Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 3500 Series
21222324252627282930
Introduction
Altitude 3500 Series Access Point Product Reference Guide
22
WPA addresses the weaknesses of WEP by including:
a per-packet key mixing function
a message integrity check
an extended initialization vector with sequencing rules
a re-keying mechanism
WPA uses an encryption method called Temporal Key Integrity Protocol (TKIP). WPA employs 802.1X and
Extensible Authentication Protocol (EAP).
For detailed information on WPA using TKIP configurations, see “Configuring WPA/WPA2 Using
TKIP” on page 183.
WPA2-CCMP (802.11i) Encryption
WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected
Access (WPA) and WEP. Counter-mode/CBC-MAC Protocol (CCMP) is the security standard used by the
Advanced Encryption Standard (AES). AES serves the same function TKIP does for WPA-TKIP. CCMP
computes a Message Integrity Check (MIC) using the proven Cipher Block Message Authentication Code
(CBC-MAC) technique. Changing just one bit in a message produces a totally different result.
WPA2-CCMP is based on the concept of a Robust Security Network (RSN), which defines a hierarchy of
keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator provides are used to
derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The
end result is an encryption scheme as secure as any the Altitude 35xx provides.
For detailed information on WPA2-CCMP, see “Configuring WPA2-CCMP (802.11i)” on page 185.
Firewall Security
A firewall keeps personal data in and hackers out. The Altitude 35xx’s firewall prevents suspicious
Internet traffic from proliferating the access point managed network. The Altitude 35xx access point
performs Network Address Translation (NAT) on packets passing to and from the WAN port. This
combination provides enhanced security by monitoring communication with the wired network.
For detailed information on configuring the access point’s firewall, see “Configuring Firewall Settings
on page 188.
VPN Tunnels
Virtual Private Networks (VPNs) are IP-based networks using encryption and tunneling providing users
remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the
public network to another LAN, without sacrificing security. A VPN behaves like a private network;
however, because the data travels through the public network, it needs several layers of security. The
access point can function as a robust VPN gateway.
For detailed information on configuring VPN security support, see “Configuring VPN Tunnels” on
page 194.