System Configuration
5-32
5
-
WPA
or
WPA1/WPA2
: Defines a transitional mode of operation for networks
moving from WPA security to WPA2. WPA1/WPA2 Enterprise Mode allows both
WPA1 and WPA2 clients to associate to a common SSID interface. In WPA1/
WPA2 mixed mode, the unicast encryption cipher (TKIP or AES-CCMP) is
negotiated for each client. The access point advertises its supported encryption
ciphers in beacon frames and probe responses. WPA1 and WPA2 clients select
the cipher they support and return the choice in the association request to the
access point. For mixed-mode operation, the cipher used for broadcast frames
is always TKIP. WEP encryption is not allowed.
-
802.1x
: IEEE 802.1X is a standard framework for network access control that
uses a central RADIUS server for user authentication. This control feature
prevents unauthorized access to the network by requiring an 802.1X client
application to submit user credentials for authentication. The 802.1X standard
uses the Extensible Authentication Protocol (EAP) to pass user credentials
(either digital certificates, user names and passwords, or other) from the client
to the RADIUS server. Client authentication is then verified on the RADIUS
server before the access point grants client access to the network.