Introduction
Wireless networks often extend an existing wired infrastructure. The wired infrastructure may be quite complex to begin with, especially if it spans several buildings in a campus setting. Any Wireless networks depend on having a solid, stable, well-designed wired network in place. If the existing wired network is not stable, chances are the wireless extension is doomed to be instabile as well , further based on the requirement multiple wireless solutions & architecture are available for deployment . Starting from a single WAP to Multiple WAP’s (BSS to EBSS) working in bridged mode , further centralised through the use of Controller’s , dynamic VLAN provisioning for wireless user’s . Combinations of Technologies(Radius , Controller’s , LDAP , AD, TACACs, DHCP , NPS, NAC….etc ) are used to achieve a particular wireless objective or the wireless requirement .
Wireless LAN Architecture
Each of the wireless topologies has its own strengths and weaknesses. Choosing a topology depends on which criteria are compelling on your network.
Some of those criteria are listed below.
· MOBILITY
· SECURITY
· PERFORMANCE
· BACKBONE ENGINEERING
· NETWORK SERVICES
· CLIENT INTEGRATION
Wireless Topology based on the deployment type & its Capabilities :
1. Single subnet wireless LAN
2. Multiple Subnet based Wireless LAN
3. Non-VLAN based
4. VLANs spanning multiple switches
5. Non-contiguous deployments
6. Mobility through tunnelling- Tunneling approaches work to unite disjointed coverage areas. One of the advantages of this architecture is that it is easy to use it with IPsec.
7. Dynamic VLAN assignment through 802.1x (dot1x) , Differentiated user services QOS based.
802.1x is the cornerstone of dynamic VLAN assignment. It plugs the wireless network neatly into an existing authentication infrastructure. Authentication servers have user profiles and privileges, and can map that privilege information on to the wireless LAN. Client authenticating is called an 802.1x supplicant.
Until the client is authenticated, nothing happens.
One of the most popular uses of RADIUS AVPs is in assigning users into VLANs dynamically based on the user’s identity.
802.1x EAP will let the client authenticate to be able to configure the interface accordingly to the user group & AAA policy , a valid IP address is received from DHCP server based on the User group, user receives the IP from the appropriate VLAN, for example : An IT user will reicvee an IP pertinent to IP VLAN’ s . Failing to authenticate, port will be configured to be dynamically configured for Guest VLAN so that he will be part of Guest VLAN with limited Access. Further Quality of service can be provided through the use of Differentiated Services Code point, packets can be marked to be part of class 1 – 4 (Assured Forwarding – Data Class), Class 5 (Expedited Forwarding – Voice Class), Class 6(110) is Internetwork Class or Network control class, Class 0 is Default Class.
The advantage of doing authentication at the link layer, rather than a higher layer, is that users can be placed on a particular network with the privileges associated with that network from the start. When the access point receives the Access Accept message from the RADIUS server, it sends an 802.1X EAP Success message to the client. Network card drivers on the client interpret the EAP Success message as the equivalent event to a “link up” message, and send their DHCP request and begin initializing the network stack. By the time the network stack has begun to initialize, the network has already automatically configured itself to restrict the user to a particular set of access rights.
8. Autonomous AP’s based - An autonomous AP is now being referred to in IETF RFC documents as local - MAC AP.
9. WLAN Bridging – When facilities are separated from each other and no physical network - capable wiring exists between them, wireless bridges are often employed.
10. Mesh architecture - the basic concept is that a root AP, known as a mesh point portal (MPP), would have a connection to the wired network and an additional node AP, known as a mesh point (MP), which can form a repeater relationship with the mesh point portal to expand the RF coverage area of the network.
Although a WLAN mesh network can be a mesh of repeater - like access points that all operate on one frequency, dual - band mesh APs are now much more common. With dual - band WLAN mesh APs, typically the 5 GHz radios are used for the mesh infrastructure and to provide backhaul while the 2.4 GHz radios are used to provide access to the client stations.
11. WLAN Array - WLAN array consists of WLAN switch and sixteen 802.11 WLAN (Wi-Fi) access points in a single device. Due to this approach, there is increase in the bandwidth; it also increases the range performance. It also increases in the high gain, the performance and the capacity of the WLAN
12. Centralised Wireless (WLAN) Controller based – This is the most popular architecture used by bigger enterprises as it helps reduce the management burden , As enterprise WLAN deployments began to grow larger in size, so did the administrative burden of managing and configuring individual autonomous APs. Therefore, most vendors have moved to a more centralized WLAN architecture. APs have been replaced with controller - based access points also known as thin APs. A controller - based AP has minimal intelligence, and functionally is just a radio card and an antenna. All the intelligence resides in a centralized WLAN controller.
The majority of WLAN controller vendors implement what is known as a split MAC architecture. With this type of WLAN architecture, some of the MAC services are handled by the WLAN controller, and some are handled by the controller - based access point.
[1]Matthew S. Gast, M. (2005). 802.11 Wireless Networks: The Definitive Guide, 2nd Edition (2nd ed.). O’Reilly Media, Inc. [2]Matthew S. Gast, M. (2005). 802.11 Wireless Networks: The Definitive Guide, 2nd Edition (2nd ed.). O’Reilly Media, Inc. [4]Coleman, D. D., Westcott, D. A., Harkins, B. E., & Jackman, S. M. (2010). CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204 (1st ed.). Sybex. [5]Securing Wireless network , EC-Council