Table of Contents
Advertisement
Figure 139 EAP Authentication
The details below provide a general description of how IEEE 802.1x EAP authentication
works.
• The wireless station sends a start message to the ZyWALL.
• The ZyWALL sends a request identity message to the wireless station for identity
information.
• The wireless station replies with identity information, including user name and password.
• The RADIUS server checks the user information against its user profile database and
determines whether or not to authenticate the wireless station.
WPA
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. Key differences
between WPA and WEP are user authentication and improved data encryption.
User Authentication
WPA applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to authenticate
wireless clients using an external RADIUS database.
Encryption
WPA improves data encryption by using Temporal Key Integrity Protocol (TKIP), Message
Integrity Check (MIC) and IEEE 802.1x.
Temporal Key Integrity Protocol (TKIP) uses 128-bit keys that are dynamically generated and
distributed by the authentication server. It includes a per-packet key mixing function, a
Message Integrity Check (MIC) named Michael, an extended initialization vector (IV) with
sequencing rules, and a re-keying mechanism.
TKIP regularly changes and rotates the encryption keys so that the same encryption key is
never used twice. The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP
that then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet that is
wirelessly communicated between the AP and the wireless clients. This all happens in the
background automatically.
ZyWALL 5/35/70 Series User's Guide
Chapter 12 Wireless Screens
245
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
