Eap, Eap Psk And Eap Mac - Motorola Solutions WiNG 5.2.6 Reference Manual

6.1.2.1 802.1x EAP, EAP PSK and EAP MAC

Configuring WLAN Security
The Extensible Authentication Protocol (EAP) is the de-facto standard authentication method used to provide secure
authenticated access to WLANs. EAP provides mutual authentication, secured credential exchange, dynamic keying and
strong encryption. 802.1X EAP can be deployed with WEP, WPA or WPA2 encryption schemes to further protect user
information forwarded over wireless controller managed WLANs.
The EAP process begins when an unauthenticated supplicant (client device) tries to connect with an authenticator (in this
case, the authentication server). An access point passes EAP packets from the client to an authentication server on the
wired side of the access point. All other packet types are blocked until the authentication server (typically, a RADIUS
server) verifies the client's identity.
802.1X EAP provides mutual authentication over the WLAN during authentication. The 802.1X EAP process uses credential
verification to apply specific policies and restrictions to WLAN users to ensure access is only provided to specific wireless
controller resources.
802.1X requires a 802.1X capable RADIUS server to authenticate users and a 802.1X client installed on each devices
accessing the EAP supported WLAN. An 802.1X client is included with most commercial operating systems, including
Microsoft Windows, Linux and Apple OS X.
The RADIUS server authenticating 802.1X EAP users resides externally to the access point. User account creation and
maintenance can be provided centrally using RFMS or individually maintained on each device. If an external RADIUS
server is used, EAP authentication requests are forwarded.
When using PSK with EAP, packets are sent requesting a secure link using a pre-shared key. The access point and
authenticating device must use the same authenticating algorithm and passcode. EAP-PSK is useful when transitioning
from a PSK network to one that supports EAP. The only encryption types supported with this are TKIP, CCMP and
TKIP-CCMP.
To configure EAP on a WLAN:
1. Select Configuration
2. Select the Add
properties of an existing WLAN.
3. Select Security.
4. Select EAP, EAP PSK
Either option enables the radio buttons for various encryption option as an additional measure of security with the
WLAN that can be used with EAP.
Either select an existing
parameter to create a new AAA policy, or select the
Authentication, authorization, and accounting (AAA) is a framework for intelligently controlling access to the network,
enforcing user authorization policies and auditing and tracking usage. These combined processes are central for
securing wireless client resources and wireless network data flows. For information on defining a new AAA policy,
see AAA Policy on page
5. Select the Reauthentication
set the number of seconds (between 30 - 86,400) that, once exceeded, forces the EAP supported client to
reauthenticate to use the resources supported by the WLAN.
6. Select OK to update the WLAN's EAP configuration. Select
> Wireless > Wireless LANs
button to create an additional WLAN, or select and existing WLAN and
or EAP MAC as the Authentication Type.
AAA Policy from the drop-down menu, select the
6-71.
radio button to force EAP supported clients to reauthenticate. Use the spinner control
Wireless Configuration 6 - 9
to display a high-level display of the existing WLANs.
Create
Edit icon to modify the configuration of a selected AAA policy.
Reset to revert back to the last saved configuration.
Edit to modify the security
icon to the right of the AAA Policy