Manualshelf

Network Card User Manual

ManualsBrandsIntel ManualsNetwork Card3945ABG
131132133134135136137138139140
Centralized Key Management (CCKM), an access point configured to provide Wireless
Domain Services (WDS) takes the place of the RADIUS server and authenticates the client
without perceptible delay in voice or other time-sensitive applications.
CKIP
Cisco Key Integrity Protocol (CKIP) is Cisco proprietary security protocol for encryption in
802.11 media. CKIP uses the following features to improve 802.11 security in infrastructure
mode:
Key Permutation (KP)
Message Sequence Number
802.11b and 802.11g Mixed Environment Protection Protocol
Some access points, for example Cisco 350 or Cisco 1200, support environments in which
not all client stations support WEP encryption; this is called Mixed-Cell Mode. When these
wireless networks operate in "optional encryption" mode, client stations that join in WEP
mode, send all messages encrypted, and stations that use standard mode send all messages
unencrypted. These access points broadcast that the network does not use encryption, but
allow clients that use WEP mode. When Mixed-Cell is enabled in a profile, it allows you to
connect to access points that are configured for "optional encryption."
EAP-FAST
EAP-FAST like EAP-TTLS and PEAP, uses tunneling to protect traffic. The main difference is
that EAP-FAST does not use certificates to authenticate. Provisioning in EAP-FAST is
negotiated solely by the client as the first communication exchange when EAP-FAST is
requested from the server. If the client does not have a pre-shared secret Protected Access
Credential (PAC), it is able to initiate a provisioning EAP-FAST exchange to dynamically
obtain one from the server.
EAP-FAST documents two methods to deliver the PAC: manual delivery through an out-of-
band secure mechanism and automatic provisioning.
Manual delivery mechanisms are any delivery mechanism that the administrator of the
network feels is sufficiently secure for their network.
Automatic provisioning establishes an encrypted tunnel to protect the authentication
of the client and the delivery of the PAC to the client. This mechanism, while not as
secure as a manual method may be, is more secure than the authentication method
used in LEAP.
The EAP-FAST method is divided into two parts: provisioning and authentication. The
provisioning phase involves the initial delivery of the PAC to the client. This phase only
needs to be performed once per client and user.