Specifications
OmniAccess Reference: AOS-W System Reference
116 Part 031652-00 May 2005
The PSK mode uses a pre-shared key (password) which is shared by all clients
on the network to establish the initial communication with the access point.
After the initial data exchange is complete and the user is authenticated, the
key is rotated such that each client uses a different key.
WPA (Wi-Fi Protected Access)
Enterprise mode: requires an authentication server and uses RADIUS protocols
for authentication and key distribution. The use of a RADIUS server centralizes
the management of user credentials.
Authentication
Authentication of users is critical to protect network resources and data. There
are a number of methods for authenticating users/clients. Authentication
verifies the identity of users attempting to associate with the network.
Authentication in and of itself is not secure. Authentication requests as with all
data transmitted over wireless should be encrypted with a form of strong
encryption.
Authentication should always be coupled with strong firewall policies and/or
Access Control Lists (ACLs) which carefully define user roles. Authenticated
users should be carefully classified and assigned roles according to their
legitimate business needs for access to various resources and data on the
network.
Alcatel AOS-W supports 3 basic types of authentication
z RADIUS
z LDAP
z MAC
RADIUS
RADIUS (Remote Authentication Dial In User Service) originally developed in
1992 is probably the most widely deployed method of client authentication.
The RADIUS protocol is described in RFC 2138 (1). It is a highly extensible UDP
client/server application protocol. A full implementation of the protocol
consists of a RADIUS server and a separate RADIUS Accounting server bound
to UDP ports 1812 and 1813 respectively. Usually, both services are combined
into a single server daemon.
RADIUS servers support several authentication methods, including:
z PPP
z PAP