In networks that have stricter security requirements, an additional authentication or login is required to grant wireless clients such access. The Enterprise security mode choices require an Authentication, Authorization, and Accounting (AAA) RADIUS server.

Refer to the example in the figure. Notice the new fields displayed when choosing an Enterprise version of WPA or WPA2. These fields are necessary to supply the AP with the required information to contact the AAA server:

The shared key is not a parameter that must be configured on a STA. It is only required on the AP to authenticate with the RADIUS server.

Note: There is no Password field listed, because the actual user authentication and authorization is handled by the 802.1X standard, which provides a centralized, server-based authentication of end users.

The 802.1X login process uses EAP to communicate with the AP and RADIUS server. EAP is a framework for authenticating network access. It can provide a secure authentication mechanism and negotiate a secure private key that can then be used for a wireless encryption session utilizing TKIP or AES encryption.