
WiFi 802.11 Generations, Bands, Authentication
Wireless Fundamentals
The standards we use for wireless LANs are defined in IEEE 802.11
The term Wi-Fi is a trademark of the Wi-Fi Alliance, not directly connected to the IEEE.
The Wi-Fi Alliance tests and certifies equipment for 802.11 standards compliance interoperability with other devices.
Wi-Fi has become the common term that people use to refer to 802.11 wireless LANs

Wireless Technology Issues
Wireless communications are regulated
All devices within range receives all frames, like in an Ethernet hub.

CSMA/CA
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is used to facilitate half-duplex communications.
When using CSMA/CA, a device will wait for other devices to stop transmitting before it transmit data itself.

Signal Coverage





Radio Frequency
To send wireless signals, the sender applies an alternating current to an antena, this creates electromagnetic fields which propagate out as waves.
Electromagnetic waves can be measured in multiple ways for example amplitude and frequency


The most common measurement of frequency is Hertz .
Hertz(Hz) → cycles per second
Kilohertz(KHz) → 1,000 cycles per second
Megahertz(MHz) → 1,000,000 cycles per second
Gigahertz(GHz) → 1,000,000,000 cycles per second
Terahertz(THz) → 1,000,000,000,000 cycles per second
The visible frequency range is about 400 THz to 790 THz
The radio frequency is from 30 Hz to 300 GHz and is used for many purposes
Wi-Fi Bands and Channels
Wi-Fi uses three main bands (frequency ranges):
The 2.4 GHz band typically provides further reach in open space and better penetration of obstacles such as walls. There are more devices using this band, so interference can be bigger problem compared to the 5 GHz band.
Each band is divided up into multiple ‘channels’. Devices are configured to transmit and receive traffic on one (or more) of these channels.

Overlapping
In large WLANs with multiple Access Points (AP’s), it is important that adjacent AP’s don’t use overlapping channels to avoid interference.
In the 2.4 GHz band, it is recommended to use channels 1, 6, and 11.


The 5 GHz band consist of non-overlapping channels, so it is much easier to avoid interference between adjacent AP’s.
802.11 Standard Generations

Service Sets
All devices in a service set share the same human-readable name which identifies the service set called Service Set Identifier (SSID).
Independent

Infrastructure
A Basic Service Set Identifier (BSSID) is used to uniquely identify the AP. The BSSID is the MAC address of the AP’s radio.
The area around an AP where its signal is usable is called a Basic Service Area (BSA).

APs with their own BSSs are connected by a wired network.
Each BSS uses the same SSID.
Each BSS has a unique BSSID.
Each BSS uses a different channel to avoid interference.
Clients can move between APs without having to reconnect (this is called roaming )
The BSAs should overlap about 10-15%.

Mesh
Mesh APs use two radios: one to provide a BSS to wireless clients, and one to form a ‘backhaul network’ which is used to bridge traffic from AP to AP.
The AP connected to the wired network is called Root Access Point (RAP).
The other APs are called Mesh Access Points (MAPs)
A protocol is used to determine the best path through the mesh (similar to routing protocols)

Distribution System
Most Wi-Fi networks are a way to connect wireless clients to the wired network infrastructure.
In 802.11, the upstream wired network is called the Distribution System (DS).
Each wireless BSS or ESS is mapped to a VLAN in the wired network.

Additional AP Operational Modes
Outdoor Bridge
It is used to connect networks over long distances without a physical cable connecting them. The APs will use specialized one-direction antennas.
The connection can be point-to-point or point-to-multipoint in which multiple sites connect to one central site.

Wireless Network Security
Because wireless signals are not within a wire, any device within range of the signal can receive the traffic. Therefore, it is very important to encrypt traffic between the wireless and the AP.
Authentication
No password needed
Combined with Captive Portals
Encrypted but not secure anymore
Lightweight EAP (LEAP)
EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
Protected EAP (PEAP)
EAP Transport Layer Security (EAP-TLS)
Encryption and Integrity Methods
Traffic between clients and APs should be encrypted so that it can’t be read by anyone else.
A Message Integrity Check (MIC) is added to messages to ensure that the message was not modified by a third-party.

Insecure encryption, not used anymore
Added more secure features to WEP. It is used in Wi-Fi Protected Access version 1 WPA
Developed after TKIP and is more secure. It is used in WPA2
Old hardware built only to use WEP/TKIP cannot use CCMP.
Consists of two different algorithms to provide encryption and MIC:
1.
Advanced Encryption Standard (AES ), this is the most secure encryption protocol currently available.
2.
Cipher Block Chaining Message Authentication Code (CBC-MAC), is used as a MIC to ensure the integrity of messages.
It is more secure and efficient than CCMP and allows higher data throughput than CCMP. It is used in WPA3
Consists of two different algorithms to provide encryption and MIC:
1.
Advanced Encryption Standard (AES ), this is the most secure encryption protocol currently available.
2.
Galois Message Authentication Code (GMAC), is used as a MIC to ensure the integrity of messages.
Wi-Fi Protected Access (WPA)
The Wi-Fi alliance has developed the WPA certifications for wireless devices.
TKIP (based on WEP) provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
CCMP provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
GCMP provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
WPA3 also provides additional security features:
Protected Management Frames (PMF) protects 802.11 management frames from eavesdropping/forging
Simultaneous Authentication of Equals (SAE) protects the four-way handshake when using personal mode.
Forward secrecy prevents data from being decrypted after it has been transmitted over the air.
Wireless Frame Types
Wireless frames in IEEE 802.11 (Wi-Fi) networks are categorized into three main types: Management frames , Control frames , and Data frames . Each of these main types has several subtypes, each serving a specific purpose in the wireless communication process.
Management Frames
Management frames are used for establishing and maintaining communication between devices in a wireless network. Here are the key subtypes:
Control Frames
Control frames assist in the delivery of data frames and in managing access to the wireless medium. Key subtypes include:
Data Frames
Data frames carry the actual data payload between devices. Key subtypes include:
Wireless LAN Controller (WLC)

Ubiquiti UniFi
Self-hosted UniFi Controller
# apt-get update; apt-get install ca-certificates curl -y
# curl -sO https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh
https://ip.of.your.server:8443