Chapter 5 Configuring Security Solutions

Cisco WLAN Solution Security

Cisco WLAN Solution Security

Cisco WLAN Solution Security includes the following sections:

Security Overview, page 5-2

Layer 1 Solutions, page 5-2

Layer 2 Solutions, page 5-2

Layer 3 Solutions, page 5-3

Rogue Access Point Solutions, page 5-3

Integrated Security Solutions, page 5-4

Security Overview

The Cisco WLAN Solution Security solution bundles potentially complicated Layer 1, Layer 2, and Layer 3 802.11 Access Point security components into a simple policy manager that customizes system-wide security policies on a per-WLAN basis. The Cisco WLAN Solution Security solution provides simple, unified, and systematic security management tools.

One of the biggest hurdles to WLAN deployment in the enterprise is WEP encryption, which is weak standalone encryption method. A newer problem is the availability of low-cost access points, which can be connected to the enterprise network and used to mount man-in-the-middle and denial-of-service attacks. Also, the complexity of add-on security solutions has prevented many IT managers from embracing the benefits of the latest advances in WLAN security.

Layer 1 Solutions

The Cisco WLAN Solution Operating System Security solution ensures that all clients gain access within an operator-set number of attempts. Should a client fail to gain access within that limit, it is automatically excluded (blocked from access) until the operator-set timer expires. The Operating System can also disable SSID broadcasts on a per-WLAN basis.

Layer 2 Solutions

If a higher level of security and encryption is required, the network administrator can also implement industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed authentication attempts.

Regardless of the wireless security solution selected, all Layer 2 wired communications between Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data through LWAPP tunnels.

Cisco Wireless LAN Controller Configuration Guide

5-2

OL-8335-02

 

 

Page 107 Page 109
Page 108
Image 108
Cisco Systems OL-8335-02 manual Cisco Wlan Solution Security, Security Overview, Layer 1 Solutions, Layer 2 Solutions
Page 107 Page 109
Top Page Image Contents