encryption but allow clients that use WEP mode. When "Mixed-Cell" is enabled in a profile, it lets you connect to
access points that are configured for "optional encryption."
CKIP
Cisco Key Integrity Protocol (CKIP) is Cisco proprietary security protocol for encryption in 802.11 media. CKIP uses
the following features to improve 802.11 security in infrastructure mode:
Key Permutation (KP)
Message Sequence Number
NOTE
: CKIP is not used with WPA/WPA2 Personal/Enterprise network authentication.
NOTE
: CKIP is only supported through the use of the WiFi connection utility on Windows* XP.
Fast Roaming (CCKM)
When a wireless LAN is configured for fast reconnection, a LEAP-enabled client device can roam from one access
point to another without involving the main server. Using Cisco Centralized Key Management (CCKM), an access
point configured to provide Wireless Domain Services (WDS) takes the place of the RADIUS server and
authenticates the client without perceptible delay in voice or other time-sensitive applications.
Radio Management
When this feature is enabled your WiFi adapter provides radio management information to the Cisco infrastructure.
If the Cisco Radio Management utility is used on the infrastructure it configures radio parameters, detects
interference and rogue access points.
EAP-FAST
EAP-FAST, like EAP-TTLS and PEAP, uses tunneling to protect traffic. The main difference is that EAP-FAST does
not use certificates to authenticate. Provisioning in EAP-FAST is negotiated solely by the client as the first
communication exchange when EAP-FAST is requested from the server. If the client does not have a pre-shared
secret Protected Access Credential (PAC), it is able to initiate a provisioning EAP-FAST exchange to dynamically
obtain one from the server.
EAP-FAST documents two methods to deliver the PAC: manual delivery through an out-of-band secure mechanism
and automatic provisioning.
Manual delivery mechanisms are any delivery mechanism that the administrator of the network considers
sufficiently secure.
Automatic provisioning establishes an encrypted tunnel to protect the authentication of the client and the
delivery of the PAC to the client. This mechanism, while not as secure as a manual method may be, is more
secure than the authentication method used in LEAP.
The EAP-FAST method is divided into two parts: provisioning and authentication. The provisioning phase involves
the initial delivery of the PAC to the client. This phase only needs to be performed once per client and user.
Back to Top
Back to Contents
Trademarks and Disclaimers
Intel® PROSet/Wireless WiFi Connection Utility User's Guide