Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 269
Brocade Mobility RFS Controller System Reference Guide
257
53-1003099-01
6
Authentication ensures only known and trusted users or devices access a WLAN. Authentication is
enabled per WLAN to verify the identity of both users and devices. Authentication is a challenge
and response procedure for validating user credentials such as username, password and
sometimes secret-key information.
A client must authenticate to an Access Point to receive resources from the network. Controllers
and service platforms support EAP, EAP PSK, EAP-MAC, MAC and PSK/None authentication
options.
Refer to the following to configure an authentication scheme for a WLAN:
•
802.1x EAP, EAP-PSK and EAP MAC
•
•
Secure guest access to the network is referred to as captive portal access. A captive portal is guest
access policy for providing guests temporary and restrictive access to the wireless network. Existing
captive portal policies can be applied to a WLAN to provide secure guest access as needed.
A captive portal configuration provides secure authenticated access using a standard Web browser.
Captive portals provide authenticated access by capturing and re-directing a wireless user's Web
browser session to a captive portal login page where the user must enter valid credentials to
access to the network. Once logged into captive portal, additional Agreement, Welcome and Fail
pages provide the administrator with a number of options on captive portal screen flow and user
appearance. Refer to
for information on assigning a captive portal policy to a WLAN.
A passpoint policy provides an interoperable platform for streamlining Wi-Fi access to Access Points
deployed as public hotspots. Passpoint is supported across a wide range of wireless network
deployment scenarios and client devices. For more information, see
.
Encryption is central for WLAN security, as it provides data privacy for traffic forwarded over a
WLAN. When the 802.11 specification was introduced, Wired Equivalent Privacy (WEP) was the
primary encryption mechanism. WEP has since been interpreted as flawed in many ways, and is not
considered an effective standalone encryption scheme for securing a wireless controller WLAN.
WEP is typically used WLAN deployments designed to support legacy clients. New device
deployments should use either WPA or WPA2 encryption.
Encryption applies a specific algorithm to alter its appearance and prevent unauthorized hacking.
Decryption applies the algorithm in reverse, to restore the data to its original form. A sender and
receiver must employ the same encryption/decryption method to interoperate. When both TKIP
and CCMP are both enabled a mix of clients are allowed to associate with the WLAN. Some use
TKIP, others use CCMP. Since broadcast traffic needs to be understood by all clients, the broadcast
encryption type in this scenario is TKIP.
WPA/WPA2-TKIP, WPA2-CCMP, WEP 64, WEP 128 and Keyguard encryption options are supported.
Refer to the following to configure an encryption scheme for a WLAN:
•
•
•
•
•