CHAPTER 7 Wireless Configuration

WLAN Security

WPA ENTERPRISE MODE

WPA-PSK— Clients using WPA with a Pre-shared Key are accepted for authentication. The default data encryption type for WPA is TKIP.

WPA2-PSK— Clients using WPA2 with a Pre-shared Key are accepted for authentication. The default data encryption type for WPA is AES.

WPA-PSK_WPA2-PSK— Clients using WPA or WPA2 with a Pre- shared Key are accepted for authentication. The default data encryption type is TKIP/AES.

WPA Algorithms — Selects the data encryption type to use. (Default is determined by the Security Mode selected.)

TKIP — Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA specifies TKIP as the data encryption method to replace WEP. TKIP avoids the problems of WEP static keys by dynamically changing data encryption keys.

AES — Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses AES Counter-Mode encryption with Cipher Block Chaining Message Authentication Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol (AES- CCMP) provides extremely robust data confidentiality using a 128- bit key. Use of AES-CCMP encryption is specified as a standard requirement for WPA2. Before implementing WPA2 in the network, be sure client devices are upgraded to WPA2-compliant hardware.

TKIP/AES — Uses either TKIP or AES keys for encryption. WPA and WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for each client.

Pass Phrase — The WPA Preshared Key can be input as an ASCII string (an easy-to-remember form of letters and numbers that can include spaces) or Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64 Hexadecimal digits)

Key Renewal Interval — Sets the time period for automatically changing data encryption keys and redistributing them to all connected clients. (Default: 3600 seconds)

Wi-Fi Protected Access (WPA) was introduced as an interim solution for the vulnerability of WEP pending the adoption of a more robust wireless security standard. WPA2 includes the complete wireless security standard, but also offers backward compatibility with WPA. Both WPA and WPA2 provide an “enterprise” and “personal” mode of operation.

For enterprise deployment, WPA and WPA2 use IEEE 802.1X for user authentication and require a RADIUS authentication server to be configured on the wired network. Data encryption keys are automatically generated and distributed to all clients connected to the network.

– 85 –

Page 85
Image 85
SMC Networks SMCWBR11S-3GN manual WPA Enterprise Mode