CWNA ® Certified Wireless Network Administrator Official Study Guide Fourth Edition

CWNA® Certified Wireless Network Administrator Official Study Guide Fourth Edition

David A. Westcott, CWNE #7 David D. Coleman, CWNE #4

ffi rs.indd 08/22/2014 Page i Senior Acquisitions Editor: Jeff Kellum Development Editor: Mary Ellen Schutz Technical Editors: Andrew von Nagy and Marcus Burton Production Editor: Eric Charbonneau Copy Editor: Judy Flynn Editorial Manager: Pete Gaughan Vice President and Executive Group Publisher: Richard Swadley Associate Publisher: Chris Webb Media Project Manager 1: Laura Moss-Hollister Media Associate Producer: Josh Frank Media Quality Assurance: Doug Kuhn Book Designer: Judy Fung Proofreader: Nancy Bell Indexer: Jack Lewis Project Coordinator, Cover: Patrick Redmond Cover Designer: Wiley Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-89370-8 ISBN: 978-1-118-89636-5 (ebk.) ISBN: 978-1-118-89612-9 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Control Number: 2014935748 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CWNA is a registered trademark of Alliance Services Ltd. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book. 10 9 8 7 6 5 4 3 2 1

ffi rs.indd 08/22/2014 Page ii Dear Reader,

Thank you for choosing CWNA: Certifi ed Wireless Network Administrator, Fourth Edition. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.

Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on to the authors we work with, our goal is to bring you the best books available.

I hope you see all that refl ected in these pages. I’d be very interested to hear your com- ments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected]. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.

Best regards,

Chris Webb Associate Publisher, Sybex, an Imprint of Wiley

ffi rs.indd 08/22/2014 Page iii

Acknowledgments

When we wrote the fi rst edition of the CWNA Study Guide, David Coleman’s children, Brantley and Carolina, were young teenagers. David would like to thank his now adult children for their years of support and for making their dad very proud. David would also like to thank his mother, Marjorie Barnes, and his stepfather, William Barnes, for many years of support and encouragement. David Coleman would also like to thank the entire Aerohive Networks training department: Paul Levasseur, Bryan Harkins, Metka Dragos, Gregor Vucajnk, Roslyn Rissler, and Yuki Fraher. We have built a fantastic team! David Coleman would also like to thank Abby Strong and all of his co-workers at Aerohive Networks (www.aerohive.com). It has been one wild ride the past four years! David Westcott would like to thank his parents, Kathy and George, who have provided so much support and love and from whom he has learned so much. He would also like to thank Janie, Jennifer, and Samantha for their patience and understanding of life on the road and for their support throughout the writing of this book. And special thanks to Savannah Grace, for providing me with the joy of seeing and experiencing life from a new perspective. David Westcott also would like to thank the training department at Aruba Networks. More than 10 years ago, Chris Leach hired him as a contract trainer. Much has changed over the years, but thanks to Chris, Carolyn Cutler, Susan Wells, Kevin Hamilton, Ramon Pastor, and Stewart Trammell, it has been a fun and exciting journey. Together, we must fi rst thank Sybex acquisitions editor Jeff Kellum for initially fi nding us and bringing us to this project. Jeff is an extremely patient and understanding editor who has now survived publishing six books with us. We would also like to thank our development editor, Mary Ellen Schutz. Mary Ellen did a great job keeping us focused and motivated. We also need to send special thanks to our editorial manager, Pete Gaughan; our production editor, Eric Charbonneau; Judy Flynn, our copyeditor; Nancy Bell, our proofreader; and Jack Lewis, our indexer. We also need to give a big shout-out to our technical editor, Marcus Burton of Ruckus Networks (www.ruckuswireless.com). The feedback and input provided by Marcus was invaluable. Special thanks also goes to Andrew vonNagy of Revolution Wi-Fi (www.revolutionwifi.net) for his feedback and content review. Andrew is a well-known Wi-Fi superstar who writes the best vendor-neutral Wi-Fi blog. Thanks very much to Matthew Gast for the heartfelt foreword. Matthew, an author himself, has written numerous books about 802.11 technology. A simple Google search on Matthew Gast’s name reveals why he is considered an utmost authority on 802.11 technology. We would also like to thank Brad Crump, Tom Carpenter, and Julia Baldini of the CWNP program (www.cwnp.com). All CWNP employees, past and present, should be proud of the inter- nationally renowned wireless certifi cation program that sets the education standard within the enterprise Wi-Fi industry. It has been a pleasure working with all of you for over a decade. Andrew Crocker has again provided us with wonderful photographs and some amazing edit- ing of some not so wonderful photographs that we provide him. You can see much more of his work and talent at www.andrew-crocker.com. Thanks to Proxim and to Ken Ruppel ([email protected]) for allowing us to include the video Beam Patterns and Polarization of Directional Antennas with the book’s online resources, which can be accessed at www.sybex.com/go/cwna4e. Special thanks goes to Andras Szilagyi, not only for creating the EMANIM software program but for all the extra assistance he provided over the past eight years by creating customized versions of the program for the different editions of the book. We would also like to thank the following individuals and companies for their support and contributions to the book: Caster Tray (www.castertray.com) —Joel Baldevarona Divergent Dynamics (www.divergentdynamics.com) —Devin Akin Ekahau (www.ekahau.com) —Jussi Kiviniemi Fluke Networks (www.flukenetworks.com) —Dilip Advani, Karthik Krishnaswamy Metageek (www.metageek.com) —Mark Jensen WLAN Professionals (www.wlanpros.com) —Keith Parsons Welch Allyn (www.welchallyn.com) —Jeffrey Walker Wi-Fi Alliance (www.wi-fi.org) —Trisha Campbell Xirrus (www.xirrus.com) —Bruce Miller About the Authors

