Using Wi-Fi Protected Access - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Using Wi-Fi Protected Access

Copyright © 2010, Juniper Networks, Inc.
You can specify a static, non default WEP key that the security device uses for
authenticating and decrypting traffic received from wireless clients. However, each client
must also load the WEP key (and ID) before they can authenticate themselves and send
encrypted traffic to the security device. If a client does not supply a key ID, the security
device attempts to use the default WEP key to authenticate the client and decrypt its
traffic.
You can configure the SSID to use WPA enterprise mode or WPA personal mode.
WPA (Enterprise Mode) authentication uses an external RADIUS auth server for
authentication. When using WPA, you must also configure the rekey interface and
encryption method. The WPA enterprise mode settings are displayed in Table 89 on
page 395.
Table 89: WPA Enterprise Mode Settings
Parameters Description
Encryption The encryption setting specifies the encryption method used between the security
device and wireless clients in the subnetwork. Select one of the following:
AES—The Advanced Encryption Standard (AES) is used by WPA 2 devices.
AES uses the Robust Security Network (RSN) cipher for encryption. This
complex encryption mechanism is a block cipher (operates on 128 bit data
blocks).
TKIP—The Temporal Key Integrity Protocol (TKIP) is used by WPA 1 devices.
TKIP is a key management protocol that handles key generation and key
synchronization; TKIP uses the RC4 algorithm for encryption.
Auto—When enabled, the device uses the encryption method (AES or TKIP)
used by the client.
rekey-interval The rekey interval defines the number of seconds between group key updates.
To enable key updates, select Value; the default interval is 1800 seconds and
the acceptable range is 30-42949672 seconds. To disable key updates, select
Disabled.
WPA-PSK (Personal Mode) authentication uses a passphrase or pre shared key on the
security device to permit access to the SSID. When using WPA, you must also configure
the WPA-PSK authentication and encryption methods. The WPA personal mode settings
are displayed in Table 90 on page 395.
Table 90: WPA Personal Mode Settings
Parameters Description
Authentication The authentication setting specifies the authentication methods for wireless
(WSA-PSK) clients attempting to access the SSID:
Passphrase—When enabled, you must configure a passphrase (8-63 ASCII
characters) that permits access to the SSID.
PSK—When enabled, you must enter a pre shared key (256 bit/64characters
hexadecimal) that permits access to the SSID.
Chapter 14: WAN, ADSL, Dial, and Wireless
395