Appendix B Wireless LANs
NWA-3166 User’s Guide
265
WPA and WPA2
Wi-Fi Protected Access (WPA) is a subset of the IEEE 802.11i standard. WPA2
(IEEE 802.11i) is a wireless security standard that defines stronger encryption,
authentication and key management than WPA.
Key differences between WPA or WPA2 and WEP are improved data encryption
and user authentication.
If both an AP and the wireless clients support WPA2 and you have an external
RADIUS server, use WPA2 for stronger data encryption. If you don't have an
external RADIUS server, you should use WPA2-PSK (WPA2-Pre-Shared Key) that
only requires a single (identical) password entered into each access point, wireless
gateway and wireless client. As long as the passwords match, a wireless client will
be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK
depending on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2.
WEP is less secure than WPA or WPA2.
Encryption
Both WPA and WPA2 improve data encryption by using Temporal Key Integrity
Protocol (TKIP), Message Integrity Check (MIC) and IEEE 802.1x. WPA and WPA2
use Advanced Encryption Standard (AES) in the Counter mode with Cipher block
chaining Message authentication code Protocol (CCMP) to offer stronger
encryption than TKIP.
TKIP uses 128-bit keys that are dynamically generated and distributed by the
authentication server. AES (Advanced Encryption Standard) is a block cipher that
uses a 256-bit mathematical algorithm called Rijndael. They both include a per-
packet key mixing function, a Message Integrity Check (MIC) named Michael, an
extended initialization vector (IV) with sequencing rules, and a re-keying
mechanism.
WPA and WPA2 regularly change and rotate the encryption keys so that the same
encryption key is never used twice.
The RADIUS server distributes a Pairwise Master Key (PMK) key to the AP that
then sets up a key hierarchy and management system, using the PMK to
dynamically generate unique data encryption keys to encrypt every data packet
that is wirelessly communicated between the AP and the wireless clients. This all
happens in the background automatically.
Содержание NWA-3166
Страница 2: ......
Страница 15: ...15 PART I Introduction Introduction 17 The Web Configurator 29 Tutorials 33 ...
Страница 16: ...16 ...
Страница 32: ...Chapter 2 The Web Configurator NWA 3166 User s Guide 32 ...
Страница 64: ...Chapter 3 Tutorials NWA 3166 User s Guide 64 ...
Страница 66: ...66 ...
Страница 70: ...Chapter 4 Status Screen NWA 3166 User s Guide 70 ...
Страница 122: ...Chapter 8 Wireless Screen NWA 3166 User s Guide 122 ...
Страница 128: ...Chapter 9 SSID Screen NWA 3166 User s Guide 128 ...
Страница 158: ...Chapter 14 IP Screen NWA 3166 User s Guide 158 ...
Страница 166: ...Chapter 15 Rogue AP Detection NWA 3166 User s Guide 166 ...
Страница 186: ...Chapter 17 Internal RADIUS Server NWA 3166 User s Guide 186 ...
Страница 213: ...Chapter 19 Log Screens NWA 3166 User s Guide 213 ...
Страница 214: ...Chapter 19 Log Screens NWA 3166 User s Guide 214 ...
Страница 235: ...Chapter 20 VLAN NWA 3166 User s Guide 235 ...
Страница 236: ...Chapter 20 VLAN NWA 3166 User s Guide 236 ...
Страница 270: ...Appendix B Wireless LANs NWA 3166 User s Guide 270 ...
Страница 300: ...Appendix D IP Addresses and Subnetting NWA 3166 User s Guide 300 ...
Страница 308: ...Appendix E Text File Based Auto Configuration NWA 3166 User s Guide 308 ...
Страница 314: ...Appendix F How to Access and Use the CLI NWA 3166 User s Guide 314 ...
Страница 326: ...Appendix H Customer Support NWA 3166 User s Guide 326 ...
Страница 332: ...Index NWA 3166 User s Guide 332 ...