1. Home
  2. Networking
  3. Wireless lan security

Cisco Enterprise Class Wireless LAN Products

Cisco Systems provides multiple WLAN products, including access points (APs), bridges, workgroup bridges, client adapters, network management appliances, and wired/WLAN integration components. For example, various APs are available from Cisco, such as AP1200, AP1100, and so on, for deployment using various 802.11 technologies. Cisco WLAN products, such as APs and bridges, use Cisco IOS as the operating system. Also, multiple WLAN components and features are available on Cisco Catalyst switching platforms and the router platforms for wireless and wired integration (as part of the Structured Wireless-Aware Network [SWAN] implementation). This section details Cisco products that are currently available for WLAN deployment in enterprise, vertical (retail, health care, education, manufacturing, and so on), and small-to-medium business (SMB) markets. The list of products described in the following sections is not exhaustive; rather, it is a sample of key WLAN products available for deployment.

Cisco Aironet AP1200 Access Point

The Cisco Aironet AP1200 AP is a dual-mode (two-radio) platform. It supports 802.11b, 802.11a, and 802.11g technologies simultaneously with the use of two radios (2.4-GHz and 5-GHz radios). It also supports a pair of antennas per radio. Customers have several antenna choices for 2.4-GHz radio (802.11b and 802.11g), whereas a built-in flexible antenna (omnidirectional and patch) is provided per FCC regulations for the 5-GHz radio (802.11a). The AP1200 supports all EAP authentication protocols (Cisco LEAP, Extensible Authentication Protocol Transport Layer Security [EAP TLS], Protected EAP [PEAP], and so on), RADIUS-based authentication, authorization and accounting, Cisco Temporal Key Integrity Protocol (TKIP), WPA TKIP, Advanced Encryption Standard (AES) for stronger encryption and data integrity, and 802.1Q-based VLANs for user or device differentiation. Furthermore, the AP1200 provides 802.11e-based QoS mechanisms and Layer 3 roaming capabilities (as part of SWAN central switching deployment mode). AP1200 provides built-in network management tools such as HTTP and command-line interface (CLI) management interfaces, Simple Network Management Protocol (SNMP), Telnet, Secure Shell Protocol (SSH), and Trivial File Transfer Protocol (TFTP).

Cisco Aironet AP1100 Access Point

The Cisco Aironet AP1100 is a single-radio platform that supports 802.11b or 802.11g radio (2.4 GHz) and comes integrated with an antenna. The AP1100 supports all EAP authentication protocols (LEAP, EAP-TLS, PEAP, and so on), RADIUS-based authentication, authorization and accounting, Cisco TKIP, WPA TKIP, AES for stronger encryption and data integrity, and 802.1Q-based VLANs for user or device differentiation. Furthermore, the AP1100 provides 802.11e-based QoS mechanisms and Layer 3 roaming capabilities (as part of SWAN central switching deployment mode). AP1100 provides built-in network management tools such as HTTP and CLI management interfaces, SNMP, SSH, Telnet, and TFTP.

Cisco Aironet AP350 Access Point

The Cisco Aironet AP350 is a single-radio platform that supports only 802.11b technology. The AP350 supports all EAP authentication protocols (LEAP, EAP-TLS, PEAP, and so on), RADIUS-based authentication, authorization and accounting, Cisco TKIP and WPA TKIP for stronger encryption and data integrity, and 802.1Q-based VLANs for user or device differentiation. Furthermore, the AP350 provides 802.11e-based QoS mechanisms and Layer 3 roaming capabilities (Proxy Mobile IP). AP350 provides built-in network management tools such as HTTP and CLI management interfaces, SNMP, SSH, Telnet, and TFTP.

Cisco Aironet BR350 Bridge

The Cisco Aironet BR350 is an 802.11b-based bridge for outdoor deployments. The BR350 enables speeds up to 11 Mbps for long-range, outdoor links deployment of up to 25 miles between buildings. BR350 supports both point-to-point and point-to-multipoint configurations and a broad range of antennas for the outdoor deployments. Cisco LEAP authentication can be used with CKIP to secure the bridged link between the nonroot and root bridges. Furthermore, BR350 supports all EAP authentication protocols and CKIP for WLAN client authentication and data encryption. BR350 supports 802.1Q-based VLAN trunking between root and nonroot bridges, along with VLANs for user or device differentiation. Furthermore, the BR350 provides 802.11e-based QoS mechanisms for traffic prioritization. BR350 provides built-in network management tools such as HTTP and CLI management interfaces, SNMP, SSH, Telnet, and TFTP.

