84 Summit 300-48 Switch Software User Guide
Unified Access Security
User Access SecurityEffective user security meets the following objectives:
•Authentication — Assuring that only approved users are connected to the network at permitted
locations and times.
•Privacy — Assuring that user data is protected.
Authentication
The authentication process is responsible for screening users who attempt to connect to the network and
granting or denying access based on the identity of the user, and if needed, the location of the client
station and the time of day. The authentication function also includes secure encryption of passwords
for user screening.
For an authentication scheme to be practical and effective, it must be compatible with the
currently-installed client software base. That requires accommodating multiple versions of software,
including legacy systems with older generation security support. It also requires a strong encryption
structure that can be managed across the network as a whole. Authentication should be mutual, with
client-to-network authentication and network-to-client authentication. Finally, authentication requires
the appropriate authentication servers.
The Unified Access Architecture provides authentication methods that meet all these requirements,
while also permitting flexibility in selecting the options appropriate to your specific network
environment.
Authentication Method: Open
The wireless network consisting of the Summit 300-48 switch and Altitude 300 wireless port supports
802.11 open system authentication, in which the station identifies the SSID. Although open
authentication may be acceptable for the wired networks, hacking tools can easily obtain this
information on the wireless side, rendering open authentication virtually useless for the enterprise
wireless network.
Authentication Method: WEP
Wired Equivalency Privacy (WEP) is the first generation security option for 802.11 networks and
includes both an authentication and encryption mechanism. It uses a set of authentication keys and the
RC4 security algorithm. Unfortunately, weaknesses in the encryption scheme have left the method open
to theft of login and password information and, consequently, to compromise of the authentication
process. WEP is best used as part of a multi-tiered security scheme and in legacy environments.
Authentication Method: 802.1x/EAP
Extensible Authentication Protocol (EAP) provides numerous improvements over earlier generation
authentication methods. The 802.1x specification incorporates these as implemented directly on
Ethernet. In 802.1X/EAP authentication, the user’s identity, not MAC address, is the basis for
authentication. When the user requests access to the wireless port, the access point forces the user’s
station into an unauthorized state. In this state, the client station sends an EAP sta rt message. The
switch responds with a request for the user identity, which it passes to a central authentication server.
The server software authenticates the user and returns an permit or deny message to the switch, which