HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
HP ProCurve Wireless Access Point 420 - Hewlett Packard
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Access</strong> <strong>Point</strong> Configuration<br />
Configuring <strong>Wireless</strong> Security<br />
TKIP starts with a master (temporal) key for each user session and then<br />
mathematically generates other keys to encrypt each data packet. TKIP<br />
provides further data encryption enhancements by including a message<br />
integrity check for each packet and a re-keying mechanism, which periodically<br />
changes the master key.<br />
■ WPA Pre-Shared Key (PSK) Mode: For enterprise deployment, WPA<br />
requires a RADIUS authentication server to be configured on the wired<br />
network. However, for small office networks that may not have the<br />
resources to configure and maintain a RADIUS server, WPA provides a<br />
simple operating mode that uses just a pre-shared password for network<br />
access. The Pre-Shared Key mode uses a common password for user<br />
authentication that is manually entered on the access point and all wireless<br />
clients. The PSK mode uses the same TKIP packet encryption and key<br />
management as WPA in the enterprise, so it provides a robust and manageable<br />
alternative for small networks.<br />
■ Mixed WPA and WEP Client Support: WPA enables the access point<br />
to indicate its supported encryption and authentication mechanisms to<br />
clients using its beacon signal. WPA-compatible clients can likewise<br />
respond to indicate their WPA support. This enables the access point to<br />
determine which clients are using WPA security and which are using<br />
legacy WEP. The access point uses TKIP unicast data encryption keys for<br />
WPA clients and WEP unicast keys for WEP clients. The global encryption<br />
key for multicast and broadcast traffic must be the same for all clients,<br />
therefore it restricts encryption to a WEP key.<br />
■ Advanced Encryption Standard (AES) Support: WPA specifies AES<br />
encryption as an optional alternative to TKIP and WEP. AES provides very<br />
strong encryption using a completely different ciphering algorithm to<br />
TKIP and WEP. The developing IEEE 802.11i wireless security standard<br />
has specified AES as an eventual replacement for TKIP and WEP.<br />
However, because of the difference in ciphering algorithms, AES requires<br />
new hardware support in client network cards that is currently not widely<br />
available. The access point includes AES support as a future security<br />
enhancement.<br />
5-47