Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Iuwne10 S04 L03


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Iuwne10 S04 L03

  1. 1. WLAN Security Centralizing WLAN Authentication
  2. 2. 802.1X
  3. 3. 802.1X over Wireless
  4. 4. Unique Encryption Keys
  5. 5. EAP Process
  6. 6. EAP Frame Format <ul><li>EAP defines four message types: Request, Response, Success, and Failure </li></ul>
  7. 7. RADIUS
  8. 8. Security > AAA > RADIUS > Authentication
  9. 9. Security > AAA > RADIUS > Authentication > New
  10. 10. WLAN > Edit > Security > AAA Servers
  11. 11. Local EAP <ul><ul><li>The following EAP methods are supported with local EAP: </li></ul></ul><ul><ul><ul><li>LEAP </li></ul></ul></ul><ul><ul><ul><li>EAP-FAST (both username and password with PAC and certificates) </li></ul></ul></ul><ul><ul><ul><li>EAP-TLS </li></ul></ul></ul><ul><ul><ul><li>PEAP </li></ul></ul></ul><ul><ul><li>MAC authentication is also supported in addition to the above methods </li></ul></ul><ul><ul><li>Local EAP authentication can be used if the Cisco WLC fails to reach the configured RADIUS servers </li></ul></ul><ul><ul><li>Supports local users or LDAP users </li></ul></ul><ul><ul><li>Requires WLAN configuration </li></ul></ul>
  12. 12. Security > Local EAP > Profiles <ul><li>Local EAP is created in three steps: </li></ul><ul><ul><li>Creation and configuration of an EAP profile </li></ul></ul><ul><ul><li>Creation of local users or delegation to an LDAP server </li></ul></ul><ul><ul><li>Validation of the EAP profile in a WLAN </li></ul></ul>
  13. 13. Security > Local EAP > Profiles > Edit
  14. 14. Security > Local EAP > EAP-FAST Parameters
  15. 15. Security > AAA > Local Net Users
  16. 16. Security > Local EAP > Authentication Priority Only LDAP is used LDAP is used only if the local list does not contain the user
  17. 17. Security >AAA > LDAP
  18. 18. WLAN > Edit
  19. 19. Summary <ul><ul><li>802.1X allows a port to be blocked while the client is authenticated. </li></ul></ul><ul><ul><li>EAP creates a framework to carry the typical steps in an authentication process. </li></ul></ul><ul><ul><li>WLAN controllers can relay the wireless client authentication task to an external RADIUS server. </li></ul></ul><ul><ul><li>WLAN controllers can also be configured to handle EAP locally, based on an internal user database or an external LDAP server. </li></ul></ul>