Wpa-Tkip - Allen-Bradley Stratix 5100 User Manual

Chapter 12 Configuring Authentication Types
358
This figure shows the WPA key management process.
Figure 96 - WPA Key Management Process
Client device
Client and server authenticate to each other, generating an EAP master key
Client and access point complete
a four-way handshake to:
Confirm that a PMK exists and that
knowledge of the PMK is current.
Derive a pairwise transient key from
the PMK.
Install encryption and integrity keys into
the encryption/integrity engine, if necessary.
Confirm installation of all keys.
Client and access point complete
a two-way handshake to securely
deliver the group transient key from
the access point to the client.
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-
TKIP
Table 95 on page 359 lists the firmware and software requirements required on
access points and Cisco Aironet client devices to support WPA and CCKM key
management and CKIP and WPA-TKIP encryption protocols.
To support the security combinations in this table, your Stratix 5100 Wireless
Access Point/Workgroup Bridge, the device must run the following software and
firmware versions:
• Cisco IOS Release 12.2(13)JA or later on access points
• Install Wizard version 1.2 for 340, 350, and CB20A client devices, that
includes these components:
– PC, LM, and PCI card driver version 8.4
– Mini PCI and PC-cardbus card driver version 3.7
– Aironet Client Utility (ACU) version 6.2
– Client firmware version 5.30.13
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Wired LAN
Access point
Server uses the EAP master key to
generate a pairwise master key (PMK)
to protect communication between the
client and the access point. (However,
if the client is using 802.1x authentication
and both the access point and the client
are configured with the same pre-shared key,
the pre-shared key is used as the PMK and
the server does not generate a PMK.)
Authentication
server