Appendix B Wireless LANs
AX/DX/EX/PX Series User’s Guide
528
Key caching allows a WiFi client to store the PMK it derived through a successful authentication with an
AP. The WiFi client uses the PMK when it tries to connect to the same AP and does not need to go with
the authentication process again.
Pre-authentication enables fast roaming by allowing the WiFi client (already connected to an AP) to
perform IEEE 802.1x authentication with another AP before connecting to it.
WiFi Client WPA Supplicants
A WiFi client supplicant is the software that runs on an operating system instructing the WiFi client how to
use WPA. At the time of writing, the most widely available supplicant is the WPA patch for Windows XP,
Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" WiFi client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A"
is the RADIUS server. "DS" is the distribution system.
1 The AP passes the WiFi client's authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants or denies
network access accordingly.
3 A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and
the client.
4 The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management
system, using the PMK to dynamically generate unique data encryption keys. The keys are used to
encrypt every data packet that is wirelessly communicated between the AP and the WiFi clients.
Figure 294 WPA(2) with RADIUS Application Example
To Next Page
Loading...
