[Aironet] Security Questions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello again,

I just want to make sure I understand the security mechanisms of Cisco's 
wireless environment.

There are basically three levels of protection: Authentication, Encryption, 
and the Service Set ID.

SSID:

The SSID is basically a password to access the locally configured devices, 
like the AP and its clients. If any other device (client or another AP) does 
not have the appropriate SSID it will not be allowed to communicate to local 
devices (that have the SSID). Assuming the "Allow Broadcast SSID to 
Associate?" is set to no.

Authentication/Encryption:

If open is chosen authentication is automatically given, thus bypassing the 
first two levels of security (no authentication & encryption...right?). Or 
the user can select network-EAP which offloads authentication function to a 
RADIUS server. In this instance the AP uses a multicast WEP that does not 
need to be configured on the client. The client is given a dynamically 
generated key and uses that to communicate with the AP while its logged on.

Questions:
1. Is the above accurate?

2. What is the precedence of the levels of security? In other words,         
  does communication start being encrypted right off the bat, even          
before SSID information is exchanged? Or does the AP and clients       check 
SSID before transmitting info to a new device? After the    right SSID is 
determined then do they start encrypting and    transmitting?

Thanks,

**************************************
Andrew Hanson
Assoc. Communications Network Engineer

NEC Electronics, INC
Phone #: (916) 789-4969
E-mails: an_hanson@hotmail
         ah...@el... (not working)
**************************************

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com