Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 3500 Series
11121314151617181920
Introduction
Altitude 3500 Series Access Point Product Reference Guide
20
EAP Authentication on page 20
The following encryption techniques are supported:
WEP Encryption on page 21
KeyGuard Encryption on page 21
Wi-Fi Protected Access (WPA) Using TKIP Encryption on page 21
WPA2-CCMP (802.11i) Encryption on page 22
In addition, the access point supports the following additional security features:
Firewall Security on page 22
VPN Tunnels on page 22
Content Filtering on page 23
For an overview on the encryption and authentication schemes available, refer to “Configuring Access
Point Security” on page 169.
Kerberos Authentication
Authentication is a means of verifying information transmitted from a secure source. If information is
authentic, you know who created it and you know it has not been altered in any way since originated.
Authentication entails a network administrator employing a software “supplicant” on their computer or
wireless device.
Authentication is critical for the security of any wireless LAN device. Traditional authentication
methods are not suitable for use in wireless networks where an unauthorized user can monitor network
traffic and intercept passwords. The use of strong authentication methods that do not disclose
passwords is necessary. The access point uses the Kerberos authentication service protocol (specified in
RFC 1510) to authenticate users/clients in a wireless network environment and to securely distribute
the encryption keys used for both encrypting and decrypting.
A basic understanding of RFC 1510 Kerberos Network Authentication Service (V5) is helpful in
understanding how Kerberos functions. By default, WLAN devices operate in an open system network
where any wireless device can associate with an AP without authorization. Kerberos requires device
authentication before access to the wired network is permitted.
For detailed information on Kerberos configurations, see “Configuring Kerberos Authentication” on
page 174.
EAP Authentication
The Extensible Authentication Protocol (EAP) feature provides access points and their associated MU’s an
additional measure of security for data transmitted over the wireless network. Using EAP,
authentication between devices is achieved through the exchange and verification of certificates.
EAP is a mutual authentication method whereby both the MU and AP are required to prove their
identities. Like Kerberos, the user loses device authentication if the server cannot provide proof of
device identification.
Using EAP, a user requests connection to a WLAN through the access point. The access point then
requests the identity of the user and transmits that identity to an authentication server. The server
prompts the AP for proof of identity (supplied to the Altitude 35xx by the user) and then transmits the
user data back to the server to complete the authentication process.