Wireless
Networks
Cisco Small Business WAP371 Wireless Access Point Administration Guide
77
5
the IEEE 802.11i standard. As per the latest WiFi Alliance requirement, the AP has
to support this mode all the time.
If the network has a mix of clients, some of which support WPA2 and others which
support only the original WPA, select both of the check boxes. This lets both WPA and
WPA2 client stations associate and authenticate, but uses the more robust WPA2 for
clients who support it. This WPA configuration allows more interoperability in place
of some security.
WPA clients must have one of these keys to be able to associate with the WAP device:
-
A valid TKIP key
-
A valid AES-CCMP key
•
Key—The shared secret key for WPA Personal security. Enter a string of at least 8
characters to a maximum of 63 characters. Acceptable characters include uppercase
and lowercase alphabetic letters, the numeric digits, and special symbols such as @
and #.
•
Key Strength Meter—The WAP device checks the key against complexity criteria such
as how many different types of characters (uppercase and lowercase alphabetic letters,
numbers, and special characters) are used and how long the string is. If the WPA-PSK
complexity check feature is enabled, the key is not accepted unless it meets the
minimum criteria. See
WPA-PSK Complexity
for information on configuring the
complexity check.
•
Broadcast Key Refresh Rate—The interval at which the broadcast (group) key is
refreshed for clients associated with this VAP. The default is 300 seconds and the valid
range is from 0 to 86400 seconds. A value of 0 indicates that the broadcast key is not
refreshed.
WPA Enterprise
WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE 802.11i
standard, which includes CCMP (AES), and TKIP encryption. The Enterprise mode requires
the use of a RADIUS server to authenticate users.
This security mode is backwards-compatible with wireless clients that support the original
WPA.
These parameters configure WPA Enterprise:
•
WPA Versions—The types of client stations to be supported:
-
WP-TKIP—The network has some client stations that only support original WPA
and TKIP security protocol. Note that selecting only WPA-TKIP for the access
point is not allowed as per the latest WiFi Alliance requirement.