Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN.

Published byBarnaby Charles Modified over 9 years ago

Similar presentations

Presentation on theme: "1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN."— Presentation transcript:

1 1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN KOEN JACOBS – SYSTEMS ENGINEER – koen@cisco.comkoen@cisco.com www.cisco.com/go/wireless/

2 222 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO WLAN EXTENDS THE MULTISERVICE NETWORK 222 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

3 333 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Bringing Intelligent Services to WLAN Security QoS VLANs … interface Dot11Radio0 no ip address no ip route-cache encryption key 1 size 40bit 7 7823F25A0AB8 transmit-key encryption mode wep mandatory ! ssid tsunami authentication open guest-mode ! End-to-End IOS = End-to-End Intelligence!

4 444 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Security in WLANs Still the number 1 concern! Wardriving & Warchalking Getting a lot of press Still many poorly protected WLANs SSID != Security MAC Filters 802.11 Standard WEP Credit: KNTV San Jose

5 555 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite Security in the Enterprise No WEP and Broadcast Mode Public Access No Security Wi-Fi 40-bit, 128-bit, and Static WEP Telecommuter and Small Business Basic Security Dynamic Key Management System, Mutual Authentication, and 802.1x via EAP Mid-Market and Enterprise Enhanced Security

6 666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite www.cisco.com/go/aironet/security www.cisco.com/go/aironet/security Wireless LAN Security consists of three components I.The Authentication Framework IEEE 802.1x authentication framework supports many authentication types & the link layer II.The Authentication Algorithm EAP Cisco Wireless (LEAP) and EAP-FAST support centralized, user-based authentication with the ability to generate dynamic WEP keys Idem for PEAP *, but also supports OTPs III.The Encryption Algorithm = WEP for 802.11 Cisco was the first to augment WEP encryption through TKIP * (Temporal Key Integrity Protocol) - same functionality now part of WPA, under the name CKIP Message Integrity Check (MIC) mitigates man-in-the-middle attacks Per-Packet Keying mitigates WEP key derivation attacks e.g. AirSnort Broadcast Key Rotation * 802.11i draft

7 777 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite The Complete Picture – Cisco Compatible Extensions WPA Wi-Fi Protected Access CCX Cisco Compatible eXtensions CCX WPA CCX Built on Standards Optimized for Enterprise Broad Adoption Tested for Interoperability TKIP Temporal Key Integrity Protocol AES Advanced Encryption Standard 802.1X Authentication TKIP or AES Encryption

8 888 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID SSID: Voice VLAN: 3 SSID: Private VLAN: 1 802.1Q VLAN trunk to wired network SSID: Public VLAN: 2 Static VLAN mapping via SSID, or dynamic VLAN assignment via policy server (RADIUS) Up to 16 VLANs Each VLAN can e.g. have a different security policy, in- line with the user-profile Support for 802.1p/Q VLANs for end-to-end integration VLANs – Segmenting the WLAN Supports any CCX client!!

9 999 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Quality of Service Pre-standard implementation: downstream QoS Using EDCF – Enhanced Distributed Coordination Frame 802.11e will deliver upstream & downstream

10 10 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO SWAN www.cisco.com/go/swan/ www.cisco.com/go/swan/ 10 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

11 11 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Providing Superior Wireless Security, Deployment, Management, and Mobility by INTEGRATING and EXTENDING Wireless Awareness into Key Elements of the Network Infrastructure - Servers, Switches, Routers, APs, and Clients 11 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Structured Wireless-Aware Network

12 12 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID 12 Cisco SWAN – Three Elements 3 Cisco switches and routers with wireless-aware Cisco IOS ® Software 1 WLSE 2.7 Aironet 1100/1200/1300 Radios: 802.11b/g/a Wi-Fi client adapters 802.1X AAA Server Fast Secure L3 Mobility Centralized Policies High Availability Expanded security options Granular Site Surveys Simplified Deployment/Mgmt Rogue AP Detection and Suppression2 Cisco Aironet clients Cisco Compatible (CCX) clients

