Question | Answer |
What is a Beacon Frame? | Beacon frames are transmitted by the Access Point (AP) in an infrastructure BSS. Beacon frames are transmitted periodically to announce the presence of a Wireless LAN. |
What is the purpose of the ACK frame? | ACK is the acknowledge frame sent to confirm receipt of a frame. |
3 Organizations involved with wireless communication? | IEEE - standardization, WiFi - interoperability, FCC - regulations (or country equivalent) |
What are the 2 unlicensed RF bands which we use? | 2.4 GHz ISM band and the 5Ghz UNII band |
What is the ISM band? | Industrial, Scientific, and Medical. 2.4GHz |
What is the UNII band? | Unlicensed National Information Infrastructure, 5GHz. |
What is SOHO? | Small Office / Home Office, does not require the same infrastructure as Enterprise. |
What is FHSS? | Frequency Hopping Spread Spectrum. Old method for data transmission. (1-2 Mbps). |
What is DSSS - HR/DSSS? | (High Rate) Direct Sequence Spread Spectrum. 1-2Mbps for normal. 5.5-11Mbps for HR. |
What is OFDM? | Orthogonal Frequency Division Multiplexing. 6-54Mbps. 5GHz. |
What is ERP-OFDM | Extended Rate Physical Orthogonal Frequency Division Multiplexing. 6-54Mbps. 2.4GHz. |
What is MIMO? | Multiple Input Multiple Output. Uses multiple receiving and transmitting antennas. |
What is HT-OFDM? | High Throughput Orthogonal Frequency Division Multiplexing. Up to 600Mbps, using MIMO. |
What is 802.11e? | QoS support for wireless. Introduces HCF - Hybrid Coordination Function involved with QoS. |
what is 802.11i? | Advanced security solutions for wireless LAN. To fix broken WEP feature. |
Which layers of OSI model does wireless networking function? | Layer 1 + Layer 2. SOME layer 3 as well. |
Are the access points we use half or full duplex? | All APs are Half-Duplex. |
What is the purpose of a Bridge? | Connect two or more WLAN together. |
What is the purpose of a Repeater? | Extend the radio frequency cell, throughput is reduced by 50%. |
How many IP addresses does an AP get? | 1 IP placed on the BVI. |
What is guest-mode? | When guest mode is set on the dot11 ssid configuration it will be broadcast so it is easy for people to find. Only 1 ssid can use guest mode. |
Do you configure VLAN in 'dot11 ssid' or 'int dot11radio' configs? | Vlan is bound in the 'dot11 ssid' configuration. |
In which configuration do you set the channel for the AP? | int dot11radio |
In which configuration do you set the station-role? | int dot11radio |
If you want to set sub interfaces of the AP into VLAN 20 and make it native, what commands do you use? | encapsulate dot1q 20 native
bridge-group (#) |
How do you verify the SSID and BSSID? | show int dot11radio |
How do you verify the RF power and channel? | show controllers |
What is the BSSID? | Each BSS is uniquely identified by a Basic Service Set identification, the MAC address of the AP. |
What is the SSID/ESSID? | Service Set Identifier, normally a human-readable string and thus commonly called the "network name". |
What is the BSS? | Basic Service Set. In infrastructure mode, a single access point (AP) together with all associated stations (STAs) is called a BSS. |
What is the BVI? | Bridge Virtual Interface. You can set an IP to this and it connects to both the wired and wireless interfaces of the AP. |
What is STA? | Wireless Station, any end device that connects through 802.11 |
What is DS? | Distribution System. Interconnects BSSs to LANs. Can be wireless (bridge) or wired (switch). |
What is BSA? | Basic Service Area, also known as Cell. Defined by the signal strength. |
What is ESS? | Extended Service Set. ONE or more BSSs interconnected by a DS. Identified by the (E)SSID. |
What is IBSS? | Independant BSS. Self-contained network, also called Peer-toPeer, ad hoc. NO DS. |
What is Multi-Channel Architecture? | Seperate channel per cell, reduce cell size + use more cells for increased capacity. |
What is Single Channel Architecture? | Same channel per cell, channel layer for capacity. |
What is Sectorized Array Arch? | Sectored antenna system, add sectors for capacity. |
For Large Systems is the autonomous AP still a lower cost alternative? | No, Split MAC is lower cost for large systems. |
What are the options for PoE? | Switch with inline, Inline Power Patch Panel, Power Injector, Direct Power via Power Brick. |
What is a Bridge Network? | Connecting 2 wired LAN segments through wireless bridging. |
What is a Bridge / Backhaul Network? | Connecting buildings through wireless. P2P or Point to Multipoint. |
Default Password on APs? | Cisco (case sensitive) |
Default IP on AP? | 10.0.0.1 /27 |
Default SSID on AP? | tsunami |
