A SERVICE OF

logo

85
www.gateway.com
For information on how to configure WPA with RADIUS security mode, see “WPA with
RADIUS” on page 95.
When to use WPA-PSK
Wi-Fi Protected Access (WPA) with Pre-Shared Key (PSK) is a Wi-Fi Alliance subset of IEEE
802.11i, which includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms.
This mode offers the same encryption algorithms as WPA with RADIUS but without the
ability to integrate a RADIUS server for user authentication.
Recommendations
WPA-PSK is not recommended for use with the Gateway 7001 Series self-managed AP when
WPA with RADIUS is an option.
We recommend that you use WPA with RADIUS mode instead, unless you have
interoperability issues that prevent you from using this mode.
Important If there are older client stations on your network that do
not support WPA, you can configure WPA with RADIUS
(with Both, CCMP, or TKIP) and check the Allow non-WPA
IEEE 802.1x clients checkbox to allow non-WPA clients.
This way, you get the benefit of IEEE 802.1x key
management for non-WPA clients along with even better
data protection of TKIP and CCMP (AES) key
management and encryption algorithms for your WPA
clients.
A typical scenario is that one is upgrading a current 802.1x
network to use WPA. You might have a mix of clients, in
which some new clients that support WPA and some older
ones that do not support WPA. You might even have other
access points on the network that support only 802.1x and
some that support WPA with RADIUS. For as long as this
mix persists, use the Allow non-WPA IEEE 802.1x clients
option When all the stations have been upgraded to use
WPA, you should disable the Allow non-WPA IEEE 802.1x
clients option.
Key Management Encryption Algorithm User Authentication
WPA-PSK provides
dynamically-generated keys
that are periodically
refreshed.
There are different Unicast
keys for each station.
• Temporal Key Integrity
Protocol (TKIP)
• Counter mode/CBC-MAC
Protocol (CCMP) Advanced
Encryption Standard (AES)
The use of a Pre-Shared
(PSK) key provides user
authentication similar to that
of shared keys in WEP.