Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter 设计指南
4-33
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Unified Wireless Security Features
Client Management Frame Protection
Cisco Compatible Extensions v5 WLAN clients support MFP. This is enabled on a per-WLAN basis, as
is shown in
is shown in
.
The method of providing MFP for WLAN clients is fundamentally the same as that used for APs, which
is to use a MIC in the management frames. This allows trusted management frames to be identified by
the client. MIC cryptographic keys are passed to the client during the WPA2 authentication process.
Client MFP is available only for WPA2. If WPA and WPA2 clients share the same WLAN, client MFP
must be set to “optional”.
is to use a MIC in the management frames. This allows trusted management frames to be identified by
the client. MIC cryptographic keys are passed to the client during the WPA2 authentication process.
Client MFP is available only for WPA2. If WPA and WPA2 clients share the same WLAN, client MFP
must be set to “optional”.
WCS Security Features
Apart from providing location support for Rogue AP detection, the WCS provides two additional
Unified Wireless security features: WLC configuration verification management and an alarm and
reporting interface.
Unified Wireless security features: WLC configuration verification management and an alarm and
reporting interface.
Configuration Verification
The WCS can provide on-demand or regularly-scheduled configuration audit reports, which compare the
complete current running configuration of a WLC and its registered access points with that of a known
valid configuration stored in the WCS databases. Any exceptions between the current running
configuration and the stored database configuration are noted and brought to the attention of the network
administrator via screen reports. (See
complete current running configuration of a WLC and its registered access points with that of a known
valid configuration stored in the WCS databases. Any exceptions between the current running
configuration and the stored database configuration are noted and brought to the attention of the network
administrator via screen reports. (See
.)