WebUI navigation
101
Mixed WPA and WEP client support: WPA enables the access point to
indicate its supported encryption and authentication mechanisms to clients
using its beacon signal. WPA-compatible clients can likewise respond to
indicate their WPA support. This enables the access point to determine
which clients are using WPA security and which are using legacy WEP. The
access point uses TKIP unicast data encryption keys for WPA clients and
WEP unicast keys for WEP clients. The global encryption key for multicast
and broadcast traffic must be the same for all clients, therefore it restricts
encryption to a WEP key.
When access is opened to both WPA and WEP clients, no authentication is
provided for the WEP clients through shared keys. To support authentication
for WEP clients in this mixed mode configuration, you can use either MAC
authentication or 802.1X authentication.
WPA2—WPA was introduced as an interim solution for the vulnerability of
WEP pending the ratification of the IEEE 802.11i wireless security standard.
In effect, the WPA security features are a subset of the 802.11i standard.
WPA2 includes the now ratified 802.11i standard, but also offers backward
compatibility with WPA. Therefore, WPA2 includes the same 802.1X and
PSK modes of operation and support for TKIP encryption. The main
differences and enhancements in WPA2 can be summarized as follows:
•
Advanced Encryption Standard (AES): WPA2 uses AES
Counter-Mode encryption with Cipher Block Chaining Message
Authentication Code (CBC-MAC) for message integrity. The AES
Counter-Mode/CBCMAC Protocol (AES-CCMP) provides extremely
robust data confidentiality using a 128-bit key. The AES-CCMP
encryption cipher is specified as a standard requirement for WPA2.
However, the computational intensive operations of AES-CCMP requires
hardware support on client devices. Therefore to implement WPA2 in
the network, wireless clients must be upgraded to WPA2-compliant
hardware.
•
WPA2 mixed-mode: WPA2 defines a transitional mode of operation for
networks moving from WPA security to WPA2. WPA2 Mixed Mode allows
both WPA and WPA2 clients to associate to a common SSID interface.
In mixed mode, the unicast encryption cipher (TKIP or AES-CCMP) is
negotiated for each client. The access point advertises its supported
encryption ciphers in beacon frames and probe responses. WPA and
WPA2 clients select the cipher they support and return the choice in the
association request to the access point. For mixed-mode operation,
the cipher used for broadcast frames is always TKIP. WEP encryption
is not allowed.
•
Key caching: WPA2 provides fast roaming for authenticated clients by
retaining keys and other security information in a cache, so that if a client
roams away from an access point and then returns, reauthentication
is not required. When a WPA2 client is first authenticated, it receives
BAP120
Using the Nortel Business Access Point 120
NN47921-301
01.01
Standard
1.0
August 2006
Copyright © 2006, Nortel Networks
Nortel Networks Confidential
.
Summary of Contents for 120
Page 1: ...BAP120 Using the Nortel Business Access Point 120 NN47921 301 ...
Page 129: ......