Open authentication to the access point, Shared key authentication to the access point – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

352

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 12

Configuring Authentication Types

Open Authentication to the
Access Point

Open authentication allows any device to authenticate and then attempt to
communicate with the access point. By using open authentication, any wireless
device can authenticate with the access point, but the device can communicate
only if its WEP keys match the access point’s. Devices not using WEP don’t
attempt to authenticate with an access point that is using WEP. Open
authentication does not rely on a RADIUS server on your network.

This figure shows the authentication sequence between a device trying to
authenticate and an access point by using open authentication. In this example,
the device’s WEP key does not match the access point’s key, so it can authenticate
but not pass data.

Figure 91 - Sequence for Open Authentication

Shared Key Authentication to the Access Point

Cisco provides shared key authentication to comply with the IEEE 802.11b
standard. However, because of shared key’s security flaws, avoid using it.

During shared key authentication, the access point sends an unencrypted
challenge text string to any device attempting to communicate with the access
point. The device requesting authentication encrypts the challenge text and sends
it back to the access point. If the challenge text is encrypted correctly, the access
point allows the requesting device to authenticate.

Both the unencrypted challenge and the encrypted challenge can be monitored,
however, that leaves the access point open to attack from an intruder who
calculates the WEP key by comparing the unencrypted and encrypted text
strings. Because of this weakness, shared key authentication can be less secure
than open authentication. Like open authentication, shared key authentication
does not rely on a RADIUS server on your network.

Figure 92 on page 353

shows the authentication sequence between a device

trying to authenticate and an access point by using shared key authentication. In
this example the device’s WEP key matches the access point’s key, so it can
authenticate and communicate.

Acce

ss

point

or

b

ridge

with WEP key = 12

3

Client device

with WEP key =

3

21

1. A

u

thentic

a

tion re

qu

e

s

t

2. A

u

thentic

a

tion re

s

pon

s

e

4. A

ss

oci

a

tion re

s

pon

s

e

6. Key mi

s

m

a

tch, fr

a

me di

s

c

a

rded

3

. A

ss

oci

a

tion re

qu

e

s

t

5. WEP d

a

t

a

fr

a

me to wired network

545

83