i'm just looking for a few straight answers regarding wireless authentication on WPA2 networks, since i can never seem to find a straight answer on any Cisco docs.
would appreciate answers on any of the following;
1. when deploying WAP's in standalone mode, that is, they are configured independantly, no WLC is used, but they ARE using the same SSID, so i guess they are classed as an ESS. How do clients authenticate when roaming between AP's? do the clients need to go through the whole re-authentication process when roaming to the new AP?, and need new encryption key material for the new AP etc?
2. in WPA2 mode, for authentication, i see that in infrastructure mode, when using PEAP, the authentication process is encrypted between the client and the AP / RADIUS server. My question is this... in WPA2 personal PSK mode, how is the password passed securely between the client and the AP? Is there some secure connection which is set up prior to the key being passed to the AP?
3. How is the AES session encryption key securely exchanged between the client and AP in either PSK or enterprise mode?
i understand how this type of exchange works when connecting to an SSL web server (server passes public rsa key to client, client uses this to encrypt the session keys and passes back to the server which uses it's private key to decrypt and find the session keys. i just never seem to find a good explanation of how this sort of stuff works in wireless.
please can somebody help explain, or point me in the right direction of a good link?
thanks in advance.