Kerberos authentication, Eap authentication – Brocade Mobility 5181 Access Point Product Reference Guide (Supporting software release 4.4.0.0) User Manual
Page 21
Brocade Mobility 5181 Access Point Product Reference Guide
7
53-1002516-01
Feature overview
1
The following encryption techniques are supported:
•
•
•
Wi-Fi protected access (WPA) using TKIP encryption
•
WPA2-CCMP (802.11i) encryption
In addition, the Mobility 5181 Access Point supports the following additional security features:
•
•
•
For an overview on the encryption and authentication schemes available, refer to
Kerberos authentication
Authentication is a means of verifying information transmitted from a secure source. If information
is authentic, you know who created it and you know it has not been altered in any way since
originated. Authentication entails a network administrator employing a software “supplicant” on
their computer or wireless device.
Authentication is critical for the security of any wireless LAN device. Traditional authentication
methods are not suitable for use in wireless networks where an unauthorized user can monitor
network traffic and intercept passwords. The use of strong authentication methods that do not
disclose passwords is necessary. The access point uses the Kerberos authentication service
protocol (specified in RFC 1510) to authenticate users/clients in a wireless network environment
and to securely distribute the encryption keys used for both encrypting and decrypting.
A basic understanding of RFC 1510 Kerberos Network Authentication Service (V5) is helpful in
understanding how Kerberos functions. By default, WLAN devices operate in an open system
network where any wireless device can associate with an AP without authorization. Kerberos
requires device authentication before access to the wired network is permitted.
For detailed information on Kerbeors configurations, see
“Configuring Kerberos authentication”
EAP authentication
The Extensible Authentication Protocol (EAP) feature provides access points and their associated
Client’s an additional measure of security for data transmitted over the wireless network. Using
EAP, authentication between devices is achieved through the exchange and verification of
certificates.
EAP is a mutual authentication method whereby both the Client and AP are required to prove their
identities. Like Kerberos, the user loses device authentication if the server cannot provide proof of
device identification.
Using EAP, a user requests connection to a WLAN through the Mobility 5181 Access Point. The
Mobility 5181 Access Point then requests the identity of the user and transmits that identity to an
authentication server. The server prompts the AP for proof of identity (supplied to the Mobility 5181
Access Point by the user) and then transmits the user data back to the server to complete the
authentication process.