beautypg.com

Configuring wlan security, Overview, Authentication modes – H3C Technologies H3C MSR 50 User Manual

Page 42

background image

33

Configuring WLAN security

The terms AP and fat AP in this document refer to MSR 900, MSR 930, and MSR 20-1X routers with IEEE

802.11b/g and MSR series routers installed with a SIC WLAN module.

Overview

The wireless security incorporated in 802.11 is inadequate for protecting networks that contain sensitive

information. They do a fairly good job defending against the general public, but not against good

hackers. As a result, there is a need to implement advanced security mechanisms beyond the capabilities

of 802.11.

Authentication modes

To secure wireless links, the wireless clients must be authenticated before accessing the AP. Only wireless

clients passing the authentication can be associated with the AP. 802.11 links define two authentication
mechanisms: open system authentication and shared key authentication.

Open system authentication
Open system authentication is the default authentication algorithm. This is the simplest of the
available authentication algorithms. Essentially it is a null authentication algorithm. Any client that

requests authentication with this algorithm can become authenticated. Open system authentication

is not required to be successful because an AP may decline to authenticate the client. Open system

authentication involves a two-step authentication process. In the first step, the wireless client sends
a request for authentication. In the second step, the AP determines if the wireless client passes the

authentication and returns the result to the client.

Figure 11 Open system authentication process

Shared key authentication
The following figure shows a shared key authentication process. The two parties have the same
shared key configured.

a.

The client sends an authentication request to the AP.

b.

The AP randomly generates a challenge and sends it to the client.

c.

The client uses the shared key to encrypt the challenge and sends it to the AP.

This manual is related to the following products: