System information

ManualsBrandsProCurve ManualsComputer equipment420

181

182

183

184

185

186

187

188

189

190

Wireless Security Configuration

Using the Security Wizard

• Cipher: Indicates the encryption method used for multicast (and

broadcast) and unicast traffic.

– tkip-tkip: Using TKIP keys for both multicast and unicast

encryption.

– aes-aes: Using AES keys for both multicast and unicast encryp-

tion.

– tkip-aes: WPA and WPA2 clients negotiate the use of either TKIP

or AES keys for unicast encryption. TKIP keys are used for

multicast encryption.

For security wizard options that require a RADIUS server, parameters can be

configured on the Authentication Servers

window. See “Web: Setting RADIUS

Server Parameters” on page 7-26 for more details. The Advanced Settings

window provides the following parameters when using dynamic WEP or WPA

security:

■ Broadcast Key Refresh Rate: Sets the interval at which the broadcast

keys are refreshed for stations using 802.1X dynamic keying. (Range: 0 -

1440 minutes; Default: 0 = disabled)

■ Session Key Refresh Rate: The interval at which the access point

refreshes unicast session keys for associated clients. (Range: 0 - 1440

minutes; Default: 0 = disabled)

■ 802.1x Reauthentication Refresh Rate: The time period after which a

connected client must be re-authenticated. During the re-authentication

process of verifying the client credentials on the RADIUS server, the client

remains connected the network. Only if re-authentication fails is network

access blocked. (Range: 0-65535 seconds; Default: 0 = Disabled)

■ PMKSA Lifetime: WPA2 provides fast roaming for authenticated clients

by retaining keys and other security information in a cache, so that if a

client roams away from an access point and then returns reauthentication

is not required. This parameter sets the time for aging out cached WPA2

Pairwise Master Key Security Association (PMKSA) information. When

the lifetime expires, client security association and keys are deleted from

the cache. If a client returns to the access point, it requires full reauthen-

tication.

■ Pre-Authentication: Enables WPA2 preauthentication for fast secure

roaming. To support preauthentication, both clients and access points in

the network must be WPA2 enabled. Preauthentication also requires all

access points in the network to be on the same IP subnet.

7-15