User's Manual
Appendix D Wireless LANs
B222s User’s Guide
239
WPA(2) with RADIUS Application Example
To set up WPA(2) , you need the I P address of the RADI US server, it s port num ber ( default is 1812) ,
and t he RADI US shared secret . A WPA( 2) application exam ple wit h an ext er nal RADI US server
looks as follows. " A" is t he RADI US server. "DS" is t he distribut ion system .
1 The AP passes t he wireless client 's aut hent icat ion request t o t he RADI US server.
2 The RADI US ser ver t hen checks t he user's ident ification against its dat abase and grants or denies
network access accordingly.
3 A 256- bit Pairwise Mast er Key ( PMK) is der ived from the authent icat ion process by t he RADI US
server and t he client .
4 The RADI US server dist ribut es the PMK t o t he AP. The AP t hen set s up a key hierarchy and
m anagem ent syst em , using t he PMK t o dynam ically generat e unique data encrypt ion keys. The
keys are used t o encrypt every dat a packet that is wirelessly com municated bet ween t he AP and
the wireless client s.
Figure 166 WPA( 2) wit h RADI US Applicat ion Exam ple
WPA(2)-PSK Application Example
A WPA(2) -PSK application looks as follows.
1 First ent er identical passw ords int o t he AP and all wireless client s. The Pre- Shared Key (PSK) m ust
consist of bet ween 8 and 63 ASCI I charact ers or 64 hexadecim al characters ( including spaces and
sym bols) .
2 The AP checks each w ireless client 's passw ord and allows it t o j oin the network only if t he password
m at ches.
3 The AP and wireless client s generat e a com m on PMK ( Pairwise Mast er Key) . The key it self is not
sent over t he net work, but is derived from t he PSK and t he SSI D.