Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.
Let’s review the some of typical components of the enterprise wireless security model.
What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method. 802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world. 802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.
What is EAP?
EAP (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.
What is 802.11i?
Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.
Read More »
Tags: 802.11, 802.11i, 802.1x, AAA server, access point, access points, EAP, EAP-FAST, EAP-TLS, engineer, engineers, PEAP, wi-fi, wifi, wireless, wireless controller, wireless LAN, wlan, WLC
Missed the first two parts of our guest series with Andrew vonNagy, Technical Architect of a Fortune 50 Retail organization and CCIE Wireless #28298? Read Part 1 and Part 2 to get the full picture.
Trend 4: Expanding Branch Office Services
In order to remain competitive, retail organizations must deliver better customer service in their physical stores. This is accomplished by migrating away from traditional lean-branch operational models focused on cost reduction to a more sophisticated service-rich operational model within the store. Deploying integrated and context-aware services into the store for both sales associate and customer use will translate into a better shopping experience, return visits, and brand loyalty.
New services such as robust wireless telephony solutions can enable better availability and improve responsiveness of sales associates for customer assistance by tying service desks to every associate in real-time, as well as provide push-to-talk integration for integrated in-store communications. Digital video services over wireless enable increased security by providing real-time video feeds to in-store security personnel, and can enable videoconferencing for merchandise planning and collaboration with headquarters staff. Location based services allow retailers to provide relevant services to customers, such as targeted promotions that appeal to today’s cost-conscious consumer or in-store navigation (wayfinding) to improve the customer shopping experience. Location services will also require the Wi-Fi network to be deeply integrated with back-end marketing systems, making it more integral to core retail business operation.
Read More »
Earlier this week, we kicked off special customer guest blog series with Andrew vonNagy, author of the blog Revolution Wi-Fi, and active on Twitter @revolutionwifi. Join us today as Andrew explores the next two major retail trends changing the Wi-Fi industry, and catch up with the first part if you missed it.
Trend 2: Empowering Sales Associates
Given the increasingly connected and smart shopper, consumers now have more product information than in-store sales associates in many cases. Yet sales staff are key to providing a great consumer experience in-store. Retailers need to empower sales associates with the depth of product information that consumers have, and to provide additional tools that facilitate existing and new services offered by the retailer.
Historically, only a fraction of retail sales associates have been provided with mobile devices, and those devices have enabled only a limited set of capabilities such as stocking, inventory management and product availability. One reason for this is the high cost of ruggedized mobile devices for use in retail. A typical high-speed scanner PDA can cost well over $1,200 each. In order to provide every sales associate with more information to help consumers, retailers are adopting lower-cost, feature-rich, smart mobile devices that provide more robust capabilities than specialized scanners. Mobile platforms built by Apple, Android, and third-party manufacturers are enabling this shift, along with a retail IT focus on enabling business processes in a more flexible, consistent, and re-usable fashion.
Read More »
Tags: 802.11n, digital signage, iPad, iphone, mobile devices, mobile pos, retail, sales, smartphone, tablet, wi-fi, wifi, wireless, wireless LAN
This is the type of post that gets me excited. Today, I’m happy to feature a special customer guest author: Andrew vonNagy, CCIE #28298 (Wireless), and currently Technical Architect for a Fortune 50 retail company. Many of you may know Andrew from his active blog, Revolution Wi-Fi, or his Twitter feed: @revolutionwifi. Stay with us over the next two weeks as Andrew offers his take on the intersection of Retail and the Wireless LAN industry.
Retail Wi-Fi networks have long been dominated by inventory management applications and services that enabled a more productive workforce and leaner operations. However, brick-and-mortar retail is being disrupted due to the explosive growth from pure e-commerce competitors offering [often] lower prices and a more personalized shopping experience. In addition, the e-commerce sales channel offers deeper product information, community reviews, and greater levels of localization and customization that resonate with consumers.
Brick and mortar retail must adapt to compete in this new environment. A key component of this adaptation is delivering new IT solutions while leveraging the physical assets of the storefront, mixing the benefits of in-store product “touch-and-feel” with the personalization of e-commerce shopping. Merging these two worlds together will create an enhanced shopping experience through the use of mobile Internet devices, often connected through Wi-Fi networks.
This week, we will cover the first of 5 trends driving Wi-Fi growth and new capabilities in retail organizations:
Trend 1: Consumer Interaction and Business Analytics
Physical retailers have the most influence over consumer purchase decisions in the store, when they are standing in front of the product they are weighing whether or not to buy. Historically, this has been through in-aisle marketing and signage. However, customers are increasingly equipped with mobile Internet access and turning to external sources of information in real-time while within a retail store. This has been coined the emergence of the “smart shopper”. These external sources of information are much more comprehensive than what the retailer can provide through traditional in-aisle marketing and signage, and this leaves the physical retailer at a big disadvantage.
Read More »
Tags: guest wi-fi, location based services, mobile, mobile payments, NFC, retail, smart shopper, smartphone, wi-fi, wifi, wireless, wireless LAN
If you happened to have your Thanksgiving meal last week with a person of Greek heritage, you may have heard them toast “Yia mas”, that literally means “to our health”. And that is exactly what I am thankful for each day, my family’s health.
I am also thankful for the health of our wireless business, which is going great thanks to professionals such as doctors, and nurses that want to want to use their personal devices (smartphones and tablets) at work.
At Cisco we have long been talking about how we enable this proliferation of devices in the workplace and how we make it easier for IT to onboard and troubleshoot these “un-managed” devices. We also provide a robust wireless infrastructure that enables these professionals by providing the best possible mobile experience. But the trend of personal devices in the workplace does pose a valid concern: “As more and more doctors start using their personal iPads at work, will my patient data be secure?”
Curiosity got the better of me, and I decided to look at some data over the long weekend to better understand how healthcare data breaches occur. This is by no means a scientific analysis, I just crunched some data I downloaded from the U.S. Department of Health and Human Services website (hss.gov), so the findings are not conclusive, but rather indicative of what is happening. The data represents HIPAA breaches of 500 or more records per incident over the past 2-year period.
Here is what the data says: Read More »
Tags: 802.11n, compliance, doctors, healthcare, HIPAA, iPad, mobile devices, security, tablet, wireless