Networking Diaries #010

Hello Network!🌸

The journey continues with another entry in the Networking Diaries! Week 10 of The NetClan LiNE program took me deeper into wireless technology, with a focus on WLAN architecture, configuration, and security.

This week’s live session, facilitated by Ireoluwatonde Fasanu , covered the core components of Wireless LANs, including the 802.11 standards (a, b, g, n, ac, ax), wireless topologies, and WLAN infrastructure.

To better understand how wireless devices communicate, I explored wireless topologies, the different structural layouts that define how devices connect and interact within a wireless network.

The three main wireless topologies are infrastructure mode, where devices communicate through an AP or wireless router; ad hoc mode, where devices connect directly to each other without AP; and tethering, where a device (like a smartphone) shares its internet connection with other devices, essentially acting as a mobile hotspot.

Picture this:

You're at a café with friends, and everyone wants to connect to the internet. Here’s how the connection happens depends on the topology in use:

Infrastructure Mode: Imagine the café has a Wi-Fi router (Access Point). Everyone connects to that single device, which then manages communication and connects you to the internet. This is the most common and reliable setup used at home, in offices, and in public spaces.

Ad Hoc Mode: Now, imagine there’s no router, but your devices still want to share files or chat. They form a direct, peer-to-peer network. It’s like everyone sitting in a circle passing notes to each other without a central collection point.

Tethering: Let’s say one of your friends turns on their phone’s hotspot to share mobile data. The phone becomes the temporary hub while the rest connect to it. This is a form of ad hoc, but with internet access.

Within the infrastructure mode, there are two key configurations:

• Basic Service Set (BSS): This involves a single AP providing wireless coverage (known as a Basic Service Area, BSA) to clients. It’s ideal for small spaces like a home or small office. Each BSS is identified by a unique BSSID (essentially the MAC address of the AP).
• Extended Service Set (ESS): Here, multiple APs are connected through a distribution system to expand coverage over a larger area, such as a school or corporate office. These APs share a common SSID, allowing seamless roaming between them.

Then, I explored the 802.11 wireless frame. It's similar to the Ethernet frame and differs in the additional address fields that allow for more precise routing and device identification within a wireless network.

Unlike wired networks that support full-duplex communication, WLANs operate in half-duplex mode. This prevents wireless clients from sending and receiving data at the same time, making collision detection more challenging. WLANs use CSMA/CA to address this, a mechanism designed to minimise data collisions through careful channel sensing.

It turns out, establishing a wireless connection between a client (like your phone) and an AP isn’t as simple as it seems. It involves three key steps:

1. Discovery: The client searches for available wireless networks through either active or passive scanning. During passive scanning, the client listens for beacon frames periodically broadcast by nearby APs. In active scanning, the client takes initiative by sending out probe requests and waits for responses from accessible APs.
2. Authentication: An initial identity check takes place between the client and the AP.
3. Association: The client officially joins the network using the SSID (WiFi name) and password.

Next, I learnt about the Control and Provisioning of Wireless Access Points protocol (CAPWAP). It’s an IEEE standard that allows WLCs to manage multiple APs in a centralised way. It enhances security between the APs and the Wireless LAN Controller (WLC) using Datagram Transport Layer Security (DTLS).

This brought me to something called Split-MAC architecture.

So, imagine the wireless network is a team where different members handle different jobs. In this setup, the WLC acts like the manager, it takes care of tasks like setting rules, managing devices, and making sure everyone is allowed to connect (authentication and configuration). On the other hand, the AP is like the team member on the ground, it handles the real-time work like sending out signals (beaconing), keeping data safe (encryption), and talking directly to your phone or laptop.

I learnt about Flex Connect APs. These are special types of APs that can keep the network running even if they temporarily lose connection to the WLC. It’s like a team member who can keep doing their job even if the manager steps away for a while. This makes them super useful in places like remote branch offices, where the central controller might not always be nearby.

Then came the topic of wireless channels. Channels are subdivided into frequency ranges within a radio band. The 2.4 GHz and 5 GHz are the main frequency bands used for Wi-Fi channels.

In the 2.4 GHz band, there are 11 channels, but only channels 1, 6, and 11 are non-overlapping.

By contrast, the 5 GHz band provides dozens of channels that can be arranged into multiple non‑overlapping sets.

Using overlapping channels leads to signal interference, resulting in poor performance. Think of it like trying to listen to two people talking at the same time on the same frequency; it all becomes noise. A common example is when your microwave disrupts your Wi-Fi signal or when calls drop because of channel congestion.

