In networks that have stricter security requirements, an additional authentication or login is required to grant wireless clients such access. The Enterprise security mode choices require an Authentication, Authorization, and Accounting (AAA) RADIUS server.
Refer to the example in the figure. Notice the new fields displayed when choosing an Enterprise version of WPA or WPA2. These fields are necessary to supply the AP with the required information to contact the AAA server:
- RADIUS Server IP address - This is the reachable address of the RADIUS server.
- UDP port numbers - Officially assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting, but could also operate using UDP ports 1645 and 1646.
- Shared key - Used to authenticate the AP with the RADIUS server.
The shared key is not a parameter that must be configured on a STA. It is only required on the AP to authenticate with the RADIUS server.
Note: There is no Password field listed, because the actual user authentication and authorization is handled by the 802.1X standard, which provides a centralized, server-based authentication of end users.
The 802.1X login process uses EAP to communicate with the AP and RADIUS server. EAP is a framework for authenticating network access. It can provide a secure authentication mechanism and negotiate a secure private key that can then be used for a wireless encryption session utilizing TKIP or AES encryption.