Security has always been a major issue with traditional wired LANs, and is even
more critical with WLANs, as the physical medium is easily accessible by
intruders.The Cisco wireless-aware LAN framework takes the issue of overall
LAN security in mind and offers some excellent features to help you secure your
We have already gone over the IEEE 802.1X authentication features using your
AP as a RADIUS server. Some additional features are security policy monitoring,
centralized security settings, monitoring and notifications of the IEEE 802.1X
security servers, client device response time monitoring, and IEEE 802.1 1i AES
encryption support.Table 1.3 shows these various features and Cisco’s definition of
this support for the features under the wireless-aware LAN framework.
Table 1.3 Wireless-aware LAN Network Security Solutions Support
Security Feature Support Description
Security Policy Monitoring Monitoring of security policies for predefined
Cisco Wireless Security Suite parameters across
all APs is included. Alerts are generated for
violations in areas such as Service Set
Identifiers (SSID), broadcasts, 802.1X EAP settings,
and WEP. Alerts can be delivered via email,
Syslog or SNMP trap notifications.
Centralized Security Settings Parameters such as 802.1X EAP, WEP and Wi-Fi
Protected Access (WPA) are ensured through
centralized WLAN management of all local and
remote AP settings.
Monitoring of the 802.1X The RADIUS or AAA server providing support
EAP RADIUS or AAA server for Cisco LEAP and Protected-EAP (PEAP) is
monitored and the availability of Cisco Secure
ACS and Committed Access Rate (CAR) EAP
servers is verified.
Notification of 802.1X EAP Notifications of user-defined security
RADIUS or AAA server thresholds are managed via e-mail, Syslog,
management thresholds and SNMP trap notifications.
Client device response time The client device response time is monitored
monitoring by simulating a client device via CiscoWorks
WLSE. Security Feature Support Description
IEEE 802.11i AES encryption Future support for IEEE 802.11i AES
support encryption is planned.