Wireless Configuration 5-11
4. Specify a time period in seconds for broadcasting encryption-key changes to mobile units. Set key broadcasts to a
shorter time interval (at least 300 seconds) for tighter security on this WLAN’s wireless connections. Set key broadcasts
to a longer time interval (at most, 80,000 seconds) to relax security on wireless connections.
A Pre-Shared Key (PSK) is an Internet Protocol security (IPSec) technology that uses a shared, secret key for authentication
in IPSec policy. IPSec is a set of industry-standard, cryptography-based protection services and protocols. IPSec protects all
protocols in the TCP/IP protocol suite and Internet communications by using Layer Two Tunneling Protocol (L2TP). Use pre-
shared key authentication only in a WLAN environment intended for relaxed security. The administrator can specify the key
either as an ASCII passphrase or as a 128-bit key. All WLAN clients must use the same PSK.
5. Select either the ASCII Passphrase or 256-bit Key radio button.
6. If ASCII Passphrase is selected, specify a 8 to 63 character alphanumeric string. The alphanumeric string allows
character spaces. The switch converts the string to a numeric value.
7. To use the 256-bit Key option, enter 16 hexadecimal characters into each of four fields.
8. Click the Ok button to return to the WLAN security screen.
9. Click the Apply button on the WLAN Security screen to save changes.
Configuring WPA2-CCMP (802.11i) Encryption
WPA2 is a newer 802.11i standard that provides even stronger wireless security than WiFi Protected Access (WPA) and WEP.
CCMP is the security protocol used by AES. It is the equivalent of TKIP in WPA. CCMP computes a Message Integrity Check
(MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method. Changing
even one bit in a message produces a totally different result.
WPA2-CCMP is based upon the concept of a robust security network (RSN), which defines a hierarchy of keys that have a
limited lifetime, similar to TKIP. Also like TKIP, the keys that the administrator provides are used to derive other keys.
Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The end result is encryption that is extremely
secure.
1. Select the WPA2-CCMP radio button to enable Wi-Fi Protected Access (WPA) with Temporal Key Integrity Protocol
(TKIP).
2. To use WPA-TKIP encryption with 802.1x EAP authentication or the No Authentication selection, click the WPA-
TKIP Settings button to display a sub-screen for key and key rotation settings.
3. Check the Broadcast Key Rotation checkbox to enable or disable the broadcasting of encryption-key changes to
mobile units.