WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Overview of the WFS709TP 1-9
v1.0, June 2007
• IEEE 802.1x. The IEEE 802.1x authentication standard allows for the use of keys that are
dynamically generated on a per-user basic (as opposed to a static key that is the same on all
devices in the network).
With 802.1x authentication, a supplicant is the wireless client that wants to gain access to the
network and the device that communicates with both the supplicant and the authentication
server is the authenticator. In this system, the WFS709TP is the 802.1x authenticator, relaying
authentication requests between the authentication server and the supplicant.
• Wi-Fi Protected Access (WPA). WPA implements most of the IEEE 802.11i standard. It is
designed for use with an 802.1x authentication server (the Wi-Fi Alliance refers to this mode
as WPA-Enterprise). WPA uses the Temporal Key Integrity Protocol (TKIP) to dynamically
change keys and RC4 stream cipher to encrypt data.
• WPA in pre-shared key (PSK) mode (WPA-PSK). With WPA-PSK, all clients use the same
key (the Wi-Fi Alliance refers to this mode as WPA-Personal).
• WPA2. WPA2 implements the full IEEE 802.11i standard. In addition to WPA features,
WPA2 provides Counter Mode with Cipher Blocking Chaining Message Authentication Code
Protocol (CCMP) for encryption that uses the Advanced Encryption Standard (AES)
algorithm. The Wi-Fi Alliance refers to this mode as WPA2-Enterprise.
• WPA2-PSK. WPA2-PSK is WPA2 used in PSK mode, where all clients use the same key. The
Wi-Fi Alliance refers to this mode as WPA2-Personal.
Note: The 802.1x standard requires the use of a RADIUS authentication server. Most
Lightweight Directory Access Protocol (LDAP) servers do not support 802.1x.
Note: During the authentication process, the supplicant (the wireless client) and the
RADIUS authentication server negotiate the type of Extensible Authentication
Protocol (EAP) they will use for the authentication transaction. The EAP type
is completely transparent to the WFS709TP and has no impact on its
configuration.
Note: In PSK mode, users must enter a passphrase 8–63 characters in length to access
the network. PSK is intended for home and small office networks where
operating an 802.1x authentication server is not practical