Cisco Systems CB21AG, PI21AG manual 802.1X with Dynamic WEP Keys, 2-11

Chapter 2 Configuring Wireless Profiles

Security and Encryption Types

•WPA2-Personal—WPA2 authentication with a preshared key. WPA2-Personal is suitable for environments without a Remote Authentication Dial-In User Service (RADIUS) infrastructure (for example, a small office or home office network). WPA2-Personal supports the use of a preshared key (PSK).Obtain the preshared key from your system administrator. When you choose WPA2-Personal as your security type, your encryption type is TKIP or AES.

•WPA-Personal—WPA with a preshared key. Like WPA2-Personal, WPA-Personal is suitable for environments without a RADIUS infrastructure. Obtain the preshared key from your system administrator. When you choose WPA-Personal as your security type, your encryption type is TKIP or AES.

•WPA2-Enterprise—WPA2-Enterprise requires authentication in two phases: the first is an open system authentication, and the second uses 802.1X with an Extensible Authentication Protocol (EAP) authentication method. See chapter Chapter 3, “Configuring EAP Types,” for more information about supported EAP methods. When you choose WPA2-Enterprise as your security type, your encryption type is TKIP or AES.

•WPA-Enterprise—WPA-Enterprise also uses 802.1X authentication and is designed for medium and large infrastructure mode networks. See chapter for more information about supported EAP methods. When you choose WPA-Enterprise as you security type, your encryption type is TKIP or AES.

802.1X with Dynamic WEP Keys

The standard for wireless LAN security, as defined by IEEE, is called 802.1X for 802.11, or simply 802.1X. An access point that supports 802.1X and its protocol, Extensible Authentication Protocol (EAP), acts as the interface between a wireless client and an authentication server, such as a RADIUS server, to which the access point communicates over the wired network.

Dynamic WEP keys are created as part of the EAP authentication process. Dynamic WEP keys with EAP offer a higher degree of security than static WEP keys.

When you choose the 802.1X with WEP encryption, you can configure the profile to use five different authentication methods of dynamic WEP key creation:

•Smart Card or other certificate—for more information about smart cards and other certification authentication, go to the Microsoft site:

http://technet2.microsoft.com/windowsserver/en/library/7c6b414a-80c7-4bc1-b952-6eca6585dff91033.mspx?mfr=true

•Protected EAP (PEAP)

•LEAP

•PEAP-GTC

•EAP-FAST

Note For more information about EAP authentication methods, see Chapter 3, “Configuring EAP Types.”

Cisco Aironet 802.11a/b/g Wireless LAN Client Adapters (CB21AG and PI21AG) Installation and Configuration Guide for Windows Vista