Filter
Top Products
96
www.gateway.com
Field Description
Cipher Suites Select the cipher you want to use from the list:
• TKIP
• CCMP (AES)
• Both
Temporal Key Integrity Protocol (TKIP) is the default.
TKIP provides a more secure encryption solution than WEP keys. The TKIP
process more frequently changes the encryption key used and better
ensures that the same key will not be re-used to encrypt data (a weakness
of WEP). TKIP uses a 128-bit “temporal key” shared by clients and access
points. The temporal key is combined with the client's MAC address and a
16-octet initialization vector to produce the key that will encrypt the data. This
ensures that each client station uses a different key to encrypt data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. But TKIP
changes temporal keys every 10,000 packets and distributes them, thereby
greatly improving the security of the network.
Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for
IEEE 802.11i that uses the Advanced Encryption Algorithm (AES). It uses
a CCM combined with Cipher Block Chaining Counter mode (CBC-CTR) and
Cipher Block Chaining Message Authentication Code (CBC-MAC) for
encryption and message integrity.
When the authentication algorithm is set to Both, both TKIP and AES clients
can associate with the access point. Client stations configured to use WPA
with RADIUS must have one of the following to be able to associate with
the AP:
• A valid TKIP RADIUS IP address and valid shared Key
• A valid CCMP (AES) IP address and valid shared Key
Clients not configured to use WPA-PSK will not be able to associate with AP.
Both is the default. When the authentication algorithm is set to Both, client
stations configured to use WPA with RADIUS must have one of the following:
• A valid TKIP RADIUS IP address and RADIUS Key
• A valid CCMP (AES) IP address and RADIUS Key
Authentication
Server
Select one of the following from the list:
■
Built-in - To use the authentication server provided with the Gateway 7001
Series self-managed AP. If you choose this option, you do not have to
provide the Radius IP and Radius Key (they are automatically provided).
■
External - To use an external authentication server. If you choose this
option you must supply a Radius IP and Radius Key of the server you want
to use.