1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DWL-2210AP
    5. /
  5. 17
Page 81 / 193 Scroll up to view Page 76 - 80
81
WPA with RADIUS
Wi-Fi Protected Access
(
WPA
) with
Remote Authentication Dial-In User Service
(
RADIUS
) is a Wi-Fi Alliance subset of IEEE
802.11i
, which includes
Temporal Key
Integrity Protocol
(
TKIP
),
Counter mode/ CBC-MAC Protocol
(
CCMP
), and
Advanced
Encryption Standard
(
AES
) mechanisms. This mode requires the use of a RADIUS server
to authenticate users, and configuration of user accounts via the Cluster > Users tab.
When configuring WPA with RADIUS mode, you have a choice of whether to use the
embedded RADIUS server or an external RADIUS server that you provide. The D-
Link DWL-2210AP embedded RADIUS server supports Protected
EAP
(PEAP) and
MSCHAP V2.
If you selected “WPA with RADIUS”
Security Mode
, provide the following:
Configuring Security
Page 82 / 193
82
Select the cipher you want to use from the drop-down menu:
• TKIP
CCMP
(
AES
)
• Both
Temporal Key Integrity Protocol
(
TKIP
) is the default.
TKIP provides a more secure encryption solution than WEP keys. The
TKIP process more frequently changes the encryption key used and better
ensures that the same key will not be reused to encrypt data (a weakness
of WEP). TKIP uses a 128-bit “temporal key” shared by clients and access
points. The temporal key is combined with the client’s MAC address and a
16-octet initialization vector to produce the key that will encrypt the data. This
ensures that each client station uses a different key to encrypt data. TKIP
uses RC4 to perform the encryption, which is the same as WEP. But TKIP
changes temporal keys every 10,000 packets and distributes them, thereby
greatly improving the security of the network.
Counter mode/CBC-MAC Protocol
(
CCMP
) is an encryption method for IEEE
802.11i
that uses the
Advanced Encryption Algorithm
(
AES
). It uses a CCM
combined with Cipher Block Chaining Counter mode (CBC-CTR) and Cipher
Block Chaining Message Authentication Code (CBC-MAC) for encryption
and message integrity.
When the authentication algorithm is set to “
Both
”, both TKIP and AES clients
can associate with the access point. Client stations configured to use WPA
with RADIUS must have one of the following to be able to associate with
the AP:
• A valid TKIP RADIUS IP address and valid shared Key
• A valid CCMP (AES) IP address and valid shared Key
Clients not configured to use WPA with RADIUS will not be able to associate
with AP.
Both
is the default. When the authentication algorithm is set to “Both”,
client stations configured to use WPA with RADIUS must have one of the
following:
• A valid TKIP RADIUS IP address and RADIUS Key
• A valid CCMP (AES) IP address and RADIUS Key
Cipher Suites
Field
Description
Configuring Security
Page 83 / 193
83
Authentication Server
Select one of the following from the drop-down menu:
Built-in
- To use the authentication server provided with the D-
Link DWL-2210AP. If you choose this option, you do not have to
provide the Radius IP and Radius Key; they are automatically
provided.
External
- To use an external authentication server. If you
choose this option you must supply a Radius IP and Radius
Key of the server you want to use.
Note:
The RADIUS server is identified by its IP address and UDP
port numbers for the different services it provides. On the current
release of the D-Link DWL-2210AP, the RADIUS server User
Datagram Protocol (UDP) ports used by the access point are not
configurable. (The D-Link DWL-2210AP is hard-coded to use
RADIUS server UDP port 1812 for authentication and port 1813
for accounting.
Radius IP
Enter the Radius IP in the text box.
The
Radius IP
is the IP address of the
RADIUS
server.
(The D-Link DWL-2210AP internal authentication server is
127.0.0.1.)
For information on setting up user accounts, see “Managing User
Accounts” in this manual.
Radius Key
Enter the Radius Key in the text box.
