Extreme Networks Summit WM User Manual page 22

Overview of the Controller, Access Points, and WM software solution
802.1X that is compliant with Wi-Fi Protected Access (WPA)
Captive Portal based on Secure Sockets Layer (SSL) protocol
The Controller, Access Points, and WM software system provides the centralized mechanism by which
the corresponding security parameters are configured for a group of APs.
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks defined in the
802.11b standard
Wi-Fi Protected Access version 1 WPA1(TM) with Temporal Key Integrity Protocol (TKIP)
Wi-Fi Protected Access version 2 WPA2(TM) with Advanced Encryption Standard (AES) and
Counter Mode with Cipher Block Chaining Message Authentication Code (CCMP)
Authentication
The Summit WM Controller relies on a RADIUS server, or authentication server, on the enterprise
network to provide the authentication information (whether the user is to be allowed or denied access
to the network). A RADIUS client is implemented to interact with infrastructure RADIUS servers.
The Summit WM Controller provides authentication using:
Captive Portal - a browser-based mechanism that forces users to a Web page
RADIUS (using IEEE 802.1X)
The 802.1X mechanism is a standard for authentication developed within the 802.11 standard. This
mechanism is implemented at the wireless Port, blocking all data traffic between the wireless device
and the network until authentication is complete. Authentication by 802.1X standard uses Extensible
Authentication Protocol (EAP) for the message exchange between the Summit WM Controller and the
RADIUS server.
When 802.1X is used for authentication, the Summit WM Controller provides the capability to
dynamically assign per-wireless-device WEP keys (called per-session WEP keys in 802.11). Or in the
case of WPA, the Summit WM Controller is not involved in key assignment. Instead, the controller is
involved in the path between RADIUS server and the user to negotiate the appropriate set of keys. With
WPA2 the material exchange produces a Pairwise Master Key which is used by the AP and the user to
derive their temporal keys. (The keys change over time.)
In the Controller, Access Points, and WM software, a RADIUS redundancy feature is provided, where
you can define a failover RADIUS server (up to 2 servers) in the event that the active RADIUS server
fails.
Privacy
Privacy is a mechanism that protects data over wireless and wired networks, usually by encryption
techniques.
Controller, Access Points, and WM software supports the Wired Equivalent Privacy (WEP) standard
common to conventional access points.
It also provides Wi-Fi Protected Access version 1 (WPA v.1) encryption, based on Pairwise Master Key
(PMK) and Temporal Key Integrity Protocol (TKIP). The most secure encryption mechanism is WPA
version 2, using Advanced Encryption Standard (AES).
22
Summit WM User Guide, Software Version 5.3