Forum

Hi,

I just got a question about my wireless router. There's a security mode named "RADIUS". My guess is, it's kind of WEP dynamic key management. However on the configuration page, plus RADIUS server address/port, WEP key pass phrase/key index/key generate are still needed.

I got from a Cisco paper that it's like this:
1. WLAN client and RADIUS do mutual authenticatio (through AP). When the mutual authentication ends, they will decide a session key.
2. RADIUS sends the session key to AP.
3. AP encrypts the actual WEP key (configured/generated on GUI) with the session key, and transfers to WLAN client.
4. Client decrypts using the session key, then gets the actual key.
5. Client and AP then start communication using the WEP key just like that in WEP-40/104 static.

But from a book "802.11 Definitive Guide", I learned WEP dynamic key management involves something named unicast key and broadcast key, which seems to have nothing to do with what's mentioned in the above Cisco paper.

So could anyone here help me clarify how the "RADIUS" authentication procedure is going? Is that the way how WEP dynamic key management works?

And for the unicast/broadcast key, is there any AP on market using them?

Any reply is appreciated. Thank you!

My quick over-simplication answer is that WEP is for encryption, RADIUS is for authentication.

If you see WEP-RADIUS, it is a proprietary solution. You'll probably need to provide some additional details to get a better answer. Hope this helps.

Thank you anyway. Let me try this with my AP again and see what's going on.