Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual
Page 358
358
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 12
Configuring Authentication Types
This figure shows the WPA key management process.
Figure 96 - WPA Key Management Process
Software and Firmware Requirements for WPA, CCKM, CKIP, and WPA-
TKIP
lists the firmware and software requirements required on
access points and Cisco Aironet client devices to support WPA and CCKM key
management and CKIP and WPA-TKIP encryption protocols.
To support the security combinations in this table, your Stratix 5100 Wireless
Access Point/Workgroup Bridge, the device must run the following software and
firmware versions:
• Cisco IOS Release 12.2(13)JA or later on access points
• Install Wizard version 1.2 for 340, 350, and CB20A client devices, that
includes these components:
– PC, LM, and PCI card driver version 8.4
– Mini PCI and PC-cardbus card driver version 3.7
– Aironet Client Utility (ACU) version 6.2
– Client firmware version 5.30.13
88965
Client and server authenticate to each other, generating an EAP master key
Client device
Access point
Authentication
server
Wired LAN
Server uses the EAP master key to
generate a pairwise master key (PMK)
to protect communication between the
client and the access point. (However,
if the client is using 802.1x authentication
and both the access point and the client
are configured with the same pre-shared key,
the pre-shared key is used as the PMK and
the server does not generate a PMK.)
Client and access point complete
a four-way handshake to:
Client and access point complete
a two-way handshake to securely
deliver the group transient key from
the access point to the client.
Confirm that a PMK exists and that
knowledge of the PMK is current.
Derive a pairwise transient key from
the PMK.
Install encryption and integrity keys into
the encryption/integrity engine, if necessary.
Confirm installation of all keys.