Owner manual
Chapter 10: Configuring Security
108
When to Use WPA/WPA2 Personal (PSK)
Wi-Fi Protected Access 2 (WPA2) Personal Pre-Shared Key (PSK) is an 
implementation of the Wi-Fi Alliance IEEE 802.11 standard, which 
includes Advanced Encryption Algorithm (AES), Counter mode/CBC-MAC 
Protocol (CCMP), and Temporal Key Integrity Protocol (TKIP) 
mechanisms. This mode offers the same encryption algorithms as WPA 2 
with RADIUS but without the ability to integrate a RADIUS server for user 
authentication.
This security mode is backwards-compatible for wireless clients that 
support only the original WPA. IEEE 802.1x mode supports a variety of 
authentication methods, like certificates, Kerberos, and public key 
authentication with a RADIUS server.
You have a choice of using the RADIUS server embedded in the 
AT-WA7400 Wireless Access Point or an external RADIUS server. The 
embedded RADIUS server supports Protected EAP (PEAP) and MSCHAP 
V2 WPA/WPA2 configuration is described in Table 3.
WPA/WPA2 Personal (PSK) is not recommended for use with the 
AT-WA7400 Wireless Access Point when WPA/WPA2 Enterprise 
(RADIUS) is an option.
Allied Telesis recommends that you use WPA/WPA2 Enterprise (RADIUS) 
mode instead, unless you have interoperability issues that prevent you 
from using this mode.
For example, some devices on your network may not support WPA or 
WPA2 with EAP talking to a RADIUS server. Embedded printer servers or 
other small client devices with very limited space for implementation may 
not support RADIUS. For such cases, we recommend that you use WPA/
WPA2 Personal (PSK).
For information on how to configure this security mode, see “WPA/WPA2 
Personal (PSK)” on page 121 under “Configuring Security Settings” on 
page 112.
Table 3. WPA/WPA2 Configuration
Key Management Encryption Algorithm User Authentication
WPA/WPA2 Personal 
(PSK) provides 
dynamically-generated 
keys that are periodically 
refreshed.
There are different Unicast 
keys for each station.
- Temporal Key Integrity 
Protocol (TKIP)
- Counter mode/CBC-MAC 
Protocol (CCMP) 
Advanced Encryption 
Standard (AES)
The use of a Pre-Shared 
(PSK) key provides user 
authentication similar to 
that of shared keys in 
WEP.










