David Coleman would also like to thank Abby Strong and all his colleagues at Aerohive Networks (www.aerohive.com). We would also like to thank Brad Crump, Tom Carpenter, and Julia Baldini of the CWNP program (www.cwnp.com).

Overview of Wireless Standards, Organizations,

Radio Frequency Components,

Wireless Networks and

Wireless Attacks, Intrusion

MSDU 645 MPDU 646

MPDU 677

From the launch of the first MacBook Air in 2008, everything connected mainly through Wi-Fi. Instrumenting everything will unleash a flood of data, and tomorrow's Wi-Fi networks must handle that data seamlessly.

About CWNA ® and CWNP ®

CWNA certification is one way to demonstrate that you have the knowledge and skills to support this growing industry. CWNE: Certified Wireless Network Professional The CWNE certification is the highest level of certification in the CWNP program.

How to Become a CWNA

CWNT: Certified Wireless Network Trainer Certifi ed Wireless Network Trainers are qualified instructors certified by the CWNP program to deliver CWNP training courses to IT professionals. You will need to log into the CWNP tracking system, verify your contact information and request your certification kit.

Who Should Buy This Book?

How to Use This Book and the Companion Website

In addition to the assessment test and chapter review questions, you will find three bonus exams. White Papers Several chapters in this book refer to wireless networking white papers available at the referenced websites.

CWNA Exam (CWNA-106) Objectives

Use the testing engine to take these practice exams as if you were taking the real exam (without reference materials). Labs and Exercises Several chapters in this book contain labs using software, spreadsheets, and videos that are also on the book's website (www.sybex.com/go/.cwna4e).

Radio Frequency (RF) Technologies—21%

RF Fundamentals

Explain the applications of physical RF antennas and antenna system types and identify their basic characteristics, purpose and function.

IEEE 802.11 Regulations and Standards—17%

Spread Spectrum Technologies

Identify, explain, and apply the frame types and frame exchange sequences covered by the IEEE standard. Understand the IEEE standards creation and ratification process and identify standard IEEE naming conventions.

IEEE 802.11 Protocols and Devices—17%

IEEE 802.11 Protocol Architecture

Identify the roles of the following organizations in providing direction, cohesion, and accountability in the WLAN industry.

IEEE 802.11 MAC and PHY Layer Technologies

WLAN Infrastructure and Client Devices

IEEE 802.11 Network Implementation—25%

WLAN Architectures - Configuration, Installation and Management

Define, describe and implement autonomous APs with network connectivity and shared features including control, management and data plans. Define, describe and implement distributed and controllerless WLAN architectures with network connectivity and shared features including control, management and data plan.

WLAN Access and Deployment Technologies

IEEE 802.11 Network Security—8%

IEEE 802.11 Network Security Architecture

IEEE 802.11 RF Site Surveying—12%

IEEE 802.11 Network Site Survey Fundamentals

Describe, explain, and illustrate relevant applications for the following wireless security solutions from a monitoring, containment, and reporting perspective. Describe site survey reporting and follow-up procedures for manual and predictive RF site surveys.

CWNA Exam Terminology

Identify the equipment, applications and methodologies involved in self-management of RF technologies (automated RF resource management).

CWNP Authorized Materials Use Policy

Candidates will be required to declare that they understand and have adhered to this policy at the time of exam submission.

Tips for Taking the CWNA Exam

CWNA: The Official Study Guide for the Certified Wireless Network Administrator, Fourth Edition has been written to cover each CWNA-106 exam objective at a level appropriate to its exam weight.

Radio Frequency (RF) Technologies

IEEE 802.11 Regulations and Standards

Identify the basic operating concepts of spread spectrum technology, including modulation and coding. Identify, explain, and apply the basic frame types and frame exchange sequences covered by the IEEE standard.

IEEE 802.11 Protocols and Devices

IEEE 802.11 Network Implementation

Define, describe, and implement autonomous APs with network connectivity and common features, including control, management, and data planes. Define, describe, and implement a WNMS that manages APs and WLAN controllers with network connectivity and common features, including control, management, and data planes.

IEEE 802.11 Network Security

IEEE 802.11 RF Site Surveying

• Network C. Physical
• Which Wi-Fi Alliance certification defines the mechanism for conserving battery life that is critical for handheld devices such as bar code scanners and VoWiFi phones?
• Which of these frequencies has the longest wavelength?
• Which of these terms can best be used to compare the relationship between two radio waves that share the same frequency?
• Multipath B. Multiplexing
• dBi is an expression of what type of measurement?
• Access point gain B. Received power
• What are some possible effects of voltage standing wave ratio (VSWR)? (Choose all that apply.)
• When installing a higher-gain omnidirectional antenna, which of the following occurs?
• The horizontal coverage increases
• The horizontal coverage decreases
• The vertical coverage increases
• The vertical coverage decreases
• Which IEEE 802.11 amendment specifies the use of up to eight spatial streams of modu- lated data bits?
• What signal characteristics are common in spread spectrum signaling methods?
• A service set identifier is often synonymous with which of the following?
• IBSS B. ESSID
• Which ESS design scenario is defined by the IEEE 802.11-2012 standard?
• Two or more access points with overlapping coverage cells
• Two or more access points with overlapping disjointed coverage cells C. One access point with a single BSA
• Two basic service sets connected by a DS with co-located coverage cells E. None of the above
• What CSMA/CA conditions must be met before an 802.11 radio can transmit? (Choose all that apply.)
• The NAV timer must be equal to zero
• The random backoff timer must have expired
• The CCA must be idle
• The proper interframe space must have occurred
• The access point must be in PCF mode
• Beacon management frames contain which of the following information? (Choose all that apply.)
• Traffic indication map (TIM) E. Vendor proprietary information
• Spread spectrum parameter sets
• Because of high RF noise levels, some of the stations have automatically enabled RTS/CTS
• An AP was manually configured with a low RTS/CTS threshold
• A nearby 802.11 FHSS radio is causing some of the nodes to enable a protection mechanism
• The network is a mixed-mode environment
• What is another name for an 802.11 data frame that is also known as a PSDU?
• PPDU B. MSDU
• Which WLAN device uses dynamic layer 2 routing protocols?
• What term best describes the bulk of the data generated on the Internet being created by sensors, monitors, and machines?
• Wearables
• Software as a service (SaaS) E. Internet of Things (IoT)
• Retail
• Manufacturing C. Education
• What term best describes how Wi-Fi can be used to identify customer behavior and shop- ping trends?
• The hidden node problem occurs when one client station’s transmissions are not heard by some of the other client stations in the coverage area of a basic service set (BSS). What
• Intersymbol interference (ISI) C. Collisions
• Multiplexing
• Which of these solutions would be considered strong WLAN security?
• Which security standard defines port-based access control?
• Which is the best tool for detecting an RF jamming denial-of-service attack? (Choose all that apply.)
• Time-domain analysis software B. Layer 2 distributed WIPS
• Which of these attacks can be detected by a wireless intrusion detection system (WIDS)?
• Rogue ad hoc network D. Association flood
• You have been hired by the XYZ Company based in the United States for a wireless site survey. What government agencies need to be informed before a tower is installed of a
• RF regulatory authority B. Local municipality
• Nearby OFDM (802.11a) WLAN C. FM radio
• DSSS access point E. Bluetooth
• Nearby HT (802.11n) WLAN
• Which of these measurements are taken for indoor coverage analysis? (Choose all that apply.)
• Many 802.11ac enterprise access points require 802.3at power to be fully functional
• MIMO radio chains B. 80 MHz channel capability
• What must a powered device (PD) do to be considered PoE compliant (IEEE 802.3-2005 Clause 33)? (Choose all that apply.)
• Be able to accept power in either of two ways (through the data lines or unused pairs)
• Reply with a classification signature
• Reply with a 35 ohm detection signature
• Reply with a 25 ohm detection signature
• Receive 30 watts of power from the power sourcing equipment
• What are some of the methods used to reduce MAC layer overhead as defined by the 802.11n-2009 amendment? (Choose all that apply.)
• How many modulation and coding schemes (MCS) are defined by the 802.11ac-2013 amendment?
• What capabilities defined by the 802.11n-2009 amendment are no longer defined by the 802.11ac-2013 amendment? (Choose all that apply.)
• SIFS
• E. 40 MHz channels
• Certificates D. Web clips
• WLAN vendors have begun to offer the capability for guest users to log in to a guest WLAN with preexisting social media credentials, such as Facebook or Twitter usernames
• Kerberos B. RADIUS

What are some of the methods used to reduce MAC layer overhead as defined by the 802.11n-2009 amendment. High-throughput technology (HT) is defined by the IEEE 802.11n-2009 amendment and is frequency independent.