Cisco Aironet BR1410 Bridge

The Cisco Aironet BR1410 is an 802.11a-based bridge that uses the 5.7-GHz unlicensed spectrum for outdoor deployments. The BR1410 enables speeds up to 54 Mbps for long-range, outdoor links deployment between buildings. BR1410 supports both point-to-point and point-to-multipoint configurations and a broad range of antennas for the outdoor deployments. Cisco LEAP authentication can be used with CKIP to secure the bridged link between the nonroot and root bridges. BR1400 supports 802.1Q-based VLAN trunking between root and nonroot bridges. Furthermore, the BR1410 provides 802.11e-based QoS mechanisms for traffic prioritization. BR1410 provides built-in network management tools such as HTTP and CLI management interfaces, SNMP, SSH, Telnet, and TFTP.

Cisco Aironet 802.11b/a/g and Cisco Client Extensions?Enabled Devices

Cisco Aironet 802.11 client adapters and Cisco Client Extensions (CCX)-compliant 802.11 adapters or devices are used to provide wireless network connectivity to a variety of computers, including laptops, PDAs, and workstations. Client adapters using various 802.11 technologies (802.11a/b/g) are available from Cisco. CCX qualified devices (such as laptops) and CCX-qualified 802.11 adapters are non-Cisco client hardware that support various Cisco client functionalities. A list of CCX-qualified client hardware is available at http://www.cisco.com/en/US/partners/pr46/pr147/partners_pgm_concept_home.html.

Worth noting is that major 802.11 chipset manufacturers (including Intel, Aethors, and Broadcom) and laptop manufactures (IBM, Dell, HP, and Toshiba) are included as part of the CCX program.

Cisco Secure Access Server

Cisco Secure ACS provides authentication, authorization, and accounting services to network devices, such as a network access server, PIX Firewall, router, or access point, that function as AAA clients. In a wireless LAN network, the ACS server plays an important role of authenticating WLAN users using EAP authentication protocols (LEAP, EAP-TLS, and PEAP) and creating dynamic session keys for user data encryption between the client and the AP. Along with EAP authentication, Cisco Secure ACS can be used for administrator authentication and authorization. With Cisco Secure ACS, network administrators can quickly administer accounts and globally change levels of service offerings for entire groups of users. Although use of an external user database is optional, support for many popular user repository implementations enables companies to put to use the working knowledge gained from and the investment already made in building their corporate user repositories. Cisco Secure ACS uses the TACACS+ and RADIUS protocols to provide AAA services that ensure a secure environment.

Cisco Wireless LAN Solution Engine

Cisco Wireless LAN Solution Engine (WLSE) is a turnkey network management solution for managing Cisco Aironet wireless LAN infrastructure. It provides centralized, template-based configuration with hierarchical, customer-defined grouping to efficiently manage large numbers of APs and bridges. If desired, plug-and-play configuration allows newly deployed APs and bridges to be automatically configured using the WLSE. The WLSE monitors RADIUS server(s) for LEAP, PEAP, and generic RADIUS authentication service availability. The WLSE further enhances security management by detecting misconfigurations on APs and bridges. The functionality within CiscoWorks WLSE includes proactive monitoring, troubleshooting, notification of performance degradation, and reports for improving capacity planning. The WLSE can also be used for RF management such as the Cisco assisted Site Survey and rogue AP detection capabilities. Refer to Chapter 9 for more details on RF management functions provided by the WLSE.

Catalyst 6500 Wireless LAN Services Module

This services module on the Catalyst 6500 product platform integrated with the Supervisor 720 module supports wireless domain services (WDS) features along with central switching mode to provide end-to-end security, mobility, and manageability for wireless LAN deployments in large and medium-size enterprises and vertical markets. This also allows for wired and wireless integration in a campus environment. This deployment model supports key features such as WDS scalability, Layer 2/Layer 3 fast secure roaming, 802.11 user data aggregation, RF management services, and end-to-end security for wireless and wired LAN integration.



    		Chapter 1. Securing WLANs Overview
    		Chapter 2. Basic Security Mechanics and Mechanisms
    		Chapter 3. WLAN Standards
    		Chapter 4. WLAN Fundamentals
    		Chapter 5. WLAN Basic Authentication and Privacy Methods
    		Chapter 6. Wireless Vulnerabilities
    		Chapter 7. EAP Authentication Protocols for WLANs
    		Chapter 8. WLAN Encryption and Data Integrity Protocols
    		Chapter 9. SWAN: End-to-End Security Deployment
    		Chapter 10. Design Guidelines for Secure WLAN
    		Chapter 11. Operational and Design Considerations for Secure WLANs
    		Chapter 12. WLAN Security Configuration Guidelines and Examples
    		Cisco Enterprise Class Wireless LAN Products
    		WLAN Security Methods: Configuration Guidelines and Examples
    		SWAN Nonswitching Deployment: Configuration Guidelines and Examples
    		Securing Bridge-to-Bridge Links
    		Secure WLAN Management Configuration Guidelines
    		SWAN Central Switching Deployment: Configuration Guidelines and Examples
    		Summary
    		Chapter 13. WLAN Deployment Examples
    		Appendix A. Resources and References