Network Security 1. Module 7 Configure Trust and Identity at Layer 2

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Network Security 1. Module 7 Configure Trust and Identity at Layer 2"

Transcription

1 Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1

2 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2

3 Module 7 Configure Trust and Identity at Layer Identity-Based Networking Services (IBNS) 3

4 Identity Based Network Services Unified Control of User Identity for the Enterprise Cisco VPN Concentrators, IOS Routers, PIX Security Appliances Cisco Secure ACS OTP Server Hard and Soft Tokens Firewall Router Internet Remote Offices VPN Clients 4

5 802.1x Roles Supplicant Authenticator Authentication Server 5

6 802.1x Authenticator and Supplicant Cisco Secure ACS The perimeter router acts as the authenticator Internet Home Office The remote user s PC acts as the supplicant 6

7 802.1x Components 7

8 How 802.1x Works End User (client) Catalyst 2950 (switch) Authentication Server (RADIUS) 802.1x RADIUS Actual authentication conversation occurs between the client and Authentication Server using EAP. The authenticator is aware of this activity, but it is just a middleman. 8

9 How 802.1x Works (Continued) End User (client) Catalyst 2950 (switch) Authentication Server (RADIUS) EAPOL - Start EAP Request Identity EAP Response/Identity EAP Request/OTP EAP Response/OTP EAP Success RADIUS Access - Request RADIUS Access - Challenge RADIUS Access - Request RADIUS Access - Accept Port Authorized EAPOL Logoff Port Unauthorized 9

10 EAP Characteristics EAP The Extensible Authentication Protocol Extension of PPP to provide additional authentication features A flexible protocol used to carry arbitrary authentication information. Typically rides on top of another protocol such as 802.1x or RADIUS. EAP can also be used with TACACS+ Specified in RFC 2284 Support multiple authentication types : EAP-MD5: Plain Password Hash (CHAP over EAP) EAP-TLS (based on X.509 certificates) LEAP (EAP-Cisco Wireless) PEAP (Protected EAP) 10

11 EAP Selection Cisco Secure ACS supports the following varieties of EAP: EAP-MD5 An EAP protocol that does not support mutual authentication. EAP-TLS EAP incorporating Transport Layer Security (TLS). LEAP An EAP protocol used by Cisco Aironet wireless equipment. LEAP supports mutual authentication. PEAP Protected EAP, which is implemented with EAP-Generic Token Card (GTC) and EAP-MSCHAPv2 protocols. EAP-FAST EAP Flexible Authentication via Secured Tunnel (EAP- FAST), a faster means of encrypting EAP authentication, supports EAP-GTC authentication. 11

12 Cisco LEAP Lightweight Extensible Authentication Protocol Client ACS Server Access Point Derives per-user, per-session key Enhancement to IEEE802.11b Wired Equivalent Privacy (WEP) encryption Uses mutual authentication both user and AP needs to be authenticated 12

13 EAP-TLS Extensible Authentication Protocol Transport Layer Security Client Access Point ACS Server Switch RFC 2716 Used for TLS Handshake Authentication (RFC2246) Requires PKI (X.509) Certificates rather than username/password Mutual authentication Requires client and server certificates Certificate Management is complex and costly 13

14 PEAP Protected Extensible Authentication Protocol Client Access Point Switch ACS Server TLS Tunnel Internet-Draft by Cisco, Microsoft & RSA Enhancement of EAP-TLS Requires server certificate only Mutual authentication username/password challenge over TLS Channel Available for use with Microsoft and Cisco products 14

15 How Does Basic Port Based Network Access Work? 4500/4000 Series 3550/2950 Series Cisco Secure ACS AAA Radius Server Host device attempts to connects to Switch Series Access Points 2 Switch Request ID 802.1x Capable Ethernet LAN Access Devices 3 4 Send ID/Password or Certificate Switch Forward credentials to ACS Server 7 applies policies 6 and enables port. Client now has secure access 5 Authentication Successful Actual authentication conversation is between client and Auth Server using EAP x RADIUS The switch detects the 802.1x compatible client, forces authentication, then acts as a middleman during the authentication, Upon successful authentication the switch sets the port to forwarding, and applies the designated policies. 15

