Wireless Fundamentals
The standards we use for wireless LANs are defined in IEEE 802.11
The term Wi-Fi is a trademark of the Wi-Fi Alliance, not directly connected to the IEEE.
The Wi-Fi Alliance tests and certifies equipment for 802.11 standards compliance interoperability with other devices.
Wi-Fi has become the common term that people use to refer to 802.11 wireless LANs

Wireless Technology Issues

Wireless communications are regulated
All devices within range receives all frames, like in an Ethernet hub.

CSMA/CA

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) is used to facilitate half-duplex communications.
When using CSMA/CA, a device will wait for other devices to stop transmitting before it transmit data itself.

Signal Coverage

Absorption happens when a wireless signal passes through a material and is converted into heat, weakening the original signal.
Reflection happens when a signal bounces off of a material, for example metal.
Refraction happens when a wave is bent when entering a medium where the signal travels at a different speed.
Diffraction happens when a wave encounters an obstacle and travels around it.
Scattering happens when a material causes a signal to scatter in all directions.

Radio Frequency

To send wireless signals, the sender applies an alternating current to an antena, this creates electromagnetic fields which propagate out as waves.
Electromagnetic waves can be measured in multiple ways for example amplitude and frequency
Amplitude is the maximum strength of the electric and magnetic field
Frequency measures the number of up/down cycles per a given unit of time.
The most common measurement of frequency is Hertz.
Hertz(Hz) → cycles per second
Kilohertz(KHz) → 1,000 cycles per second
Megahertz(MHz) → 1,000,000 cycles per second
Gigahertz(GHz) → 1,000,000,000 cycles per second
Terahertz(THz) → 1,000,000,000,000 cycles per second
The visible frequency range is about 400 THz to 790 THz
The radio frequency is from 30 Hz to 300 GHz and is used for many purposes

Wi-Fi Bands and Channels

Wi-Fi uses three main bands (frequency ranges):
2.4 GHz band (2.400 GHz to 2.4835 GHz)
5 GHz band (5.150 GHz to 5.825 GHz)
6 GHz band (802.11ax) - Wi-Fi 6
The 2.4 GHz band typically provides further reach in open space and better penetration of obstacles such as walls. There are more devices using this band, so interference can be bigger problem compared to the 5 GHz band.
Each band is divided up into multiple ‘channels’. Devices are configured to transmit and receive traffic on one (or more) of these channels.

Overlapping

In large WLANs with multiple Access Points (AP’s), it is important that adjacent AP’s don’t use overlapping channels to avoid interference.
In the 2.4 GHz band, it is recommended to use channels 1, 6, and 11.
The 5 GHz band consist of non-overlapping channels, so it is much easier to avoid interference between adjacent AP’s.

802.11 Standard Generations

Service Sets

All devices in a service set share the same human-readable name which identifies the service set called Service Set Identifier (SSID).

Independent

Independent Basic Service Set (IBSS) is a wireless network in which two or more wireless devices connect directly without using an AP. Also called ad hoc network (ie. AirDrop)

Infrastructure

Basic Service Set (BSS) is a kind of Infrastructure service set in which clients connect to each other via an Access Point (AP).
A Basic Service Set Identifier (BSSID) is used to uniquely identify the AP. The BSSID is the MAC address of the AP’s radio.
The area around an AP where its signal is usable is called a Basic Service Area (BSA).
Extended Service Set (ESS) is used to create larger wireless LANs beyond the range of a single AP.
APs with their own BSSs are connected by a wired network.
Each BSS uses the same SSID.
Each BSS has a unique BSSID.
Each BSS uses a different channel to avoid interference.
Clients can move between APs without having to reconnect (this is called roaming)
The BSAs should overlap about 10-15%.

Mesh

Mesh Basic Service Set (MBSS) can be used in situations where it’s difficult to run an Ethernet connection to every AP.
Mesh APs use two radios: one to provide a BSS to wireless clients, and one to form a ‘backhaul network’ which is used to bridge traffic from AP to AP.
The AP connected to the wired network is called Root Access Point (RAP).
The other APs are called Mesh Access Points (MAPs)
A protocol is used to determine the best path through the mesh (similar to routing protocols)

Distribution System

Most Wi-Fi networks are a way to connect wireless clients to the wired network infrastructure.
In 802.11, the upstream wired network is called the Distribution System (DS).
Each wireless BSS or ESS is mapped to a VLAN in the wired network.

Additional AP Operational Modes

Outdoor Bridge

It is used to connect networks over long distances without a physical cable connecting them. The APs will use specialized one-direction antennas.
The connection can be point-to-point or point-to-multipoint in which multiple sites connect to one central site.
Wireless Network Security
Because wireless signals are not within a wire, any device within range of the signal can receive the traffic. Therefore, it is very important to encrypt traffic between the wireless and the AP.