Does PoE send data and power over the same pairs? | Mode A = yes, Mode B = no. |
Will plugging an Ethernet cable from a PoE interface on a PSE device into another interface on the same PSE cause damage? | No. Have to ask for the power. |
What is Wireless Propagation? | Total of everything that happens to a wireless signal as it travels from source to destination. |
What is Wavelength? | Distance between 2 successive crests (peaks) of a wave pattern. |
What is Attenuation? | Lowering of the signal amplitude as it travels, by various means. |
Does Wavelength affect Attenuation? | Shorter = MORE, Longer = LESS |
Which has longer wavelength, 2.4GHz or 5GHz? | 2.4GHz has a longer wavelength. Lower frequency = longer wavelength. |
What is Frequency? | Number of RF signal cycles within a specified time interval. Measured in Hz. |
What is Amplitude? | Signal's strength or power. Bigger Peaks = Bigger Amplitude. |
What is Transmit Amplitude? | Amount of initial amplitude that leaves the radio transmitter. Cables and connectors attenuate the transmit amplitude, antenna will amplify. |
What is Received Amplitude? | The strength of the signal that the receiving antenna gets. Will always be smaller than the transmit amplitude. |
What is Phase? | Relationship between 2+ signals that share the same frequency. Can cause amplification, attenuation and nullification (null at 180). |
Part of the power of the signal gets taken into the object which it is interacting with. | Absorption |
When a wave hits a smooth object the wave may bounce in another direction. | Reflection |
RF signal encounters some type of uneven surface and is reflected into multiple directions. | Scattering |
Bending of an RF signal as it passes through a medium causing the direction of the wave to change. | Refraction |
Bending and the spreading of an RF signal when it encounters an obstruction. | Diffraction |
Loss of signal strength caused by the natural spreading of the waves. | Free Space Path Loss |
Two or more paths of a signal arriving at a receiving antenna at basically the same time. | Multipath |
What are the effects of Multipath? | Since waves will be out of phase it can cause up/down fade, complete nulling, and data corruption. |
What is the purpose of infrastructure SSID mode on the ROOT AP? | If you designate an SSID as the infrastructure SSID, infrastructure devices must associate to the access point using that SSID |
Where do you configure Maximum Association? | dot11 ssid |
What is the purpose of infrastructure SSID mode on the Repeater / Hot Standby? | Sets the ssid that will be used to either repeat or monitor. They will associate to the Root with this SSID. |
What does the acronym IAPP stand for? | Inter Access Point Protocol |
Verify standby status: | show iapp standby-status |
Verify standby timers: | show iapp standby-parm |
What do you associate to with iapp standby command for the hot standby? | Mac-address of the root radio interface. |
What role do you set a hot standby to be? | root access-point. |
Do you use a straight-through or crossover cable to connect from wall to AP? | Straight-through |
What are the 4 main stages to configuring any AP? | BVI, SSID, Wireless Radio, Sub-Interfaces |
What causes human body to absorb RF signals? | High water content. |
What can cause Multipath to occur? | Reflection, Scattering, Diffraction, and Refraction. |
Do rain, snow, and hail affect wireless radio? | No, they have no serious impact (direct) impact. Rain can physically impair an antenna or cause a surface to become more reflective. |
Does wind have any affect on wireless communication? | Yes, can cause antenna to change the aim, or possibly destroy the tower or mast. |
How do you delete a configuration that may be stored on the AP? | write erase |
Advantages of wireless bridge: | throughput many times faster than T1, cheaper to implement, easy to install |
Will a Root Bridge communicate with another Root Bridge? | No. |
Will a Root Bridge communicate with a Non-root bridge? | yes |
Will a Non-Root bridge communicate with a Non-Root bridge? | no...unless other non root device is communicating with a parent, so yes...maybe. |
Distance of Point-to-Point Bridge? | 40km (25 miles) |
With a point to point bridge, is it considered 1 or 2 segments? | It will be one segment. |
How many bridges can be aggregated with Etherchannel? | 3 |
For point to multipoint what type of antenna is typically used at the main site? | Omni-directorional |
For point to multipoint what type of antenna is typically used at remote sites? | Directional |
In point to multipoint configuration can the remote sites communicate with each other? | Yes but not directly, they must go through the main site. |
