Posted 04 March 2010 - 09:25 AM
Exactly thatís how WPA2/CCMP enterprise works, the AP verifies the PSK between the STA and the AP (encryption), if theyíre correct then it forwards the authentication frames to the authentication server. The AP acts as the authenticator for the authentication server which forwards frames back and forth to the STA until authenticated and the port goes from a closed to open state (802.1x). Depending on your budget the only truly secure WLAN utilizes either WPA/WPA2 and a PKI to ensure that a STA can mutually authenticate each other, eliminating the possibility of a rogue AP. I know that TKIP is considered vulnerable however that is true only if the PSK is a dictionary word, if you are using an 8 character pass phrase if you only used uppercase, lowercase and numbers, the key has 218,340,105,584,896 different possibilities expand that to 13 characters, it would have 200,028,539,268,669,788,905,472 combinations. For most WLANís they can be very secure using WPA unless the government is after you! Some of my customers are so paranoid that they utilize separate physical networks, which usually terminate into a firewall or occasionally a router prior to allowing WLAN traffic on the LAN.