A wireless network design includes a number of network names, login screens, and antenna types. In this video, you’ll learn about SSIDs, BSSIDs, ESSIDs, captive portals, and more.
When we think about wireless networking, we often think about connecting to an access point. But of course you can communicate directly to another device without an access point. We refer to this as Independent Basic Service Set or IBSS.
You might also see this referred to as an ad hoc connection. This allows us to configure one device as an ad hoc connection, configure the other device as an ad hoc connection, and simply connect those two devices to each other over those wireless frequencies. You might have used this functionality when you’ve configured an internet of things device, such as a door lock or lights in your home.
This is a way to connect to a device over an ad hoc connection, provide that device with information about your existing wireless network, and then have that device connect directly to the access point.
And in most environments we have an access point that many different devices are connecting to, to be able to network everyone together. Behind the scenes, we’re using different parameters to configure this device. Two of those parameters are the SSID and the BSSID.
SSID stands for the Service Set Identifier, and it’s the name of the wireless network that we’re connecting to. So you might have an access point with an SSID of SGC1 And when you bring up the list of all of the available access points in your area, you will see that SSID name appear in your list of available networks.
Of course, this same SSID might be configured on multiple access points, especially if you have a very large home or you’re in an environment where there are multiple areas of the building and you want to have wireless connectivity wherever you might be in that building. To be able to differentiate between one access point and the other, we need some type of hardware address on that access point. And that hardware address is known as the BSSID.
This is the Basic Service Set Identifier. So although there is a wireless network name that we see, such as SGC1, there is also a hardware address that we normally do not see behind the scenes. In this case, this wireless access point has a BSSID of 60:3D26:11:22:33.
As we’ve already mentioned, in your home or a very large business, you may have tens, hundreds, or even thousands of access points to manage. All of these access points need to be able to work together so that as you are passing from one building to another or from one area of the building to the other, you’re able to seamlessly move from one wireless access point to the other. This is often done by using the same SSID or wireless network name on each of the wireless access points.
We refer to the shared network name that’s used across access points as an ESSID. The e stands for the extended service set identifier. With the ESSID configured across all of these different access points, you can start on one end of the building, walk to the other end of the building, and you will be moving automatically and seamlessly from one access point to the other.
Here’s a configuration that uses ESSID to provide that seamless roaming from one access point to the other. In the middle at the top, we have a network switch. This switch has an ethernet connection to an access point on the left and an access point on the right. And you can see that the BSSID, or the basic service set identifier, which is the hardware address of the access point, is different on this access point than it is for the other.
Although these are obviously two different pieces of hardware, they are sharing the same SSID. You can see it’s configured as SGC1 on this access point. It is also configured as SGC1 on the other access point.
As we move outside the range of one access point and move into the range of another access point, that access point will automatically pick up that we are nearby and seamlessly connect this device to that same SSID without any notification on your mobile device. This means you can continue to surf the internet, transfer files, and use the network normally, even if you happen to be moving at the same time.
When you first connect to a wireless access point, you may be prompted with a screen that gives you information about the network or requires you to authenticate to gain access to that network. We refer to this screen that appears and the prompt with the authentication credentials as a captive portal screen. For this captive portal to work, there is a centralized access table that identifies individuals that are already authenticated to the wireless network, and if it notices there’s a new device that has not previously authenticated, it will present this captive portal screen to the end user.
On the captive portal screen, there may be a series of terms that have to be agreed to or it may prompt for a username, a password, or some other type of authentication factor. If those credentials are entered properly, then that information is added to the access table and you gain access to that wireless network for a predefined amount of time. For example, your captive portal may be good for 24 hours and at the end of that 24 hour period, you have to reauthenticate to gain another 24 hours of access.
There are many different ways to configure security on a wireless network. And if you look at the configuration of your access point, you may find that there are a number of different options that you could choose from. For example, on this access point, the security level is currently defined as WPA2 personal. This access point can also disable security.
