User's Manual

Virtual Network Services

hwc_vnsintro.fm

Data protection on a VNS—WEP and WPA

A31003-W1050-U100-2-7619

, March 2008

156 HiPath Wireless Controller, Access Points and Convergence Software V5 R1 , C20/C2400 User Guide

different topology definition than the parent VNS, as well as having its own set

of filter definitions. Filter IDs returned in association with a Login-LAT-Group

definition are applied to the user, in relation to the sub-VNS indicated by the

default filter is applied.

The following is a high-level description of how HiPath Wireless Controller filters

traffic:

Step One – The HiPath Wireless Controller attempts to match each packet of a

VNS to the filtering rules that apply to the wireless device user.

Step Two – If a filtering rule is matched, the operation to allow or deny is

executed.

Step Three – The next packet is fetched for filtering.

5.7 Data protection on a VNS—WEP and WPA

On wireless and wired networks, data is protected by encryption techniques. The

type of data protection that is available depends on the VNS assignment mode:

• SSID – Only WEP and WPA (1or 2)-PSK privacy types are available

• AAA – WEP, Dynamic WEP, and WPA (1 or 2) privacy types are available

Data protection encryption techniques

• Wired Equivalent Privacy (WEP) – WEP encrypts data sent between

wireless nodes. Each node must use the same encryption key.

• Wi-Fi Protected Access Privacy (WPA v.1 and v.2) – Encryption is by

Advanced Encryption Standard (AES) or by Temporal Key Integrity Protocol

(TKIP). Two modes are available:

• Enterprise – Specifies 802.1x authentication and requires an

authentication server

• Pre-Shared Key (PSK) – Relies on a shared secret. The PSK is a shared

secret (pass-phrase) that must be entered in both the Wireless AP or

router and the WPA clients.

Note: The Wireless 802.11n AP does not support WPA v.1 and v.2 encryption.

For more information, see Section 6.11, “Configuring privacy for a VNS”, on

page 208.