3com WX4400 3CRWX440095A Manuel D’Utilisation

C

HAPTER

 21: C

ONFIGURING

 AAA 

FOR

 N

ETWORK

 U

SERS

Wireless users who are authenticated on an encrypted service set 
identifier (SSID) can have their data traffic encrypted by the following 
methods:

„

Wi-Fi Protected Access (WPA) encryption 

„

Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption

„

Non-WPA static WEP encryption

(For encryption details, see Chapter 13, “Configuring User Encryption,” 
on page 281.) 

The authentication method you assign to a user determines the 
encryption available to the user. Users configured for EAP authentication, 
MAC authentication, Web, or last-resort authentication can have their 
traffic encrypted as shown in Table 40.

Wired users are not eligible for the encryption performed on the traffic of 
wireless users, but they can be authenticated by an EAP method, a MAC 
address, or a Web login page served by the WX switch. 

Offload

The WX switch offloads all EAP processing from a RADIUS server by 
establishing a TLS session between the switch and the client. In this 
case, the switch needs a digital certificate. When you use offload, 
RADIUS can still be used for non-EAP authentication and 
authorization.

Table 39   Three Basic WX Approaches to EAP Authentication (continued)

Table 40   Encryption Available to Various Authentication Methods

WPA encryption

Static WEP

Static WEP

Static WEP

Dynamic WEP 
encryption

No encryption 
(if SSID is 
unencrypted)

No encryption 
(if SSID is 
unencrypted)

No encryption 
(if SSID is 
unencrypted)