342 CCNA Wireless Official Exam Certification Guide
EAP-TLS
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) is a commonly
used EAP method for wireless networks. In EAP-TLS, a certificate must be installed on
both the authentication server and the supplicant. For this reason, it is considered one of
the most secure methods available. This would require both client and server key pairs to
be generated first and then signed by a CA server. The communication used by EAP-TLS
is similar to SSL encryption; however, TLS is considered the successor to SSL. EAP-TLS
establishes an encrypted tunnel in which a user certificate is sent inside it.
Note: EAP-TLS is defined in RFC 2716.
Figure 17-12 shows the process of EAP-TLS.
As you can see, the process begins with an EAP Start message. Next, the AP requests the
client’s identity. The client responds with its identity, and this is sent via EAP over RA-
DIUS to the authentication server. The authentication server sends its certificate, and the
client sends its certificate, thus proving their identity to each other. Next, symmetric ses-
sion keys (also called master session keys) are created. The authentication server sends the
EAP Start
Request Identity
Identity Identity
Server Sends Its Cert
Client Sends Its Cert
Client Sends Its Cert
Server Sends Its Cert
AP or Controller
Master Key Sent to
Encryption Between
Client and AP Using
WEP or WPA/WPA2
Symmetric Session Keys Generated
Authentication
Server

Authenticator
Client
Figure 17-12 EAP-TLS Process
Key
Topi
c
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 342
Chapter 17: Securing the Wireless Network 343
master session key to the AP or controller to be used for either WEP or WPA/WPA2 en-
cryption between the AP and the client. You configure EAP-TLS in the same location as
WEP by selecting 802.1x in the Layer 2 security drop-down (refer to Figure 17-6). The
EAP method is between the server and the client, so the AP really doesn’t care. You sim-
ply select 802.1x.
EAP-FAST
Extensible Authentication Protocol-Flexible Authentication via Secure Tunnel (EAP-
FAST) is a protocol that was developed by Cisco Systems. Its purpose was to address
weaknesses in Lightweight Extensible Authentication Protocol (LEAP), another Cisco-de-
veloped EAP method. The concept of EAP-FAST is similar to EAP-TLS; however, EAP-
FAST does not use PKI. Instead, EAP-FAST uses a strong shared secret key called a
Protected Access Credential (PAC) that is unique on every client.
EAP-FAST negotiation happens in two phases, phase 1 and phase 2, but it is during
phase 0 that the PAC is provisioned. After the PAC has been distributed, phase 1 can
happen. In phase 1, the AAA server and the client establish a TLS tunnel after authenti-
cating each other using the PAC. After phase 1 establishes the secure TLS tunnel, phase 2
authenticates the user to the AAA server using another EAP method, with either pass-
words or generic token cards.
Figure 17-13 shows the details of EAP-FAST negotiation using generic token card authen-
tication for the user.
EAP-FAST negotiation occurs as follows:
1. The client sends an EAPoL start to the AP.

2. The AP, which is the authenticator, sends back an EAP Identity Request Message.
3. The client sends a response to the authenticator. It is forwarded to the authentication
server (AAA server) in a RADIUS packet.
4. The authentication server sends an EAP-FAST start message that includes an Author-
ity ID (A-ID).
5. The client sends a PAC based on the received A-ID. The client also sends a
PAC
Opaque
reply to the server. The PAC Opaque is a variable-length field that can be in-
terpreted only by the authentication server. The PAC Opaque is used to validate the
client’s credentials.
6. The authentication server decrypts the PAC Opaque using a master key that was used
to derive the PAC key. The authentication server sends an EAP-TLS Server hello along
with the
Cipher Trust Protocol Set
.
7. If the keys match, a TLS tunnel is established, with the client sending a confirmation.
8. The server sends an identity request inside the TLS tunnel using a protocol such as
Extensible Authentication Protocol-Generic Token Card (EAP-GTC).
9. The client sends an authentication response.
10. The server sends a Pass or Fail message. The Pass message indicates that the client is
successfully authenticated.
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 343
344 CCNA Wireless Official Exam Certification Guide
Identity Request
Pass/Fail
Authentication Response (EAP-GTC)
TLS Tunnel
EAP Start
EAP Request Identity

