4
The RADI US server dist ribut es t he PMK t o t he AP . The AP t hen set s up a key hierarchy and
m anagem ent syst em , using t he PMK t o dynam ically generat e unique dat a encrypt ion keys. The
keys are used t o encrypt every dat a packet t hat is wirelessly com m unicat ed bet ween t he AP and
t he wireless client s.
Figure 198 WPA( 2) wit h RADI US Applicat ion Exam ple
WPA(2)-PSK Application Example
A WPA( 2) - PSK applicat ion looks as follows.
1
First ent er ident ical passwords int o t he AP and all wireless client s. The Pre- Shared Key ( PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al charact ers ( including spaces and
sym bols) .
2
The AP checks each wireless client 's password and allows it t o j oin t he net work only if t he password
m at ches.
3
The AP and wireless client s generat e a com m on PMK ( Pairwise Mast er Key) . The key it self is not
sent over t he net work, but is derived from t he PSK and t he SSI D.
4
The AP and wireless client s use t he TKI P or AES encrypt ion process, t he PMK and inform at ion
exchanged in a handshake t o creat e t em poral encrypt ion keys. They use t hese keys t o encrypt dat a
exchanged bet ween t hem .
Figure 199 WPA( 2) - PSK Aut hent icat ion
VMG1312-B Series User's Guide
Appendix D Wireless LANs
347