16 ACS Deployment in a Small LAN Firewall Client Catalyst 2950/3500 Switch Router Internet Cisco Secure ACS 16

17 ACS Deployment in a Global Network Client Region 1 Switch 1 Firewall Region 2 Switch 2 ACS1 ACS2 ACS3 Switch 3 Region 3 17

18 Cisco Secure ACS RADIUS Response Cisco Secure ACS End User Cisco Catalyst Switch 802.1x RADIUS After a user successfully completes the EAP authentication process the Cisco Secure ACS responds to the switch with a RADIUS authenticationaccept packet granting that user access to the network. 18

19 Module 7 Configure Trust and Identity at Layer Configuring 802.1x Port-Based Authentication 19

20 802.1x Port-Based Authentication Configuration Enable 802.1x Authentication (required) Configure the Switch-to-RADIUS-Server Communication (required) Enable Periodic Re-Authentication (optional) Manually Re-Authenticating a Client Connected to a Port (optional) Resetting the 802.1x Configuration to the Default Values (optional) 20

21 802.1x Port-Based Authentication Configuration (Cont.) Changing the Quiet Period (optional) Changing the Switch-to-Client Retransmission Time (optional) Setting the Switch-to-Client Frame-Retransmission Number (optional) Enabling Multiple Hosts (optional) Resetting the 802.1x Configuration to the Default Values (optional) 21

22 Enabling 802.1x Authentication Switch# configure terminal Enter global configuration mode Switch(config)# aaa new-model Enable AAA Switch(config)# aaa authentication dot1x default group radius Create an 802.1x authentication method list 22

23 Enabling 802.1x Authentication (Cont.) Switch(config)# interface fastethernet0/12 Enter interface configuration mode Switch(config-if)# dot1x port-control auto Enable 802.1x authentication on the interface Switch(config-if)# end Return to privileged EXEC mode 23

24 Configuring Switch-to-RADIUS Communication Switch(config)# radius-server host 172.l auth-port 1812 key rad123 Configure the RADIUS server parameters on the switch. 24

25 Enabling Periodic Re-Authentication Switch# configure terminal Enter global configuration mode Switch(config)# dot1x re-authentication Enable periodic re-authentication of the client, which is disabled by default. Switch(config)# dot1x timeout re-authperiod seconds Set the number of seconds between re-authentication attempts. 25

26 Manually Re-Authenticating a Client Connected to a Port Switch(config)# dot1x re-authenticate interface fastethernet0/12 Starts re-authentication of the client. 26

27 Enabling Multiple Hosts Switch# configure terminal Enter global configuration mode Switch(config)# interface fastethernet0/12 Enter interface configuration mode, and specify the interface to which multiple hosts are indirectly attached. Switch(config-if)# dot1x multiple-hosts Allow multiple hosts (clients) on an 802.1x-authorized port. 27

28 Resetting the 802.1x Configuration to the Default Values Switch# configure terminal Enter global configuration mode Switch(config)# dot1x default Reset the configurable 802.1x parameters to the default values. 28

29 Displaying 802.1x Statistics Switch# show dot1x statistics Display 802.1x statistics Switch# show dot1x statistics interface interface-id Display 802.1x statistics for a specific interface. 29

30 Displaying 802.1x Status Switch# show dot1x Display 802.1x administrative and operational status. Switch# show dot1x interface interface-id Display 802.1x administrative and operational status for a specific interface. 30

Network Access Flows APPENDIXB

Network Access Flows APPENDIXB APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies

More information

802.1x Port Based Authentication

802.1x Port Based Authentication 802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation

More information

Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication CHAPTER 10 This chapter describes how to configure IEEE 802.1X port-based authentication on the Catalyst 3750 switch. As LANs extend to hotels, airports, and corporate lobbies, creating insecure environments,

More information

Wired Dot1x Version 1.05 Configuration Guide

Wired Dot1x Version 1.05 Configuration Guide Wired Dot1x Version 1.05 Configuration Guide Document ID: 64068 Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Services Installation Install the Microsoft Certificate

More information

With 802.1X port-based authentication, the devices in the network have specific roles.