1 Wireless Standards, Organizations, and

IN THIS CHAPTER, YOU WILL LEARN ABOUT THE FOLLOWING

Wi-Fi is a marketing term recognized by millions of people worldwide as referring to 802.11 wireless networking. The Wi-Fi Alliance performs certification tests to make sure wireless networking equipment meets the 802.11 WLAN communication guidelines, which are similar to the IEEE standard.

Federal Communications Commission

International Telecommunication Union Radiocommunication Sector

When implementing a WLAN, take the time to learn about the rules and policies of your local regulatory domain authority. In addition, the CWNA exam will not reference the FCC RF regulations or regulations specific to any other country.

Institute of Electrical and Electronics Engineers

For example, 802.11x has not been assigned because it is easily confused with the 802.1X standard and because 802.11x has become a common casual reference to the 802.11 family of standards. Unfortunately, this often allows for different interpretations when the standard is implemented, so it is common for early products to be incompatible between vendors, as was the case with some of the early 802.11 products.

Internet Engineering Task Force

The IESG provides technical management of IETF activities and the Internet standards process. Many of the protocol standards, current best practices, and informational documents produced by the IETF affect WLAN security.

Wi-Fi Alliance

Devices must support Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) security mechanisms for personal (WPA2-Personal) or enterprise (WPA2-Enterprise) environments. As 802.11 technology develops, new Wi-Fi CERTIFIED programs will be defined by the Wi-Fi Alliance.

Understanding Carrier Signals

In the following paragraphs, you will discuss some basic communication principles that are directly and indirectly related to wireless communications. Understanding these concepts can help you better understand what's going on with wireless communications and make it easier for you to recognize and identify the terms used in this profession.

Amplitude and Wavelength

Many people in the computer industry understand that, in data communication, bits are transmitted over wires or waves. If you stood in the ocean while the waves came ashore, you would feel the force of a larger wave much more than a smaller one.

Frequency

When measuring a wave, the wavelength is typically measured from the peak of one wave to the peak of the next wave.

Phase

6 This drawing shows two waves that are identical; however, they are 90 degrees out of phase with each other. Both clocks will keep a 24-hour day, but they are not synchronized with each other.

Understanding Keying Methods

Two waves that are out of phase are essentially two waves that were initiated at two different times. Both waves will complete full 360-degree cycles, but they will do so out of phase, or out of sync with each other.

Amplitude-Shift Keying

The receiving station then samples or examines the wave during this symbol period to determine the amplitude of the wave. Depending on the value of the amplitude of the wave, the receiving station can determine the binary value.

Frequency-Shift Keying

The way the receiving station accomplishes this task is to first divide the received signal into periods of time known as symbol periods. Because a change in amplitude due to noise can cause the receiving station to misinterpret the data value, ASK should be used with care.

Phase-Shift Keying

• Core B. Distribution
• Which organization is responsible for enforcing maximum transmit power rules in an unlicensed frequency band?
• IEEE
• IETF
• None of the above
• The 802.11-2012 standard was created by which organization?
• IEEE B. OSI
• What organization ensures interoperability of WLAN products?
• IEEE B. ITU-R
• What type of signal is required to carry data?
• Which keying method is most susceptible to interference from noise?
• FSK B. ASK
• Which sublayer of the OSI model’s Data-Link layer is used for communication between 802.11 radios?
• LLC B. WPA
• The Wi-Fi Alliance is responsible for which of the following certification programs?
• Wavelength
• The IEEE 802.11-2012 standard defines communication mechanisms at which layers of the OSI model? (Choose all that apply.)
• Network B. Physical
• The height or power of a wave is known as what?
• Phase B. Frequency
• Wi-Fi Protected Setup
• What other Wi-Fi Alliance certifications are required before a Wi-Fi radio can also be certi- fied as Voice Enterprise compliant? (Choose all that apply.)
• Which of the following wireless communications parameters and usage are typically gov- erned by a local regulatory authority? (Choose all that apply.)
• Frequency B. Bandwidth
• Maximum transmit power D. Maximum EIRP
• The Wi-Fi Alliance is responsible for which of the following certification programs?
• A wave is divided into degrees. How many degrees make up a complete wave?
• What are the advantages of using unlicensed frequency bands for RF transmissions?
• There are no government regulations
• There is no additional financial cost
• Anyone can use the frequency band
• There are no rules
• The OSI model consists of how many layers?
• Four B. Six

