with all words from the dictionary) or brute-force (which tries every possible combination one by one). If you use a Preshared key with enough characters and enough complexity you should be reasonable safe.

this is not true anymore.

EDIT:
I think this material should be read and rewrite in more than 1 place. Another example:

So are WPA and WPA 2 safe from hackers? Yes and no. Nobody so far managed to find a weakness in the protocols so it’s safe but it depends on the key you are using.

WPA2 was already cracked.

The only options you have to hack WPA or WPA 2 are to use a dictionary file (which is basically a big list with all words from the dictionary) or brute-force (which tries every possible combination one by one). If you use a Preshared key with enough characters and enough complexity you should be reasonable safe.

this is also inaccurate.

brute force is a permutation attack (every generated option)

dictonary is based on common world known by users.

Again those are not the ONLY options.

~~Gracjan Borowiak

Hello Guys,

I have one case on which client is dropping intermittently from wifi. What checks we can do on this from WLC side ?

Hello Raj

This problem could be due to several factors. The best approach would be to perform some debugging on the WLC for a particular client during its disconnects. This will give you the reason behind the drops and will help you to move on to additional troubleshooting steps. A couple of debug commands that would be helpful include:

debug client <mac-address>

Here you can add the MAC address of the particular client you are examining. An example of some output you may see is found below:

(Cisco Controller) >debug client 00:0a:95:9d:68:16

*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Received Disassociate from mobile on AP 00:0b:85:59:2a:20
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Deleting client on AP 00:0b:85:59:2a:20(0)
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 State machine transition from Disassociated to Idle
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Skipping L2 roam because state is not L2Associated
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Not Using WMM Compliance code qosCap 00.
*apfReceiveTask: Jun 23 20:33:40.493: 00:0a:95:9d:68:16 Ignoring mobile, downlink packet

In this example, you can see that the client with MAC address 00:0a:95:9d:68:16 sent a Disassociate message to the AP it was connected to (00:0b:85:59:2a:20). This triggered a transition from the Disassociated state to the Idle state.

Similarly, you can debug the AAA operations to examine if the client is failing during the authentication process, using the following command:

debug aaa all enable

An example of output you may see includes:

(Cisco Controller) >debug aaa all enable

*aaaQueueReader: Jun 24 14:25:43.108: 00:0a:95:9d:68:16 Trying to authenticate with Radius server
*aaaQueueReader: Jun 24 14:25:43.110: 00:0a:95:9d:68:16 Sending RADIUS packet to server with ID 164
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 Received RADIUS packet from server with ID 164
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 Received RADIUS response code 3 (Access-Reject) for mobile 00:0a:95:9d:68:16
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 RADIUS server has returned Access-Reject for user host/MyLaptop.domain.com
*aaaQueueReader: Jun 24 14:25:43.212: 00:0a:95:9d:68:16 AAA Authentication Failure for UserName:host/MyLaptop.domain.com User Type: WLAN USER

In this example, the client with MAC address 00:0a:95:9d:68:16 tries to authenticate with the Radius server. The WLC sends a RADIUS packet to the server. However, the server responds with a Access-Reject response. This typically indicates that the credentials provided by the client (username/password or certificate, depending on the authentication method) were not correct.

For more debug commands that may be helpful, take a look at this Cisco command reference:

I hope this has been helpful!

Laz

Hello, I would be grateful if you could explain how these works for inflight wifi please.

Hello Kailash

The Wi-Fi service that is delivered on airplanes is provided by one or more Wi-Fi access points within the airplane itself, to connect the client devices. This network is then connected to a satellite communication system that connects the Wi-Fi network to the Internet. Typically, the data rates provided are relatively low per client (on the order of several hundred Kbps or even 1 or 2 Mbps. With such speeds, users typically use instant messaging, email, web browsing, and various mobile apps. Higher bandwidth applications including videoconferencing and on-demand streaming services won’t function well at such low bandwidths.

These limitations are because many users must share a single satellite connection which is typically limited in bandwidth and relatively expensive at the same time. However, speeds are increasing and costs are going down with the advent of newer services.

I hope this has been helpful!

Laz

Users in france office are facing random wifi issues. Here tried upgrading drivers . and we also collected RCA traces on user mac address. We didnt find anything. And after some network change this happened. What exactly we need to check here?

Hello Sonti

It sounds like you’ve done some initial troubleshooting already, which is great. On the other hand having limited information, we can only help you at a very high level, with general guidelines that you can use to focus in on the problem.

Here are a few steps you can follow and some questions to ask:

  1. You said the issue started after some network changes. What changed?
  2. Is the problem isolated to clients connected to one access point or to all access points? (if you have more than one).
  3. Is the problem isolated to specific types of devices and OSes or to all devices? (mobile devices Android/iOS, Windows/Mac laptops).
  4. Network connectivity issues: Do you actually see disconnects of the Wi-Fi devices from the wireless network or are the connectivity problems located somewhere within the wired network itself?
  5. Are only the Wi-Fi devices having problems or do you see similar issues with wired devices?
  6. Check the DHCP Server and ensure that the DHCP server is functioning correctly and has enough IP addresses to assign to all devices. If the DHCP pool is exhausted, new devices trying to connect would face issues.

