Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment1231G - Aironet - Wireless Access Point
111112113114115116117118119120
Chapter 4 Security Setup
Security Overview
4-6
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-01
When mutual authentication is complete, the RADIUS server and the client
determine a WEP key that is unique to the client and provides the client with
the appropriate level of network access, thereby approximating the level of
security in a wired switched segment to an individual desktop. The client
loads this key and prepares to use it for the logon session.
During the logon session, the RADIUS server encrypts and sends the WEP
key, called a session key, over the wired LAN to the access point. The access
point encrypts its broadcast key with the session key and sends the encrypted
broadcast key to the client, which uses the session key to decrypt it. The client
and access point activate WEP and use the session and broadcast WEP keys
for all communications during the remainder of the session.
There is more than one type of EAP authentication, but the access point
behaves the same way for each type: it relays authentication messages from
the wireless client device to the RADIUS server and from the RADIUS server
to the wireless client device. See the Setting Up EAP Authentication
section on page 4-19 for instructions on setting up EAP on the access point.
Note If you use EAP authentication, you can select open or shared key
authentication, but you dont have to. EAP authentication controls
authentication both to your access point and to your network.
MAC addressThe access point relays the wireless client devices MAC
address to a RADIUS server on your network, and the server checks the
address against a list of allowed MAC addresses. If you dont have a RADIUS
server on your network, you can create the list of allowed MAC addresses on
the access points Address Filters page. Devices with MAC addresses not on
the list are not allowed to authenticate. Intruders can create counterfeit MAC
addresses, so MAC-based authentication is less secure than EAP
authentication. However, MAC-based authentication provides an alternate
authentication method for client devices that do not have EAP capability. See
the Setting Up MAC-Based Authentication section on page 4-28 for
instructions on enabling MAC-based authentication.
Figure 4-3 shows the authentication sequence for MAC-based authentication.