Understanding Wireless Connections
Wireless Network Concepts
Wireless local area networks are defined by the IEEE 802.11 specification. The process of connecting to a wireless network is often transparent to the user, and using a wireless network is pretty much the same as using a wired Ethernet network for the user. A wireless network is classed, based on the scope of the network. This is also very much like classing wired networking.
The different categories of wireless networks are:
-
Wireless local area networks (WLANs): WLANs make it possible for data to be shared within a local area. Wireless bridges connect devices to the wireless network, and can also connect two wireless networks.
-
Wireless metropolitan area networks (WMANs): WMANs make it possible to connect buildings in a city. WMANs use either infrared or radio frequency.
-
Wireless wide area networks (WWANs): The second generation of WWAN technology is used by cellular phones at the moment. Global System for Mobile Communications (GSM), Cellular Digital Packet Data (CDPD) and Code Division Multiple Access (CDMA) are enterprises that provide WWAN technologies.
-
Wireless personal area networks (WPANs): WPANs connect personal devices so that data can be shared over an area. The personal devices that WPANs connect are devices such as personal digital assistants (PDAs), laptop computers and cellular phones. WPANs can operate using either infrared or radio frequency.
The two modes that wireless clients can use to communicate as defined in the 802.11 standard is:
-
Ad Hoc mode: This mode is used for an unstructured network of wireless clients in a communication range of one another.
-
Infrastructure mode: In this mode, APs provide a permanent structure for the network.
The 802.11 standard also specifies the Service Set IDentifier (SSID) which is used to differentiate between different wireless networks. 802.11 traffic is classified as follows:
-
Control frames: Include the following types of information:
-
Request to send (RTS) messages
-
Acknowledgement (ACK) messages
-
Clear to send (CTS) messages
-
-
Data frames: These are the frames that transfer data.
-
Management frames: Include the following types of information:
-
Authentication frames
-
Beacon frames
-
Probe request/response
-
Association frames
-
The OSI model, defined by International Standards Organization (ISO) is made up of seven layers which are presented as a stack. Data which is passed over the network moves through each layer. The seven layers of the OSI model are: Application Layer (layer 7); Presentation Layer (layer 6); Session Layer (layer 5); Transport Layer (layer 4); Network Layer (layer 3); Data-Link Layer (layer 2); and Physical Layer (layer 1).
Wireless networks operate at the Physical Layer and Data-link layer of the OSI model. The Physical layer transmits raw bit streams over a physical medium. The specifications of the Physical layer include:
-
Physical layout of the network
-
Voltage changes and the timing of voltage changes.
-
Data rates
-
Maximum transmission distances
-
Physical connectors to transmission mediums
The issues clarified at the Physical Layer include:
-
Whether data is transmitted synchronously or asynchronously
-
Whether the analog or digital signaling method is used
-
Whether baseband or broadband signalling is used.
The Data-link layer maintains the data link to enable communications. The responsibilities of the Data-link layer include:
-
Packet addressing
-
Media access control
-
Format the frame used to encapsulate data
-
Error notification on the Physical layer
-
Managing of error messaging specific to the delivery of packets.
-
Ensures that frames are transmitted from one computer to another computer with no errors. It establishes error-free connections between two devices.
The Data-link layer is divided into the following two sublayers:
-
Logical Link Control (LLC) sublayer: The LLC sublayer provides and maintains the logical links used for communication. The functions at the LLC sublayer of the Data-link layer include the following:
-
Error checking
-
Frame synchronization
-
Flow control
-
-
Media Access Control (MAC) sublayer: The MAC sublayer of the Data-link layer controls the transmission of packets from one network interface card (NIC) to another over a shared media channel. A NIC has a unique MAC address, or physical address. This address identifies the particular NIC on the network. To ensure that these addresses are unique, the MAC addresses are usually permanently burned in the memory of the NIC. The MAC sublayer handles media access control which essentially prevents data collisions. It provides for the allocation of network access to computers, and more importantly, it prevents computers from transmitting data simultaneously.
The common media access control methods are listed below.
-
Token Passing; utilized in Token Ring and FDDI networks
-
Carrier Sense Multiple Access/Collision Detection (CSMA/CD); utilized in Ethernet networks.
-
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA); utilized in AppleTalk networks.
-
Configuring the Network Mode for Wireless Connections
Wireless connections in Windows Server 2003 use Infrastructure mode by default.
How to change the network mode for a single network
-
Click Start, Control Panel, and then click Network Connections.
-
Locate and double-click the Wireless Connection that you want to configure the network mode for.
-
Click the Advanced button.
-
Click the Wireless Networks tab.
-
Select the Use Windows to configure my wireless network settings option.
-
Select the SSID from the list.
-
Click the Configure button.
-
On the Association tab, click This is a computer-to-computer (adhoc) network; wireless access points are not used.
-
Click OK.
How to configure the network mode for all networks
-
Click Start, Control Panel, and then click Network Connections.
-
Locate and double-click the Wireless Connection that you want to configure.
-
Click the Advanced button
-
Click the Advanced button in the Wireless Connection Properties dialog box.
-
Select the Computer-to-Computer networks only option.
-
Click Close to close the Advanced dialog box.
-
Click OK.
Configuring Wireless Networking
How to configure Active Directory wireless network policies
Wireless networking in Windows Server 2003 uses Active Directory wireless network policies
-
Click Start, Administrative Tools, and the click Active Directory Users and Computers to open the Active Directory Users and Computers management console.
-
In the console tree, locate the domain or organizational unit that you want to configure Group Policy for.
-
Right-click the domain or organizational, and then select Properties from the shortcut menu.
-
Click the Group Policy tab.
-
Select the Edit button.
