WPA with passphrase

The handshake described in the EAP/802.1X section runs strictly under WPA, i.e. the user will never have to define any keys. For environments where no RADIUS server is available to provide master secrets (for instance in smaller companies), WPA provides the PSK method. In this case the user enters an 8 – 63 character passphrase on the access point and on all other stations: This passphrase is used together with the SSID to calculate the master secret with a hash method. The master secret is therefore constant in such a PSK network, although different session keys still result.

In a PSK network both access security and confidentiality depend on the passphrase not being divulged to unauthorized people. As long as this is the case, WPA-PSK provides significantly improved security against break-ins and eavesdropping over any WEP variant. For larger installations in which such a passphrase would have to be made known to too large a user community for it to be kept secret, EAP/802.11X is used in combination with the key handshake described here.

Important: Access points and wireless routers with their standard factory settings cannot be commissioned by means of the WLAN interface. The WLAN modules are switched off. The access points search the LAN for a WLC which will supply a configuration profile.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo