Table of Contents
Advertisement
AES—The Advanced Encryption Standard (AES) encryption algorithm is a widely supported encryption type
l
for all wireless networks that contain any confidential data. AES in Wi-Fi leverages 802.1X or PSKs to
generate per-station keys for all devices. AES provides a high level of security like IP Security (IPsec) clients.
WEP and TKIP are limited to WLAN connection speed of 54 Mbps. The 802.11n connection supports only AES
encryption. Aruba recommends AES encryption. Ensure that all devices that do not support AES are upgraded
or replaced with the devices that support AES encryption.
WPA and WPA-2
WPA is created based on the draft of 802.11i, which allowed users to create more secure WLANs. WPA-2
encompasses the full implementation of the 802.11i standard. WPA-2 is a superset that encompasses the full
WPA feature set.
The following table summarizes the differences between the two certifications:
Table 37: WPA and WPA-2 Features
Certification
WPA
WPA-2
WPA and WPA-2 can be further classified as follows:
Personal—Personal is also called Pre-Shared Key (PSK). In this type, a unique key is shared with each client
l
in the network. Users have to use this key to securely log in to the network. The key remains the same until
it is changed by authorized personnel. You can also configure key change intervals .
Enterprise—Enterprise is more secure than WPA Personal. In this type, every client automatically receives a
l
unique encryption key after securely logging in to the network. This key is automatically updated at regular
intervals. WPA uses TKIP and WPA-2 uses the AES algorithm.
Recommended Authentication and Encryption Combinations
The following table summarizes the recommendations for authentication and encryption combinations for the
Wi-Fi networks.
Table 38: Recommended Authentication and Encryption Combinations
Network Type
Employee
Guest Network
Voice Network or
Handheld devices
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Authentication
PSK
l
IEEE 802.1X with
l
Extensible
Authentication
Protocol (EAP)
PSK
l
IEEE 802.1X with
l
EAP
Authentication
802.1X
Captive portal
802.1X or PSK as supported
by the device
Encryption
TKIP with message integrity check (MIC)
AES—Counter Mode with Cipher Block Chaining
Message Authentication Code (AESCCMP)
Encryption
AES
None
AES if possible, TKIP or WEP if
necessary (combine with security
settings assigned for a user role).
Authentication and User Management |
165
Hide quick links:
Advertisement
Table of Contents
