Weidmuller WI-MOD-945-E: 900Mhz Wireless Ethernet & Device Server v2.16 User Manual
Page 31
Weidmuller Wireless Ethernet Modem & Device Server WI-MOD-945-E User Manual
Page 31
www.weidmuller.com
Rev 2.136
WPA2 (Wi-Fi Protected Access 2) replaced WPA and provides significant security improvements over this method. In
particular, it introduces CCMP, a new AES-based encryption mode with strong security.
WPA/WPA2-PSK (Legacy Support) enables the modem to communicate to all WPA methods including TKIP, AES and
WPA2 AES. Generally only used if the network has older devices that does not support the higher level encryption
methods. Note: enabling this option will lower the security level of the network down to the weakest configured encryption
level, ie WPA TKIP
WPA-Enterprise (802.1x) removes the need to manage the Pre-shared Key (PSK) by using an external server to provide
client authentication. Clients that are not authorized will be prevented from accessing the network. Once a client has
provided the correct authentication credentials, access is permitted and data encryption keys are established, similar to
WPA-PSK. Fine-grain (user level) access control can be achieved using this method.
An 802.1x capable RADIUS server may already be deployed in a large scale network environment. The WI-MOD-945-E
can make use of this server reducing replication of user authentication information.
In a typical WPA-enterprise setup, the WI-MOD-945-E Access point acts as Authenticator, controlling access to the
network. Wireless clients (WI-MOD-945-E
’s, Laptops or other devices) act as Supplicants, requesting access to the
network. The Authenticator communicates with an authentication (RADIUS) server on the Ethernet network to verify
Supplicant identity. When a Supplicant requests access, it sends an access request to the Authenticator, which passes an
authentication request to the external authentication server. When the user credentials of the Supplicant are verified, the
Authenticator enables network access for the Supplicant, data encryption keys are established and network traffic can
pass.
Configuration of WPA-Enterprise differs when the unit is configured as an Access point (Authenticator) or Client
(Supplicant). If WDS interfaces are used, it is possible for one WI-MOD-945-E to act as both an Authenticator and a
Supplicant, however in this situation, only one set of user credentials can be entered for all Supplicants.
The WI-MOD-945-E supports WPA-1 TKIP, WPA-1 AES and WPA-2 AES using a Pre-Shared Key (PSK).
WPA PSK (TKIP) (Temporal Key Integrity Protocol) enhances WEP by using 128-bit encryption plus separate 64bit Tx
and Rx MIC (Message Integrity Check) keys.
WPA PSK (AES) (Advanced Encryption Standard), Uses the more advanced CCMP encryption protocol and is essentially
a draft of the IEEE 802.11i wireless network standard and is the recommended encryption method in most applications.
WPA2 AES (Advanced Encryption Standard) is the most secure encryption method, is also based on 128 bit encryption
key.
After changes are made to Network Configuration, it is important to save the configuration by selecting “Save Changes” or
by selecting “Save Changes and Reset”.
Note: If making changes to a remote module via the radio link please make sure all changes are
compliant and accurate
before pressing the “Save to flash and reset” button. Some field changes may
stop the radio link from working and will require a hard wire connection to change back.
Network Settings Webpage Fields
Operating Mode
Used to select Access Point (Infrastructure), Client (Infrastructure).
By default this is set to Client.
System Address (ESSID)
A WI-MOD-945-E wireless network comprises modules with the same
"system address”. Only modules with the same system address will
communicate with each other. The system address is a text string 1 to 31
characters in length. Select a text string which identifies your system.
Desired BSSID
To force a client/station to always connect to the same Access Point enter
the MAC address of that Access Point in the Desired BSSID field
(Note that the ESSID of the Access Point must also match the configured
ESSID of the client).
Radio Encryption
Select the desired radio Encryption level.
Encryption key, p
assphrase, etc is entered on the “Security Menu” (See