Using Wpa Key Management - Allen-Bradley Stratix 5100 User Manual

Using WPA Key Management

Wi-Fi Protected Access (WPA) is a standards-based, interoperable security
enhancement that strongly increases the level of data protection and access
control for existing and future wireless LAN systems. It is derived from and can
be forward-compatible with the upcoming IEEE 802.11i standard. WPA
leverages TKIP (Temporal Key Integrity Protocol) for data protection and
802.1X for authenticated key management.
WPA key management supports two mutually exclusive management types:
WPA and WPA-Pre-shared key (WPA-PSK). By using WPA key management,
clients and the authentication server authenticate to each other by using an EAP
authentication method, and the client and server generate a pair-wise master key
(PMK). By using WPA, the server generates the PMK dynamically and passes it
to the access point. When using WPA-PSK, however, you configure a pre-shared
key on both the client and the access point, and that pre-shared key is used as the
PMK.
Unicast and multicast cipher suites advertised in WPA information element
IMPORTANT
(and negotiated during 802.11 association) can be potentially mismatched
with the cipher suite supported in an explicitly assigned VLAN. If the RADIUS
server assigns a new vlan ID that uses a different cipher suite from the
previously negotiated cipher suite, there is no way for the access point and
client to switch back to the new cipher suite. Currently, the WPA and CCKM
protocols does not allow the cipher suite to be changed after the initial 802.11
cipher negotiation phase. In this scenario, the client device is disassociated
from the wireless LAN.
See Assigning Authentication Types to an SSID on page 359
configuring WPA key management on your access point.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Configuring Authentication Types Chapter 12
for instructions on
357