Glossary

Numbers

802.1Q An IEEE standard that defines virtual LANs.

802.1X A port-based access control standard, 802.1X provides an authorization framework that allows or disallows traffic to pass through a port and thereby access network resources. An 802.1X framework may be implemented in either a wireless or a wired environment. The three main components of an 802.1X framework are the supplicant, the authenticator, and the authentication server.

802.1X/EAP A term used to specify an 802.1X authentication using an EAP authentication protocol.

802.1X supplicant There are three roles in the 802.1X process: supplicant, authenticator, and authentication server. The supplicant is the 802.1X software agent residing on the device wishing to authenticate using the 802.1X protocol.

802.11 authentication The service used to establish the identity of one station (STA) as a member of the set of STAs authorized to associate with another STA.

802.11e An amendment to the original IEEE 802.11 standard that defined QoS enhancements. 802.11e was integrated into 802.11-2007.

802.11i An amendment to the original IEEE 802.11 standard that specifies enhanced security mechanisms. 802.11i was integrated into 802.11-2007.

802.11r-2008 An amendment to the 802.11-2007 standard that specifies roaming enhancements.

802.1D An IEEE standard, part of the 802.1 family, that defines MAC bridging.

802.1p An IEEE standard that defines a 3-bit priority code point (PCP) user priority (UP) value for QoS support within the 802.1D bridging framework. 802.1p has been rolled into the 802.1Q standard and is a legacy term, but is still commonly used to refer to OSI Layer 2 QoS markings.

A

AAA Authentication, authorization, and accounting (AAA) is a security concept involved in proving the identity of supplicants, granting them authorization to network resources, and properly accounting for their activities. The term AAA server is often referred to as the authentication server in the 802.1X process.

AAA client An AAA client is a RADIUS or authentication server term for each configured authenticator that is allowed to request authentications for supplicants.

acceptable use policy (AUP) An AUP is a legal document that is provided by the operator of a network that outlines the restrictions that a user of the network must abide by.

access category (AC) A label for a set of contention parameters used by QoS stations to contend for prioritized access to the wireless medium.

access control gateways Devices that are commonly used in guest networks that force users to a captive portal (web page) to perform a set of actions that may eventually result in access to the network. Until access control is granted to guest users, all traffic is usually completely restricted to only the access control gateway itself. While these devices may perform many different functions, they are referred to in this book as the device that performs at least this basic function.

access controller (AC) The network entity in the centralized WLAN architecture that provides wireless termination points (WTPs) with access to the centralized hierarchical network infrastructure in the data plane, control plane, management plane, or a combination therein.

accounting Involves tracking the use of network resources by users. Accounting is an important aspect of network security, and is employed to keep a paper trail of who used what resource, when, and where.

active discovery The process used by 802.11 stations (STAs) to discover available access points and SSIDs by actively transmitting probe requests.

active survey A survey that is performed while maintaining a full 802.11-based association (bi-directional communication) to an AP.

adjacent channel interference Interference caused by power from a signal on an adjacent channel.

admission control A network requirement where admittance of new client or application sessions must be approved by an algorithm that measures the availability and usage of network resources.

AES-CCMP The default encryption method defined under the 802.11i amendment. This method uses the Advanced Encryption Standard (AES) cipher. It uses a 128-bit encryption key size and encrypts in 128-bit fixed-length blocks. An 8-byte message integrity check (MIC) is used that is considered much stronger than the one used with Temporal Key Integrity Protocol (TKIP). AES-CCMP is the default encryption method defined by Wi-Fi Protected Access 2 (WPA2).

aggregated MAC protocol data unit (A-MPDU) A Physical Layer Convergence Procedure (PLCP) structure containing multiple MPDUs that can reach a length of 64 kilobytes as compared to the legacy frame size limit of 2,304 bytes.

aggregated MAC service data unit (A-MSDU) An MPDU structure containing multiple MAC service data units that can reach a length of 7,935 bytes.

AIFS The interframe space used by QoS stations attempting to access the WLAN medium for data frame transmissions.

airtime fairness A proprietary frame queuing and scheduling feature designed to supplement standardized QoS by regulating and fairly distributing client device airtime usage.

airtime scheduling An algorithm that determines the order in which data frames are given access to system resources.

amplifier saturation An amplifier will provide linear gain up to a well-defined power limit. Above that limit, increasing the input power will not produce more output power. The input power at which the amplifier starts to decrease its gain is the point where the amplifier starts to go into saturation.

antenna diversity Antenna diversity incorporates the use of more than one antenna element for single-input, single-output (SISO) clients. Antenna diversity helps to mitigate the negative effects of multipath interference.

application-specific device (ASD) A hardware device designed for a single application; usually runs a proprietary operating system.

arbitration The process a transmitter uses to gain controller over the wireless medium.

association After a station has authenticated with the access point, the next step is for it to associate with the access point. When a client station associates, it becomes a member of the Basic Service Set (BSS). Association means that the client station can send data through the access point and exchange data with the distribution system medium.

asymmetric key encryption The encryption method that is used with public key infrastructure (PKI) systems and means that the encryption key that is used to encrypt a message (public key) is different from the one that must be used to decrypt the message (private key).

attribute-value pairs (AVPs) AVPs are data values that are often used in RADIUS communications. AVPs are used to dynamically assign WLAN users to roles, VLANs, and a variety of other attributes resulting from client authentications.

authentication The verification of user identity and credentials. Users must identify themselves and present credentials, such as usernames and passwords or digital certificates. More secure authentication systems exist that require multifactor authentication where at least two sets of different credentials must be presented.

authentication server (AS) When an 802.1X/EAP solution is deployed, an authentication server validates the credentials of the supplicant that is requesting access and notifies the authenticator that the supplicant has been authorized. The AS will maintain a user database or may proxy with an external user database to authenticate user credentials.

authenticator When an 802.1X/EAP solution is deployed, a device that blocks or allows traffic to pass through its port entity is known as the authenticator. Authentication traffic is normally allowed to pass through the authenticator whereas all other traffic is blocked until the identity of the supplicant has been verified. Typically, authenticators are switches, routers, access points, or controllers.

authorization The act involved in granting access to network resources and services.

autonomous WLAN architectures The WLAN access network architecture family in which all the logical functions, including both IEEE 802.11 and CAPWAP functions (wherever applicable), are implemented within each WTP in the network. The WTPs in such networks are also called stand-alone APs, or fat APs, because these devices implement the full set of functions that enable the devices to operate without any other support from the network.

availability A term used to represent uptime of systems.

