Cisco Systems OL-7426-03 Manual De Usuario
5/26/05
Operating System Software
OL-7426-03
About the Operating System Software
Operating System Software
The Operating System Software controls Cisco Wireless LAN Controllers and Cisco 1000 Series Light-
weight Access Points. It includes full
weight Access Points. It includes full
features.
About Operating System Security
Operating System Security
Operating System Security bundles Layer 1, Layer 2 and Layer 3 security components into a simple,
Cisco WLAN Solution-wide policy manager that creates independent security policies for each of up to
16 WLANs. (Refer to
Cisco WLAN Solution-wide policy manager that creates independent security policies for each of up to
16 WLANs. (Refer to
.)
One of the barriers that made enterprises avoid deploying 802.11 networks was the inherent weakness
of 802.11 Static WEP (Wired Equivalent Privacy) encryption. Because WEP is so insecure, enterprises
have been looking for more secure solutions for business-critical traffic.
The 802.11 Static WEP weakness problem can be overcome using robust industry-standard security
solutions, such as:
of 802.11 Static WEP (Wired Equivalent Privacy) encryption. Because WEP is so insecure, enterprises
have been looking for more secure solutions for business-critical traffic.
The 802.11 Static WEP weakness problem can be overcome using robust industry-standard security
solutions, such as:
•
802.1X dynamic keys with EAP (extensible authentication protocol).
•
WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA implementation
includes:
includes:
-
TKIP + Michael (temporal key integrity protocol + message integrity code checksum)
dynamic keys, or
dynamic keys, or
-
WEP (Wired Equivalent Privacy) keys, with or without Pre-Shared key Passphrase.
•
RSN with or without Pre-Shared key.
•
Cranite FIPS140-2 compliant passthrough.
•
Fortress FIPS140-2 compliant passthrough.
•
Optional MAC Filtering.
The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as:
•
Terminated and passthrough VPNs (virtual private networks), and
•
Terminated and passthrough L2TP (Layer Two Tunneling Protocol), which uses the IPSec (IP
Security) protocol.
Security) protocol.
•
Terminated and pass-through IPSec (IP security) protocols. The terminated Cisco WLAN
Solution IPSec implementation includes:
Solution IPSec implementation includes:
-
IKE (internet key exchange),
-
DH (Diffie-Hellman) groups, and
-
Three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES
(ANSI X9.52-1998 data encryption standard), or AES/CBC (advanced encryption
standard/cipher block chaining).
(ANSI X9.52-1998 data encryption standard), or AES/CBC (advanced encryption
standard/cipher block chaining).
The Cisco WLAN Solution IPSec implementation also includes industry-standard authentication
using:
using:
-
MD5 (message digest algorithm), or
-
SHA-1 (secure hash algorithm-1).
•
The Cisco WLAN Solution supports local and RADIUS MAC Address (media access control)
filtering.
filtering.
•
The Cisco WLAN Solution supports local and RADIUS user/password authentication.