User's Manual
Table Of Contents
- 1. Introduction
- 2. Getting Started
- 3. Initial IP Configuration
- 4. Introduction to Operation Modes
- 5. Web Console: Basic Settings
- 6. Web Console: Network Settings
- 7. Web Console: Serial Port Settings
- 8. Web Console: System Management
- 9. Web Console: System Monitoring
NPort W2150A/W2250A Series Web Console: Network Settings
6-15
Encryption
Default Disable
Options Disable, WEP, TKIP, AES-CCMP
Description This field specifies the type of encryption to use during wireless communication. Different
encryption methods are available depending on the Authentication setting. Also, each
encryption method has its own set of parameters that may also require configuration.
Disable: No encryption is applied to the data during wireless communication. This option is
only available if Authentication is set to Open System.
WEP: Wired Equivalent Privacy (WEP) is only available for Open System and Shared Key
authentication methods. Data is encrypted according to a key. The NPort supports both 64
and 128-bit keys. This method may deter casual snooping but is not considered very secure.
TKIP: Temporal Key Integrity Protocol (TKIP) is only available for WPA, WPA2, WPA-PSK, and
WPA2-PSK authentication methods. TKIP is part of a draft standard from the IEEE 802.11i
working group and utilizes the RC4 stream cipher with 128-bit keys for encryption and 64-
bit
keys for authentication. TKIP improves on WEP by adding a per-packet key mixing function
to de-correlate the public initialization vectors (IVs) from weak keys.
AES-CCMP: This is a powerful encryption method that is only available for WPA, WPA2,
WPA-PSK, and WPA2-PSK authentication methods. Advanced Encryption Standard (AES) is
the block cipher system used by the Robust Secure Network (RSN) protocol and is equivalent
to the RC4 algorithm used by WPA. CCMP is the security protocol used by AES, equivalent to
TKIP for WPA. Data undergoes a Message Integrity Check (MIC) using a well-known and
proven technique called Cipher Block Chaining Message Authentication Code (CBC-MAC).
The technique ensures that even a one-bit alteration in a message produces a dramatically
different result. Master keys are not used directly but are used to derive other keys, each of
which expire after a certain amount of time. Messages are encrypted using a secret 128-
bit
key and a 128-bit block of data. The encryption process is complex, but the administrator
does not need to be aware of the intricacies of the computations. The end result is encryption
that is much harder to break than even WPA.
PSK Passphrase
Default
Options free text (e.g., “This is the WLAN passphrase”)
Description This field is only available for WPA-PSK and WPA2-PSK authentication methods. If the NPort’s
passphrase does not match the AP’s passphrase, the connection will be denied. A PSK of
sufficient strength—one that uses a mix of letters, numbers and non-alphanumeric
characters—is recommended.