User's Manual
cre de ntia ls a n d a u the ntica tion protocols tha t could com prom ise
se curity. Th is fe a tu re on ly works with Cisco's LEAP a u the n tica tion.
Sta nda rd 802.11 te ch n ology doe s n ot prote ct a ne twork from the
introduction of a rogu e a cce ss point. Re fe r to
LEAP Auth e ntica tion for
m ore inform a tion.
Fa s t Ro a m in g ( CCKM)
Whe n a wire le s s LAN is con figure d for fa st re connection, a LEAP-
e na ble d clie n t de vice ca n roa m from one a cce ss point to a nothe r
withou t involving the m a in s e rve r. Using Cisco Centra lize d Ke y
Ma na ge m e nt (CCKM), a n a cce s s point configure d to provide Wire le ss
Dom a in Se rvice s (WDS) ta ke s th e pla ce of the RADIUS se rve r a n d
a uthe n tica te s th e clie nt without pe rce ptible de la y in voice or othe r tim e -
se nsitive a pplica tion s.
CKI P
Cisco Key Inte grity Protocol (CKIP) is Cisco proprie ta ry se curity protocol
for e ncryption in 8 0 2.11 m e dia . CKIP use s th e following fe a tu re s to
im prove 80 2 .1 1 se curity in infra stru cture m ode :
● Ke y Pe rm uta tion (KP)
● Me s s a ge Se que nce Nu m be r
8 0 2 .1 1 b a n d 8 0 2 . 1 1 g Mix e d En v iro n m e n t P ro t e c t io n
P ro t o c o l
Som e a cce s s points, for e xa m ple Cisco 3 50 or Cisco 12 0 0 , s u pport
e nviron m e nts in which not a ll clie n t sta tions support WEP e n cryption;
th is is ca lle d Mixe d-Ce ll Mode . Wh e n the se wire le s s n e tworks ope ra te in
"option a l e n cryption" m ode , clie nt sta tions th a t join in WEP m ode , se nd
a ll m e ssa ge s e ncrypte d, a nd sta tions th a t u s e sta nda rd m ode se nd a ll
m e ssa ge s une n crypte d. The s e a cce ss points broa dca st tha t the n e twork
doe s n ot u s e e ncryption , bu t a llow clie n ts th a t u s e WEP m ode . Wh e n
Mixe d-Ce ll is e na ble d in a profile , it a llows you to con n e ct to a cce ss
points tha t a re configure d for "option a l e ncryption ."
EAP - FAS T