User's Manual
Table Of Contents
- Trademarks
- Statement of Conditions
- Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice
- Canadian Department of Communications Compliance Statement
- CE Declaration of Conformity
- Contents
- Chapter 1 About This Manual
- Chapter 2 Introduction
- Chapter 3 Basic Installation and Configuration
- Observing Placement and Range Guidelines
- Default Factory Settings
- Understanding WG602 v2 Wireless Security Options
- Installing the 54 Mbps Wireless Access Point WG602 v2
- Two Ways to Log In to the WG602 v2
- Using the Basic IP Settings Options
- Understanding the Basic Wireless Settings
- Understanding Wireless Security Options
- How to Configure WEP Wireless Security
- How to Configure WPA-PSK Wireless Security
- How to Restrict Wireless Access by MAC Address
- Chapter 4 Management
- Chapter 5 Advanced Configuration
- Chapter 6 Troubleshooting
- Troubleshooting
- No lights are lit on the access point.
- The Ethernet LAN light is not lit.
- The Wireless LAN activity light is not lit.
- I cannot configure the wireless access point from a browser.
- I cannot access the Internet or the LAN with a wireless capable computer.
- When I enter a URL or IP address I get a timeout error.
- Using the Reset Button to Restore Factory Default Settings
- Troubleshooting
- Appendix A Specifications
- Appendix B Wireless Networking Basics
- Appendix C Network, Routing, Firewall, and Cabling Basics
- Appendix D Preparing Your PCs for Network Access
- Glossary
- Index
User’s Guide for the WG602 54 Mbps Wireless Access Point
Wireless Networking Basics B-15
Temporal Key Integrity Protocol (TKIP)
WPA uses TKIP to provide important data encryption enhancements including a per-packet key
mixing function, a message integrity check (MIC) named Michael, an extended initialization
vector (IV) with sequencing rules, and a re-keying mechanism. TKIP also provides for the
following:
• The verification of the security configuration after the encryption keys are determined.
• The synchronized changing of the unicast encryption key for each frame.
• The determination of a unique starting unicast encryption key for each preshared key
authentication.
Michael
With 802.11 and WEP, data integrity is provided by a 32-bit integrity check value (ICV) that is
appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, you can
use cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without
being detected by the receiver.
With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte
message integrity code (MIC) using the calculation facilities available on existing wireless
devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV.
The MIC field is encrypted together with the frame data and the ICV.
Michael also provides replay protection. A new frame counter in the IEEE 802.11 frame is used to
prevent replay attacks.
AES Support
One of the encryption methods supported by WPA beside TKIP is the advanced encryption
standard (AES), although AES support will not be required initially for Wi-Fi certification. This is
viewed as the optimal choice for security conscience organizations, but the problem with AES is
that it requires a fundamental redesign of the NIC’s hardware in both the station and the access
point. TKIP was a pragmatic compromise that allows organizations to deploy better security while
AES capable equipment is being designed, manufactured, and incrementally deployed.