13 13 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco SWAN Minimizes WLAN TCO Cisco warranties and support services; Cisco partnerships like CCX program Optimized deployment of high-performance APs: Assisted Site Survey, “live” RF* readings WPA for access control/authentication and data privacy, integrated WLAN IDS functionality, including rogue AP detection and suppression Support Deployment Security * RF = radio frequency = data transmissions in the air Automated operations of APs (configs, FW, etc.) and RF* (coverage, interference, etc.) Management Future switch/router enhancements for scalability, familiar interface, and fast secure L3 roaming Flexibility

14 14 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco SWAN Components WLSE Cisco Secure ACS Access Points WDS-mode Infrastructure-mode Client Cards Cisco Clients CCX v2

15 15 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless Domain Services Provides centralized software services on behalf of a L2 subnet (WLAN clients and APs) Currently supported on AP 1100/1200 & Bridge/AP 1300 Catalyst 6500 WLSM – more switches/routers to follow Minimizes traffic across LAN/WAN WDS AP supports up to 30 infrastructure APs 60 infrastructure APs in dedicated mode Features that leverage WDS Fast Secure Roaming Radio Management/Monitoring - Rogue AP detection / Interference / … Local authentication

16 16 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID An Example – Rogue AP Detection Network Core Distribution Access WDS Rogue AP in coverage areas of trusted APs RM Rogue AP outside coverage areas of trusted APs

17 17 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID An Example – Rogue AP Detection Network Core Distribution Access Rogue AP RM-Agg RM WDS Rogue AP 1.Radio measurements (RMs) are sent to WDS 2.WDS aggregates and condenses RMs 3.WDS forwards RM aggregation to WLSE 4.WLSE generates reports, alerts, etc.

18 18 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Catalyst 6500 WLSM Wireless LAN Services Module Provide seamless layer 3 mobility across an entire campus No client hardware or software requirements Supports low latency roams for Voice Simplify Cisco SWAN deployment and configuration Reduce the number of Wireless Domain Services (WDS) needed Simplify Deployments No changes necessary to existing network infrastructure Provides a single interface per-SSID for the application of security and QoS policy

19 19 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Enterprise Campus Roaming and Aggregation Cisco SWAN enables Fast Secure Scalable Wireless Networking Single Point of Ingress/Egress Fast Secure Roaming Simple Configuration Non-Stop Forwarding / Stateful Switchover Scalability Integrated Security Services Seamless Layer 3 Roaming Across Subnets 10.11.12.13 Existing Network CiscoWorks WLSE 2.7 Fast Secure Roaming Tunnels WDS

20 20 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID PSTN Voice Catalyst 6500 Series with WLSM VPN Services Firewall Core Intrusion Detection Firewall Internet Guests Guest Employee Phone WLAN traffic tunneled to mGRE interface Mobility Groups Enable Secure Segmentation

21 21 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless LAN Solution Engine Key Features Turnkey operational tool for managing Cisco WLANs Manages up to 2500 Cisco APs and bridges, plus attached Cisco switches and routers and LEAP servers Template-based configuration of APs and bridges AP & bridge security misconfiguration detection and alerts Proactive fault and performance monitoring of APs, bridges Authentication server and attached switch/router monitoring AP/Bridge summary and utilization reports Current & historical client association tracking reports Upper-layer NMS/OSS integration via northbound trap, SYSLOG Secure HTML-based UI Role-based Access Control System & User Defined Device Grouping

22 22 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Managing the WLAN with WLSE Client Association Tracking and Reports Device Grouping LEAP Monitoring Fault/Performance Monitoring of APs & Bridges Template-based configuration of APs & Bridges Switch monitoring

23 23 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CiscoWorks WLSE www.cisco.com/go/wlse www.cisco.com/go/wlse Rogue AP Detection Location Manager Assisted Site Survey

24 24 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID RM Example: Self Healing Radio Network Lost radio interface

25 25 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO AIRONET www.cisco.com/go/aironet/ www.cisco.com/go/aironet/ 25 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

26 26 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Aironet 1200 Series Investment Protection and Future Proof Supports 802.11a/b/g IOS support 8MB of storage Performance & Flexibility Modularity In-line and regular power Unique security suite (LEAP, PEAP, …) Easy and integrated management Minimizes Total Cost of Ownership Plenum rated chassis Physical Security 802.11b/g 802.11a Dual- band

