Configuring wlan security, Overview, Authentication modes – H3C Technologies H3C MSR 50 User Manual
Page 42
33
Configuring WLAN security
The terms AP and fat AP in this document refer to MSR 900, MSR 930, and MSR 20-1X routers with IEEE
802.11b/g and MSR series routers installed with a SIC WLAN module.
Overview
The wireless security incorporated in 802.11 is inadequate for protecting networks that contain sensitive
information. They do a fairly good job defending against the general public, but not against good
hackers. As a result, there is a need to implement advanced security mechanisms beyond the capabilities
of 802.11.
Authentication modes
To secure wireless links, the wireless clients must be authenticated before accessing the AP. Only wireless
clients passing the authentication can be associated with the AP. 802.11 links define two authentication
mechanisms: open system authentication and shared key authentication.
•
Open system authentication
Open system authentication is the default authentication algorithm. This is the simplest of the
available authentication algorithms. Essentially it is a null authentication algorithm. Any client that
requests authentication with this algorithm can become authenticated. Open system authentication
is not required to be successful because an AP may decline to authenticate the client. Open system
authentication involves a two-step authentication process. In the first step, the wireless client sends
a request for authentication. In the second step, the AP determines if the wireless client passes the
authentication and returns the result to the client.
Figure 11 Open system authentication process
•
Shared key authentication
The following figure shows a shared key authentication process. The two parties have the same
shared key configured.
a.
The client sends an authentication request to the AP.
b.
The AP randomly generates a challenge and sends it to the client.
c.
The client uses the shared key to encrypt the challenge and sends it to the AP.