Allied Telesis AT-WA7400/EU User Manual
Page 127

AT-WA7400 Management Software User’s Guide
127
Cipher Suites
Select the cipher you want to use:
Temporal Key Integrity Protocol (
TKIP
) - This is the default. TKIP
provides a more secure encryption solution than WEP keys. The TKIP 
process more frequently changes the encryption key used and better 
ensures that the same key will not be re-used to encrypt data (a 
weakness of WEP). TKIP uses a 128-bit temporal key shared by 
clients and access points. The temporal key is combined with the 
client's MAC address and a 16-octet initialization vector to produce the 
key that will encrypt the data. This ensures that each client station 
uses a different key to encrypt data. TKIP uses RC4 to perform the 
encryption, which is the same as WEP. But TKIP changes temporal 
keys every 10,000 packets and distributes them, thereby greatly 
improving the security of the network.
Counter mode/CBC-MAC Protocol (
CCMP
) - CCMP is an encryption
method for IEEE
802.11
that uses the Advanced Encryption Algorithm
(
AES
). It uses a CCM combined with Cipher Block Chaining Counter
mode (CBC-CTR) and Cipher Block Chaining Message Authentication 
Code (CBC-MAC) for encryption and message integrity.
Both - When the authentication algorithm is set to Both, both TKIP and 
AES clients can associate with the access point. Client stations 
configured to use WPA with RADIUS must have one of the following to 
be able to associate with the access point:
A valid TKIP RADIUS IP address and valid shared Key
A valid CCMP (AES) IP address and valid shared Key
Clients not configured to use a
WPA
-PSK will not be able to associate
with the access point. Both is the default.
Authentication Server
Select one of the following:
Built-in
- To use the authentication server provided with the
AT-WA7400 Management Software. If you choose this option, you do 
not have to provide the Radius IP and Radius Key; they are 
automatically provided.
External
- To use an external authentication server. If you choose this
option you must supply a Radius IP and Radius Key of the server you 
want to use.