B

backlobes The RF energy that is emanated from an antenna in nonprimary direction(s).

backoff timer The timer used during WLAN arbitration to count down time slots after a station has selected a contention value from the contention window.

balun A device on an antenna that is used as a transformer. It will transform a cable impedance so that it will match an antenna impedance.

band steering A proprietary feature designed to steer client devices to specific frequency bands.

bandpass filter A passive device that will pass signals within a band of frequencies and block all others.

Barker code A direct sequence chipping code with good autocorrelation characteristics. 802.11 uses a specific 11-chip Barker code.

basic rates Individual PHY rates that use specific modulation and coding mechanisms that all devices must support before being allowed onto the WLAN. Basic rates have strong implications for certain classes of wireless traffic transmissions such as management frames, broadcast and multicast traffic.

Basic Service Set (BSS) A network service group that is initiated by an AP and joined by a group of client stations.

bill of materials (BOM) A list of all hardware, software, and accessories needed to implement the network design.

Binary Phase Shift Keying (BPSK) A one-bit modulation scheme. Its constellation can be represented by two points, –1 and 1, on the I-axis.

biotelemetry Transmission of data (usually patient vital information) in healthcare environments.

black body radiation The radiation emitted by all objects. The amount of microwave noise power due to black body radiation is related to bandwidth and temperature.

blacklists A term that refers to a list of known and undesired entities or locations.

block acknowledgment (BA) policy A set of options that may be used to acknowledge received 802.11 frames to the transmitter.

bridges An AP that is used to bridge one network technology to another. For example, a wireless bridge can be used as a backbone segment to connect two wired LANs.

business requirements Requirements that map directly to business-related goals rather than to the technical details of how those goals will be realized. Here’s an example: “Reduce operating expenses by 10%” can be a business requirement. Installing a voice over WLAN phone system to reduce long-distance charges could be a technical solution to that requirement.

C

calibration A term used in survey mapping software packages that allows a graphic file to be scaled to real-world dimensions and interpreted.

call signaling A control protocol for audio or video communications that establishes and tears down sessions.

Calling-Station-ID A RADIUS attribute that identifies the client requesting authentication. Typically this is tied to the MAC address of the client.

capacitance A measure of how much charge a capacitor can hold.

capacity-based network A network that is deployed to accommodate a high number of clients. To accomplish this, the goal is to use a greater number of APs through the use of lower transmit power levels and carefully chosen antennas to shape the RF coverage.

captive web portal A network redirection feature used for the HTTP and HTTPS protocols where all web traffic will be redirected to a network device typically requiring some form of authentication or acceptance of use policy before being allowed to send traffic through the device.

Carrier Sense The set of mechanisms used by 802.11 stations to determine the state (whether idle or busy) of the wireless medium.

Carrier Wave A microwave radio tone that has not been modulated with information.

cavity filter A type of low-loss filter. Generally a cavity filter is large and heavy.

CCA congestion CCA (clear channel assessment) is the process an 802.11-compliant radio uses to gain access to transmit on the wireless medium. When the medium is busy, it will cause delays in gaining access to the medium, which may affect applications.

centralized data forwarding Centralized data forwarding is where all APs in a WLAN architecture tunnel all data traffic back to a single device for it to then be decapsulated and dropped onto the distribution system.

centralized WLAN architectures The WLAN access network architecture family in which the logical functions, including both IEEE 802.11 and CAPWAP functions (wherever applicable), are implemented across a hierarchy of network entities. At the lower level are the WTPs, while at the higher level are the access controllers (ACs), which are responsible for controlling, configuring, and managing the entire WLAN access network.

certificate authority (CA) A role in a public key infrastructure that issues and vouches for authenticity of digital certificates.

certificate trust list (CTL) A list of certificate authorities (CAs) and other trusted third parties on a host computer. The CTL is referenced when a digital certificate is presented to it and is used to determine whether to trust the presenting party.

change order (CO) Issued when requests are made that are outside of the agreed-upon statement of work. Maps closely with the customer requirements document (CRD) as the CRD details what the project requirements are, and often the requirements expand over time, resulting in scope creep.

channel reuse plan An AP channel planning technique for MCA systems in order to space same-channel APs at the farthest RF distance from one another. This technique minimizes co-channel interference and therefore the contention domain.

characteristic impedance A characteristic of a transmission line. The characteristic impedance of a transmission line should be equal to its terminating load to avoid reflections.

chip rate The number of pulses per second at which a signal is transmitted and received. The chip rate for 802.11b is 11 Mchips/s. There are 11 chips for every bit transmitted. This spreads the spectrum to 11 times of what it would be if there was no chipping of the signal.

chipping A method of using several symbols to represent a single bit of actual data. Chipping allows for data recovery of the actual received transmission that may not have all been received exactly intact.

chipset The silicon chip that provides the MAC and PHY features for a WLAN radio.

