802.11b Wireless Networks

802.11 Wireless Networking

Although wireless networking was used extensively by Management Support Teams (MST) under the DHHS during deployment, CAT5 hardwire is strongly urged on future deployments for security reasons. See Security Issues below.

Principally wireless networking is used for two functions. First, to provide access by laptops to printers connected to other laptops. Second, to provide WAN, internet, and email capability. In addition, other government networks can also be tapped by a network connection.
The Office of Emergency Preparedness had been using systems that are compatible with IEEE 802.11b standards. These will work with other manufacture's equipment as long as they are 802.11b compliant. A partial list of some of the manufactures making 802.11b wireless systems is:

Lucent

Siemens

Engenius

Linksys

Cisco

HP

Belkin

D-Link

Castelle

Sony

Netgear

Compaq

Panasonic

Xircom

Multi-Tech

Hawkings

IEEE 802.11b stations operate in the 2.4 GHz band with a throughput of up to 11 Mb/s, and are usually limited to about 150 feet indoors for full bandwidth communications. Slower data rates may be supported up to 450 feet indoors. However, real use show these distances are ideal in nature as we experienced problems in as little distance as 50 feet depending on structures that the signal had to propagate through.

IEEE 802.11g uses the 2.4 GHz band and has a potential higher throughput of up to 54 Mb/s.

IEEE 802.11a uses the 5 GHz band and also has a potential throughput of up to 54 Mb/s. However, the "a" and "g" protocol usually has a minimum baud rate of 6 Mb/s which will not transmit as far as the "b" protocal's 1 Mb/s rate. Using NETGEAR as an example, the maximum distance, outdoors that 802.11a is rated for is 1200 feet, while 802.11b can go a maximum of 1650 feet in the same conditions. Thus we would suggest using the slower 802.11b version for field applications where conditions can not be controled as it may actually transfer data in conditions when the 802.11a version can not. Note! Engenius makes 802.11b hardware that is double the power output, thus have an increased coverage area.

IEEE 802.11b has two basic operational modes demonstrated below. These modes are Ad-Hoc or Access Point, Infrastucture, Managed, etc. Ad-Hoc allows laptops to operate in a peer-to-peer mode and depending on the system can handle 10 or more laptops in a Basic Service Set (BSS). A Basic Service Set or BSS is all the stations that can talk with each other excluding any hardwired networks.
Access Point systems use a special additional station that is usually connected to a hardwired network and acts like a repeater. Access Points may be connected to other Access Points on the network to provide Cells of coverage.

In an Ad-Hoc mode, stations must be within the Basic Service Set (BSS) to work with another station. A station may be members of either BSS cell if it is in the footprint of two BSS networks by manually switching channels. This is where the Access Point system comes in. Access Points can be used to connect many BSS groups together to a wired network thus allowing all to communicate together and to an outside network if desired. Switching between cells with an Access Point system is automatic.
An Access Point system allows laptop stations to roam or move between BSS groups. In the above example we can see Station 4 is served by both Access Points and can move at will between service areas. Service will be continuous as long as the each cells Access Point signals overlap. Each BSS/Access group operate on seperate wireless channels. A station that roams will search for available channels as it goes from one BSS cell to another. Data is not lost although there is an interuption, lasting less than a second, in the flow of data as a station searches for a good signal from the next BSS cell.

By using an Access Point, stations can be connected to the internet as in the above example.
Although a BSS group can be connected to the internet without a router, if the DSL internet system allows multiple connections, members in the group may not see each other if the ISP has firewalls between its network users. Such is usually the case in hotels, etc. If this is the case, you will not be able to share resources such as a printer. This is because the DSL internet server usually assigns Dynamic IP address when a station connects. Stations connected have no way of knowing what each other's IP addresses are and thus can not connect to each other to share resources.
By adding a router, one can separate the DSL server from the stations. The DSL will assign one IP to the router, and the router will accept the manually or automatically assigned IP address from each station in your network. This gives the best of two worlds, peer-to-peer and internet.

