Wpa authentication: enterprise-level user – NETGEAR WGPS606 User Manual

Reference Manual for the NETGEAR 54 Mbps Wireless USB Print Server with 4-Port Switch

Wireless Networking Basics

B-11

202-10083-01

The supplicant in the station uses the authentication and cipher suite information contained in
the information elements to decide which authentication method and cipher suite to use. For
example, if the access point is using the Pre-shared key method then the supplicant need not
authenticate using full-blown 802.1X. Rather, the supplicant must simply prove to the access
point that it is in possession of the pre-shared key. If the supplicant detects that the service set
does not contain a WPA information element then it knows it must use pre-WPA 802.1X
authentication and key management in order to access the network.

•

Key management. WPA features a robust key generation/management system that integrates
the authentication and data privacy functions. Keys are generated after successful
authentication and through a subsequent 4-way handshake between the station and Access
Point (AP).

•

Data Privacy (Encryption). Temporal Key Integrity Protocol (TKIP) is used to wrap WEP in
sophisticated cryptographic and security techniques to overcome most of its weaknesses.

•

Data integrity. TKIP includes a message integrity code (MIC) at the end of each plaintext
message to ensure messages are not being spoofed.

WPA Authentication: Enterprise-level User

Authentication via 802.1x/EAP and RADIUS

Figure B-3: WPA Overview

WPA

enabled
wireless

client with

“supplicant”

Optional

Certificate

Authority

(eg Win

Server,

VeriSign,

etc)

TCP/IP

Ports Closed

Until

RADIUS Server

Wired Network with Optional

802.1x Port Based Network

Access Control

WPA enabled

Access Point

using

pre-shared key

or

802.1x

TCP/IP

Ports Opened

After

Authenticated

Wireless LAN

Login

Authentication