WPA and AAA servers

Security mechanisms:

  • WEP (old and weak) Pre-shared key.
  • WPA (TKIP – Temporal Key Integrity Protocol and optionally AES)
  • 802.11i (IEEE WIFI security standard / WPA2) – Both are almost identical. WPA2 uses AES and CCMP (Counter Cypher Mode Protocol).  WPA Personal usually means preshared key.  Enterprise uses RADIUS.

Once a client has been authenticated by a AAA server, the server will hand out keys which are unique to that session.  PMK (Pairwise Master Key) handed to client and AP for use. This is also sometimes known as the session key.  When the AP and client have the session key, they can run a four way handshake between themselves and generate a PTK or Pairwise Transient Key which can be used for various functions.

RADIUS uses port 1812 by default.

When configuring the AAA server to talk to a WLC, the AAA server needs to be configured with the WLC’s SERVICE PORT address (out of band management).  Remember that the Management port is used to talk to AP’s.

Likely options:

  • WPA2 + AES
  • WPA + AES (if all devices support it)
  • WPA + TKIP + AES (if all devices can support it)
  • WPA + TKIP








Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.