Appendix D Wireless LANs
NBG-417N User’s Guide 251
25.0.2 WPA(2)-PSK Application Example
A WPA(2)-PSK application looks as follows.
1First enter identical passwords into the AP and all wireless clients. The Pre-Shared
Key (PSK) must consist of between 8 and 63 ASCII characters (including spaces
and symbols).
2The AP checks each wireless client's password and (only) allows it to join the
network if the password matches.
3The AP derives and distributes keys to the wireless clients.
4The AP and wireless clients use the TKIP or AES encryption process to encrypt
data exchanged between them.

Figure 153 WPA(2)-PSK Authentication

25.0.3 WPA(2) with RADIUS Application Example
You need the IP address of the RADIUS server, its port number (default is 1812),
and the RADIUS shared secret. A WPA(2) application example with an external
RADIUS server looks as follows. "A" is the RADIUS server. "DS" is the distribution
system.
1The AP passes the wireless client's authentication request to the RADIUS server.
2The RADIUS server then checks the user's identification against its database and
grants or denies network access accordingly.
3The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that
then sets up a key hierarchy and management system, using the pair-wise key to
dynamically generate unique data encryption keys to encrypt every data packet
that is wirelessly communicated between the AP and the wireless clients.