HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Access</strong> <strong>Point</strong> Configuration<br />
Configuring <strong>Wireless</strong> Security<br />
network by requiring an 802.1x client application to submit user credentials<br />
for authentication. The 802.1x standard uses the Extensible Authentication<br />
Protocol (EAP) to pass user credentials (either digital certificates, usernames<br />
and passwords, or other) from the client to the RADIUS server. Client authentication<br />
is then verified on the RADIUS server before the access point grants<br />
client access to the network.<br />
The 802.1x EAP packets are also used to pass dynamic unicast session keys<br />
and static broadcast keys to wireless clients. Session keys are unique to each<br />
client and are used to encrypt and correlate traffic passing between a specific<br />
client and the access point. You can also enable broadcast key rotation, so the<br />
access point provides a dynamic broadcast key and changes it at a specified<br />
interval.<br />
MAC Address Filtering. Using MAC address filtering, you can configure<br />
the access point with a list of the MAC addresses of wireless clients that are<br />
authorized to access the network. This provides a basic level of authentication<br />
for wireless clients attempting to gain access to the network. A database of<br />
authorized MAC addresses can be stored locally on the access point or<br />
remotely on a central RADIUS server.<br />
Wi-Fi Protected <strong>Access</strong> (WPA). WPA employs a combination of several<br />
technologies to provide an enhanced security solution for 802.11 wireless<br />
networks. The access point supports the following WPA components and<br />
features:<br />
■ IEEE 802.1x (802.1x) and the Extensible Authentication Protocol<br />
(EAP): WPA employs 802.1x as its basic framework for user authentication<br />
and dynamic key management. The 802.1x client and RADIUS server<br />
should use an appropriate EAP type—such as EAP-TLS (Transport Layer<br />
Security), EAP-TTLS (Tunneled TLS), or PEAP (Protected EAP)—for<br />
strongest authentication. Working together, these protocols provide<br />
“mutual authentication” between a client, the access point, and a RADIUS<br />
server that prevents users from accidentally joining a rogue network. Only<br />
when a RADIUS server has authenticated a user’s credentials will encryption<br />
keys be sent to the access point and client.<br />
Not e Implementing WPA on wireless clients requires a WPA-enabled network card<br />
driver and 802.1x client software that supports the EAP authentication type<br />
that you want to use. Windows XP provides native WPA support, other systems<br />
require additional software.<br />
5-46<br />
■ Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the<br />
data encryption method to replace WEP. TKIP avoids the problems of<br />
WEP static keys by dynamically changing data encryption keys. Basically,