96 Summit 300-48 Switch Software User Guide
Unified Access Security
Encryption
Encryption is used to protect the privacy and integrity of user data sent over the network. It is a major
concern in wireless networks, since physical security is not possible for data sent over wireless links.
While encryption is the major component of a privacy solution, an effective approach also requires
management of encryption keys, integrity checks to protect against packet tampering, and ability to
scale as the network grows.
Cipher Suites
Table 44 lists several cipher suites that standards organizations have identified to group security
capabilities under a common umbrella. The Extreme Unified Security Architecture supports or will
incorporate each of these suites, and the Altitude 300 wireless port supports hardware-based AES and
RC4 encryption.
WPA-Only Support
To support WPA clients, the Summit 300-48 switch port sets the privacy bit in the beacon frames it
advertises. The switch also advertises the set of supported unicast and multicast cipher suites and the
configured and supported authentication modes as part of the association request.
WPA support is compatible with 802.1x authentication and with pre-shared keys. With pre-shared keys,
key derivation and distribution are done using the EAPOL-KEY messages. All clients that indicate PSK
are assigned to the default user VLAN, which is configured on the Summit 300-48 switch port.
Legacy and WPA 802.1x Support
When network authentication is set to dot1x, WPA clients can use TKIP for their unicast data exchange
and the specified WEP64 or WEP128 cipher for multicast traffic. Legacy 802.1x clients should use the
specified WEP64 or WEP128 cipher for both their unicast and multicast cipher.
Network Login
Network login controls the admission of user packets into a network by giving addresses only to users
that are properly authenticated. Network login is controlled on a per port, per VLAN basis. When
network login is enabled on a port in a VLAN, that port does not forward any packets until
authentication takes place.
Network login is compatible with two types of authentication, web-based and 802.1x, and two different
modes of operation, Campus mode and ISP mode. The authentication types and modes of operation can
be used in any combination.
Table 44: Wi-Fi Security Cipher Suites
Name Authentication Privacy
Sponsoring
Organization
WEP None or MAC WEP/RC4 IEEE
WPA 802.1x TKIP/RC4 Wi-Fi Alliance
WPA 802.1x CCMP/AES/TKIP IEEE
To Next Page
Loading...
