WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

Encryption

The Layer 2 encryption option you can select depends upon the authentication method chosen. Table 1-1lists the authentication methods available, with their corresponding encryption options.

Table 1-1. Encryption Options by Authentication Method

Authentication Method

Encryption Option

 

 

None

Null or Static WEP

 

 

802.1x

Dynamic WEP

 

 

WPA or WPA-PSK only

TKIP

 

 

WPA2 or WPA2-PSK only

AES

 

 

Combination of WPA or WPA-PSK and WPA2 or

Mixed TKIP/AES

WPA2-PSK

 

 

 

You can configure the following data encryption options for the WLAN:

Null. No encryption is used and packets passing between the wireless client and WFS709TP are in clear text.

Wired Equivalent Protocol (WEP). Defined by the original IEEE 802.11 standard, WEP uses the RC4 stream cipher with 40-bit and 128-bit encryption keys. The management and distribution of WEP keys is performed outside of the 802.11 protocol. There are two forms of WEP keys:

Static WEP requires you to manually enter the key for each client and on the WFS709TP.

Dynamic WEP allows the keys to be automatically derived for each client for a specific authentication method during the authentication process. Dynamic WEP requires 802.1x authentication.

Temporal Key Integrity Protocol (TKIP). TKIP ensures that the encryption key is changed for every data packet. You specify TKIP encryption for WPA and WPA-PSK authentication.

Advanced Encryption Standard (AES). AES is an encryption cipher that uses the Counter- mode CBC-MAC (Cipher Block Chaining-Message Authentication Code) Protocol (CCMP) mandated by the IEEE 802.11i standard. AES-CCMP is specifically designed for IEEE 802.11 encryption and encrypts parts of the 802.11 MAC headers as well as the data payload. You can specify AES-CCMP encryption with WPA2 or WPA2-PSK authentication.

Mixed TKIP/AES-CCM.This option allows the WFS709TP to use TKIP encryption with WPA or WPA-PSK clients and use AES encryption with WPA2 or WPA2-PSK clients. Mixed TKIP/AES-CCM allows you to deploy the system in environments containing existing WLANs that use different authentication and encryption methods.

1-10

Overview of the WFS709TP

v1.0, June 2007

Page 25 Page 27
Page 26
Image 26
NETGEAR WFS709TP-100NAS manual Encryption Options by Authentication Method, Authentication Method Encryption Option
Page 25 Page 27
Top Page Image Contents