11I WAS RELEASED IN 2004. BY THE TIME 11I WAS RATIFIED, IT HAD...

802.11i was released in 2004. By the time 802.11i was ratified, it had added more support

for 802.1x methods and AES/CCMP for encryption. The Wi-Fi Alliance then released

WPA2 to be compatible with the 802.11i standard.

It was mentioned that AES is used for encryption. Advanced Encryption Standard-Cipher

Block Chaining Message Authentication Code Protocol (AES/CCMP) still uses the IV and

MIC, but the IV increases after each block of cipher.

Comparing WPA to WPA2, you can see that

WPA mandates TKIP, and AES is optional.

WPA2 mandates AES and doesn’t allow TKIP.

WPA allows AES in its general form.

WPA2 only allows the AES/CCMP variant.

With WPA2, key management allows keys to be cached to allow for faster connec-

tions.

To configure WPA2, from the W WL LA AN Nss > > E Ed diitt page, select the W WP PA A2 2 P Po olliic cy y option. Then

select either A AE ES S and T TK KIIP P or just A AE ES S as the default value, as shown in Figure 17-18.

Then select the authentication key management option; the choices are 802.1x, CCKM,

PSK, and 802.1X+CCKM.

Figure 17-18 Configuring a WPA2 Policy

Exam Preparation Tasks

Review All the Key Topics

Review the most important topics from this chapter, denoted with the Key Topic icon.

Table 17-2 lists these key topics and the page number where each one can be found.

Table 17-2 Key Topics for Chapter 17

Key Topic Item Description Page Number

Figure 17-1 Client MFP in action 333

Figure 17-2 Configuring MFP 333

Paragraph from the section “Pre-

Steps describing the WEP

334

shared Key Authentication with

process

Wired Equivalent Privacy”

Figure 17-5 Configuring WEP 337

Figure 17-12 The EAP-TLS process 342

Figure 17-13 The EAP-FAST process 344

Figure 17-14 The PEAP process 345

Figure 17-15 The WPA process 346

Figure 17-18 Configuring WPA2 policy 349

Complete the Tables and Lists from Memory

Print a copy of Appendix B, “Memory Tables” (found on the CD) or at least the section

for this chapter, and complete the tables and lists from memory. Appendix C, “Memory

Tables Answer Key,” also on the CD, includes completed tables and lists to check your

work.

Definition of Key Terms

Define the following key terms from this chapter, and check your answers in the glossary:

Management Frame Protection (MFP), Infrastructure MFP, Message Integrity Check

(MIC), Frame Check Sequence (FCS), Client MFP, Initialization Vector (IV), supplicant,

authentication server, authenticator, Extensible Authentication Protocol (EAP), Extensible

Authentication Protocol-Transport Layer Security (EAP-TLS), Extensible Authentication

Protocol-Flexible Authentication via Secure Tunnel (EAP-FAST), Protected EAP (PEAP),

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2),

Generic Token Card (GTC), Lightweight Extensible Authentication Protocol (LEAP),

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), Temporal Key In-

tegrity Protocol (TKIP), Advanced Encryption Standard (AES), Pairwise Master Key

(PMK), Pairwise Transient Key (PTK), Group Transient Key (GTK), Message Integrity

Code (MIC), Group Master Key (GMK), Group Temporal Key (GTK)

References

Infrastructure Management Frame Protection (MFP) with WLC and LAP Configuration

Example: https://traloihay.net