Module 3 Review PDF

Frequency Options Frequency bands are portions of the electromagnetic spectrum that all wireless devices use to transmit and receive data. Regulatory bodies, like the ETSI in Europe, the Federal Communications Commission (FCC) in the United States, Ofcom in the United Kingdom, and MIC in Japan, assign specific bands for different wireless technologies for their regions. The FCC has allocated the 2.4 GHz, 5 GHz, and 6 GHz bands in North America for use by Wi-Fi networks and each of these bands has certain characteristics that affect its range, speed, and susceptibility to interference. In wireless communication, frequency refers to the number of times the electromagnetic wave oscillates per second and is measured in Hertz (Hz). For example, a frequency of 2.4 GHz means the wave oscillates 2.4 billion times per second. Higher frequencies oscillate faster, while lower frequencies oscillate more slowly. A 5 GHz frequency oscillates 5 billion times per second, while 6 GHz oscillates 6 billion times per second. Wi-Fi data is transmitted using radio waves, which often follow a sinusoidal pattern known as a sine wave. Each complete oscillation of the wave is called a cycle and is measured in Hertz (Hz), representing cycles per second. This example illustrates a wave with four complete cycles in one second, indicating a frequency of 4 Hz. Frequency plays a critical role in wireless communications because it determines several attributes of the radio signal, such as: Data carrying capacity- Higher frequencies carry more data per second (data rate) than lower frequencies. Range and obstacle penetration- Lower frequencies can travel longer distances and penetrate obstacles (like walls and furniture) more effectively than higher frequencies. Interference and congestion- Lower frequencies, most notably the 2.4 GHz Wi-Fi band, are often more congested because of the number of devices and technologies competing for bandwidth (Bluetooth, microwave ovens, and cordless landline phones). Higher frequencies typically experience less interference, making them preferable in device-dense, high-demand networks. Wireless Performance Technologies: SISO, MIMO, and Spatial Streams Single Input Single Output (SISO), Multiple Input Multiple Output, and spatial streams relate to how data is transmitted and received over Wi-Fi networks. SISO represents the most basic form of wireless communication, using a single antenna for transmission and reception. This configuration is common in older wireless devices such as 802.11a/b/g and can only handle one spatial stream (an independent path for sending or receiving data) at a time. SISO dramatically limits the data rate and capacity of wireless networking and will not effectively meet the performance requirements for modern use. It is inherently half-duplex, limiting its ability to transmit or receive, but not both simultaneously. SISO is a 1x1 configuration, with the first number (1) representing the number of transmitting antennas and the second (1) representing the number of receiving antennas. If you are using a Wi-Fi device with more than one antenna and it is configured to use 802.11a/b/g, it will only utilize one antenna at a time (these standards are limited to SISO). Modern APs configured for 802.11a/b/g may utilize multiple antennas by switching between them to choose the one with the best signal reliability. Single Input Single Output (SISO) Wi-Fi communication using a single antenna on both the access point (AP) and client device. This configuration operates with a single spatial stream and typically in half-duplex mode, meaning it can either transmit or receive at any given time, but not both simultaneously. SISO uses a 1x1 configuration, indicating one transmit antenna and one receive antenna, with one spatial stream. Multiple Input Multiple Output (MIMO) allows for multiple antennas on both the transmitter and the receiver to send and/or receive multiple spatial streams simultaneously. Single User MIMO (SU-MIMO), introduced with 802.11n (Wi-Fi 4), allows one device to send and receive up to four spatial streams (using up to four antennas in a 4x4 configuration) simultaneously, providing a maximum theoretical data rate of 600 Mbps. 802.11ac (Wi-Fi 5) also supports SU-MIMO with up to eight spatial streams (using up to eight antennas in an 8x8 configuration), providing a maximum theoretical data rate of 6.93 Gbps (using wider channels and higher modulation schemes). Single User - Multiple Input Multiple Output (SU-MIMO) Wi-Fi communication using multiple antennas on both the access point (AP) and client device. This configuration supports multiple spatial streams for increased data throughput. This example shows a 3x3 configuration, indicating three transmit antennas and three receive antennas, with three spatial streams. Multi-User Multiple Input Multiple Output (MU-MIMO) was introduced with 802.11ac and supports downlink MU-MIMO, allowing an access point (AP) to transmit data using up to four spatial streams to up to four clients simultaneously (in a 4x4 configuration). With this configuration, clients cannot simultaneously send data back to the access point; only the access point transmits to multiple clients simultaneously. 802.11ax enhanced MU-MIMO capabilities by supporting uplink and downlink MU-MIMO. This allows an access point to send data to multiple clients simultaneously and allows those clients to send data back to the access point concurrently. 802.11ax supports up to eight spatial streams in an 8x8 configuration. Multiple User - Multiple Input Multiple Output (MU-MIMO) Wi-Fi communication using multiple antennas on both the access point (AP) and client device. This configuration supports multiple spatial streams for increased data throughput. This example shows a 4x4 configuration, indicating four transmit antennas and four receive antennas, with four spatial streams. Beamforming is a technology that improves Wi-Fi performance by directing the wireless signal toward the receiver instead of broadcasting it in all directions. By focusing the signal, the signal strength is enhanced, the connection is more reliable, and the device will experience better data rates and coverage. Beamforming was introduced in 802.11n as an optional feature and became a standard feature starting with 802.11ac. Band Steering Band steering is a network management feature designed to guide devices in a Wi-Fi network to connect to the most appropriate frequency band (typically the 5 GHz or 6GHz band - instead of the more congested 2.4 GHz band). Band steering is not part of any specific IEEE 802.11 standard but a feature implemented in Wi-Fi access points and wireless controllers. It became prevalent as dual-band 2.4 GHz and 5 GHz routers and access points (beginning with 802.11n Wi-Fi 4) gained popularity. With Wi-Fi 6 and Wi-Fi 6E, which added the 6 GHz band, band steering further evolved to include tri-band support across 2.4 GHz, 5 GHz, and 6 GHz bands. Band steering is a technology that monitors and manages how devices connect to the