Manual
AT-WA7400 Management Software User’s Guide
121
Figure 36. Example of Using Multiple WEP Keys and Transfer Key Index
on Client Stations
IEEE 802.1x IEEE 802.1x is the standard defining port-based authentication and
infrastructure for doing key management. Extensible Authentication
Protocol (EAP) messages sent over an IEEE 802.11 wireless network
using a protocol called EAP Encapsulation Over LANs (EAPOL). IEEE
802.1x provides dynamically-generated keys that are periodically
refreshed. An RC4 stream cipher is used to encrypt the frame body and
cyclic redundancy checking (CRC) of each 802.11 frame.
This mode requires the use of a RADIUS server to authenticate users, and
configuration of user accounts on the Cluster > User Management page.
The access point requires a RADIUS server capable of EAP, such as the
Microsoft Internet Authentication Server or the AT-WA7400 Wireless
Access Point’s internal authentication server. To work with Windows
clients, the authentication server must support Protected EAP (PEAP) and
MSCHAP V2.
When configuring IEEE 802.1x mode, you have a choice of whether to use
the embedded RADIUS server or an external RADIUS server that you
provide. The AT-WA7400 Wireless Access Point’s embedded RADIUS
server supports Protected EAP (PEAP) and MSCHAP V2.
If you use your own RADIUS server, you have the option of using any of a
variety of authentication methods that the IEEE 802.1x mode supports,
including certificates, Kerberos, and public key authentication. Keep in
mind, however, that the client stations must be configured to use the same
authentication method being used by the access point.
When you select IEEE 802.1x Security Mode, the settings shown in
Figure 37 are displayed at the bottom of the page.
Access Point transmits to both stations with same WEP key
Client Station 1
Client Station 2
(e.g., WEP key 3)
W
E
P
k
e
y
3
WEP key 3
WEP key 2
W
E
P
k
e
y
1
can decrypt WEP key 3
transmits in WEP key 1
can decrypt WEP key 3
transmits in WEP key 2