Foundry Networks IronPoint 200 User Manual page 204

Foundry IronPoint 200 User Guide
authentication
This command defines the 802.11 authentication type allowed by the VAP interface.
Syntax
authentication <open | shared | wpa | wpa-psk | wpa-wpa2-mixed | wpa-wpa2-psk-mixed |
wpa2 | wpa2-psk> <required | supported>
• open - Accepts the client without verifying its identity using a shared key. "Open" authentication
means either there is no encryption (if encryption is disabled) or WEP-only encryption is used
(if encryption is enabled).
• shared - Authentication is based on a shared key that has been distributed to all stations. If
encryption is enabled, "shared" authentication uses WEP-only encryption.
• wpa - Clients using WPA are accepted for authentication.
• wpa-psk - Clients using WPA Pre-shared Key are accepted for authentication.
• wpa-wpa2-mixed - Clients using WPA or WPA2 are accepted for authentication.
• wpa-wpa2-psk-mixed - Clients using WPA or WPA2 Pre-shared Key are accepted for
authentication.
• wpa2 - Clients using WPA2 are accepted for authentication.
• wpa2-psk - Clients using WPA2 Pre-shared Key are accepted for authentication.
• required - Clients are required to use WPA or WPA2.
• supported - Clients may use WPA or WPA2, if supported.
Default Setting
open
Command Mode
Interface Configuration (Wireless-VAP)
Command Usage
• Shared key authentication can only be used when WEP-only is enabled with the encryption
command, and at least one static WEP key has been defined with the key command.
• When WPA or WPA2 is selected, clients are authenticated using 802.1x via a RADIUS server.
Each client has to be WPA-enabled or support 802.1X client software. A RADIUS server must
also be configured and be available in the wired network.
• When the WPA or WPA2 Pre-shared Key mode is used, the key must first be generated and
distributed to all wireless clients before they can successfully associate with the access point.
Use the wpa-preshared-key command to configure the key.
• WPA2 defines a transitional mode of operation for networks moving from WPA security to
WPA2. WPA2 Mixed Mode allows both WPA and WPA2 clients to associate to a common VAP
interface. When the encryption cipher suite is set to TKIP, the unicast encryption cipher (TKIP
or AES-CCMP) is negotiated for each client. The access point advertises it's supported
encryption ciphers in beacon frames and probe responses. WPA and WPA2 clients select the
cipher they support and return the choice in the association request to the access point. For
mixed-mode operation, the cipher used for broadcast frames is always TKIP. WEP encryption
is not allowed.
• The "required" option places the VAP into TKIP only mode. The "supported" option places the
VAP into TKIP+AES+WEP mode. The "required" mode is used in WPA-only environments.
The "supported" mode can be used for mixed environments with legacy WPA products,
21-8 © 2006 Foundry Networks, Inc. December 2006