Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
4-20
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Unified Wireless Security Features
dot1q trunking or adding additional client subnets at the access switches. All WLAN client traffic is
tunneled to centralized locations (where the WLC resides), making it simpler to implement
enterprise-wide WLAN access and security policies.
tunneled to centralized locations (where the WLC resides), making it simpler to implement
enterprise-wide WLAN access and security policies.
Cisco Unified Wireless Security Features
The native 802.11 security features combined with the physical security and ease of deployment of an
LWAPP architecture serves to improve the overall security of WLAN deployments. In addition to the
inherent security benefits offered by the LWAPP protocol described above, the Cisco Unified Wireless
solution also includes the following additional security features:
LWAPP architecture serves to improve the overall security of WLAN deployments. In addition to the
inherent security benefits offered by the LWAPP protocol described above, the Cisco Unified Wireless
solution also includes the following additional security features:
•
Enhanced WLAN security options
•
ACL and firewall features
•
Dynamic Host Configuration Protocol (DHCP) and Address Resolution Protocol (ARP) protection
•
Peer-to-peer blocking
•
Wireless intrusion detection system (IDS)
–
Client exclusion
–
Rogue AP detection
•
Management frame protection
•
Dynamic radio frequency management
•
Architecture integration
•
IDS integration
Enhanced WLAN Security Options
The Cisco Unified Wireless Network solution supports multiple concurrent WLAN security options. For
example, multiple WLANs can be created on a WLC, each with its own WLAN security settings that
can range from an open guest WLAN network and WEP networks for legacy platforms to combinations
of WPA and/or WPA2 security configurations.
example, multiple WLANs can be created on a WLC, each with its own WLAN security settings that
can range from an open guest WLAN network and WEP networks for legacy platforms to combinations
of WPA and/or WPA2 security configurations.
Each WLAN SSID can be mapped to either the same or different dot1q interface on the WLC, or
Ethernet over IP (EoIP) tunneled to a different controller through a mobility anchor (Auto Anchor
Mobility) connection.
Ethernet over IP (EoIP) tunneled to a different controller through a mobility anchor (Auto Anchor
Mobility) connection.
If a WLAN client authenticates via 802.1x, a dot1q VLAN assignment can be controlled via RADIUS
attributes passed to the WLC up successful authenticaiton.
attributes passed to the WLC up successful authenticaiton.
show a subset of the Unified Wireless WLAN configuration screen. The
following three main configuration items appear on this sample screen:
•
The WLAN SSID
•
The WLC interface to which the WLAN is mapped
•
The security method (additional WPA and WPA2 options are on this page, but are not shown)