Inter-VLAN Routing and Wireless Network Security

Posted on May 12, 2024 in Computers

Inter-VLAN Routing

We define inter-VLAN routing as the process of forwarding network traffic from one VLAN to another via a router. “Router-on-a-stick” is a type of router configuration in which a single physical interface routes traffic between multiple VLANs on a network. Subinterfaces are multiple virtual interfaces associated with a physical interface. These software interfaces are configured on a router and independently assigned an IP address and VLAN to work on a specific VLAN.

Router interfaces are configured similarly to VLAN interfaces on switches. In global configuration mode, switch to the interface configuration mode for the specific interface you want to configure. After assigning IP addresses to each physical interface, the router can perform routing.

Protecting the Configuration

To protect the configuration, execute the command copy running-config startup-config in privileged EXEC mode to save a backup of the running configuration in the startup configuration.

Examining the Routing Table

Examine the routing table using the show ip route command in privileged EXEC mode. The commands show running-config and show interface interface-id switchport are useful for identifying VLAN assignments and port configuration problems.

Common Setup Mistake

One common mistake when setting up inter-VLAN routing is connecting the router’s physical interface to the wrong switch port. This places the router in an incorrect VLAN and prevents other devices from reaching the intended VLAN.

Wireless Networks

Mobile Wireless Network Advantages

  • Workstations are not fixed
  • No permanent connection periods
  • Reduced cost
  • Saving on wiring
  • Increased employee productivity and relaxation

802.11 LAN

The 802.11 LAN is an IEEE standard that defines how to use radio frequency (RF) in the unlicensed Industrial, Scientific, and Medical (ISM) frequency bands for the Physical Layer and the MAC sub-layer of wireless links.

Wi-Fi Certification

Wi-Fi certification is provided by the Wi-Fi Alliance, a global, non-profit industry trade association dedicated to promoting the growth and acceptance of WLANs.

Access Points

An access point converts data packets from TCP/IP format to 802.11 frame format for transmission over the air. It also converts 802.11 frames received from the wireless network to 802.3 Ethernet frames for the wired Ethernet network.

Router Function

The router provides a gateway to connect to other network infrastructures.

WLAN Discovery and Connection

A key part of the process is discovering an 802.11 WLAN and then connecting to it. The main components of this process are:

  • Beacons: Frames that WLANs use to communicate their presence.
  • Probes: Patterns that WLAN clients use to find their networks.
  • Authentication: A process that functions as an instrument of the original 802.11 standard, which the standard still requires.
  • Association: The process of establishing the data connection between an access point and a WLAN client.

Shared Service Identifier (SSID)

A shared service identifier (SSID) is a unique identifier that client devices use to distinguish between multiple wireless networks nearby.

Ad Hoc Wireless Networks

Ad hoc wireless networks can operate without access points.

Extended Service Set (ESS)

When a single Basic Service Set (BSS) does not provide sufficient RF coverage, one or more BSSs may join through a distribution system into an Extended Service Set (ESS).

Configuring the Linksys WRT300N

The steps to configure the Linksys WRT300N are:

  1. Make sure your PC is connected to the access point using a cable connection.
  2. Access the web-based utility using a web browser. To access the web-based utility, start Internet Explorer or Netscape Navigator and enter the default IP address of the WRT300N (192.168.1.1) in the address field.

Security Settings

Do the following:

  • Security Mode: Select the security profile you want to use.
  • Mode Parameters: Each of the PSK modes has parameters that can be configured.
  • Encryption: Select the algorithm you want to use (AES or TKIP).
  • Preshared Key: Enter the shared key used by the router and other devices on the network.
  • Key Renewal: Enter the period for key renewal.

Firmware Updates

The Linksys firmware for a device, as used in laboratory practices of this course, is updated with a web-based utility.

Resolving RF Interference

Incorrect configuration of channels is a major cause of RF interference. WLAN administrators can control interference caused by channel configuration with good planning, including proper distance between channels.

Wireless Network Security Threats

Major categories of threats that lead to unauthorized access:

  • Seekers of open wireless networks
  • Hackers (Crackers)
  • Employees

Unauthorized Access Points

An unauthorized access point is an access point located in a WLAN that is used to interfere with normal network operation.

Man-in-the-Middle Attacks

In a man-in-the-middle attack, the attacker selects a target host and positions themselves logically between the target and the router or gateway.

Authentication Methods

Partnership

In an open network, such as a home network, association may be all that is required to ensure customer access to services and devices in the WLAN.

Extensible Authentication Protocol (EAP)

In networks with more stringent security requirements, authentication is required to secure connections or access for customers. This connection process is managed by the Extensible Authentication Protocol (EAP).

Protecting a Wireless LAN

Access Control

  • Depth: The concept of depth means that there are multiple security solutions available.
  • Camouflage SSID: Disable SSID broadcasts from access points.
  • MAC Address Filtering: Tables are built manually in the access point to allow or deny access based on client hardware addresses.
  • Implementation of WLAN Security: Use WPA or WPA2 for enhanced security.