Psion Teklogix 9160 G2 Wireless Gateway User Manual 111
Chapter 10: Configuring Security
WPA Personal
Field Description
WPA Versions
Select the types of client stations you want to support:
•WPA
•WPA2
•Both
WPA.
If all client stations on the network support the original
WPA
but none support the newer
WPA2
,
then select WPA.
WPA2.
If all client stations on the network support
WPA2
, we suggest using WPA2 which provides the
best security per the
IEEE
802.11i
standard.
Both.
If you have a mix of clients, some of which support
WPA2
and others which support only the
original
WPA
, select “Both”. This lets both WPA and WPA2 client stations associate and authenticate,
but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interop-
erability, at the expense of some security.
Cipher Suites
Select the cipher suite you want to use:
•TKIP
• CCMP (AES)
•Both
Temporal Key Integrity Protocol
(
TKIP
) is the default.
TKIP provides a more secure encryption solution than WEP keys. The TKIP process more frequently
changes the encryption key used and better ensures that the same key will not be re-used to encrypt data
(a weakness of WEP). TKIP uses a 128-bit “temporal key” shared by clients and access points. The tem-
poral key is combined with the client's MAC address and a 16-octet initialization vector to produce the key
that will encrypt the data. This ensures that each client station uses a different key to encrypt data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. But TKIP changes temporal keys every
10,000 packets and distributes them, thereby greatly improving the security of the network.
Counter mode/CBC-MAC Protocol
(
CCMP
) is an encryption method for IEEE
802.11i
that uses the
Advanced Encryption Algorithm
(
AES
). It uses a CCM combined with Cipher Block Chaining
Counter mode (CBC-CTR) and Cipher Block Chaining Message Authentication Code (CBC-MAC) for
encryption and message integrity.
If you select both TKIP and CCMP(AES), Pairwise cipher is AES and Groupwise cipher is TKIP. Pair-
wise cipher is used for unicast traffic and Groupwise cipher is used for multicast/broadcast traffic. Both
TKIP and AES clients can associate with the access point. WPA clients must have one of the following
to be able to associate with the AP:
• A valid TKIP key
• A valid CCMP (AES) key
Clients not configured to use a
WPA Personal
will not be able to associate with AP.
Table 10.11 WPA Personal Security Settings