wireless network. When a dual-band-capable device attempts to connect, the access point or wireless controller assesses which band is the most appropriate based on factors such as: Device capabilities- The AP or controller checks whether the device supports 5 or 6 GHz bands. Signal strength- If the device is close enough to the AP to benefit from the higher data rates of the 5 GHz or 6 GHz band, the AP or controller will encourage the device to connect to one of those bands. Network load- The AP or controller considers the current load on each band and directs the device to the band with the lowest load. With band steering, network load is determined by several factors, such as the number of connected devices, the amount or volume of network traffic, the amount of available (unused) bandwidth, overall signal quality and strength, and latency and response times. Channels, Width, Overlap, and Regulatory Impacts Each Wi-Fi frequency band is divided into channels, which are smaller subdivisions of the band. These channel divisions: Allow multiple wireless networks to operate within the same band without causing interference to one another. Enhance network capacity through parallel data transmission (separate communication paths), allowing multiple devices to share the same band. Network administrators can assign devices to less congested channels, increasing data rates. Maximize the band\'s use by preventing the overloading of a single channel while leaving others underutilized. 2.4 GHz Band Channels The 2.4 GHz band is subdivided into 14 total channels spaced 5 MHz apart, with each channel having a width of 22 MHz. The number of available channels for use in a single network varies by region. For example, in North America, the FCC has allocated channels 1 through 11 for Wi-Fi use; in Europe, channels 1-13 are allocated; and in Japan, channels 1-14 are available. Due to the 2.4 GHz band\'s channel spacing and widths, adjacent channel overlap is an issue. Notice in the following diagram that only channels 1, 6, and 11 do not overlap other channels (excluding channel 14, which is not in use in North America). Wi-Fi channel distribution in the 2.4 GHz band, showing overlapping and non-overlapping channels. Channels 1, 6, and 11 (highlighted in green) are non-overlapping and commonly used to minimize adjacent channel interference in Wi-Fi networks, each occupying a 22 MHz bandwidth. Other channels, shown in yellow, overlap with one or more adjacent channels, which can cause interference. Channels 12, 13, and 14 (highlighted in red) are not universally available, with Channel 14 only accessible in certain regions for specific applications. 5 GHz Band Channels The 5 GHz band offers more channels and greater data capacity than the 2.4 GHz band. It supports channels ranging from 36 to 165, and the total number varies by region due to local regulations. For example, in North America, up to 25 channels can be available, while in Europe and Japan, up to 19 channels are typically available. The 5 GHz band\'s channels are divided into sub-bands (smaller, distinct sections within the larger frequency band), also known as U-NII (Unlicensed National Information Infrastructure) bands. Each sub-band has specific regulatory rules, spelled out in the 802.11h amendment to the 802.11 Wi-Fi standard, that includes Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) to prevent interference with radar and other priority services. Dynamic Frequency Selection is a feature that requires Wi-Fi devices to monitor their operating frequency for radar signals and, if detected, automatically switch to a different channel. Transmit Power Control adjusts the transmission power of Wi-Fi devices to the minimum level necessary for reliable communications. Overview of U-NII (Unlicensed National Information Infrastructure) sub-bands for 5 GHz Wi-Fi, detailing frequency ranges, primary purposes, available channels, and regulatory notes. Channels are listed with a 20 MHz width for each sub-band. The 5 GHz band supports various channel widths, which allow for different data throughput rates and network performance. Data rate chart showing maximum theoretical Wi-Fi speeds based on channel width and the number of spatial streams. The chart provides data rates for channel widths of 20 MHz, 40 MHz, 80 MHz, and 160 MHz across configurations with 1 to 8 spatial streams. These values represent ideal conditions and are used to assess potential Wi-Fi performance under optimal circumstances. 20 MHz channels are the default width for most 5 GHz Wi-Fi and offer a balance between range and data throughput. 40 MHz channels are created by bonding (combining) two adjacent 20 MHz channels for greater bandwidth but increased potential for interference. 80 MHz channels bond four adjacent 20 MHz channels. This width is commonly used in 802.11ac (Wi-Fi 5) for higher throughput. 160 MHz channels is the widest channel available for the 5 GHz band, formed by bonding eight adjacent 20 MHz channels. This configuration has increased the potential for interference due to the limited availability of non-overlapping channels. Channel allocation in the 5 GHz U-NII bands, showing available Wi-Fi channels, bandwidth options, and regulatory requirements for different regions. Channels are organized by sub-bands (U-NII-1, U-NII-2, U-NII-2 Extended, and U-NII-3). Orange and blue highlighting indicates channels subject to radar interference requirements. Reviewing the table above of 5 GHz channels shows that adjacent channel interference can be problematic when wider channels are used. Notice that there is no adjacent channel interference when 20 MHz channels are utilized independently because none of the 20 MHz channels overlap. However, consider channel 62, which is comprised of bonding channels 60 and 64. Channel 62 overlaps both channels, 60 and 64, which may cause interference with any wireless networks in the range of the network assigned to channel 62. Now, look at channel 50, which overlaps 20 MHz channel numbers 36, 40, 44, 48, 52, 56, 60, and 64. Any network using these 20 MHz channels, or channels 42, 58, 38, 46, 54, or 62, will also experience interference due to overlap. The 6 GHz band spans from 5.925 GHz to 7.125 GHz and supports Wi-Fi 6E. This band offers up to 59 non-overlapping 20 MHz channels and enables channel widths (with bonding) of 40 MHz, 80 MHz, 160 MHz, and 320 MHz. The 6 GHz band does not require DFS as it does not interfere with radar systems. It has advantages, primarily greater capacity, reduced congestion, wider channels, and lower latency. While 6 GHz is inherently less congested than other Wi-Fi frequencies (due to the newer allocation of the band and less crowded spectrum), interference can still occur from co-channel interference (many APs and client devices operating in the 6 GHz band), adjacent channel interference (overlap) when bonding channels, interference from non-Wi-Fi devices (like microwave links and other fixed wireless services), or physical and environmental factors (such as obstacles and attenuation). Wireless 