what is cisco ccna routing and switching

what is cisco ccna routing and switching.MAC address filtering is a simple form of authentication of connected devices. MAC address filtering requires defining the MAC addresses that are allowed to connect. While this is an easy way to ensure that users with defined MAC addresses are allowed to connect to the network, there is a danger that MAC addresses can be easily spoofed, and therefore it is not recommended. To configure MAC address filtering, simply select the check box on the StaticWEP configuration page, as shown in Figure 17-6.Figure 17-6 Configuring MAC Filtering17.2.3 Centralized Authentication Centralized authentication is an act of verifying a user's identity through non-locally defined means. In this case, a Public Key Infrastructure (PKI, Public Key Infrastructure) is used. o A PKI uses a digital certificate cryptographically signed by a trusted third party. The trusted third party is called a CA (CertificateAuthority). o You can say that if you are pulled over for speeding, you will probably experience a PKI. o When a patrolman approaches your window, he usually wants to see your driver's license. The patrolman will not issue you with that license; instead, he will entrust a trusted third party to do the job. This is the same concept as PKI. So, to have centralized authentication, you first need a certificate that identifies you. A certificate of identity can be obtained from something like VeriSign or Entrust, or you can obtain a certificate of identity from an already established CA server. It just so happens that Microsoft servers have a CA server that users can manage themselves. A certificate contains the following information.274 Chapter 17 Wireless Network Security AssuranceUser name. Public key. Serial number. Expiration date.CA information. When using a digital certificate. you have a CA certificate issued by a CA and a server certificate. Each device that wants to communicate uses the CA certificate to verify the signature of the other party's ID certificate. If the signatures match, the authentication is successful. As an alternative, you can use a self-signed certificate, but this has the potential to cause an initial connection error because the issuer is not trusted. This situation is easy to resolve, you just need to view the certificate and add it to your certificate store, then accept the certificate to proceed. These certificates are used for 802.1X authentication. This is a centralized authentication method that can use various Extensible Authentication Protocol (EAP, ExtensibleAuthenticationProtocol) methods to authenticate clients through an Authentication, Authorization and Accounting ( AAA, Authentication, Authorization andAccounting) server These certificates can also be used for LWAPP.These certificates can also be used for LWAPP control data, but such certificates are different from those used by 802.1X. In addition, the certificates used for Web authentication are also different from those used by 802.1X. 1.1. 802.1X and how to use it802.1X is an authentication standard developed by the IEEE. It has been used on wired networks for some time, so it is a logical choice for wireless networks as well. At its most basic level, 802.lx is a method of opening or closing ports based on conditions. A condition here means that the AAA server has authenticated the client's identity. 802.lx is a construct that uses various EAP methods in communication.802.1X has been used in wired networks for some time and will be explained in detail here in one such fact. As can be seen in Figure 17.7, a device that wants to access a wired network is called a supplicant. A supplicant is a device that can prove its identity to an authentication server using the EAP method. The authenticationserver is an AAA server that uses a list of users to authenticate the supplicant. Between these two is the authenticator, which in this network is actually the switch. The switch uses a LAN-based EAP (EAPOL, EAPoverLAN) between itself and the applicant, and then