1. Home
  2. Networking
  3. Wireless lan security

Summary

After reading this chapter, you should understand the following key concepts:

  • Three WLAN deployment modes are available using Cisco products: standalone AP mode, SWAN nonswitching deployment mode, and SWAN central switching deployment mode. SWAN deployment modes enable services such as fast secure roaming (both Layer 2 and Layer 3) for 802.1x users, radio management functions, security policy monitoring, and overall multilayer security defense implementation.

  • Infrastructure authentication is required in a SWAN-enabled network to secure the communication link between each WDS client AP and the WDS server.

  • Radio monitoring functions are enabled using integrated or standalone AP-based scanning and optional client scanning using Cisco and CCX clients.

  • Key RM security functions to deploy are rogue AP detection and suppression, non-802.11 interference detection (to detect possible RF DoS attacks), and WDS-based client tracking.

  • Fast secure roaming is provided to expedite roaming for 802.1x clients. This is critical for latency-sensitive applications such as VoIP when using WPA (or 802.1x with dynamic WEP) as the security mechanism.

  • The local RADIUS authentication service is provided for the branch/remote office scenarios when the primary RADIUS server (located at corporate HQ) becomes unavailable (for example, due to WAN link failure). You can deploy the local 802.1x RADIUS service on a standalone AP, WDS client AP, or preferably the WDS server.



    		Chapter 1. Securing WLANs Overview
    		Chapter 2. Basic Security Mechanics and Mechanisms
    		Chapter 3. WLAN Standards
    		Chapter 4. WLAN Fundamentals
    		Chapter 5. WLAN Basic Authentication and Privacy Methods
    		Chapter 6. Wireless Vulnerabilities
    		Chapter 7. EAP Authentication Protocols for WLANs
    		Chapter 8. WLAN Encryption and Data Integrity Protocols
    		Chapter 9. SWAN: End-to-End Security Deployment
    		Overview of SWAN Security Features
    		WLAN Deployment Modes and Security Features
    		SWAN Infrastructure Authentication
    		Radio Management and Wireless Intrusion Detection
    		SWAN Fast Secure Roaming (CCKM)
    		Local 802.1x RADIUS Authentication Service
    		Summary
    		Chapter 10. Design Guidelines for Secure WLAN
    		Chapter 11. Operational and Design Considerations for Secure WLANs
    		Chapter 12. WLAN Security Configuration Guidelines and Examples
    		Chapter 13. WLAN Deployment Examples
    		Appendix A. Resources and References