《cisco关于wlan无线技术与应用运营的解决方案.ppt》由会员分享,可在线阅读,更多相关《cisco关于wlan无线技术与应用运营的解决方案.ppt(88页珍藏版)》请在三一办公上搜索。
1、WLAN无线技术与应用,WLAN无线应用与标准,议题,无线运营部署及案例分享,WLAN无线网络架构与关键技术,思科统一无线网络解决方案,WLAN 的增长预期,Huge expected growth of WLAN users based upon ease of use and ROI in IT infrastructure.,Graph courtesy of Radicati Group,Inc.,Wi-Fi Notebooks 超越 Desktops驱动WLAN的技术采用与市场增长,From 1999 it took Cisco 51 months to sell one milli
2、on access points.,From 2004 it took Cisco 14 months to sell one million access points.,For 2006,its projected to take Cisco only 10 months to sell one million access points.,95%of Todays Notebooks Ship Wi-Fi Enabled,Notebooks Surpass Desktops!,90%of Wi-Fi Chips Are Cisco Compatible,WLAN 部署场合,Interne
3、t,家庭ISP连接消费市场建筑物之间的连接Point to pointMulti-point“最后一公里”ISP连接Office connectivityRural internet accessWireless mesh city,WLAN业务应用数据、语音、视频、定位,On the Road,Business Applications,Mobile Healthcare,Inventory Management,Video Surveillance,Asset Tracking,Hot Spot,Point of Sale,Real-Time Data,Airport,Campus and
4、 Branch Office,Guest Access,Secure Mobility,Hotel,WLAN无线标准组织,FCC-Federal Communications Commission(www.fcc.gov)regulates the use of wireless devices in the USAIEEE-Institute of Electrical and Electronic Engineers(www.ieee.org)creates and maintains operational standardsETSI-European Telecommunication
5、s Standards Institute(www.etsi.org)chartered to produce common standards in EuropeWi-Fi Alliance-(www.wi-)promotes and tests for WLAN interoperabilityWLANA-WLAN Association(www.wlana.org)educate and raise consumer awareness regarding WLANs,IEEE 802.11 已完成的标准,IEEE 802.11-The original 1 Mbit/s and 2 M
6、bit/s,2.4 GHz RF and IR standard(1999)IEEE 802.11a-54 Mbit/s,5 GHz standard(1999,shipping products in 2001)IEEE 802.11b-Enhancements to 802.11 to support 5.5 and 11 Mbit/s(1999)IEEE 802.11c-Bridge operation procedures;standard(2001)IEEE 802.11d-International(country-to-country)roaming extensions(200
7、1)IEEE 802.11e-Enhancements:QoS,(2005)IEEE 802.11F-Inter-Access Point Protocol(2003)Withdrawn February 2006 IEEE 802.11g-54 Mbit/s,2.4 GHz standard(backwards compatible with b)(2003)IEEE 802.11h-Spectrum Managed 802.11a(5 GHz)for European compatibility(2004)IEEE 802.11i-Enhanced security(2004)IEEE 8
8、02.11j-Extensions for Japan(2004),IEEE 目前发展的标准,IEEE 802.11k-Radio resource measurement enhancements IEEE 802.11m-Maintenance of the standard;odds and ends.IEEE 802.11n-Higher throughput improvements using MIMO IEEE 802.11p-WAVE-Wireless Access for the Vehicular Environment IEEE 802.11r-Fast roaming