Why do wireless bridges that support distances over one mile have to violate the 802.11 standard? | 802.11 sets a time limit for ACK, so the bridge products have a parameter that increases this timing. |
In long distance bridging will Cisco bridges function with radios of other vendors? | They might not! |
What are some long range antenna types? | Yagi - 11.7km, Solid Dish - 40km |
What OS was running on the Cisco Aironet 350 bridges? | VXWorks, it was a GUI |
What is the recommended overlap for adjacent BSS cells? | 10-15% |
Do adjacent APs require the same SSID to support roaming? | Yes |
What is the recommended overlap for a wireless repeater? | 50%, so that the repeater can communicate with the root AP |
What is the maximum recommended amount of repeaters in a chain? | No more than 2 |
With 2 APs of different vendors, can you provide redundancy and load balancing? | Redundancy = yes, Load Balancing = no |
Does a Hot-Standby provide redundancy or load balancing? | Redundancy |
What is a critical component to having multiple overlapping networks? | They must be in different non interfering channels. 1,6, and 11 for 2.4GHz |
What is the IEEE standard to support Roaming? | No standard yet, Task Group F is working on it. |
Which protocol do most vendors use to support roaming? | IAPP - Inter-Access Point Protocol |
Does the client associate or authenticate to the AP first? | First = authenticate, Second = associate |
How many APs can a radio associate to? | 1 |
To support seamless roaming, is it necessary to have APs of the same vendor. | Yes, or at least recommended. |
Does the client or the AP initiate roaming? | Client |
Briefly describe roaming process: | Move away from connected ap = signal strength down, neighboring ap = signal strength up. At some threshold the client will change associated AP. |
What is the signal strength threshold? | If the signal strength is below the threshold the client should search for a better AP. |
What is the wait threshold? | After associating to an AP the client must wait a set number of seconds before they can search for a better AP. |
What is Proxy Mobile IP? | Used to make sure the client keeps the same IP while roaming, creating a tunnel to the clients original network. Transparent to the client. |
How do APs handle clients moving further away from them? | They will shift to a slower data rate. This is called Data Rate Shifting or Multi-Rate Shifting. |
What is World Mode? | Transmit power is limited to the max level allowed by the regulatory agency of the country where it is being used. |
What is the purpose of this command: encryption vlan 110 mode wep mandatory | Enables WEP on VLAN 110 |
What is a RADIUS server used for? | Authentication |
What are some Network Security Perimeter Devices? | Firewall, Intrusion Detection / Prevention System, URL Filter / Web Proxy, Spam filter |
What methods are there for Wi-Fi security? | Encrypt data, Encrypt medium, Environmental shielding, user education. |
Are all wifi attacks meant to gain unauthorized access? | Some are just to disrupt. |
What is dumpster diving? | Literally going through garbage to try to get passwords or anything to help break into a network. |
Who is Kevin Mitnick? | Used social engineering to gain access to many systems. |
Are Help Desk employees target for social engineering? | Yes, they often hold keys to accessing the wi-fi network. |
Who are the targets of social engineering? | Contractors, Help Desk, Employees, end users |
What are the countermeasures to Social Engineering attacks? | Education, Good Policies, shred-it boxes. |
What is the principle of minimal access? | Only give access to resources that are absolutely needed. |
What type of attack is War Driving considered? | Eavesdropping |
What are some Network Discovery tools? | NetStumbler, Kismet, Easy Wi-Fi Radar |
What are some Packet Sniffing / Injection tools? | Wireshark, AirPcap, OmniPeek, Javvin CAPSA, CommView, MS NetMon |
What are some Eavesdropping Countermeasures? | Shielding, Hidden SSID (not great), Disable mixed mode (5GHz + 2.4GHz together) |
How is layer 2 DoS attack accomplished? | De-auth the target through de-auth frames or excessive interference. |
What can layer 2 DoS attack lead to? | Hijacking. Having the target connect to a Rogue AP instead of the normal AP they used to be on. |
What is the difference between layer 2 and 3 Hijacking? | With layer 3 they will give the user an IP address as well through a Rogue DHCP server. |
What is PNL? | Preferred Network List. List of SSIDs that a device will try to associate. Makes for good rogue AP targets. |
What is WIDS a countermeasure for? | Wireless Intrusion Detection System can find and drown out Rogue APs. Hijacking countermeasure. |
