Manualshelf

User manual

ManualsBrandsWavion ManualsComputer equipmentWBS-2400-SCT
61626364656667686970
Managing System and Station Security
68 Wavion
Authentication Combinations
WS410 allows authentication of various types and in various combinations.
The basic 802.11 authentications are Open (none) and Shared Key. In Shared Key
Authentication, the WEP key is used as the shared key.
If the SSID is configured to Open + Shared Key, this means that both types of clients can
associate to the AP. This can be useful when the IT has another mechanism to determine
the authentication of users in terms of his overall network, e.g. Capture Portal. There may
be legacy clients that try to authenticate with Shared Key while others try to authenticate
with Open. It is assumed that the encryption in this case is WEP but the WS410 does not
force this.
In WPA, it is assumed that the basic 802.11 authentication is Open. WPA defines advanced
authentications, either PSK (Pre-Shared Key) or RADIUS. In both cases, the initial keys
(for broadcast and for unicast traffic) are determined during the last phase of the WPA
authentication.
When RADIUS Authentication is used, the RADIUS server can determine, in addition to the
broadcast and unicast keys, the VLAN for the user belongs to (WS410 supports multiple
VLANs per SSID).
The WS410 has the capability to have an SSID that supports both RADIUS and PSK
authentication. The exact method is decided according to the packet that comes from the
client. If multiple VLANs are defined over such an SSID, a client that is authenticated
using PSK gets assigned to the default VLAN, while the clients that authenticate using
RADIUS have their VLAN determined by the RADIUS.
Encryption Methods
Legacy 802.11 clients may connect Open (no encryption), or WEP.
In WEP, the encryption key can be either 40bit or 104bit.
In WPA, WS410 supports TKIP encryption.
Since some clients may be legacy (supporting only WEP), WS410 has the capability to
have SSIDs that support both WEP and TKIP clients. In this case, the broadcast key is
WEP, while the unicast key is either TKIP or WEP, depending on the way the client
connected to the system. This mode is called TSN (Transient Security Network). ..
NOTE: When you configure a TSN SSID, configure the WEP key as key #2,
since key #1 is used by TKIP.