
Chapter 5 Configuring Security Solutions
Cisco WLAN Solution Security
Layer 3 Solutions
The WEP problem can be further solved using
The Cisco WLAN Solution IPSec implementation also includes
The Cisco WLAN Solution supports local and RADIUS MAC (media access control) filtering. This filtering is best suited to smaller client groups with a known list of 802.11 access card MAC addresses.
Finally, the Cisco WLAN Solution supports local and RADIUS user/password authentication. This authentication is best suited to small to medium client groups.
Rogue Access Point Solutions
This section describes security solutions for rogue access points.
Rogue Access Point Challenges
Rogue access points can disrupt WLAN operations by hijacking legitimate clients and using plaintext or other
The Operating System Security solution uses the Radio Resource Management (RRM) function to continuously monitor all nearby access points, automatically discover rogue access points, and locate them as described in the “Tagging and Containing Rogue Access Points” section on page
Tagging and Containing Rogue Access Points
When the Cisco WLAN Solution is monitored using WCS, WCS generates the flags as rogue access point traps, and displays the known rogue access points by MAC address. The operator can then display a map showing the location of the Cisco 1000 Series lightweight access points closest to each rogue access point, allowing Known or Acknowledged rogue access points (no further action), marking them as Alert rogue access points (watch for and notify when active), or marking them as contained rogue access points. Between one and four Cisco 1000 Series lightweight access points discourage rogue access point clients by sending the clients deauthenticate and disassociate messages whenever they associate with the rogue access point.
When the Cisco WLAN Solution is monitored using a GUI or a CLI, the interface displays the known rogue access points by MAC address. The operator then has the option of marking them as Known or Acknowledged rogue access points (no further action), marking them as Alert rogue access points (watch
Cisco Wireless LAN Controller Configuration Guide
|
| ||
|
|