David D. Coleman is the Global Training Manager for Aerohive Networks, www.aerohive.com, creators of the award-winning cooperative control wireless LAN (WLAN) architecture. David is in charge of Aerohive training programs for all partners and customers. He has instructed IT professionals from around the globe in wireless networking administration, wireless security, and wireless frame analysis. David has written multiple books, blogs, and white papers about wireless networking. Prior to working at Aerohive, he specialized in corporate and government Wi-Fi training, In the past, he provided WLAN training for numerous private corporations, the US Army, the US Navy, the US Air Force, and other federal and state government agencies. When he is not traveling, David resides in Atlanta, Georgia. David is CWNE #4, and he can be reached via email at [email protected]. You can also follow David online via Twitter at www .twitter.com/mistermultipath.

David Westcott is an independent consultant and technical trainer with more than 25 years of experience in information technology, specializing in wireless networking and security. In addi- tion to providing advice and direction to corporate clients, David has been a certifi ed trainer for more than 21 years, providing training around the world to government agencies, corporations, and universities. He has provided training on six continents and in over 45 US states. David was an adjunct faculty member for Boston University’s Corporate Education Center for more than 10 years. He has co-authored six books about wireless networking as well as numerous white papers and best practices documents. He has also developed courseware and training videos for clients on wireless networking, wireless mesh networking, wireless packet analysis, wired networking, and security. David especially enjoys providing custom onsite training, which focuses on teaching his clients how to apply product and technical knowledge to address their support and troubleshooting needs. Since installing his fi rst wireless network in 1999, David has become a Certifi ed Wireless Network Trainer, Administrator, Security Professional, and Analysis Professional. He has earned certifi cations from Cisco, Aruba Networks, Microsoft, EC-Council, CompTIA, and Novell. When not traveling, David lives in Concord, Massachusetts. David is CWNE #7 and can be reached via email at [email protected]. Contents at a Glance

