Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
21222324252627282930
28
WCS also provides centralized management for the Wireless Intrusion Prevention (wIPS),
forwarding wIPS profiles to the MSE for further distribution. The WCS component is
required to maintain a WCS administrator role whose purpose is to configure wIPS and
monitor and review wIPS records.
The Cisco Prime Network Control System (NCS) provides converged user and access
management for wired and wireless networks with visibility into endpoint connectivity
regardless of device, network, or location, and endpoint identity policy monitoring through
integration with Cisco Identity Services Engine (ISE).
2.5.5 Cisco Mobility Services Engine (MSE)
The Cisco Mobility Services Engine (MSE) is an appliance supporting a suite of mobility
services programs. It supports the TOE’s wIPS functionality by sending wIPS profiles to
Controllers for further distribution to APs and receiving wIPS data from the Controllers.
2.5.6 Syslog Server
The syslog server can be one of any syslog server that supports receiving syslog over TLS,
and is capable of filtering audit messages upon receipt. Two compatible software syslog
daemons are Kiwi Syslog and Syslog-ng. Use of a syslog server can provide centralized
location for storage of audit data forwarded from the WLAN Controller (and optionally from
other IT Environment components) and support filtering of the audit data.
2.6 Security Functionality Not Included in the
TOE’s Logical Boundary
The following section defines functionality included in the TOE’s physical boundary but not
included in the TOE’s logical boundary or claimed in the TOEs security functionality.
2.6.1 Identification & Authentication
ACS supports many different I&A protocols, and only a subset are included within the TOE.
Table 7 lists the I&A methods included in the TOEs physical boundary (AAA Client and
AAA Server implementation) and identifies which are not supported in the evaluated
configuration. The I&A methods omitted are not deemed secure enough to use in the
evaluated configuration.
Table 6 ACS/ISE I&A Methods Included in the TOE Physical Boundary
I&A Wireless Agent
Host
Administrative
Hosts
ASCII/PAP
Not supported
Not supported
CHAP
Not supported
Supported
MS-CHAP
Not supported
Not supported
LEAP
Not supported
Not supported