Authentication

Open Authentication
No password needed
Combined with Captive Portals
Wired Equivalent Privacy (WEP)
Encrypted but not secure anymore
Extensible Authentication Protocol (EAP)
Lightweight EAP (LEAP)
EAP Flexible Authentication via Secure Tunneling (EAP-FAST)
Protected EAP (PEAP)
EAP Transport Layer Security (EAP-TLS)

Encryption and Integrity Methods

Encryption
Traffic between clients and APs should be encrypted so that it can’t be read by anyone else.
Integrity
A Message Integrity Check (MIC) is added to messages to ensure that the message was not modified by a third-party.
Encryption and Integrity Methods
Wired Equivalent Privacy (WEP)
Insecure encryption, not used anymore
Temporal Key Integrity Protocol (TKIP)
Added more secure features to WEP. It is used in Wi-Fi Protected Access version 1 WPA
Counter/CBC-MAC Protocol (CCMP)
Developed after TKIP and is more secure. It is used in WPA2
Old hardware built only to use WEP/TKIP cannot use CCMP.
Consists of two different algorithms to provide encryption and MIC:
1.
Advanced Encryption Standard (AES), this is the most secure encryption protocol currently available.
2.
Cipher Block Chaining Message Authentication Code (CBC-MAC), is used as a MIC to ensure the integrity of messages.
Galois/Counter Mode Protocol (GCMP)
It is more secure and efficient than CCMP and allows higher data throughput than CCMP. It is used in WPA3
Consists of two different algorithms to provide encryption and MIC:
1.
Advanced Encryption Standard (AES), this is the most secure encryption protocol currently available.
2.
Galois Message Authentication Code (GMAC), is used as a MIC to ensure the integrity of messages.

Wi-Fi Protected Access (WPA)

The Wi-Fi alliance has developed the WPA certifications for wireless devices.
WPA developed after WEP and proven to be vulnerable.
TKIP (based on WEP) provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
WPA2 released in 2004
CCMP provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
WPA3 released in 2018
GCMP provides encryption/MIC.
802.1X authentication (Enterprise mode) or PSK (Personal mode)
WPA3 also provides additional security features:
Protected Management Frames (PMF) protects 802.11 management frames from eavesdropping/forging
Simultaneous Authentication of Equals (SAE) protects the four-way handshake when using personal mode.
Forward secrecy prevents data from being decrypted after it has been transmitted over the air.
Personal mode: A pre-shared key(PSK) is used for authentication (SSID + password).
Enterprise mode: 802.1X is used with an authentication server (RADIUS server).
Wireless Frame Types
Wireless frames in IEEE 802.11 (Wi-Fi) networks are categorized into three main types: Management framesControl frames, and Data frames. Each of these main types has several subtypes, each serving a specific purpose in the wireless communication process.

Management Frames

Management frames are used for establishing and maintaining communication between devices in a wireless network. Here are the key subtypes:
Association Request: Sent by a client to request association with an access point (AP).
Association Response: Sent by the AP in response to an association request, indicating acceptance or rejection.
Reassociation Request: Sent by a client to move its association from one AP to another.
Reassociation Response: Sent by the new AP in response to a reassociation request.
Probe Request: Sent by a client to discover available networks.
Probe Response: Sent by an AP in response to a probe request, providing information about the network.
Beacon: Sent periodically by an AP to announce the presence of a network.
ATIM (Announcement Traffic Indication Message): Used in ad-hoc networks to announce buffered frames.
Disassociation: Sent by a device to terminate an association.
Authentication: Used in the process of authenticating a device to the network.
Deauthentication: Sent to indicate that a device is no longer authenticated.

Control Frames

Control frames assist in the delivery of data frames and in managing access to the wireless medium. Key subtypes include:
RTS (Request to Send): Used to request the right to send data, initiating a transmission.
CTS (Clear to Send): Sent in response to an RTS, granting permission to send data.
ACK (Acknowledgment): Sent to acknowledge the receipt of a data frame.
PS-Poll (Power Save Poll): Sent by a client to retrieve data buffered by the AP while the client was in power-saving mode.
Block ACK Request (BAR): Used to request acknowledgment for a block of data frames.
Block ACK (BA): Sent to acknowledge receipt of a block of data frames.

Data Frames

Data frames carry the actual data payload between devices. Key subtypes include:
Data: The standard data frame carrying user data.
Null Data: Carries no data and is used to inform the AP of the client's status (e.g., power management).
QoS Data: Data frames that include Quality of Service (QoS) features for prioritizing traffic.
QoS Null: Similar to null data frames but include QoS features.
Wireless LAN Controller (WLC)
Ubiquiti UniFi

Self-hosted UniFi Controller

# apt-get update; apt-get install ca-certificates curl -y # curl -sO https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh https://ip.of.your.server:8443