Re: Wireless: Key Confusion

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thank you. Your last message filled in a lot of "blanks."

Is the process basically the same if the encryption is WPA?


"Miles Li [MSFT]" <v-mileli@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:WJVZfk6%23IHA.1688@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello,

PEAP Authentication Process:

1. The client sends an EAP Start message to the access point

2. The access point replies with an EAP Request Identity message

3. The client sends its network access identifier (NAI), which is its
username, to the access point in an EAP Response message

4. The access point forwards the NAI to the RADIUS server encapsulated in
a
RADIUS Access Request message

5. The RADIUS server will respond to the client with its digital
certificate

6. The client will validate the RADIUS server's digital certificate

7. The client and server negotiate and create an encrypted tunnel

8. This tunnel provides a secure data path for client authentication

9. Using the TLS Record protocol, a new EAP authentication is initiated by
the RADIUS server

10. The exchange will include the transactions specific to the EAP type
used for client authentication

11. The RADIUS server sends the access point a RADIUS ACCEPT message,
including the client's WEP key, indicating successful authentication

The Access point acts as the authentication forwarder (network access
identifier) between the client and the RADIUS server. For PEAP, the
computer certificates on the client and the IAS server are used for
generating the key for the encrypted tunnel.

Please also note that WEP is defined by 802.11 to provide data encryption
while PEAP is for the authentication.

For your reference:

802.11 Wireless LAN Security
http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm#wp
39534

EAP Authentication Protocols for WLANs
http://www.ciscopress.com/articles/article.asp?p=369223&seqNum=2

Hope this helps. Also, if you have any questions or concerns, please do
not
hesitate to let me know.



Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.

Relevant Pages

  • Re: Wireless: Key Confusion
    ... The access point replies with an EAP Request Identity message ... The client sends its network access identifier, ... The RADIUS server will respond to the client with its digital ... This tunnel provides a secure data path for client authentication ...
    (microsoft.public.windows.server.networking)
  • PPTP, IAS Radius and Cisco 1801
    ... I'm no able to use encryption nor compression... ... on the client i get 742 error... ... aaa authentication login console none ... Default PPTP VPDN group ...
    (comp.dcom.sys.cisco)
  • Re: PPTP, IAS Radius and Cisco 1801
    ... I'm no able to use encryption nor compression... ... on the client i get 742 error... ... aaa authentication login console none ... Default PPTP VPDN group ...
    (comp.dcom.sys.cisco)
  • SNA 3270 to IP TN3270 Conversion =?ISO-8859-1?Q?=96?= Data Stream Encryption
    ... asked them on their thoughts regarding data stream encryption, ... which means that all data is encrypted before it is sent to the client. ... certificate and the keys from three different places: ... SSL client authentication provides additional authentication and access ...
    (bit.listserv.ibm-main)
  • Re: 802.1x without encryption ?
    ... I got cisco aironet 1230 with 12.3.. ... I tested some but wasn´t able to achieve unencrypted authentication. ... WPA, by definition, means encryption ... On the Client system, you cannot select WPA, as that only allows TKIP or AES. ...
    (microsoft.public.internet.radius)