Authentication – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 353
332
Figure 323 Passive scanning
Authentication
To secure wireless links, APs perform authentication on wireless clients. A wireless client must pass
authentication before it can access a wireless network. 802.11 define two authentication methods: open
system authentication and shared key authentication.
•
Open system authentication
Open system authentication is the default authentication algorithm and is the simplest of the
available authentication algorithms. It is a null authentication algorithm. Any client that requests
authentication with this algorithm can become authenticated. Open system authentication is not
required to be successful, because an AP might decline to authenticate the client. Open system
authentication involves a two-step authentication process. In the first step, the wireless client sends
a request for authentication. In the second step, the AP returns the result to the client.
Figure 324 Open system authentication process
•
Shared key authentication
shows a shared key authentication process. The two parties have the same shared key
configured.
a.
The client sends an authentication request to the AP.
b.
The AP randomly generates a challenge and sends it to the client.
c.
The client uses the shared key to encrypt the challenge and sends it to the AP.
d.
The AP uses the shared key to de-encrypt the challenge and compares the result with the
original challenge sent to the client. If they are identical, the client passes the authentication. If
they are not, the authentication fails.
AP
Client
Authentication request
Authentication response
AC