Overview
WPA
WPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure
WPA uses Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger Initialization Vector, it defeats
WPA2
WPA2 uses a sophisticated key hierarchy that generates new encryption keys each time a MU associates with an access point. Protocols including 802.1X, EAP and Radius are used for strong authentication. WPA2 also supports the TKIP and
Keyguard-WEP
KeyGuard is Motorola’s proprietary dynamic WEP solution. Motorola (upon hearing of the vulnerabilities of WEP) developed a non standard method of rotating keys to prevent compromises. Basically, KeyGuard is TKIP without the message integrity check MIC. KeyGuard is proprietary to Motorola MUs only. For information on configuring KeyGuard for a WLAN, see Configuring WEP 128 / KeyGuard on page
1.2.5.2MU Authentication
The switch uses the following authentication schemes for MU association:
•Kerberos
•802.1x EAP
•MAC ACL
Refer to Editing the WLAN Configuration on page
Kerberos
Kerberos allows for mutual authentication and
802.1x EAP
802.1x EAP is the most secure authentication mechanism for wireless networks and includes
MAC ACL
The MAC ACL feature is basically a dynamic MAC ACL where MUs are allowed/denied access to the network based on their configuration on the Radius server. The switch allows 802.11 authentication and association, then checks with the Radius server to see if the MAC address is allowed on the network. The Radius packet