WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Encryption
The Layer 2 encryption option you can select depends upon the authentication method chosen.
Table 1-1
lists the authentication methods available, with their corresponding encryption options.
Table 1-1. Encryption Options by Authentication Method
Authentication Method
None
802.1x
WPA or WPA-PSK only
WPA2 or WPA2-PSK only
Combination of WPA or WPA-PSK and WPA2 or
WPA2-PSK
You can configure the following data encryption options for the WLAN:
•
Null. No encryption is used and packets passing between the wireless client and WFS709TP
are in clear text.
•
Wired Equivalent Protocol (WEP). Defined by the original IEEE 802.11 standard, WEP
uses the RC4 stream cipher with 40-bit and 128-bit encryption keys. The management and
distribution of WEP keys is performed outside of the 802.11 protocol. There are two forms of
WEP keys:
–
Static WEP requires you to manually enter the key for each client and on the WFS709TP.
–
Dynamic WEP allows the keys to be automatically derived for each client for a specific
authentication method during the authentication process. Dynamic WEP requires 802.1x
authentication.
•
Temporal Key Integrity Protocol (TKIP). TKIP ensures that the encryption key is changed
for every data packet. You specify TKIP encryption for WPA and WPA-PSK authentication.
•
Advanced Encryption Standard (AES). AES is an encryption cipher that uses the Counter-
mode CBC-MAC (Cipher Block Chaining-Message Authentication Code) Protocol (CCMP)
mandated by the IEEE 802.11i standard. AES-CCMP is specifically designed for IEEE 802.11
encryption and encrypts parts of the 802.11 MAC headers as well as the data payload. You can
specify AES-CCMP encryption with WPA2 or WPA2-PSK authentication.
•
Mixed TKIP/AES-CCM. This option allows the WFS709TP to use TKIP encryption with
WPA or WPA-PSK clients and use AES encryption with WPA2 or WPA2-PSK clients. Mixed
TKIP/AES-CCM allows you to deploy the system in environments containing existing
WLANs that use different authentication and encryption methods.
1-10
Encryption Option
Null or Static WEP
Dynamic WEP
TKIP
AES
Mixed TKIP/AES
v1.0, June 2007
Overview of the WFS709TP