Reduction in the complexity of deploying and managing services, accelerating new service introduction, and reducing capital/operational expenditure overhead are key priorities for network operators today. These priorities are in part driven by the need to generate more revenue per user. But competitive pressures and increasing demand from consumers are also pushing them to experiment with new and innovative services. These services may require unique capabilities that are specific to a given network operator and in addition may require the ability to tailor service characteristics on a per-consumer basis. This evolved service delivery paradigm mandates that the network operator have the ability to integrate policy enforcement alongside the deployment of services, applications, and content, while maintaining optimal use of available network capacity and resources. Read More »
Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.
Let’s review the some of typical components of the enterprise wireless security model.
What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method. 802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world. 802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.
What is EAP?
EAP (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.
What is 802.11i?
Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.
As part of our commitment to inclusion and diversity (I&D), we at Cisco are devoted to building diversity into our recruiting and hiring process. I would like to share with you a great Inclusion and Diversity Best Practice on how we extended our I&D principles to our recruiting process for our Associate Network Consulting Engineer Program (ANCE), an extensive training and work experience program that provides graduates with the training to be a capable Network Consulting Engineer with our Advanced Services organisation. Read More »
It is often said that the only constant is change. Cisco is no different. We know that innovation and change are the cornerstones to Cisco’s continued success.
We are excited to announce that our Chief Technical Officer, Padmasree Warrior, will add the duties of being SVP/GM of our Enterprise, Commercial and Small Business Development Group. This is the heart of Cisco’s business and we are fortunate to have the talent of an (ahem) warrior take over this industry leading team of over 10,000 world-class engineering talent.
Warrior joined Cisco in 2007 as CTO reporting to Cisco Chairman and CEO John Chambers and has quickly established herself as a technology visionary in areas such as cloud computing, mobility, the future of Internet technology and more.