LANconfigWireless LAN / 802.11i/WEP / WPA or Private WEP settings
WEBconfig: LCOS menu tree / Setup / Interfaces / WLAN / Encryption
- Method/key 1 length Set the encryption method to be used here.
- 802.11i (WPA)-PSK – Encryption according to the 802.11i standard offers the highest security. The 128-bit AES encryption used here offers security equivalent to that of a VPN connection. Select this setting if no RADIUS server is available and authentication is based on a pre-shared key.
- 802.11i (WPA)-802.1x – If authentication is handled by a RADIUS server, select the option '802.11i (WPA)-802.1x'. When using this setting, additionally ensure that the RADIUS server is configured in the 802.1x settings.
- WEP 152, WEP 128, WEP 64 – encryption according to the WEP standard with key lengths of 128, 104 or 40 bits respectively. This setting is only to be recommended when the hardware used by the WLAN client does not support the modern method.
- WEP 152-802.1x, WEP 128-802.1x, WEP 64-802.1x – encryption according to the WEP standard with key lengths of 128, 104 or 40 bits respectively, and with additional authentication via 802.1x/EAP. This setting is also only to be recommended when the hardware used by the WLAN client does not support the 802.11i standard. The 802.1x/EAP authentication offers a higher level of security than WEP encryption alone.
- Key 1/passphrase In line with the encryption method activated, you can enter a special
WEP key for the respective logical WLAN interface or a passphrase when using WPA-PSK:
- The passphrase, or the 'password' for the WPA-PSK method, is entered as a string of at
least 8 and up to 63 ASCII characters.Note: Please be aware that the security of this encryption method depends on the confidential treatment of this passphrase. Passphrases should not be made public to larger circles of users.
- The WEP key 1, that applies only to its respective logical WLAN interface, can be entered in different ways depending on the key length. Rules of the entry of the keys can be found in the description of the WEP group key .
- The passphrase, or the 'password' for the WPA-PSK method, is entered as a string of at
least 8 and up to 63 ASCII characters.
- WPA version WPA version for encryption offered by the access point to the WLAN
clients.
- WPA1: WPA1 only
- WPA2: WPA2 only
- WPA1/2: WPA1 and WPA2 in one SSID (radio cell)
- WPA1 session key type If '802.11i (WPA)-PSK' has been entered as the encryption method,
the procedure for generating a session or group key for WPA 1 can be selected here:
- AES – the AES method will be used.
- TKIP – the TKIP method will be used.
- AES/TKIP – the AES method will be used. If the client hardware does not support the AES method, TKIP will be used.
- WPA 2 session key type Procedure for generating a session or group key for WPA 2.
- WPA rekeying cycle A 48-bit long initialization vector (IV) impedes attackers in their attempts to calculate the WPA key. The true key consisting of the IV and WPA key only repeats every 16 million packets. In high-traffic WLANs, the key is repeated only after several hours. To avoid repetition of the key, WPA automatically renegotiates the key at regular intervals. This takes place before repetition of the key. Enter a value in seconds after which the key is renegotiated. The standard value is '0' and the key is not negotiated in advance.
- Client EAP method In WLAN client operating mode, LANCOM Access Points can authenticate
themselves to another access point using EAP/802.1X. To activate the EAP/802.1X
authentication in client mode, the client EAP method is selected as the encryption method
for the first logical WLAN network.
Note that the selected client EAP method must
match the settings of the access point that the LANCOM Access Point is attempting to log
onto.
Note: In addition to setting the client EAP method, also be sure to observe the corresponding setting for the WLAN client operation mode! The client EAP method setting has no function on logical WLAN networks other than WLAN 1.
- Authentication If the encryption method was set as WEP encryption, two different
methods for the authentication of the WLAN client are available:
- The 'Open system' method does not use any authentication. The data packets must be properly encrypted from the start to be accepted by the access point.
- With the 'Shared key' method, the first data packet is transmitted unencrypted and must be sent back by the client correctly encrypted. This method presents potential attackers with at least one data packet that is unencrypted.
- Default key If WEP encryption is selected, the access point can select from four
different WEP keys for each logical WLAN interface:
- Three WEP keys for the physical interface
- An additional WEP key particular to each logical WLAN interface