Reference Manual for the NETGEAR ProSafe 802.11g Wireless Access Point WG302
•
Key management. WPA/WPA2 features a robust key generation/management system that
integrates the authentication and data privacy functions. Keys are generated after successful
authentication and through a subsequent 4-way handshake between the station and Access
Point (AP).
•
Data Privacy (Encryption). Temporal Key Integrity Protocol (TKIP) is used to wrap WEP in
sophisticated cryptographic and security techniques to overcome most of its weaknesses.
•
Data integrity. TKIP includes a message integrity code (MIC) at the end of each plaintext
message to ensure messages are not being spoofed.
WPA/WPA2 Authentication: Enterprise-level User
Authentication via 802.1x/EAP and RADIUS
Wireless LAN
WPA/WPA2
enabled
wireless
client with
"supplicant"
Figure 8-3
IEEE 802.1x offers an effective framework for authenticating and controlling user traffic to a
protected network, as well as providing a vehicle for dynamically varying data encryption keys via
EAP from a RADIUS server, for example. This framework enables using a central authentication
server, which employs mutual authentication so that a rogue wireless user does not join the
network.
Wireless Networking Basics
WPA/WPA2
enabled
Authenticated
Access Point
using
pre-shared key
Ports Opened
or 802.1x
Authenticated
v0.1, December 2005
Wired Network with Optional
802.1x Port Based Network
Access Control
TCP/IP
Ports Closed
Until
RADIUS Server
Authentication
TCP/IP
After
Certificate
Authority
Login
(for
example
Win Server,
VeriSign)
B-11