Authentication, Own in, Figure 31-4 – H3C Technologies H3C WX6000 Series Access Controllers User Manual

31-4

Figure 31-4 Passive scanning

Authentication

To secure wireless links, a wireless client must be authenticated before accessing an AP, and only

wireless clients passing the authentication can be associated with the AP. 802.11 links define two

authentication mechanisms: open system authentication and shared key authentication.

Open system authentication

Open system authentication is the default authentication algorithm. This is the simplest of the available

authentication algorithms. Essentially it is a null authentication algorithm. Any client that requests

authentication with this algorithm can become authenticated. Open system authentication is not

required to be successful as an AP may decline to authenticate the client. Open system authentication

involves a two-step authentication process. At the first step, the wireless client sends a request for

authentication. At the second step, the AP determines that the wireless client passes the authentication

and returns the result that the authentication is successful to the client.

Figure 31-5 Open system authentication process

Shared key authentication

The following figure shows a shared key authentication process. The two parties have the same shared

key configured.

1) The client sends an authentication request to the AP.

2) The AP randomly generates a challenge and sends it to the client.

3) The client uses the shared key to encrypt the challenge and sends it to the AP.

4) The AP uses the shared key to encrypt the challenge and compares the result with that received

from the client. If they are identical, the client passes the authentication. If not, the authentication

fails.