-
If you want to edit an existing Group Policy object, open the specific Group Policy object. If you want to create a new Group Policy object, click the New button, and then click Edit.
-
In the console tree of the Group Object Policy Editor, expand Computer Configuration, Windows Settings, Security Settings, and then expand Wireless Network (IEEE 802.11) Policies.
-
To configure policy settings for the Active Directory wireless network policy, right-click Wireless Network (IEEE 802.11) Policies and then select Create Wireless Network Policy from the shortcut menu.
-
The Wireless Network Policy Wizard starts.
-
Click Next on the initial page of the Wireless Network Policy Wizard.
-
On the Wireless Network Policy Name page,
-
Enter a name for the new wireless network policy in the Name textbox.
-
Enter a description for the wireless network policy in the Description textbox
-
-
Click Next.
-
On the Completing the Wireless Network Policy Wizard page, ensure that the Edit properties checkbox is selected.
-
Click Finish.
-
The Domain Wireless Network Policy Properties dialog box automatically opens when you click the Finish button.
-
On the General tab, enter a value in the Check for policy changes every: minutes textbox to indicate the frequency at which Active Directory is to be checked for policy updates.
-
In the Networks to access drop-down list box select the wireless network type that clients can access. The options in the Networks to access drop-down list box are:
-
Any available network (access point preferred)
-
Access point (infrastructure) networks only
-
Computer to computer (ad hoc) networks only
-
-
Click the Use Windows to configure wireless network settings for clients checkbox if you want Windows to configure wireless network settings for clients.
-
If you want clients to be able to connect to networks that are not listed on the Preferred Networks tab, click the Automatically connect to non-preferred networks checkbox.
-
Click the Preferred Networks tab to specify your preferred networks.
-
If you want to add a new preferred network, click the Add button.
-
The New Preferred Settings Properties dialog box opens. The available tabs on the New Preferred Settings Properties dialog box are the Network Properties tab and the IEEE 802.1x tab.
-
On the Network Properties tab, enter a name in the Network name (SSID) textbox.
-
Provide a description for the network in the Description textbox.
-
In the Wireless network key (WEP) area of the Network Properties tab, select the appropriate encryption and authentication settings. The available options are:
-
Data encryption (WEP enabled); a network key is used for encryption.
-
Network authentication (Shared mode); a network key is used for authentication.
-
The key is provided automatically; specifies that the network key will be automatically provided for clients.
-
-
If the network should operate as a computer-to-computer (ad hoc) network, ensure that you select the This is a computer-to-computer (ad hoc) network; wireless access points are not used checkbox.
-
Click the IEEE 802.1x tab to configure configuration options for 802.1x.
-
Click OK.
How to configure a client and server to use 802.11 wireless networking
When configuring wireless networking, it is recommended to configure IAS/RADIUS to centralize authentication for the wireless access points. The recommended authentication protocol that should be configured for wireless networking is EAP-TLS. In order to configure EAP-TLS as the authentication protocol, you need to first install a certificate on the IAS server.
Click Start, Administrative Tools, and then click Active Directory Users and Computers to open the Active Directory Users and Computers management console.
-
In the console tree, expand Active Directory Users and Computers.
-
Locate and right-click the domain name that contains the CA and select Properties from the shortcut menu.
-
On the Group Policy tab, select the Default Domain Policy, and then click the Edit button.
-
In the console tree of the Group Object Policy Editor, expand Computer Configuration, Windows Settings, Security Settings, and then expand Public Key Policies.
-
In the details pane, right-click Automatic Certificate Request Settings, click New and then click Automatic Certificate Request from the shortcut menu.
-
The Automatic Certificate Request Wizard starts.
-
Click Next on the initial page of the Automatic Certificate Request Wizard.
-
On the Certificate Template page, click Computer and then click Next.
-
Select the CA, and click Next and then Finish.
-
You now have to create a computer certificate for the CA computer. This is done from the command prompt windows, by entering gpupdate /target:Computer.
-
You next have to install the IAS Windows component.
-
To do this, click Start, Control Panel, Add or Remove Programs.
-
Click Windows Components.
-
The Windows Components Wizard starts.
-
Click Networking Services and then click Details.
-
On the Networking Services dialog box, click Internet Authentication Service and then click OK and Next.
-
Click Finish to complete the installation of the IAS Windows component.
-
To configure IAS, click Start, Administrative Tools, and then click Internet Authentication Service to open the Internet Authentication Service console.
-
In the console, right-click RADIUS Clients and then select New RADIUS Client from the shortcut menu.
-
The New RADIUS Client Wizard starts.
-
Add client information for the wireless access point and add the wireless clients as RADIUS Clients. Click Next.
-
On the New RADIUS Client screen, select the RADIUS Standard option from the Client-Vendor drop-down list box.
-
Specify the shared secret password.
-
Click Finish.
-
You now have to configure a remote access policy for the IAS clients.
-
Click Start, Administrative Tools, and then click Internet Authentication Service to open the Internet Authentication Service console.
-
In the console tree, expand Internet Authentication Service.
-
Select Remote Access Policies.
-
In the right pane, select and double-click the policy which you need to configure.
-
Click the Edit Profile button.
-
Click EAP Methods on the Authentication tab.
-
Click Add in Select EAP providers, select Protected EAP (PEAP), and then click OK.
-
Now, click Protected EAP (PEAP) in Select EAP providers, and then click the Edit button.
-
The Protected EAP Properties dialog box opens.
-
Using the Certificate Issued drop-down list box, select the certificate which the server will utilize for clients to identify it.
-
Check the Enable Fast Reconnect checkbox.
-
In the EAP Type box, select Secure password (EAP-MSCHAPv2)
-
Click OK.
Comments - No Responses to “Understanding Wireless Connections”
Sorry but comments are closed at this time.