|
| Security |
|
|
|
Security | Client Support | Implementation Considerations |
Mechanism |
|
|
|
|
|
WPA over 802.1X | Requires | • Provides robust security in |
Mode | and network card driver | (i.e., WPA clients only) |
| (native support provided in | • Offers support for legacy WEP clients, but with |
| Windows XP) | increased security risk (i.e., WEP authentication |
|
| keys disabled) |
|
| • Requires configured RADIUS server |
|
| • 802.1X EAP type may require management of |
|
| digital certificates for clients and server |
WPA PSK Mode | Requires | • Provides good security in small networks |
| and network card driver | • Requires manual management of |
| (native support provided in |
|
| Windows XP) |
|
WPA2 with | Requires |
802.1X | and network card driver (native |
| support provided in Windows |
| XP) |
WPA2 PSK Mode Requires
•Provides the strongest security in
•Provides robust security in mixed mode for WPA and WPA2 clients
•Offers fast roaming for
•Requires configured RADIUS server
•802.1X EAP type may require management of digital certificates for clients and server
•Clients may require hardware upgrade to be WPA2 compliant
•Provides robust security in small networks
•Requires manual management of
•Clients may require hardware upgrade to be WPA2 compliant
NOTE: You must enable data encryption through the web in order to enable all types of encryption (WEP, TKIP, or AES) in the access point.
The access point can simultaneously support clients using various different security mechanisms. The configuration for these security combinations are outlined in the following table. Note that MAC address authentication can be configured independently to work with all security mechanisms and is indicated separately in the table. Required RADIUS server support is also listed.
Table 5 Security Considerations
Client Security | Configuration Summarya | MAC | RADIUS |
Combination |
| Authenticationb | Server |
No encryption and no | Authentication: Open System | Local, RADIUS, or | Yes3 |
authentication | Encryption: Disable | Disabled |
|
| 802.1x: Disable |
|
|
Static WEP only (with | Enter 1 to 4 WEP keys | Local, RADIUS, or | Yesc |
or without shared | Select a WEP transmit key for the interface | Disabled |
|
key authentication) | Authentication: Shared Key or Open System |
|
|
| Encryption: Enable |
|
|
| 802.1x: Disable |
|
|
