Configuring wlan security, Authentication modes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 64
52
Configuring WLAN security
The wireless security capabilities incorporated in 802.11, though adequate to prevent the general public
accessibility, do not offer sufficient protection from sophisticated network break-ins. To protect against
any potential unauthorized access, advanced security mechanisms beyond the capabilities of 802.11 are
necessary.
Authentication modes
To secure wireless links, the wireless clients must be authenticated before accessing the AP, and only
wireless clients passing the authentication can be associated with the AP. 802.11 links define two
authentication mechanisms: open system authentication and shared key authentication.
•
Open system authentication
Open system authentication is the default authentication algorithm. This is the simplest of the
available authentication algorithms. Essentially it is a null authentication algorithm. Any client that
requests authentication with this algorithm can become authenticated. Open system authentication
is not required to be successful as an AP may decline to authenticate the client. Open system
authentication involves a two-step authentication process. In the first step, the wireless client sends
a request for authentication. In the second step, the AP determines whether the wireless client
passes the authentication and returns the result to the client.
Figure 27 Open system authentication process
•
Shared key authentication
shows a shared key authentication process. The client and the AP have the same shared
key configured.
a.
The client sends an authentication request to the AP.
b.
The AP randomly generates a challenge and sends it to the client.
c.
The client uses the shared key to encrypt the challenge and sends it to the AP.
d.
The AP uses the shared key to encrypt the challenge and compares the result with that received
from the client. If they are identical, the client passes the authentication. If not, the
authentication fails.