27 27 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Scalable Fully functional access point ideal for all enterprise deployments without expensive controllers 802.11b now – upgradeable to 802.11g Affordable Lowest priced upgradeable Cisco Aironet access point protects customer investment Enterprise-class features End-to-end intelligent networking extended to WLAN Secure Enterprise-class interoperable security for WLAN Easy-to-use Intuitive installation and set up for rapid deployment Cisco Aironet 1100 Series

28 28 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Multi Function Access Point Bridge Workgroup Bridge 802.11g 54 Mbps at 2.4 GHz Outdoor enclosure – IP56 Included in Cisco SWAN solution Aironet 1300 Outdoor AP/Bridge

29 29 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless LAN Client Adapters 802.11a/b/g dual band client adapters 54 Mbps in 2.4 and 5 GHz bands 802.11b support provides investment protection CardBus and PCI form factors Windows XP/2000 802.11a client adapters 802.11b client adapters PCMCIA and PCI form factors Broad OS support (MacOS, Linux, …) CCX-compliant adapters

30 30 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Compatible Extension Program Key Benefits Innovative Features Cisco Wireless Security Suite LEAP & pre-standard TKIP Cisco VLAN 40+ features in CCX v2.0 No cost licensing Innovative Features Cisco Wireless Security Suite LEAP & pre-standard TKIP Cisco VLAN 40+ features in CCX v2.0 No cost licensing Confidence to Deploy WLAN Tested Interoperability Leading security solution Ongoing feature development Wide variety of devices & OS’s Confidence to Deploy WLAN Tested Interoperability Leading security solution Ongoing feature development Wide variety of devices & OS’s Industry Standards Compliance Wi-Fi, WPA & 802.11 Industry Standards Compliance Wi-Fi, WPA & 802.11 Superset to industry standards Accelerate availability of enterprise features

31 31 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Compatible Extension Program Some of the partners… www.cisco.com/go/ciscocompatible/wireless/ www.cisco.com/go/ciscocompatible/wireless/ In total 95% of 3 rd party client NICs are covered!

32 32 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless IP Phone 7920 Supports LEAP – Extending security to voice clients! IEEE 802.11b, Direct Sequence with Dynamic Rate Scaling at 1, 2, 5.5, 11 Mbps Pixel-based display 4 lines + soft keys + date/time/RF/battery + status indication High performance speaker supports CCM ring tones Visual message waiting, key lock, and vibration icon indicators Current HW version will go through 3 SW stages Automatic IEEE 802.1q (virtual LAN [VLAN]) configuration G.711a, G.711u, and G.729a audio-compression coder-decoders (codecs) SNMP manager DHCP or static configuration option Alternate TFTP support Range of accessories: cradle, casings, USB cable, … Features planned for future software release  XML services  Directory services (LDAP)  Extension mobility  WPA  Additional language support  450 character, two-way  Paging/messaging

33 33 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Q and A 33 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

34 34 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

Download ppt "1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN."

Similar presentations

Wireless Technology.

Wireless Technology.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
USRobotics Professional Access Point  Yosi Rafael.

USRobotics Professional Access Point  Yosi Rafael.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—11-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.

Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Cisco Unified Wireless Network Webinar Commercial WLAN.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Cisco Unified Wireless Network Webinar Commercial WLAN.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN-6-4 1 Configuring Cisco WLAN Clients BCMSN Module 6 Lesson 4.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Cisco WLAN Clients BCMSN Module 6 Lesson 4.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 6 - 6 1 Configuring Wireless LANs BCMSN Module 6 Lesson 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Wireless LANs BCMSN Module 6 Lesson 6.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
D-Link Unified Access Point

D-Link Unified Access Point
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
1 © 2004 Cisco Systems, Inc. All rights reserved. In-Building Wireless Conference – Feb.’04 “DUAL-MODE” WIRELESS TELEPHONY: THE CONVERGENCE OF VoIP + WI-FI.

1 © 2004 Cisco Systems, Inc. All rights reserved. In-Building Wireless Conference – Feb.’04 “DUAL-MODE” WIRELESS TELEPHONY: THE CONVERGENCE OF VoIP + WI-FI.

Similar presentations

Ads by Google