Extreme Networks Summit WM Series Uživatelský manuál stáhnout pdf (Strana 5)

Extreme Networks Data Sheet

Comprehensive Security Network-Wide

Directory-Integrated Link

Security

The Summit wireless mobility solution

delivers comprehensive link security

capabilities that leverage existing directory

resources to streamline management of

user access. Link security characteristics

are deﬁned within the context of each

WM-AD. Figure 4 provides some examples

of link security options.

Summit WM series controllers offer a

complete range of privacy options ranging

from unencrypted communication for

guests, shared key for phones and PDAs,

to WPA and WPA2. For high-performance

and scalability, all over-the-air encryption

connections are terminated at the AP

with hardware acceleration.

Multiple Authentication and

Access Control Options

Each WM-AD speciﬁes how the wireless

user or device should authenticate, with

options for browser-based login, MAC

address veriﬁcation or 802.1x Enterprise

AAA identity management. MAC address

authentication can be combined with other

link security types for additional protection.

After users are placed on the network it is

important to limit their access to the

resources they need. WM-ADs offer

comprehensive ﬁltering options for each

connection based on WM-AD membership,

authentication status and speciﬁc ﬁltering

instructions provided as a part of the

RADIUS authentication message. Guests

can be restricted to a “walled garden” or

routed directly to the Internet. Trafﬁc from

speciﬁc WM-ADs can be restricted to

selected ports and/or network locations

using next-hop routing.

The Summit WM controller offers unique

and powerful enhancements to basic

network access control. Using information

exchanged between the Summit WM

controller and the RADIUS server, adminis-

trators can design sophisticated access

control solutions that tailor access rights to

speciﬁc locations, users or roles.

Summit WM, for example, supports Layer 3

ﬁltering of IP addresses and Layer 4 ﬁltering

by port number or type of trafﬁc (TCP/

UDP). WM-ADs also simplify integration

with VPN and ﬁrewall solutions by aggregat-

ing trafﬁc through a speciﬁc physical port to

the VPN or ﬁrewall resource, eliminating the

need for standalone or redundant VPN

systems for wired and wireless users.

Wireless Intrusion Detection

Rogue APs or unauthorized networks

represent a signiﬁcant threat to the integrity

of enterprise networks—even when wireless

networks are not ofﬁcially supported.

Today’s users have easy and inexpensive

access to WLAN gear and may not under-

stand the security risks associated with the

installation of an unmanaged AP.

The Summit WM Spy capability provides

intrusion detection by scanning multiple

bands and channels to locate unauthorized

rogue APs and Peer-to-Peer wireless

networks. It does this by using the same

Altitude 350-2 APs that are used for wireless

connectivity support (see Figure 5). If a

rogue device/network is found, it is reported

on the management console.

Integration Security Solutions

from Extreme Networks

In addition to strong wireless link security,

Summit WM can be installed in conjunction

with Extreme Networks switching and/or

security products to offer more comprehen-

sive security capabilities. For example,

ExtremeXOS

-based switches from Extreme

Networks offer many complementary Layer

1-3 security features in the areas of MAC

address security, Network Login, host

integrity checking, Denial of Service attack

mitigation, IP address security, IP Telephony

security, Layer 3 virtual switching for

internal ﬁrewalls, and secure routing.

Extreme Networks also has network security

products that interoperate with Summit WM

to provide wireless—in addition to wired—

security enforcement. One example is the

Sentriant™ AG200 endpoint integrity

checking solution. Sentriant AG200 can be

installed with Summit WM to enforce

endpoint integrity check before allowing

access to the network.

Security is justiﬁably a key concern for WLAN systems. Summit WM series controllers offer state of the art security for link

access and intrusion detection, all delivered using a single AP infrastructure.

Access Type

Casual Access

Guests,

Contractors

Devices

Handsets, Bar

Code Readers

Corporate

Access

Sensitive Users

and Applications

Authentication

Browser-Based

with Guest

Password

Shared Key or

MAC Address

EAP-TTLS,

EAP-TLS,

PEAP, EAP-MD5

Privacy Access Policy

None, Traffic is

in the Clear

None, WEP, or

SPA-PSK

Up to WPA2

with AES

SSID

Guest

SSID

Guest

SSID

Guest

Timeout

1 Hour

Timeout

None

Timeout

None

Location

Lobbies and

Conference

Rooms

Timeout

Factory

Floor

Timeout

Anywhere

Network

Internet

Only

Network

Application

Network

By User

Figure 4: Three Examples of Link Security

Altitude

350-2

Summit

WM2000

Altitude

350-2

Altitude

350-2

Core

Edge

Figure 5: Rogue Access Point Detection

1 2 3 4 5 6 7 8 9

Komentáře k této Příručce

Žádné komentáře

Extreme Networks Summit WM Series Uživatelský manuál Strana 5

Komentáře k této Příručce

Související produkty a manuály pro Software Extreme Networks Summit WM Series