User's Manual

ManualsBrandsAccton Wireless Broadband ManualsElectronics802.11bgn 1T1R Module

Table Of Contents

HAPTER

| Wi-Fi Settings

Wireless Security

– 16 –

◆ WPA1_WPA2 — Clients using WPA or WPA2 with an 802.1X

authentication method are accepted for authentication. The default

data encryption type is TKIP/AES.

◆ EncryptType — Selects the data encryption type to use. (Default is

determined by the Security Mode selected.)

■

TKIP — Uses Temporal Key Integrity Protocol (TKIP) keys for

encryption. WPA specifies TKIP as the data encryption method to

replace WEP. TKIP avoids the problems of WEP static keys by

dynamically changing data encryption keys.

■

AES — Uses Advanced Encryption Standard (AES) keys for

encryption. WPA2 uses AES Counter-Mode encryption with Cipher

Block Chaining Message Authentication Code (CBC-MAC) for

message integrity. The AES Counter-Mode/CBCMAC Protocol (AES-

CCMP) provides extremely robust data confidentiality using a 128-

bit key. Use of AES-CCMP encryption is specified as a standard

requirement for WPA2. Before implementing WPA2 in the network,

be sure client devices are upgraded to WPA2-compliant hardware.

■

TKIP/AES — Uses either TKIP or AES keys for encryption. WPA and

WPA2 mixed modes allow both WPA and WPA2 clients to associate

to a common SSID. In mixed mode, the unicast encryption type

(TKIP or AES) is negotiated for each client.

IEEE 802.1X AND

RADIUS

IEEE 802.1X is a standard framework for network access control that uses

a central RADIUS server for user authentication. This control feature

prevents unauthorized access to the network by requiring an 802.1X client

application to submit user credentials for authentication. The 802.1X

standard uses the Extensible Authentication Protocol (EAP) to pass user

credentials (either digital certificates, user names and passwords, or other)

from the client to the RADIUS server. Client authentication is then verified

on the RADIUS server before the client can access the network.

Remote Authentication Dial-in User Service (RADIUS) is an authentication

protocol that uses software running on a central server to control access to

RADIUS-aware devices on the network. An authentication server contains a

database of user credentials for each user that requires access to the

network.

The WPA and WPA2 enterprise security modes use 802.1X as the method of

user authentication. IEEE 802.1X can also be enabled on its own as a

security mode for user authentication. When 802.1X is used, a RADIUS

server must be configured and be available on the connected wired network.

OTE

This guide assumes that you have already configured RADIUS

server(s) to support the access point. Configuration of RADIUS server

software is beyond the scope of this guide, refer to the documentation

provided with the RADIUS server software.