With 802.1X port-based authentication, the devices in the network have specific roles. This chapter contains the following sections: Information About 802.1X, page 1 Licensing Requirements for 802.1X, page 8 Prerequisites for 802.1X, page 8 802.1X Guidelines and Limitations, page 9 Default

More information

Table of Contents. Why doesn t the phone pass 802.1X authentication?... 16

Table of Contents. Why doesn t the phone pass 802.1X authentication?... 16 Table of Contents ABOUT 802.1X... 3 YEALINK PHONES COMPATIBLE WITH 802.1X... 3 CONFIGURING 802.1X SETTINGS... 4 Configuring 802.1X using Configuration Files... 4 Configuring 802.1X via Web User Interface...

More information

Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Port-Based Authentication CHAPTER 9 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Catalyst 2960 switch. IEEE 802.1x authentication prevents

More information

Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Port-Based Authentication CHAPTER 8 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the switch. IEEE 802.1x authentication prevents unauthorized

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

IEEE 802.1X RADIUS Accounting

IEEE 802.1X RADIUS Accounting The feature is used to relay important events to the RADIUS server (such as the supplicant's connection session). The information in these events is used for security and billing purposes. Finding Feature

More information

About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files...

About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files... About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files...5 Configuring 802.1X via web user interface...8 Configuring

More information

Cisco Wireless LAN Controller Module

Cisco Wireless LAN Controller Module Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN

More information

Port-based authentication with IEEE Standard 802.1x. William J. Meador

Port-based authentication with IEEE Standard 802.1x. William J. Meador Port-based authentication 1 Running head: PORT-BASED AUTHENTICATION Port-based authentication with IEEE Standard 802.1x William J. Meador Port-based authentication 2 Port based authentication Preface You

More information

FAQ on Cisco Aironet Wireless Security

FAQ on Cisco Aironet Wireless Security FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most

More information

Configuring 802.1X Settings on the WAP351

Configuring 802.1X Settings on the WAP351 Article ID: 5078 Configuring 802.1X Settings on the WAP351 Objective IEEE 802.1X authentication allows the WAP device to gain access to a secured wired network. You can configure the WAP device as an 802.1X

More information

Configuring the Client Adapter through the Windows XP Operating System

Configuring the Client Adapter through the Windows XP Operating System APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in

More information

Cisco Exam Questions & Answers

Cisco Exam Questions & Answers Cisco 300-208 Exam Questions & Answers Number: 300-208 Passing Score: 800 Time Limit: 120 min File Version: 38.4 http://www.gratisexam.com/ Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access

More information

Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication CHAPTER 37 This chapter describes how to configure IEEE 802.1X port-based authentication to prevent unauthorized client devices from gaining access to the network. This chapter includes the following major

More information

Configuring IEEE 802.1x Port-Based Authentication

Configuring IEEE 802.1x Port-Based Authentication CHAPTER 10 Configuring IEEE 802.1x Port-Based Authentication IEEE 802.1x port-based authentication prevents unauthorized devices (clients) from gaining access to the network. Unless otherwise noted, the

More information

ISE Primer.

ISE Primer. ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides

More information

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] s@lm@n Cisco Exam 642-737 Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ] Cisco 642-737 : Practice Test Question No : 1 RADIUS is set up with multiple servers

More information

Upon completion of this chapter, you will be able to perform the following tasks: Describe the Features and Architecture of Cisco Secure ACS 3.

Upon completion of this chapter, you will be able to perform the following tasks: Describe the Features and Architecture of Cisco Secure ACS 3. Upon completion of this chapter, you will be able to perform the following tasks: Describe the Features and Architecture of Cisco Secure ACS 3.0 for Windows 2000/ NT Servers (Cisco Secure ACS for Windows)

More information

802.1X: Background, Theory & Implementation

802.1X: Background, Theory & Implementation Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve

More information

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT Hüseyin ÇOTUK Information Technologies hcotuk@etu.edu.tr Ahmet ÖMERCİOĞLU Information Technologies omercioglu@etu.edu.tr Nurettin ERGİNÖZ Master Student

More information

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN

More information

AAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups

AAA Server Groups. Finding Feature Information. Information About AAA Server Groups. AAA Server Groups Configuring a device to use authentication, authorization, and accounting (AAA) server groups provides a way to group existing server hosts. Grouping existing server hosts allows you to select a subset

More information

Cisco Systems, Inc. Aironet Access Point

Cisco Systems, Inc. Aironet Access Point RSA SecurID Ready Implementation Guide Partner Information Last Modified: November 18, 2013 Product Information Partner Name Web Site Product Name Version & Platform Product Description Cisco Systems,

More information

The table below lists the protocols supported by Yealink SIP IP phones with different versions.

