Gateway 7001 Series manual 88

Recommendations

IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically generated and changed periodically. However, the encryption algorithm used is the same as that of Static WEP and is therefore not as reliable as the more advanced encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected Access (WPA).

Additionally, compatibility issues may be cumbersome because of the variety of authentication methods supported and the lack of a standard implementation method. For this reason, if you do use IEEE 802.1x, we suggest using it with the embedded RADIUS server.

Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA). If you cannot use Wi-Fi Protected Access (WPA) because some of your client stations do not have WPA, then a better solution than using IEEE 802.1x mode is to use WPA with RADIUS mode instead and click Allow non-WPA IEEE 802.1x clients to allow non-WPA clients. This way, you get the benefit of IEEE 802.1x key management for non-WPA clients along with even better data protection of TKIP and CCMP (AES) key management and encryption algorithms for your WPA clients.

For information on how to configure IEEE 802.1x security mode, see “IEEE 802.1x” on page 93.

When to use WPA with RADIUS

Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol (TKIP), Counter mode/ CBC-MAC Protocol (CCMP) Advanced Encryption Standard (AES), and 802.1x mechanisms. This mode requires the use of a RADIUS server to authenticate users. WPA with RADIUS provides the best security available for wireless networks.