59
The access point and the wireless devices must have the same encryption settings
to communicate. You can choose to allow only clients using WPA encryption, or
you can allow both WPA and WEP clients.
The following sections describe how to configure each type of encryption. When
you are finished configuring the encryption, click
Apply.
WPA Configuration
To configure WPA encryption:
1
Choose open system, and then click the
Required
check box on the
authentication page if you want to limit access to clients using WPA
encryption. If you also want to allow WEP clients, do not check this box.
2
Select the Cipher Mode, which determines the method by which keys are
computed. WEP is the weakest Multicast Cipher Mode and is only provided
for support of legacy clients which do not fully support WPA. Clients
associated with WPA-TKIP will have unicast packets directed at them with
corresponding encryption keys. However, with WEP selected as the Cipher
Mode, ALL multicast traffic is sent out with WEP encryption. It is
recommended to only select WEP as the Cipher Mode if legacy client support
is critical.
AES - Advanced Encryption Standard (Highest Security)
TKIP—(Temporal Key Integrity Protocol) provides per-packet key mixing, a
message integrity check and a re-keying mechanism
WEP—Provides standard WEP ciphering (Least Secure)
3
Select the type of WPA Key Management:
WPA authentication over 802.1x (More secure, but requires a RADIUS
authentication server setup.
See WPA note below
)
WPA Pre-shared Key (PSK) (
see WPA note below
)
4
Select the Key Type:
Hexadecimal (0~9, A~F; for example, D7 0A 9C 7F E5)
ASCII (0~9, A~F; for example 01234)
5
Enter the pre-shared key in the space provided if necessary.
WPA Note:
The WPA key management must match the settings on the Authentication Page.
When using 802.1x, the access point uses session keys provided during the
802.1x EAP key exchange as the “seed key” for WPA. This is more secure than
PSK, since each client starts with a unique session key for all subsequent keys
generated. Otherwise, the PSK is used for the “seed key”.