100
System configuration management
Encryption—Enable or disable the access point to use data encryption
(WEP, TKIP, or AES). If this option is selected when using static WEP keys,
you must configure at least one key on the access point and all clients.
(Default: Disabled)
Note: You must enable data encryption through the Web to enable all
types of encryption (WEP, TKIP, or AES) in the access point.
Wi-Fi Protected Access (WPA)
WPA employs a combination of several technologies to provide an enhanced
security solution for 802.11 wireless networks.
The access point supports the following WPA components and features:
IEEE 802.1X and the Extensible Authentication Protocol (EAP):
WPA employs 802.1X as its basic framework for user authentication
and dynamic key management. The 802.1X client and RADIUS server
must use an appropriate EAP type—such as EAP-TLS (Transport Layer
Security), EAP-TTLS (Tunneled TLS), or PEAP (Protected EAP)—for
strongest authentication. Working together, these protocols provide mutual
authentication between a client, the access point, and a RADIUS server that
prevents users from accidentally joining a rogue network. Only when a
RADIUS server has authenticated a user’s credentials are encryption keys
sent to the access point and client.
Note: To implement WPA on wireless clients requires a WPA-enabled
network card driver and 802.1X client software that supports the EAP
authentication type that you want to use. Windows XP provides native
WPA support, other systems require additional software.
Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as the data
encryption method to replace WEP. TKIP avoids the problems of WEP static
keys by dynamically changing data encryption keys. Basically, TKIP starts
with a master (temporal) key for each user session and then mathematically
generates other keys to encrypt each data packet. TKIP provides further
data encryption enhancements by including a message integrity check for
each packet and a rekeying mechanism, which periodically changes the
master key.
WPA Preshared Key Mode (WPA-PSK, WPA2-PSK): For enterprise
deployment, WPA requires a RADIUS authentication server to be configured
on the wired network. However, for small office networks that do not have
the resources to configure and maintain a RADIUS server, WPA provides
a simple operating mode that uses just a preshared password for network
access. The Pre-Shared Key mode uses a common password for user
authentication that is manually entered on the access point and all wireless
clients. The PSK mode uses the same TKIP packet encryption and key
management as WPA in the enterprise, providing a robust and manageable
alternative for small networks.
BAP120
Using the Nortel Business Access Point 120
NN47921-301
01.01
Standard
1.0
August 2006
Copyright © 2006, Nortel Networks
Nortel Networks Confidential
.
Содержание 120
Страница 1: ...BAP120 Using the Nortel Business Access Point 120 NN47921 301 ...
Страница 129: ......