Cisco Centralized Key Management (CCKM) A vendor-specific standard created by Cisco that allows for fast secure roaming on Cisco infrastructure environments. CCKM is part of the CCX standard and has been widely adopted by many client device vendors.

class of service (CoS) An OSI Layer 2 term used to reference 802.1p traffic classes, as determined by the user priority (UP) bits.

classification Identification of an incoming frame’s QoS class and the handling behaviors that should be applied to that class.

clauses In IEEE standard documents, content is divided into clauses or sections. A clause is the highest order category usually notated using numerical values.

Clear Channel Assessment A physical carrier sense mechanism used in IEEE 802.11 to sense activity on the wireless medium before performing a transmission.

co-channel interference Commonly used to refer to interference from APs and client devices operating on the same RF channel. Sometimes it can also be used to refer to any other interfering RF signal source occupying the same channel as another system such as a Wi-Fi AP.

codec An abbreviation for coder-decoder, referring to computer algorithms that code a source signal (usually an audio or video source) into a form that can be transmitted over a network medium and then decoded back into a perceptible original form at the destination.

common access cards (CAC) A smart card issued by the United States Department of Defense that is used to prove identity.

Complementary Code Keying (CCK) A modulation scheme used by 802.11b and 802.11 radios.

computers on wheels (COWs) Mobile computers commonly used in healthcare environments; the same term is used in the mobile carrier industry to refer to cellular on wheels, where a wireless base station needs to be deployed quickly and often temporarily.

constellation A display of digital modulation showing its phase and amplitude. The points of a constellation show where the receiver will detect a symbol.

contention The condition when other devices are currently using the wireless medium and other devices wishing to transmit must wait.

contention domain A geographical coverage area for a single channel shared by multiple devices. Each device must arbitrate for transmit time on the wireless medium within a contention domain. Mobile devices communicating back to the AP at the edge of the AP’s geographical coverage increases the contention domain for that channel from both the client and AP perspective; it is a single, dynamic system.

contention window The range of values from which a transmitting WLAN station randomly selects a backoff timer to contend for access to the wireless channel.

Control and Provisioning of Wireless Access Points (CAPWAP) The standards-based replacement protocol for LWAPP or other proprietary protocols. CAPWAP also supports Datagram Transport Layer Security (DTLS) encryption mechanisms.

control plane The conceptual communication zone where functions related to cooperation and interaction between wireless equipment in a network take place. Examples include radio resource management (RRM) coordination, mobility management, load balancing, and AP transition coordination.

cooperative autonomous AP A type of autonomous AP that performs all the functions of an independent autonomous AP, but one that has enhanced control plane coordination with other APs within the ESS.

core, distribution, and access layers The logical and physical areas of campus network design that many campus-based networks follow.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) See AES-CCMP.

coverage-based network A network that is deployed with fewer APs at higher power. The intent is to cover as much as possible with the least number of APs.

CTS-to-Self A protection mechanism whereby the transmitting station reserves the wireless medium by use of a clear-to-send (CTS) control frame prior to transmitting the intended data frame.

customer requirements document (CRD) A document that clearly and concisely details the customer requirements for the project. It is essential to make this document as detailed as possible as it is often used to help prevent scope creep.

cyclic shift diversity An adaptation of delay diversity to OFDM systems that can distinguish between symbols shifted in the time domain.

D

data plane The communication plane where all data frames between devices are sent. The actual workload of the wireless devices and applications are sent in the data plane.

dBc The ratio of a measured power to the unmodulated carrier.

dBd Antenna gain relative to a dipole antenna.

dB-Hz A measure of bandwidth in dB. It is the ratio of bandwidth (BW) to 1 Hz used in noise power calculations.

BWdB − Hz = 10 * Log10(BWHz)

dBi Antenna gain relative to an isotropic antenna.

dBm A measure of absolute power. dBm is a dB measure of power in milliwatts.

PdBm = 10 * Log10(PmW)

dBr dB relative (dBr) is the same as dB.

dBW A measure of absolute power. dBW is a dB measure of power in watts.

PdBW = 10 * Log10(PW)

decibelDecibel (dB) is a relative measure of power. A radio gain is an example of something measured in dB. Gain is measured as the ratio of the output power P2 to the input P1.

GdB = 10 * Log10(P2/P1)

delay spread The spread of delay values for the various multipath signals received.

Delivery Traffic Indication Message (DTIM) A DTIM Beacon requires that all power save stations wake up for subsequent delivery of all unicast and multicast traffic.

dielectric A material that resides between the plates of a capacitor that influences its charge storage capacity. It is the plastic material inside cables and has an effect on the cable’s characteristic impedance.

Differential Binary Phase Shift Keying (DBPSK) A modulation scheme where bits are represented by a change in BPSK state. No change is a 0; change is a 1.

Differential Quadrature Phase Shift Keying (DQPSK) A modulation scheme where bits are represented by a change in QPSK state.

Differentiated Services Code Point (DSCP) An IP layer QoS mechanism used to classify IP packets and prescribe handling procedures in accordance with the desired priority.

Direct Sequence Spread Spectrum (DSSS) A method for spreading a modulated carrier with a chipping code.

distortion An error condition that typically exists when an RF amplifier overamplifies an input signal beyond which it can reliably reproduce the input signal at the new amplified power.

distributed antenna systems (DASs) A DAS can come in many varieties, but in the context of this book it is a multispectrum and multihost RF antenna system designed to host multiple types of radio technologies.

