Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless Features

WPA in action - Client "Enterprise" mode

As I previously described, the only differences between WPA-PSK and "normal" WPA is in where authentication itself takes place and the credentials used for authentication. In WPA-PSK mode, authentication takes place in the AP or wireless router, using the Pre-Shared Key manually entered in the AP and wireless clients as the credentials.

In "Enterprise" WPA, authentication is done in an authentication server using a variety of credential types including digital certificates, unique usernames and passwords, smart cards, or other forms of secure IDs. The AP or wireless router serves only to bridge the authentication traffic between the wireless and wired networks.

WPA uses EAP (Extensible Authentication Protocol) to enforce user-level authentication using the 802.1x Port-Based Network Access Control standard framework. EAP was designed to be extendable to support a variety of authentication methods and protocols. The exact methods supported depend on the client supplicant and authentication server used, and of course the method you select must be supported on both client and server!

As I noted earlier, it's turning out that WPA client supplicants are harder to implement than WLAN equipment vendors were led to believe. They're also sizable applications, since they contain most of the intelligence in authentication process. So the client end of things may end up determining the exact authentication methods used.

As Figure 9 shows, the Windows XP WPA patch supports only EAP-Transport Level Security (EAP-TLS) for certificate and smart card-based authentication and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) for password-based authentication.

XP Client Authentication options

Figure 9: XP Client Authentication options

The Funk Odyssey and Meetinghouse AEGIS supplicants that some WLAN equipment vendors are either bundling or referring users to offer a wider choice of methods including EAP-TTLS, EAP-PEAP, EAP-TLS, Cisco's LEAP, and EAP-MD5.

That's about where I'm going to stop on this WPA mode, since the client side setup is very configuration and method dependent. Suffice it to say that if you're faced with setting up a client for WPA "Enterprise" mode, you'd better hope that your network administrator gives you clear instructions!

Now that you know what's involved in setting up WPA, it's time to finally see whether you'll be giving up throughput to use it!

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hate to make another thread but was doing some tests after setting up static IP's etc before disabing WiFi, which does NOT work. 2.4GHz is gone, BUT I...
Is there an easy way to monitor outbound IP requests by device?I could do this in Wireshark, but it seems tedious and I'm sure if I knew the right com...
Just replaced my aging AC66u-b1 and got the AC86u loaded up latest merlin and factory reset.CPU load average is high? This is directly after a factory...
Hello, I am currently designing my first home network.My scope is pretty basic, I want to replace my ISP's router because it is a piece of trash and p...
Is it a good idea to reboot the router on a daily/weekly basis? The unit gets heavy use all day and evening with web and TV. Just wondering if there's...

Don't Miss These

  • 1
  • 2
  • 3