Authentication Types
Understanding Authentication Types
3
Cisco 3200 Series Wireless MIC Software Configuration Guide
Figure 0-2
Sequence for Shared Key Authentication
EAP Authentication to the Network
EAP authentication to the network provides the highest level of security for a wireless network. By using
the Extensible Authentication Protocol (EAP) to interact with an EAP-compatible RADIUS server, the
root device helps the authenticating device and the RADIUS server perform mutual authentication and
derive a dynamic session key, which the root device and the authenticating device use to further derive
the unicast key. The root generates the broadcast key and sends it to the authenticating device after
encrypting it with unicast key. The unicast key is used to exchange unicast data between the root device
and authenticated device, and the broadcast key is used to exchange multicast and broadcast data
between them.
When you enable EAP on your bridges, authentication to the network occurs in the sequence shown in
Figure 0-3
.
88903
Switch on
LAN 1
1. Authentication request
Switch on
LAN 2
Non-Root Bridge
with
WEP key = 123
Root Bridge
with
WEP key = 123
2. Unencrypted challenge
3. Encrypted challenge response
4. Authentication response