Symbol WS5000 Series System Reference Manual page 98

6-18
WS5000 Series Switch System Reference Guide
Protocol. If using PSK, an ASCII or hexadecimal value is required to configure TKIP.
• AES CCMP – WPA2 dynamic encryption. If using PSK, an ASCII or hexadecimal value is required to
complete configuration.
4. Click Next. A panel for specifying authentication/key management methods is displayed.
Figure 6.22 Creating a Security Policy—Authentication/Key Management Methods
5. Select one or more authentication/key management method to apply to the Security Policy, as described
in Table 6.6.
Table 6.6 Authentication/Key Management Method Settings
Setting
Manually Pre-Shared Key
Kerberos
802.1x EAP
Broadcast Key Rotation
Description
If you use Pre-shared Key (PSK) authentication, the same key is used for
authentication and encryption. The format and configuration of the key is set in
the Configure panel of the selected encryption method.
Uses a Kerberos server for mobile unit authentication. You can specify an
external server or the switch's on-board server. To use the on-board server, you
must first configure the switch to be a Kerberos Master by visiting System
Settings > Kerberos > Configuration> KDC. Kerberos only supports KeyGuard and
WEP encryption. To configure the Kerberos settings used by this policy, click the
Configure button.
Specifies 802.1x EAP authentication using an external Remote Authentication
Dial-In User Service (Radius) server. The Radius server must be accessible to the
switch. To configure the EAP settings used by this policy, click the Configure
button.
EAP authentication provides dynamic unicast WEP keys for client devices but
uses static broadcast, or multicast, keys. When broadcast WEP key rotation is
enabled, the access point provides a dynamic broadcast WEP key and changes at
the specified interval. The default interval is 600 seconds.