Effects Of Authentication Type On Encryption Method; Configuring 802.1X Authentication - Nortel 2360 Configuration Manual
Wlan-security switch 2300 series
Hide thumbs
Also See for 2360:
- Reference manual (480 pages) ,
- User manual (218 pages) ,
- Installation and basic configuration manual (172 pages)
Table of Contents
Advertisement
482 Configuring AAA for network users
Effects of authentication type on encryption method
Wireless users who are authenticated on an encrypted service set identifier (SSID) can have their data traffic encrypted
by the following methods:
•
Wi-Fi Protected Access (WPA) encryption
•
Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption
•
Non-WPA static WEP encryption
(For encryption details, see
The authentication method you assign to a user determines the encryption available to the user. Users configured for
EAP authentication, MAC authentication, Web, or last-resort authentication can have their traffic encrypted as follows:
EAP
Authentication
WPA encryption Static WEP
Dynamic WEP
encryption
Wired users are not eligible for the encryption performed on the traffic of wireless users, but they can be authenticated
by an EAP method, a MAC address, or a Web login page served by the WSS.
Configuring 802.1X authentication
The IEEE 802.1X standard is a framework for passing EAP protocols over a wired or wireless LAN. Within this frame-
work, you can use TLS, PEAP-TTLS, or EAP-MD5. Most EAP protocols can be passed through the WSS to the
RADIUS server. Some protocols can be processed locally on the WSS.
The following 802.1X authentication command allows differing authentication treatments for multiple users:
set authentication dot1x {ssid ssid-name | wired} user-wildcard [bonded] protocol method1
[method2] [method3] [method4]
For example, the following command authenticates wireless user Tamara, when requesting SSID wetlands, as an 802.1X
user using the PEAP-MS-CHAP-V2 method via the server group shorebirds, which contains one or more RADIUS
servers:
WSS# set authentication dot1x ssid wetlands Tamara peap-mschapv2 shorebirds
When a user attempts to connect through 802.1X, the following events occur:
1
For each 802.1X login attempt, WSS Software examines each command in the configuration file in strict
configuration order.
2
The first command whose SSID and user wildcard matches the SSID and incoming username is used to
process this authentication. The command determines exactly how this particular login attempt is
processed by the WSS.
NN47250-500 (320657-F Version 02.01)
"Configuring user encryption" (page
MAC
Authentication
No encryption
(if SSID is
unencrypted)
291).)
Last-Resort
Web-based AAA
Static WEP
Static WEP
No encryption
No encryption
(if SSID is
(if SSID is
unencrypted)
unencrypted)
- Quick Links:
- Using the Command-Line Interface
Hide quick links:
Advertisement
Table of Contents
