Cisco WAP200 Administration Guide - Page 56

Layer 2 security

Get Cisco WAP200 - Small Business Wireless-G Access Point PDF manuals and user guides
UPC - 745883574452
View all Cisco WAP200 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 56 highlights

Chapter 2 How it works Chapter 2 Layer 2 security The WAP-200 supports several layer 2 security schemes that can be enabled to protect customer wireless traffic. Session limits Up to 255 user connections are supported when Layer 2 security is active. Authentication The following table lists the available authentication options: Protocol User authentication provide by 802.1x Access Controller, RADIUS server WPA1/WPA2 Access Controller, RADIUS server WPA (pre-shared keys) None WEP None Security options To enable multiple Layer 2 options at the same time, each option must be assigned to its own wireless profile. WEP Weaknesses in WEP's cryptographic technology were exposed not long after it was developed. However, it can still be of use in light-traffic, casual-use installations to deter eavesdroppers. It is not recommended for corporate networks without enabling a VPN security option (IPSec, PPTP, or L2TP). 802.1x 802.1x: is an IEEE port-based authentication standard. It improves upon WEP by providing two important enhancements: user authentication and unique keys with key rotation. • User authentication: Before a user gains access to the wireless network, they must first log in. The login process is managed by 802.1x client software which must be installed on the user's computer. It communicates with the WAP-200, which in turn uses the services of a RADIUS server to validate user login credentials. • Unique keys with key rotation: Each user is assigned their own key by the RADIUS server. Keys are automatically rotated (regenerated) at an interval configured on the WAP-200. To use 802.1x, wireless client stations must install 802.1x client software. The WAP-200 supports 802.1x clients using EAP-SIM, EAP-TLS, EAP-TTLS and PEAP. Dynamic WEP encryption is supported. Note: Colubris Networks does not recommend the use of 802.1x without enabling dynamic WEP encryption. Note: When 802.1x is active, the WAP-200 can also be configured to accept connections from stations using static WEP keys if required. 56

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - How it works - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Chapter 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 56 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Layer 2 security
The WAP-200 supports several layer 2 security schemes that can be enabled to protect
customer wireless traffic.
Session limits
Up to 255 user connections are supported when Layer 2 security is active.
Authentication
The following table lists the available authentication options:
Security options
To enable multiple Layer 2 options at the same time, each option must be assigned to its
own wireless profile.
WEP
Weaknesses in WEP’s cryptographic technology were exposed not long after it was
developed. However, it can still be of use in light-traffic, casual-use installations to deter
eavesdroppers. It is not recommended for corporate networks without enabling a VPN
security option (IPSec, PPTP, or L2TP).
802.1x
802.1x: is an IEEE port-based authentication standard. It improves upon WEP by
providing two important enhancements: user authentication and unique keys with key
rotation.
User authentication: Before a user gains access to the wireless network, they must
first log in. The login process is managed by 802.1x client software which must be
installed on the user’s computer. It communicates with the WAP-200, which in turn
uses the services of a RADIUS server to validate user login credentials.
Unique keys with key rotation: Each user is assigned their own key by the RADIUS
server. Keys are automatically rotated (regenerated) at an interval configured on the
WAP-200.
To use 802.1x, wireless client stations must install 802.1x client software. The WAP-200
supports 802.1x clients using EAP-SIM, EAP-TLS, EAP-TTLS and PEAP. Dynamic
WEP encryption is supported.
Note:
Colubris Networks does not recommend the use of 802.1x without enabling
dynamic WEP encryption.
Note:
When 802.1x is active, the WAP-200 can also be configured to accept
connections from stations using static WEP keys if required.
Protocol
User authentication provide by
802.1x
Access Controller, RADIUS server
WPA1/WPA2
Access Controller, RADIUS server
WPA (pre-shared keys)
None
WEP
None