802.11 networks must compensate for and avoid collisions. Collisions occur when two or more wireless devices attempt to transmit concurrently. In Wi-Fi, devices share the same wireless medium, meaning only one can transmit simultaneously without risking interference. Carrier Sense Multiple Access with Collision Avoidance (CSMA-CA) reduces the likelihood of collisions by requiring devices to listen for a clear channel before transmitting by implementing several steps. Clear Channel Assessment- the device that wants to transmit first listens to the channel to determine if it\'s clear or in use by another device. If the channel is busy (another device is transmitting), the device waits for a randomized backoff period before rechecking the channel. Transmit Request-to-Send (RTS) and Receive Clear-to-send (CTS) (Optional)- Some networks implement an additional step to further avoid collisions, known as the RTS/CTS handshake. The device sends an RTS to the intended recipient. If the recipient receives the RTS, it responds with a CTS, indicating it is ready to receive the transmission. This step reserves the channel momentarily for that specific message. Data Transmission- Once the backoff timer reaches zero and the channel is clear, the device transmits its data. Acknowledgment (ACK)- After the transmitting device sends the data, the recipient device sends an acknowledgment (ACK) back to the sender informing the sender the data was received successfully. If the sender does not receive an ACK within a certain time, it assumes a collision or error occurred and will retry transmission after another backoff period. CSMA-CA is still an integral part of modern Wi-Fi networking and has been enhanced with MU-MIMO and Orthogonal Frequency-Division Multiple Access (OFDMA), which is particularly beneficial in high-density wireless environments. Service Set Identifier (SSID) A service set identifier (SSID) is a unique name that identifies a specific wireless network. When users connect to a Wi-Fi network, they select the SSID from a list of available networks, ensuring they connect to the correct wireless access point. Basic Service Set Identifier (BSSID) The Basic Service Set Identifier (BSSID) is a unique identifier representing the MAC address of a specific access point. Each BSSID represents one WAP within a Basic Service Set (BSS), the most fundamental unit of a Wi-Fi network. A BSS consists of one AP and the devices connected to it. This AP acts as a central connectivity device for wireless clients within its coverage and connected to it. When wireless devices connect via a centralized connectivity device, it is called infrastructure mode. An Independent Basic Service Set (IBSS) is used when wireless devices connect and communicate directly without an access point in an ad hoc mode. It is used for peer communications without a centralized connectivity device. Unlike infrastructure mode, where the BSSID is the MAC address of the AP, an IBSS does not have a fixed BSSID because there is no central connectivity device (AP). Instead, the participating devices create a temporary, generated BSSID that may be based on the MAC address of the initiating device or generated dynamically. An SSID is still required for network identification when using an IBSS to identify the ad hoc network name. Comparison of Wi-Fi network configurations: Basic Service Set (BSS) vs. Independent Basic Service Set (IBSS). On the left, a BSS network shows devices connected to a central Wireless Access Point (WAP). In this infrastructure mode, devices communicate through the WAP. On the right, an IBSS network illustrates an ad-hoc configuration where devices connect directly to each other without an access point. Extended Service Set Identifier (ESSID) An Extended Service Set Identifier (ESSID) is used in a more extensive, multiple AP wireless network. This configuration provides seamless coverage over a broad area. When multiple APs broadcast the same SSID, they form an Extended Service Set (ESS) that allows client devices to roam between APs while staying connected to the network. Illustration of an Extended Service Set (ESS) in a Wi-Fi network with multiple access points (WAP0, WAP1, WAP2, WAP3), all sharing the same SSID \'WORKNET\' but with unique BSSIDs. The dashed line represents the ESS, indicating that these access points collectively form a unified network coverage area. Within this ESS, devices can roam seamlessly between access points while maintaining connectivity, as each access point provides its own Basic Service Set (BSS) with overlapping coverage for enhanced network availability. Network Types Infrastructure Networks An infrastructure network is what most people consider to be a traditional Wi-Fi setup in which wireless client devices connect to an access point. The access point acts as the central connectivity device for a wireless network, allowing device-to-device communication and connection to a wired network or the internet. Ad Hoc Networks An ad hoc network is configured in peer-to-peer connectivity in which devices communicate directly with each other without the need for an access point. Ad hoc configurations may be used for temporary networks where devices need to connect and communicate quickly. The limitations of ad hoc mode, such as weak security, limited management, complex setup, and performance issues, have driven the use of technologies such as Wi-Fi Direct. Point-to-Point Networks A point-to-point network directly connects two devices or locations, allowing for dedicated, high-bandwidth, stable, and secure communication between them. Point-to-point connections include extending a network to a remote location, providing a direct connection to a cloud service provider, or extending a network to a remote location. Mesh Networks Mesh networks are a decentralized (do not rely on a single central point of control) wireless network architecture where wireless nodes interconnect to form a web-like structure. Mesh networks enable nodes to communicate directly while dynamically routing data through the most efficient path. These networks are considered self-healing, meaning data reroutes through other nodes if one node fails. Mesh networks are scalable; adding additional nodes increases data rates, self-healing, and reliability. Wi-Fi mesh networks fall under the IEEE 802.11s standard in defining how mesh networking works when implemented with Wi-Fi networks. A Wireless Mesh Network (WMN) is a broader concept referring to any wireless network that uses a mesh topology. Antennas Antennas are a critical component of wireless networking, affecting a Wi-Fi connection\'s range, coverage, performance, and signal strength. The antenna type determines or describes how signals are emanated and shapes the radiation pattern. An omnidirectional antenna, for example, radiates equally in all horizontal directions, forming a 360-degree doughnut-shaped pattern around the antenna. These antennas provide broad, uniform coverage, making them the standard antenna on most access points and SOHO Wi-Fi routers. Visualization