Foreword xxvii Introduction xxix Assessment Test lix

Chapter 1 Overview of Wireless Standards, Organizations, and Fundamentals 1 Chapter 2 Radio Frequency Fundamentals 31 Chapter 3 Radio Frequency Components, Measurements, and Mathematics 63 Chapter 4 Radio Frequency Signal and Antenna Concepts 107 Chapter 5 IEEE 802.11 Standards 161 Chapter 6 Wireless Networks and Spread Spectrum Technologies 199 Chapter 7 Wireless LAN Topologies 237 Chapter 8 802.11 Medium Access 263 Chapter 9 802.11 MAC Architecture 283 Chapter 10 WLAN Architecture 325 Chapter 11 WLAN Deployment and Vertical Markets 371 Chapter 12 WLAN Troubleshooting and Design 399 Chapter 13 802.11 Network Security Architecture 459 Chapter 14 Wireless Attacks, Intrusion Monitoring, and Policy 499 Chapter 15 Radio Frequency Site Survey Fundamentals 533 Chapter 16 Site Survey Systems and Devices 561 Chapter 17 Power over Ethernet (PoE) 595 Chapter 18 802.11n 621 Chapter 19 Very High Throughput (VHT) and 802.11ac 659 Chapter 20 Bring Your Own Device (BYOD) 697

Appendix A Answers to Review Questions 735 Appendix B Abbreviations and Acronyms 783 Appendix C About the Additional Study Tools 797

Index 801

ffi rs.indd 08/22/2014 Page viii Contents

Foreword xxvii

Introduction xxix

Assessment Test lix

Chapter 1 Overview of Wireless Standards, Organizations, and Fundamentals 1 History of WLAN 2 Standards Organizations 4 Federal Communications Commission 5 International Telecommunication Union Radiocommunication Sector 6 Institute of Electrical and Electronics Engineers 7 Internet Engineering Task Force 8 Wi-Fi Alliance 10 International Organization for Standardization 15 Core, Distribution, and Access 16 Communications Fundamentals 17 Understanding Carrier Signals 18 Understanding Keying Methods 20 Summary 25 Exam Essentials 25 Review Questions 26

Chapter 2 Radio Frequency Fundamentals 31 What Is a Radio Frequency Signal? 33 Radio Frequency Characteristics 34 Wavelength 34 Frequency 39 Amplitude 40 Phase 41 Radio Frequency Behaviors 42 Wave Propagation 43 Absorption 44 Reflection 44 Scattering 46 Refraction 46 Diffraction 48 Loss (Attenuation) 49

ftoc.indd 08/2½ 014 Page ix x Contents

Free Space Path Loss 51 Multipath 53 Gain (Amplification) 56 Summary 57 Exam Essentials 57 Review Questions 59

Chapter 3 Radio Frequency Components, Measurements, and Mathematics 63 RF Components 66 Transmitter 66 Antenna 67 Receiver 68 Intentional Radiator (IR) 68 Equivalent Isotropically Radiated Power 68 Units of Power and Comparison 70 Watt 71 Milliwatt (mW) 71 Decibel (dB) 72 dBi 74 dBd 74 dBm 75 Inverse Square Law 76 RF Mathematics 77 Rule of 10s and 3s 78 Noise Floor 89 Signal-to-Noise Ratio (SNR) 89 Received Signal Strength Indicator 89 Link Budget 94 Fade Margin/System Operating Margin 97 Summary 99 Exam Essentials 100 Review Questions 102

Chapter 4 Radio Frequency Signal and Antenna Concepts 107 Azimuth and Elevation Charts (Antenna Radiation Envelopes) 110 Interpreting Polar Charts 112 Beamwidth 114 Antenna Types 117 Omnidirectional Antennas 118 Semidirectional Antennas 121 Highly Directional Antennas 123 Sector Antennas 125

ftoc.indd 08/2½ 014 Page x Contents xi

Antenna Arrays 126 Visual Line of Sight 129 RF Line of Sight 129 Fresnel Zone 129 Earth Bulge 134 Antenna Polarization 135 Antenna Diversity 136 Multiple-Input, Multiple-Output 137 MIMO Antennas 138 Antenna Connection and Installation 139 Voltage Standing Wave Ratio 139 Signal Loss 141 Antenna Mounting 141 Antenna Accessories 147 Cables 147 Connectors 148 Splitters 149 Amplifiers 149 Attenuators 150 Lightning Arrestors 150 Grounding Rods and Wires 152 Regulatory Compliance 154 Summary 155 Exam Essentials 155 Review Questions 157

