Also called 802.1X for 802.11. 802.1X is the new standard for wireless LAN security, as defined by the Institute of Electrical and Electronics Engineers (IEEE). An access point that supports 802.1X and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS) server, to which the access point communicates over the wired network.
The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) 2.4-GHz wireless LANs.
The IEEE standard that governs the deployment of 5-GHz OFDM systems. It specifies the implementation of the physical layer for wireless UNII bands (see
UNII 1, and
UNII 2) and provides four channels per 100 MHz of bandwidth.
The IEEE standard that specifies carrier sense media access control and physical layer specifications for 5.5- and 11-Mbps 2.4-GHz wireless LANs.
A wireless LAN data transceiver that uses radio waves to connect a wired network with wireless stations.
ad hoc network
A wireless network composed of stations without access points.
A set of characters that contains both letters and numbers.
A station is configured properly to allow it to wirelessly communicate with an access point.
Specifies the amount of the frequency spectrum that is usable for data transfer. It identifies the maximum data rate that a signal can attain on the medium without encountering significant power loss.
Binary phase shift keying. A modulation technique used by IEEE 802.11-compliant wireless LANs for transmission at 1 Mbps.
broadcast key rotation
A security feature for use with dynamic WEP keys. If your client adapter uses LEAP, EAP-FAST, EAP-TLS, PEAP, or EAP-SIM authentication and you enable this feature, the access point changes the dynamic broadcast WEP key that it provides at the interval you choose.
Complementary code keying. A modulation technique used by IEEE 802.11b-compliant wireless LANs for transmission at 5.5 and 11 Mbps.
Cisco Centralized Key Management. Using CCKM, authenticated client devices can roam from one access point to another without any perceptible delay during reassociation. An access point on your network provides wireless domain services (WDS) and creates a cache of security credentials for CCKM-enabled client devices on the subnet. The WDS access point's cache of credentials dramatically reduces the time required for reassociation when a CCKM-enabled client device roams to a new access point.
Cisco Key Integrity Protocol. Cisco's WEP key permutation technique based on an early algorithm presented by the IEEE 802.11i security task group.
A radio device that uses the services of an access point to communicate wirelessly with other devices on a local area network.
Carrier sense multiple access. A wireless LAN media access method specified by the IEEE 802.11 specification.
cyclic redundancy check (CRC)
A method of checking for errors in a received packet.
The range of data transmission rates supported by a device. Data rates are measured in megabits per second (Mbps).
A ratio of decibels to an isotropic antenna that is commonly used to measure antenna gain. The greater the dBi value, the higher the gain and the more acute the angle of coverage.
Dynamic Host Configuration Protocol. A protocol available with many operating systems that automatically issues IP addresses within a specified range to devices on the network. The device retains the assigned address for a specific administrator-defined period.
A type of low-gain (2.2-dBi) antenna consisting of two (often internal) elements.
Direct-sequence spread spectrum. A type of spread spectrum radio transmission that spreads its signal continuously over a wide frequency band.
Packets that were received twice because an acknowledgement got lost and the sender retransmitted the packet.
Extensible Authentication Protocol. EAP is the protocol for the optional IEEE 802.1X wireless LAN security feature. An access point that supports 802.1X and EAP acts as the interface between a wireless client and an authentication server, such as a Remote Authentication Dial-In User Service (RADIUS) server, to which the access point communicates over the wired network.
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling. An 802.1X authentication type that is available for use with Windows 2000 and XP. Support for EAP-FAST is provided in the client adapter's firmware and the Cisco software that supports it, rather than in the operating system. With EAP-FAST, a username, password, and PAC are used by the client adapter to perform mutual authentication with the RADIUS server through an access point.
The most widely used wired local area network. Ethernet uses carrier sense multiple access (CSMA) to allow computers to share a network and operates at 10, 100, or 1000 megabits per second (Mbps), depending on the physical layer used.
A repository for files so that a local area network can share files, mail, and programs.
Software that is programmed on a memory chip and kept in a computer's semi-permanent memory.
The size at which packets are fragmented and transmitted a piece at a time instead of all at once. The setting must be within the range of 64 to 2312 bytes.
A means of communication whereby each node receives and transmits simultaneously (two-way). See also
A device that connects two otherwise incompatible networks together.
Gigahertz. One billion cycles per second. A unit of measure for frequency.
A means of communication whereby each node receives and transmits in turn (one-way). See also
A set of characters consisting of ten numbers and six letters (0-9, A-F, and a-f).
Institute of Electrical and Electronics Engineers. A professional society serving electrical engineers through its publications, conferences, and standards development activities. The body responsible for the Ethernet 802.3 and wireless LAN 802.11 specifications.