of the radiation pattern for omnidirectional antennas. The first image shows a top-down 2D view, illustrating equal signal strength in all directions horizontally. The second image shows a side view, highlighting the toroidal (doughnut-shaped) 3D radiation pattern, which is strongest in the horizontal plane and weaker above and below the antenna. The last two images depict common types of omnidirectional antennas used in Wi-Fi. Directional antennas focus their signal in a specific direction, creating a narrower, more concentrated beam of radio waves. These antennas provide extended range and signal strength, making them ideal for point-to-multipoint wireless networks, where a single antenna can cover multiple locations in one direction or Wi-Fi coverage needs to extend down a hallway or particular part of a building. In practice, unidirectional antennas are a subset of directional antennas. They are highly focused in a single direction, providing long-range coverage with minimal radiation spread outside the intended path. Common uses for unidirectional antennas include high-speed, long-distance, point-to-point connections where minimizing interference is critical. Comparison of different types of directional antennas and their 2D radiation patterns. The directional patch antenna (left) has a moderate directional range, suitable for focused area coverage. The directional Yagi antenna (center) features a narrow beam, often used for long-range, directional applications. The unidirectional parabolic antenna (right) has a highly concentrated beam, ideal for point-to-point communication over long distances. Each radiation pattern reflects the antenna\'s focus, with stronger signals in the forward direction and minimal coverage to the sides or rear. Encryption Encrypted versus Unencrypted Wireless Networks An unencrypted network, also known as an open network, is a wireless network that does not use any type of encryption to protect data as it is being transmitted over the network. Users can connect without authenticating (providing a password); data is sent in plaintext. The risks associated with open networks are significant as attackers can access the network as easily as any other user and can then intercept data. Open networks may be used in public places like cafes or airports, where accessibility is prioritized over security. If an open network must be used, utilize a VPN, limit accessing or sending sensitive information, and disable discoverability on your device. In contrast, an encrypted network scrambles data in transit using encryption protocols. Different wireless security protocols offer varying levels of encryption. Wireless Security Settings Wireless communications\' unbounded or unguided nature necessitates confidentiality, integrity, authentication, and authorization. The first attempt at wireless security was Wired Equivalent Privacy (WEP). It was an encryption protocol that initially supported 60-bit and 128-bit keys. The encryption key was static, and the same key was used for encryption and authentication. WEP is officially deprecated and should not be used due to serious flaws. In response to the serious vulnerabilities of WEP, the Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) as an intermediary replacement for WEP while WPA2 was pending availability. WPA shared many characteristics with WEP, including the same underlying mechanisms, but it also included the Rivest Cipher 4 (RC4) and Temporal Key Integrity Protocol (TKIP). TKIP dynamically generates a new key on a per-packet basis and uses a message integrity check to prevent the altering of packets. Flaws similar to WEP\'s were discovered, and WPA-TKIP was eventually deprecated. Wi-Fi Protected Access 2 (WPA2) Wi-Fi Protected Access 2 (WPA2) replaced WPA, and the specification mandated the use of the Advanced Encryption Standard (AES) with a 128-bit key and Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA2 AES replaced WPA RC4, and WPA2 CCMP replaced WPA TKIP. There are vulnerabilities associated with WPA2 involving a replay attack and the WPA/WPA2 four-way handshake. These vulnerabilities have been patched, again emphasizing the need to keep devices patched. Wi-Fi Protected Access 3 (WPA3) Wi-Fi Protected Access 3 (WPA3) is the latest standard for WPA and was designed to replace WPA2. WPA3 includes the latest security methods while disallowing outdated legacy protocols. The primary features of WPA3 include: Simultaneous Authentication of Equals (SAE) -- Replaces the Pre-Shared Key (PSK) method used by WPA2. Unlike PSK, SAE is resistant to offline dictionary attacks. Easy Connect -- This feature allows the use of QR codes instead of passwords to simplify adding devices to the Wi-Fi network. Each device has a unique QR code that can be scanned by a mobile device already attached to the network. Enhanced Open -- Preserves the convenience of open networks while encrypting traffic. Password protection -- Enhanced security to protect network passwords. Offline dictionary attacks are mitigated. Perfect forward secrecy (PFS) -- Protects from decrypting prior traffic when a password is guessed or obtained. Authentication Wireless networks must be protected from unauthorized access. Authentication methods verify that only authorized, valid users are allowed to connect. There are two general categories of authentication methods: personal and enterprise. Pre-Shared Key (PSK) A pre-shared key (PSK) is a shared password used to authenticate users to a wireless network. The concept of a shared key means all users desiring access to a specific wireless network must use the same password. While PSK provides a method for securing network access (through the use of this key), the actual encryption is performed by protocols like Advanced Encryption Standard (AES). PSK is susceptible to attack if it is weak or widely shared, and once someone has the pre-shared key, they have access to the wireless network unless the key is changed. WPA2-Pre-Shared Key (PSK) Authentication WPA2 Pre-shared key (PSK) authentication uses a pre-defined shared secret (called a key). This key (or passphrase) is entered into the wireless access point (WAP) configuration and into each device connecting to the WAP. The passphrase length can range between 8 and 63 characters; however, it is generally recommended that it be greater than 20 characters. WPA2-PSK may also be referred to as WPA2-Personal. WPA3-Personal Authentication WPA3-Personal (also called WPA3-SAE) delivers better protection through more robust password-based authentication via Simultaneous Authentication of Equals (SAE). Passwords are shared across all devices and should be complex enough not to be easily guessable. Authentication attempts should be limited to prevent repeated attempts at guessing passwords. WPA3-Personal Transition Mode provides an upgrade path for organizations to migrate gradually from WPA2-PSK devices to WPA3-Personal. This mode enables WPA2-PSK and WPA3-Personal to use the same SSID and the same password. It must be noted that an attacker