ZyXEL Communications NWD6605 User Manual

Chapter 3 Wireless LANs

NWD Series User’s Guide

single, alphanumeric password to derive a PMK which is used to generate unique temporal 
encryption keys. This prevent all wireless devices sharing the same encryption keys. (a weakness of 
WEP)

If both an AP and the wireless clients support WPA2-PSK, use WPA2-PSK for stronger data 
encryption. If the AP or the wireless clients do not support WPA2-PSK, just use WPA-PSK. Select 
WEP only when the AP and/or wireless clients do not support WPA-PSK or WPA2-PSK. WEP is less 
secure than WPA-PSK or WPA2-PSK.

When two WPS-enabled devices connect, each device must assume a specific role. One device acts 
as the registrar (the device that supplies network and security settings) and the other device acts 
as the enrollee (the device that receives network and security settings. The registrar creates a 
secure EAP (Extensible Authentication Protocol) tunnel and sends the network name (SSID) and the 
WPA-PSK or WPA2-PSK pre-shared key to the enrollee. Whether WPA-PSK or WPA2-PSK is used 
depends on the standards supported by the devices. If the registrar is already part of a network, it 
sends the existing information. If not, it generates the SSID and WPA(2)-PSK randomly.

The following figure shows a WPS-enabled client (installed in a notebook computer) connecting to a 
WPS-enabled access point.

How WPS works