251 Certified Wireless Network Professional :: CWNA-109 Wired Network Capacity Requirements Ethernet speeds Cable types Cable lengths 100 meters (300 feet) or less
252 Certified Wireless Network Professional :: CWNA-109 Chapter 11: Security Solutions for WLANs Objectives Covered: 5.1 Identify weak security options that should not be used in enterprise WLANs 5.2 Identify and configure effective security mechanisms for enterprise WLANs 5.3 Describe and select common security enhancements and tools used in WLANs 5.4 Explain and use secure management protocols
253 Certified Wireless Network Professional :: CWNA-109 AAA Authentication Authorization Accounting Authentication • WPA2-Personal • WPA2-Enterprise Authorization • RBAC • VLANs Accounting • Logging • Syslog
254 Certified Wireless Network Professional :: CWNA-109 CIA Confidentiality Availability Integrity Confidentiality • AES Integrity • MIC Availability • N+1
255 Certified Wireless Network Professional :: CWNA-109 Deprecated Standard Security Wired Equivalent Privacy (WEP) Shared Key Authentication Temporal Key Integrity Protocol (TKIP) with RC4 A deprecated feature or solution should never be planned for current or future implementations. The feature may be removed at any time.
256 Certified Wireless Network Professional :: CWNA-109 Weak Additional Security Options MAC filtering SSID hiding Wi-Fi Protected Setup (WPS) Open System Authentication alone • Intentional public networks are the exception Weak security options should not be considered when planning a network. Strong security is available for 802.11 networks and should be used.
257 Certified Wireless Network Professional :: CWNA-109 WPA2-Personal Passphrase Wr$578Hyt#4387jYu Algorithm WPA2-Personal is also known commonly as WPA2-PSK
258 Certified Wireless Network Professional :: CWNA-109 WPA2-Enterprise Still CCMP/AES Uses 802.1X/EAP Key materials generated from 802.1X/EAP authentication • Master Session Key (MSK) • Pairwise Master Key (PMK) from the MSK • PMK used in the 4-way handshake Ends with the 4-way handshake
259 Certified Wireless Network Professional :: CWNA-109 802.1X Port Authentication
260 Certified Wireless Network Professional :: CWNA-109 Extensible Authentication Protocol Defined in RFC 3748 No requirement for IP connectivity Initiated by the authenticator Authentication defined by the client or supplicant
261 Certified Wireless Network Professional :: CWNA-109 EAP Methods EAP-MD5 EAP-TLS EAP-TTLS PEAP Mutual Authentication No Yes Yes Yes Certificates Required No Client/Server Server Only Server Only Dynamic Key Generation No Yes Yes Yes Costs and Management Overhead Low High Low/Medium Low/Medium Industry Support Low Medium High High Not used Commonly Used
262 Certified Wireless Network Professional :: CWNA-109 802.1X/EAP Architecture
263 Certified Wireless Network Professional :: CWNA-109 BYOD and Guest Networks BYOD and guest networks introduce security concerns • Data leakage • Viruses and malware • Application licensing • OS updates • Application updates MDM and NAC may provide solutions
264 Certified Wireless Network Professional :: CWNA-109 Fast Secure Roaming Required of some devices • VoIP handsets • Push-to-talk devices • Anything highly mobile and constantly connected Implemented through • OKC • FT • PPSK • WPA2-PSK Cisco: CCKM Aruba Networks: Client Match Ruckus Wireless: SmartRoam+ Example Roaming Solutions
265 Certified Wireless Network Professional :: CWNA-109 Protected Management Frames 802.11w-2009 (802.11-2016) Protected frames: • Deauthentication • Disassociation • Robust Action Frames Called Management Frame Protection throughput the standard
266 Certified Wireless Network Professional :: CWNA-109 Wireless Intrusion Prevention Systems (WIPS) Anomaly-based Signature-based Behavior-based Overlay Integrated Courtesy of WatchGuard (www.watchguard.com)
267 Certified Wireless Network Professional :: CWNA-109 Protocol and Spectrum Analysis for Security Protocol analyzers • Security policy compliance • Regulatory compliance • Intrusion alerts Spectrum analyzers • Non-Wi-Fi rogue devices • Excessive output power • Jamming devices/software
268 Certified Wireless Network Professional :: CWNA-109 SNMPv3 Subagent Subagent Master Agent SNMP Network Manager SNMP MIB MIB
269 Certified Wireless Network Professional :: CWNA-109 Virtual Private Network (VPN) Corporate Network VPN Server VPN Client Public Network
270 Certified Wireless Network Professional :: CWNA-109 Chapter 12: Site Surveys, Network Design and Validation Objectives Covered: 6.1 Explain the importance of and the process of a post-implementation validation survey 6.2 Locate and identify sources of RF interference 6.3 Perform application testing to validate WLAN performance 6.4Understand and use the basic features of validation tools
271 Certified Wireless Network Professional :: CWNA-109 RF Survey Defined
272 Certified Wireless Network Professional :: CWNA-109 Survey Processes RF Coverage Model Review Pre-deployment audit to verify RF coverage plan Post-deployment audit Deployment Design Project Phasing Final RF node adjustments Gathering Information Automated maintenance and management
273 Certified Wireless Network Professional :: CWNA-109 Understanding Requirements
274 Certified Wireless Network Professional :: CWNA-109 Verify Design Requirements Coverage Capacity Throughput Roaming Mean Opinion Score (MOS) Connectivity Aesthetics The primary purpose of a validation survey is verification of design requirements.