could successfully compromise a device running WPA2-PSK and gain access to the common password. Wi-Fi Protected Setup (WPS) Wi-Fi Protected Setup (WPS) is a network security standard that simplifies connecting client devices to a Wi-Fi network (when using a PSK). It enables users to connect to the network without manually entering a passphrase. Instead, the user can press a WPS button on the SOHO router or enter a pin provided by the Wi-Fi router\'s AP. WPA3-Enterprise Authentication WPA3-Enterprise mode rejects the use of a single shared password for authentication. Instead, enterprise mode requires individual credentials for users or devices trying to gain access to the network. Building on the existing foundation of WPA2-Enterprise, WPA3-Enterprise utilizes authentication, authorization, and accounting (AAA), an 802.1X authentication framework, and the use of an AAA server such as Remote Authentication Dial-in User Service (RADIUS). Guest Networks Guest networks are separate wireless networks segmented from the internal trusted LAN. They typically offer access to the internet while keeping internal systems, data, files, and devices secure from unauthorized access. Guest networks normally operate on their own SSID and can be configured with unique settings, such as limited bandwidth or specific access rules. Network diagram showing segmented VLAN architecture with emphasis on the Guest Wi-Fi network (VLAN160). The Guest Wi-Fi network, highlighted in blue, is isolated from internal resources by connecting through a Layer 3 switch, ensuring that guest devices can only access the internet without interacting with private VLANs. Captive Portals A captive portal is a web-based page that users must interact with to gain access to a network. Often used on guest networks, they capture a user\'s connection, automatically direct them to a logon or agreement page, where they may need to accept a terms of service agreement, enter credentials, or provide payment to access the network. Guest networks and captive portals are common in retail spaces, cafes, and offices. Schools and hospitals can provide guest Wi-Fi access, while hotels may utilize captive portals to control guest access or offer tiered or payment-based access. Autonomous versus Lightweight Access Point Access points are crucial in wireless networks, connecting client devices to the network infrastructure. However, networks are not created equal, and they do not require the same setup for scalability, manageability, or network control. An autonomous access point is a standalone or \"fat\" device. It is a self-contained unit that independently manages all aspects of Wi-Fi functionality (e.g., network settings, security, authentication, SSID broadcasting, etc.). Autonomous APs are configured and managed individually and are ideal for small networks with only a few APs. They are simple to set up and configure and cost-effective. However, as the scale and number of APs increase, autonomous APs can become complex and time-consuming to manage. Additionally, roaming between autonomous access points can be challenging without a coordinated connection. Lightweight (thin) access points rely on a central controller for configuration and management. The controller manages settings for all connected APs, including SSID, security, channel allocation, and firmware updates. Lightweight APs are ideal for medium to large networks with multiple APs where scalability, seamless roaming, and centralized management are essential. Lightweight APs utilizing a wireless LAN controller have a few limitations, primarily a higher initial cost and complete dependency on the controller. Redundant controllers are required in environments where network availability is a key concern. **Important Installation Implications** Understanding the physical infrastructure is essential for creating a reliable and well-organized network environment in network implementation. An organization must consider several crucial implications before installation begins. **Locations** Location considerations begin with the Intermediate Distribution Frame (IDF) and the Main Distribution Frame (MDF). These terms refer to telecommunications or network rooms or spaces that house telecommunications or networking equipment. The IDF is a smaller network distribution area designed to support specific sections or floors within a building and houses equipment such as access switches, patch panels, fiber distribution panels, uninterruptable power supplies, environmental monitoring devices, and security equipment (IP cameras and access control devices to monitor and restrict physical access). Locating the IDF close to endpoint devices minimizes cable lengths while reducing attenuation and maintaining optimal performance. IDFs connect to the MDF via backbone cabling, often fiber optics, for high data rates over greater distances. In contrast, the MDF is the primary network distribution hub for a building or campus, housing core components such as core (multilayer) switches, routers, gateways, firewalls, patch panels, fiber optic distribution panels, power distribution units, uninterruptable power supplies, network management, and monitoring equipment, demarcation points for telecom providers and ISPs, and security equipment. While an organization can implement multiple IDFs in a building, there is typically only one MDF. The exception to a single MDF is a secondary MDF used for redundancy or backup purposes. Additionally, the MDF aggregates interconnections from the building or campus IDFs, creating a hierarchical network structure. Due to the critical role of an MDF, organizations will locate them in a secure, climate-controlled room. You must follow guidelines for designing, installing, and managing structured cabling systems. The ANSI (American National Standards Institute) and TIA (Telecommunications Industry Association) standards for twisted-pair cabling provide design, installation, and testing guidelines and specifications. These standards define many of the following terms and components: Work Area: In the work area, technicians plug end-user devices such as computers, IP phones, and printers into a wall port (keystone jack) via patch cables. Horizontal Cabling: From each work area, horizontal cabling extends to and terminates at the IDF. It is limited to a maximum length of 90 meters, allowing for a total patch cable length of 10 meters. If the maximum length between end devices and the IDF exceeds 90 meters, the organization must provision additional IDFs. Backbone cabling: Backbone cabling describes any cabling that provides interconnections between IDFs and the MDF to IDFs. The cabling can span between floors (inter-floor or vertical cross-connect) or on the same floor (intra-floor) between IDFs. Installers often implement backbones with fiber optic or high-bandwidth copper cables. Demarcation (Demarc) Point: This is where the ISPs\' responsibility ends and the building\'s internal network begins. A demarcation point extension often extends the ISP connection from the main demarcation point to another location within the building\'s internal network infrastructure. *This diagram illustrates a structured cabling layout in a multi-floor building, showing the relationship between the Main Distribution Frame (MDF), Intermediate Distribution Frames (IDFs), and various cabling types. The third floor, shaded in blue, represents a separate company with its own network infrastructure, distinct from the first two floors.