ZyXEL Communications NWA-3160 Series 7.5 WPA(2) with External RADIUS Application Example

Chapter 7 Wireless Security Configuration

3The AP derives and distributes key information to the wireless clients. The key itself is not sent over the network, but is derived from the PSK and information exchanged between the AP and the client.

4The AP and wireless clients use the TKIP or AES encryption process to encrypt data exchanged between them.

Figure 55 WPA(2)-PSK Authentication

7.5 WPA(2) with External RADIUS Application Example

You need the IP address of the RADIUS server, its port number (default is 1812), and the RADIUS shared secret. A WPA(2) application example with an external RADIUS server looks as follows. “A” is the RADIUS server. “DS” is the distribution system.

1The AP passes the wireless client’s authentication request to the RADIUS server.

2The RADIUS server then checks the user's identification against its database and grants or denies network access accordingly.

3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that then sets up a key hierarchy and management system, using the pair-wise key to dynamically generate unique data encryption keys to encrypt every data packet that is wirelessly communicated between the AP and the wireless clients.