Table of Contents
Advertisement
enhance the security of the CCMP encryption mechanism. During the encryption process, CCMP uses a
48-bit PN to ensure that each encrypted packet uses a different PN. This improves security to a certain extent.
Client access authentication
PSK authentication
1.
To implement PSK authentication, the client and the authenticator must have the same shared key configured.
Otherwise, the client cannot pass PSK authentication.
802.1X authentication
2.
As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the port
level. A device connected to an 802.1X-enabled port of a WLAN access control device can access the
resources on the WLAN only after passing authentication.
MAC address authentication
3.
MAC address authentication does not require any client software. The MAC address of a client is compared
against a predefined list of allowed MAC addresses. If a match is found, the client can pass the
authentication and access the WLAN; if not, the authentication fails and access is denied. The entire process
does not require the user to enter a username or password. This type of authentication is suited to small
networks (such as families and small offices) with fixed clients.
MAC address authentication can be done locally or through a RADIUS server.
Local MAC address authentication: A list of usernames and passwords (the MAC addresses of allowed
clients) is created on the wireless access device and the clients are authenticated by the wireless access
device. Only clients whose MAC addresses are included in the list can pass the authentication and
access the WLAN.
MAC address authentication through RADIUS server: The wireless access device serves as the RADIUS
client and sends the MAC address of each requesting client to the RADIUS server. If the client passes the
authentication on the RADIUS server, the client can access the WLAN within the authorization assigned
by the RADIUS server. In this authentication mode, if different domains are defined, authentication
information of different SSIDs are sent to different RADIUS servers based on their domains.
For more information about access authentication, see Security Configuration Guide.
Protocols and standards
IEEE Standard for Information technology—Telecommunications and information exchange between
systems— Local and metropolitan area networks— Specific requirements -2004
WI-FI Protected Access—Enhanced Security Implementation Based On IEEE P802.1 1i Standard-Aug
2004
Information technology—Telecommunications and information exchange between systems—Local and
metropolitan area networks—Specific requirements—802.1 1, 1999
IEEE Standard for Local and metropolitan area networks "Port-Based Network Access Control"
802.1X™- 2004
802.1 1i IEEE Standard for Information technology—Telecommunications and information exchange
between systems—Local and metropolitan area networks—Specific requirements
30
Advertisement
Table of Contents
