Filter
Top Products
5/26/05 Cisco WLAN Solution Wired Security
OL-7426-03
• The Cisco WLAN Solution also uses manual and automated Disabling to block access to network
services. In manual Disabling, the operator blocks access using client MAC addresses. In
automated Disabling, which is always active, the Operating System software automatically
blocks access to network services for an operator-defined period of time when a client fails to
authenticate for a fixed number of consecutive attempts. This can be used to deter brute-force
login attacks.
These and other Cisco WLAN Solution Security
features use industry-standard authorization and
authentication methods to ensure the highest possible security for your business-critical wireless LAN
traffic.
For information about Cisco WLAN Solution wired security, refer to Cisco WLAN Solution Wired Security.
About Cisco WLAN Solution Wired SecurityCisco WLAN Solution Wired Security
Many traditional Access Point vendors concentrate on security for the Wireless interface similar to that
described in the Operating System Security section. However, for secure Cisco Wireless LAN Controller
Service Interfaces (Cisco Wireless Control System
, Web User Interface, and Command Line Interface),
Cisco Wireless LAN Controller to AP, and inter-Cisco Wireless LAN Controller communications during
device servicing and Client Roaming, the Operating System includes built-in security.
Each Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access point is manufactured with
a unique, signed X.509 certificate. This certificate is used to authenticate IPSec tunnels between
devices. These IPSec tunnels ensure secure communications for mobility and device servicing.
Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points also use the signed
certificates to verify downloaded code before it is loaded, ensuring that hackers do not download
malicious code into any Cisco Wireless LAN Controller or Cisco 1000 Series lightweight access point.
For information about Cisco WLAN Solution wireless security, refer to Operating System Security
.
Layer 2 and Layer 3 LWAPP OperationLayer 2 and Layer 3 LWAPP Operation
The LWAPP communications between Cisco Wireless LAN Controller and Cisco 1000 Series lightweight
access points can be conducted at ISO Data Link Layer 2 or Network Layer 3.
Operational RequirementsOperational Requirements
The requirement for Layer 2 LWAPP communications is that the Cisco Wireless LAN Controller and Cisco
1000 Series lightweight access points must be connected to each other through Layer 2 devices on the
same subnet. This is the default operational mode for the Cisco WLAN Solution. Note that when the
Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access points are on different subnets,
these devices must be operated in Layer 3 mode.
The requirement for Layer 3 LWAPP communications is that the Cisco Wireless LAN Controllers and
Cisco 1000 Series lightweight access points can be connected through Layer 2 devices on the same
subnet, or connected through Layer 3 devices across subnets.
Note that all Cisco Wireless LAN Controllers in an Cisco WLAN Solution Mobility Group
must use the
same LWAPP Layer 2 or Layer 3 mode, or you will defeat the Mobility software algorithm.
Configuration RequirementsConfiguration Requirements
When you are operating the Cisco WLAN Solution in Layer 2 mode, you must configure a Management
Interface to control your Layer 2 communications.
When you are operating the Cisco WLAN Solution in Layer 3 mode, you must configure a Management
Interface to control your Layer 2 communications, and an AP-Manager Interface to control Cisco 1000
Series lightweight access point-to-Cisco Wireless LAN Controller Layer 3 communications.