It can configure a security mode on this access point known as OWE, which stands for Opportunistic Wireless Encryption, which effectively allows someone to connect to the wireless network but prevents them from communicating directly to any other wireless device. This access point also supports WEP, different flavors of WPA, WPA2, and WPA3
An open system, of course, means there is no security. There is no authentication process, and anyone on this wireless network can communicate to anyone else on this wireless network. This access point supports WPA, WPA2 and WPA3 using a personal type of security. Sometimes you’ll see this referred to as PSK which stands for Pre-Shared Key.
This means to gain access to this wireless network, we need to provide someone with a pre-shared key that everyone will use. For example, you may be at a coffee shop and there may be a notice at the coffee shop that the pre-shared key that everyone can use to access the network is hot coffee.
Of course, if you’re in a business environment, having everyone share the same password for the wireless network is inherently insecure. So most enterprises will use a different type of wireless security known as enterprise or 802.1x security.
This allows the network administrator to require a username, password, or some other type of authentication to gain access to the wireless network. And most people will use their own personal credentials to be able to provide that access. This means you would use the same username and password you would normally use to log into other devices in that same enterprise network. This means if someone leaves the organization and their account is disabled, they no longer have access to that wireless network.
If you look at the different antennas that are used on many of today’s wireless networks, you may notice a number of different styles. The style of antenna that you see connected to this access point is an omnidirectional antenna. And it’s a very common antenna type to find on our consumer or home based access points.
An omnidirectional antenna will evenly distribute that wireless signal on all sides of the antenna. So you can put your access point in the middle of the room and everyone in the room will have the same signal strength as everyone else. This means you can put your access point in a centralized area and anyone who’s nearby will be able to gain access to the wireless network. But this may not be the optimal antenna type to use.
For example, your access point may be in the corner of an outside room and you’re effectively only seeing a portion of that signal while the rest of it on this omnidirectional antenna is sent to places where no one will ever connect.
In that scenario, you might want to use a directional antenna where you can take that wireless signal and send it into a single direction. This allows you to focus the transmission and receiving of wireless signals to a device that may be in the corner of a room or it may be connecting different buildings to each other. You’ll often see these antennas measured as a total number of decibels.
For example, a directional antenna may increase the performance of that signal by a certain decibels of gain. For example, you may see in the specifications of a directional antenna that it effectively increases the overall power by 3dB. And for every 3dB, we are effectively doubling the amount of power available.
One type of directional antenna is a Yagi antenna. This is an example of a Yagi antenna. It is very directional and has a very high amount of gain. We also have other directional types, such as a parabolic antenna, where multiple signals can come in and bounce into a single feed horn in the front. So it’s focusing all of those signals into a single point on the antenna. This is especially useful over longer distances where you need to collect that signal and focus it into a single spot.
Most of the access points that we use at home are autonomous access points. This means that the access point doesn’t require any type of additional hardware or software to be able to operate. It’s effectively a standalone device that doesn’t rely on anything else to be able to maintain that wireless connectivity.
But in an enterprise, you may not be using autonomous access points. Instead, you may be using lightweight access points. This separates the wireless functionality into the hardware that you would mount into the ceiling, and the configurations and intelligence of that device are often maintained on the switch the access point is connected to.
This not only allows us to have less expensive access points that we can deploy, it also gives us functionality for being able to manage those devices. One standard for managing wireless access point is known as CAPWAP. This is control and provisioning of wireless access points, and it allows you as the network administrator to manage and configure all of these wireless access points from one central management station.
We refer to this central station as a wireless lan controller and allows us to connect and view the entire wireless infrastructure from one single screen. We often refer to this as a single pane of glass.
From this single management station, we can deploy new access points. We can monitor the performance of our existing access point infrastructure. We can make changes to the configuration of our wireless network and deploy those changes to some or all of our access points.
And this might also create reports showing us how much of the wireless network is being used and by whom. This wireless LAN controller is often paired with the wireless access points themselves, so you’re often getting the access points and the wireless management station all from the same manufacturer.