Filter
Top Products
AT-TQ2403 Management Software User's Guide 61
Th
is security mode also provides backwards-compatibility for wireless clients that support only the
original WPA.
Key Management Encryption Algorithm User Authentication
WPA Enterprise mode provides
dynamically-generated keys that
are periodically refreshed.
There are different Unicast keys
for each station.
Temporal Key Integrity
Protocol (TKIP)
Counter mode / CBC-MAC
Protocol (CCMP) Advanced
Encryption Standard (AES)
Remote Authentication Dial-In User
Service (RADIUS)
You have a choice of using the
AT-TQ2403 Management Software
RADIUS server or an external
RADIUS server. The embedded
RADIUS server supports Protected
EAP (PEAP) and MSCHAP V2.
Recommendations
WPA Enterpr
ise mode is the recommended mode. The CCMP (AES) and TKIP encryption algorithms
used with WPA modes are far superior to the RC4 algorithm used for Static WEP or IEEE 802.1x modes.
Therefore, CCMP (AES) or TKIP should be used whenever possible. All WPA modes allow you to use
these encryption schemes, so WPA security modes are recommended above the others when using
WPA is an option.
Additionally, this mode incorporates a RADIUS server for user authentication which gives it an edge
over WPA Personal mode.
Use the following guidelines for choosing options within the WPA Enterprise mode security mode:
1. The best security you can have to date on a wireless network is WPA Enterprise mode using
CCMP (AES) encryption algorithm. AES is a symmetric 128-bit block data encryption technique
that works on multiple layers of the network. It is the most effective encryption system currently
available for wireless networks. If all clients or other APs on the network are WPA/CCMP
compatible, use this encryption algorithm. (If all clients are WPA2 compatible, choose to support
only WPA2 clients.)
2. The second best choice is WPA Enterprise with the encryption algorithm set to both TKIP and
CCMP. This lets WPA client stations without CCMP associate, uses TKIP for encrypting Multicast
and Broadcast frames, and allows clients to select whether to use CCMP or TKIP for unicast
(AP-to-single- station) frames. This WPA configuration allows more interoperability, at the
expense of some security. Client stations that support CCMP can use it for their unicast frames. If
you encounter AP-to-station interoperability problems with the Both encryption algorithm
setting, then you will need to select TKIP instead. (See [3])
3. The third best choice is WPA Enterprise with the encryption algorithm set to TKIP. Some clients
have interoperability issues with CCMP and TKIP enabled at same time. If you encounter this
problem, then choose TKIP as the encryption algorithm. This is the standard WPA mode, and most
interoperable mode with client Wireless software security features. TKIP is the only encryption
algorithm that is being tested in Wi-Fi WPA certification.
See Also
For informa
tion on how to configure this security mode, see “WPA Enterprise
” under “Configuring
Security Settings”.