| Description | When keyWrap is enable then for 801.1X and 802.11i
client Authentication, request is sent to those
radius servers which has KEK and MACK keys are configured.
Radius servers are widely used for user authentications.
In 802.11i and 802.1X type authentication, the controller
recives Pairwise Master KEy(PMK) from RADIUS sever using
vendor specific RADIUS attributes, which uses MPPE RFC3078.
Since MPPE uses RC4 algorithm to provide data
confidentiality, it is not FIPS approved. For this RADIUS
key WRAP attributes, bsnRadiusAuthServerKeyWrap
and bsnRadiusAuthServerKeyWrapMACKkey have been added,
which are used to securely transfer encryption keys using
non-proprietary techniques. |