Re: [Aironet] A Complete Security Solution and WE
Status: Inactive
Brought to you by:
breed
From: Jim V. <jv...@ci...> - 2001-08-29 23:56:16
|
On Thu, Aug 30, 2001 at 12:09:06AM +0100, hideyuki suzuki wrote: > > ok, well.. what's the purpose of the multicast/global > authentication key? Is per-STA unicast session key > only used to encrypto the multicast/global > authentication key? Is per-STA unicast session key > never used as the WEP key? If an AP has wireless clients (any amount) and it sees a broadcast go by on the wire (say an arp request) the AP will relay that broadcast to all of it's wireless clients. If there were 12 clients on the AP and each had their own per-STA key and no multicast/global key - the AP would have to re-transmit that packet 12 times. This is obviously inefficient use of bandwith - so each client has their own personalized WEP key, and the same broadcast key. Broadcasts from the AP are encrypted using the broadcast and sent to the cell as a whole. Each client then uses the common broadcast key to decrypt it. The AP is the only one that transmits with the broadcast key. A broadcast from a client is directed to the AP, who then broadcasts it to the entire cell and the wired network. > > I'm wandering how APs decide to inhibit the traffic. > Does Cisco use the WEP authentication technique > such as CRC check? The AP keeps a table of authentication status for each client - if a client is associated but not EAP authenticated, it is only allowed to talk to the AP. The AP will not relay any packets for non-EAP authenticated stations beyond itself. Packets coming down the wire destined for non-EAP authenticated stations will not be retransmitted to those stations. (LEAP and EAP-TLS clients are both considered EAP-Authenticated when fully authenticated) (EAP-TLS = Windows XP) Jim -- | | Jim Veneskey :|: :|: Software Test Engineer :|||: :|||: 320 Springside Drive Suite 350, Akron OH 44333 .:|||||||:..:|||||||:. Email: jv...@ci... |