Cisco Systems CB21AG manual Wpa

Appendix E Configuring the Client Adapter through the Windows XP Operating System

Overview

When you enable EAP on your access point and configure your client adapter for EAP-TLS or PEAP using Windows XP, authentication to the network occurs in the following sequence:

1.The client adapter associates to an access point and begins the authentication process.

Note The client does not gain full access to the network until authentication between the client and the RADIUS server is successful.

2.Communicating through the access point, the client and RADIUS server complete the authentication process, with the password (PEAP) or certificate (EAP-TLS) being the shared secret for authentication. The password is never transmitted during the process.

3.If authentication is successful, the client and RADIUS server derive a dynamic, session-based WEP key that is unique to the client.

4.The RADIUS server transmits the key to the access point using a secure channel on the wired LAN.

5.For the length of a session, or time period, the access point and the client use this key to encrypt or decrypt all unicast packets (and broadcast packets if the access point is set up to do so) that travel between them.

Note Refer to the IEEE 802.11 Standard for more information on 802.1X authentication and to the following URL for additional information on RADIUS servers: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter0918 6a00800ca7ab.html

WPA

Wi-Fi Protected Access (WPA) is a standards-based security solution from the Wi-Fi Alliance that provides data protection and access control for wireless LAN systems. It is compatible with the IEEE 802.11i standard but was implemented prior to the standard’s ratification. WPA uses Temporal Key Integrity Protocol (TKIP) and message integrity check (MIC) for data protection and 802.1X for authenticated key management.

WPA supports two mutually exclusive key management types: WPA and WPA passphrase (also known as WPA pre-shared key or WPA-PSK). Using WPA, clients and the authentication server authenticate to each other using an EAP authentication method, and the client and server generate a pairwise master key (PMK). The server generates the PMK dynamically and passes it to the access point. Using WPA passphrase, however, you configure a passphrase (or pre-shared key) on both the client and the access point, and that passphrase is used as the PMK.

In order to use WPA, your computer must be running Windows XP Service Pack 2.

Note WPA must also be enabled on the access point. Access points must use Cisco IOS Release 12.2(11)JA or later to enable WPA. Refer to the documentation for your access point for instructions on enabling this feature.

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide