beautypg.com

Configuring wlan security, Authentication modes – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 64

background image

52

Configuring WLAN security

The wireless security capabilities incorporated in 802.11, though adequate to prevent the general public

accessibility, do not offer sufficient protection from sophisticated network break-ins. To protect against

any potential unauthorized access, advanced security mechanisms beyond the capabilities of 802.11 are
necessary.

Authentication modes

To secure wireless links, the wireless clients must be authenticated before accessing the AP, and only
wireless clients passing the authentication can be associated with the AP. 802.11 links define two

authentication mechanisms: open system authentication and shared key authentication.

Open system authentication
Open system authentication is the default authentication algorithm. This is the simplest of the
available authentication algorithms. Essentially it is a null authentication algorithm. Any client that

requests authentication with this algorithm can become authenticated. Open system authentication

is not required to be successful as an AP may decline to authenticate the client. Open system
authentication involves a two-step authentication process. In the first step, the wireless client sends

a request for authentication. In the second step, the AP determines whether the wireless client

passes the authentication and returns the result to the client.

Figure 27 Open system authentication process

Shared key authentication

Figure 28

shows a shared key authentication process. The client and the AP have the same shared

key configured.

a.

The client sends an authentication request to the AP.

b.

The AP randomly generates a challenge and sends it to the client.

c.

The client uses the shared key to encrypt the challenge and sends it to the AP.

d.

The AP uses the shared key to encrypt the challenge and compares the result with that received
from the client. If they are identical, the client passes the authentication. If not, the

authentication fails.