Security mechanisms:
- WEP (old and weak) Pre-shared key.
- WPA (TKIP – Temporal Key Integrity Protocol and optionally AES)
- 802.11i (IEEE WIFI security standard / WPA2) – Both are almost identical. WPA2 uses AES and CCMP (Counter Cypher Mode Protocol). WPA Personal usually means preshared key. Enterprise uses RADIUS.
Once a client has been authenticated by a AAA server, the server will hand out keys which are unique to that session. PMK (Pairwise Master Key) handed to client and AP for use. This is also sometimes known as the session key. When the AP and client have the session key, they can run a four way handshake between themselves and generate a PTK or Pairwise Transient Key which can be used for various functions.
RADIUS uses port 1812 by default.
When configuring the AAA server to talk to a WLC, the AAA server needs to be configured with the WLC’s SERVICE PORT address (out of band management). Remember that the Management port is used to talk to AP’s.
Likely options:
- WPA2 + AES
- WPA + AES (if all devices support it)
- WPA + TKIP + AES (if all devices can support it)
- WPA + TKIP
