User's Manual

ManualsBrandsMitraStar Technology ManualsElectronicsTD-LTE OUTDOOR CPE

231

232

233

234

235

236

237

238

239

240

Appendix D Wireless LANs

B222s User’s Guide

237

I f t his feature is enabled, it is not necessary t o configure a default encrypt ion key in t he wireless

securit y configurat ion screen. You m ay still configure and st ore keys, but they will not be used while

dynam ic WEP is enabled.

Note: EAP- MD5 cannot be used with Dynam ic WEP Key Exchange

For added securit y, cert ificat e- based aut henticat ions ( EAP-TLS, EAP-TTLS and PEAP) use dynam ic

keys for data encr ypt ion. They are oft en deployed in corporat e environm ent s, but for public

deploym ent , a sim ple user nam e and password pair is m ore pract ical. The following table is a

com parison of t he feat ures of aut hent icat ion t ypes.

WPA and WPA2

Wi- Fi Prot ect ed Access ( WPA) is a subset of the I EEE 802.11i standard. WPA2 ( I EEE 802.11i) is a

wir eless securit y st andard t hat defines stronger encrypt ion, authent icat ion and key m anagem ent

than WPA.

Key differences between WPA or WPA2 and WEP are im proved dat a encrypt ion and user

authent icat ion.

I f bot h an AP and the wir eless client s support WPA2 and you have an ext ernal RADI US server, use

WPA2 for stronger data encrypt ion. I f

you don't have an ext ernal RADI US server, you should use

WPA2- PSK ( WPA2- Pre-Shared Key) t hat only requires a single ( ident ical) password ent ered into

each access point , wireless gat eway and w ireless client . As long as t he passwords m atch, a wireless

client will be grant ed access to a WLAN.

I f t he AP or the wireless client s do not support WPA2, j ust use WPA or WPA- PSK depending on

whet her you have an ext ernal RADI US server or not .

Select WEP only when t he AP and/ or wireless clients do not support WPA or WPA2. WEP is less

secure t han WPA or WPA2.

Encryption

Bot h WPA and WPA2 im prove dat a encrypt ion by using Tem poral Key I ntegrit y Protocol ( TKI P) ,

Message I nt egrity Check ( MI C) and I EEE 802.1x. WPA and WPA2 use Advanced Encrypt ion

St andard ( AES) in t he Count er m ode wit h Cipher block chaining Message aut hent icat ion code

Prot ocol ( CCMP) t o offer st ronger encryption t han TKI P.

TKI P uses 128- bit keys t hat are dynam ically generated and distribut ed by t he aut hent icat ion server.

AES (Advanced Encrypt ion St andard) is a block cipher that uses a 256- bit m athem at ical algorit hm

Table 87 Com parison of EAP Aut hent icat ion Types

EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP

Mutual Aut hent icat ion No Yes Yes Ye s Yes

Cer t ificat e – Client No Ye s Opt ional Optional No

Cert ificat e – Server No Yes Yes Yes No

Dynam ic Key Exchange No Ye s Yes Ye s Ye s

Credential I nt egrit y None St rong Strong St rong Moderat e

Deploym ent Difficult y Easy Hard Moderate Moderat e Moderat e

Client I dentity Prot ection No No Yes Ye s No