Information Technology Reference
In-Depth Information
Cisco Lightweight Extensible Authentication Protocol (LEAP)
is an early propri-
etary EAP method supported in the Cisco Certified Extensions (CCX) program. It is
vulnerable to dictionary attacks.
■
EAP-Flexible Authentication via Secure Tunneling (EAP-FAST)
is a proposal by
Cisco Systems to fix the weaknesses of LEAP. EAP-FAST uses a Protected Access
Credential (PAC), and use of server certificates is optional. EAP-FAST has three
phases. Phase 0 is an optional phase in which the PAC can be provisioned manually or
dynamically. In Phase 1, the client and the AAA server use the PAC to establish the
TLS tunnel. In Phase 2, the client sends user information across the tunnel.
■
WLAN Controller Components
The CCDA candidate must understand the three major components of WLCs:
WLANs
■
Key
To p i c
Interfaces
■
Ports
■
WLANs are identified by unique SSID network names. The LAN is a logical entity. Each
WLAN is assigned to an interface in the WLC. Each WLAN is configured with radio poli-
cies, quality of service (QoS), and other WLAN parameters.
A WLC interface is a logical connection that maps to a VLAN on the wired network. Each
interface is configured with a unique IP address, default gateways, physical ports, VLAN
tag, and DHCP server.
Ta ble 5 - 6 covers WLC components.
Ta b l e 5 - 6
WLC Components
WLC Component
Description
WLAN
Identified by a unique SSID and assigned to an interface
Interface
A logical connection that maps to a VLAN in the wired network
Port
A physical connection to the wired LAN
The port is a physical connection to the neighboring switch or router. By default, each
port is an IEEE 802.1Q trunk port. There may be multiple ports on a WLC into a single
port-channel interface. These ports can be aggregated using link aggregation (LAG). Some
WLCs have a service port that is used for out-of-band management. Figure 5-7 shows the
WLC components.
WLC Interface Types
A WLC has five interface types:
Management interface
(static, configured at setup, mandatory) is used for in-band
■