* **Cabling** Structured cabling is a standard method or system for organizing and managing the physical cabling in a network. It includes patch panels, work area outlets (keystone jacks), cables, and connectors. These components support consistent and organized connections between devices and network equipment. Cabling organization, facilitated by patch panels and fiber distribution panels, further contributes to the efficiency and functionality of physical installations. A patch panel organizes and routes network cables in IDFs and MDFs. It provides a centralized point where cables can be connected, rearranged, and labeled without the need to rewire directly to the network devices. Patch panels reduce cable clutter and connector wear, increase reliability, and simplify troubleshooting and future expansions. *A 24-port Cat6 patch panel mounted on a freestanding network rack.* A work area outlet (keystone jack) is the connection point in a work area where end-user devices, such as computers, phones, and other networked equipment, connect to the building\'s structured cabling system. It typically consists of a wall-mounted or surface-mounted outlet with one or more modular jacks (e.g., rj45 for Ethernet) that connect to horizontal cabling running back to the IDF. *A work area outlet with a keystone jack installed into a faceplate.* A fiber distribution panel provides functionality similar to a patch panel but is explicitly designed for fiber optic cables and assists in protecting delicate fibers from bends and physical damage. Additionally, the panel provides an interface for connecting backbone fiber cabling to other network devices. *A fiber optic distribution panel with several fiber patch cables connected. Source: Amphenol.com* ***ANSI/TIA Standards for Twisted Pair Cabling*** The ANSI/TIA standards T568A and T568 B specify using RJ-45 connectors in network installations and wiring schemes. Each conductor in a four-pair twisted-pair cable is color-coded with colors assigned to pairs (white/orange stripe, orange, white/blue stripe, blue, white/green stripe, green, white/brown stripe, and brown). *An unshielded twisted-pair cable with the outer jacket removed and the four pairs of wires exposed.* In addition to color-coded wires, the standard defines the position or pin where the installer will insert a specific wire into the connector. *This diagram illustrates the T568A and T568B wiring standards. Both standards specify the color-coded sequence of wires for pins 1 through 8.* The T568A and T568B wiring schemes specify how the installer will arrange the eight wires in a cable into an RJ-45 connector. *This table details the T568A and T568B color codes, and their associated Ethernet pin functions for 10/100 Mbps and 1/10 Gbps signaling.* ***Constructing a Twisted-Pair Patch Cable*** There may be times when you need to construct a patch cable from components instead of purchasing ready-made. To terminate twisted pair cabling using an RJ45 connector, you will need the following tools and materials: - Twisted-pair cable- Ensure you use the correct Category cable as required (e.g., Cat 5e, Cat 6, Cat 6A, etc.); use stranded core cabling for applications needing flexibility and frequent repositioning. - RJ45 connectors- Choose connectors that match the cable\'s shape (round), pin configuration (8P8C, meaning 8 positions and 8 conductors), and Category level. *An RJ45 connector with 8 positions / 8 contacts.* - Crimping tool- Select a crimper designed specifically for 8P8C RJ45 connectors. *Two different types of registered jack crimpers.* - Cable stripper- Select a stripper tool designed for round twisted-pair cable. *A simple cable stripper for removing the outer jacket from twisted-pair cable.* - Wire cutter- Many cable strippers or crimpers include a wire cutter. If yours does not, you will need one. *A wire cutter for snipping cables and wires.* - Cable tester- These tools range from simple continuity and wire mapping testers to expensive cable analysis tools. *A simple cable tester for checking continuity and wire mapping. Source: Jonard.com* Step-by-Step Instructions 1\. Prepare the Cable - Measure the length of cable you need, leaving extra slack if necessary, and use the wire cutter to cut it to size. - Remember, the maximum length for a twisted pair cable run is 100 meters, including the horizontal run from the work area to the patch panel and all patch cables. The typical horizontal run is limited to 90 meters, with 10 meters remaining for patch cables. For example, assume a horizontal cable run is 90 meters, and the patch cable from the patch panel to the switch is 1 meter, leaving 9 meters for the remaining patch cable in the work area. - Using the cable stripper, strip about 1 to 1.5 inches of outer insulation from the end of the cable. Remember not to nick or damage the inner wires while removing the insulation. If they become damaged, cut 2 inches off the cable and re-strip the insulation. 2\. Separate and Arrange the Wires - Untwist each pair to separate the wires. - Pay attention to the wires\' order and arrange the wires following the T568A or T568B wiring scheme. - Hold the wires flat and in the correct order, using your fingers to straighten them and ensure they lie neatly side by side. *A twisted-pair cable with outer jacket stripped, wires untwisted, and arranged in the T568B wiring scheme.* 3\. Trim the Wires - Using the wire cutters, trim the wires evenly, leaving 0.5 inches of exposed wire. Ensure you cut all eight of the wires to an even length. *The twisted-pair wires were arranged in T568B order and held in place, ready to be inserted into the RJ45 connector.* 4\. Insert the Wires into the RJ45 Connector - With the RJ45 connector\'s clip facing down, carefully insert the arranged wires into the connector. Each wire should go into its designed channel within the connector. - Push the wires firmly into the connector until the cable\'s outer insulation fits snugly inside the connector\'s rear end, providing additional strain relief and securing the connection. - Double-check the wiring order before crimping, as mistakes will require cutting off the connector and starting again. *The twisted-pair wires arranged in T568B order and inserted fully into the RJ45 connector. Notice the individual wires are pushed up under the copper pins as far as they can go and the blue outer jacket is inserted past the strain relief.* 5\. Crimp the Connector - Place the RJ45 connector (with the cable inserted) into the crimping tool and ensure it is fully seated. - Squeeze the crimping tool firmly until you feel the tool bottom out in the connector. - Release the crimping tool and remove the cable. Verify that the crimping tool has properly pressed down the metal pins of the RJ45 onto each wire. *The RJ45 is fully inserted into an 8P8C crimper tool.