275 Certified Wireless Network Professional :: CWNA-109 Document WLAN Implementation Results Requirement metrics Network diagrams Configuration documents Site survey software reports
276 Certified Wireless Network Professional :: CWNA-109 Locating Interference WLAN devices • Co-Channel Interference (CCI) • Adjacent Channel Interference (ACI) Non-Wi-Fi devices • Airtime utilization • Frequencies used
277 Certified Wireless Network Professional :: CWNA-109 Interference Solutions Channel selection Output power AP location Band used Removal of non-Wi-Fi interferers
278 Certified Wireless Network Professional :: CWNA-109 Spectrum Analysis
279 Certified Wireless Network Professional :: CWNA-109 Application Testing Network and service availability Throughput testing Load testing VoIP testing Real-time application testing
280 Certified Wireless Network Professional :: CWNA-109 Throughput Testers iPerf JPerf TamoSoft Throughput Test iXChariot Ostinato
281 Certified Wireless Network Professional :: CWNA-109 Wireless Design Software Ekahau Site Survey iBwave Wi-Fi AirMagnet Survey Pro TamoSoft Survey Aruba VisualRF Plan (Java-based)
282 Certified Wireless Network Professional :: CWNA-109 Protocol Analyzers
283 Certified Wireless Network Professional :: CWNA-109 Spectrum Analyzers A quiet background is the foundation of a reliable, resilient, high-performance RF link. The design objective should be -95 dBm. A high and unstable noise floor usually affects clients first, then APs. Generous use of directional antennas (e.g. patch antennas) will lower the noise floor significantly.
284 Certified Wireless Network Professional :: CWNA-109 Chapter 13: WLAN Troubleshooting Objectives Covered: 7.1 Define and apply industry and vendor recommended troubleshooting processes to resolve common 802.11 wireless networking problems 7.2 Describe and apply common troubleshooting tools used in WLANs 7.3 Identify and explain how to solve the following WLAN implementation challenges using features available in enterprise class WLAN equipment and troubleshooting tools 7.4 Troubleshooting common connectivity problems in WLANs (both WLAN connectivity and network connectivity for wireless clients)
285 Certified Wireless Network Professional :: CWNA-109 CWNP Troubleshooting Methodology 1 - Identify the problem 2 - Discover the scale of the problem 3 - Define possible causes 4 - Narrow to the most likely cause 5 - Create a plan of action or escalate the problem 6 - Perform corrective actions 7 - Verify the solution 8 - Document the results
286 Certified Wireless Network Professional :: CWNA-109 Protocol Analyzer Troubleshooting Features Experts Frame decodes Statistics Reports
287 Certified Wireless Network Professional :: CWNA-109 Protocol Analyzer Views
288 Certified Wireless Network Professional :: CWNA-109 Spectrum Analyzer Troubleshooting Features Real-time views Historic views Channel utilization Device identification Interference finder
289 Certified Wireless Network Professional :: CWNA-109 Centralized Management/Monitoring Consoles Monitoring Management
290 Certified Wireless Network Professional :: CWNA-109 WLAN Monitoring Solutions Problem Cause
291 Certified Wireless Network Professional :: CWNA-109 System Throughput Factors PHYs supported Number of APs AP features Unneeded clients Number of SSIDs Channel plan
292 Certified Wireless Network Professional :: CWNA-109 CCI
293 Certified Wireless Network Professional :: CWNA-109 ACI APs incorrectly configured (channel selection and output power) can result in excessive ACI.
294 Certified Wireless Network Professional :: CWNA-109 RF Noise and Noise Floor Issues
295 Certified Wireless Network Professional :: CWNA-109 RF Interference Remove or replace all RF devices that communicate on the same channels as the WLAN Reduce the output power to the minimum possible to create acceptable links for all non-Wi-Fi devices Replace leaky microwaves with better sealed units Replace 2.4 GHz and 5 GHz phones with WLAN VoIP handsets Strategically plan the channel selections in your environment to work around RF noise
296 Certified Wireless Network Professional :: CWNA-109 Hidden Nodes Use RTS/CTS Increase power output at the client STAs Remove obstacles Move the client STAs
297 Certified Wireless Network Professional :: CWNA-109 Lack of Coverage Install more APs Increase the output power of APs Use RRM coverage hole detection Install directional antennas
298 Certified Wireless Network Professional :: CWNA-109 Insufficient PoE Power Is the PoE port enabled in the switch, if a switch is used as the injector? Is the cable run too long (more than 100 meters)? Data cannot travel more than 100 meters on the cable PoE can travel farther and this creates a possible problem of a powered device without data Is the PoE port configured properly in the switch? Does the injector have enough power left in the budget?
299 Certified Wireless Network Professional :: CWNA-109 Connectivity Problems No signal/weak signal Security configuration mismatch Improper AP/client configuration Faulty drivers or firmware Hardware failures Captive portal issues
300 Certified Wireless Network Professional :: CWNA-109 DHCP Issues Pool size Lease durations Unreachable Improper configuration