3Com WX2200 3CRWX220095A Switch User Manual


 
448 CHAPTER 21: CONFIGURING AAA FOR NETWORK USERS
Effects of
Authentication Type
on Encryption
Method
Wireless users who are authenticated on an encrypted service set
identifier (SSID) can have their data traffic encrypted by the following
methods:
Wi-Fi Protected Access (WPA) encryption
Non-WPA dynamic Wired Equivalent Privacy (WEP) encryption
Non-WPA static WEP encryption
(For encryption details, see Chapter 13, “Configuring User Encryption,”
on page 281.)
The authentication method you assign to a user determines the
encryption available to the user. Users configured for EAP authentication,
MAC authentication, Web, or last-resort authentication can have their
traffic encrypted as shown in Table 40.
Wired users are not eligible for the encryption performed on the traffic of
wireless users, but they can be authenticated by an EAP method, a MAC
address, or a Web login page served by the WX switch.
Offload The WX switch offloads all EAP processing from a RADIUS server by
establishing a TLS session between the switch and the client. In this
case, the switch needs a digital certificate. When you use offload,
RADIUS can still be used for non-EAP authentication and
authorization.
Table 39 Three Basic WX Approaches to EAP Authentication (continued)
Approach Description
Table 40 Encryption Available to Various Authentication Methods
Eap
Authentication
MAC
Authentication
Last-Resort WebAAA
WPA encryption Static WEP Static WEP Static WEP
Dynamic WEP
encryption
No encryption
(if SSID is
unencrypted)
No encryption
(if SSID is
unencrypted)
No encryption
(if SSID is
unencrypted)