Distributed Coordination Function (DCF) DCF is a set of functions that define how WLAN radios coordinate among each other. DCF inherently has no mechanism to reserve airtime for transmissions for particular stations on predetermined intervals. DCF implies that each station must perform a set of actions in order to gain access to transmit on the wireless medium.

distributed data forwarding A method of forwarding data frames in a WLAN architecture without having to first tunnel it to a specific location. It is a data forwarding scheme more similar to the way switched Ethernet networks work today where the traffic is bridged locally.

distributed WLAN architectures The WLAN network architecture family in which some of the control functions (e.g., CAPWAP functions) are implemented across a distributed network consisting of peer entities. A wireless mesh network is an example of such an architecture.

distribution service The service that, by using association information, delivers MSDUs within the distribution system.

distribution system A system used to interconnect a set of Basic Service Sets (BSSs) and integrated local area networks (LANs) to create an extended service set (ESS).

distribution system services (DSS) The set of services provided by the distribution system (DS) that enable the MAC layer to transport MSDUs between stations that are not in direct communication with each other over a single instance of the wireless medium.

down-tilt A downward tilting of, usually, a directional antenna to provide coverage closer to the antenna mounting location. Using the appropriate amount of down-tilt can also minimize RF interference from distances greater than the area of required coverage.

duplex Refers to Ethernet duplex, which is a peer-to-peer configuration setting for an Ethernet link that specifies half for full-duplex communications. Half duplex means that only one device can transmit at a time, whereas with full duplex, each may transmit simultaneously without interference.

Dynamic Frequency Selection (DFS) DFS is a set of behavior that is defined in the 802.11h standard that helps to avoid interference from radar when operating in the 5 GHz UNII bands.

Dynamic Transport Layer Security (DTLS) A security protocol that is used with CAPWAP to encrypt network traffic even over a wired medium.

E

EAP-FAST Flexible Authentication via Secure Tunneling (FAST). EAP-FAST is defined in IETF RFC 4851 and is a type of EAP that uses a Protected Access Credential (PAC) to securely tunnel client authentication credentials to an authentication server.

EAP-GTC Generic Token Card (GTC). EAP-GTC is defined in IETF RFC 3748 and was developed to provide interoperability with existing security token device systems that use one-time passwords (OTPs). The EAP-GTC method is intended for use with security token devices, but the credentials can also be a username and password.

EAP-LEAP A legacy EAP type that uses a username and password-based authentication method for client devices.

EAP-MD5 A legacy EAP type that uses one-way authentication and is susceptible to offline dictionary attacks.

EAP-TLS Transport Layer Security (TLS). Defined in IETF RFC 5216, EAP-TLS is a widely adopted EAP type and is largely considered to be one of the most secure EAP methods available to WLANs today. It requires the use of client-side certificates in addition to a server certificate.

EAP-TTLS Tunneled Transport Layer Security (TTLS). An EAP type that uses a TLS tunnel to protect less secure inner authentication methods and supports more inner authentication methods than almost every other EAP type.

effective isotropic radiated power (EIRP) The product of transmitted power and transmit antenna gain (sum if the power is in dBm and gain in dBi). It is the transmit power required if the power measured at the highest gain point of the antenna was radiating isotropically (radiating everywhere equally).

endpoint agents A software agent that is installed on client devices that enforces security policies.

end-to-end QoS The principle of networking QoS that dictates that traffic must be prioritized at every hop from a data frame’s source to its destination.

energy detect (ED) The portion of CCA carrier sense that assesses the state of the wireless medium by measuring raw RF power.

Enhanced Distributed Channel Access (EDCA) A set of contention-based 802.11 channel access mechanisms defined in 802.11e and adopted by the Wi-Fi Alliance in the WMM specification to enable 802.11-based QoS.

EtherChannel A technique used to virtually combine multiple independent Ethernet links into a single aggregated link shared between two peers.

exciter A device used by RTLS vendors such as AeroScout in order to provide granular position accuracy using non–Wi-Fi RF frequencies or ultrasound.

executive summary A section included in many documents that provides a high-level description, designed for the executive audience, of the document’s purpose and contents.

Extensible Authentication Protocol (EAP) A protocol used to provide user authentication for an 802.1X port-based access control solution. EAP is a flexible Layer 2 authentication protocol that resides under Point-to-Point Protocol (PPP).

F

farads The unit of measure for capacitance.

Fast BSS Transitions (FT) Fast secure roaming mechanisms defined by the IEEE 802.
11r-2008 amendment.

fast fading A rapid change in receive signal due to multipath constructive and destructive interference.

fast secure roaming (FSR) Mechanisms for faster handoffs when roaming occurs between cells in a wireless LAN using the strong security defined in a robust security network (RSN). Fast and secure 802.11 roaming is needed to meet latency requirements for time-sensitive applications in a WLAN.

fragmentation A feature that divides MAC frames larger than a specified threshold into multiple frames to improve transmission reliability.

free space path loss (FSPL) The reduction of RF signal amplitude over free space.

front-to-back ratio The ratio of antenna gain between the front and back of an antenna pattern. The front is considered the point of highest gain or the boresight of the antenna.

full LLD A variation of the low-level design document that includes extensive detail prior to the actual network deployment.

G

gas tube surge suppression A type of surge suppression device placed on an antenna transmission line that is used to protect radios from electrical storms.

Greenfield mode In the context of 802.11n, a mode of operation for an AP and client that allows for 802.11n communications without support for legacy modes.

guard interval (GI) The delay spread that an 802.11 receiver can tolerate before multipath signals cause intersymbol interference (ISI).

H

HCF controlled channel access (HCCA) HCCA is a set of QoS mechanisms that define medium reservation and contention-less transmission for QoS-capable stations. HCCA has not been adopted by the Wi-Fi Alliance for its standards.

hidden node A well-known condition in wireless communications where two wireless transmitters cannot detect each other’s transmissions because of their relation to one another, which causes collisions at other receiver(s).

high-level design (HLD) A design document that specifies the network’s design as a high-level, reusable framework from which other members of a design or implementation team can draw for extension or replication of the design.

hold harmless An indemnity clause or agreement. It is an agreement under which one or both parties agree not to hold the other party responsible for any loss, damage, or legal liability.

