Understanding WPA2 and 802.1X

Unanswered Question
Mar 18th, 2010
User Badges:

I'm trying to setup a 4402 Controller and WCS in a corporate environment with a guest LAN using a bunch of 1131G APs.


I've heard that WPA2 is the way to go these days, but I'm having a hard time understanding whether or not WPA2 implies the use of 802.1X too.  I'm fairly new to all this stuff, but based on my understanding it seems that WPA2 and 802.1X both do pretty much the same thing.  That said, I can't seem to use one without the other.  If I enable WPA2/AES with DOT1X on a WLAN, I can authenticate just fine but as soon as I disable DOT1X and use CCKM instead (I hear PSK isn't so secure), the AP no longer hears anything from my RADIUS server.


Is the use of DOT1X the only mechanism for communication with a RADIUS server (which puts the "Enterprise" in WPA2 Enterprise), where as CCKM would be more like the equivalent of WPA2 Personal?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dancampb Thu, 03/18/2010 - 08:39
User Badges:
  • Cisco Employee,

With WPA2 you have the "enterprise" and "personal" types.  For "enterprise" you do have to use 802.1X authentication typically to a Radius server but could also be to a LDAP server.  For "personal" you would use a PSK.


CCKM is not similar to personal, its actually the Cisco propritery version of key management.  Basically you will either be using WPA, WPA2, or CCKM to manage the encryption keys.  The authentication for any of these key managmenets will be either a PSK or 802.1X authenticaiton.  Encryptions supported with each key managmenet type varies from dynamic WEP to TKIP to AES.

Actions

This Discussion