Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU

101

102

103

104

105

106

107

108

109

110

Chapter 10: Configuring Security

110

When to Use WPA/WPA2 Personal (PSK)

Wi-Fi Protected Access 2 (WPA2) Personal Pre-Shared Key (PSK) is an

implementation of the Wi-Fi Alliance IEEE 802.11 standard, which

includes Advanced Encryption Algorithm (AES), Counter mode/CBC-MAC

Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP)

mechanisms. This mode offers the same encryption algorithms as WPA 2

with RADIUS but without the ability to integrate a RADIUS server for user

authentication.

This security mode is backwards-compatible for wireless clients that

support only the original WPA. IEEE 802.1x mode supports a variety of

authentication methods, like certificates, Kerberos, and public key

authentication with a RADIUS server.

You have a choice of using the RADIUS server embedded in the

AT-WA7400 Wireless Access Point or an external RADIUS server. The

embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP

V2 WPA/WPA2 configuration is described in Table 3.

WPA/WPA2 Personal (PSK) is not recommended for use with the

AT-WA7400 Wireless Access Point when WPA/WPA2 Enterprise

(RADIUS) is an option.

Allied Telesyn recommends that you use WPA/WPA2 Enterprise

(RADIUS) mode instead, unless you have interoperability issues that

prevent you from using this mode.

For example, some devices on your network may not support WPA or

WPA2 with EAP talking to a RADIUS server. Embedded printer servers or

other small client devices with very limited space for implementation may

not support RADIUS. For such cases, we recommend that you use WPA/

WPA2 Personal (PSK).

For information on how to configure this security mode, see “WPA/WPA2

Personal (PSK)” on page 123 under “Configuring Security Settings” on

page 114.

Table 3. WPA/WPA2 Configuration

Key Management Encryption Algorithm User Authentication

WPA/WPA2 Personal

(PSK) provides

dynamically-generated

keys that are periodically

refreshed.

There are different Unicast

keys for each station.

- Temporal Key Integrity

Protocol (TKIP)

- Counter mode/CBC-MAC

Protocol (CCMP)

Advanced Encryption

Standard (AES)

The use of a Pre-Shared

(PSK) key provides user

authentication similar to

that of shared keys in

WEP.