3Com WX4400 3CRWX440095A User Manual

448

C

HAPTER

21: C

ONFIGURING

AAA

FOR

N

ETWORK

U

SERS

Effects of

Authentication Type

on Encryption

Method

Wireless users who are authenticated on an encrypted service set
identifier (SSID) can have their data traffic encrypted by the following
methods:

„

Wi-Fi Protected Access (WPA) encryption

„

Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption

„

Non-WPA static WEP encryption

(For encryption details, see Chapter 13, “Configuring User Encryption,”
on page 281.)

The authentication method you assign to a user determines the
encryption available to the user. Users configured for EAP authentication,
MAC authentication, Web, or last-resort authentication can have their
traffic encrypted as shown in Table 40.

Wired users are not eligible for the encryption performed on the traffic of
wireless users, but they can be authenticated by an EAP method, a MAC
address, or a Web login page served by the WX switch.

Offload

The WX switch offloads all EAP processing from a RADIUS server by
establishing a TLS session between the switch and the client. In this
case, the switch needs a digital certificate. When you use offload,
RADIUS can still be used for non-EAP authentication and
authorization.

Table 39 Three Basic WX Approaches to EAP Authentication (continued)

Approach

Description

Table 40 Encryption Available to Various Authentication Methods

Eap
Authentication

MAC
Authentication

Last-Resort

WebAAA

WPA encryption

Static WEP

Static WEP

Static WEP

Dynamic WEP
encryption

No encryption
(if SSID is
unencrypted)

No encryption
(if SSID is
unencrypted)

No encryption
(if SSID is
unencrypted)