3
Visit Cisco Connection Online at www.cisco.com
WLAN Software Serviced Needed for Business-Class Applications
Centralized Security Architecture with Dynamic Session Key Management
Security is a primary concern for all WLAN installations. First-generation wireless security schemes based on service set
identifier (SSID) and manual wired equivalent privacy (WEP) key management imposed significant administrative burdens
upon the user. This burden precluded large-scale deployments. The Cisco solution leads the industry in providing scalable,
standards-based, centralized security management that delivers dynamic single-session, single-user encryption keys
integrated with the network logon.
The Cisco security architecture is based on the IEEE 802.1x standard for wireless networks. It is an extensible security
framework that accommodates a variety of authentication and key management methods. Cisco Aironet APs work with EAP-
enabled Remote Access Dial-In User Service (RADIUS) servers such as the Cisco Access Control Server 2000 Version 2.6
and EAP-enabled client adapters such as Cisco Aironet Series clients providing user-level authentication over an encrypted
link. After successful mutual authentication with the RADIUS server, the user derives a dynamic WEP encryption key that
uniquely encrypts that user’s traffic over the air, ensuring security from both outside sources and inside network users. The
access control server (ACS) RADIUS server uses Lightweight Directory Access Protocol (LDAP) or open database
connectivity services (ODBC) to take advantage of the enterprise identity server database, allowing IT managers to instantly
enable secure wireless security to all users.
Integrated Management for Configuration, Monitoring, and Troubleshooting
The Cisco Aironet Series offers simplified installation and configuration for rapid, anytime, anywhere installation,
configuration, and management. The series supports Web-based management and Simple Network Management Protocol
(SNMP) features to aid monitoring, troubleshooting, software download, and event logging.
The frequency agility option of the Cisco Aironet Series takes the guesswork out of channel configuration. In this mode, the
AP automatically scans the area and selects the least-congested channel. The installer does not need to be aware of the
settings of other Cisco APs in the coverage area.
For enterprise management, the Cisco Aironet Series provides support for Cisco Discovery Protocol (CDP) to enable auto
discovery of Cisco Aironet APs and bridges using Cisco enterprise management applications such as CiscoWorks2000.
Additionally, Cisco Aironet APs support standard SNMP Management Information Base (MIB) II, Cisco Aironet Series
private MIB, and 802.11b MIB. Cisco Aironet Series APs can also be managed via the console or the Telnet interface.
Figure 26-2: The 802.1x architecture implemented by Cisco is the first enterprise-ready security system for WLANs
EAP Over Wireless/LAN
(EAPOW/EAPOL)
EAP Over RADIUS
Authenticator
(e.g. Access Point,
Catalyst Switch)
Authentication
Server such as
ACS2000 v2.6
Semi-Public
Network/Enterprise Edge
Enterprise
Intranet
Extended Enterprise
(Branch Office or
Home Office)
Supplicant
R
A
D
I
U
S
54563
(6 Seiten)
(40 Seiten)
(2 Seiten)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern