Date post: | 20-Jun-2015 |
Category: |
Technology |
Upload: | ravi-ranjan |
View: | 351 times |
Download: | 3 times |
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-1
WLAN Security
Configuring Wireless Security on Controllers and Clients
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-2
Security Policy Logic
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-3
WLAN > Edit > Security
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-4
WLAN > Edit > Security (Cont.)
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-5
Security
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-6
802.1X
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-7
802.1X + WEP
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-8
WPA + WPA2
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-9
WZC Association
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-10
WZC Authentication
Device authentication
Revert to guest/no password, if no credentials could be found in the configuration
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-11
WZC Authentication: Smart Card or Certificate
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-12
WZC: PEAP
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-13
NetworkManager
If an EAP type, window extends
If applicable, fields show
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-14
Mac AirPort Extreme
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-15
Cisco ADU: Profile Security
None
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-16
Cisco ADU: Profile Security (Cont.)In WEP PSK, click on configure to create up to 4keys (passwords). They can be 40 bits long (key only), or 128 bits long (104 bits key + 24 bits initialization vector).
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-17
Cisco ADU: Profile Security (Cont.)
802.1x is authentication only. You then configure how this particular authentication should occur. In this example, LEAP, which
is username- and password-based.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-18
Cisco ADU: Profile Security (Cont.)
WPA PSK relies on password strength
WPA/WPA2 imply encryption, and authentication through a common password or a per-
user basis.In the common password
case, click Configure to set the password
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-19
Cisco ADU: Profile Security (Cont.)
WPA/WPA2/CCKM imply encryption and EAP type authentication. Select which type in the list, and click Configure to determine how authentication should
occur for the particular type you choose.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-20
Web Authentication
This allows users to authenticate through a web interface
Clients who attempt to access the WLAN using HTTP are automatically directed to a login page:
– Login page is customizable for logos and text
– Maximum simultaneous authentication requests using web authentication is 21
– Maximum number of local web authentication users is 2048 (default 512)
This is generally used for guest access
The Login page on the controller is now fully customizable
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-21
Web Authentication Process
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-23
WLAN > Edit > Security > Layer 3
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-24
Security > Web Auth > Web Login Page
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-25
Security > Web Auth > Web Authentication Certificate
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-26
Summary
WLAN security is configured from the Layer 2 and Layer 3 tabs and the main Security menu.
802.1X implies a RADIUS server configuration; the encryption will be None or WEP.
WPA/WPA2 allow both enterprise and personal modes: in enterprise mode, the RADIUS server is defined; in personal mode, the password is defined.
The WZC, Cisco ADU, NetworkManager, and Mac AirPort Extreme provide different interfaces to configure the exact type on the client side.
Web authentication allows a Layer 3 authentication, while Layer 2 is set as Open.
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-27