User's Manual
Table Of Contents
- User Guide
- Table of Contents
- Section 1: Getting Started
- Administrator’s Computer Requirements
- Wireless Client Requirements
- Online Help, Supported Browsers, and Limitations
- Dynamic and Static IP Addressing on the AP
- Installing the Access Point
- Configuring the Ethernet Settings
- Configuring IEEE 802.1X Authentication
- Configuring Security on the Wireless Access Point
- Section 2: Viewing Access Point System Status
- Section 3: Configuring the Access Point
- Section 4: Maintenance of the Access Point
- Back cover
47
Section 3: Configuring the Access Point
Linksys
WPA Personal
WPA Personal is a Wi-Fi Alliance IEEE 802.11i standard, which includes AES-
CCMP and TKIP mechanisms. It employs a pre-shared key (instead of using IEEE
802.1X and EAP as is used in the Enterprise WPA security mode). The PSK is used
for an initial check of credentials only.
This security mode is backwards-compatible for wireless clients that support
the original WPA.
Table 32: WPA Personal
Field Description
WPA
Versions
Select the types of client stations you want to support:
WPA: If all client stations on the network support the original
WPA but none support the newer WPA2, then select WPA.
WPA2: If all client stations on the network support WPA2, we
suggest using WPA2 which provides the best security per the
IEEE 802.11i standard.
WPA and WPA2: If you have a mix of clients, some of which
support WPA2 and others which support only the original
WPA, select both of the check boxes. This lets both WPA and
WPA2 client stations associate and authenticate, but uses
the more robust WPA2 for clients who support it. This WPA
configuration allows more interoperability, at the expense of
some security.
Cipher
Suites
Select the cipher suite you want to use:
• TKIP
• CCMP (AES)
• TKIP and CCMP (AES)
TKIP and AES clients can associate with the AP. WPA clients
must have one of the following to be able to associate with
the AP:
• A valid TKIP key
• A valid AES-CCMP key
Clients not configured to use WPA Personal will not be able to
associate with the AP.
Key The pre-shared key is the shared secret key for WPA Personal.
Enter a string of between 8 and 63 characters. Acceptable
characters include upper and lower case alphabetic letters,
the numeric digits, and special symbols such as @ and #.
Broadcast
Key Refresh
Rate
Enter a value to set the interval at which the broadcast (group)
key is refreshed for clients associated to this VAP (the default
is “300”).
The valid range is 0–86400 seconds. A value of 0 indicates
that the broadcast key is not refreshed.
WPA Enterprise
WPA Enterprise with RADIUS is an implementation of the Wi-Fi Alliance IEEE
802.11i standard, which includes CCMP (AES), and TKIP mechanisms. The
Enterprise mode requires the use of a RADIUS server to authenticate users.
This security mode is backwards-compatible with wireless clients that support
the original WPA.
Table 33: WPA Enterprise
Field Description
WPA Versions Select the types of client stations you want to support:
• WPA: If all client stations on the network support
the original WPA but none support the newer WPA2,
then select WPA.
• WPA2: If all client stations on the network
support WPA2, we suggest using WPA2 which provides
the best security per the IEEE 802.11i standard.
• WPA and WPA2: If you have a mix of clients, some
of which support WPA2 and others which support
only the original WPA, select both WPA and WPA2.
This lets both WPA and WPA2 client stations associate
and authenticate, but uses the more robust WPA2 for
clients who support it. This WPA configuration allows
more interoperability, at the expense of some security.