Iuwne10 S04 L06

  • View

  • Download

Embed Size (px)

Text of Iuwne10 S04 L06

  • 1. WLAN Security Configuring Wireless Security on Controllers and Clients

2. Security Policy Logic 3. WLAN > Edit > Security 4. WLAN > Edit > Security (Cont.) 5. Security 6. 802.1X 7. 802.1X + WEP 8. WPA + WPA2 9. WZC Association 10. WZC Authentication Device authentication Revert to guest/no password, if no credentials could be found in the configuration 11. WZC Authentication: Smart Card or Certificate 12. WZC: PEAP 13. NetworkManager

  • If an EAP type, window extends

If applicable, fields show 14. Mac AirPort Extreme 15. Cisco ADU: Profile Security

  • None

16. Cisco ADU: Profile Security (Cont.) In WEP PSK, click on configure to create up to 4 keys (passwords). They can be 40 bits long (key only), or 128 bits long (104 bits key + 24 bits initialization vector). 17. Cisco ADU: Profile Security (Cont.) 802.1x is authentication only. You then configure how this particular authentication should occur. In this example, LEAP, which is username- and password-based. 18. Cisco ADU: Profile Security (Cont.)

  • WPA PSK relies on password strength

WPA/WPA2 imply encryption, and authentication through a common password or a per-user basis. In the common password case, clickConfigureto set the password 19. Cisco ADU: Profile Security (Cont.) WPA/WPA2/CCKM imply encryption and EAP type authentication. Select which type in the list, and clickConfigureto determine how authentication should occur for the particular type you choose. 20. Web Authentication

    • This allows users to authenticate through a web interface
    • Clients who attempt to access the WLAN using HTTP are automatically directed to a login page:
      • Login page is customizable for logos and text
      • Maximum simultaneous authentication requests using web authentication is 21
      • Maximum number of local web authentication users is 2048 (default 512)
    • This is generally used for guest access
    • The Login page on the controller is now fully customizable

21. Web Authentication Process 22. 23. WLAN > Edit > Security > Layer 3 24. Security > Web Auth > Web Login Page 25. Security > Web Auth > Web Authentication Certificate 26. Summary

    • WLAN security is configured from the Layer 2 and Layer 3 tabs and the main Security menu.
    • 802.1X implies a RADIUS server configuration; the encryption will be None or WEP.
    • WPA/WPA2 allow both enterprise and personal modes: in enterprise mode, the RADIUS server is defined; in personal mode, the password is defined.
    • The WZC, Cisco ADU, NetworkManager, and Mac AirPort Extreme provide different interfaces to configure the exact type on the client side.
    • Web authentication allows a Layer 3 authentication, while Layer 2 is set as Open.