Enterasys RoamAbout RBT-4102 Configuration Manual page 114

Security
• Pre‐Authentication. If Pre‐Authentication is enabled, a WPA2 wireless client can perform an
802.1X authentication with other wireless access points in its range when it is still connected to
its current wireless access point.
To use Pre‐Authentication, you must have the following:
–
–
• Authentication
–
–
–
–
–
–
• Data Encryption enables or disables the access point to use WEP shared keys for data
encryption. If this option is selected, you must configure at least one key on the access point
and all clients. (Default: Disable)
• WPA Clients sets the specified radio interface or VAP to:
–
4-78 Advanced Configuration
Wireless network adaptors that support WPA2.
Windows XP wireless network adaptor drivers that support the passing of WPA2
capabilities to Windows Wireless Auto Configuration.
Open System (the default setting): Select this option if you plan to use WPA or 802.1x as a
security mechanism. If you don't set up any other security mechanism on the access point,
the network has no protection and is open to all users.
Shared Key sets the access point to use WEP shared keys. If this option is selected, you
must configure at least one key on the access point and all clients.
Note: To use 802.1x on wireless clients requires a network card driver and 802.1x
client software that supports the EAP authentication type that you want to use.
Windows XP provides native WPA support, other systems require additional software.
WPA (Wi‐Fi Protected Access) is a standards‐based, interoperable security enhancement
that strongly increases the level of data protection and access control for existing and
future wireless LAN systems. It is derived from and will be forward‐compatible with the
upcoming IEEE 802.11i standard. WPA leverages TKIP (Temporal Key Integrity Protocol)
for data protection and 802.1X for authenticated key management.
WPA‐PSK. Uses WPA key management, non‐root access point/bridges and the
authentication server authenticate to each other using an EAP authentication method, and
the non‐root access point/bridge and server generate a pairwise master key (PMK). Using
WPA, the server generates the PMK dynamically and passes it to the root access point/
bridge. Using WPA‐PSK, however, you configure a pre‐shared key on both the non‐root
access point/bridge and the root access point/bridge, and that pre‐shared key is used as
the PMK.
WPA2 provides a stronger encryption mechanism through AES, which is a requirement
for some corporate and government users. TKIP, the encryption mechanism in WPA,
relies on RC4 instead of Triple Data Encryption Standard (3DES), AES, or another
encryption algorithms.
WPA‐WPA2‐ Mixed permits the coexistence of WPA and WPA2 clients on a common SSID.
WPA2 ‐mixed mode is a Wi‐Fi Certified feature. The access point advertises the
encryption ciphers (TKIP, CCMP, other) that are available for use. The client selects the
encryption cipher it would like to use, and the selected encryption cipher is used for
encryption between the client and access point once it is selected by the client.
Note: You must enable WEP encryption in order to enable all types of encryption on the access
point; however, you do not need to define WEP keys for WPA.
Required ‐ allows only WPA‐enabled clients to access the network.