Cisco WAP200 Administration Guide - Page 56
Layer 2 security
UPC - 745883574452
View all Cisco WAP200 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 56 highlights
Chapter 2 How it works Chapter 2 Layer 2 security The WAP-200 supports several layer 2 security schemes that can be enabled to protect customer wireless traffic. Session limits Up to 255 user connections are supported when Layer 2 security is active. Authentication The following table lists the available authentication options: Protocol User authentication provide by 802.1x Access Controller, RADIUS server WPA1/WPA2 Access Controller, RADIUS server WPA (pre-shared keys) None WEP None Security options To enable multiple Layer 2 options at the same time, each option must be assigned to its own wireless profile. WEP Weaknesses in WEP's cryptographic technology were exposed not long after it was developed. However, it can still be of use in light-traffic, casual-use installations to deter eavesdroppers. It is not recommended for corporate networks without enabling a VPN security option (IPSec, PPTP, or L2TP). 802.1x 802.1x: is an IEEE port-based authentication standard. It improves upon WEP by providing two important enhancements: user authentication and unique keys with key rotation. • User authentication: Before a user gains access to the wireless network, they must first log in. The login process is managed by 802.1x client software which must be installed on the user's computer. It communicates with the WAP-200, which in turn uses the services of a RADIUS server to validate user login credentials. • Unique keys with key rotation: Each user is assigned their own key by the RADIUS server. Keys are automatically rotated (regenerated) at an interval configured on the WAP-200. To use 802.1x, wireless client stations must install 802.1x client software. The WAP-200 supports 802.1x clients using EAP-SIM, EAP-TLS, EAP-TTLS and PEAP. Dynamic WEP encryption is supported. Note: Colubris Networks does not recommend the use of 802.1x without enabling dynamic WEP encryption. Note: When 802.1x is active, the WAP-200 can also be configured to accept connections from stations using static WEP keys if required. 56