6: Network Settings
PremierWave XN User Guide 43
<configgroup name=”wlan profile” instance=”profile name”>
and
<configitem name=”security”>
WLAN Profile WPA and WPA2/IEEE802.11i Settings
WPA and WPA2/IEEE802.11i security suites are available for Infrastructure mode only.
WPA is a security standard specified by the WiFi Alliance and is a close derivative of an early draft
of the IEEE802.11i specification. WEP was becoming vulnerable and finalizing the IEEE802.11i
standard was still far away. WPA2 is WiFi’s subset of the broad IEEE802.11i standard to enforce
better interoperability. The PremierWave XN is compliant with both WPA2 and IEEE802.11i.
Table 6-12 WLAN Profile WPA and WPA2/IEEE802.11i Settings
WLAN Profile WPA
& WPA2 Settings
Description
Authentication Select the authentication method to be used.
PSK = Pre-Shared Key. The same key needs to be configured on both sides of
the connection. (On the PremierWave XN and on the Access Point.)
IEEE 802.1X = This authentication method communicates with a RADIUS
authentication server that is part of the network. The RADIUS server will match
the credentials sent by the PremierWave XN with an internal database.
Key 64 hexadecimal digits (32 bytes.)
IEEE 802.1X Select the protocol to use to authenticate the WLAN client.
LEAP = Lightweight Extensible Authentication Protocol. A derivative of the
original Cisco LEAP, which was a predecessor of 802.1X. Real Cisco LEAP
uses a special MAC layer authentication (called Network EAP) and cannot work
with WPA/WPA2. The PremierWave XN uses a more generic version to be
compatible with other major brand WiFi equipment. The authentication back end
is the same.
EAP-TLS = Extensible Authentication Protocol - Transport Layer Security. Uses
the latest incarnation of the Secure Sockets Layer (SSL) standard and is the
most secure because it requires authentication certificates on both the network
side and the PremierWave XN side.
EAP-TTLS = Extensible Authentication Protocol - Tunneled Transport Layer
Security.
PEAP = Protected Extensible Authentication Protocol.
EAP-TTLS and PEAP have been developed to avoid the requirement of
certificates on the client side (PremierWave XN), which makes deployment more
cumbersome. Both make use of EAP-TLS to authenticate the server (network)
side and establish an encrypted tunnel. This is called the outer-authentication.
Then a conventional authentication method (MD5, MSCHAP, etc.) is used
through the tunnel to authenticate the PremierWave XN. This is called inner
authentication.
EAP-TTLS and PEAP have been developed by different consortia and vary in
details, of which the most visible is the supported list of inner authentications.
Note: When using EAP-TLS, EAP-TTLS or PEAP authority, at least one authority
certificate will have to be installed in the SSL configuration that is able to verify the
RADIUS server’s certificate. In case of EAP-TLS, also a certificate and matching
private key need to be configured to authenticate the PremierWave XN to the
RADIUS server. For more information about SSL certificates see TLS (SSL) on
page 92.