The knowledge center section of the Wi-Fi Alliance website, www.wi-fi.org, is an excellent resource. Understand the roles and responsibilities of the regulatory domain authorities, the IEEE, the IETF, and the Wi-Fi Alliance.

2 Fundamentals

The IEEE defines 802.11 communications at the physical layer and the MAC sublayer of the Data-Link layer. The shape and form of the AC signal—defined as a waveform—is what is known as a sine wave, as shown in Figure 2.2.

Wavelength

A simplified explanation is that the higher the frequency of an RF signal, the shorter the wavelength of that signal. The longer the wavelength of an RF signal, the lower the frequency of that signal will be.

Amplitude

When a radio receives an RF signal, the received signal strength is most often referred to as received amplitude. Depending on the amount of phase separation of two signals, the received signal strength can either be increased or decreased.

Wave Propagation

Absorption

Reflection

Reflection is the main source of poor 802.11a/b/g WLAN performance Reflection can cause serious performance problems in legacy 802.11a/b/g WLANs. If parts of this wave are reflected, new wave fronts will emerge from the reflection points.

Scattering

802.11n and 802.11ac radios use multiple input, multiple output (MIMO) antennas, and advanced digital signal processing (DSP) techniques to take advantage of multipath.

Refraction

In an outdoor environment, RF signals typically refract slightly back toward the Earth's surface. However, changes in the atmosphere can deflect the signal away from Earth.

Diffraction

Most of the flow maintains its original flow; however, some of the current that strikes the rock will be reflected off the rock and some will be diffracted around the rock. Depending on the change in the direction of the diffracted signals, the RF shadow area can become a coverage dead zone or still receive inferior signals.

Loss (Attenuation)

A 2.4 GHz RF signal passing through drywall will attenuate 3 decibels (dB) and lose half of the original amplitude. The extinction coefficient determines how much of a wave is absorbed by a unit length of material.

Table 2.1 is meant as a reference chart and is not information that will be covered on the CWNA exam

Free Space Path Loss

An even simpler way to estimate free space path loss (FSPL) is called the 6 dB rule (remember for now that decibels are a measure of gain or loss, and further details of dB are covered at length in Chapter 3 ). The concept of losing track of free space also applies to road trips in your car.

Multipath

Multipath is one of the leading causes of layer 2 retransmissions that negatively impact the throughput and latency of a legacy 802.11a/b/g WLAN. In this chapter we have focused primarily on the destructive effects that multipath has on older 802.11a/b/g radio transmissions.

Gain (Amplification)

