Psion Teklogix 9160 G2 Network Card User Manual


 
Chapter 10: Configuring Security
WPA Enterprise
114
Psion Teklogix 9160 G2 Wireless Gateway User Manual
Enable pre-
authentication
If for WPA Versions you select only WPA2 or both WPA and WPA2, you can enable pre-authentication
for WPA2 clients.
Click
Enable
pre-authentication if you want WPA2 wireless clients to send pre-authentication packet.
The pre-authentication information will be relayed from the access point the client is currently using to
the target access point. Enabling this feature can help speed up authentication for roaming clients who
connect to multiple access points.
This option does not apply if you selected “WPA” for WPA Versions because the original WPA does not
support this feature.
Cipher Suites
Select the cipher you want to use:
TKIP
CCMP (AES)
•Both
Temporal Key Integrity Protocol
(
TKIP
) is the default.
TKIP provides a more secure encryption solution than WEP keys. The TKIP process more frequently
changes the encryption key used and better ensures that the same key will not be re-used to encrypt data
(a weakness of WEP). TKIP uses a 128-bit “temporal key” shared by clients and access points. The tem-
poral key is combined with the client's MAC address and a 16-octet initialization vector to produce the key
that will encrypt the data. This ensures that each client station uses a different key to encrypt data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. But TKIP changes temporal keys every
10,000 packets and distributes them, thereby greatly improving the security of the network.
Counter mode/CBC-MAC Protocol
(
CCMP
) is an encryption method for IEEE
802.11i
that uses the
Advanced Encryption Algorithm
(
AES
). It uses a CCM combined with Cipher Block Chaining
Counter mode (CBC-CTR) and Cipher Block Chaining Message Authentication Code (CBC-MAC) for
encryption and message integrity.
When both TKIP and CCMP are selected, both TKIP and AES clients can associate with the access
point. Client stations configured to use WPA with RADIUS must have one of the following to be able to
associate with the AP:
A valid TKIP RADIUS IP address and valid shared Key.
A valid CCMP (AES) IP address and valid shared Key.
Clients not configured to use WPA with RADIUS will not be able to associate with AP.
By default both TKIP and CCMP are selected. When both TKIP and CCMP are selected, client stations
configured to use WPA with RADIUS must have one of the following:
A valid TKIP RADIUS IP address and RADIUS Key.
A valid CCMP (AES) IP address and RADIUS Key.
Field Description
Table 10.12 WPA Enterprise Security Settings