Manualshelf

User's Manual

ManualsBrandsCisco Systems ManualsElectronics4.9 GHz WMIC Mini PCI Module
151152153154155156157158159160
8-3
Cisco 3200 Series Wireless MIC Software Configuration Guide
OL-7734-02
Chapter 8 Configuring Authentication Types
Understanding Authentication Types
Both the unencrypted challenge and the encrypted challenge can be monitored, however, which leaves
the root bridge open to attack from an intruder who calculates the WEP key by comparing the
unencrypted and encrypted text strings.
Figure 8-2 shows the authentication sequence between a device trying to authenticate and an bridge
using shared key authentication. In this example the device’s WEP key matches the bridge’s key, so it
can authenticate and communicate.
Figure 8-2 Sequence for Shared Key Authentication
EAP Authentication to the Network
This authentication type provides the highest level of security for your wireless network. By using the
Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server, the root
bridge helps another bridge and the RADIUS server to perform mutual authentication and derive a
dynamic unicast WEP key. The RADIUS server sends the WEP key to the root bridge, which uses it for
all unicast data signals that it sends to or receives from the non-root bridge. The root bridge also encrypts
its broadcast WEP key (entered in the bridge’s WEP key slot 1) with the non-root bridge’s unicast key
and sends it to the non-root bridge.
When you enable EAP on your bridges, authentication to the network occurs in the sequence shown in
Figure 8-3:
88903
Switch on
LAN 1
1. Authentication request
Switch on
LAN 2
Non-Root Bridge
with
WEP key = 123
Root Bridge
with
WEP key = 123
2. Unencrypted challenge
3. Encrypted challenge response
4. Authentication response