Wi-Fi Protected Access Overview

Wi-Fi Protected Access (WPA) is a more secure solution for WLAN authentication and encryption and was designed in response to many of the weaknesses in WEP. NSM supports WPA and WPA2.

WPA and WPA2 support 802.1X authentication, which use an Extensible Authentication Protocol (EAP) method for authentication through a RADIUS server. EAP is an encapsulation protocol used for authentication and operates at the Data Link Layer (Layer 2). For more information, refer to RFC 2284, PPP Extensible Authentication Protocol (EAP).

When using WPA or WPA2 with a RADIUS server, the security device forwards authentication requests and replies between the wireless clients and the RADIUS server. After successfully authenticating a client, the RADIUS server sends an encryption key to the client and the security device. From that point, the security device manages the encryption process, including the encryption type—Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES)—and the rekey interval. For information about TKIP, see the IEEE standard 802.11. For information about AES, see RFC 3268, Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS).

You can also use WPA or WPA2 with a preshared key, which is a static key that is configured on the security device and the client’s device. Both devices use the key to generate a unique key (group key) for the session. You can specify the preshared key by using an ASCII passphrase (password) or in hexadecimal format. You also use the same encryption types as with 802.1X authentication: TKIP or AES.

Related Documentation