Lancom Enhanced Passphrase Security - Lancom L-310agn Wireless Manual

The passphrases for 802.11i or WPA do not have to be changed quite so
regularly as new keys are generated for each connection anyway. This is
not the only reason that the encryption with 802.11i/AES or WPA/TKIP is
so much more secure than the now obsolete WEP method. If you use WEP
encryption to maintain compatibility with older WLAN clients, regularly
change the WEP key in your access point.
If the data is of a high security nature, further improvements include addi-
tionally authenticating the client with the 802.1x method ('802.1x / EAP'
→
page 45) or activate an additional encryption of the WLAN connection
as used for VPN tunnels ('IPSec over WLAN'
a combination of these two mechanisms is possible.
Detailed information about WLAN security and the various encryption

methods are to be found in the LCOS reference manual.
4.1.2 802.1x / EAP
The international industry standard IEEE 802.1x and the Extensible Authenti-
cation Protocol (EAP) enable access points to carry out reliable and secure
access checks. The access data can be managed centrally on a RADIUS server
(integrated RADIUS/EAP server in the L-300 Access Point or external RADIUS/
EAP server) and accessed by the access point when required. The dynamically
generated and cryptographically secure key material for 802.11i (WPA1/2)
replaces the manual key management.
The IEEE-802.1x technology has already been fully integrated since Windows
XP. Client software exists for other operating systems. The drivers for the
LANCOM AirLancer wireless cards feature an integrated 802.1x client.
4.1.3

LANCOM Enhanced Passphrase Security

With LEPS (LANCOM Enhanced Passphrase Security), LANCOM Systems has
developed an efficient method that makes use of the simple configuration of
IEEE 802.11i with passphrase, but that avoids the potential error sources in
passphrase distribution. LEPS uses an additional column in the ACL to assign
an individual passphrase consisting of any 4 to 64 ASCII characters to each
MAC address. The connection to the access point and the subsequent encryp-
tion with IEEE 802.11i or WPA is only possible with the right combination of
passphrase and MAC address.
LEPS can be used locally in the device and can also be centrally managed with
the help of a RADIUS server, and it works with all WLAN client adapters cur-
rently available on the market without modification. Full compatibility to
LANCOM L-300 Access Point series
Chapter 4: Security settings
→
page 46). In special cases,
45