Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.2.3-2.0.0.0 User Guide - Page 98

Understanding WPA and WPA2, Recommended Authentication and Encryption Combinations

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 98 highlights

Understanding WPA and WPA2 The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to describe the 802.11i standard. The standard was written to replace WEP, which was found to have numerous security flaws. It was taking longer than expected to complete the standard, so WPA was created based on a draft of 802.11i, which allowed people to move forward quickly to create more secure WLANs. WPA2 encompasses the full implementation of the 802.11i standard. Table 11 summarizes the differences between the two certifications. WPA2 is a superset that encompasses the full WPA feature set. WPA and WPA2 can be further classified as follows:  Personal-Personal is also called as Pre-Shared Key (PSK). In this type, a unique key is shared with each client in the network. Users have to use this key to securely login to the network. The key remains the same until it is changed by authorized personnel. Key change intervals can also be configured.  Enterprise-Enterprise is more secure when compared to WPA Personal. In this type, every client automatically receives a unique encryption key after securely logging on to the network. This key is long and automatically updated regularly. While WPA uses TKIP, WPA2 uses AES algorithm. Table 11 WPA and WPA2 Features Certification Authentication Encryption WPA WPA2  PSK  IEEE 802.1X with Extensible Authentication Protocol (EAP)  PSK  IEEE 802.1X with EAP Temporal Key Integrity Protocol (TKIP) with message integrity check (MIC) Advanced Encryption Standard -Counter Mode with Cipher Block Chaining Message Authentication Code (AESCCMP) Recommended Authentication and Encryption Combinations Table 12 summarizes the recommendations for authentication and encryption combinations that should be used in Wi-Fi networks. Table 12 Recommended Authentication and Encryption Combinations Network Type Authentication Encryption Employee Guest Network Voice Network or Handheld devices 802.1X Captive Portal 802.1X or PSK as supported by the device AES None AES if possible, TKIP or WEP if necessary (combine with restricted policy enforcement firewall (PEF) user role). 98 | Encryption Dell PowerConnect W-Series Instant Access Point 6.1.2.3-2.0.0.0 | User Guide

