Layer 3 Solutions; Integrated Security Solutions; Configuring Radius - Cisco 2100 Series Configuration Manual

Chapter 5 Configuring Security Solutions

Layer 3 Solutions

The WEP problem can be further solved using industry-standard Layer 3 security solutions such as
passthrough VPNs (virtual private networks).
The Cisco UWN Solution supports local and RADIUS MAC (media access control) filtering. This
filtering is best suited to smaller client groups with a known list of 802.11 access card MAC addresses.
Finally, the Cisco UWN Solution supports local and RADIUS user/password authentication. This
authentication is best suited to small to medium client groups.

Integrated Security Solutions

•
•
•
•
•

Configuring RADIUS

Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol that provides
centralized security for users attempting to gain management access to a network. It serves as a backend
database similar to local and TACACS+ and provides authentication and accounting services:
•
•
OL-17037-01
Cisco UWN Solution operating system security is built around a robust 802.1X AAA (authorization,
authentication and accounting) engine, which allows operators to rapidly configure and enforce a
variety of security policies across the Cisco UWN Solution.
The controllers and lightweight access points are equipped with system-wide authentication and
authorization protocols across all ports and interfaces, maximizing system security.
Operating system security policies are assigned to individual WLANs, and lightweight access points
simultaneously broadcast all (up to 16) configured WLANs. This can eliminate the need for
additional access points, which can increase interference and degrade system throughput.
Operating system security uses the RRM function to continually monitor the air space for
interference and security breaches, and notify the operator when they are detected.
Operating system security works with industry-standard authorization, authentication, and
accounting (AAA) servers, making system integration simple and easy.
Authentication—The process of verifying users when they attempt to log into the controller.
Users must enter a valid username and password in order for the controller to authenticate users to
the RADIUS server.
When multiple databases are configured, you can use the controller GUI or CLI to specify
Note
the sequence in which the backend databases should be tried.
Accounting—The process of recording user actions and changes.
Whenever a user successfully executes an action, the RADIUS accounting server logs the changed
attributes, the user ID of the person who made the change, the remote host where the user is logged
in, the date and time when the command was executed, the authorization level of the user, and a
description of the action performed and the values provided. If the RADIUS accounting server
becomes unreachable, users are able to continue their sessions uninterrupted.
Cisco Wireless LAN Controller Configuration Guide
Configuring RADIUS
5-3