Understanding WLAN Security 219
Figure 3-6 Client Association
A wireless client??™s association to a selected access point is actually the second step in a
two-step process. First, authentication and then association must occur before an 802.11
client can pass traf?¬?c through the access point to another host on the network. Client
authentication in this initial process is not the same as network authentication (entering
username and password to get access to the network). Client authentication is simply the
?¬?rst step (followed by association) between the wireless client and access point, and it
establishes communication. The 802.11 standard speci?¬?es only two different methods of
authentication: open authentication and shared key authentication. Open authentication is
simply the exchange of four ???hello??? type packets with no client or access point veri?¬?cation,
to allow ease of connectivity. Shared key authentication uses a statically de?¬?ned WEP key,
known between the client and access point, for veri?¬?cation. This same key might or might
not be used to encrypt the actual data passing between a wireless client and an access point
based on user con?¬?guration.
How 802.1x Works on WLANs
The access point, acting as the authenticator at the enterprise edge, allows the client to
associate using open authentication.
Pages:
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320