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.2.3-2.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Website Contact	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New version available	24
Users	24
Settings	25
Servers	26
Roles	26
Maintenance	26
Support	27
Help	30
Logout	31
Monitoring	31
Alerts	33
IDS	35
Language	36
AirWave Setup	36
Pause/Resume	37
Views	37
Wireless Network	39
Network Types	39
Employee Network	39
Adding an Employee Network	40
Voice Network	46
Adding a Voice Network	47
Guest Network	50
Adding a Guest Network	50
Editing a Network	53
Deleting a Network	54
Mesh Network	55
Mesh Instant Access Points	55
Mesh Portals	55
Mesh Points	55
Instant Mesh Setup	56
Managing IAPs	59
Auto Join Mode	59
Disabling Auto Join Mode	59
LED Display	60
Terminal Access	61
TFTP Dump Server	61
Syslog Server	62
Syslog Levels	62
Adding an IAP to the Network	63
Removing an IAP from the Network	63
Editing IAP Settings	64
Changing IAP Name	64
Changing IP Address of the IAP	64
Configuring Adaptive Radio Management	66
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	66
Rebooting the IAP	68
Firmware Image Server in Cloud Network	69
Automatic Firmware Image Check and Upgrade	70
Upgrading to new version	70
Manual Firmware Image Check and Upgrade	71
NTP Server	73
Configuring an NTP Server	73
Virtual Controller	75
Master Election Protocol	75
Virtual Controller IP Address	75
Specifying Name and IP Address for the Virtual Controller	75
Configuring the DHCP Server	76
Authentication	77
Authentication Methods in Dell Instant	77
802.1X Authentication	77
Internal RADIUS Server	77
External RADIUS Server	78
Authentication Terminated on IAP	78
Configuring an External RADIUS Server	79
Enabling Instant RADIUS	80
RADIUS Server Authentication with VSA	81
List of supported VSA’s	81
Management Authentication Settings	84
Captive Portal	85
Internal Captive Portal	85
Configuring Internal Captive Portal Authentication when Adding a Guest Network	85
Configuring Internal Captive Portal Authentication when Editing a Guest Network	86
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	86
Customizing a Splash Page	87
Disabling Captive Portal authentication	88
External Captive Portal	89
Configuring External Captive Portal Authentication when Adding a Guest Network	89
Configuring External Captive Portal Authentication when Editing a Guest Network	90
External Captive Portal Authentication via Dell PowerConnect W-ClearPass GuestConnect	90
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	90
Configuring the RADIUS Server in Instant	91
Mac Authentication	91
Configuring Mac Authentication	91
Walled Garden Access	93
Creating Walled Garden Access	93
Certificates	94
Loading Certificates	94
Encryption	97
Encryption Types Supported in Dell Instant	97
WEP	97
TKIP	97
AES	97
Encryption Recommendations	97
Understanding WPA and WPA2	98
Recommended Authentication and Encryption Combinations	98
Role Derivation	99
User Roles	99
Creating a New User Role	99
Creating Role Assignment Rules	100
Instant Firewall	103
Service Options	103
Destination Options	105
Example Access Rules	105
Allow TCP service to a particular network	105
Allow PoP3 service to a particular server	106
Deny FTP service except to a particular server	107
Deny bootp service except to a particular network	108
Content Filtering	111
Enabling Content Filtering	111
Enterprise Domains	112
OS Fingerprinting	113
Adaptive Radio Management	115
ARM Features	115
Channel or Power Assignment	115
Voice Aware Scanning	115
Load Aware Scanning	115
Band Steering Mode	115
Airtime Fairness Mode	116
Airtime Fairness Modes	116
Customize valid channels	116
Min transmit power	116
Max transmit power	117
Client Aware	117
Scanning	117
Wide Channel Bands	117
Monitoring the Network with ARM	117
ARM Metrics	117
Configuring Administrator Assigned Radio Settings for IAP	117
Configuring Radio Profiles in Instant	119
Intrusion Detection System	121
Rogue AP Detection and Classification	121
Wireless Intrusion Protection (WIP)	121
Containment Methods	125
SNMP	127
SNMP Parameters for IAP	127
SNMP Traps	129
Airwave Integration and Management	131
AirWave Features	131
Image Management	131
IAP and Client Monitoring	131
Template Based Configuration	132
Trending Reports	132
Intrusion Detection System	132
Wireless Intrusion Detection System (WIDS) Event Reporting to Airwave	132
RF Visualization support for Dell Instant	132
Configuring AirWave	133
Creating your Organization String	133
About Shared Key	133
Entering the Organization String and AMP Information into the IAP	134
Airwave Discovery through DHCP Option	134
Monitoring	135
Virtual Controller View	135
Monitoring Link	136
Info	136
RF Dashboard	136
Usage Trends	136
Client Alerts Link	137
IDS Link	137
Network View	138
Info	138
Usage Trends	139
Instant Access Point View	140
Info	141
RF Dashboard	141
RF Trends	141
Usage Trends	143
Client View	144
Info	144
RF Dashboard	144
RF Trends	145
Mobility Trail	147
Alert Types and Management	149
Alert Types	149
User Database	151
Adding a User	151
Editing User Settings	152
Deleting a User	152
Regulatory Domain	153
Country Codes List	154
Abbreviations	157

Match case Limit results 1 per page

Encryption

Dell PowerConnect W-Series Instant Access Point 6.1.2.3-2.0.0.0

| User Guide

Understanding WPA and WPA2

The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to describe the 802.11i

standard. The standard was written to replace WEP, which was found to have numerous security flaws. It was

taking longer than expected to complete the standard, so WPA was created based on a draft of 802.11i, which

allowed people to move forward quickly to create more secure WLANs. WPA2 encompasses the full

implementation of the 802.11i standard.

Table 11

summarizes the differences between the two certifications.

WPA2 is a superset that encompasses the full WPA feature set. WPA and WPA2 can be further classified as

follows:



Personal—Personal is also called as Pre-Shared Key (PSK). In this type, a unique key is shared with each client

in the network. Users have to use this key to securely login to the network. The key remains the same until it is

changed by authorized personnel. Key change intervals can also be configured.



Enterprise—Enterprise is more secure when compared to WPA Personal. In this type, every client

automatically receives a unique encryption key after securely logging on to the network. This key is long and

automatically updated regularly. While WPA uses TKIP, WPA2 uses AES algorithm.

Recommended Authentication and Encryption Combinations

Table 12

summarizes the recommendations for authentication and encryption combinations that should be used

in Wi-Fi networks.

Table 11

WPA and WPA2 Features

Certification

Authentication

Encryption

WPA



PSK



IEEE 802.1X with Extensible

Authentication Protocol (EAP)

Temporal Key Integrity Protocol

(TKIP) with message integrity check

(MIC)

WPA2



PSK



IEEE 802.1X with EAP

Advanced Encryption Standard --

Counter Mode with Cipher Block

Chaining Message Authentication

Code (AESCCMP)

Table 12

Recommended Authentication and Encryption Combinations

Network Type

Authentication

Encryption

Employee

802.1X

AES

Guest Network

Captive Portal

None

Voice Network or Handheld devices

802.1X or PSK as supported by the

device

AES if possible, TKIP or WEP if

necessary (combine with restricted

policy enforcement firewall (PEF) user

role).