Overview of the Controller, Access Points and Convergence Software solution
A31003-W1040-U101-1-7619, July 2006 DRAFT
36 HiPath Wireless Controller, Access Points and Convergence Software V4.0, C10/C100/C1000 User Guide
hwc_intro.fm
Controller, Access Points and Convergence Software and your network
● Shared Key authentication that relies on Wired Equivalent Privacy (WEP) keys
● Open System that relies on Service Set Identifiers (SSIDs)
● 802.1x that is compliant with Wi-Fi Protected Access (WPA)
● Captive Portal based on Secure Sockets Layer (SSL) protocol
The Controller, Access Points and Convergence Software system provides the centralized
mechanism by which the corresponding security parameters are configured for a group of APs.
● Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks
defined in the 802.11b standard
● Wi-Fi Protected Access version 1 (WPA1™) with Temporal Key Integrity Protocol (TKIP)
● Wi-Fi Protected Access version 2 (WPA2™) with Advanced Encryption Standard (AES)
and Counter Mode with Cipher Block Chaining Message Authentication Code (CCMP)
3.3.2.1 Authentication
The HiPath Wireless Controller relies on a RADIUS server, or authentication server, on the
enterprise network to provide the authentication information (whether the user is to be allowed
or denied access to the network). A RADIUS client is implemented to interact with infrastructure
RADIUS servers.
The HiPath Wireless Controller provides authentication using:
● Captive Portal – a browser-based mechanism that forces users to a Web page
● RADIUS (using IEEE 802.1x)
The 802.1x mechanism is a standard for authentication developed within the 802.11 standard.
This mechanism is implemented at the wireless Port, blocking all data traffic between the
wireless device and the network until authentication is complete. Authentication by 802.1x
standard uses Extensible Authentication Protocol (EAP) for the message exchange between
the HiPath Wireless Controller and the RADIUS server.
When 802.1x is used for authentication, the HiPath Wireless Controller provides the capability
to dynamically assign per-wireless-device WEP keys (called per-station WEP keys in 802.11).
Or in the case of WPA, the HiPath Wireless Controller is not involved in key assignment.
Instead, the controller is involvement in the path between RADIUS server and the user to
negotiate the appropriate set of keys. With WPA2 the material exchange produces a Pairwise
Master Key which is used by the AP and the user to derive their temporal keys. (The keys
change over time.)
In the Controller, Access Points and Convergence Software, a RADIUS redundancy feature is
provided, where you can define a failover RADIUS server (up to 2 servers) in the event that the
active RADIUS server fails.
To Next Page
Loading...
