Table of Contents
Advertisement
WAB–3000 Wireless Access Point
• 4-way handshake: The 4-way handshake defined in 802.11i
achieves the following important goals within the security
protocol:
–
it confirms the PMK between the supplicant (client) and
authenticator (Access Point)
–
it establishes the temporal keys to be used by the data-confi-
dentiality protocol
–
it authenticates the security parameters that were negotiated
–
it provides keying material to implement the group key
handshake within 802.11i
•
AES CCMP: 802.11i and WPA2 employ AES CCM, which is a com-
bination of AES Counter (CTR) mode per packet data encryption,
combined with AES Cipher Block Chaining – Message Authentica-
tion Code (CBC-MAC) per packet data integrity / authentication
of the entire packet including the MAC header. AES CCMP has
been deemed to surpass the RC4 stream cipher, upon which the
older WEP and WPA security protocols are based.
Wireless VLAN
According to the IEEE, VLANs define broadcast domains in a Layer
2 network. VLANs have the same attributes as physical LANs with the
additional capability to group end stations physically to the same LAN
segment regardless of the end stations' geographical location
To interconnect two different VLANs, routers or Layer 3 switches are
used. These routers or Layer 3 switches execute inter-VLAN routing or
routing of traffic between VLANs. Broadcast traffic is then terminated
and isolated by these Layer 3 devices (for example, a router or Layer 3
switch will not route broadcast traffic from one VLAN to another).
Wireless VLAN is an extension of Layer 2 wired VLANs in wireless
LAN (WLAN) environment. As with wired VLANs, wireless VLANs
segregate the WLAN network into disjointed sections, each of which
can serve a different purpose or users, such as engineering, accounting
or guest. To get the same network configuration, with VLAN incapable
APs, a set of APs need to be installed for each network section; but with a
VLAN capable AP, like the WAB–3000, one AP can serve multiple sec-
tions with traffic segregated inside the AP, so that only one set of APs is
needed.
When wireless VLAN is enabled, an AP can be configured to have
multiple SSIDs, so that it supports multiple wireless networks. Each net-
work, per configuration, belongs to a VLAN. A wireless client talks with
the AP inside a wireless network defined by an SSID, so it does not know
the wireless VLAN exists. The mapping between the wireless network
and the wireless VLAN happens inside the AP. Each Wireless VLAN
can set its own security level. For example, the VLAN for an enterprise
8
Chapter 1: Introduction
29000171-001 A
Advertisement
Table of Contents
