Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Features

WPA in action - Client "Enterprise" mode

As I previously described, the only differences between WPA-PSK and "normal" WPA is in where authentication itself takes place and the credentials used for authentication. In WPA-PSK mode, authentication takes place in the AP or wireless router, using the Pre-Shared Key manually entered in the AP and wireless clients as the credentials.

In "Enterprise" WPA, authentication is done in an authentication server using a variety of credential types including digital certificates, unique usernames and passwords, smart cards, or other forms of secure IDs. The AP or wireless router serves only to bridge the authentication traffic between the wireless and wired networks.

WPA uses EAP (Extensible Authentication Protocol) to enforce user-level authentication using the 802.1x Port-Based Network Access Control standard framework. EAP was designed to be extendable to support a variety of authentication methods and protocols. The exact methods supported depend on the client supplicant and authentication server used, and of course the method you select must be supported on both client and server!

As I noted earlier, it's turning out that WPA client supplicants are harder to implement than WLAN equipment vendors were led to believe. They're also sizable applications, since they contain most of the intelligence in authentication process. So the client end of things may end up determining the exact authentication methods used.

As Figure 9 shows, the Windows XP WPA patch supports only EAP-Transport Level Security (EAP-TLS) for certificate and smart card-based authentication and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) for password-based authentication.

XP Client Authentication options

Figure 9: XP Client Authentication options

The Funk Odyssey and Meetinghouse AEGIS supplicants that some WLAN equipment vendors are either bundling or referring users to offer a wider choice of methods including EAP-TTLS, EAP-PEAP, EAP-TLS, Cisco's LEAP, and EAP-MD5.

That's about where I'm going to stop on this WPA mode, since the client side setup is very configuration and method dependent. Suffice it to say that if you're faced with setting up a client for WPA "Enterprise" mode, you'd better hope that your network administrator gives you clear instructions!

Now that you know what's involved in setting up WPA, it's time to finally see whether you'll be giving up throughput to use it!

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I just got a new Asus router and I installed Merlin and Diversion and so far it's looking amazing, big props to the developers.Anyway, stock Asus only...
Hi, Brand new RT-AC86U to upgrade from RT-AC66U. I put the most recent Merlin firmware on it (not Beta). I connect directly to the ONT (no Centurylink...
Hi,I'm about to setup a Xioami button that upon click should enable disable a VPN Client on the router settings. I use an IPTV server that at times ge...
Hi Guys,I have problem with my rt-ac86u it's bricked during update. I tried use tools to recover firmware for mac and windows but still nothing.Ok so ...
I'm still currently on AsusWRT Merlin 384.13 and trying to do a firmware upgrade to 384.19. I've downloaded the .trx file and tried updating the firmw...

Don't Miss These

  • 1
  • 2
  • 3