Cisco 4402 Configuration Guide - Page 6

Introduction This document is a guide to configuring eduroam in a Cisco controller-based environment, i.e. a configuration based on one or more Cisco controllers which govern the traffic to and from Cisco lightweight access points (LAP). The guide applies both to Cisco 5500 Series and 4400 Series controllers (WLC). Any differences in configuration between the 5500 Series and the 4400 Series are specified. In principle the guide will also apply to wireless systems provided by suppliers other than Cisco. For information on the configuration and operation of IEEE 802.1X, see UFS112 [1]. The description in this case is based on the use of autonomous access points, but the principle will be the same. In a controller system it is the controller which acts on behalf of the access point, including issues regarding the RADIUS authentication of users. When configuring a controller-based wireless network, there are many things which need to be planned and performed in the correct order. The main points are dealt with in the following chapters: 1. Network planning 2. Configuring RADIUS 3. Configuring a controller 4. Radio planning 5. Physical installation of access points. As an alternative to a controller-based system, a configuration may be chosen which is based on autonomous access points. However, in the interests of security, this is not recommended. A configuration using autonomous access points requires the use of a dot1q trunk with all the necessary VLAN connections to an access point. Since access points can be located in open areas with roundthe-clock access, with a little knowledge a user may be able to replace an access point with a PC which in turn would be able to access VLANs that it should not be able to access, or act as an intermediary in a man-in-the-middle attack. Guidelines for how to configure eduroam without the use of a controller are nevertheless provided in Attachment A. 6