The shared key authentication process is as follows:
1. A wireless client initiates an authentication request to an AP. The AP then generates
a Challenge packet (a character string) and sends it to the wireless client.
2. The wireless client generates a new message based on the received character string,
encrypts the message with a key, and then sends the message to the AP.
3. After receiving the message from the wireless client, the AP decrypts it with a key
and then compares the decrypted character string with the original character string
sent to the wireless client. If the two character strings are the same, the wireless client
and AP have the same shared key and the wireless client passes shared key
authentication. Otherwise, the wireless client fails to be authenticated.
WLAN Service Data Security
Compared with wired networks, WLANs have data security risks. All the WLAN devices in an
area share the same transmission medium, and any WLAN device can receive data from all the
other WLAN devices. This makes WLAN access data vulnerable to attacks.
The 802.11 protocol is dedicated to addressing security threats on WLANs. In addition to
authentication, it encrypts data packets and allows only specified devices to successfully decrypt
the data packets. Other devices can receive data packets but fail to decrypt these packets because
they lack the required key. This protects WLAN data.
Currently, the AR1200 supports RC4 encryption, Temporal Key Integrity Protocol (TKIP)
encryption, and Counter Mode with Cipher Block Chaining Message Authentication Code
Protocol (CCMP) encryption.
User Access Authentication
Three types of user access authentication are used:
l Pre-shared key (PSK) authentication
PSK authentication requires a wireless client and an AP to be configured with the same
pre-shared key. If their pre-shared keys are the same, the wireless client passes PSK
authentication; otherwise, the wireless client fails to be authenticated.
l 802.1x authentication
The 802.1x protocol is a port-based network access control protocol. It authenticates and
controls user devices connected to an interface on a WLAN access device. User devices
connected to the interface can access WLAN resources only after they are authenticated.
l MAC address authentication
MAC address authentication controls the network access authority of a user based on the
access interface and MAC address of the user. The user does not need to install any client
software. After detecting the MAC address of the user for the first time, a WLAN access
device starts authenticating the user.
2.2 WLAN Security Features Supported by the AR1200
The AR1200 supports a variety of WLAN security features, including access security policy
management, station (STA) blacklist and whitelist management, and user isolation.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - WLAN 2 WLAN Security Configuration
Issue 03 (2012-01-06) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26
To Next Page
Loading...
Need help?
General
