Appendix D Wireless LANs
VMG1312-B Series User’s Guide
347
4 The RADI US server dist ribut es the PMK to the AP. The AP t hen set s up a key hierarchy and
m anagem ent system , using the PMK t o dynam ically generate unique data encrypt ion keys. The
keys are used t o encrypt every data packet that is wirelessly com m unicated bet ween the AP and
the wireless clients.
Figure 198 WPA(2) wit h RADI US Application Example
WPA(2)-PSK Application Example
A WPA( 2) -PSK applicat ion looks as follows.
1 First ent er ident ical passwords int o the AP and all wireless client s. The Pre- Shared Key (PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al charact ers (including spaces and
sym bols).
2 The AP checks each wireless client's password and allows it to j oin t he network only if t he password
m at ches.
3 The AP and wir eless clients generat e a com m on PMK (Pairwise Master Key) . The key itself is not
sent over the network, but is derived from the PSK and the SSI D.
4 The AP and wireless client s use the TKI P or AES encryption process, t he PMK and inform at ion
exchanged in a handshake t o create tem poral encryption keys. They use t hese keys t o encrypt data
exchanged bet ween t hem .
Figure 199 WPA(2) -PSK Authent ication
To Next Page
Loading...
