Gateway 7001 Series Benutzerhandbuch
83
www.gateway.com
Recommendations
IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically
generated and changed periodically. However, the encryption algorithm used is the same
as that of Static WEP and is therefore not as reliable as the more advanced encryption
methods such as TKIP and CCMP (AES) used in Wi-Fi Protected Access (WPA).
generated and changed periodically. However, the encryption algorithm used is the same
as that of Static WEP and is therefore not as reliable as the more advanced encryption
methods such as TKIP and CCMP (AES) used in Wi-Fi Protected Access (WPA).
Additionally, compatibility issues may be cumbersome because of the variety of
authentication methods supported and the lack of a standard implementation method.
For this reason, if you do use IEEE 802.1x, we suggest using it with the embedded RADIUS
server.
authentication methods supported and the lack of a standard implementation method.
For this reason, if you do use IEEE 802.1x, we suggest using it with the embedded RADIUS
server.
Therefore, IEEE 802.1x mode is not as secure a solution as Wi-Fi Protected Access (WPA).
If you cannot use Wi-Fi Protected Access (WPA) because some of your client stations do
not have WPA, then a better solution than using IEEE 802.1x mode is to use WPA with
RADIUS mode instead and click
If you cannot use Wi-Fi Protected Access (WPA) because some of your client stations do
not have WPA, then a better solution than using IEEE 802.1x mode is to use WPA with
RADIUS mode instead and click
Allow non-WPA IEEE 802.1x clients
to allow non-WPA clients.
This way, you get the benefit of IEEE 802.1x key management for non-WPA clients along
with even better data protection of TKIP and CCMP (AES) key management and encryption
algorithms for your WPA clients.
with even better data protection of TKIP and CCMP (AES) key management and encryption
algorithms for your WPA clients.
For information on how to configure IEEE 802.1x security mode, see
When to use WPA with RADIUS
Wi-Fi Protected Access (WPA) with Remote Authentication Dial-In User Service (RADIUS) is a
Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol
(TKIP), Counter mode/ CBC-MAC Protocol (CCMP) Advanced Encryption Standard (AES),
and 802.1x mechanisms. This mode requires the use of a RADIUS server to authenticate
users. WPA with RADIUS provides the best security available for wireless networks.
Wi-Fi Alliance subset of IEEE 802.11i, which includes Temporal Key Integrity Protocol
(TKIP), Counter mode/ CBC-MAC Protocol (CCMP) Advanced Encryption Standard (AES),
and 802.1x mechanisms. This mode requires the use of a RADIUS server to authenticate
users. WPA with RADIUS provides the best security available for wireless networks.
Key Management
Encryption Algorithm
User Authentication
IEEE 802.1x provides
dynamically generated keys
that are periodically
refreshed.
dynamically generated keys
that are periodically
refreshed.
There are different Unicast
keys for each station.
keys for each station.
An RC4 stream cipher is used
to encrypt the frame body and
cyclic redundancy checking
(CRC) of each 802.11 frame.
to encrypt the frame body and
cyclic redundancy checking
(CRC) of each 802.11 frame.
(This is the same encryption
algorithm as is used for Static
WEP.)
algorithm as is used for Static
WEP.)
IEEE 802.1x mode supports a
variety of authentication
methods, like certificates,
Kerberos, and public key
authentication with a RADIUS
server.
variety of authentication
methods, like certificates,
Kerberos, and public key
authentication with a RADIUS
server.
You have a choice of using the
Gateway 7001 Series
self-managed AP embedded
RADIUS server or an external
RADIUS server. The
embedded RADIUS server
supports Protected EAP
(PEAP) and MSCHAP V2.
Gateway 7001 Series
self-managed AP embedded
RADIUS server or an external
RADIUS server. The
embedded RADIUS server
supports Protected EAP
(PEAP) and MSCHAP V2.