Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho
4-10
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Encryption
Figure 4-5
Authentication Server Location
After the completion of a successful EAP authentication, the authentication server sends an EAP success
message to the authenticator. This message tells the authenticator that the EAP authentication process
was successful, and passes the pair-wise master key (PMK) to the authenticator that is in turn used as
the basis for creating the encrypted stream between the WLAN client and the AP. The following shows
an example decode of an EAP success message within RADIUS:
message to the authenticator. This message tells the authenticator that the EAP authentication process
was successful, and passes the pair-wise master key (PMK) to the authenticator that is in turn used as
the basis for creating the encrypted stream between the WLAN client and the AP. The following shows
an example decode of an EAP success message within RADIUS:
Radius Protocol
Code: Access-Accept (2)
Packet identifier: 0x7a (122)
Length: 196
Authenticator: 1AAAD5ECBC487012B753B2C1627E493A
Attribute Value Pairs
AVP: l=6 t=Framed-IP-Address(8): Negotiated
AVP: l=6 t=EAP-Message(79) Last Segment[1]
EAP fragment
Extensible Authentication Protocol
Code: Success (3)
Id: 12
Length: 4
AVP: l=58 t=Vendor-Specific(26) v=Microsoft(311)
AVP: l=58 t=Vendor-Specific(26) v=Microsoft(311)
AVP: l=6 t=User-Name(1):
xxxxxxx
AVP: l=24 t=Class(25): 434143533A302F313938662F63306138336330322F31
AVP: l=18 t=Message-Authenticator(80): 7C34BA45A95F3E55425FDAC301DA1AD7
Encryption
Encryption is a necessary component of WLAN security to provide privacy over a local RF broadcast
network. When the 802.11 standard was first introduced, Wired Equivalent Privacy (WEP) was the
standard encryption mechanism. WEP has since been found to be flawed in many ways and is not
considered an effective encryption solution for securing a WLAN. A discussion of WEP is included in
this document. WEP is currently supported by most WLAN products to support legacy client
deployments. Any new deployment should be using either TKIP (WPA) or AES (WPA2) encryption.
network. When the 802.11 standard was first introduced, Wired Equivalent Privacy (WEP) was the
standard encryption mechanism. WEP has since been found to be flawed in many ways and is not
considered an effective encryption solution for securing a WLAN. A discussion of WEP is included in
this document. WEP is currently supported by most WLAN products to support legacy client
deployments. Any new deployment should be using either TKIP (WPA) or AES (WPA2) encryption.
Encryption keys are derived from a PMK. In the case of a dynamic WEP implementation, the WEP key
is a segment of the PMK, whereas in WPA and WPA2, the encryption keys are derived during the
four-way handshake discussed later in this section.
is a segment of the PMK, whereas in WPA and WPA2, the encryption keys are derived during the
four-way handshake discussed later in this section.
LWAPP
RADIUS
RADIUS
EAP
Supplicant
Encryption
WLAN Client
Authenticator
Enterprise Network
Wireless LAN
Controller
Access Point
LWAPP
Authentication
Server
AAA Server
802.1x
221277
LWAPP
EAP
Supplicant
Encryption
WLAN Client
Authenticator
Ente
Wireless LAN
Controller
Access Point
LWAPP
LWAPP
802.1x
e