Appendix D Wireless LANs
ZyXEL NWA-3100 User’s Guide
257
The encryption mechanisms used for WPA and WPA-PSK are the same. The only difference
between the two is that WPA-PSK uses a simple common password, instead of user-specific
credentials. The common-password approach makes WPA-PSK susceptible to brute-force
password-guessing attacks but it's still an improvement over WEP as it employs an easier-to-
use, consistent, single, alphanumeric password.
User Authentication
WPA or WPA2 applies IEEE 802.1x and Extensible Authentication Protocol (EAP) to
authenticate wireless clients using an external RADIUS database.
If both an AP and the wireless clients support WPA2 and you have an external RADIUS
server, use WPA2 for stronger data encryption. If you don't have an external RADIUS server,
you should use WPA2 -PSK (WPA2 -Pre-Shared Key) that only requires a single (identical)
password entered into each access point, wireless gateway and wireless client. As long as the
passwords match, a wireless client will be granted access to a WLAN.
If the AP or the wireless clients do not support WPA2, just use WPA or WPA-PSK depending
on whether you have an external RADIUS server or not.
Select WEP only when the AP and/or wireless clients do not support WPA or WPA2. WEP is
less secure than WPA or WPA2.
Security Parameters Summary
Refer to this table to see what other security parameters you should configure for each
Authentication Method/ key management protocol type. MAC address filters are not
dependent on how you configure these security features.
Table 91 Wireless Security Relational Matrix
AUTHENTICATION
METHOD/ KEY
MANAGEMENT PROTOCOL
ENCRYPTION
METHOD
ENTER
MANUAL KEY
ENABLE IEEE 802.1X
Open None No No
Open WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP
Key
Yes No
Shared WEP No Enable with Dynamic WEP Key
Yes Enable without Dynamic WEP
Key
Yes No
WPA TKIP No Yes
WPA-PSK TKIP Yes No
WPA2 AES No Yes
WPA2-PSK AES Yes No
To Next Page
Loading...
