SMC Networks SMC2555W-AG Network Router User Manual


 
System Configuration
5-58
Note: To implement WPA on wireless clients requires a WPA-enabled
network card driver and 802.1x client software that supports the
EAP authentication type that you want to use. Windows XP
provides native WPA support, other systems require additional
software.
Temporal Key Integrity Protocol (TKIP): WPA specifies TKIP as
the data encryption method to replace WEP. TKIP avoids the
problems of WEP static keys by dynamically changing data
encryption keys. Basically, TKIP starts with a master (temporal)
key for each user session and then mathematically generates
other keys to encrypt each data packet. TKIP provides further
data encryption enhancements by including a message integrity
check for each packet and a re-keying mechanism, which
periodically changes the master key.
WPA Pre-Shared Key (PSK) Mode: For enterprise deployment,
WPA requires a RADIUS authentication server to be configured
on the wired network. However, for small office networks that may
not have the resources to configure and maintain a RADIUS
server, WPA provides a simple operating mode that uses just a
pre-shared password for network access. The Pre-Shared Key
mode uses a common password for user authentication that is
manually entered on the access point and all wireless clients. The
PSK mode uses the same TKIP packet encryption and key
management as WPA in the enterprise, providing a robust and
manageable alternative for small networks.
Mixed WPA and WEP Client Support: WPA enables the access
point to indicate its supported encryption and authentication
mechanisms to clients using its beacon signal. WPA-compatible
clients can likewise respond to indicate their WPA support. This
enables the access point to determine which clients are using
WPA security and which are using legacy WEP. The access point
uses TKIP unicast data encryption keys for WPA clients and WEP
unicast keys for WEP clients. The global encryption key for