The wired Ethernet network.
A device (such as an access point, bridge, or base station) that connects client adapters to a wired LAN.
The Internet Protocol (IP) address of a station.
IP subnet mask
The number used to identify the IP subnetwork, indicating whether the IP address can be recognized on the LAN or if it must be reached through a gateway.
Internetwork Packet Exchange. The NetWare network layer protocol used for transferring data from servers to workstations.
An antenna that emits its signal in a spherical pattern.
LEAP, or EAP-Cisco Wireless, is an 802.1X authentication type that is available for use with operating systems that do not have EAP support. Support for LEAP is provided in the client adapter's firmware and the Cisco software that supports it, rather than in the operating system. With LEAP, a username and password are used by the client adapter to perform mutual authentication with the RADIUS server through an access point.
The Media Access Control (MAC) address is a unique serial number assigned to a networking device by the manufacturer.
Message integrity check. MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The client adapter's driver must support MIC functionality, and MIC must be enabled on the access point.
Any of several techniques for combining user information with a transmitter's carrier signal.
Packets transmitted to multiple stations.
The echoes created as a radio signal bounces off of physical objects.
Orthogonal frequency division multiplexing. A multicarrier modulation method for broadband wireless communications.
Packets that were discarded because the access point had a temporary overload of packets to handle.
Protected access credentials. Credentials that are either automatically or manually provisioned and used to perform mutual authentication with the RADIUS server during EAP-FAST authentication. PACs are created by the Cisco Secure ACS server and are identified by an ID. The user obtains his or her own copy of the PAC from the server, and the ID links the PAC to the profile created in ACU. When manual PAC provisioning is enabled, the PAC file is manually copied from the server and imported onto the client device.
A basic message unit for communication across a network. A packet usually includes routing information, data, and sometimes error detection information.
Quadruple phase shift keying. A modulation technique used by IEEE 802.11-compliant wireless LANs for transmission at 2 Mbps.
The frequency at which a radio operates.
A linear measure of the distance that a transmitter can send a signal.
A measurement of the weakest signal a receiver can receive and still correctly translate it into data.
Radio frequency. A generic term for radio-based technology.
A feature of some access points that allows users to move through a facility while maintaining an unbroken connection to the LAN.
A connector type unique to Cisco Aironet radios and antennas. Part 15.203 of the FCC rules covering spread spectrum devices limits the types of antennas that may be used with transmission equipment. In compliance with this rule, Cisco Aironet, like all other wireless LAN providers, equips its radios and antennas with a unique connector to prevent attachment of non-approved antennas to radios.
The packet size at which an access point issues a request to send (RTS) before sending the packet.
A radio transmission technology that spreads the user information over a much wider bandwidth than otherwise required in order to gain benefits such as improved interference tolerance and unlicensed operation.
Service set identifier. A unique identifier that stations must use to be able to communicate with an access point. The SSID can be any alphanumeric entry up to a maximum of 32 characters.
Temporal Key Integrity Protocol. Also referred to as WEP key hashing. A security feature that defends against an attack on WEP in which the intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs.
The power level of radio transmission.
Packets transmitted in point-to-point communication.
Unlicensed National Information Infrastructure. An FCC regulatory domain for 5-GHz wireless devices. UNII bands are 100 MHz wide and divided into four channels when using 802.11a OFDM modulation.
A UNII band dedicated to in-building wireless LAN applications. UNII 1 is located at 5.15 to 5.25 GHz and allows for a maximum transmit power of 40 mW (or 16 dBm) with an antenna up to 6 dBi. UNII 1 regulations require a nonremovable, integrated antenna.
A UNII band dedicated to in-building wireless LAN applications. UNII 2 is located at 5.25 to 5.35 GHz and allows for a maximum transmit power of 200 mW (or 23 dBm) with an antenna up to 6 dBi. UNII 2 regulations allow for an auxiliary, user-installable antenna.
Wireless domain services (WDS). An access point providing WDS on your wireless LAN maintains a cache of credentials for CCKM-capable client devices on your wireless LAN. When a CCKM-capable client roams from one access point to another, the WDS access point forwards the client's credentials to the new access point with the multicast key. Only two packets pass between the client and the new access point, greatly shortening the reassociation time.
Wired equivalent privacy. An optional security mechanism defined within the 802.11 standard designed to protect your data as it is transmitted through your wireless network by encrypting it through the use of encryption keys.
A computing device with an installed client adapter.
Wi-Fi Protected Access. A standards-based, interoperable security enhancement that greatly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be compatible with the upcoming IEEE 802.11i standard. WPA leverages Temporal Key Integrity Protocol (TKIP) for data protection and 802.1X for authenticated key management.