08-18-2017 07:43 PM - edited 03-21-2019 12:26 AM
Article ID:387
Various wireless security protocols were developed to protect wireless networks. These wireless security protocols include WEP, WPA, and WPA2, each with their own strengths and weaknesses. In addition it prevents uninvited guests from connecting to your wireless network, wireless security protocols encrypt your private data. The objective of this document is to explain how to configure different security modes on the WAP4410N device. Following are descriptions of the WEP, WPA, and WPA2 wireless security protocols:
Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken.
Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was been developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.
Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard, The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption. The security provided by AES is sufficient and good enough to protect your secrets as well.
• WAP4410N Wireless-N Access Point
• 2.0.5.3
Step 1. Log in to the web configuration utility and choose Wireless > Wireless security. The Wireless Security page opens:
Step 2. Choose the SSID from the Select SSID drop-down list. The SSID name is unique and is used by all the users connected to the wireless network.
Step 3. Click the radio button that corresponds to the desired status of wireless isolation between SSIDs in the Wireless Isolation:(between SSID) field.
• Enable — Prevents communication and file transfers between the PCs that are connected to different SSIDs. Traffic on one SSID will not be forwarded to any other SSIDs.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to different SSIDs.
Step 4. Choose a security mode from the Security Mode drop-down list.
Wired Equivalent Privacy (WEP) is an older encryption algorithm used to secure transmitted data across wireless networks. WEP uses a security code chosen when configuration called a WEP key, which uses a sequence of hexadecimal digits. This digit sequence must match on all devices tries to communicate on the wireless network, but it is a very basic security mode and it is vulnerable to attacks.
Step 1. Choose WEP from the Security Mode drop-down list.
Step 2. Click the radio button that corresponds to the desired status of wireless isolation within SSIDs.
• Enable — Prevents communication and file transfers between the PCs that are connected to the same SSID.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to same SSID.
Step 3. Choose the authentication type from the Authentication Type drop-down list. The possible values are:
• Open System — Open System Authentication allows any device to join the network, only when the device SSID matches the access point SSID.
• Shared — Shared Key Authentication requires that the station and the access point have the same WEP key to authenticate.
Step 4. Click the radio buttons from 1 to 4 to specify which Default Transmit Key you will use.
Step 5. Choose the desired WEP encryption length for a given password. The possible values are:
• 64-bit (10 hex digits) — It provides basic security, as it uses 64-bits for encrypting the password.
• 128-bit (26 hex digits) — It provides more security, as it uses 128-bits for encrypting the password.
Step 6. Enter a passphrase in the Passphrase field. With the help of the passphrase, the access point generates randomly four keys through the use of an encryption algorithm.
Step 7. Click Generate. Four keys are generated randomly.
Step 8. Click Save. The device is configured with WEP.
Step 1. Choose WPA-Personal from the Security Mode drop-down list.
Step 2. Click the radio button corresponds to the desired status of wireless isolation within SSIDs.
• Enable — Prevents communication and file transfers between the PCs that are connected to the same SSID.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to the same SSID.
Step 3. Choose TKIP or AES as the WPA-Personal Algorithm.
• TKIP — Dynamically changes keys as the system is used.
• AES — Utilizes a symmetric 128-Bit block data encryption.
Step 4. In the Pre-shared Key field, enter the password that you wish to use for your wireless network. Make sure that the password is at least 8 characters.
Step 5. In the Key Renewal field, enter the number of seconds. This defines the WPA Key lifetime. Make sure the key lifetime is more than 559 seconds.
Step 6. Click Save to save the changes.
The main difference between WPA-Personal and WPA2-Personal is that WPA2-Personal uses only AES encryption algorithm.
Step 1. Choose WPA2-Personal from the Security Mode drop-down list.
Step 2. Click the radio button corresponds to the desired status of wireless isolation within SSIDs.
• Enable — Prevents communication and file transfers between the PCs that are connected to the same SSID.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to the same SSID.
Step 3. In the Pre-shared Key field, enter the password that you wish to use for your wireless network. Make sure that the password is at least 8 characters.
Step 4. In the Key Renewal field, enter the number of seconds. This defines the WPA Key lifetime. Make sure the key lifetime is more than 559 seconds.
Step 5. Click Save to save the changes.
The main difference between WPA-Personal and WPA2-Personal Mixed is that WPA2-Personal Mixed uses both AES and TKIP encryption algorithms at the same time.
Step 1. Choose WPA2-PersonalMixed from the Security Mode drop-down list.
Step 2. Click the radio button corresponds to the desired status of wireless isolation within SSIDs.
• Enable — Prevents communication and file transfers between the PCs that are connected to the same SSID.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to the same SSID.
Step 3. In the Pre-shared Key field, enter the password that you wish to use for your wireless network. Make sure that the password is at least 8 characters.
Step 4. In the Key Renewal field, enter the number of seconds. This defines the WPA Key lifetime. Make sure the key lifetime is more than 559 seconds.
Step 5. Click Save to save the changes.
Step 1. Choose WPA-Enterprise from the Security Mode drop-down list.
Step 2. Click the radio button corresponds to the desired status of wireless isolation within SSIDs.
• Enable — Prevents communication and file transfers between the PCs that are connected to the same SSID.
• Disable — Allows communication and file transfers between all wireless PCs that are connected to the same SSID.
Step 3. Enter the IP address of the RADIUS server in the Primary RADIUS Server field. This IP address is required to communicate with the server.
Step 4. Enter a port number that you want to use to communicate with the RADIUS server in the Primary RADIUS Server Port field. RADIUS messages are sent with the use of UDP, so the UDP port 1812 is used by default for RADIUS authentication messages. User defined port numbers can also be given but it should fall under the range 1025 to 65536.
Step 5. Enter the shared secret key in the Primary Shared Secret field. The range is 1 to 64 characters. Shared secrets are used to verify that RADIUS messages, with the exception of the access request message, are sent by a RADIUS enabled device that is configured with the same secret key.
Step 6. (Optional) Enter the IP address of the backup RADIUS server in the Backup RADIUS Server field. The backup RADIUS server is used only if the primary server is unavailable.
Step 7. (Optional) Enter the port number that you want to use to communicate with the backup server in the Backup RADIUS Server Port field.
Step 8. (Optional) Enter the shared secret key in the Backup Shared Secret field. The range is 1 to 64 characters. The value should not be the same as the primary shared secret key.
Step 9. Choose TKIP or AES as the WPA-Personal Algorithm.
• TKIP - Dynamically changes keys as the system is used.
• AES - Utilizes a symmetric 128-Bit block data encryption.
Step 10. In the Key Renewal Timeout field, enter the number of seconds. This defines the WPA Key lifetime. Make sure the key lifetime is more than 559 seconds.
Step 11. Click Save. The device is now configured with WPA-Enterprise.
Note: Follow the same steps as above for the configuration of WPA2-Enterprise, WPA2-Enterprise Mixed and RADIUS. The only difference is that WPA2-enterprise uses only AES encryption whereas WPA2-Mixed uses both TKIP and AES.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: