Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP92 » Manual Viewer

Dell PowerConnect W-IAP92 Dell Instant 6.1.3.1-3.0.0.0 User Guide - Page 118

Understanding WPA and WPA2, Recommended Authentication and Encryption Combinations

View all Dell PowerConnect W-IAP92 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 118 highlights

Understanding WPA and WPA2 The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to describe the 802.11i standard. The standard was written to replace WEP, which was found to have numerous security flaws. It was taking longer than expected to complete the standard, so WPA was created based on a draft of 802.11i, which allowed people to move forward quickly to create more secure WLANs. WPA2 encompasses the full implementation of the 802.11i standard. Table 14 summarizes the differences between the two certifications. WPA2 is a superset that encompasses the full WPA feature set. WPA and WPA2 can be further classified as follows:  Personal - Personal is also called as Pre-Shared Key (PSK). In this type, a unique key is shared with each client in the network. Users have to use this key to securely login to the network. The key remains the same until it is changed by authorized personnel. Key change intervals can also be configured.  Enterprise - Enterprise is more secure when compared to WPA Personal. In this type, every client automatically receives a unique encryption key after securely logging on to the network. This key is long and automatically updated regularly. While WPA uses TKIP, WPA2 uses AES algorithm. Table 14 WPA and WPA2 Features Certification Authentication Encryption WPA WPA2  PSK  IEEE 802.1X with Extensible Authentication Protocol (EAP)  PSK  IEEE 802.1X with EAP Temporal Key Integrity Protocol (TKIP) with message integrity check (MIC) Advanced Encryption Standard -- Counter Mode with Cipher Block Chaining Message Authentication Code (AESCCMP) Recommended Authentication and Encryption Combinations Table 15 summarizes the recommendations for authentication and encryption combinations that should be used in Wi-Fi networks. Table 15 Recommended Authentication and Encryption Combinations Network Type Authentication Encryption Employee Guest Network Voice Network or Handheld devices 802.1X AES Captive Portal None 802.1X or PSK as supported by the device AES if possible, TKIP or WEP if necessary (combine with restricted policy enforcement firewall (PEF) user role). 118 | Encryption Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0 | User Guide

