Effects Of Authentication Type On Encryption Method - 3Com WX1200 3CRWX120695A Configuration Manual

448 C 21: C
HAPTER ONFIGURING
Effects of
Authentication Type
on Encryption
Method
AAA N U
FOR ETWORK SERS
Table 39 Three Basic WX Approaches to EAP Authentication (continued)
Approach Description
Offload The WX switch offloads all EAP processing from a RADIUS server by
establishing a TLS session between the switch and the client. In this
case, the switch needs a digital certificate. When you use offload,
RADIUS can still be used for non-EAP authentication and
authorization.
Wireless users who are authenticated on an encrypted service set
identifier (SSID) can have their data traffic encrypted by the following
methods:
Wi-Fi Protected Access (WPA) encryption
Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption
Non-WPA static WEP encryption
(For encryption details, see Chapter 13, "Configuring User Encryption,"
on page 281.)
The authentication method you assign to a user determines the
encryption available to the user. Users configured for EAP authentication,
MAC authentication, Web, or last-resort authentication can have their
traffic encrypted as shown in Table 40.
Table 40 Encryption Available to Various Authentication Methods
Eap MAC
Authentication Authentication
WPA encryption Static WEP
Dynamic WEP No encryption
encryption (if SSID is
unencrypted)
Wired users are not eligible for the encryption performed on the traffic of
wireless users, but they can be authenticated by an EAP method, a MAC
address, or a Web login page served by the WX switch.
Last-Resort WebAAA
Static WEP Static WEP
No encryption No encryption
(if SSID is (if SSID is
unencrypted) unencrypted)