User guide
6-7
Cisco WLAN Controller Web Interface User Guide
OL-7416-04
Chapter 6 Security Menu Bar Selection
RADIUS Authentication Servers
• AES 128 CBC - Advanced Encryption Standard uses keys with a length of 128, 192, or 256 bits
to encrypt blocks with a length of 128, 192, or 256 bits. AES 128 CBC uses 128 bit data path
in Cipher Clock Chaining (CBC) mode.
–
IKE Authentication: Not an editable field.
IKE (Internet Key Exchange protocol) is used as a method of distributing the session keys
(encryption and authentication), as well as providing a way for the VPN endpoints to agree on
how the data should be protected. IKE keeps track of connections by assigning a bundle of
Security Associations (SAs), to each connection.
–
IKE Phase 1:Set the Internet Key Exchange protocol (IKE). Options are:
• Aggressive
• Main
IKE Phase-1 is used to negotiate how IKE should be protected. Aggressive mode will pass more
information in fewer packets, with the benefit of slightly faster connection establishment, at the
cost of transmitting the identities of the security gateways in the clear.
–
Lifetime (seconds): Set the timeout interval for the session expiry. Default is 28800 seconds.
–
IKE Diffie Hellman Group: Set the IKE Diffie Hellman Group. Options are:
• Group 1 (768 bits)
• Group 2 (1024 bits)
• Group 5 (1536 bits)
Diffie-Hellman techniques are used by two devices to generate a symmetric key where they can
publicly exchange values and generate the same symmetric key.
Although all the three groups provide security from conventional attacks, Group 5 is considered
more secure because of its larger key size. However, computations involving Group 1 and Group
2 based keys might occur slightly faster because of their smaller prime number size.
Command Buttons
• Back: Return to the previous window.
• Apply: Data is sent to the controller and made to take effect, but not preserved across a power cycle;
these parameters are stored temporarily in volatile RAM.
• Help: Request that the help page be displayed in a new browser window.