9、Working IEEE 802.11s-ESS Mesh Networking IEEE 802.11T-Wireless Performance Prediction(WPP)(test methods and metrics recommendation)IEEE 802.11u-Interworking with non-802 networks(for example,cellular)IEEE 802.11v-Wireless network management IEEE 802.11w-Protected Management Frames IEEE 802.11y-3650-
10、3700 Operation in the U.S.Note:802.11 L,O,Q and X are reserved by IEEE and have not been defined.,无线局域网技术演进,时间,802.11b,802.11g,网状网/MESH,802.11a,速率,802.11n,全移动能力,大面积组网,游牧能力,小规模组网,目前已经全球成熟商用,1999年,WiFi标准-802.11a/b/g/n:采用无需许可的频段(ISM);通常在室内为30米左右,室外可以达到100米左右;通过功放可以满足更远的覆盖距离,主要是终端功率的限制;,802.11b采用扩频技术,速率
11、可达10Mbps左右,802.11g采用OFDM技术,速率可达54Mbps,同时利用CCK可以兼容802.11b,802.11a采用OFDM技术,速率可达54Mbps,802.11n采用MIMO技术在原有的物理层面上将速率提高到了400Mbps甚至更高的水平,目前市场上准802.11n的产品已经可以达到300Mbps的水平,而仅仅采用一个频点。这就是MIMO带来的优势。,2004年,2007年,802.11s,无线局域网采用的非专用频段:工业、科研、医学(ISM)频段,ExtremelyLow,VeryLow,Low,Medium,High,VeryHigh,Infrared红外线,Visib
12、leLight可见光,Ultra-violet紫外线,X-RaysX射线,Audio,AM广播,短波广播,FM 广播,电视,红外无线局域网,902-928 MHz26 MHz,蜂窝电话(840MHz),NPCS(1.9GHz),2.4-2.4835 GHz83.5 MHz(IEEE 802.11),5 GHz(IEEE 802.11)HyperLANHyperLAN2,UltraHigh,SuperHigh,2400,2483.5,2500,802.11b,CH 12412,CH 62437,CH 112462,工作在 2.4 GHz ISM 频段速率为 1,2,5.5 和 11 Mbps采用
13、 Direct Sequence Spread Spectrum(DSSS)modulation调制技术最多可以有 14 个channels11 U.S channels;13 ETSI channnels,14 Japan channels只有3 不重叠的channels,802.11b典型的速率与距离,90 ft,802.11b station association data rates.If limit of range is 90 ft,best rates are within 22 ft.,Range,Data rate,802.11g,工作在2.4 GHz ISM 频段速率为
14、6,9,12,18,24,36,48 和 54 Mbps采用 Orthogonal Frequency Division Multiplexing(OFDM)modulation 调制技术向后兼容802.11b“b”客户端可以与“g”无线接入设备工作(11Mbps速率以下);“g”客户端也可以与“b”无线接入设备工作(11Mbps以下).与802.11b一样,为 3不重叠的channels,802.11g典型的速率与距离,54 Mbps,48 Mbps,36 Mbps,12 Mbps,90 ft,802.11g should have the same range as 802.11b but
15、 at higher rates.,Range,Data rate,802.11b/g频点规划,1,1,1,6,6,11,11,11,802.11a,工作在 5 GHz UNII 频段速率为 6,9,12,18,24,36,48 和 54 Mbps 采用 Orthogonal Frequency Division Multiplexing(OFDM)modulation 调制技术可具有 4,8 or 12不重叠的channels。,54 Mbps,48 Mbps,36 Mbps,12 Mbps,802.11a典型的速率与距离,81 ft,Range,Data rate,802.11a/b/g
16、比较:-网络容量,802.11b/g&802.11a 比较,54 Mbps,48 Mbps,36 Mbps,12 Mbps,11/54 Mbps,5.5/48 Mbps,2/36 Mbps,1/12 Mbps,Cisco field studies have shown that an 802.11a AP will cover 90%of the area of 802.11b/g AP at the same power setting,802.11b/g range vs data rate,802.11a range vs data rate,802.11a/b/g 比较:-应用范围,
