HPE Community
Communications and Wireless
1849684 Members
6661 Online
104044 Solutions
New Discussion

Re: Pre-authentication?

 
RicN
Valued Contributor

‎01-19-2009 01:01 AM

‎01-19-2009 01:01 AM

Pre-authentication?



On the Procurve wireless products (AP420, AP530 and WES) I can enable the pre-authentication feature which makes it possible for a station to pre-authenticate to a new Access Point through the wired network before the actual roaming. I have some questions regarding this:

1. Is it common for wireless network cards to support this feature? Do I have to enable to on the stations to use it?

2. If I understand it correctly the pre-authentication is a part of the 802.11i (WPA2) standard. Is it only possible to use together with pure WPA2, that is not WPA?

3. It seems like a good feature, what is the reason for it to be default disabled on all Procurve wireless AP/WES? Are there any disadvantages?

0 Kudos
2 REPLIES 2
RicN
Valued Contributor

‎01-27-2009 02:14 PM

‎01-27-2009 02:14 PM

Re: Pre-authentication?


Anyone that has one information regarding this?
0 Kudos
Fred K. Abell Jr._1
Regular Advisor

‎02-10-2009 12:44 PM

‎02-10-2009 12:44 PM

Re: Pre-authentication?

It has been a while since I took a wireless security class., but I will try to answer. I think what you are asking about is when WPA2 uses a radius type server to authenticate the user wanting to use the access point (AP) to get onto a private network. . The pre-authentication through a wired network is exchanging digital certificates so the challenge and response are encrypted. If you use this, and you can choose an EAP type, choose TLS, not PEAP or LEAP.

To answer your questions:
1) Yes it is common to support this feature. All new cards are backwards compatible for other wireless security methods. WPA was meant to be a temporary fix to the problems of WEP. Since the encryption is done on the card, firmware upgrades made WPA usable on WEP cards. WPA2 requires more advanced hardware.
2) It is not a part of WPA. WPA uses a pre shared password, from 8-63 characters in length. A 4-way handshake is made between the client and AP to grant access. This 4-way handshake can be sniffed, so using a strong password is a must. I would use a 20+ character non-dictionary word with numbers and symbols to prevent brute force cracking.
3) It is set up for ease of use for neophytes.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.