Table of Contents
Advertisement
for authentication. The default data encryption type for WPA is AES.
WPA1_WPA2 — Clients using WPA or WPA2 with an 802.1X authentication method
◆
are accepted for authentication. The default data encryption type is TKIP/AES.
WPA Algorithms — Selects the data encryption type to use. (Default is
◆
determined by the Security Mode selected.)
TKIP — Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA
■
specifies TKIP as the data encryption method to replace WEP. TKIP avoids the
problems of WEP static keys by dynamically changing data encryption keys.
AES — Uses Advanced Encryption Standard (AES) keys for encryption. WPA2
■
uses AES Counter-Mode encryption with Cipher Block Chaining Message
Authentication Code (CBC-MAC) for message integrity. The AES Counter-
Mode/CBCMAC Protocol (AESCCMP) provides extremely robust data confidentiality
using a 128- bit key. Use of AES-CCMP encryption is specified as a standard
requirement for WPA2. Before implementing WPA2 in the network, be sure client
devices are upgraded to WPA2-compliant hardware.
TKIP/AES — Uses either TKIP or AES keys for encryption. WPA and
■
WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common
SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated
for each client.
◆
Key Renewal Interval — Sets the time period for automatically changing data
encryption keys and redistributing them to all connected clients. (Default:
3600 seconds)
PMK Cache Period — WPA2 provides fast roaming for authenticated clients by
◆
retaining keys and other security information in a cache, so that if a client roams
away from an access point and then returns reauthentication is not required.
This parameter sets the time for deleting the cached WPA2 Pairwise Master Key
(PMK) security information. (Default: 10 minutes)
Pre-Authentication — When using WPA2, pre-authentication can be enabled that
◆
allows clients to roam to another access point and be quickly associated without
performing full 802.1X authentication.
(Default: Disabled)
IEEE 802.1X
AND
RADIUS
IEEE 802.1X is a standard framework for network access control that uses a central
RADIUS server for user authentication. This control feature prevents unauthorized
access to the network by requiring an 802.1X client application to submit user
credentials for authentication. The 802.1X standard uses the Extensible
Authentication Protocol (EAP) to pass user credentials (either digital certificates,
43
Hide quick links:
Advertisement
Table of Contents
