User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module

151

152

153

154

155

156

157

158

159

160

8-2

Cisco 3200 Series Wireless MIC Software Configuration Guide

OL-7734-02

Chapter 8 Configuring Authentication Types

Understanding Authentication Types

This section describes the authentication types that you can configure on the WMIC. The authentication

types are tied to the SSID that you configure on the WMIC.

Before wireless devices can communicate, they must authenticate to each other using open or shared-key

authentication. For maximum security, wireless devices should also authenticate to your network using

EAP authentication, an authentication type that relies on an authentication server on your network.

The WMIC uses four authentication mechanisms or types and can use more than one at the same time.

These sections explain each authentication type:

• Open Authentication to the WMIC, page 8-2

• Shared Key Authentication to the Bridge, page 8-2

• EAP Authentication to the Network, page 8-3

Open Authentication to the WMIC

Open authentication allows any wireless device to authenticate and then attempt to communicate with

another wireless device. Using open authentication, a non-root bridge can authenticate to a root bridge.

A bridge that is not using WEP does not attempt to authenticate with a bridge that is using WEP. Open

authentication does not rely on a RADIUS server on your network.

Figure 8-1 shows the authentication sequence between a non-root bridge trying to authenticate and a root

bridge using open authentication. In this example, the device’s WEP key does not match the bridge’s key,

so it can authenticate but it cannot pass data.

Figure 8-1 Sequence for Open Authentication

Shared Key Authentication to the Bridge

Cisco provides shared key authentication to comply with the IEEE 802.11b and IEEE 802.11g standards.

However, because of shared key’s security flaws, we recommend that you use another method of

authentication, such as EAP, in environments where security is an issue.

During shared key authentication, the root bridge sends an unencrypted challenge text string to other

bridges attempting to communicate with the root bridge. The bridge requesting authentication encrypts

the challenge text and sends it back to the root bridge. If the challenge text is encrypted correctly, the

root bridge allows the requesting device to authenticate.

88902

Switch on

LAN 1

1. Authentication request

Switch on

LAN 2

Non-Root Bridge

with

WEP key = 321

Root Bridge

with

WEP key = 123

2. Authentication response