Gateway 7001 Series Benutzerhandbuch
85
www.gateway.com
For information on how to configure WPA with RADIUS security mode, see
When to use WPA-PSK
Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) is a Wi-Fi Alliance subset of IEEE
802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms.
This mode offers the same encryption algorithms as WPA with RADIUS but without the
ability to integrate a RADIUS server for user authentication.
802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms.
This mode offers the same encryption algorithms as WPA with RADIUS but without the
ability to integrate a RADIUS server for user authentication.
Recommendations
WPA-PSK is not recommended for use with the Gateway 7001 Series self-managed AP when
WPA with RADIUS is an option.
WPA with RADIUS is an option.
We recommend that you use WPA with RADIUS mode instead, unless you have
interoperability issues that prevent you from using this mode.
interoperability issues that prevent you from using this mode.
Important
If there are older client stations on your network that do
not support WPA, you can configure WPA with RADIUS
(with Both, CCMP, or TKIP) and check the Allow non-WPA
IEEE 802.1x clients checkbox to allow non-WPA clients.
This way, you get the benefit of IEEE 802.1x key
management for non-WPA clients along with even better
data protection of TKIP and CCMP (AES) key
management and encryption algorithms for your WPA
clients.
not support WPA, you can configure WPA with RADIUS
(with Both, CCMP, or TKIP) and check the Allow non-WPA
IEEE 802.1x clients checkbox to allow non-WPA clients.
This way, you get the benefit of IEEE 802.1x key
management for non-WPA clients along with even better
data protection of TKIP and CCMP (AES) key
management and encryption algorithms for your WPA
clients.
A typical scenario is that one is upgrading a current 802.1x
network to use WPA. You might have a mix of clients, in
which some new clients that support WPA and some older
ones that do not support WPA. You might even have other
access points on the network that support only 802.1x and
some that support WPA with RADIUS. For as long as this
mix persists, use the Allow non-WPA IEEE 802.1x clients
option When all the stations have been upgraded to use
WPA, you should disable the Allow non-WPA IEEE 802.1x
clients option.
network to use WPA. You might have a mix of clients, in
which some new clients that support WPA and some older
ones that do not support WPA. You might even have other
access points on the network that support only 802.1x and
some that support WPA with RADIUS. For as long as this
mix persists, use the Allow non-WPA IEEE 802.1x clients
option When all the stations have been upgraded to use
WPA, you should disable the Allow non-WPA IEEE 802.1x
clients option.
Key Management
Encryption Algorithm
User Authentication
WPA-PSK provides
dynamically-generated keys
that are periodically
refreshed.
dynamically-generated keys
that are periodically
refreshed.
There are different Unicast
keys for each station.
keys for each station.
• Temporal Key Integrity
Protocol (TKIP)
Protocol (TKIP)
• Counter mode/CBC-MAC
Protocol (CCMP) Advanced
Encryption Standard (AES)
Protocol (CCMP) Advanced
Encryption Standard (AES)
The use of a Pre-Shared
(PSK) key provides user
authentication similar to that
of shared keys in WEP.
(PSK) key provides user
authentication similar to that
of shared keys in WEP.