Proxim Wireless Corporation L49U24U50 User Manual

SSID/VLAN/Security

Wi-Fi Protected Access (WPA) is a security standard designed by the Wi-Fi Alliance in conjunction with the Institute of 
Electrical and Electronics Engineers (IEEE). The AP supports 802.11i (WPA2), based on the IEEE 802.11i security 
standard.

WPA is a replacement for Wired Equivalent Privacy (WEP), the encryption technique specified by the original 802.11 
standard. WEP has several vulnerabilities that have been widely publicized. WPA addresses these weaknesses and 
provides a stronger security system to protect wireless networks.

WPA provides the following new security measures not available with WEP:

• Improved packet encryption using the Temporal Key Integrity Protocol (TKIP) and the Michael Message Integrity 

Check (MIC).

• Per-user, per-session dynamic encryption keys:

–

Each client uses a different key to encrypt and decrypt unicast packets exchanged with the AP

–

A client's key is different for every session; it changes each time the client associates with an AP

–

The AP uses a single global key to encrypt broadcast packets that are sent to all clients simultaneously

–

Encryption keys change periodically based on the Re-keying Interval parameter

–

WPA uses 128-bit encryption keys

• Dynamic Key distribution

–

The AP generates and maintains the keys for its clients

–

The AP securely delivers the appropriate keys to its clients

• Client/server mutual authentication

–

802.1x

–

Pre-shared key (for networks that do not have an 802.1x solution implemented)

The AP supports the following WPA security modes:

• WPA: The AP uses 802.1x to authenticate clients and TKIP for encryption. You should only use an EAP that supports 

mutual authentication and session key generation, such as EAP-TLS, EAP-TTLS, and PEAP. See 

 for details.

• WPA-PSK (Pre-Shared Key): For networks that do not have 802.1x implemented, you can configure the AP to 

authenticate clients based on a Pre-Shared Key. This is a shared secret that is manually configured on the AP and 
each of its clients. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits or 32 
alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the TKIP 
Pre-Shared Key (so a user can enter an easy-to-remember phrase rather than a string of characters). 

• 802.11i (also known as WPA2): The AP provides security to clients according to the 802.11i draft standard, using 

802.1x authentication, a CCMP cipher based on AES, and re-keying.

• 802.11i-PSK (also known as WPA2 PSK): The AP uses a CCMP cipher based on AES, and encrypts frames to clients 

based on a Pre-Shared Key. The Pre-Shared Key must be 256 bits long, which is either 64 hexadecimal digits or 32 
alphanumeric characters. The AP also supports a PSK Pass Phrase option to facilitate the creation of the Pre-Shared 
Key (so a user can enter an easy-to-remember phrase rather than a string of characters).

There is a hierarchy of authentication protocols defined for the AP. The hierarchy is as follows, from highest to lowest:

• 802.1x authentication (including 802.1x, WPA, WPA-PSK, 802.11i, 802.11i-PSK)
• MAC Access Control via RADIUS Authentication
• MAC Access Control through individual APs' MAC Access Control Lists