5-51
Security
The access point can simultaneously support clients using various different
security mechanisms. The configuration for these security combinations are
outlined in the following table. Note that MAC address authentication can be
configured independently to work with all security mechanisms and is indicated
separately in the table. Required RADIUS server support is also listed.
Table 5 Security Considerations
WPA over 802.1X
Mode
Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
• Provides robust security in WPA-only mode
(i.e., WPA clients only)
• Offers support for legacy WEP clients, but with
increased security risk (i.e., WEP authentication
keys disabled)
• Requires configured RADIUS server
• 802.1X EAP type may require management of
digital certificates for clients and server
WPA PSK Mode Requires WPA-enabled system
and network card driver
(native support provided in
Windows XP)
• Provides good security in small networks
• Requires manual management of pre-shared key
WPA2 with
802.1X
Requires WPA-enabled system
and network card driver (native
support provided in Windows
XP)
• Provides the strongest security in WPA2-only
mode
• Provides robust security in mixed mode for WPA
and WPA2 clients
• Offers fast roaming for time-sensitive client
applications
• Requires configured RADIUS server
• 802.1X EAP type may require management of
digital certificates for clients and server
• Clients may require hardware upgrade to be
WPA2 compliant
WPA2 PSK Mode Requires WPA-enabled system
and network card driver (native
support provided in Windows
XP)
• Provides robust security in small networks
• Requires manual management of pre-shared key
• Clients may require hardware upgrade to be
WPA2 compliant
Security
Mechanism
Client Support Implementation Considerations
NOTE: You must enable data encryption through the web in order to enable all
types of encryption (WEP, TKIP, or AES) in the access point.
Client Security
Combination
Configuration Summary
a
MAC
Authentication
b
RADIUS
Server
No encryption and no
authentication
Authentication: Open System
Encryption: Disable
802.1x: Disable
Local, RADIUS, or
Disabled
Yes
3
Static WEP only (with
or without shared
key authentication)
Enter 1 to 4 WEP keys
Select a WEP transmit key for the interface
Authentication: Shared Key or Open System
Encryption: Enable
802.1x: Disable
Local, RADIUS, or
Disabled
Yes
c