Ieee 802.1x (wpa-enterprise model only) – Dell 2355dn Multifunction Mono Laser Printer User Manual

Page 50

Advertising
background image

48

Appendix G. Wireless network environment

each key value is 10 hexadecimal digits (0-9 and A-F) or 5 alphanumeric

characters. In 128-bit mode, each key value is 26 hexadecimal digits or 13

alphanumeric characters. Contact your network administrator for this

configuration.

IEEE 802.1x (WPA-Enterprise Model Only)

IEEE 802.1x uses EAP (Extensible Authentication Protocol) and an

authentication server, such as RADIUS (Remote Authentication Dial In User

Server, RFC2138) for client and network server authentication. In this

authentication process, the authentication server verifies the identity of the

party attempting to connect to the network. The Wireless Network Printer

supports popular authentication methods based on EAP, including:

EAP-MD5 (EAP using Message Digest Algorithm 5): EAPMD5 uses a

password protected by the MD5 encryption algorithm, which is the same

challenge handshake protocol as PPP-based CHAP. This authentication

method provides one-way authentication based on a user name and

password. This implementation is useful only in a small private network

because it does not support automatic key distribution.

EAP-MSCHAPv2: EAP-MSCHAPv2 uses the MS-CHAPv2

authentication protocol to create a strong encryption key initially for

MMPE (Microsoft Point-to-Point Encryption) and to use a different

encryption key during communication.

EAP-TLS (EAP using Transport Layer Security): EAP-TLS uses X.509-

compliant digital certificates for both client and server authentication.

EAP-TTLS: EAP-TTLS is known as a Tunneled TLS (Transport Layer

Security) protocol. It is designed to provide authentication that is every bit

as strong as EAP-TLS, but it does not require that each user be issued a

certificate. Instead, only the RADIUS authentication servers are issued

certificates. User authentication is performed by a password. The password

credentials are transported in a securely encrypted tunnel that is

established using the server certificate. As a result, the credentials are not

vulnerable to dictionary attacks. Using TTLS forwarding, any inner

authentication requests that are found inside the TTLS tunnel, such as

EAP, PAP, CHAP, or MS-CHAP-V2, can be processed by downstream

RADIUS servers. In this manner, you can perform authentication against

any RADIUS infrastructure that is already deployed in your organization.

Advertising
Popular Brands
Popular manuals