Using wpa key management – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

357

Configuring Authentication Types

Chapter 12

Using WPA Key Management

Wi-Fi Protected Access (WPA) is a standards-based, interoperable security
enhancement that strongly increases the level of data protection and access
control for existing and future wireless LAN systems. It is derived from and can
be forward-compatible with the upcoming IEEE 802.11i standard. WPA
leverages TKIP (Temporal Key Integrity Protocol) for data protection and
802.1X for authenticated key management.

WPA key management supports two mutually exclusive management types:
WPA and WPA-Pre-shared key (WPA-PSK). By using WPA key management,
clients and the authentication server authenticate to each other by using an EAP
authentication method, and the client and server generate a pair-wise master key
(PMK). By using WPA, the server generates the PMK dynamically and passes it
to the access point. When using WPA-PSK, however, you configure a pre-shared
key on both the client and the access point, and that pre-shared key is used as the
PMK.

See

Assigning Authentication Types to an SSID on page 359

for instructions on

configuring WPA key management on your access point.

IMPORTANT

Unicast and multicast cipher suites advertised in WPA information element
(and negotiated during 802.11 association) can be potentially mismatched
with the cipher suite supported in an explicitly assigned VLAN. If the RADIUS
server assigns a new vlan ID that uses a different cipher suite from the
previously negotiated cipher suite, there is no way for the access point and
client to switch back to the new cipher suite. Currently, the WPA and CCKM
protocols does not allow the cipher suite to be changed after the initial 802.11
cipher negotiation phase. In this scenario, the client device is disassociated
from the wireless LAN.