Hybrid Coordination Function (HCF) The 802.11 channel access function introduced by 802.11e for support of contention-based (EDCA) and contention-free (HCCA) QoS.

I

impedance A measure of a transmission line load’s resistance, capacitance, and inductance. Matching a load’s impedance to the characteristic impedance of a transmission line will minimize reflections.

independent autonomous AP The traditional interpretation of a stand-alone, autonomous access point that provides all of the MAC layer functions required by the IEEE Std 802.11. Little to no control functions exist between individual independent autonomous APs.

inductor An electrical device that stores current.

in-phase axis The in-phase (I) axis is the horizontal axis in a constellation plot.

integration service (IS) The service that enables delivery of MAC service data units (MSDUs) between the distribution system and an existing, non-IEEE 802.11 local area network (via a portal).

interframe space (IFS) The time interval immediately following the end of a frame transmission that must be observed before another frame may be transmitted or before contention can resume.

intersymbol interference (ISI) The interference that occurs when there is too much delay spread in a received set of multipath signals.

Inverse Square Law The mathematical relationship that occurs between amplitude and distance with free space path loss (FSPL).

isotropic antenna An antenna that radiates equally in all directions. This is only a theoretical concept. A true isotropic antenna cannot be constructed.

J

jitter A measure of deviation or variability over time of packet latency between endpoints. The standards-based term for jitter is packet delay variation (PDV).

Joint Commission (JHACO) A hospital accreditation organization in the United States that performs audits of healthcare facilities.

K

kick-off meeting The first meeting of a project that involves all the important project stakeholders.

L

latency The measurement of time delay experienced in the delivery of a frame.

Legacy mode A mode that an 802.11n AP and client operate in that allows for legacy communications only.

Lightweight Access Point Protocol (LWAPP) The first protocol designed to standardize interoperability of “lightweight” access point protocols within a centralized WLAN architecture. LWAPP was used as a basis for the development of CAPWAP.

Lightweight Directory Access Protocol (LDAP) An application protocol for querying and modifying directory services running over TCP/IP.

load balancing A vendor-specific feature that may be available to balance client load across one or more areas such as spectrum, different APs, and perhaps channels.

local MAC A subgroup of the Centralized WLAN Architecture, where the majority or entire set of 802.11 MAC functions (including most of the 802.11 management frame processing) are implemented at the WTP. Therefore, the 802.11 MAC stays intact and local in the WTP, along with PHY.

logical network design A part of a network design document that defines logical connectivity and data flow processes without specifying physical connectivity details.

loss The measurement of frames or packets lost in communication transit.

low-level design (LLD) A design document that specifies many of the detailed components and configurations of the network design.

low-noise amplifier (LNA) An amplifier used for a radio receiver. It is designed to have a low noise figure—that is, it adds little noise to the incoming signal.

M

MAC filtering Allowing or disallowing connectivity based on the MAC address of client’s WLAN radios trying to authenticate.

MAC service data unit (MSDU) The data portion of a MAC frame. In IP networks, the MSDU would be the complete IP packet inclusive of all network layer overhead.

machine authentication An authentication approach that authenticates a host device to the network via 802.1X/EAP prior to user login.

management plane The communication plane within a WLAN architecture where network configuration, status reporting and monitoring, firmware management, and other common management-related tasks happen.

marking A QoS technique of indicating a specific classification for an outgoing frame to facilitate classification at the receiving station.

master services agreement (MSA) A legal contract that states the responsibilities and obligations of one party to another. It is often used as a master contractual document servicing a variety of professional services activities or engagements.

maximal ratio combining (MRC) A receive technique used with MIMO that receives the same signal from more than one antenna element and combines them in a constructive manner for additive receive gain.

media stream The voice and video communication traffic between devices.

mesh A type of wireless networking technology that forms a self-optimizing, wireless backhaul connection network.

micro-miniature coaxial (MMCX) A small RF connector used on some client devices.

Mixed mode A mode that an 802.11n AP and client operate in that allows both legacy and 802.11n communications to coexist. The term has also been used with 802.11b and 802.11g cohabitation.

mobile IP Mobile IP can have multiple definitions, depending on the industry and application. From the CWNP perspective, mobile IP is a means of keeping an IP address from the IP network the client originally associated with as it traverses network segments with different subnets.

mobility management The methodology and handing of mobile device transitions within an extended service set (ESS).

modulation The process of modifying a carrier signal to represent data.

multiband DAS See neutral-host DAS.

multi-channel architecture (MCA) A WLAN architecture where multiple channels are used by each AP using a channel reuse plan. MCA is the most common WLAN architecture.

multifactor authentication A method of authentication involving more than one type of credential in order to add strength of identity validation.

multipath A real-world phenomenon when RF signals reach a receiving antenna in more than one path.

multiple-input, multiple-output (MIMO) A radio design technique that incorporates multiple antennas and spatial streams at the transmitter and receiver to improve communication performance.

N

N connector A large RF connector used mostly on outdoor APs and antennas.

National Electrical Manufacturers Association (NEMA) enclosure A type of enclosure that is commonly used to house APs in outdoor environments.

network access control (NAC) Provides a technology framework to interrogate devices before they can gain normal access to the network. It will typically offer a remediation or quarantine network with no access to the normal network that allows devices to resolve issues such as antivirus definition updates or operating system service patches. Sometimes referred to network admission control.