Chapter 5 IEEE 802.11 Standards 161 Original IEEE 802.11 Standard 164 IEEE 802.11-2007 Ratified Amendments 166 802.11b-1999 166 802.11a-1999 167 802.11g-2003 169 802.11d-2001 172 802.11h-2003 172 802.11i-2004 174 802.11j-2004 175 802.11e-2005 175 IEEE Std 802.11-2012 176 802.11r-2008 179 802.11k-2008 179 802.11y-2008 181 802.11w-2009 181 802.11n-2009 182 802.11p-2010 182

ftoc.indd 08/2½ 014 Page xi xii Contents

802.11z-2010 183 802.11u-2011 183 802.11v-2011 183 802.11s-2011 184 Post-2012 Ratified Amendments 185 802.11ae-2012 185 802.11aa-2012 185 802.11ad-2012 185 802.11ac-2013 186 802.11af-2014 187 IEEE 802.11 Draft Amendments 188 802.11ah 188 802.11ai 189 802.11aj 189 802.11ak 189 802.11aq 189 Defunct Amendments 189 802.11F 189 802.11T 192 802.11m Task Group 193 Summary 193 Exam Essentials 194 Review Questions 195

Chapter 6 Wireless Networks and Spread Spectrum Technologies 199 Industrial, Scientific, and Medical Bands 201 900 MHz ISM Band 202 2.4 GHz ISM Band 202 5.8 GHz ISM Band 203 Unlicensed National Information Infrastructure Bands 203 U-NII-1 (Lower Band) 204 U-NII-2 (Middle Band) 204 U-NII-2 Extended 204 U-NII-3 (Upper Band) 205 Future U-NII Bands 206 3.6 GHz Band 208 4.9 GHz Band 208 Future Wi-Fi Frequencies 208 60 GHz 208 White-Fi 209 Narrowband and Spread Spectrum 210

ftoc.indd 08/2½ 014 Page xii Contents xiii

Multipath Interference 211 Frequency Hopping Spread Spectrum 212 Hopping Sequence 213 Dwell Time 213 Hop Time 214 Modulation 214 Direct Sequence Spread Spectrum 215 DSSS Data Encoding 216 Modulation 217 Packet Binary Convolutional Code 217 Orthogonal Frequency Division Multiplexing 218 Convolutional Coding 219 Modulation 220 2.4 GHz Channels 221 5 GHz Channels 224 Adjacent, Nonadjacent, and Overlapping Channels 229 Throughput vs. Bandwidth 230 Communication Resilience 231 Summary 231 Exam Essentials 232 Review Questions 233

Chapter 7 Wireless LAN Topologies 237 Wireless Networking Topologies 238 Wireless Wide Area Network (WWAN) 238 Wireless Metropolitan Area Network (WMAN) 239 Wireless Personal Area Network (WPAN) 240 Wireless Local Area Network (WLAN) 240 802.11 Topologies 241 Access Point 242 Client Station 242 Integration Service 243 Distribution System 243 Wireless Distribution System 244 Service Set Identifier 247 Basic Service Set 248 Basic Service Set Identifier 248 Basic Service Area 249 Extended Service Set 250 Independent Basic Service Set 253 Mesh Basic Service Set 253 QoS Basic Service Set 255

ftoc.indd 08/2½ 014 Page xiii xiv Contents

802.11 Configuration Modes 255 Access Point Modes 256 Client Station Modes 257 Summary 257 Exam Essentials 258 Review Questions 259

Chapter 8 802.11 Medium Access 263 CSMA/CA vs. CSMA/CD 264 Collision Detection 265 Distributed Coordination Function 266 Interframe Space (IFS) 266 Duration/ID Field 267 Carrier Sense 268 Random Backoff Timer 270 Point Coordination Function 271 Hybrid Coordination Function 272 Enhanced Distributed Channel Access 272 HCF Controlled Channel Access 273 Block Acknowledgment 274 Wi-Fi Multimedia 275 Airtime Fairness 276 Summary 278 Exam Essentials 278 Review Questions 279

