Home > Articles > Cisco Network Technology > Wireless/Optical/High Speed > Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Moving to WPA/WPA2-Enterprise Wi-Fi Encryption

Article Description

Wi-Fi networks in businesses (no matter how small) should be using the Enterprise mode of WPA or WPA2 encryption. Eric Geier, the author of Wi-Fi Hotspots: Setting Up Public Wireless Internet Access, shows you how to move from the Personal (PSK) mode to the Enterprise (RADIUS) mode.
Introducing 802.1X Authentication and RADIUS Servers

Introducing 802.1X Authentication and RADIUS Servers

The authentication method used to verify the user (and server) credentials on WPA/WPA2-Enterprise networks is defined in the IEEE 802.1X standard. This requires an external server called a Remote Authentication Dial In User Service (RADIUS) or Authentication, Authorization, and Accounting (AAA) server, which is used for a variety of network protocols and environments including ISPs.

A RADIUS server understands the Extensible Authentication Protocol (EAP) language and communicates with the wireless APs, referred to as RADIUS clients or authenticators. The RADIUS server basically serves as a middle-man between the APs and the user database. The APs then communicate directly with the 802.1X client, also referred to as an 802.1X Supplicant, on the end-user's computer or device.

802.1X authentication is port-based. This means that when someone attempts to connect to the enterprise-protected network, communication is allowed through a virtual port for the purpose of transferring login credentials. If authentication is successful, encryption keys are securely passed out and full access is given to the end-user.

3. Getting an Authentication Server | Next Section Previous Section