The access point then encapsulates any 802.1x traf?¬?c
bound for the authentication server and sends it to the server. All other network traf?¬?c
is blocked, meaning that all other attempts to access network resources are blocked.
Figure 3-7 shows how 802.1x functions on a wireless network.
Upon receiving RADIUS traf?¬?c bound for the client, the access point encapsulates it and
sends the information to the client. Although the server authenticates the client as a valid
network user, this process allows the client to validate the server as well, ensuring that the
client is not logging into a phony server.
Probe
Responses
Probe
Requests
220 Chapter 3: Wireless LANs
Figure 3-7 802.1x Authentication
While an enterprise network uses a centralized authentication server, smaller of?¬?ces or
business might simply use the access point with preshared keys as the authentication server
for wireless clients.
WPA and WPA2 Modes
WPA provides authentication support via 802.1x and a preshared key (PSK); 802.1x is
recommended for enterprise deployments. WPA provides encryption support via TKIP.
TKIP includes MIC and per-packet keying (PPK) via initialization vector hashing and
broadcast key rotation.
In comparison to WPA, WPA2 authentication is not changed, but the encryption used is
AES-Counter with CBC MAC Protocol (AES-CCMP).
Pages:
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321