Cisco Systems, Inc.
All contents are Copyright © 2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 10
Enterprise-Class Wireless LAN Security
WirelessLANsecurityisa primary concern. Cisco Aironet products secure the enterprise network with a scalable and
manageable system featuring the award-winning Cisco Wireless Security Suite. Based on the 802.1X standard for
port-based network access, the Cisco Wireless Security Suite takes advantage of the Extensible Authentication
Protocol (EAP) framework for user-based authentication (Figure 3).
The Cisco Wireless Security Suite interoperates with a range of client devices. It supports all 802.1X authentication
types, including Cisco LEAP, Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and types that
operate over EAP-TLS, such as Protected Extensible Authentication Protocol (PEAP), EAP-Tunneled TLS
(EAP-TTLS)andEAP-SubscriberIdentityModule(EAP-SIM). A wide selectionof Remote AccessDial-InUser Service
(RADIUS) servers, such as the Cisco Secure Access Control Server (ACS), can be used for enterprise-class centralized
user management. Enhanced features such as Temporal Key Integrity Protocol (TKIP) per-packet key hashing,
message integrity check (MIC) and broadcast key rotation are integral to the Cisco Wireless Security Suite.
Figure 3
The Cisco Wireless Security Suite is an Enterprise-Class Security System Based on the
802.1X Architecture
World Mode for International Roaming
Cisco simplifies deployment for international travelers and multinational corporations with a new client adapter
setting called world mode. When placed in this mode, client adapters automatically inherit channel configuration
properties directly from the Cisco Aironet access point to which they associate. This feature enables a user to use a
client adapter around the world while still maintaining regulatory compliance.
RADIUS server delivers Unicast
WEP key to Access Point
5
Client and Access Point activate WEP
and use Unicast and Broadcast WEP
keys for transmission
7
Access Point delivers Broadcast WEP key
encrypted with Unicast WEP key to Client
6
RADIUS server authenticates User;
RADIUS server and Client derive Unicast WEP key
4
Aironet 1200 Series
Access Point with
Cisco LEAP Support
Wireless Computer with
Cisco LEAP Supplicant
User provides login
authentication credentials
3
Access Point blocks
all User requests
to access LAN
2
Client associates
with Access Point
1
Aironet 1200 Series
Access Point with
Cisco LEAP Support
Wireless Computer
with Cisco LEAP Supplicant
Access Switch
Campus Network
RADIUS Server
Access Switch
User Database
Campus Network
RADIUS Server with
Cisco LEAP Authentication Support
and Dynamic WEP Key Generation
User Database
(41 stránky)
(2 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce