Wireless Local Area Networks (WLAN) use wireless technology to transmit data, voice and video signals over the air. As an alternative or extension to traditional wired networks, wireless local area networks free individuals from their desks, allowing them to access information anytime, anywhere, thereby increasing the productivity of individual employees. As one of the hotspots in the field of communication today, compared with wired, wireless local area network is relatively simple to start and implement, and the maintenance cost is low. Generally, a local area network covering the entire building or area can be established by placing one or more access point devices. . However, the WLAN system is not a complete wireless system, its server and backbone network are still placed in a fixed network, but users can access the network through wireless means.

Since WLAN is based on computer network and wireless communication technology, in the computer network structure, the logical link control (LLC) layer and the application layer above it have the same requirements for different physical layers , can also be different, therefore, the WLAN standard is mainly aimed at the physical layer and the medium access control layer (MAC), involving the used radio frequency range, air interface communication protocol and other technical specifications and technical standards.

Introduction to common terms:

AP: Bridge function for wireless client to LAN, wireless to wired and wired to wireless frame conversion between wireless client and wireless LAN .

AC: The wireless controller controls and manages all APs in the wireless LAN. The wireless controller can also provide authentication services for WLAN users by exchanging information with the authentication server.

FAT AP: A wireless device that controls and manages wireless clients. The transmission of frames between the client and the LAN needs to undergo wireless-to-wired and wired-to-wireless conversion, and the FAT AP acts as a bridge in this process. 、

The process of user access to the wireless network:

The user access process first needs to pass active/passive scanning, and can establish a connection with the AP after passing the two processes of authentication and association.

Active scanning, when users try to actively search for a network, they can use active scanning to scan the surrounding wireless networks. According to whether the specified SSID is carried, active scanning can be divided into two types:

1. The client sends a Probe Request (SSID is null): the user is pre-configured with a channel list, and the client's channel list in the channel list Broadcast a probe request frame (Probe Request). After the AP receives the probe request frame, it responds with a probe response frame (Probe Response). The client will choose the AP with the strongest signal to associate. This method is suitable for wireless clients to know whether there are available wireless services through active scanning.

2. The client sends a Probe Request (the Probe Request carries the specified SSID): In this case, because the client carries the specified SSID, only a unicast probe request frame (Probe Request) is sent, and the corresponding The AP responds to the request after receiving it. This method is suitable for wireless clients to access the specified wireless network through active scanning.

Passive scanning: Passive scanning means that the client discovers the network by listening to the Beacon frames periodically sent by the AP. The user is pre-configured with a list of channels to scan, listening for beacons on each channel. Passive scanning requires the AP to periodically send Beacon frames. Passive scanning can be used when the user needs to save power. General VoIP voice terminals usually use passive scanning.

Authentication process of WLAN access:

In order to prevent illegal user access, it is necessary to establish authentication between the user and the AC/FAT AP. There are two authentication mechanisms. The association phase can only be entered after passing the authentication.

Open system authentication: Open system authentication is the default authentication mechanism and the simplest authentication algorithm, that is, no authentication. If the authentication type is set to open system authentication, all clients requesting authentication will be authenticated. Open system authentication consists of two steps: the first step is to request authentication, and the second step is to return the authentication result.

Shared key authentication:

Shared key authentication is another authentication mechanism besides open system authentication. Shared key authentication requires the client and device to be configured with the same shared key.

The authentication process of shared key authentication is as follows: the client first sends an authentication request to the device, and the wireless device will randomly generate a Challenge packet (ie, a string) and send it to the client; the client will receive Copy the string to a new message, encrypt it with the key, and then send it to the wireless device; after receiving the message, the wireless device decrypts the message with the key, and then encrypts the decrypted string and the original message to the client. end strings to compare. If they are the same, it means that the client has the same shared key of the wireless device, that is, passed the Shared Key authentication; otherwise, the Shared Key authentication fails.

If the user wants to access the wireless network through the AP, the user must associate with a specific AP. When the user selects the wireless network by specifying the SSID and passes the AP authentication, the user can send the association request frame to the AP. The AP adds the user information to the database and replies the association response to the user. A user can only associate with one AP at a time, and the association is always initiated by the user.

Now, just add a network card to your laptop, whether it's in the hallway of a hotel cafe, or when you're on a business trip waiting for a plane at an out-of-town airport, you can get wireless broadband without cables Internet access, you can even enter your own company's internal LAN for office processing or send electronic instructions to your subordinates in distant places. This seemingly unreachable dream has actually quietly entered the lives of the public.

Although no system is ever 100 percent protected, the ability for differentiating between typical network traffic as well as potentially harmful malware is considered crucial and provides the focus of this associate-level certification path. Also, if you wish to acquire this certification, you should gain the CCNP 300-415 Dumps, which are being offered at the EveDumps.


Leave a comment