* 6\. For the opposite, uncrimped end of the cable, repeat steps 1 through 5.\ 7. Test the Connection - Use a cable tester to verify each wire\'s continuity (connectivity) and ensure they are connected to their respective pins (wire mapping). ***Terminating Cable into a Patch Panel and Keystone Jack*** You will need the following tools and materials to terminate fixed horizontal cable runs into a patch panel. - Pre-installed twisted-pair cable- Ensure the installers use the correct solid-core Category cable as required (e.g., Cat 5e, Cat 6, Cat 6A, etc.). The installers should also follow all applicable plenum or PVC cable use rules. - Patch panel- You can use a modular patch panel with keystone jack slots or a fixed configuration with built-in, non-removable connectors. The instructions below are for modular patch panels and keystone jacks. If using a fixed configuration, verify that the Category rating matches the cable requirements. - Keystone jacks- The modular jacks should be compatible with the cable category and with the fitment in the patch panel. *Side-view of an RJ45 keystone jack with the T568A and T568B color-coded reference visible.* - Punch-down tool- This impact tool secures wires into the keystone jack. You will need to match the blade to the jack type (e.g., 110 blade). *A punch-down impact tool with a 110-blade installed. Source: Paladin Tools* - Cable stripper- Select a stripper tool designed for round twisted-pair cable. - Wire cutter- Many cable strippers or crimpers include a wire cutter. If yours does not, you will need one. - Cable tester- These tools range from simple continuity and wire mapping testers to expensive cable analysis tools. Step-by-Step Instructions 1\. Prepare the Cable - Measure the length of cable you need, leaving extra slack if necessary, and use the wire cutter to cut it to size. - Using the cable stripper, strip about 1 to 1.5 inches of outer insulation from the end of the cable. Remember not to nick or damage the inner wires while removing the insulation. If they become damaged, cut 2 inches off the cable and re-strip the insulation. 2\. Untwist each pair to separate the wires.\ 3. Insert the Wires into the Keystone Jack - Follow the color coding for T568A or T568B and place each wire in its designated slot on the keystone jack from the inside to the outside. Leave extra wire outside the jack, as the crimper will trim it off. - Press each wire firmly into the slot with your finger, partially anchoring the wire. 4\. Punch-Down the Wires - Position the punch-down tool with the blade\'s cutting edge facing the outside. Firmly press each wire into place with the blade and continue pressing until the tool cuts the extra wire off. *A 110 punch-down tool seating the blue wire into the keystone jack and then cutting the extra wire. Notice the white orange, orange, and white blue wires have already been punched and cut off.* 5\. Repeat steps one through four to terminate the keystone jack at the work area outlet.\ 6. Test the Connection - Use a cable tester to verify each wire\'s continuity (connectivity) and ensure they are connected to their respective pins (wire mapping). **Rack Size** A rack is a standardized framework or enclosure that physically mounts and organizes network equipment, such as switches, routers, servers, patch panels, and other components. Racks can be freestanding, wall-mounted, or placed on casters. Network appliances and servers designed for rack mounting follow the Electronic Industries Alliance (EIA) rack-mount standard width of 19 inches, allowing equipment to be secured to the rack using mounting flanges. IDFs and MDFs can contain racks that help with cable management and support proper airflow for cooling. Typically measured in units (U) of 1.75 inches, racks provide standardized spaces for equipment installation, with standard sizes that range from 6U to 58U. The size and capacity of a rack determine the number of devices the organization can install. *A server technician is removing a blade server from a rack that is holding both blade and rack-mounted servers. Source: Racksolutions.com* **Port-Side Exhaust/Intake** Equipment manufacturers design equipment with specific airflow directions to maximize cooling efficiency. Properly aligning ports maintains proper airflow to prevent overheating, which can damage equipment or shorten its lifespan. In data centers and network rooms, it\'s standard practice to arrange racks and equipment in a \"hot aisle/cold aisle\" configuration, where the equipment draws cool air from one side and expels warm air on the other. Effective cooling management reduces energy consumption and costs and prevents thermal issues (shutdowns). *This diagram illustrates a hot aisle/cold aisle layout in a data center. The hot aisles (red arrows) are created behind each row of server racks, where heated exhaust air is expelled. The cold aisles (blue arrows) are created by positioning the front of each server rack to face the air conditioning vents, allowing cool air to be drawn into the server's intakes. Source: Adobe* **Protecting Physical Installations with Locks** An essential practice is to lock equipment for physical security and prevent unauthorized access. Lockable racks, enclosures, and network rooms prevent tampering, theft, and accidental damage. Implementing physical security at the installation level protects network hardware and minimizes potential disruptions or outages to network service. **Power Management in Network Installations** \"Perfect power\" - a consistently stable power supply with absolutely no deviations in voltage, frequency, or quality - is rarely, if ever, delivered from a utility provider. Even under optimal conditions, minor fluctuations and irregularities are common on the power grid. Electronic equipment requires a stable supply of power to operate. Electrical aberrations that can negatively impact equipment include: - A power surge is an over-voltage event caused by a sudden spike (increase) in voltage. - A power sag (voltage dip) is a brief under-voltage event caused by a sudden decrease in voltage, typically lasting less than one second. - Brownouts are intentional, prolonged reductions in voltage supplied to a building or area. Utility providers usually implement them to conserve energy or reduce load during peak demand hours. Brownouts can last anywhere from several minutes to several hours. - A blackout is a complete loss of power, which power grid failures, severe weather, or electrical faults can cause. Voltage is the measure of electrical potential supplied to devices. Network devices require stable voltage to operate efficiently. Voltage deviations can stress internal components, leading to potential overheating, malfunction, or permanent damage. Prolonged exposure to unstable voltage can degrade hardware, often resulting in intermittent or premature failure. **Voltage and Power Load** Power load is the total amount of electrical power used by all devices connected to a circuit or power source. In network installations, calculating and managing power load is critical to avoid overloading circuits and to ensure the power infrastructure can handle the power demand from all equipment. The power supply for each network appliance, server, and other hardware has a wattage rating. For example, an access switch with no PoE functionality might be 50 watts, while a core switch might be 500 watts. A 2U server will likely require 1000 watts. Understanding the power load involves calculating the total wattage of each device in the network rack. Add up the wattage for each device and device by the circuit voltage. For example: *This table shows an example of calculating the power load of a rack populated with network and server equipment.