60

AT-TQ2403 - Management Software - User's Guide

 

 

Additionally, compatibility issues may be cumbersome because of the variety of authentication methods supported and the lack of a standard implementation method.

Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA) or WPA2. If, you cannot use WPA because some of your client stations do not have WPA, then a better solution than using IEEE 802.1x mode is to use WPA Enterprise mode.

See Also

For information on how to configure IEEE 802.1x security mode, see “IEEE 802.1x” under “Configuring Security Settings”.

When to Use WPA Personal

Wi-Fi Protected Access Personal Pre-Shared Key (PSK) is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Algorithm (AES), Counter mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms. This mode offers the same encryption algorithms as WPA2 with RADIUS but without the ability to integrate a RADIUS server for user authentication.

This security mode is backwards-compatible for wireless clients that support only the original WPA.

 

Key Management

Encryption Algorithm

User Authentication

 

 

 

 

 

WPA Personal provides

Temporal Key Integrity

The use of a Pre-Shared (PSK)

 

dynamically- generated keys that

Protocol (TKIP)

key provides user authentication

 

are periodically refreshed.

 

similar to that of shared keys in

 

There are different Unicast keys

Counter mode / CBC-MAC

WEP.

 

Protocol (CCMP) Advanced

 

 

for each station.

Encryption Standard (AES)

 

 

 

 

 

Recommendations

WPA Personal is not recommended for use with the AT-TQ2403 Management Software when WPA Enterprise is an option.

We recommend that you use WPA Enterprise mode instead, unless you have interoperability issues that prevent you from using this mode.

For example, some devices on your network may not support WPA or WPA2 with EAP talking to a RADIUS server. Embedded printer servers or other small client devices with very limited space for implementation may not support RADIUS. For such cases, we recommend that you use WPA Personal.

See Also

For information on how to configure this security mode, see “WPA Personal” under “Configuring Security Settings”.

When to Use WPA Enterprise

Wi-Fi Protected Access Enterprise with Remote Authentication Dial-In User Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11i standard, which includes Advanced Encryption Standard (AES), Counter mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) mechanisms. This mode requires the use of a RADIUS server to authenticate users. WPA Enterprise provides the best security available for wireless networks.