System Configuration
5-60
WPA Key Management – WPA can be configured to work in an
enterprise environment using IEEE 802.1x and a RADIUS server
for user authentication. For smaller networks, WPA can be
enabled using a common pre-shared key for client authentication
with the access point.
• WPA authentication over 802.1x: The WPA enterprise mode
that uses IEEE 802.1x to authenticate users and to
dynamically distribute encryption keys to clients.
• WPA Pre-shared Key: The WPA mode for small networks that
uses a common password string that is manually distributed.
If this mode is selected, be sure to also specify the key string.
Multicast Cipher Mode – Selects an encryption method for the
global key used for multicast and broadcast traffic, which is
supported by all wireless clients.
• WEP: WEP is the first generation security protocol used to
encrypt data crossing the wireless medium using a fairly short
key. Communicating devices must use the same WEP key to
encrypt and decrypt radio signals. WEP has many security
flaws, and is not recommended for transmitting
highly-sensitive data.
• TKIP: TKIP provides data encryption enhancements including
per-packet key hashing (that is, changing the encryption key
on each packet), a message integrity check, an extended
initialization vector with sequencing rules, and a re-keying
mechanism.
• AES: AES has been designated by the National Institute of
Standards and Technology as the successor to the Data
Encryption Standard (DES) encryption algorithm, and will be
used by the U.S. government for encrypting all sensitive,
nonclassified information. Because of its strength, and
resistance to attack, AES is also being incorporated as part of
the 802.11 standard.