ABSTRACT Increasing the level of security with minimum downtime in a wide area WiMAX network, with thousands of fixed and mobile subscribers will encounter practical problems. We refer mainly to increase authentication, protecting the management channel, the moment of changing AAA server policy, the x.509v3 digital certificates generation, the EAP.xml configuration and the CAs recognized by the network. Doing this with minimum downtime to the active services and with a limited number of system engineers is also a challenge. The approach presented in this paper is a solution for increasing the security level of a live geographically dispersed WiMAX network, independent from the vendor. 1. Introduction Nowadays for wireless networks, security represents a priority in order to assure protected communications. In IEEE 802.16, security has been considered as the main issue during the de-sign of the protocol [1]. The Initial Network Entry procedure in an IEEE 802.16 (WiMAX) network has security defects which can be exploited by the Man-in-the-Middle (MITM) attack [2]. Improving network security in a live enterprise network with a large number of subscribers geographically dispersed should be done with minimum downtime, in order not to affect crit-ical user data/voice services. Also the management channel should be strongly protected in order to prevent intrusion in the core network that contains all of the vital servers for net-work functionality.Authentication is the validating process of a user identity and often includes validating which services a user may access and, typically involves a supplicant (that resides in the mobile station), an authenticator (that may reside in the base station or a gateway), and an authentication server [3]. EAP (Extensi-ble Authentication Protocol) is a standard protocol (frequently used in wireless networks) for data transmission authentica-tion, which is invoked by an 802.1X enabled NAS (Network Access Server) device such as an 802.11 a/b/g Wireless Ac-cess Point [4]. The EAP work group is developing algorithms of supporting many authentications like ID/Password, Certifi-cates, SMART Card and methods of session key standardiza-tion using such authentication algorithms [5]. EAP (see figure 1) integrates different authentication methods (advised by IEEE) to match the nature of the communication channel, such as EAP-PKM, EAP-MD5, EAP-OTP, EAP-GTC, EAP-TLS, EAP-SIM, EAP-AKA, and in addition a number of vendor specific methods and new proposals exist - commonly used methods capable of operating in wireless networks include EAP-TLS (Transport Layer Security), EAP-SIM (Subscriber Identity Mod-ule), EAP-AKA (Authentication and Key Agreement), PEAP (Protected Extensible Authentication Protocol), LEAP (Light-weight Extensible Authentication Protocol) and EAP-TTLS (Tun-neled Transport Layer Security) [6].