Cisco Uwn Solution Security; Security Overview; Layer 1 Solutions; Layer 2 Solutions - Cisco SD2008T-NA Configuration Manual

Cisco UWN Solution Security

Cisco UWN Solution Security
Cisco UWN Solution security includes the following sections:
•
•
•
•
•
•

Security Overview

The Cisco UWN security solution bundles potentially complicated Layer 1, Layer 2, and Layer 3 802.11
Access Point security components into a simple policy manager that customizes system-wide security
policies on a per-WLAN basis. The Cisco UWN security solution provides simple, unified, and
systematic security management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is WEP encryption, which is a weak
standalone encryption method. A newer problem is the availability of low-cost access points, which can
be connected to the enterprise network and used to mount man-in-the-middle and denial-of-service
attacks. Also, the complexity of add-on security solutions has prevented many IT managers from
embracing the benefits of the latest advances in WLAN security.

Layer 1 Solutions

The Cisco UWN security solution ensures that all clients gain access within an operator-set number of
attempts. Should a client fail to gain access within that limit, it is automatically excluded (blocked from
access) until the operator-set timer expires. The operating system can also disable SSID broadcasts on a
per-WLAN basis.

Layer 2 Solutions

If a higher level of security and encryption is required, the network administrator can also implement
industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication
protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco UWN Solution WPA
implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity
protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static
keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed
authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between
controllers and lightweight access points are secured by passing data through LWAPP tunnels.
Cisco Wireless LAN Controller Configuration Guide
5-2
Security Overview, page 5-2
Layer 1 Solutions, page 5-2
Layer 2 Solutions, page 5-2
Layer 3 Solutions, page 5-3
Rogue Access Point Solutions, page 5-3
Integrated Security Solutions, page 5-4
Chapter 5 Configuring Security Solutions
OL-9141-03