Cisco Cisco Aironet 1200 Access Point Volantino
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 14 of 15
Figure 6. Cisco Unified IDS/IPS Detects Malicious Attacks Allowing the WLAN Controller to Disassociate the Offending Client Device
NAC for WLANs
NAC is a set of technologies and solutions built on an industry initiative led by Cisco Systems
®
. NAC uses the network infrastructure to enforce
security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats
such as viruses, worms, and spyware. Customers using NAC can allow network access only to compliant and trusted endpoint devices and can
restrict the access of noncompliant devices. NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's
ability to automatically identify, prevent, and adapt to security threats.
Cisco offers both the
NAC Appliance
and the
NAC Framework
to meet the functional and operational needs of any organization, whether they
have a simple security policy requirement or require support for a complex security implementation involving a number of security vendors,
combined with a corporate desktop management solution.
Both the NAC Appliance and the NAC Framework provide security threat protection for WLANs by enforcing device security policy compliance
when WLAN clients attempt to access the network. These solutions quarantine non-compliant WLAN clients and provide remediation services to
help ensure compliance. Both solutions are fully interoperable with the Cisco Unified Wireless Network. Additional information about NAC for
WLANs is available in the
Cisco Network Admission Control for Wireless LANs Solution Overview
.
WAN Link Remote Site Survivability
Cisco Aironet autonomous access points support remote site survivability. This capability is enabled via the autonomous access point’s IEEE
802.1X local authentication service. With IEEE 802.1X local authentication service, Cisco Aironet autonomous access points are configured to act
as a local authentication server to authenticate wireless clients when the AAA server is not available. This provides secure authentication services for
remote or branch office WLANs without a RADIUS server and backup authentication services, for access to local resources such as file servers or
printers, during a wide area network (WAN) link or server failure.