Configuring wlan security, Authentication modes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 64
52
Configuring WLAN security
The wireless security capabilities incorporated in 802.11, though adequate to prevent the general public
accessibility, do not offer sufficient protection from sophisticated network break-ins. To protect against
any potential unauthorized access, advanced security mechanisms beyond the capabilities of 802.11 are
necessary.
Authentication modes
To secure wireless links, the wireless clients must be authenticated before accessing the AP, and only
wireless clients passing the authentication can be associated with the AP. 802.11 links define two
authentication mechanisms: open system authentication and shared key authentication.
•
Open system authentication
Open system authentication is the default authentication algorithm. This is the simplest of the
available authentication algorithms. Essentially it is a null authentication algorithm. Any client that
requests authentication with this algorithm can become authenticated. Open system authentication
is not required to be successful as an AP may decline to authenticate the client. Open system
authentication involves a two-step authentication process. In the first step, the wireless client sends
a request for authentication. In the second step, the AP determines whether the wireless client
passes the authentication and returns the result to the client.
Figure 27 Open system authentication process
•
Shared key authentication
shows a shared key authentication process. The client and the AP have the same shared
key configured.
a.
The client sends an authentication request to the AP.
b.
The AP randomly generates a challenge and sends it to the client.
c.
The client uses the shared key to encrypt the challenge and sends it to the AP.
d.
The AP uses the shared key to encrypt the challenge and compares the result with that received
from the client. If they are identical, the client passes the authentication. If not, the
authentication fails.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points