Cisco Systems 3.2 Manuale Utente
5-2
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 5 Configuring Security Solutions
Cisco WLAN Solution Security
Cisco WLAN Solution Security
Cisco WLAN Solution Security includes the following sections:
•
•
•
•
•
•
Security Overview
The Cisco WLAN Solution Security solution bundles potentially complicated Layer 1, Layer 2, and
Layer 3 802.11 Access Point security components into a simple policy manager that customizes
system-wide security policies on a per-WLAN basis. The Cisco WLAN Solution Security solution
provides simple, unified, and systematic security management tools.
Layer 3 802.11 Access Point security components into a simple policy manager that customizes
system-wide security policies on a per-WLAN basis. The Cisco WLAN Solution Security solution
provides simple, unified, and systematic security management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is WEP encryption, which is weak
standalone encryption method. A newer problem is the availability of low-cost access points, which can
be connected to the enterprise network and used to mount man-in-the-middle and denial-of-service
attacks. Also, the complexity of add-on security solutions has prevented many IT managers from
embracing the benefits of the latest advances in WLAN security.
standalone encryption method. A newer problem is the availability of low-cost access points, which can
be connected to the enterprise network and used to mount man-in-the-middle and denial-of-service
attacks. Also, the complexity of add-on security solutions has prevented many IT managers from
embracing the benefits of the latest advances in WLAN security.
Layer 1 Solutions
The Cisco WLAN Solution Operating System Security solution ensures that all clients gain access
within an operator-set number of attempts. Should a client fail to gain access within that limit, it is
automatically excluded (blocked from access) until the operator-set timer expires. The Operating System
can also disable SSID broadcasts on a per-WLAN basis.
within an operator-set number of attempts. Should a client fail to gain access within that limit, it is
automatically excluded (blocked from access) until the operator-set timer expires. The Operating System
can also disable SSID broadcasts on a per-WLAN basis.
Layer 2 Solutions
If a higher level of security and encryption is required, the network administrator can also implement
industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication
protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA
implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity
protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static
keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed
authentication attempts.
industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication
protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA
implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity
protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static
keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed
authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between Cisco
Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data
through LWAPP tunnels.
Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data
through LWAPP tunnels.