ZyXEL Communications NWD6505, NWD6605 3.4 Wi-FiProtected Setup, 3.4.1 How WPS Works

Chapter 3 Wireless LANs

single, alphanumeric password to derive a PMK which is used to generate unique temporal encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of WEP)

If both an AP and the wireless clients support WPA2-PSK, use WPA2-PSK for stronger data encryption. If the AP or the wireless clients do not support WPA2-PSK, just use WPA-PSK. Select WEP only when the AP and/or wireless clients do not support WPA-PSK or WPA2-PSK. WEP is less secure than WPA-PSK or WPA2-PSK.

3.4 Wi-Fi Protected Setup

3.4.1 How WPS Works

When two WPS-enabled devices connect, each device must assume a specific role. One device acts as the registrar (the device that supplies network and security settings) and the other device acts as the enrollee (the device that receives network and security settings. The registrar creates a secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used depends on the standards supported by the devices. If the registrar is already part of a network, it sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly.

The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a WPS-enabled access point.

WPS HANDSHAKE