• Upfade
• What term best defines the linear distance traveled in one positive-to-negative-to-positive oscillation of an electromagnetic signal?
• Crest B. Frequency
• RF amplifiers require an outside power source
• Antennas are passive gain amplifiers that focus the energy of a signal
• RF amplifiers passively increase signal strength by focusing the AC current of the signal
• A standard measurement of frequency is called what?
• Hertz B. Milliwatt
• When an RF signal bends around an object, this propagation behavior is known as what?
• Stratification B. Refraction
• Which of the following statements are true? (Choose all that apply.)
• When upfade occurs, the final received signal will be stronger than the original trans- mitted signal
• When downfade occurs, the final received signal will never be stronger than the origi- nal transmitted signal
• When upfade occurs, the final received signal will never be stronger than the original transmitted signal
• When downfade occurs, the final received signal will be stronger than the original transmitted signal
• What is the frequency of an RF signal that cycles 2.4 million times per second?
• What is the best example of a time domain tool that could be used by an RF engineer?
• Oscilloscope B. Spectroscope
• What are some objects or materials that are common causes of reflection? (Choose all that apply.)
• Metal B. Trees
• Diffraction C. Reflection
• Which behavior can be described as an RF signal encountering a chain link fence, causing the signal to bounce into multiple directions?
• Diffraction B. Scatter
• Which 802.11 radio technologies are most impacted by the destructive effects of multipath?
• Which of the following can cause refraction of an RF signal traveling through it? (Choose all that apply.)
• Shift in air temperature B. Change in air pressure
• Smog E. Wind
• Which of the following statements are true about free space path loss? (Choose all that apply.)
• RF signals will attenuate as they travel, despite the lack of attenuation caused by obstructions
• Path loss occurs at a constant linear rate
• Attenuation is caused by obstructions
• Path loss occurs at a logarithmic rate
• What term is used to describe the time differential between a primary signal and a reflected signal arriving at a receiver?
• What is an example of a frequency domain tool that could be used by an RF engineer?
• Using knowledge of RF characteristics and behaviors, which two options should a WLAN engineer be most concerned about during an indoor site survey? (Choose all that apply.)
• Which three properties are interrelated?
• Amplitude, phase, and the speed of sound
• Which RF behavior best describes a signal striking a medium and bending in a different direction?
• Refraction B. Scattering

When the multiple RF signals arrive at a receiver at the same time and are at the primary wave, the result can be the primary signal. Which behavior can be described as an RF signal encountering a chain link fence, causing the signal to bounce in multiple directions. the signal to bounce in various directions.

3 Components,

Measurements, and Mathematics

Some components increase signal power (gain), while other components decrease power (loss). In addition to knowing the function of the components, it is important to understand how the signal strength is specifically affected by each of the components.

Transmitter

In addition to generating a signal at a specific frequency, the transmitter is responsible for determining the original transmission amplitude, or what is more commonly referred to as the power level, of the transmitter. The higher the amplitude of the wave, the more powerful the wave and the further it can be received.

Antenna

The power levels that the transmitter is allowed to generate are determined by local regulatory domain authorities, such as the Federal Communications Commission (FCC) in the United States. Although we explain the transmitter and receiver separately in this chapter, and although they are functionally different components, they generally form one device called a transceiver (transmitter/receiver).

Receiver

Some antennas radiate waves like the lamp without a lens, while others radiate focused waves like the flashlight with a lens. In Chapter 4, “Radio Frequency Signal and Antenna Concepts,” you will learn about the types of antennas and how to use them properly and most effectively.

Intentional Radiator (IR)

Equivalent Isotropically Radiated Power

In the following sections, we will introduce you to a variety of power units and comparison units. Comparison units are often used to measure how much gain or loss occurs due to the insertion of cables or an antenna.

Watt

Milliwatt (mW)

Decibel (dB)

Such a dBd value is the increase in gain of an antenna when compared to the signal of a dipole antenna. If an antenna has a value of 3 dBd, it means that it is 3 dB larger than a dipole antenna.

Inverse Square Law

If you double the distance between the transmitter and the receiver, the received signal will be reduced by 6 dB. This rule also means that if you increase the amplitude by 6 dB, the useful distance will double.

Rule of 10s and 3s

Now all that remains is to calculate the gain of the signal due to the gain from the antenna. It is not always possible to calculate both sides of the chart using the rule of 10s and 3s.

Table 3.1 shows how to calculate all integer dB loss and gain from –10 to +10 by using combinations of just 10s and 3s

RF Math Summary

Even if you don't know the dBm value, you can still perform all the necessary math. The cable and connections result in 3 dB loss, so subtract 3 from the dBm column and divide the mW column by 2.

Table 3.2 provides a quick reference guide comparing the absolute power measurements of milliwatts to the absolute power dBm values.

Noise Floor

Signal-to-Noise Ratio (SNR)

Received Signal Strength Indicator

In the absence of coded RF signals coming from other 802.11 devices, the noise variable could not be used to report the noise floor. Please understand that an 802.11 access point is not your best tool for evaluating the noise floor during a site survey.

Link Budget

The link budget calculations determined that the final received signal is –65.5 dBm, which is well above the reception sensitivity threshold of –80 dBm. There is a buffer of almost 15 dB between the final received signal and the reception sensitivity threshold.

