Apple designing airport networks 用户手册
Chapter 3
AirPort Security
19
RADIUS Support
The Remote Authentication Dial-In User Service (RADIUS) makes securing a large
network easy. RADIUS is an access control protocol that allows a system administrator
to create a central list of the computers that can access the network. Placing this list on
a centralized server allows many base stations to access the list and makes it easy to
update. If the MAC address of a user’s computer (which is unique to each 802.11
wireless card) is not on your approved MAC address list, the user cannot join your
network.
network easy. RADIUS is an access control protocol that allows a system administrator
to create a central list of the computers that can access the network. Placing this list on
a centralized server allows many base stations to access the list and makes it easy to
update. If the MAC address of a user’s computer (which is unique to each 802.11
wireless card) is not on your approved MAC address list, the user cannot join your
network.
LEAP Support
The Lightweight Extensible Authentication Protocol (LEAP) is a security protocol used
by Cisco access points to dynamically assign a different WEP key to each user. AirPort
Extreme is compatible with Cisco’s LEAP security protocol, enabling AirPort users to join
Cisco-hosted wireless networks using LEAP.
by Cisco access points to dynamically assign a different WEP key to each user. AirPort
Extreme is compatible with Cisco’s LEAP security protocol, enabling AirPort users to join
Cisco-hosted wireless networks using LEAP.
Wi-Fi Protected Access (WPA)
There has been increasing concern about the vulnerabilities of WEP. In response, the
Wi-Fi Alliance, in conjunction with the IEEE, has developed a strongly enhanced,
interoperable security standard called Wi-Fi Protected Access (WPA).
Wi-Fi Alliance, in conjunction with the IEEE, has developed a strongly enhanced,
interoperable security standard called Wi-Fi Protected Access (WPA).
WPA is a specification that brings together standards-based, interoperable security
mechanisms that strongly increase the level of data protection and access control for
wireless LANs. WPA provides wireless LAN users with a high level of assurance that their
data remains protected and that only authorized network users can access the
network. A wireless network that uses WPA requires that all computers that access the
wireless network have WPA support. It provides a high level of data protection and
(when used in Enterprise mode) requires user authentication.
mechanisms that strongly increase the level of data protection and access control for
wireless LANs. WPA provides wireless LAN users with a high level of assurance that their
data remains protected and that only authorized network users can access the
network. A wireless network that uses WPA requires that all computers that access the
wireless network have WPA support. It provides a high level of data protection and
(when used in Enterprise mode) requires user authentication.
The main standards-based technologies that comprise WPA include Temporal Key
Integrity Protocol (TKIP), 802.1X, Message Integrity Check (MIC), and Extensible
Authentication Protocol (EAP).
Integrity Protocol (TKIP), 802.1X, Message Integrity Check (MIC), and Extensible
Authentication Protocol (EAP).
TKIP provides enhanced data encryption by addressing the WEP encryption
vulnerabilities, including the frequency with which keys are used to encrypt the
wireless connection. 802.1X and EAP provide the ability to authenticate a user on the
wireless network.
vulnerabilities, including the frequency with which keys are used to encrypt the
wireless connection. 802.1X and EAP provide the ability to authenticate a user on the
wireless network.
802.1X is a port-based network access control method for wired as well as wireless
networks. The IEEE adopted 802.1X as a standard in August 2001.
networks. The IEEE adopted 802.1X as a standard in August 2001.
LL0214.book Page 19 Monday, October 25, 2004 4:06 PM