Security
LWAPP-based systems offer several advantages over traditional individual deployments, including the following:
■ Wireless traffic enters the network over a single point (WLC) instead of multiple ingress points (APs), making traffic inspection easier.
■ The WLC is now responsible for acting as an authentication point (authenticator), so you now have to configure a single device instead of 100 to take care of authentication.
■ An AP does not have a full configuration that can be extracted if someone has physical access to it. Also, no one can tamper with the configuration because it can only be configured from the WLC, using encrypted and authenticated LWAPP control messages.
■ The WLC can authenticate the APs that try to join the wireless infrastructure to prevent the introduction of rogue APs with malicious intent.
This list accounts only for the inherent security features of LWAPP and not the different security processes that use LWAPP as encapsulation, such as rogue detection or Intrusion Detection Systems (IDS