17、WLAN标准小结,802.11n 标准发展,IEEE 802.11n standard is still under developmentChanges to the standard are still being made(base features are mostly stable,optional features are in flux)Architectural and Security reviews are still underwayLetter Ballot passed in Mar 07(Draft 2.0)WFA certification of 802.11n
18、Draft 2.0 products planned for mid-2007Official ratification date is Sep 08,Draft 2.0 spec.moved to Letter Ballot,Letter Ballot passes,Jan2007,Mar,Jun,WFA begins draft 2.0 inter-op,Draft 2.0 products available in the market,Aug,Sep2008,IEEE802.11nstandardratified,Ratified 802.11n products available(
19、assumes no major changes in standard),Oct,Oct2010,2 years into a 4 year laptop refresh cycle(50%of users have 802.11n),802.11n的特点,Better overall end-user experience for high bandwidth data,voice and video applications5x higher throughputMore reliable and predictable coverageBackwards compatibility w
20、ith 802.11a/b/g clientsClients will co-exist for a long time,Primary 802.11n Components,Multiple Input Multiple Output(MIMO)Maximal Ratio Combining(MRC)Beam formingSpatial multiplexing,40 MHz ChannelsTwo adjacent 20 MHz channels are combined to create a single 40 MHz channel,Improved MAC EfficiencyP
21、acket aggregation multiple packets aggregated in a single transmissionBlock Acknowledgements,各类天线的无线特性,WLAN无线应用与标准,议题,无线运营部署及案例分享,WLAN无线网络架构与关键技术,思科统一无线网络解决方案,WLAN网络架构,Autonomous Architecture,胖AP架构Centralized WLAN Architecture,瘦AP架构,可细分三种架构(a)Local MAC(b)Split MAC(c)Remote MAC“Distributed Mesh Archi
22、tecture,分布式网状架构,802.11 WLAN Architecture I:Autonomous AP,STA 1,STA2,AP,STA 3,STA 4,AP,External Network,Autonomous(standalone)AP:“胖”、独立的AP独立工作,每个AP均包含绝大部分、甚至全部WLAN功能各AP独立RF管理,802.11 WLAN Architecture II:AP+AC(Access Controller),STA 1,STA2,AP,STA 3,STA 4,AP,External Network,AP,Access Controller(AC),“A
23、P+AC”共同完成 WLAN功能AC的优势:集中控制centralized controller(s)=便于管理大规模网络网络侧可见network wide visibility=便于网络功能协调挑战:没有AP-AC分离的标准=没有兼容性,关键问题:WALN功能如何在AP和AC之间进行分离?AP和AC之间的相互协议?,802.11 WLAN Architecture II:AP 和AC功能分离模式,Split MAC模式的功能划分,Controller,Access Points,Security PoliciesQoS PoliciesRF ManagementMobility Manage
24、ment,Remote RF interface,LWAPP,Switch/RoutedNetwork,Split MAC,Split the functionality between AP and controllerAP802.11 beacons,probe response,auth(if open)802.11 control packet ack&retransmission(latency)802.11e frame queuing&pkt prioritization(Access to RF)802.11i Encryption in AP(for now)Controll
25、er802.11 MAC Mgmt(re)association requests&action frames802.11 data encapsulate and sent to AP802.11e Resource Reservation control protocol carried to AP in 802.11 mgmt frames signaling done in the controller.802.11i Authentication&Key exchange,802.11 WLAN Architecture III:Wireless Mesh-无线网状网,Wireles