Chapter 9 802.11 MAC Architecture 283 Packets, Frames, and Bits 285 Data-Link Layer 286 MAC Service Data Unit 286 MAC Protocol Data Unit 286 Physical Layer 287 PLCP Service Data Unit 287 PLCP Protocol Data Unit 287 802.11 and 802.3 Interoperability 288 Three 802.11 Frame Types 290 Management Frames 291 Control Frames 291 Data Frames 292 Beacon Management Frame 293 Passive Scanning 294 Active Scanning 295

ftoc.indd 08/2½ 014 Page xiv Contents xv

Authentication 297 Open System Authentication 297 Shared Key Authentication 298 Association 299 Authentication and Association States 300 Basic and Supported Rates 300 Roaming 301 Reassociation 301 Disassociation 303 Deauthentication 304 ACK Frame 304 Fragmentation 305 Protection Mechanism 307 RTS/CTS 309 CTS-to-Self 310 Data Frames 311 Power Management 312 Active Mode 313 Power Save Mode 313 Traffic Indication Map 313 Delivery Traffic Indication Message 314 Announcement Traffic Indication Message 315 WMM Power Save and U-APSD 315 802.11n Power Management 318 Summary 318 Exam Essentials 319 Review Questions 321

Chapter 10 WLAN Architecture 325 Wireless LAN Client Devices 326 802.11 Radio Form Factors 326 802.11 Radio Chipsets 333 Client Utilities 333 Management, Control, and Data Planes 337 Management Plane 338 Control Plane 338 Data Plane 339 WLAN Architecture 339 Autonomous WLAN Architecture 339 Centralized Network Management Systems 341 Cloud Networking 343 Centralized WLAN Architecture 343 Distributed WLAN Architecture 351

ftoc.indd 08/2½ 014 Page xv xvi Contents

Unified WLAN Architecture 353 Hybrid Architecture 353 Specialty WLAN Infrastructure 354 Wireless Workgroup Bridge 354 Wireless LAN Bridges 354 Enterprise WLAN Routers 357 Wireless LAN Mesh Access Points 358 WLAN Array 359 Virtual AP System 360 Real-Time Location Systems 361 VoWiFi 362 Summary 364 Exam Essentials 364 Review Questions 366

Chapter 11 WLAN Deployment and Vertical Markets 371 Deployment Considerations for Commonly Supported WLAN Applications and Devices 373 Data 373 Voice 374 Video 374 Real-Time Location Services 375 Mobile Devices 376 Corporate Data Access and End-User Mobility 377 Network Extension to Remote Areas 378 Bridging: Building-to-Building Connectivity 378 Wireless ISP: Last-Mile Data Delivery 379 Small Office/Home Office 379 Mobile Office Networking 380 Branch Offices 381 Educational/Classroom Use 381 Industrial: Warehousing and Manufacturing 382 Retail 382 Healthcare: Hospitals and Offices 384 Municipal Networks 385 Hotspots: Public Network Access 385 Stadium Networks 387 Transportation Networks 387 Law Enforcement Networks 388 First-Responder Networks 389 Fixed Mobile Convergence 389 WLAN and Health 390 WLAN Vendors 391

ftoc.indd 08/2½ 014 Page xvi Contents xvii

Summary 393 Exam Essentials 393 Review Questions 394

Chapter 12 WLAN Troubleshooting and Design 399 Layer 2 Retransmissions 401 RF Interference 403 Multipath 407 Adjacent Channel Interference 408 Low SNR 409 Mismatched Power Settings 411 Near/Far 413 Hidden Node 414 802.11 Coverage Considerations 418 Dynamic Rate Switching 419 Roaming 422 Layer 3 Roaming 426 Co-channel Interference 428 Channel Reuse/Multiple-Channel Architecture 430 Channel Reuse/Channel Bonding 434 Single-Channel Architecture 437 Capacity vs. Coverage 440 Band Steering 442 Load Balancing 443 High-Density WLANs 444 Oversized Coverage Cells 447 Physical Environment 447 Voice vs. Data 447 Performance 449 Weather 450 Upper-Layer Troubleshooting 451 Summary 452 Exam Essentials 453 Review Questions 454

