Filter
Top Products
DellPowerConnectW-SeriesArubaOS6.2 | User Guide AdvancedSecurity | 670
Chapter 36
Advanced Security
Extreme Security (xSec) is a cryptographically secure, Layer-2 tunneling network protocol implemented over the
802.1x protocol. The xSec protocol can be used to secure Layer-2 traffic between the Dell controller and wired and
wireless clients, or between Dell controllers.
NOTE: xSec is an optional ArubaOS software module. You must purchase and install the license for the xSec software module on
the controller.
Topics in this chapter include:
l "Securing Client Traffic" on page 670
l "Securing Controller-to-Controller Communication" on page 677
l "Configuring the Odyssey Client on Client Machines" on page 678
xSec encrypts an original Layer-2 data frame inside a Layer-2 xSec frame, the contents of which are defined by the
protocol. xSec relies on 256-bit Advanced Encryption Standard (AES) encryption.
Upon 802.1x client authentication, xSec creates a tunnel between the client and the controller. The xSec frame sent
over the air or wire between the user and the controller contains user and controller information, as well as original IP
and MAC addresses, in encrypted form. All user information is secured using xSec. This concept is also extended to
secure management information and data between two Dell controllers on the same VLAN.
For xSec tunneling between a client and controller to work, a version of the Funk Odyssey client software that
supports xSec needs to be installed on the client. It is possible to secure clients running Windows 2000 and XP
operating systems using xSec and the Odyssey client software..
NOTE: xSec is an optional licensed feature for Dell controllers. xSec is automatically enabled on the controller when you install the
license. For information about the currently supported release for Funk Odyssey, please contact Juniper Networks.
xSec provides the following advantages:
l Advanced security as Layer-2 frames are encrypted and tunneled.
l Ease of implementation of advanced encryption in a heterogeneous environment. xSec is designed to support
multiple operating systems and a wide range of network interface cards (NICs). All encryption and decryption on
the client machine is performed by the Odyssey client while the NICs are configured with NULL encryption.
This ensures that even older operating systems that cannot be upgraded to support WPA or WPA2
authentication can be secured using xSec and the Odyssey client.
l Compatible with TLS, TTLS and PEAP.
l Advanced authentication extended to wired clients allowing network managers to secure wired ports.
Securing Client Traffic
You can secure wireless or wired client traffic with xSec. On the client, install the Odyssey Client software. The xSec
client must complete 802.1x authentication. to connect to the network. The client indicates the use of the xSec