Wi-fi protected access (wpa) – Cisco 340 User Manual
Page 27
5-27
Cisco Aironet 340, 350, and CB20A Wireless LAN Client Adapters Installation and Configuration Guide for Windows
OL-1394-08
Chapter 5 Configuring the Client Adapter
Setting Network Security Parameters
2.
Communicating through the access point, the client and RADIUS server complete the authentication
process, with the password (LEAP and PEAP), password and PAC (EAP-FAST), certificate
(EAP-TLS), or internal key stored on the SIM card and in the service provider’s Authentication
Center (EAP-SIM) being the shared secret for authentication. The password, PAC, or internal key is
never transmitted during the process.
3.
If authentication is successful, the client and RADIUS server derive a dynamic, session-based WEP
key that is unique to the client.
4.
The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.
5.
For the length of a session, or time period, the access point and the client use this key to encrypt or
decrypt all unicast packets (and broadcast packets if the access point is set up to do so) that travel
between them.
Refer to one of these sections for instructions on enabling EAP authentication:
•
•
•
Enabling Host-Based EAP, page 5-49
Note
Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following
URL for additional information on RADIUS servers:
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access (WPA) is a standards-based, interoperable security enhancement that greatly
increases the level of data protection and access control for existing and future wireless LAN systems.
It is derived from and will be compatible with the upcoming IEEE 802.11i standard. WPA leverages
Temporal Key Integrity Protocol (TKIP) and Michael message integrity check (MIC) for data protection
and 802.1X for authenticated key management.
WPA supports two mutually exclusive key management types: WPA and WPA-Pre-shared key
(WPA-PSK). Using WPA key management, clients and the authentication server authenticate to each
other using an EAP authentication method, and the client and server generate a pairwise master key
(PMK). The server generates the PMK dynamically and passes it to the access point. Using WPA-PSK
key management, however, you configure a pre-shared key on both the client and the access point, and
that pre-shared key is used as the PMK.
Only 350 series and CB20A cards that are installed on computers running Windows 2000 or XP and
running LEAP, EAP-FAST, or host-based EAP authentication can be used with WPA. Support for WPA
is available in the software components included in Install Wizard version 1.2 or later. However, if you
want to use host-based EAP authentication with WPA, you must install additional software with WPA
support. The following WPA software is recommended for use with Cisco Aironet client adapters:
•
Funk Odyssey Client supplicant version 2.2 (for Windows 2000)
•
Windows XP Service Pack 1 and Microsoft support patch 815485 (for Windows XP)
Note
Meetinghouse AEGIS Client supplicant version 2.1 or later is also supported for use with
Windows 2000 and XP; however, it was not tested with this client adapter software release.