Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guida Alla Progettazione
4-31
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Unified Wireless Security Features
Figure 4-26
Management Frame Protection
Both infrastructure-side and client MFP are currently possible, but client MFP requires Cisco
Compatible Extensions v5 WLAN clients to be able to learn the mobility group MFP key before they
can detect and reject invalid frames.
Compatible Extensions v5 WLAN clients to be able to learn the mobility group MFP key before they
can detect and reject invalid frames.
MFP provides the following benefits:
•
Authenticates 802.11 management frames generated by the WLAN network infrastructure
•
Allows detection of malicious rogues that spoof a valid AP MAC or SSID to avoid detection as a
rogue AP, or as part of a man-in-the-middle attack
rogue AP, or as part of a man-in-the-middle attack
•
Increases the effectiveness of the rogue AP and WLAN IDS signature detection of the solution
•
Provides protection of client devices using Cisco Compatible Extensions v5
•
Supported by standalone AP/WDS/WLSE in version 12.3(8)/v2.13
Two steps are required to enable MFP: enabling it on the WLC (see
) and enabling it on the
WLANs in the mobility group (see
).
Mobility
group
221291
LWAPP
LWAPP
LWAPP
LWAPP
LWAPP
LWAPP
MFP
MFP
MFP