1x eap, eap-psk and eap mac – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 409
Brocade Mobility Access Point System Reference Guide
399
53-1003100-01
6
•
Secure guest access to the network is referred to as captive portal. A captive portal is guest access
policy for providing temporary and restrictive access to the access point managed wireless
network. Existing captive portal policies can be applied to a WLAN to provide secure guest access.
A captive portal policy provides secure authenticated access using a standard Web browser. A
captive portal provides authenticated access by capturing and re-directing a wireless user's Web
browser session to a login page, where a user must enter valid credentials to access the network.
Once logged into the captive portal, additional Agreement, Welcome and Fail pages provide an
administrator with a number of options for the screen flow and appearance.
Refer to Captive Portal on page 6-402 for information on assigning a captive portal policy to a
WLAN.
MAC Registration enables returning captive portal users faster authentication and access to the
captive portal service. When the user connects to the captive portal for the first time, the MAC
address of the user is recorded once the authentication is successful. The next time the device is
used to access the captive portal, MAC Registration allows the device and the user to be
authenticated faster.
Refer to MAC Registration on page 6-403 for information on enabling and configuring MAC
Registration.
Encryption is essential for WLAN security, as it provides data privacy for traffic forwarded over a
WLAN. When the 802.11 specification was introduced, Wired Equivalent Privacy (WEP) was the
primary encryption mechanism. WEP has since been interpreted as flawed in many ways, and is not
considered an effective standalone scheme for securing a WLAN. WEP is typically used with WLAN
deployments supporting legacy clients. New deployments should use either WPA or WPA2
encryption.
Encryption applies a specific algorithm to alter its appearance and prevent unauthorized hacking.
Decryption applies the algorithm in reverse, to restore the data to its original form. A sender and
receiver must employ the same encryption/decryption method to interoperate. When both TKIP
and CCMP are both enabled a mix of clients are allowed to associate with the WLAN. Some use
TKIP, others use CCMP. Since broadcast traffic needs to be understood by all clients, the broadcast
encryption type in this scenario is TKIP.
Refer to the following to configure a WLAN’s encryption scheme:
•
•
•
•
802.1x EAP, EAP-PSK and EAP MAC
The Extensible Authentication Protocol (EAP) is the de-facto standard authentication method used
to provide secure authenticated access to WLANs. EAP provides mutual authentication, secured
credential exchange, dynamic keying and strong encryption. 802.1X EAP can be deployed with
WEP, WPA or WPA2 encryption schemes to further protect user information forwarded over wireless
controller managed WLANs.