Configuring wi- fi protected access (wpa) security, Configuring wi-fi protected access (wpa) security – Allied Telesis AT-WA7501 User Manual
Page 199

AT-WA7500 and AT-WA7501 Installation and User’s Guide
199
Configuring Wi-
Fi Protected
Access (WPA)
Security
Wi-Fi Protected Access (WPA) is a strongly enhanced, interoperable Wi-Fi 
security that addresses many of the vulnerabilities of Wired Equivalent 
Privacy (WEP). WPA bundles authentication, key management, data 
encryption, message integrity checks and counter measures in the event 
of a message attack into one implementation standard. 
WPA provides stronger RC4 encryption over standard WEP with the 
Temporal Key Integrity Protocol (TKIP). In addition, the Michael algorithm 
provides forgery protection and message integrity. A four-way handshake 
between the client and access point ensures the reliable and secure 
distribution of key material needed for encryption and message integrity 
checks. 
Currently, WPA satisfies some of the requirements in the IEEE 802.11i 
draft standard. When the standard is finalized, WPA will maintain forward 
compatibility. 
WPA runs in Enterprise (802.1x) mode or PSK (pre-shared key) mode:
In Enterprise mode, WPA provides user authentication using 802.1x 
authentication and the Extensible Authentication Protocol (EAP). An 
authentication server (such as a RADIUS server) must authenticate 
each device before the device can communicate with the wireless 
network.
In PSK mode, WPA provides user authentication using a shared secret 
key between the access point and the end devices. It does not require 
an authentication server. WPA-PSK is a good solution for small offices 
or home offices that do not want to use an authentication server.
To use WPA security, you need:
An access point with an 802.11 radio that supports WPA
End devices with a radio and software that support WPA
(Enterprise mode only) An authentication server, which is software that 
is installed on a PC or server on your network or an EAS. The 
authentication server accepts or rejects requests from end devices that 
want to communicate with the 802.1x-enabled network. For help, see 
Chapter 7, “Configuring the Embedded Authentication Server (EAS)” 
on page 204.
