NETGEAR WFS709TP-100NAS Switch User Manual


 
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
5-2 Configuring WLANS
v1.0, June 2007
Determine the Authentication Method
A user must authenticate to the system in order to access WLAN resources. Table 5-1 describes the
types of authentication that you can configure for a WLAN.
Table 5-1. Authentication Methods
Method Description
None (also called open
system authentication)
This is the default authentication protocol. The client’s identity, in the form of the
media access control (MAC) address of the wireless adapter in the wireless
client, is passed to the WFS709TP. Essentially, any client requesting access to
the WLAN is authenticated.
IEEE 802.1x The IEEE 802.1x authentication standard allows for the use of keys that are
dynamically generated on a per-user basic (as opposed to a static key that is the
same on all devices in the network).
The 802.1x standard requires the use of a RADIUS authentication server. Most
Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x.
Wi-Fi Protected Access
(WPA)
WPA implements most of the IEEE 802.11i standard. It is designed for use with
an 802.1x authentication server (the Wi-Fi Alliance refers to this mode as WPA-
Enterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically
change keys and RC4 stream cipher to encrypt data.
WPA in pre-shared key
(PSK) mode (WPA-PSK)
With WPA-PSK, all clients use the same key (the Wi-Fi Alliance refers to this
mode as WPA-Personal).
In PSK mode, users must enter a passphrase from 8-63 characters to access
the network. PSK is intended for home and small office networks where
operating an 802.1x authentication server is not practical.
WPA2 WPA2 implements the full IEEE 802.11i standard. In addition to WPA features,
WPA2 provides Counter Mode with Cipher Blocking Chaining Message
Authentication Code Protocol (CCMP) for encryption that uses the Advanced
Encryption Standard (AES) algorithm. (The Wi-Fi Alliance refers to this mode as
WPA2-Enterprise.)
WPA2-PSK WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key.
(The Wi-Fi Alliance refers to this mode as WPA2-Personal.)
Captive Portal Captive Portal allows users to authenticate using a web-based portal. Captive
Portal users can be authenticated to an external authentication server or to the
internal database on the WFS709TP. Captive Portal authentication does not
provide any type of data encryption beyond the SSL encryption used during the
authentication. You can configure WEP encryption or WPA-PSK, or WPA2-PSK
authentication in conjunction with Captive Portal.
MAC Allows the media access control (MAC) address of a device to be authenticated
to an external authentication server or to the internal database on the
WFS709TP. You can configure MAC authentication in conjunction with WPA-
PSK or WPA2-PSK authentication.