Specifications
10-8
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-5260-01
Chapter 10 Configuring Authentication Types
Understanding Authentication Types
Figure 10-6 WPA Key Management Process
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-TKIP
Table 10-1 lists the firmware and software requirements required on access points and Cisco Aironet
client devices to support WPA and CCKM key management and CKIP and WPA-TKIP encryption
protocols.
To support the security combinations in Table 10-1, your Cisco Aironet access points and Cisco Aironet
client devices must run the following software and firmware versions:
• Cisco IOS Release 12.2(13)JA or later on access points
• Install Wizard version 1.2 for 340, 350, and CB20A client devices, which includes these
components:
–
PC, LM, and PCI card driver version 8.4
–
Mini PCI and PC-cardbus card driver version 3.7
88965
Client and server authenticate to each other, generating an EAP master key
Client device
Access point
Authentication
server
Wired LAN
Server uses the EAP master key to
generate a pairwise master key (PMK)
to protect communication between the
client and the access point. (However,
if the client is using 802.1x authentication
and both the access point and the client
are configured with the same pre-shared key,
the pre-shared key is used as the PMK and
the server does not generate a PMK.)
Client and access point complete
a four-way handshake to:
Client and access point complete
a two-way handshake to securely
deliver the group transient key from
the access point to the client.
Confirm that a PMK exists and that
knowledge of the PMK is current.
Derive a pairwise transient key from
the PMK.
Install encryption and integrity keys into
the encryption/integrity engine, if necessary.
Confirm installation of all keys.