User's Manual
Table Of Contents
- Chapter 1: Introduction 1-1
- Chapter 1: Introduction
- Chapter 2: Hardware Installation
- Chapter 3: Network Configuration
- Chapter 4: Initial Configuration
- Chapter 5: System Configuration
- Chapter 6: Command Line Interface
- Using the Command Line Interface
- Entering Commands
- Command Groups
- General Commands
- System Management Commands
- System Logging Commands
- System Clock Commands
- DHCP Relay Commands
- SNMP Commands
- snmp-server community
- snmp-server contact
- snmp-server location
- snmp-server enable server
- snmp-server host
- snmp-server trap
- snmp-server engine-id
- snmp-server user
- snmp-server targets
- snmp-server filter
- snmp-server filter-assignments
- show snmp groups
- show snmp users
- show snmp group-assignments
- show snmp target
- show snmp filter
- show snmp filter-assignments
- show snmp
- Flash/File Commands
- RADIUS Client
- 802.1X Authentication
- MAC Address Authentication
- Filtering Commands
- WDS Bridge Commands
- Spanning Tree Commands
- Ethernet Interface Commands
- Wireless Interface Commands
- interface wireless
- vap
- speed
- multicast-data-rate
- channel
- transmit-power
- radio-mode
- preamble
- antenna control
- antenna id
- antenna location
- beacon-interval
- dtim-period
- fragmentation-length
- rts-threshold
- super-g
- description
- ssid
- closed-system
- max-association
- assoc-timeout-interval
- auth-timeout-value
- shutdown
- show interface wireless
- show station
- Rogue AP Detection Commands
- Wireless Security Commands
- Link Integrity Commands
- IAPP Commands
- VLAN Commands
- WMM Commands
- Appendix A: Troubleshooting
- Appendix B: Cables and Pinouts
- Appendix C: Specifications
- Glossary
- Index
System Configuration
5-76
5
the cipher used for broadcast frames is always TKIP. WEP encryption is not
allowed.
• Key Caching: WPA2 provides fast roaming for authenticated clients by retaining
keys and other security information in a cache, so that if a client roams away from
an access point and then returns, re-authentication is not required. When a WPA2
client is first authenticated, it receives a Pairwise Master Key (PMK) that is used to
generate other keys for unicast data encryption. This key and other client
information form a Security Association that the access point names and holds in
a cache.
• Preauthentication: Each time a client roams to another access point it has to be
fully re-authenticated. This authentication process is time consuming and can
disrupt applications running over the network. WPA2 includes a mechanism,
known as pre-authentication, that allows clients to roam to a new access point and
be quickly associated. The first time a client is authenticated to a wireless network
it has to be fully authenticated. When the client is about to roam to another access
point in the network, the access point sends pre-authentication messages to the
new access point that include the client’s security association information. Then
when the client sends an association request to the new access point, the client is
known to be already authenticated, so it proceeds directly to key exchange and
association.