
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 17 of 21
Dynamic Power Control—The system dynamically adjusts the power output of individual
access points to accommodate changing network conditions, helping to ensure predictable
wireless performance and availability.
Enterprise-Class Security
The Cisco Wireless LAN controller network module adheres to the strictest level of security
standards, including:
802.11i Wi-Fi Protected Access 2 (WPA2), WPA, and Wired Equivalent Privacy (WEP)
802.1X with multiple Extensible Authentication Protocol (EAP) types-Protected EAP
(PEAP), EAP with Transport Layer Security (EAP-TLS), EAP with Tunneled TLS (EAP-
TTLS), and Cisco LEAP
The result is the industry's most comprehensive wireless LAN security solution.
In the Cisco Centralized Wireless LAN Solution, access points act as air monitors, communicating
real-time information about the wireless domain to Cisco Wireless LAN Controllers. All security
threats are rapidly identified and presented to network administrators via Cisco WCS, where
accurate analysis can take place and corrective action can be taken.
Cisco provides the only wireless LAN system that offers simultaneous wireless protection and
wireless LAN service delivery. This helps to ensure complete wireless LAN protection, with no
unnecessary overlay equipment costs or extra monitoring devices. The Cisco Centralized Wireless
LAN Solution can be deployed initially as a standalone wireless IPS, and reconfigured later to add
wireless LAN data service. This allows network managers to create a "defense shield" around their
RF domains, containing unauthorized wireless activity until they are ready to deploy wireless
LAN services.
Cisco addresses wireless LAN security by offering multiple layers of protection (Figure 4),
including:
RF Security—Detect and avoid 802.11 interference and control unwanted RF propagation.
Wireless LAN Intrusion Prevention and Location—The Cisco Centralized Wireless LAN
Solution not only detects rogue devices or potential wireless threats, but also locates these
devices. This helps IT administrators to quickly assess the threat level and take immediate
action to mitigate threats as required.
Identity-Based Networking—IT staff must support many different user access rights,
device formats, and application requirements when securing wireless LANs. The Cisco
wireless LAN system enables enterprises to deliver individualized security policies to
wireless users or groups of users. These include:
Layer 2 Security—802.1X (PEAP, LEAP, TTLS), WPA, 802.11i (WPA2)
Layer 3 Security (and above)—IPSec, web authentication
VLAN Assignments
Access Control Lists (ACLs)—IP restrictions, protocol types, port, and differentiated
services code point (DSCP) value
QoS—multiple service levels, bandwidth contracts, traffic shaping and RF utilization
Authentication, Authorization, and Accounting (AAA)/RADIUS—User session policies
and rights management
Komentáře k této Příručce