802.1X / Eap; Lancom Enhanced Passphrase Security - Lancom WLC-4006 Manual

Wlan controller

Hide thumbs Also See for WLC-4006:

User manual (113 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

page of 148

/ 148
Contents
Table of Contents
Bookmarks

Table of Contents

LANCOM WLC series

Chapter 5: Security settings



5.1.2

802.1x / EAP

The international industry standard IEEE 802.1x and the Extensible Authenti-

cation Protocol (EAP) enable access points to carry out reliable and secure

access checks. The access data can be managed centrally on a RADIUS server

(integrated RADIUS/EAP server in the WLAN Controller or external RADIUS/

EAP server) and accessed by the access point when required. The dynamically

generated and cryptographically secure key material for 802.11i (WPA1/2)

replaces the manual key management.

The IEEE-802.1x technology has already been fully integrated since Windows

XP. Client software exists for other operating systems. The drivers for the

LANCOM AirLancer wireless cards feature an integrated 802.1x client.

5.1.3

LANCOM Enhanced Passphrase Security

With LEPS (LANCOM Enhanced Passphrase Security), LANCOM Systems has

developed an efficient method that makes use of the simple configuration of

IEEE 802.11i with passphrase, but that avoids the potential error sources in

passphrase distribution. LEPS uses an additional column in the ACL to assign

an individual passphrase consisting of any 4 to 64 ASCII characters to each

MAC address. The connection to the access point and the subsequent encryp-

tion with IEEE 802.11i or WPA is only possible with the right combination of

passphrase and MAC address.

118

The passphrases for 802.11i or WPA do not have to be changed quite so

regularly as new keys are generated for each connection anyway. This is

not the only reason that the encryption with 802.11i/AES or WPA/TKIP is

so much more secure than the now obsolete WEP method. If you use WEP

encryption to maintain compatibility with older WLAN clients, regularly

change the WEP key in your access point and limit these clients to a sep-

arate SSID for lower security requirements assigning a dedicated VLAN ID

(if possible).

If the data is of a high security nature, further improvements include addi-

tionally authenticating the client with the 802.1x method ('802.1x / EAP'

→

page 118) or activate an additional encryption of the WLAN connec-

tion as used for VPN tunnels ('IPSec over WLAN'

cases, a combination of these two mechanisms is possible.

Detailed information about WLAN security and the various encryption

methods are to be found in the LCOS reference manual.

→

page 119). In special

Table of Contents

This manual is also suitable for:

Wlc-4025+Wlc-4100

802.1X / Eap; Lancom Enhanced Passphrase Security - Lancom WLC-4006 Manual

802.1x / EAP

LANCOM Enhanced Passphrase Security

Related Manuals for Lancom WLC-4006

Related Content for Lancom WLC-4006

This manual is also suitable for:

Table of Contents