Chapter 13 802.11 Network Security Architecture 459 802.11 Security Basics 461 Data Privacy and Integrity 462 Authentication, Authorization, and Accounting 463 Segmentation 464 Monitoring and Policy 464 Legacy 802.11 Security 465 Legacy Authentication 465

ftoc.indd 08/2½ 014 Page xvii xviii Contents

Static WEP Encryption 466 MAC Filters 469 SSID Cloaking 469 Robust Security 470 Robust Security Network (RSN) 472 Authentication and Authorization 472 PSK Authentication 472 Proprietary PSK Authentication 474 802.1X/EAP Framework 475 EAP Types 477 Dynamic Encryption-Key Generation 478 4-Way Handshake 480 WPA/WPA2-Personal 481 TKIP Encryption 481 CCMP Encryption 482 Traffic Segmentation 484 VLANs 484 RBAC 486 Infrastructure Security 487 Physical Security 487 Interface Security 487 VPN Wireless Security 488 Layer 3 VPNs 488 SSL VPN 489 VPN Deployment 489 Guest WLAN Security 490 Captive Portal 491 Summary 493 Exam Essentials 493 Review Questions 495

Chapter 14 Wireless Attacks, Intrusion Monitoring, and Policy 499 Wireless Attacks 500 Rogue Wireless Devices 501 Peer-to-Peer Attacks 503 Eavesdropping 505 Encryption Cracking 508 Authentication Attacks 509 MAC Spoofing 511 Management Interface Exploits 512 Wireless Hijacking 512 Denial of Service (DoS) 514

ftoc.indd 08/2½ 014 Page xviii Contents xix

Vendor-Specific Attacks 515 Social Engineering 516 Intrusion Monitoring 516 Wireless Intrusion Detection System 516 Wireless Intrusion Prevention System (WIPS) 519 Mobile WIDS 521 Spectrum Analyzer 522 Wireless Security Policy 523 General Security Policy 524 Functional Security Policy 524 Legislative Compliance 524 802.11 Wireless Policy Recommendations 526 Summary 527 Exam Essentials 527 Review Questions 528

Chapter 15 Radio Frequency Site Survey Fundamentals 533 WLAN Site Survey Interview 534 Customer Briefing 534 Business Requirements 535 Capacity and Coverage Requirements 536 Existing Wireless Network 539 Infrastructure Connectivity 541 Security Expectations 543 Guest Access 543 Documents and Reports 544 Forms and Customer Documentation 544 Deliverables 547 Additional Reports 547 Vertical Market Considerations 549 Outdoor Surveys 549 Aesthetics 550 Government 550 Education 551 Healthcare 552 Hotspots 552 Retail 553 Warehouses 553 Manufacturing 553 Multitenant Buildings 554 Summary 554 Exam Essentials 554 Review Questions 556

ftoc.indd 08/2½ 014 Page xix xx Contents

Chapter 16 Site Survey Systems and Devices 561 Site Survey Defined 562 Protocol and Spectrum Analysis 563 Spectrum Analysis 564 Coverage Analysis 568 AP Placement and Configuration 574 Application Analysis 574 Site Survey Tools 575 Indoor Site Survey Tools 576 Outdoor Site Survey Tools 579 Coverage Analysis 581 Manual 582 Predictive 584 Dynamic RF 585 Wireless Network Validation 586 Summary 587 Exam Essentials 588 Review Questions 589

Chapter 17 Power over Ethernet (PoE) 595 History of PoE 596 Nonstandard PoE 596 IEEE 802.3af 597 IEEE Std 802.3-2005, Clause 33 597 IEEE 802.3at-2009 597 IEEE Std 802.3-2012, Clause 33 597 An Overview of PoE Devices 598 Powered Device 598 Power-Sourcing Equipment 600 Endpoint PSE 601 Midspan PSE 602 Power-Sourcing Equipment Pin Assignments 605 Planning and Deploying PoE 609 Power Planning 609 Redundancy 612 802.11n or 802.11ac and PoE 613 Summary 614 Exam Essentials 615 Review Questions 616

