Understanding Authentication Types; Open Authentication To The Access Point; Shared Key Authentication To The Access Point - Cisco Aironet 1100 Series Installation And Configuration Manual

Understanding Authentication Types

Understanding Authentication Types
This section describes the authentication types that you can configure on the access point. The
authentication types are tied to the SSIDs that you configure for the access point. If you want to serve
different types of client devices with the same access point, you can configure multiple SSIDs. See
Chapter 8, "Configuring Multiple SSIDs,"
Before a wireless client device can communicate on your network through the access point, it must
authenticate to the access point using open or shared-key authentication. For maximum security, client
devices should also authenticate to your network using MAC-address or EAP authentication,
authentication types that rely on an authentication server on your network.
The access point uses four authentication mechanisms or types and can use more than one at the same
time. These sections explain each authentication type:
•
•
•
•
•

Open Authentication to the Access Point

Open authentication allows any device to authenticate and then attempt to communicate with the access
point. Using open authentication, any wireless device can authenticate with the access point, but the
device can communicate only if its WEP keys match the access point's. Devices not using WEP do not
attempt to authenticate with an access point that is using WEP. Open authentication does not rely on a
RADIUS server on your network.
Figure 10-1
point using open authentication. In this example, the device's WEP key does not match the access point's
key, so it can authenticate but not pass data.
Figure 10-1 Sequence for Open Authentication
with WEP key = 321

Shared Key Authentication to the Access Point

Cisco provides shared key authentication to comply with the IEEE 802.11b standard. However, because
of shared key's security flaws, we recommend that you avoid using it.
During shared key authentication, the access point sends an unencrypted challenge text string to any
device attempting to communicate with the access point. The device requesting authentication encrypts
the challenge text and sends it back to the access point. If the challenge text is encrypted correctly, the
Cisco Aironet 1100 Series Access Point Installation and Configuration Guide
10-2
Open Authentication to the Access Point, page 10-2
Shared Key Authentication to the Access Point, page 10-2
EAP Authentication to the Network, page 10-3
MAC Address Authentication to the Network, page 10-5
Combining MAC-Based, EAP, and Open Authentication, page 10-5
shows the authentication sequence between a device trying to authenticate and an access
Client device
1. Authentication request
2. Authentication response
Chapter 10
for complete instructions on configuring multiple SSIDs.
Access point
or bridge
with WEP key = 123
Configuring Authentication Types
OL-2851-01