EAP Response Identity
EAP-FAST Start (AID)
PAC Opaque
PAC Opaque
Cipher Trust Protocol Set
EAP Request Challenge (AID)
Confirm Cipher Trust Protocol Set
Authentication Server
(AAA Server)
Authenticator
Client
Figure 17-13 EAP-FAST Negotiation
PEAP
As you’ve seen with EAP-TLS, certificates are required on both the client and the server.
With EAP-FAST, no certificates are required; rather, the PAC takes care of things. With
Protected EAP (PEAP), only a server-side certificate is used. This server-side certificate is
used to create a tunnel, and then the real authentication takes place inside. The PEAP
method was jointly developed by Cisco Systems, Microsoft, and RSA. PEAP uses Mi-
crosoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2) or Generic
Token Card (GTC) to authenticate the user inside an encrypted tunnel.
To authenticate to Microsoft Windows Active Directory, you would use MS-CHAPv2.
Figure 17-14 shows the PEAP process.
In PEAP, the following occurs:
1. The client sends an EAPoL start, and the authenticator returns a request for identity.
This is similar to the other EAP methods.
2. The client returns its identity, and it is forwarded to the AAA server.
3. The AAA server sends a server certificate and begins establishing a TLS tunnel.
4. The client returns a premaster secret.
Key
Topi

c
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 344
Chapter 17: Securing the Wireless Network 345
Identity Request/Response
EAP MSCHAPv2 Challenge
EAP MSCHAPv2 Response
EAP Success/Fail
This Is
Where the
User Enters
Credentials
Protected
Tunnel
Tunnel Established
Start
Request Identity
Identity
Server Cert (EAP-TLS)
Pre-Master Secret
Authentication Server
(ACS)
Authenticator
Client
Figure 17-14 PEAP Process
5. The tunnel is established.
6. The AAA server sends an identity request to the client.
7. The AAA client sends an identity response.
8. The server sends an EAP-MS-CHAPv2 challenge.
9. The client enters credentials into a popup, and that is sent back as an EAP-MS-
CHAPv2 response.

10. The server returns a pass or fail. If it’s a pass, the user can send traffic.
LEAP
Lightweight Extensible Authentication Protocol (LEAP) gets honorable mention here
mainly because it is a Cisco EAP method that is still seen in 802.11b networks. LEAP is
vulnerable to an offline exploit, and you should avoid it if possible. LEAP uses a propri-
etary algorithm to create the initial session key.
Authentication and Encryption
Now that you understand some of the methods used to authenticate users, it’s time to ex-
plore some encryption methods. The beginning of this chapter discussed WEP. The prob-
lem with WEP is that it can be broken easily. Therefore, other methods have been
established in an effort to provide more strength in encryption. In the following sections,
you will learn about Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2
(WPA2).
Key
Topi
c
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 345
346 CCNA Wireless Official Exam Certification Guide
WPA Overview
WPA was introduced in 2003 by the Wi-Fi Alliance as a replacement for WEP. WPA uses
Temporal Key Integrity Protocol (TKIP) to automatically change the keys. TKIP still uses
RC4; it just improves how it’s done. This is a major improvement over static WEP. WPA
can optionally support Advanced Encryption Standard (AES), but it’s not mandatory.
WPA is based on 802.11i draft version 3. WEP uses RC4 encryption, which is very weak.
The better alternative was to use AES encryption, but that would have required an equip-
ment upgrade. To avoid an equipment upgrade, WPA was developed to use TKIP and a
larger IV than WEP. This would make it more difficult to guess the keys while not requir-
ing new hardware. Instead, you could simply perform a firmware upgrade in most cases.
WPA offers two authentication modes:
■ Enterprise mode: Enterprise mode WPA requires an authentication server. RADIUS

is used for authentication and key distribution, and TKIP is used with the option of
AES available as well.
■ Personal mode: Personal mode WPA uses preshared keys, making it the weaker op-
tion, but the one that is most likely to be seen in a home environment.
Figure 17-15 shows the process of WPA authentication.
At the beginning of negotiations, the client and AP must agree on security capabilities.
After the two agree on the same level of security, the 802.1x process starts. This is the
standard 802.1x process, as outlined previously. After successful 802.1x authentication,
the authentication server derives a master key and sends it to the AP. The same key is de-
rived from the client. Now the client and the AP have the same
Pairwise Master Key
(PMK)
, which will last for the duration of the session.
Security Capability Discovery
802.1x Authentication
4-Way Handshake for Key
802.1x Key Management RADIUS Key Distribution
2-Way Group Key Handshake
Authentication
Server
Authenticator
Client
Figure 17-15 WPA Authentication
Key
Topi
c
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 346
Chapter 17: Securing the Wireless Network 347
Next, a four-way handshake occurs (see Figure 17-16), in which the client and authentica-
tor communicate and a new key called a

Pairwise Transient Key (PTK)
is derived. This key
confirms the PMK between the two, establishes a temporal key to be used for message
encryption, authenticates the negotiated parameters, and creates keying material for the
next phase, called the two-way group key handshake.
When the two-way group key handshake occurs, the client and authenticator negotiate
the
Group Transient Key (GTK)
, which is used to decrypt broadcast and multicast trans-
missions.
In Figure 17-16, you can see that the AP first generates a random number and sends it to
the client. The client then uses a common passphrase along with this random number to
derive a key that is used to encrypt data to the AP. The client then sends its own random
number to the AP, along with a
Message Integrity Code (MIC)
, which is used to ensure
that the data is not tampered with. The AP generates a key used to encrypt unicast traffic
to the client. To validate, the AP sends the random number again, encrypted using the de-
rived key. A final message is sent, indicating that the temporal key (TK) is in place on both
sides.
The two-way handshake that exchanges the group key involves the generation of a
Group
Master Key (GMK)
, usually by way of a random number. After the AP generates the
GMK, it generates a group random number. This is used to generate a
Group Temporal
Key (GTK)
. The GTK provides a group key and a MIC. This key changes when it times out
or when a client leaves the network.
ToconfigureWPA,settheLayer2securitymethodbychoosing