The
Radius Key
is the shared secret key for the RADIUS server.
The text you enter will be displayed as “*” characters to prevent
others from seeing the RADIUS key as you type.
(The D-Link DWL-2210AP internal authentication server key is
secret.)
This value is never sent over the network.
Key Type
Select the key type by clicking one of the radio buttons:
• ASCII
• HEX
Click “Enable RADIUS Accounting” if you want to enforce
authentication for
WPA
client stations with user names and
passwords for each station.
See also “Managing User Accounts” in this manual.
Allow non-WPA Clients
Click the “Allow non-
WPA
clients” checkbox if you want to let non-
WPA (
802.11
), unauthenticated client stations use this access
point.
Enable
RADIUS Accounting
Field
Description
Configuring Security
Page 84 / 193
84
WPA-PSK
Wi-Fi Protected Access
(
WPA
) with
Pre-Shared Key
(
PSK
) is a Wi-Fi Alliance subset
of IEEE
802.11i
, which includes
Temporal Key Integrity Protocol
(
TKIP
),
Advanced
Encryption Algorithm
(
AES
), and
Counter mode/CBC-MAC Protocol
(
CCMP
)
mechanisms. PSK employs a pre-shared key. This is used for an initial check of
credentials only. If you selected “
WPA
-PSK”
Security Mode
, provide the following:
Field
Description
Configuring Security
TKIP provides a more secure encryption solution than WEP keys. The TKIP
process more frequently changes the encryption key used and better ensures
that the same key will not be reused to encrypt data (a weakness of WEP).
TKIP uses a 128-bit “temporal key” shared by clients and access points. The
temporal key is combined with the client’s MAC address and a
1 6 - o c t e t
initialization vector to produce the key that will encrypt the data. This ensures
that each client station uses a different key to encrypt data. TKIP uses RC4
to perform the encryption, which is the same as WEP. But TKIP changes
temporal keys every 10,000 packets and distributes them, thereby greatly
improving the security of the network.
Temporal Key Integrity Protocol
(
TKIP
)
is the default.
Counter mode/CBC-MAC
Protocol
(
CCMP
) is an encryption method for IEEE
802.11i
that uses the
Advanced Encryption Algorithm
(
AES
). It uses a CCM
combined with Cipher Block Chaining Counter mode (CBC-CTR) and Cipher
Block Chaining Message Authentication Code (CBC-MAC) for encryption and
message integrity.
When the authentication algorithm is set to “
Both
”, both TKIP and AES clients
can associate with the access point. WPA clients must have one of the following
to be able to associate with the AP:
• A valid TKIP key
• A valid CCMP (AES) key
Key
Clients not configured to use WPA-PSK will not be able to associate with AP.
The
Pre-shared Key
is the shared secret key for
WPA
-PSK. Enter a string of
at least 8 characters to a maximum of 63 characters.
Cipher Suites
Select the cipher you want to use from the drop-down menu:
• TKIP
• CCMP (AES)
• Both
Page 85 / 193
85
Configuring Radio Settings
The following sections describe how to configure Radio Settings on the D-Link DWL-
2210AP:
• Understanding Radio Settings
• Configuring Radio Settings
• Updating Settings
Understanding Radio Settings
Radio settings directly control the behavior of the radio device in the access point and its
interaction with the physical medium; that is, how/what type of electromagnetic waves the
AP emits. You can specify whether the radio is on or off, radio frequency (RF) broadcast
channel, beacon interval (amount of time between AP beacon transmissions), transmit
power, IEEE 802.11 mode in which the radio operates, and so on.
The D-Link DWL-2210AP is a single band access point with one radio capable of
broadcasting in either IEEE 802.11b or IEEE 802.11g mode.
The IEEE mode along with other radio settings are configured as described in “Navigating
to Radio Settings” and “Configuring Radio Settings” in this manual.
Updating Settings
To apply your changes, click
Update
.
Configuring Radio Settings

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top