Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 75
White Paper
Cisco SAFE: Wireless LAN Security in Depth
Authors
Sean Convery (CCIE #4232), Darrin Miller (CCIE #6447), and Sri Sundaralingam are
the primary authors of this white paper. Mark Doering, Pej Roshan, Stacey Albert,
Bruce McMurdo, and Jason Halpern provided significant contributions to this paper
and are the lead architects of Cisco’s reference implementation in San Jose,
California, USA. All are network architects who focus on wireless LAN, VPN, or
security issues.
Abstract
This paper provides best-practice
information to interested parties for
designing and implementing wireless LAN
(WLAN) security in networks utilizing
elements of the Cisco SAFE Blueprint for
network security. All SAFE white papers are
available at the SAFE Web site:
http://www.cisco.com/go/safe
These documents were written to provide
best-practice information on network
security and virtual-private-network (VPN)
designs. Although you can read this
document without having read either of the
two primary security design documents, it is
recommended that you read either “SAFE
Enterprise” or “SAFE Small, Midsize and
Remote-User Networks” before
continuing.
This paper frames the WLAN
implementation within the context of the
overall security design. SAFE represents a
system-based approach to security and
VPN design. This type of approach focuses
on overall design goals and translates those
goals into specific configurations and
topologies. In the context of wireless, Cisco
recommends that you also consider
network design elements such as mobility
and quality of service (QoS) when deciding
on an overall WLAN design. SAFE is based
on Cisco products and those of its partners.
This document begins with an overview of
the architecture, and then details the
specific designs under consideration.
Because this document revolves around two
principal design variations, these designs
are described fi