medium. If the wireless network is not protected by necessary measures, any client
can connect to the network to use the resources of the network or access
unprotected data over the network. To ensure communication security,
transmission links of wireless networks must be encrypted for protection.
The device supports various security modes for network encryption, including None,
WEP, WPA-PSK, WPA2-PSK, Mixed WPA/WPA2-PSK, WPA, and WPA2.
None: It indicates that any wireless client can connect to the wireless network.
This option is not recommended because it affects network security.
WEP: It uses a static key to encrypt all exchanged data, and ensures that a wireless
LAN has the same level of security as a wired LAN. Data encrypted based on WEP
can be easily cracked. In addition, WEP supports a maximum wireless network
throughput of only 54 Mbps. Therefore, this security mode is not recommended.
WPA-PSK/WPA2-PSK/Mixed WPA/WPA2-PSK: They belong to pre-shared key or
personal key modes, where Mixed WPA/WPA2-PSK supports both WPA-PSK and
WPA2-PSK.
WPA-PSK, WPA2-PSK, and Mixed WPA/WPA2-PSK adopt a pre-shared key for
authentication, while the AP generates another key for data encryption. This
prevents the vulnerability caused by static WEP keys, and makes the three
security modes suitable for ensuring security of home wireless networks.
Nevertheless, because the initial pre-shared key for authentication is manually
set and all clients use the same key to connect to the same AP, the key may be
disclosed unexpectedly. This makes the security modes not suitable for scenarios
where high security is required.
To address the key management weakness of WPA-PSK and WPA2-PSK, the WiFi
Alliance puts forward WPA and WPA2, which use 802.1x to authenticate clients
and generate data encryption–oriented root keys. WPA and WPA2 use the root
keys to replace the pre-shared keys that set manually, but adopt the same
encryption process as WPA-PSK and WPA2-PSK.
WPA/WPA2: WPA and WPA2 uses 802.1x to authenticate clients and the login
information of a client is managed by the client. This effectively reduces the
probability of information leakage. In addition, each time a client connects to an
AP that adopts the WPA or WPA2 security mode, the RADIUS server generates a
data encryption key and assigns it to the client. This makes it difficult for
attackers to obtain the key. These features of WPA and WPA2 help significantly
increase network security, making WPA and WPA2 the preferred security modes
of wireless networks that require high security.
It specifies the encryption algorithm corresponding to the selected security mode. If
Security Mode is set to WPA-PSK, this parameter has the AES and TKIP values. If
Security Mode is set to WPA2-PSK or Mixed WPA/WPA2-PSK, this parameter has the
AES, TKIP, and TKIP&AES values.
AES: It indicates the Advanced Encryption Standard.
TKIP: It indicates the Temporal Key Integrity Protocol. If TKIP is used, the maximum
wireless throughput of the AP is limited to 54 Mbps.
TKIP&AES: It indicates that both TKIP and AES encryption algorithms are
supported. Wireless clients can connect to the wireless network corresponding
to the selected SSID using TKIP or AES.
