Table of Contents
Advertisement
an EAP-compatible RADIUS server, the access point helps a wireless station and a RADIUS server perform
authentication.
The details below provide a general description of how IEEE 802.1x EAP authentication works. For an
example list of EAP-MD5 authentication steps, see the appendix about IEEE 802.1x.
Step 1.
The wireless station sends a "start" message to the Prestige.
Step 2.
The Prestige sends a "request identity" message to the wireless station for identity information.
Step 3.
The wireless station replies with identity information, including username and password.
Step 4.
The RADIUS server checks the user information against its user profile database and determines
whether or not to authenticate the wireless station.
6.7
Introduction to WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security specification draft. Key differences
between WPA and WEP are user authentication and improved data encryption.
6.7.1 User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate wireless clients
using an external RADIUS database. You can't use the Prestige's Local User Database for WPA
authentication purposes since the Local User Database uses EAP-MD5 which cannot be used to generate
keys. See later in this chapter and the appendices for more information on IEEE 802.1x, RADIUS and EAP.
Therefore, if you don't have an external RADIUS server you should use WPA-PSK (WPA -Pre-Shared Key)
that only requires a single (identical) password entered into each access point, wireless gateway and wireless
client. As long as the passwords match, a client will be granted access to a WLAN.
6.7.2 Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message Integrity Check
(MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and distributed by
the authentication server. It includes a per-packet key mixing function, a Message Integrity Check (MIC)
named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
Wireless LAN Setup
Figure 6-5 EAP Authentication
Prestige 660W/HW Series User's Guide
6-11
Advertisement
Chapters
Table of Contents