Network Address Translation (NAT) overload A subset of NAT that may also be referred to as PAT (Port Address Translation). NAT overload is a method of translating TCP/UDP transmissions from a public network to a private network. It allows a single IP address on the public network to be shared by all the hosts on the private network.

network allocation vector (NAV) The virtual carrier sense mechanism used by stations to detect and defer to other RF transmissions on the medium. The NAV is a timer that is set by the Duration value in WLAN frames.

network operations center (NOC) A support operation that monitors all network operational events and provides a response to network performance issues.

network signal analysis A term used in analyzing the physical components of an RF signal, usually as it passes through transmission lines and antennas.

neutral-host DAS A DAS architecture where the system is designed to support a wide variety of RF technologies using a common RF fabric.

noise figure (NF) A measure in decibels of the output SNR to input SNR ratio when the input is at thermal noise levels. An amplifier’s NF is a measure of how much noise it adds to an input signal.

non–light of sight (LOS) A term used in RF communications when two RF communication devices do not have a clear RF transmission path.

O

one-time password (OTP) A temporary password that is only valid for a single login session or transaction.

Open Systems Interconnection (OSI) model A model that describes subdividing communications systems into seven layers.

opportunistic key caching (OKC) A type of fast secure roaming that allows for preemptive pairwise master key (PMK) caching between multiple APs that are under shared administrative control.

Orthogonal Frequency Division Multiplexing (OFDM) A modulation scheme where multiple subcarriers are modulated on a main carrier. The subcarriers are digitally modulated and spaced so that nulls of each carrier fall on the peaks of the other subcarriers.

oversubscription ratio Oversubscription occurs when the maximum bandwidth capacity is less than the sum of the bandwidth available to connected devices if utilized to full capacity. The oversubscription ratio is the comparison between the aggregate bandwidth of all input to the output capacity.

P

packet error rate (PER) The rate of errors of packets received or transmitted commonly expressed as a percentage.

pairwise master key (PMK) caching A fast secure roaming method used by APs and client stations to maintain Pair-wise Master Key Security Associations (PMKSAs) for a period of time while a client station roams to a target AP and establishes a new PMKSA. An authenticator and a client station can cache multiple PMKs.

passband The band of frequencies that can pass through a band pass filter.

passive discovery The process used by 802.11 stations (STAs) to discover available access points and SSIDs by passively listening to beacons of nearby APs.

passphrase A simple 8-63 ASCII character string that is converted to a 256-bit preshared key (PSK) in WPA/WPA2-Personal networks.

Payment Card Industry (PCI) documentation and support services (DSS) Refers to the PCI DSS regulatory standard for organizations that electronically process credit card transactions.

PEAPv0/EAP-MSCHAPv2 A type of EAP-PEAP that sends client credentials via the MS-CHAPv2 protocol inside an encrypted tunnel. It is the most common form of the Protected Extensible Authentication Protocol (PEAP).

PEAPv0/EAP-TLS A type of EAP-PEAP that sends client credentials using client-side certificates inside of an encrypted tunnel.

PEAPv1/EAP-GTC A type of EAP-PEAP that was introduced by Cisco that uses the EAP-GTC protocol inside an encrypted tunnel.

per-user preshared keys (PPSK) A proprietary feature for using unique, per-user PSKs for each client device.

PHY rates PHY (Physical layer) rates are the individual data rates for wireless transmissions. These include 1, 2, 5.5, 6, 9, 11, 12, and higher, measured in megabits per second.

physical network design A part of a network design document that defines all the physical connections and configurations of a network’s design.

pigtail cable A cable that is used between an AP and a bulkhead connector usually mounted in a NEMA enclosure.

plenum An area usually above a ceiling or below a floor that is used for air circulation from inhabited areas.

Point Coordination Function (PCF) A legacy coordination method designed to provide coordinated communications by wireless stations.

point of sale (PoS) A term used for equipment involved in consumer purchase and payment activities.

point-to-multipoint (PTMP) A wireless bridging method that uses a single root bridge for multiple bridge links.

point-to-point (PtP) A term commonly used for an RF bridge link involving two devices.

polarization A term used for physical orientation and direction of oscillation of electromagnetic waves.

Port Address Translation (PAT) See Network Address Translation (NAS) overload.

Power over Ethernet (PoE) A means of providing DC power to a powered device (usually an AP or VoIP phone) by means of the Ethernet cable.

Power Save Multi-Poll (PSMP) A power save mechanism that provides a time schedule that is used by an AP and its stations to access the wireless medium.

prealignment A concept used when initially aligning directional wireless bridge antennas using GPS coordinates, compass readings, or other similar methods.

preauthentication A fast secure roaming method used by clients to establish a new Pair-wise Master Key Security Association (PMKSA) with an AP prior to roaming to the AP. Preauthentication allows a client station to initiate a new 802.1X/EAP exchange with a RADIUS server while associated with the original AP.

predictive surveys Often referred to as predictive designs. Predictive surveys are RF network designs based on information supplied to a software program that attempts to predict signal coverage based on mathematical algorithms and user-specified input.

preshared key (PSK) A method of distributing encryption passphrases or keys by manually typing the matching passphrases or keys on both the access point and all client stations that will need to be able to associate to the wireless network. This information is shared ahead of time (preshared) by using a manual distribution and configuration method.

private key A decryption key that is kept secret and is commonly used with asymmetric encryption methods.

processing gain The gain that comes from DSSS spreading. For 802.11, the 11 bit Barker code achieves a processing gain of 10.4 dB.

project sponsor Typically the most senior leader of the project, who is responsible for advocating the project, implementing budgeting, and the overseeing the progression and direction of the project.

Protected Access Credential (PAC) A type of shared secret that is based on X.509 digital certificates; used by the EAP-FAST protocol.

Protected EAP (PEAP) A type of EAP that establishes an encrypted tunnel between the supplicant and the authentication server before the client transmits its identity information for authentication.

public key infrastructure (PKI) An arrangement that binds public keys with respective user identities by means of a certificate authority.

