beautypg.com

When to use wpa/wpa2 enterprise (radius) – Allied Telesis AT-WA7400/EU User Manual

Page 111

background image

AT-WA7400 Management Software User’s Guide

111

When to Use WPA/WPA2 Enterprise (RADIUS)

Wi-Fi Protected Access 2 (

WPA2

) with Remote Authentication Dial-In User

Service (

RADIUS

) is an implementation of the Wi-Fi Alliance IEEE

802.11i

standard, which includes Advanced Encryption Standard (

AES

), Counter

mode/CBC-MAC Protocol (

CCMP

), and Temporal Key Integrity Protocol

(

TKIP

) mechanisms. This mode requires the use of a RADIUS server to

authenticate users. WPA/WPA2 Enterprise (RADIUS) provides the best
security available for wireless networks.

This security mode also provides backwards-compatibility for wireless
clients that support only the original

WPA, as described in Table 4.

WPA/WPA2 Enterprise (RADIUS) mode is the recommended mode. The

CCMP

(

AES

) and

TKIP

encryption algorithms used with WPA modes are

far superior to the

RC4

algorithm used for Static

WEP

or IEEE 802.1x

modes. Therefore, CCMP (AES) or TKIP should be used whenever
possible. All WPA modes allow you to use these encryption schemes, so
WPA security modes are recommended above the others when using
WPA is an option.

Additionally, this mode incorporates a RADIUS server for user
authentication which gives it an edge over WPA/WPA2 Personal (PSK)
mode.

If you have an external RADIUS server on your network, Allied Telesyn
recommends using it rather than the using the embedded RADIUS server
on the access point. An external RADIUS server will provide better
security than the local authentication server.

Use the following guidelines for choosing options within the WPA/WPA2
Enterprise (RADIUS) mode security mode:

Table 4. RADIUS Security

Key Management

Encryption Algorithm

User Authentication

WPA/WPA2 Enterprise
(RADIUS) mode provides
dynamically-generated
keys that are periodically
refreshed.
There are different

unicast

keys for each station.

- Temporal Key Integrity
Protocol (

TKIP

)

- Counter mode/CBC-MAC
Protocol (

CCMP

)

Advanced Encryption
Standard (

AES

)

Remote Authentication
Dial-In User Service
(

RADIUS

)

You have a choice of using
the AT-WA7400
Management Software
embedded RADIUS server
or an external RADIUS
server. The embedded
RADIUS server supports
Protected

EAP

(PEAP)

and MSCHAP V2.

See also other documents in the category Allied Telesis Computer hardware: