D-Link DWC-2000-AP32-LIC User Manual - Page 31

Section 3 - Basic Configuration Table 3-2 WPA/WPA2 Page Settings Field Security WPA Versions WPA Ciphers WPA Key Type Description If you select WPA for Security, the following two additional security options are displayed. • WPA Personal = uses static key management. You manually configure the same keys to encrypt data on both the wireless client and the access point. WPA Enterprise uses a RADIUS server and dynamically generated keys to encrypt client-to- access point traffic. WPA Enterprise is more secure than WPA Personal, but you need a RADIUS server to manage the keys. • WPA Enterprise = more secure than WPA Personal, but you need a RADIUS server to manage the keys. If you click this option, the screen refreshes and the WPA Key Type and WPA Key fields are hidden. The access point uses the global RADIUS server or the RADIUS server you specified for the wireless network. Select the types of client stations you want to support. Choices are: WPA = if all client stations on the network support the original WPA but none supports WPA2, select WPA. WPA2 = if all client stations on the network support WPA2, use WPA2, which provides the best security per the IEEE 802.11i standard. WPA and WPA2 = if you have a mix of clients that support WPA2 or WPA, select both boxes. This lets both WPA and WPA2 client stations associate and authenticate, but uses the more robust WPA2 for clients who support it. This WPA configuration allows more interoperability, at the expense of some security. Select the cipher suite you want to use. Choices are: • TKIP • CCMP (AES) • TKIP and CCMP (AES) Both TKIP and AES clients can associate with the access point. WPA clients must have a valid TKIP key or AES-CCMP key to associate with the access point. 802.11n clients cannot use the TKIP cipher. If you enable TKIP only, 802.11 clients cannot authenticate with the network. Enter a WPA key type. Range: ASCII, including upper- and lower-case alphabetic letters, numeric digits, and special symbols such as @ and # WPA Key Enter the shared secret key for WPA Personal. Range: 8 - 62 characters, including upper- and lower-case alphabetic letters, numeric digits, and special symbols such as @ and # Bcast Key Refresh Rate (seconds) Enter a value to set the interval at which the broadcast (group) key is refreshed for clients associated to this VAP. Range: 0 - 86400 seconds (0 = broadcast key is not refreshed) Pre-Authentication If Security= WPA Enterprise, turn on to enable pre-authentication. Pre-Authentication If Security= WPA Enterprise, the Pre-Authentication Limit field will appear below for you to enter Limit a value between 0 and 192. Key Caching Hold Time If Security= WPA Enterprise, enter the amount of minutes a PMK will be held by the AP. This applies to Pairwise Master Keys (PMKs) generated by RADIUS, those that come from pre‐authentication, and those that are forwarded to the AP. Note that this time limit can be overridden by RADIUS if the RADIUS server returns a longer time in the Session‐Timeout attribute for a particular user. The valid values of this are from 1 - 1440 minutes. If you do not enter a value, APs will not forward the PMK for the wireless client to other APs in case the client roams to another AP. Session Key Refresh Rate If Security= WPA Enterprise, enter a value to set the interval at which the AP will refresh session (unicast) keys for each client associated to the VAP. The valid range is 0-86400 seconds. A value of 0 indicates that the broadcast key is not refresh. D-Link DWC-2000 User Manual 31