Table of Contents
Advertisement
Chapter 10
Configuring Authentication Types
intruder who calculates the WEP key by comparing the unencrypted and encrypted text strings. Because
of this weakness, shared key authentication can be less secure than open authentication. Like open
authentication, shared key authentication does not rely on a RADIUS server on your network.
Figure 10-2
using shared key authentication. In this example the device's WEP key matches the bridge's key, so it
can authenticate and communicate.
Figure 10-2 Sequence for Shared Key Authentication
Switch on
LAN 1
EAP Authentication to the Network
This authentication type provides the highest level of security for your wireless network. By using the
Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server, the root
bridge helps another bridge and the RADIUS server to perform mutual authentication and derive a
dynamic unicast WEP key. The RADIUS server sends the WEP key to the root bridge, which uses it for
all unicast data signals that it sends to or receives from the non-root bridge. The root bridge also encrypts
its broadcast WEP key (entered in the bridge's WEP key slot 1) with the non-root bridge's unicast key
and sends it to the non-root bridge.
OL-4059-01
shows the authentication sequence between a device trying to authenticate and an bridge
Non-Root Bridge
with
WEP key = 123
1. Authentication request
2. Unencrypted challenge
3. Encrypted challenge response
4. Authentication response
Cisco Aironet 1400 Series Wireless Bridges Software Configuration Guide
Switch on
Root Bridge
LAN 2
with
WEP key = 123
Understanding Authentication Types
10-3
Advertisement
Table of Contents
