Table 10.11 wpa personal security settings – Psion Teklogix 9160 G2 User Manual
Page 133
Psion Teklogix 9160 G2 Wireless Gateway User Manual
111
Chapter 10: Configuring Security
WPA Personal
Field
Description
WPA Versions
Select the types of client stations you want to support:
• WPA
• WPA2
• Both
WPA. If all client stations on the network support the original WPA but none support the newer WPA2,
then select WPA.
WPA2. If all client stations on the network support WPA2, we suggest using WPA2 which provides the
best security per the IEEE 802.11i standard.
Both. If you have a mix of clients, some of which support WPA2 and others which support only the
original WPA, select “Both”. This lets both WPA and WPA2 client stations associate and authenticate,
but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interop-
erability, at the expense of some security.
Cipher Suites
Select the cipher suite you want to use:
• TKIP
• CCMP (AES)
• Both
Temporal Key Integrity Protocol (TKIP) is the default.
TKIP provides a more secure encryption solution than WEP keys. The TKIP process more frequently
changes the encryption key used and better ensures that the same key will not be re-used to encrypt data
(a weakness of WEP). TKIP uses a 128-bit “temporal key” shared by clients and access points. The tem-
poral key is combined with the client's MAC address and a 16-octet initialization vector to produce the key
that will encrypt the data. This ensures that each client station uses a different key to encrypt data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. But TKIP changes temporal keys every
10,000 packets and distributes them, thereby greatly improving the security of the network.
Counter mode/CBC-MAC Protocol (CCMP) is an encryption method for IEEE 802.11i that uses the
Advanced Encryption Algorithm (AES). It uses a CCM combined with Cipher Block Chaining
Counter mode (CBC-CTR) and Cipher Block Chaining Message Authentication Code (CBC-MAC) for
encryption and message integrity.
If you select both TKIP and CCMP(AES), Pairwise cipher is AES and Groupwise cipher is TKIP. Pair-
wise cipher is used for unicast traffic and Groupwise cipher is used for multicast/broadcast traffic. Both
TKIP and AES clients can associate with the access point. WPA clients must have one of the following
to be able to associate with the AP:
• A valid TKIP key
• A valid CCMP (AES) key
Clients not configured to use a WPA
Personal
will not be able to associate with AP.
Table 10.11 WPA Personal Security Settings