Motorola CB3000 User Manual page 48

3-24 CB3000 Client Bridge User's Guide
Validate Server
Certificate
Inner Authentication
Method
WPA2 Algorithm
WPA2 User ID
WPA2 Password
Clean User ID and
Password
Check to force the CB3000 to validate the Server Certificate.
Select the authentication method used inside the tunnel. Select from:
• CHAP – Challenge-Handshake Authentication Protocol (CHAP) provides
security by the Challenge-Response method of authentication.
• MS CHAP - Microsoft CHAP (MS CHAP) is Microsoft's version of the
CHAP protocol.
• MS CHAP v2 – An enhanced version of MS CHAP that plugs some
security loopholes of MS CHAP
• PAP – Password Authentication Protocol (PAP) is a basic authentication
protocol that transmits unencrypted ASCII passwords over the network.
• MD5 – Message Digest algorithm 5 (MD5) is a cryptographic hash
algorithm that uses a 128-bit hash value.
• GTC – Generic Token Card (GTC) is a protocol that enables the exchange
of clear-text authentication credentials across a network. This protocol
uses one-time password and therefore is not vulnerable to replay attacks.
EAP-GTC is generally used inside a tunnel created by TTLS or PEAP to
provide server authentication.
Select the WPA2 algorithm to use:
• TKIP – Defines a 'wrapper' that goes around an existing WEP encryption
algorithm. TKIP comprises the same encryption engine and RC4 algorithm
defined for WEP. However, the key used for encryption in TKIP is 128 bits
long.
TKIP changes the key used for each packet. The key is created by mixing
together a combination of things, including a base key (called a Pairwise
Transient Key), the MAC address of the transmitting station, and the serial
number for the packet.
• CCMP (AES) – Utilizes an Advanced Encryption Standard (AES) 128-bit
key algorithm with a 48-bit initialization vector (IV) for replay detection.
The Counter Mode (CM) component of CCMP is the algorithm providing
data privacy. The Cipher Block Chaining Message Authentication Code
(CBC-MAC) component of CCMP provides data integrity and
authentication.
• Both – Select this option to enable CB3000 to support devices that use
both TKIP and CCMP algorithms. Use this option when the number of
devices is large.
The User ID for authentication.
The WPA2 user password.
Check to prevent the CB3000 from saving the WPA user name and its
password in its cache.