Cisco Cisco DX70 Design Guide
Cisco DX Series Wireless LAN Deployment Guide
22
See the
Installing Certificates
section for more information.
Protected Extensible Authentication Protocol (PEAP)
Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating
an encrypted SSL/TLS tunnel between the client and the authentication server.
The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping.
PEAP-MSCHAPv2 and PEAP-GTC are supported inner authentication protocols.
PEAP requires that a user account be created on the authentication server.
The authentication server can be validated via importing a certificate into the Cisco DX Series.
an encrypted SSL/TLS tunnel between the client and the authentication server.
The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping.
PEAP-MSCHAPv2 and PEAP-GTC are supported inner authentication protocols.
PEAP requires that a user account be created on the authentication server.
The authentication server can be validated via importing a certificate into the Cisco DX Series.
See the
Installing Certificates
section for more information.
For more information on Cisco Secure Access Control System (ACS) and Cisco Identity Services Engine (ISE), refer to the
following links.
http://www.cisco.com/c/en/us/products/security/secure-access-control-system/datasheet-listing.html
http://www.cisco.com/c/en/us/products/security/identity-services-engine/datasheet-listing.html
Fast Secure Roaming (FSR)
CCKM is the recommended deployment model for all environment types where frequent roaming occurs.
CCKM enables fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on call.
CCKM enables fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on call.
802.1x authentication is required in order to utilize CCKM.
802.1x without CCKM can introduce delay during roaming due to its requirement for full re-authentication. WPA and WPA2
introduce additional transient keys and can lengthen roaming time.
CCKM centralizes the key management and reduces the number of key exchanges.
When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
The Cisco DX Series supports CCKM with WPA2 (AES or TKIP) or WPA (TKIP or AES), where WPA2 (AES) with CCKM
is recommended.
802.1x without CCKM can introduce delay during roaming due to its requirement for full re-authentication. WPA and WPA2
introduce additional transient keys and can lengthen roaming time.
CCKM centralizes the key management and reduces the number of key exchanges.
When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
The Cisco DX Series supports CCKM with WPA2 (AES or TKIP) or WPA (TKIP or AES), where WPA2 (AES) with CCKM
is recommended.
FSR Type
EAP Type
Key Management
Encryption