26、s Mesh-无线网状网最早需求产生于:军队的作战单位之间(如坦克,舰船,单兵)在战场上灵活组网的通讯需求目前主要适用于:各行业的 室外环境的大规模组网-无线园区,无线城市等等采用5.8GHz作为无线回传(Backhaul),2.4GHz实现无线客户端接入服务或采用单频同时支持接入和回传的方案,主要优势 Self-Configuring,Self-Healing Mesh,Dynamic 支持无线连接拓扑变化下,节点之间快速收敛的高效路由自动优化:self optimization-to make optimum use of the available links and link capa
27、city;路由算法必须考虑 可用的无线链路上面的特征,如信号强度、干扰等Easy to Deploy and Manage,Highly Scalable通常具备集中控制的设备/机制,从而增强安全性和可管理性,802.11 安全问题,Shared media like a network hubRequires data privacy encryptionOver the air-cannot effectively restrict layer 2 accessDealing with rogue clientsCan access network without physical pre
28、sence in buildingRequires authenticationOnce you connect to wireless,you are an“insider”on the networkTake care to prevent DoS,attacks on other clients tooDealing with rogue serversPrevent clients from connecting to rogue serversDisallow their participation on your network,常用的安全方法,Closed networkSSID
29、 can be captured with passive monitoringMAC filteringMACs can be sniffed/spoofedWEPCan be cracked online/offline given enough traffic&timeChange keys frequentlyTraffic can still be decrypted offlinePlace APs on DMZRequires VPN access to get back into networkUse VPNDoesnt handle roamingAuthentication
30、 portalExample:NocatMore stuff to configureWPA and/or EAP,无线用户关联认证方式,Open systems authenticationShared key authenticationEAP/802.1x,802.11 Open systems authentication,802.11 Shared key authentication,EAP/802.1x authentication,无线安全加密标准,Wired Equivalent Privacy(WEP)WiFi Protected Access(WPA)802.11i/WP
31、A2,Wired Equivalent Privacy(WEP),Part of 802.11 specification64-bit keyShared key 40 bitsInitialization vector(IV)=24 bitsUses RC4 for encryptionWeaknesses/attacksFMS key recovery attack weak IVsFilter weak IVs to mitigateIV too short,gets reused after 5 hoursIP redirection,MITM attacksTraffic injec
32、tion attacksBit-flip attacksWEP2 added,increases key length to 128 bits,WiFi Protected Access(WPA),Developed to replace WEP,improve authCSoftware upgrade to existing hardwareForward-compatible with 802.11iEncryption key management:TKIPDoubled IV to 48-bitsBetter protection from replay&IV collision a
33、ttacksPer-packet keying(PPK)Protects against key-recovery attacks(AirSnort)Broadcast key rotation,Message integrity:MichaelProtects against forgery attacksAuthentication:802.1x and EAPMutual authenticationSo you dont join rogue networks and give up your credentials,IEEE 802.11i/WPA2,802.11i is an IE
