Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
4-9
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
802.1X
Authentication Server
The authentication server used in the Cisco Secure Unified Wireless Solution is the Cisco Access
Control Server (ACS). Cisco ACS is available as software that is installable on a Windows 2000 or
2003 servers, or as an appliance. Alternatively, the authentication server role can be implemented within
specific WLAN infrastructure devices such as local authentication services on an IOS AP, local EAP
authentication support within the WLC, AAA services integrated in the Cisco WLSExpress, or any AAA
server that supports the required EAP types.
Control Server (ACS). Cisco ACS is available as software that is installable on a Windows 2000 or
2003 servers, or as an appliance. Alternatively, the authentication server role can be implemented within
specific WLAN infrastructure devices such as local authentication services on an IOS AP, local EAP
authentication support within the WLC, AAA services integrated in the Cisco WLSExpress, or any AAA
server that supports the required EAP types.
shows the logical location of the authentication server within the overall wireless
authentication architecture, where it performs the EAP authentication via a RADIUS tunnel.
Table 4-3
EAP Transaction
#
Source
Dest
Protocol Info
Source
Dest
RADIUS Info
1
AP
Client
EAP
Request, Identity
2
Client
AP
EAP
Response, Identity
WLC
AAA
Access-Rq 1, id=114
3
AP
Client
EAP
Request, PEAP
AAA
WLC
Access-Ch 11, id=115
4
Client
AP
TLS
1
1.
The TLS transaction is carried within EAP packets
Client Hello
WLC
AAA
Access-Rq 1, id=116
5
AP
Client
TLS
Server Hello,
Certificate
Certificate
AAA
WLC
Access-Ch 11, id=116
6
Client
AP
TLS
Client Key Exchange,
Change Cipher Spec,
Encrypted Handshake
Message
Change Cipher Spec,
Encrypted Handshake
Message
WLC
AAA
Access-Rq 1, id=117
7
AP
Client
TLS
Change Cipher Spec,
Encrypted Handshake
Message
Encrypted Handshake
Message
AAA
WLC
Access-Ch 11, id=117
8
Client
AP
EAP
Response, PEAP
WLC
AAA
Access-Rq 1, id=118
9
AP
Client
TLS
Application Data
AAA
WLC
Access-Ch 11, id=118
10
Client
AP
TLS
Application Data
WLC
AAA
Access-Rq 1, id=119
11
AP
Client
TLS
Application Data
AAA
WLC
Access-Ch 11, id=119
12
Client
AP
TLS
Application Data
WLC
AAA
Access-Rq 1, id=120
13
AP
Client
TLS
Application Data
AAA
WLC
Access-Ch 11, id=120
14
Client
AP
TLS
Application Data
WLC
AAA
Access-Rq 1, id=121
15
AP
Client
TLS
Application Data
AAA
WLC
Access-Ch 11, id=121
16
Client
AP
TLS
Application Data
WLC
AAA
Access-Rq 1, id=122
17
AP
Client
EAP
Success
AAA
WLC
Access-Accept 2, id=122