Chapter 18 802.11n 621 802.11n-2009 Amendment 623 Wi-Fi Alliance Certification 624

ftoc.indd 08/2½ 014 Page xx Contents xxi

MIMO 626 Radio Chains 627 Spatial Multiplexing (SM) 628 MIMO Diversity 630 Space-Time Block Coding (STBC) 631 Cyclic Shift Diversity (CSD) 631 Transmit Beamforming (TxBF) 632 HT Channels 634 20 MHz Non-HT and HT Channels 634 40 MHz Channels 636 Forty MHz Intolerant 638 Guard Interval (GI) 638 Modulation and Coding Scheme (MCS) 640 HT PHY 643 Non-HT Legacy 643 HT Mixed 644 HT Greenfield 645 HT MAC 645 A-MSDU 645 A-MPDU 646 Block Acknowledgment 647 Reduced Interframe Space 648 HT Power Management 648 HT Operation 649 20/40 Channel Operation 650 HT Protection Modes (0–3) 650 RTS/CTS and CTS-to-Self 651 Summary 652 Exam Essentials 652 Review Questions 654

Chapter 19 Very High Throughput (VHT) and 802.11ac 659 802.11ac-2013 Amendment 662 5 GHz Only 663 20, 40, 80, and 160 MHz Channels 663 256-QAM Modulation 669 Modulation and Coding Schemes 672 Single-User MIMO 673 802.11ac Data Rates 674 VHT MAC 676 A-MPDU 677 RTS/CTS 677

ftoc.indd 08/2½ 014 Page xxi xxii Contents

Beamforming 680 Explicit Beamforming 680 Multiuser MIMO 681 Multiuser Beamforming 682 Quality of Service 684 Infrastructure Requirements 685 Ethernet 685 Power 687 802.11ac in a SOHO or Home 688 Device Radios 688 Data Flow/Usage 688 Spatial Streams 689 Wider 802.11ac Channels 689 MU-MIMO 689 Wi-Fi Alliance Certification 689 Summary 690 Exam Essentials 691 Review Questions 692

Chapter 20 Bring Your Own Device (BYOD) 697 Mobile Device Management 699 Company-Issued Devices vs. Personal Devices 701 MDM Architecture 701 MDM Enrollment 703 MDM Profiles 706 MDM Agent Software 709 Over-the-Air Management 710 Application Management 712 Wi-Fi Client Onboarding 713 Guest WLAN Access 714 Guest SSID 714 Guest VLAN 715 Guest Firewall Policy 715 Captive Web Portals 717 Client Isolation, Rate Limiting, and Web Content Filtering 719 Guest Management 719 Guest Self-Registration 721 Employee Sponsorship 721 Social Login 723 Encrypted Guest Access 724 Network Access Control (NAC) 725 Posture 725 NAC and BYOD 726

ftoc.indd 08/2½ 014 Page xxii Contents xxiii

OS Fingerprinting 726 AAA 727 RADIUS Change of Authorization 727 Summary 728 Exam Essentials 728 Review Questions 730

Appendix A Answers to Review Questions 735 Chapter 1: Overview of Wireless Standards, Organizations, and Fundamentals 736 Chapter 2: Radio Frequency Fundamentals 738 Chapter 3: Radio Frequency Components, Measurements, and Mathematics 740 Chapter 4: Radio Frequency Signal and Antenna Concepts 742 Chapter 5: IEEE 802.11 Standards 744 Chapter 6: Wireless Networks and Spread Spectrum Technologies 746 Chapter 7: Wireless LAN Topologies 748 Chapter 8: 802.11 Medium Access 750 Chapter 9: 802.11 MAC Architecture 752 Chapter 10: WLAN Architecture 754 Chapter 11: WLAN Deployment and Vertical Markets 757 Chapter 12: WLAN Troubleshooting and Design 759 Chapter 13: 802.11 Network Security Architecture 762 Chapter 14: Wireless Attacks, Intrusion Monitoring, and Policy 764 Chapter 15: Radio Frequency Site Survey Fundamentals 767 Chapter 16: Site Survey Systems and Devices 770 Chapter 17: Power over Ethernet (PoE) 772 Chapter 18: 802.11n 774 Chapter 19: Very High Throughput (HT) and 802.11ac 777 Chapter 20: Bring Your Own Device (BYOD) 779

Appendix B Abbreviations and Acronyms 783 Certifications 784 Organizations and Regulations 784 Measurements 785 Technical Terms 786

