Wpa/wpa2 personal (psk) se – Allied Telesis AT-WA7400/EU User Manual

Chapter 10: Configuring Security

122

Figure 38. WPA/WPA2 Personal (PSK)

Security Mode Settings

1. Configure the following settings:

WPA Versions
Select the types of client stations you want to support:

WPA - If all client stations on the network support the original

WPA

but

none support the newer

WPA2

, then select WPA.

WPA2 - If all client stations on the network support

WPA2

, we suggest

using WPA2 which provides the best security per the

IEEE

802.11i

standard.

Both - If you have a mix of clients, some of which support

WPA2

and

others which support only the original

WPA

, select Both. This lets both

WPA and WPA2 client stations associate and authenticate, but uses
the more robust WPA2 for clients who support it. This WPA
configuration allows more interoperability, at the expense of some
security.

Cipher Suites
Select the cipher you want to use:

Temporal Key Integrity Protocol (

TKIP

) - This is the default. TKIP

provides a more secure encryption solution than WEP keys. The TKIP
process more frequently changes the encryption key used and better
ensures that the same key will not be re-used to encrypt data (a
weakness of WEP). TKIP uses a 128-bit temporal key shared by
clients and access points. The temporal key is combined with the
client's MAC address and a 16-octet initialization vector to produce the
key that will encrypt the data. This ensures that each client station
uses a different key to encrypt data. TKIP uses RC4 to perform the
encryption, which is the same as WEP. But TKIP changes temporal
keys every 10,000 packets and distributes them, thereby greatly
improving the security of the network.

Counter mode/CBC-MAC Protocol (

CCMP

) - CCMP is an encryption

method for IEEE

802.11

that uses the Advanced Encryption Algorithm

(

AES

). It uses a CCM combined with Cipher Block Chaining Counter