Static Wep Rules; Ieee 802.1X - D-Link DWL-8600AP Administrator's Manual

D-Link UAP
Field Description
Authentication The authentication algorithm defines the method used to determine whether a client station is
allowed to associate with an AP when static WEP is the security mode.
Specify the authentication algorithm you want to use by choosing one of the following options:
• Open System authentication allows any client station to associate with the AP whether that client
• Shared Key authentication requires the client station to have the correct WEP key in order to
• Both Open System and Shared Key. When you select both authentication algorithms:

Static WEP Rules

If you use Static WEP, the following rules apply:
• All client stations must have the Wireless LAN (WLAN) security set to WEP, and all clients must have one of the WEP
keys specified on the AP in order to de-code AP-to-station data transmissions.
• The AP must have all keys used by clients for station-to-AP transmit so that it can de-code the station transmissions.
The same key must occupy the same slot on all nodes (AP and clients). For example if the AP defines abc123 key as
•
WEP key 3, then the client stations must define that same string as WEP key 3.
• Client stations can use different keys to transmit data to the access point. (Or they can all use the same key, but this is
less secure because it means one station can decrypt the data being sent by another.)
• On some wireless client software, you can configure multiple WEP keys and define a client station "transfer key index",
and then set the stations to encrypt the data they transmit using different keys. This ensures that neighboring APs
cannot decode each other's transmissions.
• You cannot mix 64-bit and 128-bit WEP keys between the access point and its client stations.

IEEE 802.1X

IEEE 802.1X is the standard defining port-based authentication and infrastructure for doing key management. Extensible
Authentication Protocol (EAP) messages sent over an
Encapsulation Over LANs (EAPOL). IEEE 802.1X provides dynamically-generated keys that are periodically refreshed. An
RC4 stream cipher is used to encrypt the frame body and cyclic redundancy checking (CRC) of each 802.11 frame.
This mode requires the use of an external RADIUS server to authenticate users. The AP requires a RADIUS server capable
of EAP, such as the Microsoft Internet Authentication Server. To work with Windows clients, the authentication server must
support Protected EAP (PEAP) and
Page 52 Virtual Access Point Settings
Table 16: Static WEP (Cont.)
station has the correct WEP key or not. This algorithm is also used in plaintext, IEEE 802.1X, and
WPA modes. When the authentication algorithm is set to Open System, any client can associate
with the AP.
Note: Just because a client station is allowed to associate does not ensure it can exchange traffic
with an AP. A station must have the correct WEP key to be able to successfully access and decrypt
data from an AP, and to transmit readable data to the AP.
associate with the AP. When the authentication algorithm is set to Shared Key, a station with an
incorrect WEP key will not be able to associate with the AP.
- Client stations configured to use WEP in shared key mode must have a valid WEP key in order
to associate with the AP.
- Client stations configured to use WEP as an open system (shared key mode not enabled) will
be able to associate with the AP even if they do not have the correct WEP key.
MSCHAP V2.
IEEE 802.11 wireless network using a protocol called EAP
Software User Manual
12/10/09
34CSFP6XXUAP-SWUM100-D13