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0	1
Contents	3
Figures	9
Tables	13
About this Guide	15
Dell PowerConnect W-Instant Access Point Overview	15
Supported Devices	15
Objective	15
Intended Audience	15
Conventions	16
Contacting Support	16
Initial Configuration	17
Initial Setup	17
Pre-Installation Checklist	17
Connecting the IAP to a Power Source	18
Assigning an IP Address to the IAP	18
Connecting to a Provisioning Wi-Fi Network	18
Login into Instant User Interface	19
Specifying the Country Code	20
IAP Cluster	20
Instant User Interface	21
Understanding the Instant UI Layout	21
Banner	22
Search	22
Tabs	22
Networks Tab	22
Access Points Tab	23
Clients Tab	23
Links	24
New Version Available	24
Settings	25
RF	27
PEF	28
WIP	28
VPN	29
Maintenance	29
Support	31
Help	34
Logout	34
Monitoring	34
Alerts	37
IDS	39
Configuration	40
Language	40
Dell PowerConnect W-AirWave Setup	40
Pause/Resume	41
Views	41
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	52
Adding a Voice Network	53
Guest Network	59
Adding a Guest Network	60
Editing a Network	65
Deleting a Network	65
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
LED Display	72
Terminal Access	73
TFTP Dump Server	74
Syslog Server	74
Syslog Facility Levels	75
Adding an IAP to the Network	75
Removing an IAP from the Network	76
Editing IAP Settings	76
Changing IAP Name	76
Changing IP Address of the IAP	77
Configuring Adaptive Radio Management	78
Migrating from a Virtual Controller Managed Network to Mobility Controller Managed Network	79
Converting an IAP to RAP Mode	79
Converting an IAP to CAP	82
Converting an IAP to Standalone Mode	82
Converting back to an IAP	83
Rebooting the IAP	83
Firmware Image Server in Cloud Network	85
Upgrade using Dell PowerConnect W-AirWave and Image Server	85
Image management using Cloud Server	85
Image management using Dell PowerConnect W-AirWave	85
Automatic Firmware Image Check and Upgrade	85
Upgrading to New Version	86
Manual	86
Automatic	87
NTP Server	89
Configuring an NTP Server	89
Virtual Controller	91
Master Election Protocol	91
Virtual Controller IP Address	91
Specifying Name and IP Address for the Virtual Controller	91
Configuring the DHCP Server	92
Authentication	93
Authentication Methods in Dell Instant	93
802.1X Authentication	93
Internal RADIUS Server	93
External RADIUS Server	94
Authentication Terminated on IAP	94
Configuring an External RADIUS Server	95
Enabling Instant RADIUS	97
RADIUS Server Authentication with VSA	97
List of supported VSA	97
Management Authentication Settings	100
Captive Portal	101
Internal Captive Portal	101
Configuring Internal Captive Portal Authentication when Adding a Guest Network	101
Configuring Internal Captive Portal Authentication when Editing a Guest Network	102
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	103
Customizing a Splash Page	104
Disabling Captive Portal Authentication	105
External Captive Portal	106
Configuring External Captive Portal Authentication when Adding a Guest Network	106
Configuring External Captive Portal Authentication when Editing a Guest Network	107
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	108
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	108
Configuring the RADIUS Server in Instant	108
MAC Authentication	109
Configuring MAC Authentication	109
Walled Garden Access	110
Creating a Walled Garden Access	110
Certificates	111
Loading Certificates using Instant WebUI	112
Loading Certificates using Dell PowrConnect W-AirWave	113
Encryption	117
Encryption Types Supported in Dell Instant	117
WEP	117
TKIP	117
AES	117
Encryption Recommendations	117
Understanding WPA and WPA2	118
Recommended Authentication and Encryption Combinations	118
Role Derivation	119
User Roles	119
Creating a New User Role	119
Creating Role Assignment Rules	120
User VLAN Derivation	123
User VLAN Derivation	123
Vendor Specific Attributes (VSA)	123
VLAN Derivation Rule	124
Configuring VLAN Derivation Rules on an IAP	124
User Role	125
Configuring a User Role	125
SSID Profile	127
Configuring VLAN Derivation Rules Using SSID Profile	127
Instant Firewall	129
Service Options	130
Destination Options	131
Examples for Access Rules	131
Allow TCP Service to a Particular Network	131
Allow PoP3 Service to a Particular Server	132
Deny FTP Service except to a Particular Server	133
Deny bootp Service except to a Particular Network	134
Content Filtering	137
Enabling Content Filtering	137
Enterprise Domains	138
OS Fingerprinting	139
Adaptive Radio Management	141
ARM Features	141
Channel or Power Assignment	141
Voice Aware Scanning	141
Load Aware Scanning	141
Band Steering Mode	141
Airtime Fairness Mode	142
Airtime Fairness Modes	142
Access Point Control	142
Customize Valid Channels	142
Min Transmit Power	143
Max Transmit Power	143
Client Aware	143
Scanning	143
Wide Channel Bands	143
Monitoring the Network with ARM	143
ARM Metrics	143
Configuring Administrator Assigned Radio Settings for IAP	144
Configuring Radio Profiles in Instant	145
Intrusion Detection System	147
Rogue AP Detection and Classification	147
Wireless Intrusion Protection (WIP)	147
Containment Methods	151
SNMP	153
SNMP Parameters for IAP	153
SNMP Traps	155
Ethernet Downlink	157
Ethernet Downlink Overview	157
Ethernet Downlink Profile Parameters	157
Assigning a Profile to the Ethernet Port	158
Uplink Configuration	159
Uplink Configuration Overview	159
Ethernet	159
3G Uplink	159
Types of Modems	159
Uplink Switchover	162
Uplink Preemption	163
Uplink Preference	163
Dell PowerConnect W-AirWave Integration and Management	165
Dell PowerConnect W-AirWave Features	165
Image Management	165
IAP and Client Monitoring	165
Template-based Configuration	166
Trending Reports	166
Intrusion Detection System	166
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	166
RF Visualization Support for Dell Instant	167
Configuring Dell PowerConnect W-AirWave	167
Creating your Organization String	167
About Shared Key	168
Entering the Organization String and AMP Information into the IAP	168
Dell PowerConnect W-AirWave Discovery through DHCP Option	168
Standard DHCP option 60 and 43 on Windows Server 2008 for Dell Instant APs	168
Alternate method for defining Vendor Specific DHCP options	171
Monitoring	175
Virtual Controller View	175
Monitoring Link	176
Info	176
RF Dashboard	176
Usage Trends	176
Client Alerts Link	177
IDS Link	177
Network View	178
Info	178
Usage Trends	179
Instant Access Point View	180
Info	181
RF Dashboard	181
RF Trends	181
Usage Trends	183
Client View	184
Info	184
RF Dashboard	184
RF Trends	185
Mobility Trail	188
Alert Types and Management	189
Alert Types	189
Policy Enforcement Firewall	191
Authentication Servers	191
Users for Internal Server	192
Roles	192
Client Blacklisting	193
Types of Client Blacklisting	194
Manual Blacklisting	194
Adding a Client to the Manual Blacklist	194
Dynamic Blacklisting	194
Authentication Failure Blacklisting	194
Session Firewall Based Blacklisting	195
PEF Settings	195
Firewall ALG Configuration	195
Firewall-based Logging	196
VPN Configuration	197
VPN Configuration	197
Routing Profile Configuration	198
DHCP Server Configuration	198
NAT DHCP Configuration	199
Distributed L2 DHCP Configuration	200
Distributed L3 DHCP Configuration	201
Centralized L2 DHCP Configuration	202
User Database	203
Adding a User	203
Editing User Settings	204
Deleting a User	204
Regulatory Domain	205
Country Codes List	206
Controller Configuration for VPN	209
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	209
VPN Local Pool Configuration	210
IAP VPN Profile Configuration	210
Abbreviations	213

