Cisco Cisco Cius 4G 디자인 가이드
Cisco Cius Wireless Deployment Guide
24
Note: If using a firmware release prior to 9.2(3) and a 3rd party RADIUS server, ensure that PEAP v0 (MS-CHAPv2) is
enabled. PEAP v1 (GTC) is supported as of the 9.2(3) release.
enabled. PEAP v1 (GTC) is supported as of the 9.2(3) release.
Cisco Centralized Key Management (CCKM)
CCKM is the recommended deployment model for all environment types where frequent roaming occurs.
CCKM enables fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on call.
802.1x authentication is required in order to utilize CCKM.
802.1x without CCKM can introduce delay during roaming due to its requirement for full re-authentication. WPA and WPA2
introduce additional transient keys and can lengthen roaming time.
CCKM centralizes the key management and reduces the number of key exchanges.
When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
Cisco Cius supports CCKM with WPA2 (AES or TKIP) or WPA (TKIP or AES).
CCKM enables fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on call.
802.1x authentication is required in order to utilize CCKM.
802.1x without CCKM can introduce delay during roaming due to its requirement for full re-authentication. WPA and WPA2
introduce additional transient keys and can lengthen roaming time.
CCKM centralizes the key management and reduces the number of key exchanges.
When CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that transition time from
one access point to another will not be audible to the user.
Cisco Cius supports CCKM with WPA2 (AES or TKIP) or WPA (TKIP or AES).
EAP Type
Key Management
Encryption
EAP-FAST
WPA, WPA2
AES, TKIP
EAP-TLS
WPA, WPA2
AES, TKIP
PEAP
WPA, WPA2
AES, TKIP
CCKM is supported with all WPA and WPA2 configurations.
WPA Version
Cipher
Supported
WPA
TKIP
Yes
AES
Yes
WPA2
TKIP
Yes
AES
Yes
EAP and User Database Compatibility
The following chart displays the EAP and database configurations supported by Cisco Cius.
Database Type
EAP-FAST
(Phase Zero)
EAP-TLS
PEAP
(GTC)
PEAP
(MS-CHAPv2)
Cisco ACS
Yes
Yes
Yes
Yes
Windows SAM
Yes
No
Yes
Yes