What is layer 1 DoS? | RF Jamming, creates so much background noise that devices cannot communicate. |
What are some common accidental layer 1 DoS devices? | Microwave, Cordless phone. |
What is a PS-Poll Flood? | PS = Power Saving, AP caches data for STA to send in intervals, attacker spoofs MAC and sends PS-Poll to collect the data. |
What is Association / Auth Flood? | Association / Auth packets with random MAC IDs. |
What are some DoS countermeasures? | You can use spectrum analyzer to find where they are attacking from, not much else. |
What is Management Interface Exploit? | When attacker is associated to the same subnet as the management interface, they can attempt to guess password. |
What are Management Interface Countermeasures? | VLAN segmentation, strong passwords. |
Should you use TKIP or AES with WPA? | AES, TKIP has known vulnerabilities. |
What weakness does LEAP have? | ASLEAP, intercept the challenge and response and then brute force the password. |
What weakness does PEAP and EAP-TTLS have? | If proper certificate validation is not performed an attacker can terminate the TLS tunnel and gather plaintext authentication info. Hijacking / MITM. |
What are Cracking Countermeasures? | Complex key, WPA + AES, WPA2, Certain WPS, Proper PEAP + EAP-TTLS |
What is good and bad with WPS? | Wifi Protected Setup, push button = good, 8 digit pin = 11,000 posibilities instead of 10^8...bad |
What happens when the lightweight AP cannot obtain an IP address from a DHCP server? | Continuously resets. It requires DHCP to start up. |
What is the default information of the controller? | Role = Master, IP = 172.16.0.254, VLAN = 1, AP Group = Default |
What is a PSK? | Pre Shared Key, basically a password. |
What is the difference between Enterprise and Personal WPA2? | Personal = Key, Enterprise = 802.1X auth (RADIUS) + AES encryption |
Other names for Autonomous APs? | Standalone, Fat, Intelligent edge |
Disadvantage of Autonomous AP? | separately configured, unique settings, must physically visit to change settings, manual load balancing. |
Which layer does management config occur on Autonomous APs? | access layer |
Which layer does management config occur on Controller? | Core (possibly distribution or access tho, so like anywhere) |
What functionality does the LWAP provide? | Functionally just a radio card and an antenna, all intelligence is on the controller. |
Can WLAN controller act as a switch? | yes |
Can WLAN Controller act as a router? | Many can, using OSPF |
How do most WLC communicate with their LWAPs? | Encapsulate the 802.11 frame into an IP tunnel, creates a point-to-point link between the WLC and the LWAP |
What standard is there for WLC to LWAP communication? | No standard, proprietary protocols used to transfer config settings, update firmware and maintain keep-alive traffic. Generic Routing Encapsulation (GRE) is common. |
How does the LWAP receive and send frames? | Receive = 802.11, send = using 802.3 wired connection using IP-encapsulated tunnel |
What gets set in the AP group profiles? | Channel, transmit power, and supported data rates. |
How many group profiles can an AP belong to? | 1 |
What gets set in the WLAN profile? | SSID, Security, VLANs, QoS |
How many WLAN profiles can an AP belong to? | Many |
What are virtual WLANs? | WLC can create them, each gets linked to a virtual BSSID (radio MAC), and SSID which is assigned to a specific VLAN. |
What is captive portal used for? | Authenticate guest access, very limited encryption. |
How can WLC handle load balancing and redundancy? | Supports VRRP (like HSRP), load balances between multiple LWAPs |
What kind of security feature does WLC provide? | Some have integrated WIDS |
How does WLC handle RF spectrum management? | Collects data from LWAPs which monitor their own channels as well as off-channels, the WLC can dynamically change channel or power settings based off info. |
Aruba 3200 Controller Info: | APs = 32, Users = 2048, ports = 4 x Gb |
How does Aruba LWAP get image? | From controller via FTP, config pushed via PAPI (how the controller talks to the AP) |
How many GRE tunnels are created for LWAP / WLC communication? | 1 per SSID and per Radio |
What is WPA? | Wi-Fi Protected Access, With TKIP = bad, with AES = good |
What is TKIP? | Temporal Key Integrity Protocol, used as a stop gap to fix broken WEP |
What is WEP? | Wired Equivalent Privacy. Very broken, not equivalent to wired at all. |
What is AES? | Advanced Encryption Standard, used with WPA optionally and WPA2 mandatory. |
What is EAP? | Extensible Authentication Protocol, LEAP = bad, PEAP + EAP-TTLS = good |