Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-3
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Base 802.11 Security Features
The Cisco Wireless Security suite provides the user with the options to provide varying security
approaches based on the required or pre-existing authentication, privacy and client infrastructure. Cisco
Wireless Security Suite supports WPA and WPA2, including:
approaches based on the required or pre-existing authentication, privacy and client infrastructure. Cisco
Wireless Security Suite supports WPA and WPA2, including:
•
Authentication based on 802.1X using the following EAP methods:
–
Cisco LEAP, EAP-Flexible Authentication via Secure Tunneling (EAP-FAST)
–
PEAP- Generic Token Card (PEAP-GTC)
–
PEAP-Microsoft Challenge Authentication Protocol Version 2 (PEAP-MSCHAPv2)
–
EAP-Transport Layer Security (EAP-TLS)
–
EAP-Subscriber Identity Module (EAP-SIM)
•
Encryption:
–
AES-CCMP encryption (WPA2)
–
TKIP encryption enhancements: key hashing (per-packet keying), message integrity check
(MIC) and broadcast key rotation via WPA TKIP Cisco Key Integrity Protocol (CKIP) and
Cisco Message Integrity Check (CMIC)
(MIC) and broadcast key rotation via WPA TKIP Cisco Key Integrity Protocol (CKIP) and
Cisco Message Integrity Check (CMIC)
–
Support for static and dynamic IEEE 802.11 WEP keys of 40 bits, 104, and 128 bits
Note
128-bit WEP (128-bit WEP key =152-bit total key size as IV is added to key) is not supported
by all APs and clients. Even if it was, increasing WEP key length does not address the inherent
security weaknesses of WEP.
by all APs and clients. Even if it was, increasing WEP key length does not address the inherent
security weaknesses of WEP.
Terminology
A number of common terms are introduced throughout this guide, and are shown in
Algorithm
RC4
RC4
RC4
AES
Key strength
64/128-bit
64/128-bit
128-bit
128-bit
Supporting
infrastructure
infrastructure
None
RADIUS
RADIUS
RADIUS
Table 4-1
WLAN Security Mechanisms (continued)