Alfa Network AWAP05O User Manual page 106

6
System Configuration
to encrypt each data packet. TKIP provides further data encryption enhancements
by including a message integrity check for each packet and a re-keying mechanism,
which periodically changes the master key.
WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA requires a
RADIUS authentication server to be configured on the wired network. However, for
small office networks that may not have the resources to configure and maintain a
RADIUS server, WPA provides a simple operating mode that uses just a pre-shared
password for network access. The Pre-Shared Key mode uses a common password
for user authentication that is manually entered on the access point and all wireless
clients. The PSK mode uses the same TKIP packet encryption and key
management as WPA in the enterprise, providing a robust and manageable
alternative for small networks.
Mixed WPA and WEP Client Support: WPA enables the access point to indicate its
supported encryption and authentication mechanisms to clients using its beacon
signal. WPA-compatible clients can likewise respond to indicate their WPA support.
This enables the access point to determine which clients are using WPA security
and which are using legacy WEP. The access point uses TKIP unicast data
encryption keys for WPA clients and WEP unicast keys for WEP clients. The global
encryption key for multicast and broadcast traffic must be the same for all clients,
therefore it restricts encryption to a WEP key.
When access is opened to both WPA and WEP clients, no authentication is
provided for the WEP clients through shared keys. To support authentication for
WEP clients in this mixed mode configuration, you can use either MAC
authentication or 802.1x authentication.
Advanced Encryption Standard (AES) Support: WPA specifies AES encryption
as an optional alternative to TKIP and WEP. AES provides very strong encryption
using a completely different ciphering algorithm to TKIP and WEP. The developing
IEEE 802.11i wireless security standard has specified AES as an eventual
replacement for TKIP and WEP. However, because of the difference in ciphering
algorithms, AES requires new hardware support in client network cards that is
currently not widely available. The access point includes AES support as a future
security enhancement.
The WPA configuration parameters are described below:
Authentication Type Setup – When using WPA, set the access point to communicate
as an open system to disable WEP keys.
Although WEP keys are not needed for WPA, you must enable WEP
Note:
encryption through the web or CLI in order to enable all types of encryption in
the access point. For example, set Wired Equivalent Privacy (WEP) Setup to
"Enable" on the Security page.
WPA Configuration Mode – The access point can be configured to allow only
WPA-enabled clients to access the network, or also allow clients only capable of
supporting WEP.
6-56