Security
•Pre‐Authentication. If Pre‐Authentication is enabled, a WPA2 wireless client can perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point.
To use Pre‐Authentication, you must have the following:
–Wireless network adaptors that support WPA2.
–Windows XP wireless network adaptor drivers that support the passing of WPA2 capabilities to Windows Wireless Auto Configuration.
•Authentication
–Open System (the default setting): Select this option if you plan to use WPA or 802.1x as a security mechanism. If you don’t set up any other security mechanism on the access point, the network has no protection and is open to all users.
–Shared Key sets the access point to use WEP shared keys. If this option is selected, you must configure at least one key on the access point and all clients.
Note: To use 802.1x on wireless clients requires a network card driver and 802.1x client software that supports the EAP authentication type that you want to use. Windows XP provides native WPA support, other systems require additional software.
–WPA (Wi‐Fi Protected Access) is a standards‐based, interoperable security enhancement that strongly increases the level of data protection and access control for existing and future wireless LAN systems. It is derived from and will be forward‐compatible with the upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol) for data protection and 802.1X for authenticated key management.
–WPA‐PSK. Uses WPA key management, non‐root access point/bridges and the authentication server authenticate to each other using an EAP authentication method, and the non‐root access point/bridge and server generate a pairwise master key (PMK). Using WPA, the server generates the PMK dynamically and passes it to the root access point/ bridge. Using WPA‐PSK, however, you configure a pre‐shared key on both the non‐root access point/bridge and the root access point/bridge, and that pre‐shared key is used as the PMK.
–WPA2 provides a stronger encryption mechanism through AES, which is a requirement for some corporate and government users. TKIP, the encryption mechanism in WPA, relies on RC4 instead of Triple Data Encryption Standard (3DES), AES, or another encryption algorithms.
–WPA‐WPA2‐ Mixed permits the coexistence of WPA and WPA2 clients on a common SSID. WPA2 ‐mixed mode is a Wi‐Fi Certified feature. The access point advertises the encryption ciphers (TKIP, CCMP, other) that are available for use. The client selects the encryption cipher it would like to use, and the selected encryption cipher is used for encryption between the client and access point once it is selected by the client.
•Data Encryption enables or disables the access point to use WEP shared keys for data encryption. If this option is selected, you must configure at least one key on the access point and all clients. (Default: Disable)
Note: You must enable WEP encryption in order to enable all types of encryption on the access point; however, you do not need to define WEP keys for WPA.
•WPA Clients sets the specified radio interface or VAP to:
– Required ‐ allows only WPA‐enabled clients to access the network.