Match case Limit results 1 per page

118

Encryption

Dell PowerConnect W-Series Instant Access Point 6.1.3.1-3.0.0.0

| User Guide

Understanding WPA and WPA2

The Wi-Fi Alliance created the Wi-Fi Protected Access (WPA) and WPA2 certifications to describe the 802.11i

standard. The standard was written to replace WEP, which was found to have numerous security flaws. It was

taking longer than expected to complete the standard, so WPA was created based on a draft of 802.11i, which

allowed people to move forward quickly to create more secure WLANs. WPA2 encompasses the full

implementation of the 802.11i standard.

Table 14

summarizes the differences between the two certifications.

WPA2 is a superset that encompasses the full WPA feature set. WPA and WPA2 can be further classified as

follows:



Personal - Personal is also called as Pre-Shared Key (PSK). In this type, a unique key is shared with each client

in the network. Users have to use this key to securely login to the network. The key remains the same until it is

changed by authorized personnel. Key change intervals can also be configured.



Enterprise - Enterprise is more secure when compared to WPA Personal. In this type, every client

automatically receives a unique encryption key after securely logging on to the network. This key is long and

automatically updated regularly. While WPA uses TKIP, WPA2 uses AES algorithm.

Recommended Authentication and Encryption Combinations

Table 15

summarizes the recommendations for authentication and encryption combinations that should be used

in Wi-Fi networks.

Table 14

WPA and WPA2 Features

Certification

Authentication

Encryption

WPA



PSK



IEEE 802.1X with Extensible Authentication

Protocol (EAP)

Temporal Key Integrity Protocol (TKIP) with

message integrity check (MIC)

WPA2



PSK



IEEE 802.1X with EAP

Advanced Encryption Standard -- Counter Mode

with Cipher Block Chaining Message

Authentication Code (AESCCMP)

Table 15

Recommended Authentication and Encryption Combinations

Network Type

Authentication

Encryption

Employee

802.1X

AES

Guest Network

Captive Portal

None

Voice Network or Handheld devices

802.1X or PSK as supported by the device

AES if possible, TKIP or WEP if necessary

(combine with restricted policy

enforcement firewall (PEF) user role).