USRobotics Instant802 APSDK User Manual

Page 116

Advertising
background image

Professional Access Point

Administrator Guide

Security - 116

Field

Description

WPA Versions

Select the types of clients you want to support:

• WPA—

If all clients on the network support the original

WPA,

but none support the newer

WPA2

, then select

WPA

WPA2—

If all clients on the network support

WPA2

,

USRobotics

suggests using

WPA2

,

which provides the best security per the

IEEE

802.11i

standard.

Both—

If you have a mix of clients, some of which support

WPA2

and others which sup-

port only the original

WPA

, select

Both

. This option lets both WPA and WPA2 clients

associate and authenticate, but uses the more robust WPA2 for clients who support it.
This WPA configuration allows more interoperability, at the expense of some security.

Cipher Suites

Select the cipher you want to use from the list:

• TKIP—

TKIP (Temporal Key Integrity Protocol) is the default.

TKIP provides a more secure encryption solution than WEP keys. The TKIP
process more frequently changes the encryption key used and better ensures
that the same key will not be reused to encrypt data (a weakness of WEP). TKIP
uses a 128-bit temporal key shared by clients and access points. The temporal
key is combined with the client's MAC address and a 16-octet initialization vector
to produce the key that will encrypt the data. This ensures that each client uses a
different key to encrypt data. TKIP uses RC4 to perform the encryption, which is
the same as WEP. But TKIP changes temporal keys every 10,000 packets and
distributes them, thereby greatly improving the security of the network.

CCMP (AES

)—Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for

IEEE

802.11i

that uses the Advanced Encryption Algorithm (

AES

). It uses a CCM

combined with Cipher Block Chaining Counter mode (CBC-CTR) and Cipher Block Chain-
ing Message Authentication Code (CBC-MAC) for encryption and message integrity.

Both

—When the authentication algorithm is set to

Both

, both TKIP and AES cli-

ents can associate with the access point. WPA clients must have one of the fol-
lowing to be able to associate with the access point:

• A valid TKIP key

• A valid CCMP (AES) key

Clients not configured to use a

WPA

-PSK will not be able to associate with the

access point.

Advertising
Popular Brands
Popular manuals