Manualshelf

User Manual

ManualsBrandsPsion ManualsComputers & AccessoriesPSION TEKLOGIX WIRELESS GATEWAY 802.11a/b/g
141142143144145146147148149150
Psion Teklogix 9160 Wireless Gateway User Manual 121
Chapter 13: Configuring Security
Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms
Recommendations
WPA/WPA2 Enterprise (RADIUS) mode is the recommended mode. The CCMP
(AES) and TKIP encryption algorithms used with WPA modes are far superior to
the RC4 algorithm used for Static WEP or IEEE 802.1x modes. Therefore, CCMP
(AES) or TKIP should be used whenever possible. All WPA modes allow you to use
these encryption schemes, so WPA security modes are recommended above the
others when using WPA is an option.
Additionally, this mode incorporates a RADIUS server for user authentication
which gives it an edge over WPA/WPA2 Personal (PSK) mode.
Use the following guidelines for choosing options within the WPA/WPA2 Enter-
prise (RADIUS) security mode:
1. The best security you can have to date on a wireless network is
WPA/WPA2 Enterprise (RADIUS) mode using CCMP (AES) encryp-
tion algorithm. AES is a symmetric 128-bit block data encryption tech-
nique that works on multiple layers of the network. It is the most
effective encryption system currently available for wireless networks.
If all clients or other APs on the network are WPA/CCMP compatible,
use this encryption algorithm. (If all clients are WPA2 compatible,
choose to support only WPA2 clients.)
2. The second best choice is WPA/WPA2 Enterprise (RADIUS) with the
encryption algorithm set to “Both” (that is, both TKIP and CCMP).
This lets WPA client stations without CCMP associate, uses TKIP for
encrypting Multicast and Broadcast frames, and allows clients to
select whether to use CCMP or TKIP for Unicast (AP-to-single-sta-
tion) frames. This WPA configuration allows more interoperability, at
the expense of some security. Client stations that support CCMP can
use it for their Unicast frames. If you encounter AP-to-station interop-
erability problems with the “Both” encryption algorithm setting, then
you will need to select TKIP instead. (See next option.)
3. The third best choice is WPA/WPA2 Enterprise (RADIUS) with the
encryption algorithm set to TKIP. Some clients have interoperability
issues with CCMP and TKIP enabled at same time. If you encounter
this problem, then choose TKIP as the encryption algorithm. This is the