The table below lists the protocols supported by Yealink SIP IP phones with different versions. Table of Contents About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X Using Configuration Files... 6 Configuring 802.1X via Web User Interface...

More information

Securing Your Wireless LAN

Securing Your Wireless LAN Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP

More information

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through

accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through accounting (SSID configuration mode) through encryption mode wep accounting (SSID configuration mode) through encryption mode wep 1 accounting (SSID configuration) accounting (SSID configuration mode)

More information

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD. V100R002C10 Permission Control Technical White Paper Issue 01 Date 2016-04-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form

More information

802.1x. ACSAC 2002 Las Vegas

802.1x. ACSAC 2002 Las Vegas 802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:

More information

Configuring 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication CHAPTER 39 This chapter describes how to configure IEEE 802.1X port-based authentication to prevent unauthorized client devices from gaining access to the network. This chapter includes the following major

More information

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients Document ID: 64067 Contents Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Service Installation

More information

This primer covers the following major topics: 1. Getting Familiar with ACS. 2. ACS Databases and Additional Server Interaction

This primer covers the following major topics: 1. Getting Familiar with ACS. 2. ACS Databases and Additional Server Interaction CACS Primer Introduction Overview This document, ACS 4.0 Primer, has been designed and created for use by customers as well as network engineers. It is designed to provide a primer to the Cisco Secure

More information

Security Setup CHAPTER

Security Setup CHAPTER CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP

More information

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]

Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ] s@lm@n Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ] Topic 1, Volume A Question No : 1 - (Topic 1) A customer wants to create a custom Junos

More information

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards This document provides configuration tasks for the 4-port Cisco HWIC-4ESW and the 9-port Cisco HWIC-D-9ESW EtherSwitch high-speed WAN interface

More information

Configure RADIUS DTLS on Identity Services Engine

Configure RADIUS DTLS on Identity Services Engine Configure RADIUS DTLS on Identity Services Engine Contents Introduction Prerequisites Requirements Components Used Configure Configurations 1. Add network device on ISE and enable DTLS protocol. 2. Configure

More information

Wireless LAN Profile Setup

Wireless LAN Profile Setup Wireless LAN Profiles, page 1 Network Access Profile Settings, page 2 Wireless LAN Profile Settings, page 3 Wireless LAN Profile Group Settings, page 6 Create Network Access Profile, page 6 Create Wireless

More information

Securing a Wireless LAN

Securing a Wireless LAN Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access

More information

Layer 2 authentication on VoIP phones (802.1x)

Layer 2 authentication on VoIP phones (802.1x) White Paper www.siemens.com/open Layer 2 authentication on VoIP phones (802.1x) IP Telephony offers users the ability to log-on anywhere in the world. Although this offers mobile workers great advantages,

More information

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards First Published: May 17, 2005 Last Updated: July 28, 2010 This document provides configuration tasks for the 4-port Cisco HWIC-4ESW and the 9-port

More information

Authentication and Authorization Policies

Authentication and Authorization Policies Chapter 13 Authentication and Authorization Policies The previous chapter focused on the levels of authorization you should provide for users and devices based on your logical Security Policy. You will

More information

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product. CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of

More information

802.1X Authentication Services Configuration Guide, Cisco IOS Release 15SY

802.1X Authentication Services Configuration Guide, Cisco IOS Release 15SY 802.1X Authentication Services Configuration Guide, Cisco IOS Release 15SY Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

More information

Configuring the WMIC for the First Time

Configuring the WMIC for the First Time Configuring the WMIC for the First Time This document describes how to configure basic settings on a Cisco Wireless Mobile Interface Card (WMIC) for the first time. Before You Start Before you install

More information

EAP Authentication with RADIUS Server

EAP Authentication with RADIUS Server EAP Authentication with RADIUS Server Document ID: 44844 Refer to the Cisco Wireless Downloads in order to get Cisco Aironet drivers, firmware and utility software. Contents Introduction Prerequisites

More information

Configuring L2TP over IPsec

Configuring L2TP over IPsec CHAPTER 62 This chapter describes how to configure L2TP over IPsec on the ASA. This chapter includes the following topics: Information About L2TP over IPsec, page 62-1 Licensing Requirements for L2TP over

