Extreme Networks Summit WM Series Manual de usuario descargar pdf (Pagina 5)

Extreme Networks Data Sheet

Comprehensive Security Network-Wide

Directory-integrated Link

Security

The Summit wireless mobility solution

delivers comprehensive link security

capabilities that leverage existing directory

resources to streamline management of

user access. Link security characteristics

are deﬁned within the context of each

WM-AD. Figure 4 provides some examples

of link security options.

Summit WM series controllers offer a

complete range of privacy options ranging

from unencrypted communication for

guests, shared key for phones and PDAs, to

WPA and WPA2. For high-performance and

scalability, all over-the-air encryption

connections are terminated at the AP with

hardware acceleration.

Multiple Authentication and

Access Control Options

Each WM-AD speciﬁes how the wireless

user or device should authenticate, with

options for browser-based login, MAC

address veriﬁcation or 802.1x Enterprise

AAA identity management. MAC address

authentication can be combined with other

link security types for additional protection.

After users are placed on the network it is

important to limit their access to the

resources they need. WM-ADs offer

comprehensive ﬁltering options for each

connection based on WM-AD membership,

authentication status and speciﬁc ﬁltering

instructions provided as a part of the

RADIUS authentication message. Guests

can be restricted to a “walled garden” or

routed directly to the Internet. Trafﬁc from

speciﬁc WM-ADs can be restricted to

selected ports and/or network locations

using next-hop routing.

The Summit WM controller offers unique

and powerful enhancements to basic

network access control. Using information

exchanged between the Summit WM

controller and the RADIUS server, adminis-

trators can design sophisticated access

control solutions that tailor access rights to

speciﬁc locations, users or roles. Summit WM,

for example, supports Layer 3 ﬁltering of IP

addresses and Layer 4 ﬁltering by port

number or type of trafﬁc (TCP/UDP).

WM-ADs also simplify integration with VPN

and ﬁrewall solutions by aggregating trafﬁc

through a speciﬁc physical port to the VPN

or ﬁrewall resource, eliminating the need for

standalone or redundant VPN systems for

wired and wireless users.

The Summit WM solution provides addition-

al level of security by registering only those

APs that have been authenticated using

802.1X authentication protocol.

Wireless Intrusion Detection

Rogue APs or unauthorized networks

represent a signiﬁcant threat to the integrity

of enterprise networks—even when wireless

networks are not ofﬁcially supported.

Today’s users have easy and inexpensive

access to WLAN gear and may not under-

stand the security risks associated with the

installation of an unmanaged AP.

The Summit WM Spy capability provides

intrusion detection by scanning multiple

bands and channels to locate unauthorized

rogue APs and peer-to-peer wireless

networks. It does this by using the same

Altitude APs that are used for wireless

connectivity support (see Figure 5). If a

rogue device/network is found, it is reported

on the management console.

Integration Security Solutions

from Extreme Networks

In addition to strong wireless link security,

Summit WM can be installed in conjunc-

tion with Extreme Networks switching

and/or security products to offer more

comprehensive security capabilities. For

example, ExtremeXOS

-based switches

from Extreme Networks offer many com-

plementary Layer 1 – 3 security features in

the areas of MAC address security,

Network Login, host integrity checking,

Denial of Service attack mitigation, IP

address security, IP Telephony security,

Layer 3 virtual switching for internal

ﬁrewalls, and secure routing.

Extreme Networks also has network security

products that interoperate with Summit WM

to provide wireless—in addition to wired—

security enforcement. One example is the

Sentriant

AG endpoint integrity checking

solution. Sentriant AG can be installed with

Summit WM to enforce endpoint integrity

check before allowing access to the network.

Security is justiﬁably a key concern for WLAN systems. Summit WM series controllers offer state of the art security for link

access and intrusion detection all delivered using a single AP infrastructure.

Access Type

Casual Access

Guests,

Contractors

Devices

Handsets, Bar

Code Readers

Corporate

Access

Sensitive Users

and Applications

Authentication

Browser-Based

with Guest

Password

Shared Key or

MAC Address

EAP-TTLS,

EAP-TLS,

PEAP, EAP-MD5

Privacy Access Policy

None, Traffic is

in the Clear

None, WEP, or

SPA-PSK

Up to WPAv2

with AES

SSID

Guest

SSID

Guest

SSID

Guest

Timeout

1 Hour

Timeout

None

Timeout

None

Location

Lobbies and

Conference

Rooms

Timeout

Factory

Floor

Timeout

Anywhere

Network

Internet

Only

Network

Application

Network

By User

Figure 4: Three Examples of Link Security

Altitude

Summit

WM20

Altitude Rogue AP

Core

Edge

Figure 5: Rogue Access Point Detection

1 2 3 4 5 6 7 8 9

Comentarios a estos manuales

Sin comentarios

Extreme Networks Summit WM Series Manual de usuario Pagina 5

Comentarios a estos manuales

Relacionado con productos y manuales para Software Extreme Networks Summit WM Series