
Close Window



	Main Help Topics


	Basic Setting

	Security

	Filters

	QoS Configuration

	Radio Configuration

	VLAN Configuration

	Ethernet Configuration

	Server Setup

	Proxy Mobile IP

	Routing Setup

	Network Management

	Event Notification

	Update Firmware

	Distribute Firmware and Configuration

	Management System Setup

	Diagnostics

	Hot Standby Setup

	Index of Help Topics

Security : Authentication Types

Before it can communicate with a wireless device, an access point must authenticate that device. An access point uses any of three authentication mechanisms or types, and can use more than one. The authentication mechanisms are as follows:

Open

Allows any device to authenticate and then attempt to communicate with the access point. If the access point is using WEP and the other device is not, the other device does not attempt to authenticate to the access point. If the other device is using WEP but its WEP keys do not match the keys on the access point, the other device authenticates to the access point but cannot pass data. If the device's WEP key does not match the access point's key, it can authenticate but not pass data.

Shared Key

The access point sends an unencrypted challenge text string to any device attempting to communicate with the access point. The device requesting authentication encrypts the challenge text and sends it back to the access point. If the challenge text is encrypted correctly, the access point allows the requesting device to authenticate. Both the unencrypted challenge and the encrypted challenge can be monitored, however, which leaves the access point open to attack from an intruder who guesses the WEP key by comparing the unencrypted and encrypted text strings. Because of this weakness, Shared Key authentication can be less secure than Open authentication. If the device's WEP key matches the access point's key, it can authenticate and communicate.

Network-EAP

By using the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server on your network, the access point helps a wireless client device and the RADIUS server to perform mutual authentication and derive a dynamic unicast WEP key. The RADIUS server sends the WEP key to the access point, which uses it for all unicast data signals that it sends to or receives from the client. In addition, the access point encrypts its broadcast WEP key with the client's unicast key and sends it to the client. See the Authentication Server Setup page for instructions on setting up EAP on the access point.

	Copyright (c) 1992-2002 by Cisco Systems, Inc.