- 1. WLAN Security Configuring Wireless Security on Controllers and Clients
2. Security Policy Logic 3. WLAN > Edit > Security 4. WLAN > Edit > Security (Cont.) 5. Security 6. 802.1X 7. 802.1X + WEP 8. WPA + WPA2 9. WZC Association 10. WZC Authentication Device authentication Revert to guest/no password, if no credentials could be found in the configuration 11. WZC Authentication: Smart Card or Certificate 12. WZC: PEAP 13. NetworkManager
- If an EAP type, window extends
If applicable, fields show 14. Mac AirPort Extreme 15. Cisco ADU: Profile Security
16. Cisco ADU: Profile Security (Cont.) In WEP PSK, click on configure to create up to 4 keys (passwords). They can be 40 bits long (key only), or 128 bits long (104 bits key + 24 bits initialization vector). 17. Cisco ADU: Profile Security (Cont.) 802.1x is authentication only. You then configure how this particular authentication should occur. In this example, LEAP, which is username- and password-based. 18. Cisco ADU: Profile Security (Cont.)
- WPA PSK relies on password strength
WPA/WPA2 imply encryption, and authentication through a common password or a per-user basis. In the common password case, clickConfigureto set the password 19. Cisco ADU: Profile Security (Cont.) WPA/WPA2/CCKM imply encryption and EAP type authentication. Select which type in the list, and clickConfigureto determine how authentication should occur for the particular type you choose. 20. Web Authentication
- This allows users to authenticate through a web interface
- Clients who attempt to access the WLAN using HTTP are automatically directed to a login page:
- Login page is customizable for logos and text
- Maximum simultaneous authentication requests using web authentication is 21
- Maximum number of local web authentication users is 2048 (default 512)
- This is generally used for guest access
- The Login page on the controller is now fully customizable
21. Web Authentication Process 22. 23. WLAN > Edit > Security > Layer 3 24. Security > Web Auth > Web Login Page 25. Security > Web Auth > Web Authentication Certificate 26. Summary
- WLAN security is configured from the Layer 2 and Layer 3 tabs and the main Security menu.
- 802.1X implies a RADIUS server configuration; the encryption will be None or WEP.
- WPA/WPA2 allow both enterprise and personal modes: in enterprise mode, the RADIUS server is defined; in personal mode, the password is defined.
- The WZC, Cisco ADU, NetworkManager, and Mac AirPort Extreme provide different interfaces to configure the exact type on the client side.
- Web authentication allows a Layer 3 authentication, while Layer 2 is set as Open.