34、EE 802.11 subcommittee responsible for WLAN Security ImprovementsKey Components of IEEE 802.11i DRAFT standard are:EAP/802.1x framework based User AuthenticationTKIP:Mitigate RC4 key scheduling vulnerability and active attack vulnerabilitiesIV Expansion:48-bit IVsKey Management:Isolate Encryption ke
35、y management from user authenticationAES:Long term replacement protocol for RC4(WEP)WPA is the Wi-Fi Alliance(WFA)inclusion of 802.11i Security RecommendationsOfficial announcement from IEEE http:/standards.ieee.org/announcements/pr_80211iv1.html,WEP vs.WPA vs.WPA2,WLAN QoS 需要,WLAN is a scarce resou
36、rce unlike wired LANLower throughput capacity than many other network hopsUsers share the medium and can affect each otherQoS allows different applications to coexist better on the networkProvide different access to match the demands of different applicationsQoS can prioritize some users over others
37、,WLAN QoS:Wi-Fi Multimedia(WMM),What is WMM?Allows Diff-serv QoS by creating 4 priority queues,called Access CategoriesThe Access Categories access the channel using a protocol called EDCA,an enhancement of the existing DCF,WMM AC Timing,Roaming漫游,不同的网络架构,不同的漫游切换Autonomous ArchitectureAP之间Centralize
38、d WLAN ArchitectureAP之间Controller之间Mobile IP,WLAN无线应用与标准,议题,无线运营部署及案例分享,WLAN无线网络架构与关键技术,思科统一无线网络解决方案,过去:无互相协调能力的分布式无线网络架构,每个AP都从自己的角度看待网络 就象一个独立工作的无线单元无层次化的 RF 或网络视图非常难以管理,今天:Cisco一体化无线网络 端到端思科统一无线网络,无线终端,1300,1240AG,3200,1500,1240AG,1230AG,1300,1400,1130AG,1000,1121BG,无线接入层,4400,2100,WiSM,Catalyst
39、3750G Integrated WLC Switch,Integrated Services Routers WLCM,无线控制层,WCS,无线管理层,无线网络增值层,2700 Wireless Location Appliance,双模电话、WiFi电话;资产管理;访客接入能力;位置服务;基于用户/位置的的个性化服务;无线入侵检测系统等等,智能的、世界领先的的统一网管系统,便于扩展,方便可靠,便于部署,丰富的一体化的无线控制器包括集成在路由交换产品中的无线控制模块;独立的无线控制模块;,丰富的统一的适用于各种场景的无线接入点;超过65%的无线市场占有率;零配置管理,即插即用,超过90%的终
40、端支持CCX计划,并且思科提供在各种应用场合的接入终端,包括个人手持、工业级手持设备、固定数字仪表、无线摄像头或者车载接入设备等等,网络增值服务,网络管理,网络控制器,无线接入点,无线终端,WiFi/Dual Mode Phone,思科统一无线网络架构,思科统一无线网络的设计和部署,HA core,Data Center,WAN&InternetAccess,ACS,WCS,LocationAppliance,WLC,WLC,WLC,核心网络High Availability Redundancy Hardware ForwardingWS-C6509-E-WISMWS-C6504-E-WIS
41、M,汇聚层网络High AvailabilityHardware ForwardingClassificationNetflow StatisticsWS-C6509-E-WISMWS-C6504-E-WISM,接入层网络802.3af PoEQoS ClassificationWS-C3750G-24WS-S50,无线接入点Classified as Information Assurance DeviceWPAv2 WiFi Certified802.11a/b/g WiFi CertifiedFIPS 140-2 Certified 802.11i encryptionCommon Cr
42、iteria CertificationSimultaneous Wireless IDS/IPS and Client AccessAIR-AP1010-C-K9AIR-LAP1131AG-C-K9,无线控制器FIPS140-2 CertificationCommon Criteria CertificationRedundant Connection to DistributionSeamless Layer 3 MobilityWireless Intrusion DetectionWireless Intrusion PreventionAIR-WLC4404-100-K9,冗余的无线
