WindowsXP部署安全無(wú)線網(wǎng)PPT課件

1、pap, chap, mschap, eapadeap用戶驗(yàn)證用戶驗(yàn)證訪問(wèn)策略訪問(wèn)策略密鑰管理密鑰管理.3comuserdatabasexp 客戶端客戶端無(wú)線無(wú)線access point with 802.1xprimary ias3combackup iasdhcp serverdsds客戶端與 無(wú)線access point關(guān)聯(lián). 802.11access point 禁止對(duì)局域網(wǎng)(the virtual port)的訪問(wèn), 并應(yīng)用 802.1x 到客戶端 access point 在客戶端和 ias/radius服務(wù)器之間路由eap (extensible authentication p

2、rotocol)包 (over ethernet)如果客戶端驗(yàn)證成功, ias 告訴 access point 開(kāi)放端口. ias can return restrictions that the access point must implement for that port. these restrictions can include vlans and filters and encryption policies.after the port is opened, client initiates dhcp to get ipaddress on the connection.交互

3、過(guò)程xp client無(wú)線無(wú)線access point with 802.1x ias3comdsdsdhcpcert serverturn on user or machine cert auto-enrollment.machines/users already on 局域網(wǎng)will automatically get certificate.how do we handle users who have valid passwords, but they they do not have the auto-enrolled certificates to connect to 無(wú)線lan

4、?when client finds that it does not have certificates, it connects to network without an identity.if ias is configured to provide guest access, it tells the access point to accept the connection with restrictions accept, with a restriction to put the client into a special vlan or to apply ipfilters.

5、after connection, client gets auto-enrollment cert from ad, and establishes a new connection with the right credentials.interaction restricted lanphymacraw rate(mbps)ieee 802.11frequency hopping,direct sequencecarrier sense multiple accesscollision avoidance (csma/ca)1 or 2ieee 802.11bcomplementary

6、codekeying direct sequencecsma/ca11ieee 802.11gcck dscsma/ca22ieee 802.11aorthogonal frequencydivision multiplexingcsma/ca54hiperlan1gmskthree phase priority driven23.5hiperlan2ofdmtime division multiple access54openairfrequency hoppingcsma/ca1.6homerffrequency hoppingcsma/ca1, 10bluetoothfrequency

7、hoppingtime division multiple access1wireless physical layerwireless link layerinterface, e.g. ndisnetwork protocols, e.g.spx/ipx, tcp/ipclient applicationwireless physicallayerwireless link layerbridging functionwire link layer, e.g.ethernetwire physical layer,e.g. ethernetinterface, e.g. ndisnetwork protocols, e.g.spx/ipx, tcp/ipserver applicationphysical layerlink layeraccess pointmobileserverinternetaccesspointaccesspointethernetinternet gatewayrouting, access control, bi