Wireless Access Point Model 0-1591700-x User Manual
Page 25 of 34
©2004 Tyco Electronics
Issue 3
WPA Settings
Passphrase -
The pre-shared key for WPA-PSK mode, which does not need a Radius server
configuration.
Group Key Update Interval -
Time period for WPA & WPA-PSK to update the WPA group key
value.
Figure 21 - WPA Authentication Sub-Screen
802.1X
The access point can be configured to enable clients to authenticate against external RADIUS
servers using the IEEE802.1x standard. This method is best suited to corporate users where high
security is required. The 802.1x standard uses the common existing protocol, the Extensible
Authentication Protocol (EAP) for message exchange during the authentication process. The
implementation of 802.1x protocol is quite complex and needs detailed awareness of IP and
security log-on processes. This is the only setting on the access point that should only be
attempted by knowledgeable IT personnel.
In a wireless LAN with 802.1x enabled, a client requests access to an access point (known as the
authenticator
). The access point forces the client into an unauthorized state that allows the client to
send only an EAP-start message. The AP replies with an EAP-request identify message to obtain
the clients identity. The clients EAP-response packet containing the clients identity is forwarded to
the RADIUS authentication server. The authentication server is configured to authenticate clients
with a specific authentication algorithm and the server returns an accept or reject packet to the
access point. Once authenticated, the access point opens the client’s port and traffic will be
forwarded.
The access point hides the complexity of the IEEE802.1x registration process as it transparently
handles the main authentication types including EAP-TLS, EAP-MD5 and EAP-TTLS. Note that all
clients in the network must use the same type of authentication.
Figure 22 - 802.1x Authentication Sub-Screen
