Manual
Chapter 10: Configuring Security
124
Figure 38. WPA/WPA2 Personal (PSK) Security Mode Settings
1. Configure the following settings:
WPA Versions
Select the types of client stations you want to support:
WPA - If all client stations on the network support the original WPA but
none support the newer WPA2, then select WPA.
WPA2 - If all client stations on the network support WPA2, we suggest
using WPA2 which provides the best security per the IEEE 802.11i
standard.
Both - If you have a mix of clients, some of which support WPA2 and
others which support only the original WPA, select Both. This lets both
WPA and WPA2 client stations associate and authenticate, but uses
the more robust WPA2 for clients who support it. This WPA
configuration allows more interoperability, at the expense of some
security.
Cipher Suites
Select the cipher you want to use:
Temporal Key Integrity Protocol (TKIP) - This is the default. TKIP
provides a more secure encryption solution than WEP keys. The TKIP
process more frequently changes the encryption key used and better
ensures that the same key will not be re-used to encrypt data (a
weakness of WEP). TKIP uses a 128-bit temporal key shared by
clients and access points. The temporal key is combined with the
client's MAC address and a 16-octet initialization vector to produce the
key that will encrypt the data. This ensures that each client station
uses a different key to encrypt data. TKIP uses RC4 to perform the
encryption, which is the same as WEP. But TKIP changes temporal
keys every 10,000 packets and distributes them, thereby greatly
improving the security of the network.
Counter mode/CBC-MAC Protocol (CCMP) - CCMP is an encryption
method for IEEE 802.11 that uses the Advanced Encryption Algorithm
(AES). It uses a CCM combined with Cipher Block Chaining Counter