Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentAltitude 3500 Series

181

182

183

184

185

186

187

188

189

190

Altitude 3500 Series Access Point Product Reference Guide

185

Default (hexadecimal) 256-bit keys for WPA/TKIP include:

● 1011121314151617

● 18191A1B1C1D1E1F

● 2021222324252627

● 28292A2B2C2D2E2F

7 Enable WPA2-TKIP Support as needed to allow WPA2 and TKIP client interoperation.

8 Configure the Fast Roaming (802.1x only) field as required to enable additional Altitude 35xx roaming

and key caching options. This feature is applicable only when using 802.1x EAP authentication with

WPA2-TKIP.

NOTE

PMK key caching is enabled internally by default for WPA2-TKIP when 802.1x EAP authentication is

enabled.

9 Click the Apply button to save any changes made within this New Security Policy screen.

10 Click the Cancel button to undo any changes made within the WPA/TKIP Settings field and return to

the WLAN screen. This reverts all settings to the last saved configuration.

Configuring WPA2-CCMP (802.11i)

WPA2 is a newer 802.11i standard that provides even stronger wireless security than Wi-Fi Protected

Access (WPA) and WEP. CCMP is the security standard used by the Advanced Encryption Standard (AES).

AES serves the same function TKIP does for WPA-TKIP. CCMP computes a Message Integrity Check

(MIC) using the proven Cipher Block Chaining (CBC) technique. Changing just one bit in a message

produces a totally different result.

WPA2/CCMP is based on the concept of a Robust Security Network (RSN), which defines a hierarchy of

keys with a limited lifetime (similar to TKIP). Like TKIP, the keys the administrator provides are used to

derive other keys. Messages are encrypted using a 128-bit secret key and a 128-bit block of data. The

end result is an encryption scheme as secure as any the Altitude 35xx provides.

Allow WPA2-TKIP

clients

WPA2-TKIP support enables WPA2 and TKIP clients to

operate together on the network.

Pre-Authentication Selecting this option enables an associated MU to carry

out an 802.1x authentication with another Altitude 35xx

before it roams to it. The Altitude 35xx caches the keying

information of the client until it roams to the other Altitude

35xx. This enables the roaming client to start sending and

receiving data sooner by not having to do 802.1x

authentication after it roams. This feature is only supported

when 802.1x EAP authentication and WPA2-TKIP is

enabled.