Designing a Secure Wireless LAN with the HP-UX AAA RADIUS Server
8
Chapter 2 The Secure WLAN Infrastructure
As with any network topology, a Wireless LAN design can be very simple, with little or no security
provisions, or can be increasingly complex, as security policies are addressed and WLAN
integration into an existing enterprise network is achieved. A simple WLAN can be purchased for
a few hundred dollars and configured in about an hour. A secure WLAN requires additional
components and a substantial configuration effort. Thus, similarly to an enterprise wired
network, the level of Wireless LAN security is simply a matter of money, time, and effort.
2.1 The Basic Wireless LAN
A basic Wireless LAN consists of 2 common components:
1. The client: a wireless station or a mobile device
2. The Access Point: a wireless hub connected to a wired LAN
Access points are identified by a service set identifier or SSID. The client or station is identified
by their 48-bit serial number called Medium Access Control (MAC) address.
The majority of WLAN deployments operate in an “infrastructure” mode where several wireless
stations communicate using either a wired or mobile device via a local access point. Access points
are inter-connected with Ethernet LANs or wide area networks to provide a large coverage area
similar to cellular phone topologies.
The figure above illustrates that WLANs consist of two basic components: an access point (like a
wireless hub) and a station (a client, or supplicant). Each station (client) is identified by its MAC
address, and each access point is identified by a SSID (Service Set Identifier). Two clients can
communicate with each other without the need for an access point – creating a peer-to-peer
Access Point
(
SSID
)
LAN
laptop client
(MACaddr1)
PDA client
(MACaddr2)
LaserJet client
(MACaddr3)