WWLLAANNss >> EEddiitt
.Then
select the Security tab and choose
WWPPAA++WWPPAA22
from the drop-down, as shown in Figure
17-17. To allow WPA, ensure that TKIP is selected. This is automatically done for you
when you select the
WWPPAA PPoolliiccyy
check box.
WPA2 Overview
WPA2, as its name implies, is the second attempt at WPA. WPA was not designed to be
just a firmware upgrade; instead, you might need new hardware to use it. The reason for
Random Number
Random Number
Resend Random Number
Derive PT
K
Derive PTK
Install PTKInstall PTK
PTK Done
Authenticator
Client
Figure 17-16 WPA Four-Way Handshake
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 347
348 CCNA Wireless Official Exam Certification Guide
Figure 17-17 Configuring a WPA Policy
the more-capable hardware requirement is that WPA2 was designed to use AES encryp-
tion. WPA was designed based on the 802.11a draft but was released in 2003, whereas
802.11i was released in 2004. By the time 802.11i was ratified, it had added more support
for 802.1x methods and AES/CCMP for encryption. The Wi-Fi Alliance then released

WPA2 to be compatible with the 802.11i standard.
It was mentioned that AES is used for encryption. Advanced Encryption Standard-Cipher
Block Chaining Message Authentication Code Protocol (AES/CCMP) still uses the IV and
MIC, but the IV increases after each block of cipher.
Comparing WPA to WPA2, you can see that
■ WPA mandates TKIP, and AES is optional.
■ WPA2 mandates AES and doesn’t allow TKIP.
■ WPA allows AES in its general form.
■ WPA2 only allows the AES/CCMP variant.
■ With WPA2, key management allows keys to be cached to allow for faster connec-
tions.
To configure WPA2, from the
WWLLAANNss >> EEddiitt
page, select the
WWPPAA22 PPoolliiccyy
option. Then
select either
AAEESS
and
TTKKIIPP
or just
AAEESS
as the default value, as shown in Figure 17-18.
Then select the authentication key management option; the choices are 802.1x, CCKM,
PSK, and 802.1X+CCKM.
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 348
Chapter 17: Securing the Wireless Network 349
Figure 17-18 Configuring a WPA2 Policy
Key
Topi

c
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 349
350 CCNA Wireless Official Exam Certification Guide
Table 17-2 Key Topics for Chapter 17
Key Topic Item Description Page Number
Figure 17-1 Client MFP in action 333
Figure 17-2 Configuring MFP 333
Paragraph from the section “Pre-
shared Key Authentication with
Wired Equivalent Privacy”
Steps describing the WEP
process
334
Figure 17-5 Configuring WEP 337
Figure 17-12 The EAP-TLS process 342
Figure 17-13 The EAP-FAST process 344
Figure 17-14 The PEAP process 345
Figure 17-15 The WPA process 346
Figure 17-18 Configuring WPA2 policy 349
Exam Preparation Tasks
Review All the Key Topics
Review the most important topics from this chapter, denoted with the Key Topic icon.
Table 17-2 lists these key topics and the page number where each one can be found.
Complete the Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables” (found on the CD) or at least the section
for this chapter, and complete the tables and lists from memory. Appendix C, “Memory
Tables Answer Key,” also on the CD, includes completed tables and lists to check your
work.
20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 350
Chapter 17: Securing the Wireless Network 351

Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the glossary:
Management Frame Protection (MFP), Infrastructure MFP, Message Integrity Check
(MIC), Frame Check Sequence (FCS), Client MFP, Initialization Vector (IV), supplicant,
authentication server, authenticator, Extensible Authentication Protocol (EAP), Extensible
Authentication Protocol-Transport Layer Security (EAP-TLS), Extensible Authentication
Protocol-Flexible Authentication via Secure Tunnel (EAP-FAST), Protected EAP (PEAP),
Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2),
Generic Token Card (GTC), Lightweight Extensible Authentication Protocol (LEAP),
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), Temporal Key In-
tegrity Protocol (TKIP), Advanced Encryption Standard (AES), Pairwise Master Key
(PMK), Pairwise Transient Key (PTK), Group Transient Key (GTK), Message Integrity
Code (MIC), Group Master Key (GMK), Group Temporal Key (GTK)
References
Infrastructure Management Frame Protection (MFP) with WLC and LAP Configuration
Example: />20_1587202115_ch17.qxpI 9/29/08 2:43 PM Page 351