Cisco Cisco Aironet 1200 Access Point 브로셔

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 9 of 15

The use of an 802.1X authentication type that authenticates a client station through user-supplied credentials rather than a physical attribute of the

client device minimizes the risks associated with the loss of a device or its WLAN NIC. 802.1X provides other benefits, including mitigation of

“man-in-the-middle” authentication attacks, centralized encryption key management with policy-based key rotation, and protection from “brute-

force” attacks. (Figure 3)

Figure 3. The Cisco Unified Wireless Network for Enterprise-Class Security

Centralized Policy Management for WLAN Users

Another benefit of 802.1X authentication is centralized management for WLAN user groups, including policy-based key rotation, dynamic key

assignment, dynamic VLAN assignment, and SSID restriction. These features rotate the encryption keys. They also assign users to specific VLANs

to ensure that users are only allowed access to specific resources.

After mutual authentication has been successfully completed, the client and RADIUS server each derive the same encryption key, which is used to

encrypt all data exchanged. Using a secure channel on the wired LAN, the RADIUS server sends the key to the autonomous access point or wireless

LAN controller, which stores it for the client. The result is per-user, per-session encryption keys, with the length of a session determined by a policy

defined on the RADIUS server. When a session expires or the client roams from one access point to another, a reauthentication occurs and generates

a new session key. The reauthentication is transparent to the user.