When to use wpa/wpa2 enterprise (radius) – USRobotics Instant802 APSDK User Manual

Professional Access Point

Administrator Guide

Security - 105

R

ECOMMENDATIONS

WPA/WPA2 Personal (PSK) is not recommended for use with the Professional Access Point when WPA/
WPA2 Enterprise (RADIUS) is an option.

USRobotics recommends that you use WPA/WPA2 Enterprise (RADIUS) mode instead, unless you have
interoperability issues that prevent you from using this mode.

For example, some devices on your network may not support WPA or WPA2 with

EAP

talking to a

RADIUS

server. Embedded printer servers or other small client devices with very limited space for

implementation may not support RADIUS. For such cases, USRobotics recommends that you use WPA/
WPA2 Personal (PSK).

S

EE

A

LSO

For information on how to configure this security mode, see “WPA/WPA2 Personal (PSK)” on page 115.

When to Use WPA/WPA2 Enterprise (RADIUS)

Wi-Fi Protected Access 2 (

WPA2

) with Remote Authentication Dial-In User Service (

RADIUS

) is an

implementation of the Wi-Fi Alliance IEEE

802.11i

standard, which includes Advanced Encryption

Standard (

AES

), Counter mode/CBC-MAC Protocol (

CCMP

), and Temporal Key Integrity Protocol (

TKIP

)

mechanisms. This mode requires the use of a RADIUS server to authenticate users. WPA/WPA2
Enterprise (RADIUS) provides the best security available for wireless networks.

This security mode also provides backward compatibility for wireless clients that support only the original

WPA

.

R

ECOMMENDATIONS

WPA/WPA2 Enterprise (RADIUS) mode is the recommended mode. The

CCMP

(

AES

) and

TKIP

encryption algorithms used with WPA modes are far superior to the

RC4

algorithm used for Static

WEP

or

IEEE 802.1x modes. Therefore, CCMP (AES) or TKIP should be used whenever possible. All WPA modes
allow you to use these encryption schemes, so WPA security modes are recommended above the others
when using WPA is an option.

Additionally, this mode incorporates a RADIUS server for user authentication, which gives it an edge over
WPA/WPA2 Personal (PSK) mode.

Use the following guidelines for choosing options within the WPA/WPA2 Enterprise (RADIUS) mode
security mode:

Key Management

Encryption Algorithms

User Authentication

WPA/WPA2 Enterprise (RADIUS)
mode provides dynamically-gener-
ated keys that are periodically
refreshed.

There are different

Unicast

keys for

each station.

• Temporal Key Integrity Protocol

(

TKIP

)

• Counter mode/CBC-MAC Proto-

col (

CCMP

) Advanced Encryption

Standard (

AES

)

Remote Authentication Dial-In User
Service (

RADIUS

)

You have a choice of using the Pro-
fessional Access Point embedded
RADIUS server or an external
RADIUS server. The embedded
RADIUS server supports Protected

EAP

(PEAP) and MSCHAP V2.