Wireless

5

 

WPS Setup

 

 

 

 

 

As with the PBC method, if the WAP device begins the enrollment transaction and no client attempts to enroll after 120 seconds, the WAP device terminates the pending transaction.

Optional Use of Built-In Registrar

Although the WAP device supports a built-in registrar for WPS, its use is optional. After an external registrar has configured the WAP device, the WAP device acts as a proxy for that external registrar, regardless if the built-in registrar of the WAP device is enabled (it is enabled by default).

Lockdown Capability

Each WAP device stores a WPS-compatible device PIN in nonvolatile RAM. WPS requires this PIN if an administrator wants to allow an unconfigured WAP device (that is, one with only factory defaults, including WPS being enabled on a VAP) to join a network. In this scenario, the administrator obtains the PIN value from the configuration utility of the WAP device.

The administrator may wish to change the PIN if network integrity has been compromised in some way. The WAP device provides a method for generating a new PIN and storing this value in NVRAM. If the value in NVRAM is corrupted, erased, or missing, a new PIN is generated by the WAP device and stored in

NVRAM.

The PIN method of enrollment is potentially vulnerable by way of brute force attacks. A network intruder could try to pose as an external registrar on the wireless LAN and attempt to derive the PIN value of the WAP device by exhaustively applying WPS-compliant PINs. To address this vulnerability, in the event that a registrar fails to supply a correct PIN in three attempts within 60 seconds, the WAP device prohibits any further attempts by an external registrar to register with the WAP device on the WPS-enabled VAP for 60 seconds. The lockdown duration increases upon subsequent failures, up to a maximum of 64 minutes. The WAP devices registration functionality goes into permanent lockdown after the 10th consecutive failed attempt. Reset the device to restart the registration functionality.

However, wireless client stations may enroll with the WAP device's built-in registrar, if enabled, during this lockdown period. The WAP device also continues to provide proxy services for enrollment requests to external registrars.

The WAP device has an additional security features for protecting its device PIN. After the WAP device has completed registration with an external registrar, and the resulting WPS transaction has concluded, the device PIN is automatically regenerated.

Cisco Small Business WAP121 and WAP321 Wireless-N Access Point with PoE

103

Page 105
Image 105
Cisco Systems WAP321, WAP121 manual Optional Use of Built-In Registrar, Lockdown Capability

WAP121, WAP321 specifications

Cisco Systems has long been recognized for its innovation in networking technologies, and the Cisco WAP321 and WAP121 access points are prime examples of its commitment to delivering reliable, high-performance wireless networking solutions for small and medium-sized businesses. These devices offer a robust set of features designed to meet the requirements of modern wireless networking while ensuring ease of use and deployment.

The Cisco WAP321 is a dual-band access point that operates in both the 2.4 GHz and 5 GHz frequency bands, providing flexibility and improved performance in crowded environments. With support for the 802.11n Wi-Fi standard, it boasts a combined data rate of up to 450 Mbps, enabling high-speed connections for multiple users simultaneously. The WAP321 also includes advanced features such as multiple SSIDs and VLAN support, allowing businesses to segment their networks for enhanced security and management control.

One of the standout characteristics of the WAP321 is its ability to act as a lightweight access point, meaning it can be managed through a Cisco Wireless LAN Controller (WLC) for larger deployments. This capability allows for centralized management of multiple access points, making it easier for IT administrators to deploy, configure, and monitor their network infrastructure.

On the other hand, the Cisco WAP121 is designed for those requiring a simpler, more cost-effective solution. This single-band access point also operates on the 2.4 GHz band but still provides robust performance with wireless speeds reaching up to 300 Mbps. It is ideal for small businesses looking to develop or expand their wireless networks without the complexities associated with more advanced systems.

Both models feature Power over Ethernet (PoE) capability, enabling them to receive power through the Ethernet cable, which simplifies installation and reduces the need for additional power outlets. Additionally, they support advanced security protocols, including WPA/WPA2 encryption, ensuring that sensitive data transmitted over the network remains protected from unauthorized access.

The ease of setup and user-friendly management interfaces of both the WAP321 and WAP121 make them appealing options for businesses lacking extensive IT resources. With features aimed at enhancing both performance and security, these access points represent powerful tools for achieving reliable wireless connectivity in a business environment. Whether organizations opt for the WAP321 for its extensive capabilities or the WAP121 for its simplicity, both access points reflect Cisco's dedication to meeting diverse networking needs.