Filter
Top Products
84
www.gateway.com
Recommendations
WPA with RADIUS mode is the recommended mode. The CCMP (AES) and TKIP
encryption algorithms used with WPA modes are far superior to the RC4 algorithm used
for Static WEP or IEEE 802.1x modes. Therefore, CCMP (AES) or TKIP should be used
whenever possible. All WPA modes allow you to use these encryption schemes, so WPA
security modes are recommended above the others when using WPA is an option.
Additionally, this mode (WPA with RADIUS) incorporates a RADIUS server for user
authentication which gives it an edge over WPA-PSK.
Use the following guidelines for choosing options within the WPA with RADIUS security
mode:
■ The best security you can have to date on a wireless network is WPA with RADIUS using
CCMP (AES) encryption algorithm. AES is a symmetric 128-bit block data encryption
technique that works on multiple layers of the network. It is the most effective
encryption system currently available for wireless networks. If all clients or other APs
on the network are WPA/CCMP compatible, use this encryption algorithm.
■ The second best choice is WPA with RADIUS with the encryption algorithm set to
“Both” (that is, both TKIP and CCMP). This lets WPA client stations without CCMP
associate, uses TKIP for encrypting Multicast and Broadcast frames, and lets you select
whether to use CCMP or TKIP for Unicast (AP-to-single-station) frames. This WPA
configuration allows more interoperability, at the expense of some security. Client
stations that support CCMP can use it for their Unicast frames. If you encounter
AP-to-station interoperability problems with the “Both” encryption algorithm setting,
then you will need to select TKIP instead.
■ The third best choice is WPA with RADIUS with the encryption algorithm set to TKIP.
Some clients have interoperability issues with CCMP and TKIP enabled at same time.
If you encounter this problem, then choose TKIP as the encryption algorithm. This is
the standard WPA mode, and most interoperable mode with client wireless software
security features. TKIP is the only encryption algorithm that is being tested in Wi-Fi
WPA certification.
Key Management Encryption Algorithm User Authentication
WPA with RADIUS provides
dynamically-generated keys
that are periodically
refreshed.
There are different Unicast
keys for each station.
• Temporal Key Integrity
Protocol (TKIP)
• Counter mode/CBC-MAC
Protocol (CCMP) Advanced
Encryption Standard (AES)
Remote Authentication Dial-In
User Service (RADIUS)
You have a choice of using the
Gateway 7001 Series
self-managed AP embedded
RADIUS server or an external
RADIUS server. The
embedded RADIUS server
supports Protected EAP
(PEAP) and MSCHAP V2.