Professional Documents
Culture Documents
WLAN Security
WLAN Security
1.1.1 .................................................................. 3
1.1.1.1 ............................................................................................... 5
1.1.1.2 ....................................................................................... 6
1.1.1.3 MFP....................................................................... 8
1.1.1.4 2-7 IPSIDS .............................. 8
1.1.1.5 AP .. 11
1.1.1.6 NAC ........................................................................ 13
1.1.1.7 Mesh ....................................................................... 14
1.1.1.8 CCKM ................................................. 14
1.1.1.9 ......................................................................................... 14
1.1.1.10 ....................................................................................... 16
1.1.1
802.11
802.11WLAN
802.11
802.1x/EAP802.11iWPA/WPA2 802.11w
Cisco 802.1x/EAP
WLAN WLAN
WLAN
WLAN
WLAN
AP
AP
/ AP
802.11w
802.11w
CCX MFP
Mesh 802.11a Backhaul
11a
WEPTKIPAES
MFP
2-7 IPSIDS
AP
NAC
Mesh
CCKM
Cisco
Security
Agent
Public
Untrusted
NAC
Manager
Enterprise
CSA
Server
Wireless
Trusted
Wired
Guest Anchor
Controller
NAC
Appliance
CS-MARS
SSC
WPA2
MFP
Guest
1.1.1.1
WLAN 802.1X-EAPTKIP
AES
IV
AirSnort
LEAPEAP
FASTEAP-TLS
PEAP
WEP
WEP
LEAPEAP-FAST
EAP-TLS PEAP
TKIP/MICAES
TKIP/AES
TKIP WEP 1 WEP
(MIC) 2 WEP
MIC 802.11 Integrity check function (ICV)
MIC AP
MIC MIC
WEP WEP
802.1X WEP
802.11i WEP WEP
Cisco WLAN
1.1.1.2
X.509
Campus Network
AAA/DHCP
Authorized
Users/Devices
AP -AP 802.1x
AP 802.1x
AP 802.1x AAA
AP AP
1.1.1.3 MFP
AP
MIC
MFP AP
MFP
MFP Protected
MFP Protected
FUTURE- CCXv5
WIDS
IP
Web
2 IPS 7 IPS
27 2-7 IDS
IDS 2-7
IDS IDS
L2 IDS
Controller
Client shun
L3-7 IDS
Wired IDS
1.1.1.5 AP
APAd-Hoc
AP APAd-Hoc
Network
Core
Si
Si
NMS
Si
Wireless Control
System (WCS)
Distribution
Wireless
LAN
Controller
Access
Auto-RRM
RLDP
ARP Sniffing
Rogue
AP
Rogue
AP
Rogue
Detector
Rogue
AP
AP
1. AP
()
2. AP
( ...)
3. AP
4.
AP
AP AP
AP AP
AP AP
AP AP
AP Monitor
AP AP+Monitor AP
AP AP
AP AP
AP AP
AP
AP AP
WCS
Rogue AP
L2 Switched Network
AP AP
AP
AP
AP
1.1.1.6 NAC
NAC
Radius
1.1.1.7 Mesh
Mesh Mesh
Mesh
AES
AES Mesh
1.1.1.8 CCKM
1.1.1.9
Internet
Corporate
Network
DMZ
Isolated
Guest
Traffic
802.1Q
Trunk
Guest
SSID
Corporate
SSID
Corporate
SSID
Guest
SSID
DMZ
Guest Traffic
tunneled to DMZ
via Ethernet over
IP Tunnel
Corporate
SSID
Guest
SSID
Internet
Corporate
Network
Corporate
SSID
Guest
SSID
DMZ
1.1.1.10
Log