Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter

Cisco Compatible Extensions version 5 provides additional security features such as client-side 
management frame protection (MFP), which is described in 

Proactive Key Caching (PKC) is an 802.11i extension that allows for the proactive caching (before the 
client roaming event) of the PMK that is derived during a client 802.1x/EAP authentication at the AP 
(see 

). If a PMK (for a given WLAN client) is pre-cached at an AP to which the client is about 

to roam, full 802.1x/EAP authentication is not required. Instead, the WLAN client can simply use the 
WPA four-way handshake process to securely derive a new session encryption key for communication 
with that AP.

The distribution of these cached PMKs to APs is greatly simplified in the Unified Wireless deployment. 
The PMK is simply cached in the controller(s) and made available to all APs that connect to it. The PMK 
is also shared with all other controllers that make up a mobility group with the anchor controller.

WEP

IEEE 802.1X

IEEE 802.11i–WPA2: 802.1X + AES

Network Admission Control (NAC)

Cisco TKIP (encryption)

WiFi Protected Access (WPA): 802.1X + WPA TKIP

LEAP

EAP-FAST

EAP-TLS ASD requires either LEAP, EAP-Fast, or EAP-TLS

With LEAP (ASD requires either LEAP, EAP-Fast, or EAP-TLS)

With EAP-FAST (ASD requires either LEAP, EAP-Fast, or EAP-TLS)

With EAP-TLS (ASD requires either LEAP, EAP-Fast, or EAP-TLS)

With PEAP-GTC

With LEAP

With PEAP-GTC

With PEAP-MSCHAP and EAP-TLS

With EAP-FAST

With PEAP-MSCHAP

PEAP with EAP-GTC (PEAP-GTC)

PEAP with EAP-MSCHAPv2 (PEAP-MSCHAP)

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

x

optional

221405