48 Appendix G. Wireless network environment
each key value is 10 hexadecimal digits (0-9 and A-F) or 5 alphanumeric
characters. In 128-bit mode, each key value is 26 hexadecimal digits or 13
alphanumeric characters. Contact your network administrator for this
configuration.
IEEE 802.1x (WPA-Enterprise Model Only)
IEEE 802.1x uses EAP (Extensible Authentication Protocol) and an
authentication server, such as RADIUS (Remote Authentication Dial In User
Server, RFC2138) for client and network server authentication. In this
authentication process, the authentication server verifies the identity of the
party attempting to connect to the network. The Wireless Network Printer
supports popular authentication methods based on EAP, including:
•
EAP-MD5 (EAP using Message Digest Algorithm 5)
: EAPMD5 uses a
password protected by the MD5 encryption algorithm, which is the same
challenge handshake protocol as PPP-based CHAP. This authentication
method provides one-way authentication based on a user name and
password. This implementation is useful only in a small private network
because it does not support automatic key distribution.
•
EAP-MSCHAPv2
: EAP-MSCHAPv2 uses the MS-CHAPv2
authentication protocol to create a strong encryption key initially for
MMPE (Microsoft Point-to-Point Encryption) and to use a different
encryption key during communication.
•
EAP-TLS (EAP using Transport Layer Security)
: EAP-TLS uses X.509-
compliant digital certificates for both client and server authentication.
•
EAP-TTLS
: EAP-TTLS is known as a Tunneled TLS (Transport Layer
Security) protocol. It is designed to provide authentication that is every bit
as strong as EAP-TLS, but it does not require that each user be issued a
certificate. Instead, only the RADIUS authentication servers are issued
certificates. User authentication is performed by a password. The password
credentials are transported in a securely encrypted tunnel that is
established using the server certificate. As a result, the credentials are not
vulnerable to dictionary attacks. Using TTLS forwarding, any inner
authentication requests that are found inside the TTLS tunnel, such as
EAP, PAP, CHAP, or MS-CHAP-V2, can be processed by downstream
RADIUS servers. In this manner, you can perform authentication against
any RADIUS infrastructure that is already deployed in your organization.