M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

How secure is the client data tunnel?

 
Highlighted
davehedgehog
Advisor

How secure is the client data tunnel?

Apologies if this is a repeat post - I thought i'd asked this questio but cant find it now

 

If I was to put an AP at another site and use the client data tunnel to tunnel over the internet back to the controller's internet port, is it secure and if so how secure? I assume the data is encrypted but to what level?

 

 

 

 

4 REPLIES 4
Highlighted
Fredrik Lönnman
Honored Contributor

Re: How secure is the client data tunnel?

Its not encrypted at all. For encryption you have to enable "Terminate WPA at the controller", which severely limits the maximum number of clients supported to 10 on a MSM710 and 50 on the MSM760 and 765zl. Its all in the MCG pdf.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

Highlighted
davehedgehog
Advisor

Re: How secure is the client data tunnel?

Thanks, i did check that document but it didnt explain in much detail There is a setting that allows me to choose high security/lower performance or lower security/high performance. If the tunnel is not encrypted, what does this relate to please?
Highlighted
Fredrik Lönnman
Honored Contributor

Re: How secure is the client data tunnel?

* Less security/better performance: This option provides security using a secret key that is attached to each packet. The key is rotated every 200 seconds. 
* High security/less performance : This option uses HMAC (Hash based message authentication code) to ensure the data integrity and authenticity of each packet. 
Performance is reduced due to the overhead needed to calculate HMAC.

Regardless of the security me thod used, the client tunnel does not encrypt the data stream. 
To protect client traffic with encryption requires that client stations use WPA or VPN software.

* Under  Wireless protection, enable  WPA with the Terminate WPA at the controller. This requires client stations that support WPA.
* Use  VPN-based authentication. See  Securing wireless client sessions with VPNs on page 15-3. 

 

Chapter 4: Working with VSCs -> VSC Configuration options -> Virtual AP -> Wireless Clients.

---
CCIE Service Provider
MASE Network Infrastructure [2011]
H3CSE
CCNP R&S

Highlighted
davehedgehog
Advisor

Re: How secure is the client data tunnel?

Thanks Fredrik

 

I understand now, this setting is about how the controller authenticates the data. I thought it was about how it encrypts the data