SECOND EDITION 802.11® Wireless Networks: The Definitive Guide Matthew Gast Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo 802.11® Wireless Networks: The Definitive Guide, Second Edition by Matthew Gast Copyright © 2005 Mathhew Gast. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Editor: Mike Loukides Cover Designer: Karen Montgomery Production Editor: Colleen Toporek Interior Designer: David Futato Illustrator: Robert Romano April 2002: First Edition. April 2005: Second Edition. Revision History for the Second Edition: 2008-10-20 Sixth release 2010-04-12 Seventh release 2010-08-30 Eighth release 2011-02-18 Ninth release 2013-04-05 Tenth release See http://oreilly.com/catalog/errata.csp?isbn=9780596100520 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. 802.11® Wireless Networks: The Definitive Guide, Second Edition, the image of a horseshoe bat, and related trade dress are trademarks of O’Reilly Media, Inc. 802.11® and all 802.11-based trademarks and logos are trademarks or registered trademarks of IEEE, Inc. in the United States and other countries. O’Reilly Media, Inc. is independent of IEEE. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-0-596-10052-0 [LSI] 1365099566 Table of Contents Foreword ................................................................... ix Preface ..................................................................... xi 1. Introduction to Wireless Networking ....................................... 1 Why Wireless? 1 What Makes Wireless Networks Different 6 A Network by Any Other Name... 8 2. Overview of 802.11 Networks ............................................ 13 IEEE 802 Network Technology Family Tree 14 802.11 Nomenclature and Design 15 802.11 Network Operations 24 Mobility Support 30 3. 802.11 MAC Fundamentals .............................................. 33 Challenges for the MAC 35 MAC Access Modes and Timing 38 Contention-Based Access Using the DCF 42 Fragmentation and Reassembly 45 Frame Format 47 Encapsulation of Higher-Layer Protocols Within 802.11 55 Contention-Based Data Service 56 Frame Processing and Bridging 65 4. 802.11 Framing in Detail ................................................ 69 Data Frames 69 Control Frames 78 Management Frames 84 Frame Transmission and Association and Authentication States 114 iii 5. Wired Equivalent Privacy (WEP) ......................................... 117 Cryptographic Background to WEP 118 WEP Cryptographic Operations 120 Problems with WEP 126 Dynamic WEP 130 6. User Authentication with 802.1X ........................................ 133 The Extensible Authentication Protocol 134 EAP Methods 140 802.1X: Network Port Authentication 145 802.1X on Wireless LANs 149 7. 802.11i: Robust Security Networks, TKIP, and CCMP ........................ 153 The Temporal Key Integrity Protocol (TKIP) 153 Counter Mode with CBC-MAC (CCMP) 164 Robust Security Network (RSN) Operations 168 8. Management Operations ............................................... 175 Management Architecture 175 Scanning 176 Authentication 181 Preauthentication 185 Association 189 Power Conservation 193 Timer Synchronization 202 Spectrum Management 204 9. Contention-Free Service with the PCF .................................... 219 Contention-Free Access Using the PCF 219 Detailed PCF Framing 223 Power Management and the PCF 228 10. Physical Layer Overview ............................................... 231 Physical-Layer Architecture 231 The Radio Link 231 RF Propagation with 802.11 238 RF Engineering for 802.11 244 11. The Frequency-Hopping (FH) PHY ........................................ 247 Frequency-Hopping Transmission 247 Gaussian Frequency Shift Keying (GFSK) 252 FH PHY Convergence Procedure (PLCP) 254 iv | Table of Contents Frequency-Hopping PMD Sublayer 257 Characteristics of the FH PHY 258 12. The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b) ..................... 259 Direct Sequence Transmission 259 Differential Phase Shift Keying (DPSK) 266 The “Original” Direct Sequence PHY 269 Complementary Code Keying 273 High Rate Direct Sequence PHY 274 13. 802.11a and 802.11j: 5-GHz OFDM PHY ................................... 283 Orthogonal Frequency Division Multiplexing (OFDM) 284 OFDM as Applied by 802.11a 289 OFDM PLCP 298 OFDM PMD 300 Characteristics of the OFDM PHY 304 14. 802.11g: The Extended-Rate PHY (ERP) ................................... 307 802.11g Components 307 ERP Physical Layer Convergence (PLCP) 312 ERP Physical Medium Dependent (PMD) Layer 316 15. A Peek Ahead at 802.11n: MIMO-OFDM ................................... 321 Common Features 322 WWiSE 324 TGnSync 335 Comparison and Conclusions 350 16. 802.11 Hardware ..................................................... 353 General Structure of an 802.11 Interface 353 Implementation-Specific Behavior 358 Reading the Specification Sheet 360 17. Using 802.11 on Windows .............................................. 363 Windows XP 363 Windows 2000 377 Windows Computer Authentication 379 18. 802.11 on the Macintosh ............................................... 383 The AirPort Extreme Card 383 802.1X on the AirPort 388 Table of Contents | v 19. Using 802.11 on Linux ................................................. 397 PCMCIA Support on Linux 397 Linux Wireless Extensions and Tools 406 Agere (Lucent) Orinoco 412 Atheros-Based cards and MADwifi 415 802.1X on Linux with xsupplicant 418 20. Using 802.11 Access Points ............................................. 425 General Functions of an Access Point 426 Power over Ethernet (PoE) 432 Selecting Access Points 434 Cisco 1200 Access Point 438 Apple AirPort 443 21. Logical Wireless Network Architecture ................................... 449 Evaluating a Logical Architecture 449 Topology Examples 463 Choosing Your Logical Architecture 485 22. Security Architecture .................................................. 489 Security Definition and Analysis 490 Authentication and Access Control 495 Ensuring Secrecy Through Encryption 504 Selecting Security Protocols 512 Rogue Access Points 523 23. Site Planning and Project Management .................................. 531 Project Planning and Requirements 532 Network Requirements 534 Physical Layer Selection and Design 545 Planning Access-Point Placement 550 Using Antennas to Tailor Coverage 558 24. 802.11 Network Analysis ............................................... 567 Network Analyzers 567 Ethereal 570 802.11 Network Analysis Checklist 579 Other Tools 584 25. 802.11 Performance Tuning ............................................ 587 802.11 Performance Calculations 587 Improving Performance 590 vi | Table of Contents Tunable 802.11 Parameters 592 26. Conclusions and Predictions ............................................ 599 Standards Work 599 Current Trends in Wireless Networking 601 The End 611 Glossary ................................................................... 613 Index ..................................................................... 623 Table of Contents | vii