D-Link DWC-1000 User Manual page 34

Section 3 - Basic Configuration
Table 3-2 WPA/WPA2 Page Settings
Field
Security
WPA Versions
WPA Ciphers
WPA Key Type
WPA Key
Bcast Key Refresh
Rate (seconds)
Pre-Authentication
Pre-Authentication
Limit
Key Caching Hold
Time
Session Key Refresh
Rate
D-Link DWC-1000 User Manual
If you select WPA for Security, the following two additional security options are displayed.
• WPA Personal = uses static key management. You manually configure the same keys to
encrypt data on both the wireless client and access point. WPA Enterprise uses a RADIUS
server and dynamically generated keys to encrypt client-to- access point traffic. WPA
Enterprise is more secure than WPA Personal, but you need a RADIUS server to manage the
keys.
• WPA Enterprise = more secure than WPA Personal, but you need a RADIUS server to manage
the keys. If you click this option, the screen refreshes and the WPA Key Type and WPA Key
fields are hidden. The access point uses the global RADIUS server or the RADIUS server you
specified for the wireless network.
Select the types of client stations you want to support. Choices are:
WPA = if all client stations on the network support the original WPA but none supports WPA2,
then select WPA.
WPA2 = if all client stations on the network support WPA2, use WPA2, which provides the best
security per the IEEE 802.11i standard.
WPA and WPA2 = if you have a mix of clients that support WPA2 or WPA, select both the boxes.
This lets both WPA and WPA2 client stations associate and authenticate, but uses the more
robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at
the expense of some security.
Select the cipher suite you want to use. Choices are:
• TKIP
• CCMP (AES)
• TKIP and CCMP (AES)
Both TKIP and AES clients can associate with the access point. WPA clients must have a valid TKIP
key or AES-CCMP key to associate with the access point.
Note: 802.11n clients cannot use the TKIP cipher. If you enable TKIP only, 802.11 clients cannot
authenticate with the network.
Enter a WPA key type.
Range: ASCII, including upper- and lower-case alphabetic letters, numeric digits, and special
symbols such as @ and #
Enter the shared secret key for WPA Personal.
Range: 8 – 62 characters, including upper- and lower-case alphabetic letters, numeric digits, and
special symbols such as @ and #
Enter a value to set the interval at which the broadcast (group) key is refreshed for clients
associated to this VAP.
Range: 0 - 86400 seconds (0 = broadcast key is not refreshed)
If Security= WPA Enterprise, turn on to enable pre-authentication.
If Security= WPA Enterprise, the Pre-Authentication Limit field will appear below for you to enter
a value between 0 and 192.
If Security= WPA Enterprise, enter the amount of minutes a PMK will be held by the AP. This applies
to Pairwise Master Keys (PMKs) generated by RADIUS, those that come from pre‐authentication,
and those that are forwarded to the AP. Note that this time limit can be overridden by RADIUS
if the RADIUS server returns a longer time in the Session‐Timeout attribute for a particular user.
The valid values of this are from 1 – 1440 minutes. If you do not enter a value, APs will not forward
the PMK for the wireless client to other APs in case the client roams to another AP.
If Security= WPA Enterprise, enter a value to set the interval at which the AP will refresh session
(unicast) keys for each client associated to the VAP.
The valid range is 0-86400 seconds. A value of 0 indicates that the broadcast key is not refreshed.
Description
34