
Appendix D Wireless LANs
Dynamic WEP Key Exchange
The AP maps a unique key that is generated with the RADIUS server. This key expires when the wireless connection times out, disconnects or reauthentication times out. A new WEP key is generated each time reauthentication is performed.
If this feature is enabled, it is not necessary to configure a default encryption key in the wireless security configuration screen. You may still configure and store keys, but they will not be used while dynamic WEP is enabled.
"
For added security, 
Table 144 Comparison of EAP Authentication Types
| 
 | PEAP | LEAP | |||
| Mutual Authentication | No | Yes | Yes | Yes | Yes | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Certificate – Client | No | Yes | Optional | Optional | No | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Certificate – Server | No | Yes | Yes | Yes | No | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Dynamic Key Exchange | No | Yes | Yes | Yes | Yes | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Credential Integrity | None | Strong | Strong | Strong | Moderate | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Deployment Difficulty | Easy | Hard | Moderate | Moderate | Moderate | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
| Client Identity Protection | No | No | Yes | Yes | No | 
| 
 | 
 | 
 | 
 | 
 | 
 | 
WPA and WPA2
Key differences between WPA or WPA2 and WEP are improved data encryption and user authentication.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server, you should use 
If the AP or the wireless clients do not support WPA2, just use WPA or 
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is less secure than WPA or WPA2.
| 
 | 367 | 
| 
 | 
 |