Layer 3 Solutions; Rogue Access Point Solutions; Rogue Access Point Challenges; Tagging And Containing Rogue Access Points - Cisco SD2008T-NA Configuration Manual
4400 series wireless lan controller
Hide thumbs
Also See for SD2008T-NA:
- Configuration manual (46 pages) ,
- Installation manual (160 pages)
Table of Contents
Advertisement
Chapter 5
Configuring Security Solutions
Layer 3 Solutions
The WEP problem can be further solved using industry-standard Layer 3 security solutions such as
passthrough VPNs (virtual private networks).
The Cisco UWN Solution supports local and RADIUS MAC (media access control) filtering. This
filtering is best suited to smaller client groups with a known list of 802.11 access card MAC addresses.
Finally, the Cisco UWN Solution supports local and RADIUS user/password authentication. This
authentication is best suited to small to medium client groups.
Rogue Access Point Solutions
This section describes security solutions for rogue access points.
Rogue Access Point Challenges
Rogue access points can disrupt WLAN operations by hijacking legitimate clients and using plaintext or
other denial-of-service or man-in-the-middle attacks. That is, a hacker can use a rogue access point to
capture sensitive information, such as passwords and username. The hacker can then transmit a series of
clear-to-send (CTS) frames, which mimics an access point informing a particular NIC to transmit and
instructing all others to wait, which results in legitimate clients being unable to access the WLAN
resources. WLAN service providers thus have a strong interest in banning rogue access points from the
air space.
The operating system security solution uses the radio resource management (RRM) function to
continuously monitor all nearby access points, automatically discover rogue access points, and locate
them as described in the
Tagging and Containing Rogue Access Points
When the Cisco UWN Solution is monitored using WCS. WCS generates the flags as rogue access point
traps, and displays the known rogue access points by MAC address. The operator can then display a map
showing the location of the lightweight access points closest to each rogue access point, allowing Known
or Acknowledged rogue access points (no further action), marking them as Alert rogue access points
(watch for and notify when active), or marking them as contained rogue access points. Between one and
four lightweight access points discourage rogue access point clients by sending the clients
deauthenticate and disassociate messages whenever they associate with the rogue access point.
When the Cisco UWN Solution is monitored using a GUI or a CLI, the interface displays the known
rogue access points by MAC address. The operator then has the option of marking them as Known or
Acknowledged rogue access points (no further action), marking them as Alert rogue access points (watch
for and notify when active), or marking them as Contained rogue access points (have between one and
four lightweight access points discourage rogue access point clients by sending the clients
deauthenticate and disassociate messages whenever they associate with the rogue access point).
OL-9141-03
"Tagging and Containing Rogue Access Points" section on page
Cisco Wireless LAN Controller Configuration Guide
Cisco UWN Solution Security
5-3.
5-3
Hide quick links:
Advertisement
Table of Contents
