Ethernet Technology Encyclopedia (VI)

Wireless local Area Network

Wireless local Area network (WLAN) technology is one of the most promising network technologies in the new century. After recent years of development, wireless local area technology has become increasingly mature, the application is increasingly widespread, lower prices and mature products to promote wireless LAN technology from the application into the mainstream application.

Hot Spot-New standard

1997, the development of IEEE 802.11 Wireless LAN standard is a milestone of wireless network technology. The promulgation of the wireless local area network has been widely accepted by the users in all kinds of environments with mobile internet access requirements. 802.11B is 802.11 expansion, the provision of 2.4GHz band, transmission rate can be based on the application environment and other transmission factors from 11Mbps automatically to 5.5Mbps, or according to the direct sequence spread spectrum technology to the 2Mbps and 1Mbps, to ensure the normal operation of the equipment. 802.11A expands the physical layer on the basis of 802.11, stipulates that the layer uses the 5GHz frequency band, uses the orthogonal frequency division modulation data, the transmission rate range is 6mbps~54mbps, can satisfy the indoor application, but can satisfy the outdoor application. The newly introduced 802.11g and 802.11b operating bands are the same, are running in 2.4GHz, and both are fully compatible, in the transmission rate has been improved, can reach 22Mbps, even 54Mbps.

To improve the service quality of WLAN, IEEE has introduced many new standards. 802.1H aims to explore the consistency between 802.11A and European HiperLAN2 standards, focusing on dynamic frequency selection (Dynamics frequency selection) and transmission power controls (transmit control) 802.11E is designed to improve and manage quality of service and provide tiered services, and 802.11f is dedicated to the development of internal access point communications (Inter access points communication).

Focus-Security

The security of WLAN is always a focus. Wireless network propagation data may be covered by a region that exceeds the physical control of an organization, and there is the possibility of electronic disruption (or interference). Currently, more security mechanisms are emerging and evolving beyond the basic WEP security mechanism.

Wep

By implementing WEP, it is possible to use shared key authentication to authenticate identities through shared secret WEP encryption key information without requiring a public transport key. Broadcast and multicast messages are generally unencrypted.

SSID (Service Group identifier)

It is the name of a wireless network unit. This information is carried in each of the management frames used to establish the association. A terminal can only be associated with one access point at a time, while an access point can be associated with multiple terminals. The association is initiated by the terminal.

RADIUS Certification

It is a security method that provides authentication information in the process of authentication. People use authentication information in the form of a user's wireless MAC address to approve or deny access to the network. An access point acts as a radius user, collecting user authentication information and transferring that information to a specified RADIUS server. The role of a RADIUS server is to receive various connection requests from the user, the second is to process various requests to authenticate the user, and the third is to respond to the access point by providing the user with the information necessary for the service.

Protocol and address filtering

It configures the access point as a "non" forwarding specific protocol on the wireless network, which denies access to the wired LAN based on the MAC address (the rejected address), and optionally permits access to the wired LAN based on the MAC address.

SNMPv3

Only on the SNMPV3 can encrypt the data and enable the Administrator to identify the password, secret password, authentication and secret password to set.

802.1x

Within the IEEE 802.11 Wireless Standards Board, the integration of the various security technologies specified in the IEEE 802.1x (Port-based network access control) is starting to work. The purpose of these efforts is to provide authentication capabilities on a variety of switched LAN ports and to provide secure access to various enterprise LANs. These technologies also include authentication and authentication, key management and other authentication and security precautions, such as 802.11i, which will improve security and authentication mechanisms.

PPP Extended authentication Protocol (EAP)

EAP is a universal protocol for PPP authentication, which supports multiple authentication mechanisms. EAP does not select a specific authentication mechanism in the link control phase, but defers this choice to the authentication phase. This allows the authenticator to obtain more information before determining the specific authentication mechanism.

Quick Reset Key (Rapid re-keying)

Based on IEEE 802.1X protocol, this protocol includes user authentication and various WEP key distribution features. The quick Reset key also uses IEEE 802.1x's periodic reset key selection, which periodically generates new, high-quality, pseudo-random, fragmented WEP key pairs at the access point. The fast reset key uses 802.1X to periodically transmit these keys to the relevant users, which requires the 802.1X EAP-TLS (Extended authentication Protocol-Transport Layer Security) authentication method.
Vpn

Wireless users are also VPN users, which create encrypted tunnels for VPN gateways and policy servers. This makes the wireless connection unique to VPN security.

WPA

This is the latest Wireless LAN Security program announced by the Wi-Fi Alliance October 31, based on an IEEE standard job called Wi-Fi Protected Access (WPA). WPA has two main content, one is to replace WEP, design a better encryption system TKIP, the other is based on the 802.1X standard user identity authentication system. Tkip is one of the two encryption standards for the next 802.11i, and the new US government AES, the Advanced Encryption Standard, but the latter can only run on future Wi-Fi hardware.

As for WPA's identity authentication system, it provides more secure access protection for WLANs. When a user accesses a WLAN, he or she can only communicate with a wireless access point that sends a user's access request to a specific registered server. Only when the server confirms the user's certificate-the username plus the password, biometric information (such as fingerprints), or smart card recognition – will the user be able to access the entire network.

At present, the new standard has not been put into use. The Wi-Fi Alliance predicts that the first WPA software may not be available for download until the end of next year. By the end of next year, the standard will become a mandatory standard for Wi-Fi certification. (Computer science)