WEBVTT 0:00:03.280000 --> 0:00:06.220000 Hello and welcome this video where I'm going to go into a little bit more 0:00:06.220000 --> 0:00:09.340000 detail about some wireless LAN architectures and we're going to start 0:00:09.340000 --> 0:00:12.660000 with autonomous wireless LAN architectures. 0:00:12.660000 --> 0:00:16.360000 What is that and why would you use it and some of the challenges you would 0:00:16.360000 --> 0:00:19.860000 have around an autonomous architecture. 0:00:19.860000 --> 0:00:22.500000 So an autonomous architecture simply means that you are using autonomous 0:00:22.500000 --> 0:00:27.100000 access points. Remember another word for that is a standalone access point. 0:00:27.100000 --> 0:00:30.480000 An access point that has its own go, its own command line, you must log 0:00:30.480000 --> 0:00:34.280000 into it to configure and manage it. 0:00:34.280000 --> 0:00:38.880000 Now an autonomous access point does certainly have the ability to advertise 0:00:38.880000 --> 0:00:41.200000 one or more wireless LANs. 0:00:41.200000 --> 0:00:44.420000 It can do that which equals one or more SSIDs. 0:00:44.420000 --> 0:00:48.660000 Typically each SSID would be assigned its own unique VLAN number because 0:00:48.660000 --> 0:00:55.140000 ultimately when people connect to the access point on that SSID, 99.999 0:00:55.140000 --> 0:00:59.300000 % of the time their goal is to get onto the wired LAN. 0:00:59.300000 --> 0:01:03.320000 So they're just using the Wi-Fi as a bridge to get onto the wired LAN. 0:01:03.320000 --> 0:01:08.380000 So you'll have different SSIDs like maybe one SSID for engineering, another 0:01:08.380000 --> 0:01:12.180000 SSID for payroll and just like if they were on wired LANs, if those two 0:01:12.180000 --> 0:01:19.680000 groups of users were on different wired LANs you'd have them in different 0:01:19.680000 --> 0:01:22.820000 IP subnets. So the same thing is going to be true here. 0:01:22.820000 --> 0:01:25.800000 Each one is going to connect to a different SSID and then on the back 0:01:25.800000 --> 0:01:31.000000 end their traffic will be tagged with .1Q tags as it leaves the access 0:01:31.000000 --> 0:01:32.900000 point onto the different VLANs. 0:01:32.900000 --> 0:01:40.140000 So within a single access point multiple SSIDs typically share a single 0:01:40.140000 --> 0:01:45.520000 RF channel. So that's why when you open up your wireless settings and 0:01:45.520000 --> 0:01:50.080000 you scan for available networks, chances are all those you can see two 0:01:50.080000 --> 0:01:55.140000 or three networks on the exact same channel like within a 2.4 gigahertz 0:01:55.140000 --> 0:01:58.680000 space with a five gigahertz space that are being advertised by the exact 0:01:58.680000 --> 0:02:00.760000 same access point. 0:02:00.760000 --> 0:02:07.760000 RF contention exists whether the AP is advertising one or several SSIDs. 0:02:07.760000 --> 0:02:12.080000 Remember I said that all but the absolute most modern Wi-Fi standards 0:02:12.080000 --> 0:02:15.240000 that have just come out in the last few months have always for the last 0:02:15.240000 --> 0:02:19.120000 couple of decades been designed around the idea that only one person can 0:02:19.120000 --> 0:02:24.020000 talk at a time. Contention means two or more devices are trying to access 0:02:24.020000 --> 0:02:27.200000 the Wi-Fi media at the same time. 0:02:27.200000 --> 0:02:34.780000 So if I have a Wi-Fi access point that is advertising let's just say two 0:02:34.780000 --> 0:02:38.240000 SSIDs, guest and corporate. 0:02:38.240000 --> 0:02:42.180000 Both those SSIDs are going to be on the exact same channel. 0:02:42.180000 --> 0:02:43.520000 They're not going to be on different channels. 