Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
141142143144145146147148149150
Encryption Support
© 2012 Meru Networks, Inc. Configuring Security 119
Encryption Support
Meru Wireless LAN System offers CCMP-AES for WPA2 and TKIP for WPA. A key differ-
ence between WPA and WPA2 is the underlying encryption method. For WPA2 it is
CCMP/AES and for WPA it is TKIP/RC4. Descriptions of these technologies are
provided in this section. Meru also supports the original 802.11encryption protocols
provided by WEP64 and WEP128.
We recommend using the more secure CCMP, or the TKIP encryption solution if your
site’s client hardware cannot support CCMP.
CCMP-AES
AES is the Advanced Encryption Standard and is used by the US Department of
Defence as a replacement for older encryption standards. As such, it is very secure.
AES can be used in several modes, and CCMP is the mode used by WPA2. Both terms
are commonly used interchangeably.
TKIP
As part of the WPA solution to address the weaknesses in WEP, WPA uses Temporal Key
Integrity Protocol (TKIP) to improve upon WEP security by expanding the size of the
encryption key and Initialization Vector (IV), increasing the number of keys in use,
and creating a message integrity check.
TKIP is a Layer 2 encryption algorithm that uses a 128-bit key and a 64-bit IV. TKIP
uses the RC4 algorithm along with a symmetrical key to produce encrypted text. The
symmetrical key is used for encrypting and decrypting packets, and can be automat-
ically distributed to an AP and from there to the user station when 802.1X EAP is
implemented. TKIP key management system uses one of a possible 500 trillion keys
to uniquely encrypt each data packet. TKIP uses the Message Integrity Check (MIC),
a function that computes and compares a per-packet integrity check to ensure the
content of the packets have not been modified by an outside source during packet
transmission. If the sent/received checksums do not match, the packet is assumed to
be tampered with and dropped.
To configure TKIP, see the section Configure WPA With the CLI.
WEP Security Features
Wired Equivalent Privacy (WEP64 and WEP128) is a Layer 2 security protocol specified
in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11. WEP is designed to provide a
wireless LAN with comparable level of security and privacy to what is usually
expected of a wired LAN. A wired LAN is generally protected by physical security
mechanisms, such as controlled access to a building, that are effective for a
controlled physical environment. However, such security mechanisms do not apply to