After looking at all of these, you should at least know how to describe the problem more specifically. Once you know this, you can then go on to the next steps of focusing in on the problem. Let us know how you get along!

I hope this has been helpful!

Laz

The wireless standards grid is outdated, needs an update for 802.11ac and 802.11ax , explanation of differences between WiFi5 and WiFi6

Hello Eugene

Indeed you are correct. There is also 802.11be which is the upcoming WiFi7 standard. I will let Rene know your suggestion so he can consider updating the table.

Thanks again!

Laz

Hello, everyone.

I was planning to cover Wireless the next year and from what I’ve seen, some topics are very theory-heavy and would make more sense to me if I could lab them. Seeing the 4-way handshake, WLC registration and such would be much easier for me to learn and understand if I could see it practically on real gear/in wireshark.

I was planning to build a simple topology like this:

2 APs, 1 WLC and 1 layer 3 switch (so I don’t have to buy a switch and a router separately).

I’ve checked Rene’s lesson when it comes to building a lab and I also checked the cisco feature navigator tool but everything there seems to run on IOS XE? Which I believe is completely different from the IOSes that I’ve used so far?

So for this reason, do you guys have any recommendations or tips for AP/WLC/Switch models capable of achieving the desired topology above? Since this is CCNP-level, I would like to see things like the 4-way handshake, RADIUS authentication, WPA3, etc.

From what I also know, newer WLCs also have a new GUI?

Since I have never really searched for real gear (everything that I’ve done was in PT or CML), do you have any suggestions or tips on what I could do here?

Thank you.
David

Hello David,

There is quite some theory to learn with wireless. The best thing to start with is to focus on 802.11 in general. Forget about the WLC and Cisco APs when you start because it’s very vendor specific. There is a LOT to learn with only a simple AP and doing wireless captures. Grab a cheap AP that can do WEP, WPA, WPA2 and 802.1X and you’ll be able to do a lot.

Get the CWNA book from CWNP and go through it. It’s vendor neutral and focuses on 802.11. it’s interesting and a lot of fun. Once you feel familiar with 802.11, see what you can do with the WLC and Cisco APs.

Btw the WLC can be virtualized. That’s what I use when needed.

Rene

1 Like

Regular IOS is monolithic and IOS-XE runs on top of the Linux kernel. Functionally wise the two are similar and you won’t see many differences.

Hello, everyone.

I have several questions

  1. First of all, how exactly do CSMA/CD and CSMA/CA differ? From my understanding after reading the explanations from the NW notes, CSMA/CD is capable of detecting and recovering from collisions after transmission has begun while CSMA/CA cannot do that therefore it aims to avoid them completely?

So to help me imagine this further, why cannot wireless clients also listen for collisions, detect them, and recover once transmission has begun? The explanation is often that there is no cable like in wired networks but is it really not possible to detect whether there are two wireless signals that bumped into eachother?

  1. I understand that the RTS/CTS process is involved in the background as a part of CSMA/CA. My question is regarding the following paragraph of information:

After successfully transmitting data, the sending device awaits an acknowledgment (ACK) from the receiving device. If the ACK is not received within a specified time, indicating that the transmission may have been unsuccessful (possibly due to a rare collision or other issues), the sending device will attempt to resend the data after waiting for a random backoff period.

What exactly is this acknowledgement from the receiving device? Does it use a specific protocol? What if the data eventually travels over a wired network to the receiver? How would the receiver know that it needs to send an ACK back? I suppose that in this case, the AP would send the ACK? Since ACKs are only relevant to WiFi networks.

  1. About the Hidden Node Problem.

It says that this is a problem that occurs when, for example, PC1 on the left wants to transmit data and even if PC2 is transmitting something, PC1 won’t detect this because PC2’s signals don’t reach PC1 because of the distance.

The RTS/CTS mechanism solves this problem. However, I have a question.

If PC2 really was sending something to the AP, wouldn’t the AP also be sending out Wireless signals when further forwarding the data? Which would definitely reach PC1 and it would know that the channel is in fact, not idle.

Thank you.
David

Hello David

Ah yes, these two technologies are similar, but they differ based on the nature of the medium in which they operate. CSMA/CD or “collision detection” actively detects collisions on the wire. These are perceived by the devices when unusually high voltages are detected on the wire due to the “addition” of the signals sent. The nature of the wire allows such detection to take place immediately, even before any frames or data is processed by each host. So hosts can stop before having sent any data out.

CSMA/CA on the other hand operates with “collision avoidance”. A collision on the wireless medium does not create the “addition” of the waveforms that you see on the wire. So there’s no way to detect a collision until the host actually receives the signal, processes it and realizes that it is not for itself, and then discards it. So on a wireless medium, a collision is only detected after the frame is processed. So, CSMA/CA must implement algorithms that help to avoid or prevent collisions from happening. More details on how it works can be found at this NetworkLessons note.

The acknowledgment (ACK) is part of the 802.11 protocol’s MAC layer. After sending a data frame, the wireless sender waits for an ACK frame from the receiver, which is typically the access point itself. This ACK will never be received over a wired connection because it is specific to Layer 2 of the wireless MAC layer. It is only sent between the two wireless hosts communicating at that time. If you do a search for 802.11 frame types, you’ll see that Wi-Fi has dozens of frame types, one of which is the ACK. This complexity of the wireless MAC frame gives an indication of the intricate nature of the collision avoidance algorithm used to optimize wireless communications. Now if the ACK is not received within a Short Inter-Frame Space (SIFS), the sender assumes a collision or transmission error and retries after a random backoff. The SIFS is defined as the amount of time in microseconds required for a wireless interface to process a received frame and to respond with a response frame.

As you suggest, the hidden node problem occurs when two devices are out of each other’s range but both are in range with the same access point (AP). In such a scenario, if PC1 begins transmitting while PC2 is already transmitting, their frames may collide at the AP. But won’t the AP’s communication with PC2 inform PC1 that another device is talking? Well, not conclusively. The AP, while receiving data from PC2, doesn’t rebroadcast those signals back to PC1. It may respond, but at any point in time it may be just listening. In addition, the AP will also be responding to many other clients too, so sorting through which signals correspond to which host, and whether that host is in range of PC1 or not becomes complex and inconclusive. So just relying on the AP’s response to PC2 is not enough to let PC1 know that there may be a collision. That’s the reason why the RTS/CTS mechanism is needed. Does that make sense?

I hope this has been helpful!

Laz

Hello, Laz.

Great answer, thank you! I have one more question.

What is the difference between noise and interference? If the signal isn’t strong enough to cause an interference, it’s just noise and vice-versa? I’ve seen some explanations online and I was more confused by them :smiley:

Thank you.
David

Hello David

These are related phenomena, but each has a distinct meaning.

Noise can be defined as unwanted ambient signals not part of WiFi communication. Sources of noise are typically non-wi-fi devices such as microwaves, cordless phones, radar, and natural phenomena like thermal noise. There is ALWAYS noise that comes in as part of a wireless signal. Noise is measured in dBm, with values around -85 dBm being acceptable in an urban environment, while values of -100 dBm or lower are extremely low, which may be experienced in rural areas. Noise is generally broad-spectrum or out-of-band, meaning it ranges on a whole series of frequencies in and around the Wi-Fi frequency bands, but is not confined to them, and noise is generally random and unstructured.

Interference on the other hand is defined as unwanted signals within the same or adjacent frequency bands as Wi-Fi. Sources of interference come from other Wi-Fi networks, Bluetooth devices, or any in-band signals overlapping with your channel. Interference is more difficult to quantify and measure than noise so there is no clearcut measurement method. Sometimes a value of interference power (dBm) is used, which indicates the power of the interfering signal, or SINR (Signal-to-Interference-plus-Noise Ratio) can also be used, but these require more complex calculations and measurements. Interference is structured often delivering overlapping data packets, and is much more disruptive than noise at the same power level due to in-band overlap.

I hope this has been helpful!

Laz

Hello Laz.

So could large noise degrade the signal even if it doesn’t operate on the same frequency as our WiFi signal?

Thank you.
David

Hello David

The quick answer is no. Strong signals of any type (noise or interference) in a completely different frequency range usually have minimal or no impact on the operation of Wi-Fi.

However, you should be aware of the nature of radio frequency (RF) signals. Frequencies are not always confined completely within particular ranges. If the power level is extremely high, there can be harmonics or spurious emissions that bleed into neighboring bands (i.e. the Wi-Fi band), resulting in interference to the Wi-Fi radio.

I hope this has been helpful!

Laz

Hello Laz.

I have a question regarding WiFi location services. I understand that in order to determine the location of a device in a wireless network, we could design our APs in a way, where they will form a triangle such as this

[image removed]

The 3 towers (or APs in our case) would all report what the RSSI is and a system like Cisco DNA/Prime could use this information to determine the exact location of the client based off what these 3 APs are saying.

[image removed]

My question is, what if the device is located only within the range of 1 AP? Say it’s close to it, so somewhere in the middle. This means that the other APs won’t detect this device, only that 1 AP will because the overlap isn’t 100%. Can this still generate accurate location data?

Thank you.
David

Hello David

If the device is located only within the range of 1 AP, the best the AP can typically do is to determine the distance from the AP based on the RSSI, and not the direction. If that distance is calculated to be 30 meters for example, then the single AP can only determine that the client is somewhere on a circle around it with a radius of 30 meters.

Now having said that, there are technologies that can determine the general direction of a client using only a single AP. APs that support MIMO and MU-MIMO have multiple antennas within them. Those multiple antennas are able to perform things like beamforming as well as an estimation of the angle of arrival to get some idea of the direction of the host. This is done using complex signal processing algorithms. Technically speaking, such an AP is able to determine distance, as well as some degree of direction, thus being able to narrow down the location of the client. Now the question is, to what degree have vendors like Cisco employed these techniques to be used with a single AP? Unless vendors explicitly describe their algorithms, it remains unknown how accurate they are. Even so the use of two, or even three APs is still more accurate.

I hope this has been helpful!

Laz