* To calculate the required amperage for this circuit, use the following formula: To provide a safe margin above the calculation, a 20-amp circuit is recommended. **Power Distribution Unit (PDU)** Network admins use a power distribution unit (PDU) to deliver electrical power to multiple devices within a rack or enclosure. While they resemble surge or power strips, PDUs are built for critical infrastructure, provide features beyond basic power distribution, and can integrate with an uninterruptable power supply (UPS). PDUs may include more advanced surge protection and support power ratings of 15,000 watts or more. Intelligent PDUs enable remote monitoring and control of each outlet, allowing an administrator to power cycle individual devices, track power usage, and monitor environmental conditions. *A power distribution unit (PDU) with features such as monitoring and switching of outlets. Source: CyberPowerSystems.com* **Uninterruptable Power Supply (UPS)** Uninterruptible power supplies (UPS) are critical devices in network and IT environments. They provide backup power to protect devices from over- and under-voltage conditions, blackouts, and other power aberrations. It acts as a bridge, giving network devices and servers enough time to shut down safely or remain operational until a generator can take over or the utility provider restores the main power. A UPS keeps systems running during outages and stabilizes voltage levels, protecting against damage to sensitive network devices. The UPS should be sized according to load (total wattage of connected devices) and runtime (duration needed to keep equipment operational). A UPS\'s power rating is measured and denoted in volt-amperes (VA) for a small UPS and kilovolt-amperes (kVA) for a larger unit. Using our example above for Rack-MDF001 with a power load of 3570 watts, it is best to size the UPS to operate at 70-80% of its maximum capacity (a power factor of 0.7-0.8). Using a percentage of the maximum capacity ensures the efficiency and lifespan of the UPS and its batteries. We must also allow for some overhead (additional wattage for expansion or future growth) between 20% and 30%. Given our load of 3570 watts, we\'ll aim for a UPS that can handle 3570 \* 1.25 = 4463 watts (rounded up to 4500 watts). To convert to kVA, assuming a UPS power factor of 0.8: Required kVA = Total Watts / Power Factor = 4500/0.8 = 5625 kVA A 5.6 kVA or higher UPS would be an appropriate choice. **Environmental Factors** Maintaining a controlled environment is essential to ensuring the reliability, availability, and longevity of network equipment. Factors like humidity, temperature, and fire suppression prevent hardware failures, preserve performance, and protect infrastructure. Servers and most networking equipment come with built-in sensors to monitor environmental conditions. Sensors contribute to maintaining: **Temperature** High ambient temperatures within the environment make dissipating heat and cooling devices difficult, making overheating a potential risk. Temperature sensors within IDF, MDF, and server rooms monitor the ambient temperature and can be programmed to notify network administrators when temperatures reach a high threshold. Additionally, sensors within networking equipment and servers can monitor internal operating temperatures. Network administrators should maintain the temperature for network environments between 64 and 80 degrees Fahrenheit. **Humidity** Humidity sensors help prevent electrostatic discharge (EDS) in low-humidity conditions and condensation in high-humidity conditions. Monitoring humidity allows the Heating, Ventilation, and Air Conditioning (HVAC) system to adjust automatically to deploy humidifier or de-humidifier systems. Too much moisture in the air can result in condensation, leading to corrosion and the deterioration of connectors or short circuits. Conversely, too little humidity in the air increases the risk of electrical component damage from electrostatic discharge. Network administrators should maintain relative humidity between 40% and 60%. **Fire Suppression** Electrical fires are a significant risk in network environments due to the dense concentration of powered devices. A reliable fire suppression system is crucial to protect equipment, prevent data loss, and ensure personnel safety. It must be designed to extinguish fires quickly while minimizing damage to sensitive equipment. Class C fire extinguishers are generally the best choice for small electrical fires. Most commercial premises, including data centers, offices, and network rooms, for larger-scale fires often have overhead sprinkler systems to meet building and fire safety codes. However, traditional water-based sprinklers are not always ideal for environments with sensitive electronic equipment. To protect electronic equipment, many organizations implement alternatives to traditional sprinklers: - Clean Agent Clean agent systems use non-water-based, gas-like agents that are safe for electronic equipment. These agents work by displacing oxygen, cooling the fire, or interrupting the chemical reaction of combustion. Clean agents do not leave residue, cleanup easily, and typically do not pose a risk to humans when properly installed. - Water Mist Water mist systems release fine droplets of water that absorb heat and cool the fire. Unlike traditional sprinklers, which release large volumes of water, water mist systems are designed to minimize water usage, reducing the risk of water damage to equipment. These systems release some water, making them best suited for environments with low sensitivity. - Pre-Action Sprinkler Systems Pre-action sprinklers are a form of the traditional sprinkler system with added control measures to prevent accidental activation. A valve holds back water from the sprinkler heads, only opening if a fire is detected. These systems suit environments where building codes mandate a sprinkler system, but accidental water discharge could cause significant damage. Although pre-action systems reduce the chance of accidental discharge, they still involve water.

Module 3 Review PDF

Document Details

Tags

Related

Summary

Full Transcript