Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Secure wireless connections

Hello, all!

What should I do to avoid sniffers from scanning my network? Any advices and comments are welcomed! Thanks.

  • Security and Network Management

Re: Secure wireless connections

Since wireless devices work on layer 2, for the advance security settings you need to do some configuration in PIX or router side, if you have any.

New Member

Re: Secure wireless connections

I've heard that there are two solutions in such a situation: to use TKIP or IPSec VPN. Is it true?

Could you explain the advantages and disadvantages of each method and give me a link to some configuration examples? Thanks a lot.

New Member

Re: Secure wireless connections

The TKIP solution is actually part of a framework called Wi-Fi Protected Access or WPA. It is an interim fix for WEP which is easily compromised. The WPA solution uses existing technologies like 802.1x and TKIP. It is meant for existing access points currently running the insecure WEP and have upgradable firmware which can then be used for WPA. With WPA, you can place your APs on the internal LAN.

The VPN solution is a very good alternative where you place your APs on the outside of the LAN. Users then have to connect via some kind of VPN client to reach the internal LAN.

The easiest and most secure solution will be 802.11i but this requires specific hardware that most current APs on the market lack. It uses AES-CCMP instead of TKIP. This IEEE standard has not been ratified yet as far as I know.

Since you are asking in a Cisco forum - currently, the Cisco APs that support WPA are the ones running IOS like the 350, 1100 and 1200. Otherwise, you can use VPN.

Check and google for above terms and you will find lots of resources including on Cisco's documentation site.

I have not personally tried the VPN solution but WPA works great for me on a 350.