2014/01/29

4ipnet Wireless Access Point Optimization Part 6

Happy Chinese New Year! (It's the year of the horse by the way.)


Today let's talk about proxy ARP and WPA2.

PROXY ARP
ARP (Address Resolution Protocol) is an essential protocol in networking (both wired and wireless) that resolves IP addresses to MAC addresses when data needs to be sent between two hosts. Whenever a host wishes to obtain the physical address (MAC) of another, it will broadcast an ARP request onto the network. On wireless networks this may sometimes be additional and unnecessary traffic that decreases overall network performance.

4ipnet access points address this issue by employing PROXY ARP to reduce the amount of ARP packets in the wireless medium, handling ARP requests itself instead of forwarding them onto the wireless medium when possible. As long as the AP’s own ARP table has a record of the address requested, it can respond on behalf of the actual host. As a result, the amount of ARP packets in the air diminishes and hosts learn MAC addresses much more quickly, increasing overall network throughput.

WI-FI PROTECTED ACCESS II (WPA2)
In enterprise-grade deployments security is one of the most commonly emphasized features and requirements. The first line of defense is usually at the point of access to the network, which back in the old days was composed primarily of network switches, but is now shifting rapidly towards wireless access points. Similar to the port-based authentication features on Ethernet switches, wireless access points also have methods to authenticate devices. Furthermore, the evolution of Wi-Fi in recent years has begun to invalidate the notion that data transmission over wireless is insecure – with authentication and encryption protocols such as WPA2-ENTERPRISE, organizations can rest assured that confidential information will remain confidential.

WPA2-Enterprise provides 802.1X authentication with the access point acting as the authenticator, blocking access until successful authentication. For deployments where security is not as stringent, network administrators can use WPA2-Personal and simply perform passphrase verification in order to gain access to the network. Both methods utilize AES data encryption, which would theoretically take longer than the age of the universe to be cracked via brute-force by even by the most powerful supercomputers today.

Thanks for reading! We're not done yet, so see you next time!

沒有留言:

張貼留言