5-2
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Cisco UWN Solution Security
Cisco UWN Solution Security
Cisco UWN Solution security includes the following sections:
• Security Overview, page 5-2
• Layer 1 Solutions, page 5-2
• Layer 2 Solutions, page 5-2
• Layer 3 Solutions, page 5-3
• Integrated Security Solutions, page 5-3
Security Overview
The Cisco UWN security solution bundles potentially complicated Layer 1, Layer 2, and Layer 3 802.11
Access Point security components into a simple policy manager that customizes system-wide security
policies on a per-WLAN basis. The Cisco UWN security solution provides simple, unified, and
systematic security management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is WEP encryption, which is a weak
standalone encryption method. A newer problem is the availability of low-cost access points, which can
be connected to the enterprise network and used to mount man-in-the-middle and denial-of-service
attacks. Also, the complexity of add-on security solutions has prevented many IT managers from
embracing the benefits of the latest advances in WLAN security.
Layer 1 Solutions
The Cisco UWN security solution ensures that all clients gain access within an operator-set number of
attempts. Should a client fail to gain access within that limit, it is automatically excluded (blocked from
access) until the operator-set timer expires. The operating system can also disable SSID broadcasts on a
per-WLAN basis.
Layer 2 Solutions
If a higher level of security and encryption is required, the network administrator can also implement
industry-standard security solutions such as Extensible Authentication Protocol (EAP), Wi-Fi protected
access (WPA), and WPA2. The Cisco UWN Solution WPA implementation includes AES (advanced
encryption standard), TKIP + Michael (temporal key integrity protocol + message integrity code
checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static keys. Disabling is also used to
automatically block Layer 2 access after an operator-set number of failed authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between
controllers and lightweight access points are secured by passing data through CAPWAP tunnels.
To Next Page
Loading...
Need help?
General
