Gateway 7001 Series manual 90

Important If there are older client stations on your network that do not support WPA, you can configure WPA with RADIUS (with Both, CCMP, or TKIP) and check the Allow non-WPA IEEE 802.1x clients checkbox to allow non-WPA clients. This way, you get the benefit of IEEE 802.1x key management for non-WPA clients along with even better data protection of TKIP and CCMP (AES) key management and encryption algorithms for your WPA clients.

A typical scenario is that one is upgrading a current 802.1x network to use WPA. You might have a mix of clients, in which some new clients that support WPA and some older ones that do not support WPA. You might even have other access points on the network that support only 802.1x and some that support WPA with RADIUS. For as long as this mix persists, use the Allow non-WPA IEEE 802.1x clients option When all the stations have been upgraded to use WPA, you should disable the Allow non-WPA IEEE 802.1x clients option.

For information on how to configure WPA with RADIUS security mode, see “WPA with RADIUS” on page 95.

When to use WPA-PSK

Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) is a Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms. This mode offers the same encryption algorithms as WPA with RADIUS but without the ability to integrate a RADIUS server for user authentication.

Recommendations

WPA-PSK is not recommended for use with the Gateway 7001 Series self-managed AP when WPA with RADIUS is an option.

We recommend that you use WPA with RADIUS mode instead, unless you have interoperability issues that prevent you from using this mode.