Manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-WA7400/EU

111

112

113

114

115

116

117

118

119

120

AT-WA7400 Management Software User’s Guide

111

When to Use WPA/WPA2 Enterprise (RADIUS)

Wi-Fi Protected Access 2 (WPA2) with Remote Authentication Dial-In User

Service (RADIUS) is an implementation of the Wi-Fi Alliance IEEE 802.11i

standard, which includes Advanced Encryption Standard (AES), Counter

mode/CBC-MAC Protocol (CCMP), and Temporal Key Integrity Protocol

(TKIP) mechanisms. This mode requires the use of a RADIUS server to

authenticate users. WPA/WPA2 Enterprise (RADIUS) provides the best

security available for wireless networks.

This security mode also provides backwards-compatibility for wireless

clients that support only the original WPA, as described in Table 4.

WPA/WPA2 Enterprise (RADIUS) mode is the recommended mode. The

CCMP (AES) and TKIP encryption algorithms used with WPA modes are

far superior to the RC4 algorithm used for Static WEP or IEEE 802.1x

modes. Therefore, CCMP (AES) or TKIP should be used whenever

possible. All WPA modes allow you to use these encryption schemes, so

WPA security modes are recommended above the others when using

WPA is an option.

Additionally, this mode incorporates a RADIUS server for user

authentication which gives it an edge over WPA/WPA2 Personal (PSK)

mode.

If you have an external RADIUS server on your network, Allied Telesyn

recommends using it rather than the using the embedded RADIUS server

on the access point. An external RADIUS server will provide better

security than the local authentication server.

Use the following guidelines for choosing options within the WPA/WPA2

Enterprise (RADIUS) mode security mode:

Table 4. RADIUS Security

Key Management Encryption Algorithm User Authentication

WPA/WPA2 Enterprise

(RADIUS) mode provides

dynamically-generated

keys that are periodically

refreshed.

There are different unicast

keys for each station.

- Temporal Key Integrity

Protocol (TKIP)

- Counter mode/CBC-MAC

Protocol (CCMP)

Advanced Encryption

Standard (AES)

Remote Authentication

Dial-In User Service

(RADIUS)

You have a choice of using

the AT-WA7400

Management Software

embedded RADIUS server

or an external RADIUS

server. The embedded

RADIUS server supports

Protected EAP (PEAP)

and MSCHAP V2.