Specifications

Security

RoamAbout Access Point 3000 Configuration Guide 4-65

• DataEncryptionSetupenablesordisablestheaccesspointtouseWEPsharedkeysfordata

encryption.Ifthisoptionisselected,youmustconfigureat

leastonekeyontheaccesspoint

andallclients.(Default:Disable

)

• WPAClientssetsthespecifiedradiointerfaceorVAPto:

– Required‐allowonlyWPA‐enabledclientstoaccessthenetwork;

– Supported‐allowWPA‐enabledclientsandclientsonlycapableofsupportingWEPto

accessthenetwork;

– Notsupported‐doesnotallowWPA‐enabledclientstoaccessthenetwork.

Default:

Supported

• WPAKeyManagement:YoucanconfigureWPAtoworkinanenterpriseenvironmentusing

IEEE802.1xandaRADIUSserverforuserauthentication.Forsmallernetworks,youcan

configureWPAusingacommonpre‐sharedkeyforclientauthenticationwiththeaccess

point.

– WPAauthen ticationover802.1xsetsthisradio

interfaceorVAPtotheWPAenterprise

mode.ThismodeusesIEEE802.1xtoauthenticateusersandtodynamicallydistribute

encryptionkeystoclients.

– WPAPre‐sharedKeysetsthisradiointerfaceorVAPtotheWPAmodeforsmallnetworks.

Thismodeusesacommonpasswordstringthatis

manuallydistributed.Youmust

configureallwirelessclientsassociatedwiththisradiointerfaceorVAPwiththe same

key.YoumustspecifythekeystringundertheWPAPre‐SharedKeyTypesectionofthe

SecuritySettingspage.

• MulticastCipherModeselectsanencryptionmethodfortheglobalkeyused

formulticastand

broadcasttraffic,whichissupportedbyallwirelessclientsassociatedwiththisradiointerface

orVAP.

– WEPspecifiesthatcommunicatingdevicesmustusethesameWEPkeytoencryptand

decryptradiosignals.WEPhasmanysecurityflaws,andisnotrecommendedfor

transmittinghighly‐sensitivedata.

– TKIP

providesdataencryptionenhancementsincludingper‐packetkeyhashing(thatis,

changingtheencryptionkeyoneachpacket),amessageintegritycheck,anextended

initializationvectorwithsequencingrules,andare‐keyingmechanism.

– AESdesignatedbytheNationalInstituteofStandardsandTechnologyasthesuccessorto

theData

EncryptionStandard(DES)encryptionalgorithm.

Note: You must enable WEP encryption in order to enable all types of encryption on the access

point; however, you do not need to define WEP keys for WPA.