Cisco Systems 3.2 Manuale Utente
1-24
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 1 Overview
Rogue Access Points
Figure 1-7
Physical Network Connections to 4402 and 4404 Series Controllers
VPN and Enhanced Security Modules for 4100 Series Controllers
All 4100 series controllers can be equipped with an optional module that slides into the rear panel of the
controller. The 4100 Series VPN/Enhanced Security Module adds significant hardware encryption
acceleration to the controller, which enables the following through the management interface:
controller. The 4100 Series VPN/Enhanced Security Module adds significant hardware encryption
acceleration to the controller, which enables the following through the management interface:
•
Provide a built-in VPN server for mission-critical traffic.
•
Sustain up to 1 Gbps throughput with Layer 2 and Layer 3 encryption enabled.
•
Support high-speed, processor-intensive encryption, such as L2TP, IPSec and 3DES.
Rogue Access Points
Because they are inexpensive and readily available, employees sometimes plug unauthorized rogue
access points into existing LANs and build ad hoc wireless networks without IT department knowledge
or consent.
access points into existing LANs and build ad hoc wireless networks without IT department knowledge
or consent.
These rogue access points can be a serious breach of network security because they can be plugged into
a network port behind the corporate firewall. Because employees generally do not enable any security
settings on the rogue access point, it is easy for unauthorized users to use the access point to intercept
network traffic and hijack client sessions. Even more alarming, wireless users and war chalkers
frequently publish unsecure access point locations, increasing the odds of having the enterprise security
breached.
a network port behind the corporate firewall. Because employees generally do not enable any security
settings on the rogue access point, it is easy for unauthorized users to use the access point to intercept
network traffic and hijack client sessions. Even more alarming, wireless users and war chalkers
frequently publish unsecure access point locations, increasing the odds of having the enterprise security
breached.
Rather than using a person with a scanner to manually detect rogue access point, the Cisco Wireless LAN
Solution automatically collects information on rogue access point detected by its managed access points,
by MAC and IP Address, and allows the system operator to locate, tag and monitor them. The operating
system can also be used to discourage rogue access point clients by sending them deauthenticate and
disassociate messages from one to four Cisco 1000 series lightweight access points. Finally, the
operating system can be used to automatically discourage all clients attempting to authenticate with all
rogue access point on the enterprise subnet. Because this real-time detection is automated, it saves labor
costs used for detecting and monitoring rogue access point while vastly improving LAN security. Note
that peer-to-peer, or ad-hoc, clients can also be considered rogue access points.
Solution automatically collects information on rogue access point detected by its managed access points,
by MAC and IP Address, and allows the system operator to locate, tag and monitor them. The operating
system can also be used to discourage rogue access point clients by sending them deauthenticate and
disassociate messages from one to four Cisco 1000 series lightweight access points. Finally, the
operating system can be used to automatically discourage all clients attempting to authenticate with all
rogue access point on the enterprise subnet. Because this real-time detection is automated, it saves labor
costs used for detecting and monitoring rogue access point while vastly improving LAN security. Note
that peer-to-peer, or ad-hoc, clients can also be considered rogue access points.