Configuring wi- fi protected access (wpa) security, Configuring wi-fi protected access (wpa) security – Allied Telesis AT-WA7501 User Manual

Page 199

background image

AT-WA7500 and AT-WA7501 Installation and User’s Guide

199

Configuring Wi-

Fi Protected

Access (WPA)

Security

Wi-Fi Protected Access (WPA) is a strongly enhanced, interoperable Wi-Fi
security that addresses many of the vulnerabilities of Wired Equivalent
Privacy (WEP). WPA bundles authentication, key management, data
encryption, message integrity checks and counter measures in the event
of a message attack into one implementation standard.

WPA provides stronger RC4 encryption over standard WEP with the
Temporal Key Integrity Protocol (TKIP). In addition, the Michael algorithm
provides forgery protection and message integrity. A four-way handshake
between the client and access point ensures the reliable and secure
distribution of key material needed for encryption and message integrity
checks.

Currently, WPA satisfies some of the requirements in the IEEE 802.11i
draft standard. When the standard is finalized, WPA will maintain forward
compatibility.

WPA runs in Enterprise (802.1x) mode or PSK (pre-shared key) mode:

ˆ

In Enterprise mode, WPA provides user authentication using 802.1x
authentication and the Extensible Authentication Protocol (EAP). An
authentication server (such as a RADIUS server) must authenticate
each device before the device can communicate with the wireless
network.

ˆ

In PSK mode, WPA provides user authentication using a shared secret
key between the access point and the end devices. It does not require
an authentication server. WPA-PSK is a good solution for small offices
or home offices that do not want to use an authentication server.

To use WPA security, you need:

ˆ

An access point with an 802.11 radio that supports WPA

ˆ

End devices with a radio and software that support WPA

ˆ

(Enterprise mode only) An authentication server, which is software that
is installed on a PC or server on your network or an EAS. The
authentication server accepts or rejects requests from end devices that
want to communicate with the 802.1x-enabled network. For help, see
Chapter 7, “Configuring the Embedded Authentication Server (EAS)”
on page 204.

This manual is related to the following products: