EasyManua.ls Logo

3Com 3CRWX120695A - Page 262

3Com 3CRWX120695A
570 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
262 CHAPTER 6: CONFIGURING WIRELESS PARAMETERS
Configuring WPA
WPA is a security enhancement to the IEEE 802.11 wireless standard.
WPA provides enhanced encryption with new cipher suites and provides
per-packet message integrity checks. WPA is based on Draft 3 of the
802.11i standard. You can use WPA with 802.1X authentication. If the
client does not support 802.1X, you can use a preshared key on the MAP
and the client for authentication.
WPA Authentication Methods
You can configure MAP access points to support one or both of the
following authentication methods for WPA clients:
802.1X — The MAP and client use an Extensible Authentication
Protocol (EAP) method to authenticate one another, then use the
resulting key in a handshake to derive a unique key for the session.
802.1X authentication requires user information to be configured on
AAA servers or in the WX switch’s local database. This is the default
WPA authentication method.
Preshared key (PSK) — a MAP and a client authenticate one another
based on a key that is statically configured on both devices. The
devices use the key in a handshake to derive a unique key for the
session. For a given radio profile, you can globally configure a PSK for
use with all clients. You can configure the key by entering an ASCII
passphrase or by entering the key itself in raw (hexadecimal) form.
For a MAC client that authenticates using a PSK, the RADIUS servers
or local database must contain an authentication rule and an
authorization rule for the client, to assign the client to a VLAN.
WPA Cipher Suites
WPA supports the following cipher suites for packet encryption, listed
from most secure to least secure:
Counter Mode with Cipher Block Chaining Message Authentication
Code Protocol (CCMP) — CCMP provides Advanced Encryption
Standard (AES) data encryption. To provide message integrity, CCMP
uses the Cipher Block Chaining Message Authentication Code
(CBC-MAC).
Temporal Key Integrity Protocol (TKIP) — TKIP uses the RC4 encryption
algorithm, a 128-bit encryption key, a 48-bit initialization vector (IV),
and a message integrity code (MIC) called Michael.

Table of Contents

Other manuals for 3Com 3CRWX120695A

Preview: User Guide
User Guide190 pages
Preview: Command Reference
Command Reference526 pages
Preview: Installation And Basic Configuration Guide
Installation And Basic Configuration Guide108 pages

Related product manuals