USRobotics Instant802 APSDK User Manual
Page 118
Professional Access Point
Administrator Guide
Security - 118
Enable pre-authentication
If for
WPA Versions
you select
WPA2
or
Both
, you can enable pre-authentication for
clients.
Click
Enable pre-authentication
wireless clients to send pre-authen-
tication packet. The pre-authentication information will be relayed from the access
point the client is currently using to the target access point. Enabling this feature
can help speed up authentication for roaming clients who connect to multiple
access points.
This option does not apply if you selected
WPA
for WPA Versions because the orig-
inal
does not support this feature.
Cipher Suites
Select the cipher you want to use from the list:
•
TKIP—
Temporal Key Integrity Protocol (TKIP) provides a more secure encryption
solution than WEP keys. The TKIP process more frequently changes the encryp-
tion key used and better ensures that the same key will not be reused to encrypt
data (a weakness of WEP). TKIP uses a 128-bit temporal key shared by clients
and access points. The temporal key is combined with the client's MAC address
and a 16-octet initialization vector to produce the key that will encrypt the data.
This ensures that each client uses a different key to encrypt data. TKIP uses
RC4 to perform the encryption, which is the same as WEP. But TKIP changes
temporal keys every 10,000 packets and distributes them, thereby greatly
improving the security of the network.
•
CCMP (AES
)—Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for
that uses the Advanced Encryption Algorithm (
). It uses a CCM
combined with Cipher Block Chaining Counter mode (CBC-CTR) and Cipher Block Chain-
ing Message Authentication Code (CBC-MAC) for encryption and message integrity.
•
Both
—The default. When the authentication algorithm is set to Both, both TKIP
and AES clients can associate with the access point. Clients configured to use WPA
with RADIUS must have one of the following to be able to associate with the access
point:
• A valid TKIP RADIUS IP address and RADIUS Key
• A valid CCMP (AES) IP address and RADIUS Key
Clients not configured to use WPA with RADIUS will not be able to associate with
access point.
Authentication Server
Select one of the following from list:
•
Built-in
—To use the authentication server provided with the Professional Access
Point. If you choose this option, you do not have to provide the Radius IP and
Radius Key; they are automatically provided.
•
External
—To use an external authentication server. If you choose this option you
must supply a Radius IP and Radius Key of the server you want to use.
Note: The RADIUS server is identified by its IP address and UDP port numbers for
the different services it provides. On the Professional Access Point, the RADIUS
server User Datagram Protocol (UDP) ports used by the access point are not con-
figurable. The Professional Access Point is hard-coded to use RADIUS server UDP
port 1812 for authentication and port 1813 for accounting.
Field
Description