More information

Configuring Web-Based Authentication

Configuring Web-Based Authentication This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure

More information

LAB: Configuring LEAP. Learning Objectives

LAB: Configuring LEAP. Learning Objectives LAB: Configuring LEAP Learning Objectives Configure Cisco ACS Radius server Configure a WLAN to use the 802.1X security protocol and LEAP Authenticate with an access point using 802.1X security and LEAP

More information

Operation Manual Security. Table of Contents

Operation Manual Security. Table of Contents Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication

More information

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services CHAPTER 11 Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services This chapter describes how to configure your access point/bridges for wireless domain services

More information

Cisco IP Phone Security

Cisco IP Phone Security Overview, page 1 Security Enhancements for Your Phone Network, page 2 View the Current Security Features on the Phone, page 2 View Security Profiles, page 3 Supported Security Features, page 3 Overview

More information

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003

PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 PEAP under Cisco Unified Wireless Networks with ACS 4.0 and Windows 2003 Document ID: 72013 Contents Introduction Prerequisites Requirements Components Used Network Diagram Conventions Windows Enterprise

More information

IEEE 802.1X Open Authentication

IEEE 802.1X Open Authentication allows a host to have network access without having to go through IEEE 802.1X authentication. Open authentication is useful in an applications such as the Preboot Execution Environment (PXE), where a device

More information

Cisco TrustSec How-To Guide: Monitor Mode

Cisco TrustSec How-To Guide: Monitor Mode Cisco TrustSec How-To Guide: Monitor Mode For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table of Contents Table of Contents... 2 Introduction...

More information

Configuring Local EAP

Configuring Local EAP Information About Local EAP, page 1 Restrictions on Local EAP, page 2 (GUI), page 3 (CLI), page 6 Information About Local EAP Local EAP is an authentication method that allows users and wireless clients

More information

Configuring Security Features on an External AAA Server

Configuring Security Features on an External AAA Server CHAPTER 3 Configuring Security Features on an External AAA Server The authentication, authorization, and accounting (AAA) feature verifies the identity of, grants access to, and tracks the actions of users

More information

Configuring OfficeExtend Access Points

Configuring OfficeExtend Access Points Information About OfficeExtend Access Points, page 1 OEAP 600 Series Access Points, page 2 OEAP in Local Mode, page 3 Supported WLAN Settings for 600 Series OfficeExtend Access Point, page 3 WLAN Security

More information

802.1X: Port-Based Authentication Standard for Network Access Control (NAC)

802.1X: Port-Based Authentication Standard for Network Access Control (NAC) White Paper 802.1X: Port-Based Authentication Standard for Network Access Control (NAC) Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888 JUNIPER www.juniper.net

More information

Protected EAP (PEAP) Application Note

Protected EAP (PEAP) Application Note Revision 4.0 June 2004 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part

More information

The information in this document is based on these software and hardware versions:

The information in this document is based on these software and hardware versions: Introduction This document describes how to configure a Lightweight Access Point as a 802.1x supplicant to authenticate against a RADIUS Server such as ACS 5.2. Prerequisites Requirements Ensure that you

More information

Introduction to 802.1X Operations for Cisco Security

Introduction to 802.1X Operations for Cisco Security Introduction to 802.1X Operations for Cisco Security Number: 650-472 Passing Score: 800 Time Limit: 120 min File Version: 5.0 http://www.gratisexam.com/ Cisco 650-472 Introduction to 802.1X Operations

More information

Symbols & Numerics I N D E X

Symbols & Numerics I N D E X I N D E X Symbols & Numerics A * (asterisk), optional attribute values, 317 = (equal sign), mandatory attribute values, 317 3000 series concentrator VSAs, 389 391 802.1x Switchport Authentication, ACS

More information

Configuring RADIUS and TACACS+ Servers

Configuring RADIUS and TACACS+ Servers CHAPTER 13 This chapter describes how to enable and configure the Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+), that provides

More information

FiberstoreOS. Security Configuration Guide

FiberstoreOS. Security Configuration Guide FiberstoreOS Security Configuration Guide Contents 1 Configuring Port Security...6 1.1 Overview...6 1.2 Topology... 7 1.3 Configurations...7 1.4 Validation... 8 2 Configuring Vlan Security... 9 2.1 Overview...9

