Specifications
8-5
Cisco Aironet Access Point Software Configuration Guide
OL-0657-07
Chapter 8 Security Setup
Security Overview
server sends the WEP key to the access point, which uses it for all unicast data
signals that it sends to or receives from the client. The access point also
encrypts its broadcast WEP key (entered in the access point’s WEP key slot
1) with the client’s unicast key and sends it to the client.
When you enable EAP on your access points and client devices,
authentication to the network occurs in the steps shown in Figure 8-2:
Figure 8-2 Sequence for EAP Authentication
In steps 1 through 9 in Figure 8-2, a wireless client device and a RADIUS
server on the wired LAN use 802.1X and EAP to perform a mutual
authentication through the access point. The RADIUS server sends an
authentication challenge to the client. The client uses a one-way encryption
of the user-supplied password to generate a response to the challenge and
sends that response to the RADIUS server. Using information from its user
database, the RADIUS server creates its own response and compares that to
the response from the client. When the RADIUS server authenticates the
client, the process repeats in reverse, and the client authenticates the RADIUS
server.
Access point
or bridge
Wired LAN
Client
device
Server
1. Authentication request
2. Identity request
3. Username
(relay to client)
(relay to server)
4. Authentication challenge
5. Authentication response
(relay to client)
(relay to server)
6. Authentication success
7. Authentication challenge
(relay to client)
(relay to server)
8. Authentication response
9. Successful authentication
(relay to server)
65583