Top Banner
© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-1 WLAN Security Configuring Wireless Security on Controllers and Clients
26
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-1

WLAN Security

Configuring Wireless Security on Controllers and Clients

Page 2: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-2

Security Policy Logic

Page 3: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-3

WLAN > Edit > Security

Page 4: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-4

WLAN > Edit > Security (Cont.)

Page 5: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-5

Security

Page 6: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-6

802.1X

Page 7: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-7

802.1X + WEP

Page 8: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-8

WPA + WPA2

Page 9: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-9

WZC Association

Page 10: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-10

WZC Authentication

Device authentication

Revert to guest/no password, if no credentials could be found in the configuration

Page 11: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-11

WZC Authentication: Smart Card or Certificate

Page 12: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-12

WZC: PEAP

Page 13: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-13

NetworkManager

If an EAP type, window extends

If applicable, fields show

Page 14: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-14

Mac AirPort Extreme

Page 15: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-15

Cisco ADU: Profile Security

None

Page 16: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-16

Cisco ADU: Profile Security (Cont.)In WEP PSK, click on configure to create up to 4keys (passwords). They can be 40 bits long (key only), or 128 bits long (104 bits key + 24 bits initialization vector).

Page 17: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-17

Cisco ADU: Profile Security (Cont.)

802.1x is authentication only. You then configure how this particular authentication should occur. In this example, LEAP, which

is username- and password-based.

Page 18: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-18

Cisco ADU: Profile Security (Cont.)

WPA PSK relies on password strength

WPA/WPA2 imply encryption, and authentication through a common password or a per-

user basis.In the common password

case, click Configure to set the password

Page 19: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-19

Cisco ADU: Profile Security (Cont.)

WPA/WPA2/CCKM imply encryption and EAP type authentication. Select which type in the list, and click Configure to determine how authentication should

occur for the particular type you choose.

Page 20: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-20

Web Authentication

This allows users to authenticate through a web interface

Clients who attempt to access the WLAN using HTTP are automatically directed to a login page:

– Login page is customizable for logos and text

– Maximum simultaneous authentication requests using web authentication is 21

– Maximum number of local web authentication users is 2048 (default 512)

This is generally used for guest access

The Login page on the controller is now fully customizable

Page 21: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-21

Web Authentication Process

John Bartenhagen
Q2Dev: In the label on the fifth arrow from the bottom, "Negociation" should be "Negotiation" -EDIT.
Page 22: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-23

WLAN > Edit > Security > Layer 3

Page 23: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-24

Security > Web Auth > Web Login Page

Page 24: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-25

Security > Web Auth > Web Authentication Certificate

Page 25: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-26

Summary

WLAN security is configured from the Layer 2 and Layer 3 tabs and the main Security menu.

802.1X implies a RADIUS server configuration; the encryption will be None or WEP.

WPA/WPA2 allow both enterprise and personal modes: in enterprise mode, the RADIUS server is defined; in personal mode, the password is defined.

The WZC, Cisco ADU, NetworkManager, and Mac AirPort Extreme provide different interfaces to configure the exact type on the client side.

Web authentication allows a Layer 3 authentication, while Layer 2 is set as Open.

Page 26: Iuwne10 S04 L06

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—4-27