WPA Security Issues
Standard WEP encryption and key protection is not approved for use by US government agencies. Newer WPA (WiFi Protected Access) is an improvement on WEP technology. WPA changes the encryption key every 10,000 bytes using the IEEE 802.11i Temporal Key Integrity Protocol (TKIP), so is very difficult to break by those trying to listen in. WPA2 is yet an improvement over WPA allowing for hardened encryption protocols. Most wireless router manufacturers have moved into the new WPA2 protocol. WPA2 using Advanced Encryption Standard (AES) has support from most agencies and complies with esblished government security standards. These standards include the NIST FIPS 140-2 standard.

Security Quick Tips
1. Turn off IP Ping return.
2. Change the default Administrator Passwords.
3. Turn on WPA2 encryption
4. Configure the Router/AP/Gate firewall.
5. Change the default network name.
6. Enable MAC Address filtering to allow only known MAC devices to connect.
7. Assign a static IP address to each device.
8. Disable the broadcast of the network name and SSID.

Installation and Setup
Setup of Wireless Network card involves settings in several different areas. Below is a list of basic items that needs to be done to set up a PCMCIA card.

Load software from the card manufacture. Some manufactures require that the card be installed first while others want the card out of the system during software loading. Follow the manufactures directions. You will most likely be asked for SSID, Mode, Encryption Key, and Channel number. These values should be the same and in the same font case in all stations in a wireless group.
Plug in the PCMCIA Wireless Network card. When the computer finds the card, follow the prompts and manufactures directions.
Check the Wireless Network Adapter (not found inWindows NT/2000) from the Network Control in the Control Panel. Most cards come with a setup utility/wizard to do setup of the values found here while others are done with the Install program. Except for encryption, the information found here should be the same as you entered into the Wireless Networking Configuration/Installation/Setup program.

Check the Mode. Ad-Hoc (peer-to-peer use) or Infrastructure, Managed, etc (for use with Access Point). Some may also have an 802.11b Ad-Hoc mode.
Check SSID. This can be any name but all network stations must use the same name.
Check Encryption, if used. Is it enabled? WEP Key the same in all stations.
Check Channel Number. Use the same in all stations. There are 11 channels supported in the USA.

Windows 95/98 Considerations

Check that you have a Wireless Network Protocol such as TCP/IP, found in the Network Window accessed from the Control Panel.
In the "Identification" tab found in "Network" in the "Control Pannel", make sure your computer has a unique ID name and a Workgoup name. The workgroup name should be in Upper Case in win 95 systems if they are to talk with Windows 2000 systems as these accept only upper case workgroup names.
Add Client for Microsoft Windows if none exists in the Network Window which is accessed from the Control Panel. You may need to select "Quick Logon" to get the unit to properly log onto the network.
You must have "File Sharing" enabled in order for a computer to be seen by other computers in the network list. You must also identify any directories or drives to be shared.
Click on the Network Neighborhood Icon on the Desktop. When the window comes up you should see other computers that are on the network.

If not click on the Entire Network icon and see if you see other systems.
If not, check the above items and check the associated wireless device in the Device Manager found by Clicking the System icon in the Control Panel. Check to make sure the device is working properly here and that there are no device IO sharing problems found in the Resources tab.

Windows NT/2000 considerations
Windows NT/2000 is a little more exacting in the way it does networking although much of the setup is similar to Windows 95, only named and presented differently. Many of the newer OEP/NDMS laptops are now using Windows 2000.

When trying to access a Windows NT/2000 from a network, you may be asked for a Password. If so this is the password used by the "Guest" user. Also make sure that the "Guest" user is enabled in the advanced area of "Users and Passwords" found in the "Control Pannel", otherwise the network may appear connected, but you can not access any devices or files.
Workgroup names are only upper case in Windows 2000. The name and its case will need to match in all systems using a workgroup.

DMAT OH-5 12/20/2002