Q

Quadrature Amplitude Modulation (QAM) A modulation scheme where bits are represented as constellation points on a rectangular grid.

Quadrature Phase axis The Quadrature Phase (Q) axis is the vertical axis in a constellation plot.

Quadrature Phase Shift Key (QPSK) A modulation scheme where 2 bits form a square in a constellation.

quality of experience (QoE) A quantified measurement of end user satisfaction derived from application performance criteria.

quality of service (QoS) A generic term used to describe a networking procedure in which services are provided in a discriminating and prioritized fashion.

queuing The process of arranging frames into delivery or transmit queue.

R

radio resource management (RRM) A term used for channel and power settings for automated RF management within a WLAN architecture.

RADIUS shared secret A secret key that is shared between AAA clients (authenticators) and the RADIUS server (authentication server) for authentication and encryption of messages.

radome A plastic cover on an antenna that will not absorb microwave radiation.

RC4 algorithm A stream cipher used in technologies that are often used to protect Internet traffic, such as Secure Socket Layer (SSL). The RC4 algorithm is used to protect 802.11 wireless data and is incorporated into two encryption methods known as WEP and TKIP.

receive diversity A radio design where there are two or more receive paths that make up a receiver. The receiver can either combine the signals appropriately or decide which to use.

receive sensitivity The signal amplitude level a receiver can demodulate a transmitted signal usually at a specified PHY rate.

reflection coefficient A measure of microwave reflection energy from a transmission line termination.

Remote Authentication Dial-In User Service (RADIUS) A networking protocol that provides centralized authentication, authorization, and accounting (AAA) management.

Remote MAC A subgroup of the Centralized WLAN Architecture, where the entire set of 802.11 MAC functions (including delay-sensitive functions) is implemented at the AC. The WTP terminates the 802.11 PHY functions.

request to send/clear to send (RTS/CTS) The optional mechanism used by the 802.11 wireless networking protocol to reduce frame collisions by controlling station access to the medium. RTS/CTS is often implemented to minimize collisions among hidden stations.

return loss A logarithmic measure of microwave-reflected energy from a transmission line termination.

RF fingerprinting A technique used by RTLS products of calibrating an area of signal coverage by measuring signal propagation based on specific locations.

RFC 4118 An IETF document providing a taxonomy of the architectures employed in the existing IEEE 802.11 products in the market, by analyzing WLAN functions and services and describing the variants in distributing these functions and services among the architectural entities.

robust security network (RSN) A network that only allows for the creation of robust security network associations (RSNAs). An RSN utilizes AES-CCMP encryption as well as 802.1X/EAP authentication.

robust security network association (RSNA) A term that originated with WPA-based security associations that do not employ legacy authentication and encryption mechanisms.

role-based access control (RBAC) An approach to restricting system access to authorized users.

root bridge A bridge that is the primary coordinator for a bridge link. The root bridge determines information such as RF channel, security policy, and other similar information for nonroot bridges to connect to.

root mesh node A mesh node with a direct backhaul connection.

S

scope creep Refers to the uncontrolled expansion of a project’s scope. In the event that an agreed-upon customer requirements document (CRD) and statement of work (SOW) are in place and the customer is requesting additional services not already covered, the services can either be done for free (scope creep) or they can be added via a change order.

sector antennas A type of antenna that provides coverage in a wide horizontal pattern with minimal backlobe energy.

self-signed certificates A type of digital certificate that has not been generated by a trusted third party. Self-signed certificates are usually not implicitly trusted by other devices.

service loops A term used with wired cabling that implies an excess amount of cabling looped up at the remote termination points that allows for extending or relocating at a later date if required.

Service Set Identifier (SSID) hiding A method of using a NULL value in the beacon SSID field; usually also implies that APs do not respond to broadcast probe requests.

shared key authentication A legacy form of 802.11 authentication that has been deprecated due to security vulnerabilities.

shield The outer conductor of a coaxial cable.

signal-to-noise ratio (SNR) A measure of signal quality. It is the ratio of signal-to-noise power within the receiver filter bandwidth usually expressed in decibels.

single-channel architecture (SCA) A vendor-proprietary channel architecture that uses a single channel for all APs in a WLAN deployment.

single-input, single-output (SISO) The technology used in 802.11a/b/g radio technology.

slot time A PHY-specific time interval that varies by 802.11 clause and is used as a basic time unit.

solar loading The heating caused by direct sunlight exposure.

space time block coding A type of transmit diversity that is used in 802.11n.

Spanning Tree Protocol (STP) A wired networking protocol designed to prevent loops while maintaining redundancy.

spatial multiplexing The method of sending multiple data streams from multiple transmit antennas and receiving on multiple receive antennas.

Spatial Multiplexing Power Save (SMPS) A power save method introduced with 802.11n that specifies behavior for disabling MIMO radio chains and spatial streams to conserve power.

spectral mask Regulations require that a modulated carrier contain energy within a given transmission profile. The profile is called a spectral or emission mask.

spectral regrowth A distortion condition caused by intermodulation when amplifier gain is set too high.

speed Referring to Ethernet speed, which is the PHY rate negotiated over an Ethernet link.

Split MAC A subgroup of the Centralized WLAN Architecture whereby WTPs in such WLAN access networks only implement the delay-sensitive MAC services (including all control frames and some management frames) for IEEE 802.11, while all the remaining management and data frames are tunneled to the AC for centralized processing. The IEEE 802.11 MAC, as defined by IEEE 802.11 Standards in [1], is effectively split between the WTP and AC.

statement of work (SOW) A formal document that details the work to be performed along with associated details such as timelines and pricing information. All customer-specific deliverables should be listed as well as acceptance criteria to mark the completion of the project.

station services (SS) The set of services that support transport of MAC service data units (MSDUs) between stations within a basic service set (BSS).

straw man low-level design (LLD) A variation of the LLD document that begins as a design framework and is expanded with detail in many stages along with the actual network deployment.