More information

ilight/gigapop eduroam Discussion Campus Network Engineering

ilight/gigapop eduroam Discussion Campus Network Engineering ilight/gigapop eduroam Discussion Campus Network Engineering By: James W. Dickerson Jr. May 10, 2017 What is eduroam?» eduroam (education roaming) is an international roaming service for users in research,

More information

Configuring Aggregate Authentication

Configuring Aggregate Authentication The FlexVPN RA - Aggregate Auth Support for AnyConnect feature implements aggregate authentication method by extending support for Cisco AnyConnect client that uses the proprietary AnyConnect EAP authentication

More information

FiberstoreOS. Security Configuration Guide

FiberstoreOS. Security Configuration Guide FiberstoreOS Security Configuration Guide Contents 1 Configuring Port Security...1 1.1 Overview...1 1.2 Topology... 2 1.3 Configurations...2 1.4 Validation... 3 2 Configuring Vlan Security... 4 2.1 Overview...4

More information

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide The Cisco Structured Wireless-Aware Network (SWAN) provides the framework to integrate and extend wired and wireless networks to deliver

More information

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller Web Authentication Configuration Example Wireless LAN Controller Web Authentication Configuration Example Document ID: 69340 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Web Authentication Process

More information

ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example

ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example Document ID: 99361 Contents Introduction Prerequisites Requirements Components Used Conventions Command Authorization

More information

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 10 Authenticating Users Learning Objectives Explain why authentication is a critical aspect of network security Explain

More information

IEEE a/b/g Wireless USB 2.0 Adapter. User s Manual Version: 1.2

IEEE a/b/g Wireless USB 2.0 Adapter. User s Manual Version: 1.2 IEEE 802.11a/b/g Wireless USB 2.0 Adapter User s Manual Version: 1.2 Table of Contents 1 INTRODUCTION... 4 1.1 FEATURES & BENEFITS... 4 1.2 PACKAGE CONTENTS... 5 1.3 USB ADAPTER DESCRIPTION... 5 1.4 SYSTEM

More information

Cisco Virtual Office: Easy VPN Deployment Guide

Cisco Virtual Office: Easy VPN Deployment Guide Cisco Virtual Office: Easy VPN Deployment Guide This guide provides detailed design and implementation information for deployment of Easy VPN in client mode with the Cisco Virtual Office. Please refer

More information

Supported and Interoperable Devices and Softwares for the Cisco Secure Access Control System 5.2

Supported and Interoperable Devices and Softwares for the Cisco Secure Access Control System 5.2 Supported and Interoperable Devices and Softwares for the Cisco Secure Access Control System 5.2 Revised: March 11, 2013 The Cisco Secure Access Control System Release 5.2, hereafter referred to as ACS,

More information

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Using the Cisco Unified Wireless IP Phone 7921G Web Pages CHAPTER 4 Using the Cisco Unified Wireless IP Phone 7921G Web Pages You can use the Cisco Unified Wireless IP Phone 7921G web pages to set up and configure settings for the phone. This chapter describes

More information

Configuring the Client Adapter

Configuring the Client Adapter CHAPTER 5 This chapter explains how to configure profile parameters. The following topics are covered in this chapter: Overview, page 5-2 Setting General Parameters, page 5-3 Setting Advanced Parameters,

More information

Per-User ACL Support for 802.1X/MAB/Webauth Users

Per-User ACL Support for 802.1X/MAB/Webauth Users Per-User ACL Support for 802.1X/MAB/Webauth Users This feature allows per-user ACLs to be downloaded from the Cisco Access Control Server (ACS) as policy enforcement after authentication using IEEE 802.1X,

More information

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server Document ID: 112175 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Windows

More information

WLAN Roaming and Fast-Secure Roaming on CUWN

WLAN Roaming and Fast-Secure Roaming on CUWN 802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP

More information

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology Versatile central manageable VPN Client Suite for Linux Central Management and Network Access Control Compatible with VPN gateways (IPsec Standard) Integrated, dynamic personal firewall FIPS Inside Fallback

