Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-25
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Unified Wireless Security Features
The WLC acts as an ARP proxy for WLAN clients by maintaining the MAC address-IP address
associations. This allows the WLC to block duplicate IP address and ARP spoofing attacks. The WLC
does not allow direct ARP communication between WLAN clients. This also prevents ARP spoofing
attacks directed at WLAN client devices.
associations. This allows the WLC to block duplicate IP address and ARP spoofing attacks. The WLC
does not allow direct ARP communication between WLAN clients. This also prevents ARP spoofing
attacks directed at WLAN client devices.
Peer-to-Peer Blocking
The WLC can be configured to block communication between clients on the same WLAN. This prevents
potential attacks between clients on the same subnet by forcing communication through the router.
potential attacks between clients on the same subnet by forcing communication through the router.
shows the configuration of peer-to-peer blocking on the WLC. Note that this is a global
setting on the WLC and applies to all WLANs configured on the WLC.
Figure 4-21
Peer-to-Peer Blocking
Wireless IDS
The WLC performs WLAN IDS analysis using information obtained from all of the connected LAPs,
and reports detected attacks to WLC as well to the WCS. The Wireless IDS analysis is complementary
to any analysis that may otherwise be performed by a wired network IDS system. The embedded
Wireless IDS capability of the WLC analyzes 802.11and WLC-specific information that is not otherwise
visible or available to a wired network IDS system.
and reports detected attacks to WLC as well to the WCS. The Wireless IDS analysis is complementary
to any analysis that may otherwise be performed by a wired network IDS system. The embedded
Wireless IDS capability of the WLC analyzes 802.11and WLC-specific information that is not otherwise
visible or available to a wired network IDS system.
The wireless IDS signature files used by the WLC are included in WLC software releases; however, they
can be updated independently using a separate signature file. Custom signatures are displayed in the
Custom Signatures window.
can be updated independently using a separate signature file. Custom signatures are displayed in the
Custom Signatures window.
shows the Standard Signatures window on the WLC.