WLAN Security

WLAN Threat Defense Solution

The WLAN Threat Defense Solution helps secure WLANs from malicious and unauthorized access. Aironet access points support both an integrated and dedicated threat defense solution using WLAN intrusion detection.

With a dedicated WLAN threat defense solution, an Aironet access point is deployed with its radio (802.11a, b, or g) placed in "Access Point Scanning-Only Mode" to support only WLAN intrusion monitoring. In this configuration, an access point functions as an 802.11 scanning-only device, providing continuous, 24x7 monitoring of the RF environment. The access point's full bandwidth is dedicated to intrusion detection RF monitoring.

With integrated WLAN threat defense, an Aironet access point is deployed with its radio (802.11a, b, or g) placed in "Access Point Multifunction Mode" to service client devices and provide WLAN intrusion monitoring. In this configuration, an access point functions as both an active 802.11 infrastructure device and as an 802.11 scanning device.

Fast Secure Roaming

Fast secure roaming is supported by Aironet access points, in conjunction with Compatible client devices. With fast secure roaming, authenticated client devices can roam securely from one access point to another within or between subnets, without any perceptible delay during reassociation. Fast secure roaming supports latency-sensitive applications such as wireless voice over IP (VoIP), enterprise resource planning (ERP), or Citrix-based solutions.

WAN Link Remote Site Survivability

WAN link remote site survivability allows an access point to act as a local RADIUS server to authenticate IEEE 802.1X wireless clients when the authentication, authorization, and accounting (AAA) server is not available. This provides remote site survivability and backup authentication services during a WAN link or server failure, allowing users in remote-site deployments with non-redundant WAN links access to local resources such as file servers or printers.

Wireless Security Suite-An Enterprise-Class Security Solution

WLAN security is a primary concern. Aironet access points and wireless bridges secure the enterprise network with a scalable and manageable system featuring the award-winning Wireless Security Suite. The Wireless Security Suite is an enterprise-ready, standards-based, WLAN security solution that gives network administrators confidence that their data will remain private and secure when they use Aironet products with Wi-Fi Certified WLAN client devices.

The Wireless Security Suite mitigates sophisticated passive and active WLAN attacks, interoperates with numerous client devices, and provides reliable, scalable, centralized security management. It delivers innovative enhancements and supports WPA and WPA2, the Wi-Fi Alliance certifications for interoperable, standards-based WLAN security. The Wireless Security Suite provides access control via per-user, per-session mutual authentication, and delivers data privacy via strong dynamic data encryption.

The Wireless Security Suite is based on the IEEE 802.1X standard for port-based network access. It takes advantage of the Extensible Authentication Protocol (EAP) framework for user-based authentication. The solution supports the broadest range of 802.1X authentication types on the market, including support for LEAP, Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected Extensible Authentication Protocol (PEAP-GTC), PEAP Microsoft Challenge Handshake Authentication Protocol Version 2 (PEAP-MSCHAP V2), EAP-Tunneled TLS (EAP-TTLS), and EAP-Subscriber Identity Module (EAP-SIM). Many RADIUS servers, such as the Secure Access Control Server (ACS), can be used for enterprise-class centralized user management.