37
Key are accepted for authentication. The default data encryption type is TKIP/AES.
◆
WPA Algorithms
— Selects the data encryption type to use. (Default is determined
by the Security Mode selected.)
■
TKIP
— Uses Temporal Key Integrity Protocol (TKIP) keys for encryption. WPA
specifies TKIP as the data encryption method to replace WEP. TKIP avoids the
problems of WEP static keys by dynamically changing data encryption keys.
■
AES
— Uses Advanced Encryption Standard (AES) keys for encryption. WPA2 uses
AES Counter-Mode encryption with Cipher Block Chaining Message Authentication
Code (CBC-MAC) for message integrity. The AES Counter-Mode/CBCMAC Protocol
(AESCCMP) provides extremely robust data confidentiality using a 128- bit key. Use
of AES-CCMP encryption is specified as a standard requirement for WPA2. Before
implementing WPA2 in the network, be sure client devices are upgraded to
WPA2-compliant hardware.
■
Auto
— Uses either TKIP or AES keys for encryption. WPA and
WPA2 mixed modes allow both WPA and WPA2 clients to associate to a common
SSID. In mixed mode, the unicast encryption type (TKIP or AES) is negotiated for
each client.
◆
Pass Phrase
— The WPA Preshared Key can be input as an ASCII string (an
easy-to-remember form of letters and numbers that can include spaces) or
Hexadecimal format. (Range: 8~63 ASCII characters, or exactly 64 Hexadecimal
digits)
◆
Key Renewal Interval
— Sets the time period for automatically changing data
encryption keys and redistributing them to all connected clients.
IEEE 802.1X
AND
RADIUS
IEEE 802.1X is a standard framework for network access control that uses a central
RADIUS server for user authentication. This control feature prevents unauthorized
access to the network by requiring an 802.1X client application to submit user
credentials for authentication. The 802.1X standard uses the Extensible
Authentication Protocol (EAP) to pass user credentials (either digital certificates,
user names and passwords, or other) from the client to the RADIUS server. Client
authentication is then verified on the RADIUS server before the client can access the
network. Remote Authentication Dial-in User Service (RADIUS) is an authentication
protocol that uses software running on a central server to control access to
RADIUS-aware devices on the network. An authentication server contains a
database of user credentials for each user that requires network access.
The WPA and WPA2 enterprise security modes use 802.1X as the method of user
authentication. IEEE 802.1X can also be enabled on its own as a security mode for