43、控制器 N+1 Redundancy for High Availability,AAA RADIUS服务器FIPS 140-2 Certification Secure Client AuthenticationAAA proxyCommon Criteria Certification,WCS无线网络管理Enterprise Wireless Network Management Enterprise Wireless ConfigurationWireless Intrusion Detection,实时定位服务器 Asset TrackingRogue AP and Rogue Cli
44、ent TrackingCommon Criteria Certification,无线客户端Standards based WPAv2 802.11i FIPS 140-2 Certified ClientEAP-TLS 802.1x Supplicant,安全管理,RF管理(规划工具),容量管理,移动/VPN,AP,位置跟踪,思科WLAN控制器,交换/路由网络,采用集中式部署系统架构 承接 移动通信网络的系统模型 全面了解无线网络状况,集中管理控制,降低管理运营维护成本;访问,控制,和流量转发功能分离以确保可靠、升级的无线网络.,集中化的控制管理模式,统一无线网络系统:WLAN 服务转发实
45、时射频管理加密/认证入侵保护本地定位跟踪容量管理无缝移动客户访问集中管理动态控制,无线资源管理实时RF管理及关键任务不间断的保证,RF信道“2”,RF信道“1”,RF信道“3”,动态信道分配,动态功率调整,实时RF管理,控制器故障切换,AP故障切换,电信级别的可靠性,无线终端-思科兼容扩展客户进步标准,http:/,特性可兼容超过300种设备,市场上90的终端与思科兼容标准化构架良好的安全、移动和性能,优点:促进创新支持不同企业的应用兼容不同厂商,客户端设备,特性:最佳的工业扩展性和吞吐量企业级安全性灵活的配置选项实时的无线网监控和流量传输室外的广域网,优点:零接触管理自动化无线监测设备支持所
46、有部署策略(室内和室外)从安全覆盖到高级服务,移动平台,无线接入点-移动接入的可靠平台,室内接入点,1130AG,1000,室内坚固型接入点,1500,1240AG,1230AG,室外接入点/网桥,1400,1300,AP的选型考虑,纯室内环境,比如写字楼、办公室、家庭环境,可以考虑选用 Aironet 1010/1020/1100/1200/1130AG/1230AG/1240AG比较恶劣的室内环境,比如工厂车间、仓库、大卖场等,可以考虑选用Aironet 1230AG/1240AG/1300纯室外环境,包括公共室外区域、例如货场等,可以考虑选用Aironet 1300(纯室外产品)/124
47、0AG(非纯室外产品,需外加NEMA4、IP66的防护箱,有时需要加热器)大范围室外部署,无光纤资源回传,可以考虑选用Aironet 1500室外桥接的场景采用Aironet 1300/1400车载环境采用MAR 3200/Aironet 1300/1240AG,优点:每Cat 6K机架最多提供1200个接入点为大企业及其分支机构、学校、中小企业及其分支机构提供高的性价比数据、语音和视频的理想平台 有线通信和无线通信的集成,无线网络控制器 有线和无线一体化,特性:企业级扩展性和可靠性实时RF管理多层次安全移动性管理独立和集成选项,网络统一平台,无线局域网控制器,4400,Catalyst 65
48、00 系列无线业务模块(WiSM),2100,WiSM,交换路由平台,内置于集成业务路由器,内置于Catalyst 3750 交换机,AP与Controller选型考虑 室内环境,企业级大型网络(100个以上室内AP)的场景采用与Cat6500集成的WiSM+LAP1010/1020/1130AG/1240AG企业级中型网络(100个以内室内AP)的场景采用独立的无线控制器4400+LAP1010/1020/1130AG/1240AG企业级中小型网络(25-50个以内室内AP)并且有楼层接入交换机的场景采用集成的无线控制器3750G+LAP1010/1020/1130AG/1240AG企业级小
49、型网络(3-6个室内AP)的场景采用独立的无线控制器2006或者集成在Cisco 2800/3800上的无线控制器模块WLCM+LAP1010/1020/1130AG/1240AG有许多远程分支机构的企业,在远程分支机构配置支持H-REAP功能的1130AG/1240AG,AP与Controller选型考虑 室外环境,室外大型网络并且覆盖区域无光纤资源(100个以上AP)的场景采用与Cat6500集成的WiSM+LAP1510室外中型网络并且覆盖区域无光纤资源(100个以内AP)的场景采用独立的无线控制器4400+LAP1510室外大型网络但覆盖区域有光纤资源(100个以上AP)的场景采用与C
50、at6500集成的WiSM+LAP1310/1510室外中型网络但覆盖区域有光纤资源(100个以内AP)的场景采用独立的无线控制器4400+LAP1310/1500,Cisco MESH动态,智能的网状网络思科将路由领域的领先地位扩展到无线领域,可扩展的网络智能、自恢复的网络适应无线路径协议(AWPP)思科AWPP 属于 IEEE 802.11s 委员会制订的协议AWPP 定义了到根的最佳路径,注:AWPP 使用“父设备粘性”值来消除路由振荡,思科无线局域网控制器,根接入点“RAP”,网状接入点“MAP”,思科无线控制系统,无线网状网管理系统实现网络级策略配置和设备管理支持SNMP 和系统日志