Fade Margin/System Operating Margin

• What RF component is responsible for generating the AC signal?
• Antenna B. Receiver
• A point source that radiates RF signal equally in all directions is known as what?
• Omnidirectional signal generator B. Omnidirectional antenna
• When calculating the link budget and system operating margin of a point-to-point outdoor WLAN bridge link, what factors should be taken into account? (Choose all that apply.)
• The sum of all the components from the transmitter to the antenna, not including the antenna, is known as what? (Choose two.)
• The highest RF signal strength that is transmitted from an antenna is known as what?
• Equivalent isotropically radiated power B. Transmit sensitivity
• Total emitted power D. Antenna radiated power
• Milliwatt C. Decibel
• dBi C. Decibel
• The value cannot be calculated
• A WLAN transmitter that emits a 400 mW signal is connected to a cable with a 9 dB loss
• WLAN vendors use RSSI thresholds to trigger which radio card behaviors? (Choose all that apply.)
• Retransmissions D. Dynamic rate switching
• Received signal strength indicator (RSSI) metrics are used by 802.11 radios to define which RF characteristics?
• Frequency D. Modulation
• dBi is a measure of what?
• The output of the transmitter
• The signal increase caused by the antenna C. The signal increase of the intentional transmitter
• The comparison between an isotropic radiator and the transceiver E. The strength of the intentional radiator
• Which of the following are valid calculations when using the rule of 10s and 3s? (Choose all that apply.)
• For every 3 dB of gain (relative), double the absolute power (mW)
• For every 10 dB of loss (relative), divide the absolute power (mW) by a factor of 2
• For every 10 dB of loss (absolute), divide the relative power (mW) by a factor of 3
• For every 10 mW of loss (relative), multiply the absolute power (dB) by a factor of 10
• For every 10 dB of loss (relative), halve the absolute power (mW)
• For every 10 dB of loss (relative), divide the absolute power (mW) by a factor of 10
• A WLAN transmitter that emits a 100 mW signal is connected to a cable with a 3 dB loss
• In a normal wireless bridged network, the greatest loss of signal is caused by what component?
• To double the distance of a signal, the EIRP must be increased by how many dBs?
• During a site survey of a point-to-point link between buildings at a manufacturing plant, the WLAN engineer determines that the noise floor is extremely high because of all the
• Increase the access points’ transmission amplitude
• Mount the access points higher
• Double the distance of the AP signal with 6 dBi of antenna gain
• Plan for coverage cells with a 5 dB fade margin
• Increase the transmission amplitude of the client radios
• Which value should not be used to compare wireless network cards manufactured by differ- ent WLAN vendors?
• RSSI

It is important to understand how each of the RF components affects the output of the transceiver. When a component is added, removed or modified, the output of the RF communication is changed.

4 Signal and Antenna Concepts

The azimuth map, labeled H plane, shows the top to bottom view of the radiation pattern of the antenna. The elevation map, labeled E-plane, shows the side view of the radiation pattern of the antenna.

Table 4.1 shows the types of antennas that are used in 802.11 communications.

Omnidirectional Antennas

Higher gain omnidirectional antennas are usually made by stacking multiple dipole antennas on top of each other and are known as collinear antennas. High-gain omnidirectional antennas can also be used outdoors to link multiple buildings together in a point-to-multipoint configuration.

Figure 4.9 shows an installation where the gain is too high. The building to the left will be able to communicate, but the building on the right is likely to have problems

Semidirectional Antennas

Planar antennas, on the other hand, can be placed high on the side walls of the building, aimed through the rows of planks. A flat antenna can be placed at the end of the hall and pointed towards the corridor.

Highly Directional Antennas

In high wind environments, mesh antennas are less susceptible to wind stress due to wire spacing and may be a better choice. No matter what type of antenna is installed, the quality of the mount and antenna will have a major impact on reducing wind load.

Sector Antennas

Because of their long distances and narrow beam widths, highly directional antennas are more affected by antenna wind loading, which is antenna movement or drift caused by wind. If a hard plate is used, it is highly recommended that a protective cover known as a radome be used to help offset some of the effects of wind.

Antenna Arrays