Appendix C About the Additional Study Tools 797

Index 801

ftoc.indd 08/2½ 014 Page xxiii

Table of Exercises

Exercise 2.1 Visual Demonstration of Absorption ...... 50 Exercise 2.2 Visual Demonstration of Multipath and Phase ...... 55 Exercise 3.1 Step-by-Step Use of the Rule of 10s and 3s...... 79 Exercise 3.2 Rule of 10s and 3s, Example 1 ...... 80 Exercise 3.3 Rule of 10s and 3s, Example 2 ...... 81 Exercise 3.4 Rule of 10s and 3s, Example 3 ...... 84 Exercise 3.5 Rule of 10s and 3s, Example 4 ...... 86 Exercise 3.6 Link Budget and Fade Margin ...... 98 Exercise 9.1 Viewing Beacon Frames...... 293 Exercise 9.2 Understanding Probe Requests and Probe Responses ...... 296 Exercise 9.3 Using Open System Authentication ...... 297 Exercise 9.4 Understanding Association ...... 299 Exercise 9.5 Understanding Reassociation ...... 303 Exercise 9.6 Understanding Acknowledgment...... 305 Exercise 9.7 Using Data Frames ...... 312 Exercise 13.1 Using Unencrypted and Encrypted Data Frames ...... 463 Exercise 13.2 802.1X/EAP and 4-Way Handshake Process ...... 482 Exercise 16.1 Cable Loss Calculations ...... 581

Foreword

My fi rst formative experience with networking was installing Linux on a 386 laptop. In the days before PC Cards, getting computers on a network was not a plug-and-play task. My fi rst experience with Wi-Fi required going to war with Windows device drivers, and I expended all that effort so I could walk up to my co-workers and ask them, “What is your favorite website?” and then proceed to call it up without having the computer plugged into anything. Such a simple shtick is what passed for a Wi-Fi demo at the time, and the novelty delighted and amazed people more than many demos I have done since. The years since then have been an interesting journey. I didn’t know it at the time, but my after-hours fi ghting with that old beat-up laptop had nudged me in a new direction. As I traveled the world volunteering in industry groups that were developing the technology, I would visit many interesting locations, hoping that our protocols would stand the test of time while wandering the Acropolis in Athens or lost in the back streets of Venice, wonder- ing whether the jumbled Venetian streets were more or less confusing than the Wi-Fi security architecture, and reveling in the electronic culture of Tokyo while contemplating the obvious challenges to building Wi-Fi networks in such a dense and thriving city. Providing freely fl owing connectivity is a challenge, and many technologies contended to be the prime mover of that ubiquitous connectivity. Wi-Fi provided such a blend of high speeds and good capacity with good economics that it became the default way to connect to a network. Wi-Fi has grown from an interesting curiosity used by the networking elite into a technology so woven into the fabric of our lives that it has erased Ethernet from our collec- tive memory. Starting with the introduction of the fi rst MacBook Air in 2008, everything became connected primarily by Wi-Fi. Without the ability to offer continuous connectivity, rich media experiences on phones would not have happened. Tablets are possible because so much content and data is accessible through networks that the mass storage can be held outside the device, accessible through a robust network connection. Our fi rst great wave of connectivity is now coming to a close. Wi-Fi’s fi rst act—connecting people—is over. We turned desktops into laptops and then turned laptops into bulky accessories that we used only when our phones and tablets would not suffi ce. It is now time for the second act—connecting everything else. Making the world around us more aware and responsive requires that new sensors just power up, tune in, and start reporting on the world around them. Instrumenting everything will unleash a fl ood of data, and tomorrow’s Wi-Fi networks need to handle that data without a hitch. Underpinning every API, every service, and all of the instrumentation needed to make it all work is a solid foundation of connectivity. Interacting with and controlling the world requires a bigger network than we have ever seen, and Wi-Fi will be one of the pillars of our brave new data-driven world.

fl ast.indd 08/21/2014 Page xxvii xxviii Foreword

The only thing worse than missing the last decade of innovation in Wi-Fi would be to miss the next innovation. Reading this book is an excellent fi rst step in participating in the decade yet to come. As you take those fi rst steps, halting as they may seem, trust in your guides. Both David and Dave have been in Wi-Fi as long as I have, and their practical knowledge and expertise are the best introduction to the technology you could ask for. —Matthew Gast Former chair, 802.11-2012 & Wi-Fi Alliance task group leader San Francisco, California April 2014