Iuwne10 S04 L03

WLAN Security

Centralizing WLAN Authentication

802.1X

802.1X over Wireless

Unique Encryption Keys

EAP Process

EAP Frame Format

EAP defines four message types: Request, Response, Success, and Failure

RADIUS

Security > AAA > RADIUS > Authentication

Security > AAA > RADIUS > Authentication > New

WLAN > Edit > Security > AAA Servers

Local EAP

The following EAP methods are supported with local EAP:

− LEAP

− EAP-FAST (both username and password with PAC and certificates)

− EAP-TLS

− PEAP

MAC authentication is also supported in addition to the above methods

Local EAP authentication can be used if the Cisco WLC fails to reach the configured RADIUS servers

Supports local users or LDAP users

Requires WLAN configuration

Security > Local EAP > Profiles

Local EAP is created in three steps: Creation and configuration of an EAP profile

Creation of local users or delegation to an LDAP server

Validation of the EAP profile in a WLAN

Security > Local EAP > Profiles > Edit

Security > Local EAP > EAP-FAST Parameters

Security > AAA > Local Net Users

Security > Local EAP > Authentication Priority

Only LDAP is used

LDAP is used only if the local list does not contain the user

Security >AAA > LDAP

WLAN > Edit

Summary

802.1X allows a port to be blocked while the client is authenticated.

EAP creates a framework to carry the typical steps in an authentication process.

WLAN controllers can relay the wireless client authentication task to an external RADIUS server.

WLAN controllers can also be configured to handle EAP locally, based on an internal user database or an external LDAP server.

Iuwne10 S04 L03

Technology

L03 Dis.math

Iuwne10 S05 L03

Iuwne10 S01 L07

Iuwne10 S01 L06

Iuwne10 S03 L01

Reengineer s04

Iuwne10 S05 L01

Iuwne10 S02 L06

Iuwne10 S03 L04

Iuwne10 S05 L05

Iuwne10 S01 L09

Iuwne10 S01 L04

S04 colostomia

L03 Biofuels

Iuwne10 S01 L02

Iuwne10 S02 L04

Iuwne10 S05 L06

L03 organeles

Iuwne10 S03 L02

Iuwne10 S06 L01