Protected Extensible Authentication Protocol (Peap); Fast Secure Roaming (Fsr) - Cisco 8800 Series Deployment Manual
Wireless lan deployment guide
Hide thumbs
Also See for 8800 Series:
- Manual (544 pages) ,
- Administration manual (406 pages) ,
- User manual (218 pages)
Table of Contents
Advertisement
Protected Extensible Authentication Protocol (PEAP)
Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating
an encrypted SSL/TLS tunnel between the client and the authentication server.
The ensuing exchange of authentication information is then encrypted and user credentials are safe from eavesdropping.
PEAP-MSCHAPv2 is the supported inner authentication protocols. PEAP-GTC is not supported currently.
PEAP requires that a user account be created on the authentication server.
For more information on Cisco Secure Access Control System (ACS) and Cisco Identity Services Engine (ISE), refer to the
following links.
http://www.cisco.com/c/en/us/products/security/secure-access-control-system/datasheet-listing.html
http://www.cisco.com/c/en/us/products/security/identity-services-engine/datasheet-listing.html
Fast Secure Roaming (FSR)
802.11r / Fast Transition (FT) is the recommended deployment model for all environment types where frequent roaming occurs.
Cisco Centralized Key Management (CCKM) is also supported, but requires 802.1x authentication.
802.11r (FT) and CCKM enable fast secure roaming and limits the off-network time to keep audio gaps at a minimum when on
call.
802.1x or PSK without 802.11r (FT) and 802.1x without CCKM can introduce delay during roaming due to its requirement for
full re-authentication. WPA and WPA2 introduce additional transient keys and can lengthen roaming time.
802.11r (FT) and CCKM centralizes the key management and reduces the number of key exchanges.
When 802.11r (FT) or CCKM is utilized, roaming times can be reduced from 400-500 ms to less than 100 ms, where that
transition time from one access point to another will not be audible to the user.
There are two types of 802.11r (FT) roaming.
Over the Air
•
The client communicates directly with the target access point using 802.11 authentication with the FT authentication
algorithm.
Over the Distribution
•
The client communicates with the target access point through the current access point. The communication between
the client and the target access point is carried in FT action frames between the client and the current access point via
the WLAN controller.
Cisco IP Phone 8800 Series Wireless LAN Deployment Guide
19
Advertisement
Table of Contents
