Appendix B Wireless LANs
VMG/XMG Series User’s Guide
404
Key caching allows a wireless client to store the PMK it derived through a successful authentication with
an AP. The wireless client uses the PMK when it tries to connect to the same AP and does not need to go
with the authentication process again.
Pre-authentication enables fast roaming by allowing the wireless client (already connecting to an AP) to
perform IEEE 802.1x authentication with another AP before connecting to it.
Wireless Client WPA Supplicants
A wireless client supplicant is the software that runs on an operating system instructing the wireless client
how to use WPA. At the time of writing, the most widely available supplicant is the WPA patch for
Windows XP, Funk Software's Odyssey client.
The Windows XP patch is a free download that adds WPA capability to Windows XP's built-in "Zero
Configuration" wireless client. However, you must run Windows XP to use it.
WPA(2) with RADIUS Application Example
To set up WPA(2), you need the IP address of the RADIUS server, its port number (default is 1812), and the
RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. "A"
is the RADIUS server. "DS" is the distribution system.
1 The AP passes the wireless client's authentication request to the RADIUS server.
2 The RADIUS server then checks the user's identification against its database and grants or denies
network access accordingly.
3 A 256-bit Pairwise Master Key (PMK) is derived from the authentication process by the RADIUS server and
the client.
4 The RADIUS server distributes the PMK to the AP. The AP then sets up a key hierarchy and management
system, using the PMK to dynamically generate unique data encryption keys. The keys are used to
encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.
Figure 253 WPA(2) with RADIUS Application Example
To Next Page
Loading...