SubMiniature version A (SMA) connector A small RF connector. The RP version is commonly used on access points.

supplicant When an 802.1X/EAP solution is deployed, a supplicant is a host (typically a client device) software agent that performs the 802.1X transaction.

survey mapping software Software used to perform RF site surveys.

symbol An RF representation of data using waveform or signaling events.

symmetric encryption A method of encryption that uses identical cryptographic keys for both encryption and decryption.

system administrator A member of the IT team who is responsible for maintaining computer or network systems.

T

technical requirements Requirements that map directly to technical aspects of a design.

telemetry See biotelemetry.

Temporal Key Integrity Protocol (TKIP) An encryption protocol established with the 802.11i and WPA amendments that addresses all known weaknesses of WEP but still utilizes the RC4 algorithm.

threaded Neill-Concelman (TNC) connector A medium-sized RF connector. The RP version is commonly used on access points.

traffic specification (TSPEC) The QoS characteristics of a data flow to and from a QoS client station.

traffic stream A set of MSDUs to be delivered in accordance with the QoS parameters defined in a TSPEC.

Transition Security Network (TSN) An 802.11 wireless network that allows for the creation of pre-robust security network associations (pre-RSNAs) as well as RNSAs. A TSN supports 802.11i-defined security as well as legacy security, such as WEP, within the same BSS.

transmission line A medium to transfer microwave energy from one place to another using one or more conductors.

Transmit Power Control (TPC) An 802.11 protocol technique designed to facilitate client device transmit power settings to maximize link quality while maintaining battery life.

Transport Layer Security (TLS) A cryptographic protocol used to provide secure communications. The TLS protocol uses end-to-end encryption using asymmetric encryption techniques and is used in all tunneled-based EAP methods other than EAP-FAST.

triggers Configurable thresholds on a spectrum analyzer that can trigger actions to be performed.

U

U.Fl A very small RF connector used on circuit boards.

Unscheduled Automatic Power Save Delivery (U-APSD) Introduced with 802.11e as an improvement over the legacy power save modes of operations. U-APSD uses a triggered method by a sleeping station to request the transmission of queued traffic.

unshielded twisted pair (UTP) A type of cabling commonly used in Ethernet networks.

user priority (UP) A value associated with an MSDU that indicates how the MSDU is to be prioritized.

V

Vector Network Analyzer or Analysis (VNA) Provides details of RF transmission lines, such as return loss, impedance measurements, and detailed information to quantify antenna tuning characteristics.

vendor-specific attributes (VSAs) Provides functionality that is not supported in standard RADIUS attribute-value pairs (AVPs).

virtual LANs (VLANs) Used to create separate broadcast domains in a Layer 2 network and often used to restrict access to network resources without regard to the physical topology of the network. In a WLAN environment, individual SSIDs can be mapped to individual VLANs, and users can be segmented by the SSID/VLAN pair, all while communicating through a single access point.

virtual private network (VPN) A private network that is created by the use of encryption, tunneling protocols, and security procedures. VPNs are typically used to provide secure communications when physically connected to a nonsecure network.

Voice Enterprise A Wi-Fi Alliance certification based on 802.11r set to be released in late 2010 that defines fast, secure roaming functions.

voltage standing wave ratio A measure of microwave reflection energy from a transmission line termination.

W

walkthrough An in-person event where you are able to physically see an environment involved with or important to the success of a project.

waveguide A single-conductor transmission line.

wavelength A measure of a radio signal’s size. It is equal to the ratio of the speed of light and the radio signal’s frequency.

whitelist Often used for guest networks; allows users access to specific websites or network destinations before they are authenticated. For example, this might be the company website or an enrollment page.

Wi-Fi Multimedia (WMM) A Wi-Fi Alliance interoperability certification based on the 802.11e amendment that provides QoS support to 802.11 networks.

Wi-Fi Protected Access (WPA) Prior to the ratification of the 802.11i amendment, the Wi-Fi Alliance introduced the WPA certification as a snapshot of the not-yet-released 802.11i amendment, supporting TKIP dynamic encryption key management.

Wired Equivalent Privacy (WEP) An 802.11 Layer 2 encryption method that uses the RC4 streaming cipher in a weak way and is considered a legacy protocol due to its security vulnerabilities.

wireless intrusion detection system (WIDS) A client/server solution that is used to constantly monitor for 802.11 wireless attacks such as rogue APs, MAC spoofing, Layer 2 denial of service, and so on.

wireless intrusion prevention system (WIPS) A system capable of mitigating wireless attacks using a variety of preventive techniques.

wireless medical telemetry service (WMTS) A dedicated wireless medical frequency band that the FCC set aside for healthcare biotelemetry operations.

wireless medium Refers to the RF medium used for 802.11 and other wireless transmissions.

wireless network management system (WNMS) A network management system used for wireless network architectures.

wireless switches A legacy term used for WLAN controllers.

wireless termination point (WTP) The physical or network entity that contains an RF antenna and 802.11 PHY to transmit and receive station traffic for the IEEE 802.11 WLAN access networks.

WLAN client utility The software on a host computer that allows a user to configure their WLAN radio for a specific network.

WMM Power Save (WMM-PS) A subset of the Wi-Fi Alliance WMM interoperability certification that defines power save functionality; also an interoperability certification.

workstation on wheels (WOWs) See computers on wheels (COWs).

WPA2 Based on the security mechanisms that were originally defined in the IEEE 802.11i amendment defining a robust security network (RSN).

Y

yagi antennas A type of high-gain antenna with a narrow horizontal and vertical beamwidth that is commonly used in PTP or long-range RF communication links.