Iuwne10 S04 L06


Published on

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Iuwne10 S04 L06

  1. 1. WLAN Security Configuring Wireless Security on Controllers and Clients
  2. 2. Security Policy Logic
  3. 3. WLAN > Edit > Security
  4. 4. WLAN > Edit > Security (Cont.)
  5. 5. Security
  6. 6. 802.1X
  7. 7. 802.1X + WEP
  8. 8. WPA + WPA2
  9. 9. WZC Association
  10. 10. WZC Authentication Device authentication Revert to guest/no password, if no credentials could be found in the configuration
  11. 11. WZC Authentication: Smart Card or Certificate
  12. 12. WZC: PEAP
  13. 13. NetworkManager <ul><li>If an EAP type, window extends </li></ul>If applicable, fields show
  14. 14. Mac AirPort Extreme
  15. 15. Cisco ADU: Profile Security <ul><li>None </li></ul>
  16. 16. Cisco ADU: Profile Security (Cont.) In WEP PSK, click on configure to create up to 4 keys (passwords). They can be 40 bits long (key only), or 128 bits long (104 bits key + 24 bits initialization vector).
  17. 17. Cisco ADU: Profile Security (Cont.) 802.1x is authentication only. You then configure how this particular authentication should occur. In this example, LEAP, which is username- and password-based.
  18. 18. Cisco ADU: Profile Security (Cont.) <ul><li>WPA PSK relies on password strength </li></ul>WPA/WPA2 imply encryption, and authentication through a common password or a per-user basis. In the common password case, click Configure to set the password
  19. 19. Cisco ADU: Profile Security (Cont.) WPA/WPA2/CCKM imply encryption and EAP type authentication. Select which type in the list, and click Configure to determine how authentication should occur for the particular type you choose.
  20. 20. Web Authentication <ul><ul><li>This allows users to authenticate through a web interface </li></ul></ul><ul><ul><li>Clients who attempt to access the WLAN using HTTP are automatically directed to a login page: </li></ul></ul><ul><ul><ul><li>Login page is customizable for logos and text </li></ul></ul></ul><ul><ul><ul><li>Maximum simultaneous authentication requests using web authentication is 21 </li></ul></ul></ul><ul><ul><ul><li>Maximum number of local web authentication users is 2048 (default 512) </li></ul></ul></ul><ul><ul><li>This is generally used for guest access </li></ul></ul><ul><ul><li>The Login page on the controller is now fully customizable </li></ul></ul>
  21. 21. Web Authentication Process
  22. 23. WLAN > Edit > Security > Layer 3
  23. 24. Security > Web Auth > Web Login Page
  24. 25. Security > Web Auth > Web Authentication Certificate
  25. 26. Summary <ul><ul><li>WLAN security is configured from the Layer 2 and Layer 3 tabs and the main Security menu. </li></ul></ul><ul><ul><li>802.1X implies a RADIUS server configuration; the encryption will be None or WEP. </li></ul></ul><ul><ul><li>WPA/WPA2 allow both enterprise and personal modes: in enterprise mode, the RADIUS server is defined; in personal mode, the password is defined. </li></ul></ul><ul><ul><li>The WZC, Cisco ADU, NetworkManager, and Mac AirPort Extreme provide different interfaces to configure the exact type on the client side. </li></ul></ul><ul><ul><li>Web authentication allows a Layer 3 authentication, while Layer 2 is set as Open. </li></ul></ul>