beautypg.com

When to use wpa/wpa2 personal (psk) – Allied Telesis AT-WA7400/EU User Manual

Page 110

background image

Chapter 10: Configuring Security

110

When to Use WPA/WPA2 Personal (PSK)

Wi-Fi Protected Access 2 (

WPA2

) Personal Pre-Shared Key (

PSK

) is an

implementation of the Wi-Fi Alliance IEEE

802.11

standard, which

includes Advanced Encryption Algorithm (

AES

), Counter mode/CBC-MAC

Protocol (CCMP), and Temporal Key Integrity Protocol (

TKIP

)

mechanisms. This mode offers the same encryption algorithms as WPA 2
with RADIUS but without the ability to integrate a RADIUS server for user
authentication.

This security mode is backwards-compatible for wireless clients that
support only the original

WPA

. IEEE 802.1x mode supports a variety of

authentication methods, like certificates, Kerberos, and public key
authentication with a RADIUS server.

You have a choice of using the RADIUS server embedded in the
AT-WA7400 Wireless Access Point or an external RADIUS server. The
embedded RADIUS server supports Protected

EAP

(PEAP) and MSCHAP

V2 WPA/WPA2 configuration is described in Table 3.

WPA/WPA2 Personal (PSK) is not recommended for use with the
AT-WA7400 Wireless Access Point when WPA/WPA2 Enterprise
(RADIUS) is an option.

Allied Telesyn recommends that you use WPA/WPA2 Enterprise
(RADIUS) mode instead, unless you have interoperability issues that
prevent you from using this mode.

For example, some devices on your network may not support WPA or
WPA2 with

EAP

talking to a

RADIUS

server. Embedded printer servers or

other small client devices with very limited space for implementation may
not support RADIUS. For such cases, we recommend that you use WPA/
WPA2 Personal (PSK).

For information on how to configure this security mode, see “WPA/WPA2
Personal (PSK)” on page 123 under “Configuring Security Settings” on
page 114.

Table 3. WPA/WPA2 Configuration

Key Management

Encryption Algorithm

User Authentication

WPA/WPA2 Personal
(PSK) provides
dynamically-generated
keys that are periodically
refreshed.
There are different

Unicast

keys for each station.

- Temporal Key Integrity
Protocol (

TKIP

)

- Counter mode/CBC-MAC
Protocol (

CCMP

)

Advanced Encryption
Standard (

AES

)

The use of a Pre-Shared
(

PSK

) key provides user

authentication similar to
that of shared keys in

WEP

.

See also other documents in the category Allied Telesis Computer hardware: