Psion Teklogix 9160 G2 Network Card User Manual


 
Psion Teklogix 9160 G2 Wireless Gateway User Manual 107
Chapter 10: Configuring Security
IEEE 802.1x
To build on our example, using Funk Odyssey client software you could give each
of the clients WEP key 3 so that they can decode the AP transmissions with that key
and also give client 1 WEP key 1 and set this as its transfer key. You could then give
client 2 WEP key 2 and set this as its transfer key index.
Figure 10.9 illustrates the dynamics of the AP and two client stations using multiple
WEP keys and a transfer key index.
Figure 10.9 Example Of Using Multiple WEP Keys And Transfer Key Index On Client Stations
10.2.5 IEEE 802.1x
IEEE 802.1x is the standard defining port-based authentication and infrastructure
for doing key management. Extensible Authentication Protocol (EAP) messages
sent over an IEEE 802.11 wireless network using a protocol called EAP Encapsula-
tion Over LANs (EAPOL). IEEE 802.1x provides dynamically-generated keys that
are periodically refreshed. An RC4 stream cipher is used to encrypt the frame body
and cyclic redundancy checking (CRC) of each 802.11 frame.
This mode requires the use of a RADIUS server to authenticate users. If the option
for the internal RADIUS server is enabled, configure user accounts on the AP via
the Cluster > User Management tab. Otherwise configure user accounts on the
external RADIUS server.
The access point requires a RADIUS server capable of EAP, such as the Microsoft
Internet Authentication Server or the 9160 G2 Wireless Gateway internal authenti-
cation server. To work with Windows clients, the authentication server must support
Protected EAP (PEAP) and MSCHAP V2.
When configuring IEEE 802.1x mode, you have a choice of whether to use the
embedded RADIUS server or an external RADIUS server that you provide. The
Access Point transmits to both stations with same WEP key
Client Station 1
Client Station 2
(e.g., WEP key 3)
W
E
P
k
e
y
3
WEP key 3
WEP key 2
WE
P
k
e
y
1
can decrypt WEP key 3
transmits in WEP key 1
can decrypt WEP key 3
transmits in WEP key 2