More information

Network Virtualization Access Control Design Guide

Network Virtualization Access Control Design Guide Network Virtualization Access Control Design Guide This document provides design guidance for enterprises that want to provide Internet and limited corporate access for their guests and partners. Several

More information

EAP Fragmentation Implementations and Behavior

EAP Fragmentation Implementations and Behavior EAP Fragmentation Implementations and Behavior Document ID: 118634 Contributed by Michal Garcarz, David Bednarczyk, and Wojciech Cecot, Cisco TAC Engineers. Dec 02, 2014 Contents Introduction Prerequisites

More information

RADIUS Route Download

RADIUS Route Download The feature allows users to configure their network access server (NAS) to direct RADIUS authorization. Finding Feature Information, page 1 Prerequisites for, page 1 Information About, page 1 How to Configure,

More information

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach David Gitonga Mwathi * William Okello-Odongo Elisha Opiyo Department of Computer Science and ICT

More information

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions MERUNETWORKS.COM February 2013 1. OVERVIEW... 3 2. AUTHENTICATION AND ACCOUNTING... 4 3. 802.1X, CAPTIVE PORTAL AND MAC-FILTERING...

More information

Release Notes for Cisco Secure Services Client Release for Windows Vista

Release Notes for Cisco Secure Services Client Release for Windows Vista Release s for Cisco Secure Services Client Release 5.1.0.60 for Windows Vista October 2009 Contents This release note contains these sections: Contents, page 1 Introduction, page 2 System Requirements,

More information

Configure WLC with LDAP Authentication for 802.1x and Web-Auth WLANs

Configure WLC with LDAP Authentication for 802.1x and Web-Auth WLANs Configure WLC with LDAP Authentication for 802.1x and Web-Auth WLANs Contents Introduction Prerequisites Requirements Components Used Background Information Technical Background Frequently Asked Questions

More information

Configuring FlexConnect Groups

Configuring FlexConnect Groups Information About FlexConnect Groups, page 1, page 3 Configuring VLAN-ACL Mapping on FlexConnect Groups, page 8 Information About FlexConnect Groups To organize and manage your FlexConnect access points,

More information

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents

SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION Table of Contents 1. Introduction...2 1.1 System Requirement...2 1.2 Objects Counting...2 2. Installation...2 2.1 Install Wireless PCI Adapter...3 2.2 Install

More information

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc. Cisco Systems Cisco Secure Access Control System RSA SecurID Ready Implementation Guide Partner Information Last Modified: March 27, 2008 Product Information Partner Name Cisco Systems, Inc. Web Site www.cisco.com

More information

New Windows build with WLAN access

New Windows build with WLAN access New Windows build with WLAN access SecRep 24 17-18 May 2016 Ahmed Benallegue/Hassan El Ghouizy/Priyan Ariyansinghe ECMWF network_services@ecmwf.int ECMWF May 19, 2016 Introduction Drivers for the new WLAN

More information

Configuration Security

Configuration Security NN47200-501 Document status: Standard Document version: 0401 Document date: 12 November 2008 All Rights Reserved While the information in this document is believed to be accurate and reliable, except as

More information

Configuring Repeater and Standby Access Points

Configuring Repeater and Standby Access Points CHAPTER 19 This chapter descibes how to configure your access point as a hot standby unit or as a repeater unit. This chapter contains these sections: Understanding Repeater Access Points, page 19-2 Configuring

More information

A Secure Wireless LAN Access Technique for Home Network

A Secure Wireless LAN Access Technique for Home Network A Secure Wireless LAN Access Technique for Home Network *Ju-A Lee, *Jae-Hyun Kim, **Jun-Hee Park, and **Kyung-Duk Moon *School of Electrical and Computer Engineering Ajou University, Suwon, Korea {gaia,

More information

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:

More information

Configuring Cipher Suites and WEP

Configuring Cipher Suites and WEP 10 CHAPTER This chapter describes how to configure the cipher suites required to use WPA authenticated key management, Wired Equivalent Privacy (WEP), Temporal Key Integrity Protocol (TKIP), and broadcast

More information

N_Max Wireless USB Adapter

N_Max Wireless USB Adapter LevelOne User Manual WUA-0600 N_Max Wireless USB Adapter Ver. 1.0.0-0802 Safety FCC WARNING This equipment may generate or use radio frequency energy. Changes or modifications to this equipment may cause

More information