0:02:43.520000 --> 0:02:45.580000 They're going to be on like channel one or they're both going to be on 0:02:45.580000 --> 0:02:51.940000 channel six. So if somebody on the guest SSID is talking not only do all 0:02:51.940000 --> 0:02:55.500000 the other guests people have to be quiet the corporate people have to 0:02:55.500000 --> 0:02:58.060000 be quiet because they're all in the same channel they can all hear each 0:02:58.060000 --> 0:03:03.100000 other. Now typically speaking those SSIDs one thing they have that's different 0:03:03.100000 --> 0:03:05.000000 is their encryption. 0:03:05.000000 --> 0:03:08.120000 So the people that are on the guest network might not have any encryption 0:03:08.120000 --> 0:03:12.480000 at all whereas the people on the corporate network are encrypted so they're 0:03:12.480000 --> 0:03:15.100000 not necessarily going to be able to read each other's data but they'll 0:03:15.100000 --> 0:03:18.780000 still be able to hear the RF energy that's being broadcast when someone's 0:03:18.780000 --> 0:03:24.180000 talking and they'll have to be quiet because of that. 0:03:24.180000 --> 0:03:27.340000 And typically a separate management VLAN is utilized for placement of 0:03:27.340000 --> 0:03:30.180000 the access points IP address. 0:03:30.180000 --> 0:03:32.260000 So what are some challenges? 0:03:32.260000 --> 0:03:36.100000 So number one what decisions are made by the access point if we're talking 0:03:36.100000 --> 0:03:38.840000 about a standalone or autonomous access point? 0:03:38.840000 --> 0:03:42.560000 Well number one the access point itself you know through your configuration 0:03:42.560000 --> 0:03:46.180000 will decide which RF channel to use. 0:03:46.180000 --> 0:03:50.600000 Do you want that SSID to be advertised on the 2.4 gigahertz spectrum the 0:03:50.600000 --> 0:03:55.040000 five gigahertz radio both it's completely up to you. 0:03:55.040000 --> 0:03:58.180000 How to authenticate clients you know what security and mechanism do you 0:03:58.180000 --> 0:04:03.380000 want on each individual SSID to authenticate your clients? 0:04:03.380000 --> 0:04:07.620000 How or if you're going to implement quality of service are you going to 0:04:07.620000 --> 0:04:13.720000 do that? Segmenting traffic in a different VLANs so all of that is controlled 0:04:13.720000 --> 0:04:17.120000 by the access point itself you would have to get into the GUI or the command 0:04:17.120000 --> 0:04:21.060000 line and set all that stuff up and then that access point is in charge 0:04:21.060000 --> 0:04:24.260000 of enforcing all those things that you've configured. 0:04:24.260000 --> 0:04:28.480000 Now there are some definite challenges with this architecture. 0:04:28.480000 --> 0:04:33.980000 Number one additions of new SSIDs must be created one by one if I have 0:04:33.980000 --> 0:04:38.800000 a company of like 20 access points and each one is advertising corporate 0:04:38.800000 --> 0:04:44.720000 and guest and then later on I decide oh I want to add a third SSID of 0:04:44.720000 --> 0:04:49.660000 executives. Well I'd have to go I'd have to connect to the command line 0:04:49.660000 --> 0:04:54.820000 of each one of those access points one by one and add that new SSID and 0:04:54.820000 --> 0:04:59.620000 configure it the same across the board so it's not very scalable. 0:04:59.620000 --> 0:05:03.940000 So basically any changes to the configuration of them have to be done 0:05:03.940000 --> 0:05:07.360000 one by one security QS policies. 0:05:07.360000 --> 0:05:11.560000 So standardization across the entire corporate wireless LAN is difficult 0:05:11.560000 --> 0:05:19.760000 to maintain and detection and mitigation of rogue access points is difficult. 0:05:19.760000 --> 0:05:27.680000 So here you can see a situation where we have three access points each 0:05:27.680000 --> 0:05:31.060000 access point is operating on a different channel so we have followed the 0:05:31.060000 --> 0:05:34.540000 rule about non-overlapping channels we got channel one six and eleven 0:05:34.540000 --> 0:05:47.040000 and each access point is so that concludes this brief review of autonomous 0:05:47.040000 --> 0:05:49.440000 access point architectures.