To manage wireless signals and minimise interference, different modulation techniques are used:

• Direct-Sequence Spread Spectrum (DSSS): It spreads the signal across a wider frequency range to reduce the impact of interference.
• Frequency-Hopping Spread Spectrum (FHSS): It switches the frequencies rapidly to avoid consistent interference.
• Orthogonal Frequency-Division Multiplexing (OFDM): It divides a channel into smaller subchannels, improving data reliability and throughput.

Improper channel configuration and overlapping signals can lead to Denial of Service (DoS) attacks or general WLAN instability.

Just like wired networks, WLANs are vulnerable to various threats. Many L2 attacks, like MAC spoofing and ARP poisoning, also apply to WLANs.

To secure a wireless LAN, basic defences include:

• SSID blocking: Hiding the network name to reduce visibility.
• MAC address filtering: Allowing only authorised devices to connect.
• Authentication methods: Controlling who gets access using secure login processes.

I explored various wireless authentication protocols and how they’ve evolved over time. Starting with WEP (Wired Equivalent Privacy), which uses RC4 encryption, I learnt that although it was once common, it’s now considered outdated and insecure. WPA (Wi-Fi Protected Access) came next, introducing TKIP encryption, followed by WPA2, which improved security by adopting AES encryption.

The most recent and recommended standard is WPA3, which offers even stronger protection through Protected Management Frames (PMF).

I learnt about the different modes these protocols operate in:

WPA/WPA2 Personal uses a pre-shared key (PSK), making it ideal for home or small networks. In contrast, WPA/WPA2/WPA3 Enterprise integrates with a RADIUS server allowing for centralised authentication and authorisation in larger or corporate wireless networks.

Additionally, WPA3 Open and WPA3 Enterprise modes offer enhanced security for public Wi-Fi environments and IoT onboarding, ensuring that even smart devices can be safely added to the network.

To put all I had learnt into practice, I simulated a simple home Wi-Fi setup in Cisco Packet Tracer using a wireless router, laptop, and smartphone, configuring SSID, WPA2 security, and DHCP.

Let me walk you through it:

Figure 1: Setting Up the Home Wi-Fi Simulation

I began by placing a wireless router, a laptop, and a smartphone in the Cisco Packet Tracer workspace to simulate a basic home Wi-Fi setup. The devices did not auto-connect because there was no pre-configured SSID or wireless profile yet, just like in real life, they needed proper setup before joining the network.

Figure 2: Setting the SSID of the Wireless Router

I gave the wireless router a name by configuring the SSID - NetZone. This is the name devices see when scanning for Wi-Fi networks.

Figure 3: Choosing the Security Mode

I selected WPA2 Personal for wireless encryption to secure the network, mimicking real-world router configurations.

Figure 4: Setting the Passphrase

I added a passphrase (N3tZ0n3isB3$t) to protect the network and control who can connect.

Figure 5: Laptop Default Configuration with Wired Module

Initially, the laptop had a wired Ethernet module (NM-1CFE), which doesn’t support wireless connectivity.

Figure 6: Replacing with the WPC300N Wireless Module

I powered off the laptop and installed a WPC300N wireless NIC, enabling Wi-Fi capability.

Figure 7: Searching for the SSID of the Wireless Router

The laptop scanned for available wireless networks and detected the SSID (NetZone) I previously set.

Figure 8: Inputting the Passphrase of the Wireless Router

I entered the WPA2 passphrase and successfully initiated a secure connection to the router.

Figure 9: Successful Wireless Connection Between Laptop and Router

The laptop successfully connected to the wireless network, receiving an IP address from the router’s DHCP server.

Figure 10: Smartphone Wireless Configuration

I repeated the process for the smartphone, configuring it to connect to the same SSID using the correct password. After a successful connection, the smartphone immediately received a link-local Address, indicating it had joined the network and could now communicate with other connected devices.

Figure 11: Pinging Router and Smartphone from Laptop

To test connectivity, I pinged the router and the smartphone from the laptop and got successful replies, confirming everything was connected properly.

Bringing all the concepts to life, from wireless standards to access point configuration, made the learning more concrete.

Of course, issues are bound to arise in wireless networks, and knowing how to troubleshoot effectively is key. The troubleshooting process involves:

1. Identifying the issue.
2. Determining possible causes.
3. Creating a plan of action.
4. Implementing the fix.
5. Verifying that the network is working correctly again.
6. Documenting the process.

Documentation ensures continuity, makes future troubleshooting easier, and helps other team members understand what was done and why.

To assist with troubleshooting, here are some basic yet powerful network commands:

• ping: to test connectivity (as seen in Figure 11).
• traceroute: to trace the path data takes.
• ipconfig: to view and manage network settings on a device.

Week 10 done and dusted!

From figuring out how devices connect without cables to learning how to keep those connections safe, this entry pulled a lot of moving parts together. Wireless networks might be invisible, but now I see them much more clearly.

Till next time,

Chinwendu.