EAP-Packet: Both the supplicant and authenticator send this packet when the
authentication is taking place. This is the packet that contains either the
MD5-Challenge or TLS information required for authentication.
EAPOL-Start: This supplicant sends this packet when it wants to initiate the
authentication process.
EAPOL-Logoff: The supplicant sends this packet when it wants to terminate its
802.1x session.
EAPOL-Key: This is used for the TLS authentication method. The Wireless AP
uses this packet to send the calculated WEP key to the supplicant after the
TLS negotiation has been completed between the supplicant and RADIUS
server.
Wi-Fi Protected Access Introduction
The Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i security
specification draft. Key differences between the WAP and WEP are user
authentication and improved data encryption. The WAP applies the IEEE 802.1x
Extensible Authentication Protocol (EAP) to authenticate wireless clients using an
external RADIUS database. You cannot use the P-660HW-Tx v2's local user database
for WPA authentication purposes, since the local user database uses the MD5 EAP
which cannot generate keys.
The WPA improves data encryption by using Temporal Key Integrity Protocol
(TKIP), Message Integrity Check and IEEE 802.1x. Temporal Key Integrity Protocol
uses 128-bits keys that are dynamically generated and distributed by the
authentication server. It includes a per-packet key mixing function, a Message
Integrity Check (MIC) named Michael, an extend initialization vector (IV) with
sequencing rules and a re-keying mechanism.
If you do not have an external RADIUS and server, you should use the
WPA-PSK
(WPA Pre-Share Key) that only requires a single (identical) password entered into
each access point, wireless gateway and wireless client. As long as the passwords
match, a client will be granted to access to a WLAN.
Brief in WPA2
WPA2 (Wi-Fi Protected Access 2) is the Wi-Fi Alliance interoperable
